Computers & Linux News

Researchers at Valimail found that only 5% of the largest voting counties in the U.S. are protected against email impersonation and phishing attacks. TechCrunch reports: Researchers at Valimail, which has a commercial stake in the email security space, looked at the largest three electoral districts in each U.S. state, and found only 10 out of 187 domains were protected with DMARC, an email security protocol that verifies the authenticity of a sender's email and rejects fraudulent or spoofed emails. DMARC, when enabled and properly enforced, rejects fake emails that hackers design to spoof a genuine email address by sending to spam or bouncing it from the target's inbox altogether. Hackers often use spoofed emails to try to trick victims into opening malicious links from people they know. But the research found that although DMARC is enabled on many domains, it's not properly enforced, rendering its filtering efforts largely ineffective. The researchers said 66% of the district election-related domains had no DMARC entry at all, while 28% had either a valid DMARC entry but no enforcement, or an invalid DMARC entry altogether. [...] The worry is that attackers could use the lack of DMARC to impersonate legitimate email addresses to send targeted phishing or malware in order to gain a foothold on election networks or launch attacks, steal data or delete it altogether, a move that would potentially disrupt the democratic process.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Road to VR: Qualcomm today announced Snapdragon XR2 5G, its latest chipset platform dedicated to the needs of standalone VR and AR headsets. The new platform is aimed at high-end devices with support for 3K x 3K displays at 90Hz, along with integrated 5G, accelerated AI processing, and up to seven simultaneous camera feeds for user and environment tracking. While XR1 was made for low-end devices, XR2 5G targets high-end standalone headsets, making it a candidate for Oculus Quest 2, Magic Leap 2, and similar next-gen devices. XR2 offers up notable improvements over Snapdragon 835 (one of the most common chipsets found in current standalone headsets, including Quest); Qualcomm claims 2x performance in CPU & GPU, 4x increase in pixel throughput for video playback, and up to 6x resolution per-eye compared to Snapdragon 835 -- supporting up to 3K x 3K displays at 90Hz. [...] Notably, XR2 supports up to seven simultaneous camera feeds (up from four in prior platforms). This is key for advanced tracking, both of the environment and the user. [...] Qualcomm also says that XR2 offers low-latency pass-through video which could improve the pass-through video experience on headsets like Quest, and potentially enable a wider range of pass-through AR use-cases. Additionally XR2 boasts significantly accelerated AI processing; 11x compared to Snapdragon 835, which could greatly benefit the sort of operations used for turning incoming video feeds into useful tracking information.

Read more of this story at Slashdot.

Commentary: The app is just 3 years young, but has plenty of red flags.

Latest report shows worldwide measles cases increased 15% in 2018 over the previous year.

Apple analyst Ming-Chi Kuo says there will be four new OLED iPhone models in 2020, followed by a new iPhone without a Lightning port in 2021. 9to5Mac reports: In 2021, Kuo is predicting a followup to the iPhone SE 2 as well as a new iPhone model without Lightning connectivity. Kuo says that this would "provide the completely wireless experience," meaning there would be no ports at all rather than a switch to USB-C from Lightning. Kuo implies that Apple only plans to remove the Lightning port from the "highest-end model" at first, rather than from the entire iPhone lineup at once. Kuo says The 2021 followup to the iPhone SE 2, which Kuo refers to as the "iPhone SE 2 Plus," will reportedly feature an all-screen design without a Home button. Kuo predicts this device will have a screen size of either 5.5-inches or 6.1-inches. Interestingly, Kuo says the iPhone SE 2 Plus still won't include Face ID authentication. Instead, Apple is reportedly planning to integrate Touch ID into the power button on the side of the device. As for the 2020 OLED iPhones, here's what Kuo had to say: Kuo predicts that Apple will introduce 5.4-inch, two 6.1-inch, and a 6.7-inch OLED iPhone models in 2020. He says that all four of these iPhones will also feature 5G connectivity. The difference between all of these models, other than screen sizes, will be camera technology. According to Kuo, the 5.4-inch OLED iPhone will feature a dual-camera setup on the back. The lower-end 6.1-inch iPhone will feature a similar dual-camera system. The higher-end 6.1-inch model and the 6.7-inch model will include triple-lens camera setups as well as time-of-flight 3D sensing technology. In terms of design for the 2020 OLED iPhone, Kuo says the form factor will be "similar to the iPhone 4."

Read more of this story at Slashdot.

pgmrdlm shares a report from Business Insider: A suspected terrorist in Syria was reportedly killed with a rare U.S. missile packed with swords, according to multiple reports. The weapon that shredded the car did not explode. While the driver's side was torn apart, the vehicle was actually mostly intact. The deadly precision weapon was, according to a report from the Wall Street Journal in May, designed by the U.S. to reduce civilian casualties. The Journal noted that the R9X has been used covertly, albeit rarely, against targets in Syria, Yemen and elsewhere since 2017.

Read more of this story at Slashdot.

A group of filmmakers have sued the State Department for making visa applicants hand over details about their social media accounts. "The lawsuit argues that the requirement unconstitutionally discourages applicants from speaking online -- and, conversely, discourages people who post political speech from trying to enter the U.S.," reports The Verge. From the report: This lawsuit, filed by the Doc Society and the International Documentary Association, challenges the decision on First Amendment grounds. It calls the registration system "the cornerstone of a far reaching digital surveillance regime" that makes would-be visitors provide "effectively a live database of their personal, creative, and political activities online" -- which the government can monitor at any time, long after the application process has been completed. Applicants must even disclose accounts that they use pseudonymously, and if U.S. authorities fail to keep that information secure, it could potentially endanger people who are trying to avoid censorship from a repressive foreign government. The plaintiffs in this lawsuit say that some non-U.S. members have begun deleting social media content or stopped expressing themselves online because they're afraid it will complicate their ability to enter the U.S. Others have decided to stop working in the country because they don't want to reveal their social media accounts. "The Registration Requirement enables the government to compile a database of millions of people's speech and associations, which it can cross-reference to glean more information about any given visa applicant," warns the suit. And "the government's indefinite retention of information collected through the Registration Requirement further exacerbates the requirement's chilling effect because it facilitates surveillance into the future."

Read more of this story at Slashdot.

The ride-hailing company also reports that 19 fatal assaults happened during its rides in 2017 and 2018.

An anonymous reader quotes a report from ZDNet: After more than two years since it's been used the last time, the Chinese government deployed an infamous DDoS tool named the "Great Cannon" to launch attacks against LIHKG, an online forum where Hong Kong residents are organizing anti-Beijing protests. [...] DDoS attacks with the Great Cannon have been rare, mainly because they tend to generate a lot of bad press for the Chinese government. But in a report published today, AT&T Cybersecurity says the tool has been deployed once again. This time, the Great Cannon's victim was LIHKG.com, an online platform where the organizers of the Hong Kong 2019 protests have been sharing information about the locations of daily demonstrations. The site is also a place where Hong Kong residents congregate to recant stories of Chinese police abuse and upload video evidence. AT&T Cybersecurity says the first Great Cannon DDoS attacks targeted LIHKG on August 31, while the last one being recorded on November 27. AT&T Cybersecurity researcher Chris Doman said the August attacks used JavaScript code that was very similar to the one spotted in the 2017 attacks on Mingjingnews.com. According to LIHKG, the site received more than 1.5 billion requests per hour during the August attack, compared to the site's previous traffic record that was only a meager 6.5 million requests per hour.

Read more of this story at Slashdot.

Save 40% on a wireless diagnostic code reader.

Sixty-seven percent of consumers say they're likely to buy a 5G-compatible phone once the technology is available.

US Customs and Border Protection will rescind its plan.

The Microsoft threat research team scanned all Microsoft user accounts and found that 44 million users were employing usernames and passwords that leaked online following security breaches at other online services. From a report: The scan took place between January and March 2019. Microsoft said it scanned user accounts using a database of over three billion leaked credentials, which it obtained from multiple sources, such as law enforcement and public databases. The scan effectively helped Microsoft identify users who reused the same usernames and passwords across different online accounts. The 44 million total included Microsoft Services Accounts (regular user accounts), but also Azure AD accounts.

Read more of this story at Slashdot.

The Boys won't be toning down the violence for season 2.

A collection of 31 advocacy groups is pressing the Federal Trade Commission on Thursday to dig into how digital media companies advertise to children and collect their data. From a report: The request for the FTC to use its subpoena authority to probe so-called kidtech companies comes as the agency considers updates to how it implements a children's online privacy law. The coalition, which includes the Center for Digital Democracy and the Campaign for a Commercial-Free Childhood, argues the FTC must examine data collection and digital marketing practices before it changes how it enforces the Children's Online Privacy Protection Act. Possible targets for the FTC study include Google, Disney, Viacom, Adobe, TikTok, Twitch and AT&T's Warner Media. "As kids are spending more time than ever on digital devices, we need the full power of the law to protect them from predatory data collection -- but we can't protect children from Big Tech business models if we don't know how those models truly work," Josh Golin, executive director of the Campaign for Commercial-Free Childhood, said in a statement.

Read more of this story at Slashdot.

Let Chrome OS whisk you away to the land of lightweight, inexpensive, and glitch-free laptops. And get some Mandalorian for free at the same time.

A classic color that'll match just about everything.

The admission comes from the author of the snippet itself, Andreas Lundblad, a Java developer at Palantir, and one of the highest-ranked contributors to StackOverflow, a Q&A website for programming-related topics. From a report: An academic paper [PDF] published in 2018 identified a code snippet Lundblad posted on the site as the most copied Java code taken from StackOverflow and then re-used in open source projects. The code snippet was provided as an answer to a StackOverflow question posted in September 2010. The code snippet printed byte counts (123,456,789 bytes) in a human-readable format, like 123.5 MB. Academics found that this code had been copied and embedded in more than 6,000 GitHub Java projects, more than any other StackOverflow Java snippet. In a blog post published last week, Lundblad said that the code had a flaw as it incorrectly converted byte counts into human-readable formats. Lundblad said he revisited the code after learning of the academic paper and its results. He looked at the code again and published a corrected version on his blog.

Read more of this story at Slashdot.

More power may be on the way for G70s without the optional twin-turbo V6.

It's the latest of dozens of lawsuits brought against the ride-hailing company over alleged groping, kidnapping and rape.