×
Security

The 'World's Worst' Smart Padlock Is Even Worse Than Previously Thought (sophos.com) 25

Last week, cybersecurity company PenTest Partners managed to unlock TappLock's smart padlock within two seconds. They "found that the actual code and digital authentication methods for the lock were basically nonexistent," reports The Verge. "All someone would need to unlock the lock is its Bluetooth Low Energy MAC address, which the lock itself broadcasts." The company also managed to snap the lock with a pair of 12-inch bolt cutters.

Today, Naked Security reports that it gets much worse: "Tapplock's cloud-based administration tools were as vulnerable as the lock, as Greek security researcher Vangelis Stykas found out very rapidly." From the report: Stykas found that once you'd logged into one Tapplock account, you were effectively authenticated to access anyone else's Tapplock account, as long as you knew their account ID. You could easily sniff out account IDs because Tapplock was too lazy to use HTTPS (secure web connections) for connections back to home base -- but you didn't really need to bother, because account IDs were apparently just incremental IDs anyway, like house numbers on most streets. As a result, Stykas could not only add himself as an authorized user to anyone else's lock, but also read out personal information from that person's account, including the last location (if known) where the Tapplock was opened.

Incredibly, Tapplock's back-end system would not only let him open other people's locks using the official app, but also tell him where to find the locks he could now open! Of course, this gave him an unlocking speed advantage over Pen Test Partners -- by using the official app Stykas needed just 0.8 seconds to open a lock, instead of the sluggish two seconds needed by the lock-cracking app.

Australia

Australia Discontinues Its National Biometric ID Project (gizmodo.com.au) 41

The Australian Criminal Intelligence Commission's (ACIC) biometrics project, which adds facial recognition to a national crime database, is being discontinued following reports of delays and budget blowouts. From a report: This announcement comes after the project was suspended earlier this month and NEC Australia staff were escorted out of the building by security on Monday June 4. [...] ACIC contracted the NEC for the $52 million Biometric Identification Services project with the view of replacing the fingerprint identification system that is currently in place. The aim of the project, which was supposed to run until 2021, was to include palm print, foot prints and facial recognition to aid in police investigations. The Australian government stated that it wanted to provide Australians with a single digital identity by 2025.
Amiga

New Commercial Amiga 500 Game Released 108

Mike Bouma writes: Pixelglass, known for their "Giana Sisters SE" game, has released a worthy new game for the Amiga 500, called "Worthy." Here's a description of this cute action puzzler: "Assume the role of a fearless boy and collect the required number of diamonds in each stage in order to win the girl's heart! Travel from maze to maze, kill the baddies, avoid the traps, collect beers (your necessary 'fuel' to keep you going), find the diamonds, prove to her you're WORTHY!" Time to dust off that classic Amiga or alternatively download a digital copy and use an UAE emulator for your platform of choice. Have a look at the release trailer.
Technology

Adobe is Reviving the Stunning Lost Fonts of the Bauhaus (fastcodesign.com) 83

An anonymous reader shares a report: Even if you're not a designer, you've probably heard the phrase "form follows function." That's how influential the school that espoused it, the Bauhaus, has become since its heyday in 1920s and '30s Germany. Now, some of the movement's most compelling -- but largely unknown -- lettering has been recreated from archival material, like original typography sketches and letter fragments, and transformed into contemporary digital typefaces.

The project is part of an Adobe initiative called Hidden Treasures that resurfaces design gems from the past in Adobe products -- previously, the company recreated the paintbrushes used by painter Edvard Munch for use in Photoshop. For the second iteration of the initiative, Adobe worked with the Bauhaus archives in Berlin, Germany, to bring in five design students to create five distinct typefaces, all under the guidance of expert typeface designer Erik Spiekermann. While each of the typefaces will eventually be available to all users of Adobe Typekit, two are now available online: one inspired by Joost Schmidt, a teacher at the Bauhaus who also created the famed poster for the 1923 Bauhaus Exhibition, and the other inspired by Xanti Schawinsky, who taught classes in set design at the school.

Bitcoin

Bitcoin's Price Was Artificially Inflated Last Year, Researchers Say (nytimes.com) 207

A concentrated campaign of price manipulation may have accounted for at least half of the increase in the price of Bitcoin and other big cryptocurrencies last year, according to a paper released on Wednesday by an academic with a history of spotting fraud in financial markets. From a report, first shared to us by reader davidwr: The paper by John Griffin, a finance professor at the University of Texas, and Amin Shams, a graduate student, is likely to stoke a debate about how much of Bitcoin's skyrocketing gain last year was caused by the covert actions of a few big players, rather than real demand from investors. Many industry players expressed concern at the time that the prices were being pushed up at least partly by activity at Bitfinex, one of the largest and least regulated exchanges in the industry. The exchange, which is registered in the Caribbean with offices in Asia, was subpoenaed by American regulators shortly after articles about the concerns appeared in The New York Times and other publications. Mr. Griffin looked at the flow of digital tokens going in and out of Bitfinex and identified several distinct patterns that suggest that someone or some people at the exchange successfully worked to push up prices when they sagged at other exchanges. To do that, the person or people used a secondary virtual currency, known as Tether, which was created and sold by the owners of Bitfinex, to buy up those other cryptocurrencies.
Privacy

Apple Tries To Stop Developers Sharing Data On Users' Friends (bloomberg.com) 21

Apple has updated its App Store guidelines to close a loophole that let app makers store and share data without many people's consent. The practice has "been employed for years," reports Bloomberg. "Developers ask users for access to their phone contacts, then use it for marketing and sometimes share or sell the information -- without permission from the other people listed on those digital address books." From the report: As Apple's annual developer conference got underway on June 4, the Cupertino, California-based company made many new pronouncements on stage, including new controls that limit tracking of web browsing. But the phone maker didn't publicly mention updated App Store Review Guidelines that now bar developers from making databases of address book information they gather from iPhone users. Sharing and selling that database with third parties is also now forbidden. And an app can't get a user's contact list, say it's being used for one thing, and then use it for something else -- unless the developer gets consent again. Anyone caught breaking the rules may be banned.

While Apple is acting now, the company can't go back and retrieve the data that may have been shared so far. After giving permission to a developer, an iPhone user can go into their settings and turn off apps' contacts permissions. That turns off the data faucet, but doesn't return information already gathered.

EU

Internet Luminaries Urge EU To Kill Off Automated Copyright Filter Proposal (theregister.co.uk) 40

A large group of Internet pioneers have sent an open letter to the European Union urging it to scrap a proposal to introduce automated upload filters, arguing that it could damage the internet as we know it. The Register: The European Parliament's Legal Affairs (Juri) Committee will vote on the proposal contained in Article 13 of the Copyright in the Digital Single Market Directive next week. The proposal would see all companies that "store and provide to the public access to large amounts of works" obliged to "prevent the availability... of works... identified by rightholders." Despite the inclusion of language that says such measures need to be "appropriate and proportionate," it has caused many to worry that the law will lead to a requirement for all platforms to introduce automated content filtering, and shift liability for any copyrighted material that appears online from the user that posts it to the platform itself.

"By inverting this liability model and essentially making platforms directly responsible for ensuring the legality of content in the first instance, the business models and investments of platforms large and small will be impacted," warns the letter [PDF] signed by "Father of the Internet" Vint Cerf, world world web inventor Tim Berners-Lee, as well a host of other internet luminaries including Wikipedia's Jimmy Wales, security expert Bruce Schneier and net neutrality namer Tim Wu.

Digital

Sweden Tries To Halt Its March To Total Cashlessness (bloomberg.com) 329

An anonymous reader quotes a report from Bloomberg: A key committee of Swedish lawmakers wants to force the country's biggest banks to handle cash in an effort to halt the nation's march toward complete cashlessness. Parliament's Riksbank committee, which is in the process of reviewing the central bank law, proposed making it mandatory for banks to offer cash withdrawals and handle daily receipts. The requirement would apply to banks that provide checking accounts and have more than 70 billion kronor ($8 billion) in deposits from the Swedish public, according to a report.

The lawmakers said there needs to be "reasonable access to those services in all of Sweden," and that 99 percent of Swedes should have a maximum distance of 25 kilometers (16 miles) to the nearest cash withdrawal. The requirement doesn't state how banks should offer those services, and lenders can choose whether to use a third party, machines or over-the-counter services. The move is a response to Sweden's rapid transformation as it becomes one of the most cashless societies in the world. That's led to concerns that some people are finding it increasingly difficult to cope without access to mobile phones or bank cards. There are also fears around what would happen if the digital payments systems suddenly crashed.

Censorship

Tanzania Orders All Unregistered Bloggers To Take Down Their Sites (reuters.com) 52

The state-run Tanzania Communications Regulatory Authority (TCRA) ordered all unregistered bloggers and online forums on Monday to suspend their websites immediately or face criminal prosecution. Several sites, including popular online discussion platform Jamiiforums, have reportedly shut down to avoid prosecution. Reuters reports: Regulations passed in March made it compulsory for bloggers and owners of other online forums such as YouTube channels to register with the government and pay up to $900 for a license. Per capita income in Tanzania is slightly below $900 a year. Digital activists say the law is part of a crackdown on dissent and free speech by the government of President John Magufuli, who was elected in 2015. Government officials argue the new rules are aimed at tackling hate speech and other online crimes, including cyberbullying and pornography.

"All unregistered online content providers must be licensed before June 15. Starting from today June 11 until June 15, they are prohibited from posting any new content on their blogs, forums or online radios and televisions," the regulator said in a statement on Monday. The statement said legal action would be taken against any unregistered websites posting new content. Anyone convicted of defying the new regulations faces a fine of at least 5 million shillings ($2,200), imprisonment for a minimum 12 months, or both.

Bitcoin

Wells Fargo Bans Cryptocurrency Purchases On Its Credit Cards (bloomberg.com) 129

An anonymous reader quotes a report from Bloomberg: Wells Fargo customers hoping to use their credit cards to buy Bitcoin will have to look elsewhere. While putting a prohibition on such cryptocurrency purchases for now, Wells Fargo "will continue to evaluate the issue as the market evolves," Shelley Miller, a spokeswoman, said in an emailed statement. Wells Fargo joins Citigroup, JPMorgan Chase and Bank of America, which limited cryptocurrency purchases on their credit cards in February, citing market volatility and credit risks. Lenders have said they're worried they'd be left on the hook if a borrower lost money on a digital currency bet and couldn't repay. A study conducted by LendEDU last year found that roughly 18 percent of Bitcoin investors used a credit card to fund the purchases. Of those, 22 percent couldn't pay off their balance after buying the digital coin.
United Kingdom

Digital IDs Needed To End 'Mob Rule' Online, Says UK's Security Minister (independent.co.uk) 510

Digital IDs should be brought in to end online anonymity that permits "mob rule" and lawlessness online, the security minister of United Kingdom has said. From a report: Ben Wallace said authentication used by banks could also by employed by internet firms to crack down on bullying and grooming, as he warned that people had to make a choice between "the wild west or a civilised society" online. He also took aim at the "phoniness" of Silicon Valley billionaires, and called for companies such as WhatsApp to contribute to society over the negative costs of their technology, such as end-to-end encryption. It comes after Theresa May took another step against tech giants, saying they would be ordered to clamp down on vile attacks against women on their platforms. The prime minister will target firms such as Facebook and Twitter as she makes the pitch at the G7 summit this weekend, where she will urge social media firms to treat violent misogyny with the same urgency as they do terror threats. Mr Wallace told The Times: "A lot of the bullying on social media and the grooming is because those people know you cannot identify them. It is mob rule on the internet. You shouldn't be able to hide behind anonymity."
Businesses

Copyright Law Could Put End To Net Memes (bbc.com) 176

An anonymous reader shares a report: Memes, remixes and other user-generated content could disappear online if the EU's proposed rules on copyright become law, warn experts. Digital rights groups are campaigning against the Copyright Directive, which the European Parliament will vote on later this month. The legislation aims to protect rights-holders in the internet age. But critics say it misunderstands the way people engage with web content and risks excessive censorship. The Copyright Directive is an attempt to reshape copyright for the internet, in particular rebalancing the relationship between copyright holders and online platforms. Article 13 states that platform providers should "take measures to ensure the functioning of agreements concluded with rights-holders for the use of their works." Critics say this will, in effect, require all internet platforms to filter all content put online by users, which many believe would be an excessive restriction on free speech. There is also concern that the proposals will rely on algorithms that will be programmed to "play safe" and delete anything that creates a risk for the platform.
Power

Can An 'OS For Electricity' Double the Efficiency of the Grid? (vox.com) 147

New submitter mesterha shares an "interesting article [from Vox] on how to optimize our use of electricity": Waste on the grid is the result of poor power quality, which can be ameliorated through digital control. Real-time measurement makes that possible. 3DFS technology, which the company conceives of as an "operating system for electricity," can not only track what's happening on the electricity sine wave from nanosecond to nanosecond, it can correct the sine wave from microsecond to microsecond, perfectly adapting it to the load it serves, eliminating waste." "They claim energy reduction of around 15% but anticipate their AI tuning can get eventually get 30%," writes Slashdot reader mesterha. "Seems too good to be true, but it has the support of publications like Popular Mechanics." [3DFS won one of Popular Mechanics' "breakthrough awards" in 2017.]
Cellphones

French School Students To Be Banned From Using Mobile Phones (theguardian.com) 136

The lower house of parliament in France has passed what it called a "detox" law for a younger generation increasingly addicted to screens. As a result, French school students will be banned from using mobile phones anywhere on school grounds starting in September. The Guardian reports: The new law bans phone-use by children in school playgrounds, at breaktimes and anywhere on school premises. Legislation passed in 2010 already states children should not use phones in class. During a parliamentary debate, lawmakers from Macron's La Republique En Marche party said banning phones in schools meant all children now had a legal "right to disconnect" from digital pressures during their school day. Some in Macron's party had initially sought to go even further, arguing that adults should set an example and the the ban should be extended to all staff in schools, making teachers surrender their phones on arrival each morning. But Macron's education minister, Jean-Michel Blanquer, brushed this aside, saying it wasn't necessary to extend the ban to teachers and staff.
Businesses

Shady ICO Issuers Are Taking 'Bags of Cash' To Border, US Says (bloomberg.com) 46

A top financial regulator gave a strong warning this week that U.S. scrutiny of initial coin offerings is just getting started. From a report: Securities and Exchange Commission Chairman Jay Clayton, speaking at a conference in New York, said companies raising money through digital-token sales shouldn't have any illusions that the government will treat them differently than firms participating in traditional stock offerings. He added that the market deserves close attention because the SEC has already seen examples of fraudsters fleeing the country after persuading U.S. investors to back their ICOs. "I am not going to change the way we approach the offering and trading of securities as a result of the fact that you put it in the form of a token," Clayton said at the Sandler O'Neill Global Exchange and Brokerage Conference. "I'm protecting the integrity of the market. The behavior we see in this is pretty bad. We've got guys with bags of cash headed to the border. That's not our securities market."
Operating Systems

watchOS 5 Brings Automatic Workout Detection, Walkie-Talkie Mode, Podcast App To Apple Watch (digitaltrends.com) 50

At WWDC 2018, Apple announced several new features in watchOS 5 that will be coming to the Apple Watch later this year. Digital Trends summarizes all the big new additions including more watch faces and improved health tracking features: Apple is putting a huge emphasis on ensuring fitness tracking data is accurate in WatchOS 5. The company studied more than seven terabytes of fitness data from more than 12,000 participants to make sure its tracking measurements are on point. You'll also find a new competition mode on WatchOS 5. The mode allows you to enter a seven-day competition with a friend. WatchOS 5 also features new fitness modes. The Yoga mode will track your activity via the heart rate monitor while the Hiking mode will use your pace and elevation to better determine the number of calories burned. The Running mode now offers a custom pace alert, tracks your cadence and will even provide time data on the previous mile run. Finally, you'll see new start and end workout alerts.

WatchOS 5 also brings several awesome communications improvements. First off is the new Walkie-Talkie mode. With Walkie-Talkie, you can add friends to your Apple Watch and communicate with them directly by tapping the Talk button within the Walkie-Talkie app. Your Siri watch face will also get a huge update as well. The new Siri watch face will provide more information on your favorite sports teams, offer commute and traffic information, as well as heart rate.
Also available in watchOS 5 are Siri Shortcuts, an official Podcast app, and WebKit, which will let you view webpages from Messages or emails. You will also no longer need to say "Hey Siri" to activate Siri. Now you can simply raise your wrist to your mouth and Siri will automatically be listening.

Note: The original Apple Watch won't get watchOS 5's new features. You will need a Series 1 or newer timepiece.
XBox (Games)

Amazon Alexa and Google Assistant Are Coming To Xbox One (windowscentral.com) 29

According to Windows Central, the Xbox One will soon support Amazon Alexa and Google Assistant, which should provide a decent alternative to Kinect for controlling your console via voice commands. Microsoft stopped manufacturing the Kinect in October of last year. From the report: This picture comes to us from a reliable source who is familiar with Amazon and Microsoft's efforts to link Alexa and Cortana. In upcoming Xbox One builds, the Kinect & Devices menu should have a new "Digital Assistants" section, which lets you enable Alexa, Google Assistant, and Cortana, for use on your Xbox One. It then directs you to install the Xbox skills app for those respective platforms to get connected. The full range of features for those assistants remains unknown, but it could bring back many of the voice-assisted features abandoned Kinect users are yearning for.
Education

MIT Issued Blockchain Diplomas, But Doesn't Know If Employers Actually Use Them (techtarget.com) 38

dcblogs writes: Last summer, MIT ran a pilot program creating verifiable, tamper-proof "digital diplomas" for a small number of graduates. But they don't know how the pilot turned out, and there's a lot of experimentation underway. Eventually, all your credentials -- resume, employment history, occupational licenses, diplomas -- may be in a blockchain. The use of blockchain enabled digital credentials is growing. This could speed employment verification, and make lying on resumes harder.
The article points out that while a number of universities are exploring blockchain, MIT "has not heard of a case where a student's digital diploma was either consumed or accepted by an employer," although "Many certificates were verified..."

"MIT's pilot illustrates the state of blockchain in HR. It is in a beta, proof-of-concept, experimental phase. Blockchain verification is currently not a practical option for employers and recruiters."
Privacy

German Spy Agency Can Keep Tabs On Internet Hubs, Federal Court Rules (phys.org) 54

Earlier this week, a federal court in Germany threw out a challenge by the world's largest internet hub, the De-Cix exchange, against the tapping of its data flows by the BND foreign intelligence service. What this means is that the country's spy agency can continue to monitor major internet hubs if Berlin deems it necessary for strategic security interests. From a report: The operator had argued the agency was breaking the law by capturing German domestic communications along with international data. However, the court in the eastern city of Leipzig ruled that internet hubs "can be required by the federal interior ministry to assist with strategic communications surveillance by the BND." De-Cix says its Frankfurt hub is the world's biggest internet exchange, bundling data flows from as far as China, Russia, the Middle East and Africa, which handles more than six terabytes per second at peak traffic.

De-Cix Management GmbH, which is owned by eco Association, the European internet industry body, had filed suit against the interior ministry, which oversees the BND and its strategic signals intelligence. It said the BND, a partner of the US National Security Agency (NSA), has placed so-called Y-piece prisms into its data-carrying fibre optic cables that give it an unfiltered and complete copy of the data flow. The surveillance sifts through digital communications such as emails using certain search terms, which are then reviewed based on relevance.

Advertising

Apple Is Reportedly Eyeing the Ad Business (cnbc.com) 38

An anonymous reader quotes a report from CNBC: The Wall Street Journal has published a new report detailing one thing we might expect to see on stage at WWDC next week: a digital ad platform expansion. According to the Journal, Apple has been in talks with major apps including Snapchat and Pinterest about the project: "Over the past year, Apple has met with Snap Inc., Pinterest Inc. and other companies about participating in an Apple network that would distribute ads across their collective apps, the people said. Apple would share revenue with the apps displaying the ads, with the split varying from app to app, they said."

The report adds that the new ad effort would expand on the "nearly $1 billion" business of search ads, which it introduced to the App Store in 2016. In addition to app ads being display in search results in the App Store, developers could include advertisements in search results within their own apps: "Under the concept discussed internally and raised with potential partners, users searching in Pinterest's app for 'drapes' might turn up an ad distributed by Apple for an interior-design app, or Snap users searching for 'NFL' might see an ad for a ticket-reseller app, one of the people said."

Slashdot Top Deals