Firewalls and Middleboxes Can Be Weaponized For Gigantic DDoS Attacks Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at August 17, 2021, 11:35 pm)

An anonymous reader writes: In an award-winning paper last week, academics said they discovered a way to abuse the TCP protocol, firewalls, and other network middleboxes to launch giant distributed denial of service (DDoS) attacks against any target on the internet. Authored by computer scientists from the University of Maryland and the University of Colorado Boulder, the research is the first of its kind to describe a method to carry out DDoS reflective amplification attacks via the TCP protocol, previously thought to be unusable for such operations. Making matters worse, researchers said the amplification factor for these TCP-based attacks is also far larger than UDP protocols, making TCP protocol abuse one of the most dangerous forms of carrying out a DDoS attack known to date and very likely to be abused in the future.

Read more of this story at Slashdot.

A Decade Later,<nobr> <wbr></nobr>.NET Developers Still Fear Being 'Silverlighted' B Slashdotby msmash on microsoft at January 1, 1970, 1:00 am (cached at August 17, 2021, 11:05 pm)

the_insult_dog writes: Some 10 years after the final Microsoft Silverlight release, some developers still fear being 'Silverlighted,' or seeing a development product in which they have invested heavily be abandoned by Microsoft. Microsoft will tell you that official support for Silverlight will end in less than two months, on Oct. 12, 2021. Anyone in the industry will tell you it effectively died around 2011 when the last version, Silverlight 5, was made available for download. Speculation about its demise arose around the same time.

Read more of this story at Slashdot.

Scientists Calculate Pi To 62.8 Trillion Digits Slashdotby msmash on math at January 1, 1970, 1:00 am (cached at August 17, 2021, 10:35 pm)

OneHundredAndTen writes: Pi is now known to 62.8 trillion decimal digits. Motherboard adds: Researchers in Switzerland broke the world record for the most accurate value of pi over the weekend, the team announced on Monday. They calculated the first 62.8 trillion digits, surpassing the former record by 12.8 trillion decimal points. Calculation first started in late April at the Competence Center for Data Analysis, Visualization and Simulation (DAViS) at the University of Applied Sciences in Graubünden, Switzerland. The calculated data was then backed up onto the high-performance computer where a Y-cruncher wrote it into the hexadecimal notation. It was then converted into the decimal system and verified by a mathematical algorithm

Read more of this story at Slashdot.

Chinese Espionage Tool Exploits Vulnerabilities In 58 Widely Used Websites Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at August 17, 2021, 10:05 pm)

A security researcher has discovered a web attack framework developed by a suspected Chinese government hacking group and used to exploit vulnerabilities in 58 popular websites to collect data on possible Chinese dissidents. From a report: Fifty-seven of the sites are popular Chinese portals, while the last is the site for US newspaper, the New York Times. In addition, the tool also abused legitimate browser features in attempts to collect user keystrokes, a large swath of operating system details, geolocation data, and even webcam snapshots of a target's face -- although many of these capabilities weren't as silent as the exploits targeting third-party websites, since they also tended to trigger a browser notification prompt. Named Tetris, the tool was found secretly uploaded on two websites with a Chinese readership. "The sites both appear to be independent newsblogs," said a security researcher going online under the pseudonym of Imp0rtp3, who analyzed the Tetris attack framework for the first time in a blog post earlier this month. "Both [sites] are focused on China, one site [is focused on China's] actions against Taiwan and Hong-Kong written in Chinese and still updated and the other about general atrocities done by the Chinese government, written in Swedish and last updated [in] 2016," the researcher said. According to Imp0rtp3, users who landed on these two websites were first greeted by Jetriz, the first of Tetris' two components, which would gather and read basic information about a visitor's browser.

Read more of this story at Slashdot.

The Mysterious Figure Stealing Books Before Their Release Slashdotby msmash on books at January 1, 1970, 1:00 am (cached at August 17, 2021, 9:35 pm)

For years, a mysterious figure has been stealing books before their release. Is it espionage? Revenge? Or a complete waste of time? Vulture: On the spectrum of cyberattacks, this one wasn't very complex. There was no malicious software or actual hacking involved. Some of the earliest victims used Gmail accounts for work, which were easy and free to spoof. Registering an alternate domain and setting up an email server was only slightly more involved, and the possibilities were endless: t's became f's (@wwnorfon.com), q's replaced g's (@wylieaqency.com), r's and n's cornbined to make m's (@penguinrandornhouse.com). The domains suggested someone who liked to play with words as much as code. Books became bocks, unless the company was Dutch, in which case boek was Anglicized to book. What did seem sophisticated was the thief's knowledge of the business. The culprit wrote like someone in publishing, abbreviating to "MS" for manuscript and "WEL" for world English-language rights, while exchanging insider chatter, telling one victim that a publisher was pitching a book as a comp to Pachinko and expressing surprise to another that a novel had recently sold for a shocking amount. The thief sent messages in the wake of announcements on Publishers Marketplace, a subscription website that tracks deals, but they also asked about books that the thief's marks didn't even know existed. The mimicry wasn't always perfect -- an assistant at the talent agency WME realized her boss was being impersonated because she would never say "please" or "thank you" -- but the impression was good enough. What's more, the thief seemed to have a strong grasp of the rarefied world of international publishing. The first emails, in the fall of 2016, traveled almost exclusively among the small group of people who handle the flow of manuscripts between countries, including a foreign-rights manager in Greece, an editor in Spain, and an agent selling international writers in the Chinese market. In the attempted "Millennium" heist, only a few dozen people in the world knew the book was being shared with foreign publishers and that Mork and Altrov Berg controlled access to it.

Read more of this story at Slashdot.

Saturn's Insides Are Sloshing Around Slashdotby msmash on space at January 1, 1970, 1:00 am (cached at August 17, 2021, 9:05 pm)

A new paper suggests Saturn's core is more like a fluid than a solid, and makes up more of the planet's interior than we thought. From a report: With its massive rings stretching out 175,000 miles in diameter, Saturn is a one-of-a-kind planet in the solar system. Turns out its insides are pretty unique as well. A new study published in Nature Astronomy on Monday suggests the sixth planet from the sun has a "fuzzy" core that jiggles around. It's quite a surprising find. "The conventional picture for Saturn or Jupiter's interior structure is that of a compact core of rocky or icy material, surrounded by a lower-density envelope of hydrogen and helium," says Christopher Mankovich, a planetary scientist at Caltech and coauthor of the new study, along with his colleague Jim Fuller. What Mankovich and Fuller glimpsed "is essentially a blurred-out version of that conventional structure." Instead of seeing a tidy boundary dividing the heavier rocks and ice from the lighter elements, they found that the core is oscillating so that there is no single, clear separation. This diffuse core extends out to about 60% of Saturn's radius -- a huge leap from the 10 to 20% of a planet's radius that a traditional core would occupy. One of the wildest aspects of the study is that the findings did not come from measuring the core directly -- something we've never been able to do. Instead, Mankovich and Fuller turned to seismographic data on Saturn's rings first collected by NASA's Cassini mission, which explored the Saturnian system from 2004 to 2017. "Saturn essentially rings like a bell at all times," says Mankovich. As the core wobbles, it creates gravitational perturbations that affect the surrounding rings, creating subtle "waves" that can be measured. When the planet's core was oscillating, Cassini was able to study Saturn's C ring (the second block of rings from the planet) and measure the small yet consistent gravitational "ringing" caused by the core. Mankovich and Fuller looked at the data and created a model for Saturn's structure that would explain these seismographic waves -- and the result is a fuzzy interior. "This study is the only direct evidence for a diffuse core structure in a fluid planet to date," says Mankovich.

Read more of this story at Slashdot.

The Google Pixel 6 Won't Ship With a Charger Slashdotby msmash on google at January 1, 1970, 1:00 am (cached at August 17, 2021, 8:05 pm)

Google is the latest manufacturer to bid farewell to the in-box charging brick, saying it expects the Pixel 5A will be the last phone to include one. That means the Pixel 6 and Pixel 6 Pro won't include one when they arrive this fall. From a report: The company says that most people already have a USB-C charging brick, so there's no longer a need to include one with its phones. Apple and Samsung made similar arguments when they announced they would no longer be offering an in-box charger. That may be true, but it's likely that the cost savings of not including a charger played a big role in those decisions.

Read more of this story at Slashdot.

Astronomers see galaxies in ultra-high definition BBC News | Science/Nature | UK Edition(cached at August 17, 2021, 8:00 pm)

Researchers capture some of the most detailed images ever seen of galaxies in deep space.
Chinese Espionage Tool Exploits Vulnerabilities is 58 Widely Used Websites Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at August 17, 2021, 7:35 pm)

A security researcher has discovered a web attack framework developed by a suspected Chinese government hacking group and used to exploit vulnerabilities in 58 popular websites to collect data on possible Chinese dissidents. From a report: Fifty-seven of the sites are popular Chinese portals, while the last is the site for US newspaper, the New York Times. In addition, the tool also abused legitimate browser features in attempts to collect user keystrokes, a large swath of operating system details, geolocation data, and even webcam snapshots of a target's face -- although many of these capabilities weren't as silent as the exploits targeting third-party websites, since they also tended to trigger a browser notification prompt. Named Tetris, the tool was found secretly uploaded on two websites with a Chinese readership. "The sites both appear to be independent newsblogs," said a security researcher going online under the pseudonym of Imp0rtp3, who analyzed the Tetris attack framework for the first time in a blog post earlier this month. "Both [sites] are focused on China, one site [is focused on China's] actions against Taiwan and Hong-Kong written in Chinese and still updated and the other about general atrocities done by the Chinese government, written in Swedish and last updated [in] 2016," the researcher said. According to Imp0rtp3, users who landed on these two websites were first greeted by Jetriz, the first of Tetris' two components, which would gather and read basic information about a visitor's browser.

Read more of this story at Slashdot.

China Issues Draft Rules To Curb Unfair Competition, Restrict Use of User Data Slashdotby msmash on china at January 1, 1970, 1:00 am (cached at August 17, 2021, 7:05 pm)

phalse phace writes: Chinese regulators on Tuesday issued a lengthy set of draft regulations for the internet sector, banning unfair competition and restricting the use of user data, the latest move in a crackdown on the country's powerful tech companies. According to a document published on China's State Administration for Market Regulation (SAMR) website, business operators should not use data, algorithms or other technical means to hijack traffic or influence users' choices. They may also not use technical means to illegally capture or use other business operators' data. The regulator also said firms cannot use technological means to maliciously impose incompatible barriers to other legal internet products and services. It added that in cases involving violations, third-party institutions may be hired to audit data. The proposed regulations come after SAMR imposed various restrictions and punishments on tech giants in an effort to restrict anti-competitive or monopolistic behaviour.

Read more of this story at Slashdot.

Gigabyte Will Replace 'Exploding' PSUs, Downplays Risk Slashdotby msmash on hardware at January 1, 1970, 1:00 am (cached at August 17, 2021, 6:05 pm)

UnknowingFool writes: Gigabyte announced it will replace PSU models GP-P850GM and GP-P750GM that fail after HardwareBusters and Gamer's Nexus both showed their PSUs fail catastrophically in small explosions. Gigabyte however downplayed the risk by misstating the failed PSUs only exploded after prolonged extreme conditions and that the problem had been corrected last year. Both HardwareBusters and GamerNexus contest multiple points from Gigabyte. Both stated that their units failed quickly under moderate to light loads. In the case of Gamer's Nexus they obtained some units as late as May 2021. This issue was first reported in November 2020, when Hardware Busters evaluated a GP-P750GM model and found it exploded during testing. After many Newegg customers reported multiple issues with two Gigabyte models, Gamer's Nexus purchased or obtained units from customers over the course of several months in the spring. Their testing found 5 out of 10 units failed quickly during OPP (Over Power Protection) testing. A normal OPP scenario should have had the PSU shut down to protect itself. Instead, some of the units exploded. A further complication arose when Newegg customers tried to return failed units. Many of the PSUs were bought in Newegg Shuffle bundles with GPUs, and customers would have to return both the GPU and the PSU. Considering the GPU shortage, most Newegg customers complained about this requirement.

Read more of this story at Slashdot.

US To Recommend COVID Vaccine Boosters at 8 Months Slashdotby msmash on medicine at January 1, 1970, 1:00 am (cached at August 17, 2021, 5:35 pm)

Associated Press: U.S. health experts are expected to recommend COVID-19 booster shots for all Americans eight months after they get their second dose of the vaccine, to ensure longer-lasting protection as the delta variant spreads across the country. Federal health officials have been looking at whether extra shots for the vaccinated would be needed as early as this fall, reviewing case numbers in the U.S. as well as the situation in other countries such as Israel, where preliminary studies suggest the vaccine's protection against serious illness dropped among those vaccinated in January. An announcement on the U.S. booster recommendation is expected as soon as this week, according to two people familiar with the matter who spoke to The Associated Press on the condition of anonymity to discuss internal deliberations. Doses would only begin to be administered widely once the Food and Drug Administration formally approves the vaccines, which are being dispensed for now under what is known as emergency use authorization. Full approval of the Pfizer shot is expected in the coming weeks.

Read more of this story at Slashdot.

Gen Z LinkedIn Is Full of Parodies and Snark Slashdotby msmash on business at January 1, 1970, 1:00 am (cached at August 17, 2021, 5:05 pm)

There is a corner of LinkedIn free from humble brags, self-promotion, thought leadership and strict decorum. You just need to connect with a zoomer. Although LinkedIn is not a popular online hangout for Generation Z, some of their most viral posts are parodies of LinkedIn itself. From a report: Shiv Sharma graduated from the University of Southern California last year, according to his LinkedIn. A few months ago, he updated his profile listing himself as the assistant chef at the fictional restaurant from Sponge Bob Square Pants. "I have accepted an offer to work for The Krusty Krab Restaurant as part of their Entry Level Chef Program in Bikini Bottom," he wrote. The post garnered more than 5,000 reactions and dozens of comments. Harry Tong is a software development intern at a tech company. But, according to a popular post on his profile: "I am officially the CEO of a BILLION dollar company," he wrote. "For my series Z, my mom invested $10 for 0.000001% of my company, giving it a $1 billion valuation." This subculture of subversion on LinkedIn has inspired countless TikTok videos, a Twitter account called @LinkedinFlex and a devoted Reddit community called LinkedInLunatics. The memes reflect the weariness people feel toward the site -- "primarily a place for bragging," said Jake Zhang, a Toronto-based college student. "People tell stories about how their entire lives have built up to this one moment of getting a job or a promotion, or experts claim they'll change your life with a piece of advice," Tong said. "And I'm just here to poke at the facade a little bit." Most young people treat LinkedIn as a "purely transactional job hunting tool" to be used sparingly, said AJ Wilcox, founder of B2Linked, an advertising agency that specializes in the Microsoft Corp.-owned professional networking site. Maintaining a profile is a "necessary evil," Zhang said. "Everyone I know creates an account due to school or peer pressure," Zhang said. "We use it because there's no alternative for job hunting. But with all the toxic content and bragging, no one I know really likes it." Which is what makes the parodies on LinkedIn so interesting. Most people wouldn't put a joke on their resume. The posts are a byproduct of a generation that lives fearlessly on the internet, eager to entertain and call out any whiff of inauthenticity.

Read more of this story at Slashdot.

Stop Using Zoom, Hamburg's DPA Warns State Government Slashdotby msmash on privacy at January 1, 1970, 1:00 am (cached at August 17, 2021, 4:05 pm)

Hamburg's state government has been formally warned against using Zoom over data protection concerns. From a report: The German state's data protection agency (DPA) took the step of issuing a public warning yesterday, writing in a press release that the Senate Chancellory's use of the popular videoconferencing tool violates the European Union's General Data Protection Regulation (GDPR) since user data is transferred to the US for processing. The DPA's concern follows a landmark ruling (Schrems II) by Europe's top court last summer which invalidated a flagship data transfer arrangement between the EU and the US (Privacy Shield), finding US surveillance law to be incompatible with EU privacy rights. The fallout from Schrems II has been slow to manifest -- beyond an instant blanket of legal uncertainty. However a number of European DPAs are now investigating the use of US-based digital services because of the data transfer issue, and in some instances publicly warning against the use of mainstream US tools like Facebook and Zoom because user data cannot be adequately safeguarded when it's taken over the pond. German agencies are among the most proactive in this respect. But the EU's data protection supervisor is also investigating the bloc's use of cloud services from US giants Amazon and Microsoft over the same data transfer concern.

Read more of this story at Slashdot.

Apple Planning Multiple Events For the Fall, M1X MacBook Pros To Be Available By Nov Slashdotby BeauHD on macbook at January 1, 1970, 1:00 am (cached at August 17, 2021, 3:05 pm)

An anonymous reader quotes a report from MacRumors: Apple is planning to hold multiple events this fall, which will collectively include the launch of new iPhones, Apple Watches, updated AirPods, revamped iPad mini, and the redesigned MacBook Pros, according to respected Bloomberg journalist Mark Gurman. In his latest weekly Power On newsletter, Gurman says that much like last year, Apple will hold multiple events this coming fall, with the first likely being in September for the iPhone 13. Last year, due to the global health crisis and production constraints, the iPhone 12 lineup was not announced until October. The 2020 September event, rather than focusing on new iPhones, showcased new Apple Watches, iPads, and services. This year, Apple is expected to return to its tradition of announcing its flagship yearly iPhone update in September, according to multiple reports. In today's newsletter, Gurman reiterated his reporting from earlier last week, setting expectations for the iPhone 13 to include updates to the camera focused towards professional users, more advanced displays, and a smaller notch. Alongside the new iPhones, Gurman, as previously reported, says that Apple can be expected to launch the third-generation AirPods featuring an updated design, an updated iPad mini with a larger display, thinner borders, and improved performance, as well as the Apple Watch Series 7 with flatter and improved displays, and performance. As for the highly anticipated MacBook Pros featuring mini-LED displays, updated designs, and the M1X Apple silicon chip, Gurman says they will be available by the time the current 16-inch MacBook Pro, powered by Intel, will celebrate its second anniversary. The 16-inch MacBook Pro was last updated in November of 2019. The first event of the fall in September will likely include the new iPhones, Apple Watches, and AirPods, while the new iPads and possible updates to some of the company's services could be reserved for a second event, with the final event of the season being focused on Apple silicon Macs.

Read more of this story at Slashdot.