Security

Adult Dating Site Hack Reveals Users' Sexual Preference, Extramarital Affairs 172

Posted by Soulskill
from the another-day,-another-breach dept.
An anonymous reader notes this report from Channel 4 News that Adult FriendFinder, one of the largest dating sites in the world, has suffered a database breach that revealed personal information for 3.9 million of its users. The leaked data includes email addresses, IP addresses, birth dates, postal codes, sexual preferences, and information indicating which of them are seeking extramarital affairs. There even seems to be data from accounts that were supposedly deleted. Channel 4 saw evidence that there were plans for a spam campaign against these users, and others are worried that a blackmail campaign will follow. "Where you've got names, dates of birth, ZIP codes, then that provides an opportunity to actually target specific individuals whether they be in government or healthcare for example, so you can profile that person and send more targeted blackmail-type emails," said cybercrime specialist Charlie McMurdy.
Microsoft

In-Database R Coming To SQL Server 2016 94

Posted by Soulskill
from the r,-me-hearties dept.
theodp writes: Wondering what kind of things Microsoft might do with its purchase of Revolution Analytics? Over at the Revolutions blog, David Smith announces that in-database R is coming to SQL Server 2016. "With this update," Smith writes, "data scientists will no longer need to extract data from SQL server via ODBC to analyze it with R. Instead, you will be able to take your R code to the data, where it will be run inside a sandbox process within SQL Server itself. This eliminates the time and storage required to move the data, and gives you all the power of R and CRAN packages to apply to your database." It'll no doubt intrigue Data Scientist types, but the devil's in the final details, which Microsoft was still cagey about when it talked-the-not-exactly-glitch-free-talk (starts @57:00) earlier this month at Ignite. So, brush up your R, kids, and you can see how Microsoft walks the in-database-walk when SQL Server 2016 public preview rolls out this summer.
Security

Mobile Spy Software Maker MSpy Hacked, Customer Data Leaked 79

Posted by samzenpus
from the have-some-information dept.
pdclarry writes: mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy's servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer's data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.
Classic Games (Games)

(Hack) and Slash: Doing the LORD's Work 63

Posted by timothy
from the working-in-mysterious-ways dept.
Emmett Plant (former Slashdot editor as well as video interviewee) writes: Legend of the Red Dragon was written by Seth Robinson in 1989, and it remains one of the most popular games of the DOS BBS era. Chris England has been doing his part to keep the game alive for the past twelve years, adapting an installation that runs on Linux. I was only able to play for two days before I was overcome with curiosity -- I wrote to Chris, politely inquiring as to how it all came together. Read on below for a look into Chris's motivations, the state of the project, and just how deeply nested it can all get, when bringing games from early BBS days into the modern era.
Privacy

LinkedIn Used To Create Database of 27,000 US Intelligence Personnel 82

Posted by samzenpus
from the running-the-numbers dept.
An anonymous reader writes: A new group, Transparency Toolkit, has mined LinkedIn to reveal and analyze the resumes of over 27,000 people in the U.S. intelligence community. In the process, Transparency Toolkit said it found previously unknown secret codewords and references to surveillance technologies and projects. "'Transparency Toolkit uses open data to watch the watchers and hold the powerful to account,' the group's website says. 'We build free software to collect and analyze open data from a variety of sources. Then we work with investigative journalists and human rights organizations to turn that into useful, actionable knowledge. Currently, our primary focuses are investigating surveillance and human rights abuses.'"
Science

Scientists Have Paper On Gender Bias Rejected Because They're Both Women 301

Posted by Soulskill
from the social-media-sites-surrender dept.
ferrisoxide.com writes: A paper co-authored by researcher fellow Dr. Fiona Ingleby and evolutionary biologist Dr. Megan Head — on how gender differences affect the experiences that PhD students have when moving into post-doctoral work — was rejected by peer-reviewed PLoS Onebecause they didn't ask a man for help.

A (male) peer reviewer for the journal suggested that the scientists find male co-authors, to prevent "ideologically biased assumptions." The same reviewer also provided his own ironically biased advice, when explaining that women may have fewer articles published because men's papers "are indeed of a better quality, on average," "just as, on average, male doctoral students can probably run a mile race a bit faster."
PLoS One has apologized, saying, "We have formally removed the review from the record, and have sent the manuscript out to a new editor for re-review. We have also asked the Academic Editor who handled the manuscript to step down from the Editorial Board and we have removed the referee from our reviewer database."
Businesses

How Publishing Upstart Mendeley Weathered Revolt and Became Part of the Paywall 81

Posted by timothy
from the best-laid-plans dept.
Lashdots writes At Fast Company, Tina Amritha writes about the controversial rise of reference manager startup Mendeley, which inspired revolt among its users when it announced in 2013 it was being acquired by scholarly publishing conglomerate Elsevier. "Seeing that some of our most vocal advocates thought we had sold them out felt awful," CEO Victor Henning said recently over a tea in Amsterdam, where Elsevier, Mendeley's parent company, is headquartered. "I had steeled myself for some pretty violent reactions beforehand. After all, I was aware of Elsevier's reputation and the mistakes they had made."...

Elsevier, like other large publishers, loathed Mendeley's open model; In 2013, it had forced Mendeley to remove its titles from its database. The thinking behind its acquisition of Mendeley—for a sum rumored to between $69 million and $100 million—was simple: to squash the threat Mendeley posed to its traditional subscription model, and to own the ecosystem that Mendeley had constructed, with its valuable data on the behavior of millions of researchers. But Henning contends, "We've kept the promises we made when we began."
Sony

Wikileaks Publishes Hacked Sony Emails, Documents 143

Posted by samzenpus
from the take-a-look dept.
itwbennett writes Wikileaks has published a searchable database of thousands of emails and documents from Sony Pictures Entertainment that were leaked in late 2014 after the studio was attacked by hackers. Some of the 173,132 emails and 30,287 documents contain highly personal information about Sony employees including home addresses, personal phone numbers and social security numbers, a fact which is likely to raise new concerns about the use of stolen information online.
Security

The Voting Machine Anyone Can Hack 105

Posted by samzenpus
from the vote-now-vote-often dept.
Presto Vivace writes about a study published by the Virginia Information Technology Agency outlining just how bad the security of the AVS WINVote machine is. "Virginia election officials have decertified an electronic voting system after determining that it was possible for even unskilled people to surreptitiously hack into it and tamper with vote counts. The AVS WINVote, made by Advanced Voting Solutions, passed necessary voting systems standards and has been used in Virginia and, until recently, in Pennsylvania and Mississippi. It used the easy-to-crack passwords of 'admin,' 'abcde,' and 'shoup' to lock down its Windows administrator account, Wi-Fi network, and voting results database respectively, according to a scathing security review published Tuesday by the Virginia Information Technologies Agency. The agency conducted the audit after one Virginia precinct reported that some of the devices displayed errors that interfered with vote counting during last November's elections."
Privacy

The DEA Disinformation Campaign To Hide Surveillance Techniques 46

Posted by Soulskill
from the you-can-trust-us dept.
An anonymous reader writes: Ken White at Popehat explains how the U.S. Drug Enforcement Agency has been purposefully sowing disinformation to hide the extent of their surveillance powers. The agency appears to have used a vast database of telecommunications metadata, which they acquired via general (read: untargeted, dragnet-style) subpoenas. As they begin building cases against suspected criminals, they trawl the database for relevant information. Of course, this means the metadata of many innocent people is also being held and occasionally scanned. The Electronic Frontier Foundation has filed a lawsuit to challenge this bulk data collection. The DEA database itself seems to have been shut down in 2013, but not before the government argued that it should be fine not only to engage in this collection, but to attempt to hide it during court cases. The courts agreed, which means this sort of surveillance could very well happen again — and the EFF is trying to prevent that.
Education

Prosecutors Get an 'A' On Convictions of Atlanta Ed-Reform-Gone-Bad Test Cheats 201

Posted by timothy
from the cheating-in-schools-geogia-edition dept.
theodp writes Just weeks after an L.A. Times op-ed called on public schools to emulate high-tech companies by paying high salaries to driven, talented employees whose productivity more than compensates for their high pay, the New York Times reported on the dramatic conclusion to perhaps the largest cheating scandal in the nation's history, which saw a Judge order handcuffed Atlanta educators led off to jail immediately for their roles in a standardized test cheating scandal that raised broader questions about the role of high-stakes testing in American schools. Jurors convicted 11 of the 12 defendants — a mix of Atlanta public school teachers, testing coordinators and administrators — of racketeering, a felony that carries up to 20 years in prison. The Atlanta Journal-Constitution sowed suspicion about the veracity of the test scores in 2009, and while investigators found that cheating was particularly ingrained in individual schools, they also said that the district's top officials, including Superintendent Beverly L. Hall, bore some responsibility for creating "a culture of fear, intimidation and retaliation" that had permitted "cheating — at all levels — to go unchecked for years." (More below.)
Privacy

DHS Wants Access To License-plate Tracking System, Again 114

Posted by Soulskill
from the lesson-not-learned dept.
schwit1 writes: The Department of Homeland Security is seeking bids from companies able to provide law enforcement officials with access to a national license-plate tracking system — a year after canceling a similar solicitation over privacy issues. The reversal comes after officials said they had determined they could address concerns raised by civil liberties advocates and lawmakers about the prospect of the department's gaining widespread access, without warrants, to a system that holds billions of records that reveal drivers' whereabouts. "If this goes forward, DHS will have warrantless access to location information going back at least five years about virtually every adult driver in the U.S., and sometimes to their image as well," said Gregory T. Nojeim, senior counsel for the Center for Democracy & Technology. ... The largest commercial database is owned by Vigilant Solutions, which as of last fall had more than 2.5 billion records. Its database grows by 2.7 million records a day.
Security

DHS: Drug Infusion Pumps Vulnerable To Trivial Hacks 37

Posted by samzenpus
from the maintaining-the-proper-dosage dept.
chicksdaddy writes with news of a DHS warning about the vulnerability of a popular brand of drug pumps. "The Department of Homeland Security warned that drug infusion pump management software sold by Hospira contains serious and exploitable vulnerabilities that could be used to remotely take control of the devices.

The MedNet server software manages drug libraries, firmware updates, and configurations of Hospira intravenous pumps. DHS's Industrial Control System Computer Emergency Response Team (ICS-CERT) said in an advisory issued Tuesday that the MedNet software from the firm Hospira contains four critical vulnerabilities – three of them capable of being exploited remotely. The vulnerabilities could allow a malicious actor to run malicious code on and take control of the MedNet servers, which could be used to distribute unauthorized modifications to medication libraries and pump configurations.

The vulnerabilities were discovered by independent security researcher Billy Rios and reported to both Hospira and ICS-CERT. The vulnerabilities vary in their severity. Among the most serious is Rios's discovery of a plaintext, hard-coded password for the SQL database used by the MedNet software (CVE-2014-5405e). By obtaining that password, an attacker could compromise the MedNet SQL server and gain administrative access to the workstation used to manage deployed pumps."
Books

Book Review: Drush For Developers, 2nd Edition 29

Posted by samzenpus
from the read-all-about-it dept.
Michael Ross writes As with any content management system, building a website using Drupal typically requires extensive use of its administrative interface, as one navigates through its menus, fills out its forms, and reads the admin pages and notifications — or barely skims them, as they have likely been seen by the site builder countless times before. With the aim of avoiding this tedium, speeding up the process, and making it more programmatic, members of the Drupal community created a "shell" program, Drush, which allows one to perform most of these tasks on the command line. At this time, there is only one current print book that covers this tool, Drush for Developers, Second Edition, which is ostensibly an update of its predecessor, Drush User's Guide. Read below for the rest of Michael's review.
Businesses

Why You Should Choose Boring Technology 232

Posted by Soulskill
from the predictable-headaches dept.
An anonymous reader writes Dan McKinley, a long-time Etsy engineer who now works at online payment processor Stripe, argues that the boring technology option is usually your best choice for a new project. He says, "Let's say every company gets about three innovation tokens. You can spend these however you want, but the supply is fixed for a long while. You might get a few more after you achieve a certain level of stability and maturity, but the general tendency is to overestimate the contents of your wallet. Clearly this model is approximate, but I think it helps. If you choose to write your website in NodeJS, you just spent one of your innovation tokens. If you choose to use MongoDB, you just spent one of your innovation tokens. If you choose to use service discovery tech that's existed for a year or less, you just spent one of your innovation tokens. If you choose to write your own database, oh god, you're in trouble. ... The nice thing about boringness (so constrained) is that the capabilities of these things are well understood. But more importantly, their failure modes are well understood."
The Internet

Broadband ISP Betrayal Forces Homeowner To Sell New House 222

Posted by Soulskill
from the let-me-transfer-you-to-our-customer-disservice-center dept.
New submitter knightsirius writes: A Washington homeowner is having to sell his new house after being refused internet service from Comcast and CenturyLink despite receiving confirmation from both that the location was able to receive broadband service. The whole process took months and involved false assurances and bureaucratic convolutions. The national broadband map database frequently cited by Comcast as proof of sufficient competition lists 10 options at his location, including a gigabit municipal fiber network, but he cannot subscribe to it due to Washington state direct sale restrictions.
Databases

Michael Stonebraker Wins Turing Award 40

Posted by Soulskill
from the much-deserved-recognition dept.
An anonymous reader writes: Michael Stonebraker, an MIT researcher who has revolutionized the field of database management systems and founded multiple successful database companies, has won the Association for Computing Machinery's $1 million A.M. Turing Award, often referred to as "the Nobel Prize of computing." In his previous work at the University of California at Berkeley, Stonebraker developed two of his most influential systems, Ingres and Postgres (PDF), which provide the foundational ideas — and, in many cases, specific source code — that spawned several contemporary database products, including IBM's Informix and EMC's Greenplum. Ingres was one of the first relational databases, which provide a more organized way to store multiple kinds of entities – and which now serve as the industry standard for business storage. Postgres, meanwhile, integrated Ingres' ideas with object-oriented programming, enabling users to natively map objects and their attributes into databases. This new notion of "object-relational" databases could be used to represent and manipulate complex data, like computer-aided design, geospatial data, and time series.
Books

Modern PHP: New Features and Good Practices 182

Posted by samzenpus
from the read-all-about-it dept.
Michael Ross writes In recent years, JavaScript has enjoyed a dramatic renaissance as it has been transformed from a browser scripting tool primarily used for special effects and form validation on web pages, to a substantial client-side programming language. Similarly, on the server side, after years as the target of criticism, the PHP computer programming language is seeing a revival, partly due to the addition of new capabilities, such as namespaces, traits, generators, closures, and components, among other improvements. PHP enthusiasts and detractors alike can learn more about these changes from the book Modern PHP: New Features and Good Practices, authored by Josh Lockhart. Keep reading for the rest of Michael's review.
Databases

Why I Choose PostgreSQL Over MySQL/MariaDB 320

Posted by timothy
from the semi-religious-wars dept.
Nerval's Lobster writes For the past ten years, developers and tech pros have made a game of comparing MySQL and PostgreSQL, with the latter seen by many as technically superior. Those who support PostgreSQL argue that its standards support and ACID compliance outweighs MySQL's speed. But MySQL remains popular thanks to its inclusion in every Linux Web hosting package, meaning that a mind-boggling number of Web developers have used it. In a new article, developer David Bolton compares MySQL/MariaDB 5.7.6 (released March 9, 2015) with PostgreSQL 9.4.1 and thinks the latter remains superior on several fronts, including subqueries, JSON support, and better licensing and data integrity: "I think MySQL has done a great job of improving itself to keep relevant, but I have to confess to favoring PostgreSQL."
Medicine

Gates: Large Epidemics Need a More Agile Response 140

Posted by Soulskill
from the looking-to-hire-The-Flash dept.
jones_supa writes: Writing in the NY Times about the recent Ebola crisis, Bill Gates says this disease has made the world realize we are not properly prepared to deal with a global epidemic. Even if we signed up lots of experts right away, few organizations are capable of moving thousands of people, some of them infected, to different locations on the globe, with a week's notice. Data is another crucial problem. During the Ebola epidemic, the database that tracks cases has not always been accurate. This is partly because the situation is chaotic, but also because much of the case reporting has been done first on paper.

There's also our failure to invest in effective medical tools like tests, drugs and vaccines. On average, it has taken an estimated one to three days for test results to come back — an eternity when you need to quarantine people. Drugs that might help stop Ebola were not tested in patients until after the epidemic had peaked, partly because the world has no clear process for expediting drug approvals. Compare all of this to the preparation that nations put into defense, which has high-quality mobile units ready to be deployed quickly.