Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Databases

Database Attacks Spread To CouchDB, Hadoop, and ElasticSearch Servers (bleepingcomputer.com) 5

An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
Education

The 32-Bit Dog Ate 16 Million Kids' CS Homework (code.org) 59

"Any student progress from 9:19 to 10:33 a.m. on Friday was not saved..." explained the embarrassed CTO of the educational non-profit Code.org, "and unfortunately cannot be recovered." Slashdot reader theodp writes: Code.org CTO Jeremy Stone gave the kids an impromptu lesson on the powers of two with his explanation of why The Cloud ate their homework. "The way we store student coding activity is in a table that until today had a 32-bit index... The database table could only store 4 billion rows of coding activity information [and] we didn't realize we were running up to the limit, and the table got full. We have now made a new student activity table that is storing progress by students. With the new table, we are switching to a 64-bit index which will hold up to 18 quintillion rows of information.
The issue also took the site offline, temporarily making the work of 16 million K-12 students who have used the nonprofit's Code Studio disappear. "On the plus side, this new table will be able to store student coding information for millions of years," explains the site's CTO. But besides Friday's missing saves, "On the down side, until we've moved everything over to the new table, some students' code from before today may temporarily not appear, so please be patient with us as we fix it."
The Almighty Buck

Blockchain Technology Could Save Banks $12 Billion a Year (silicon.co.uk) 109

Mickeycaskill quotes a report from Silicon.co.uk: Accenture research has found Blockchain technology has the potential to reduce infrastructure costs by an average of 30 percent for eight of the world's ten biggest banks. That equates to annual cost savings of $8-12 billion. The findings of the "Banking on Blockchain: A Value Analysis for Investment Banks" report are based on an analysis of granular cost data from the eight banks to identify exactly where value could be achieved. A vast amount of cost for today's investment banks comes from complex data reconciliation and confirmation processes with their clients and counterparts, as banks maintain independent databases of transactions and customer information. However, Blockchain would enable banks to move to a shared, distributed database that spans multiple organizations. It has become increasingly obvious in recent months that blockchain will be key to the future of the banking industry, with the majority of banks expected to adopt the technology within the next three years.
Microsoft

Microsoft's Security Bulletins Will End In February (computerworld.com) 39

Remember how Microsoft switched to cumulative updates? Now Computerworld points out that that's bringing another change. An anonymous reader quotes their report: Microsoft next month will stop issuing detailed security bulletins, which for nearly 20 years have provided individual users and IT professionals information about vulnerabilities and their patches... A searchable database of support documents will replace the bulletins; that database has been available, albeit in preview, since November on the portal Microsoft dubbed the "Security Updates Guide," or SUG. The documents stored in the database are specific to a vulnerability on an edition of Windows, or a version of another Microsoft product. They can be sorted and filtered by the affected software, the patch's release date, its CVE identifier, and the numerical label of the KB, or "knowledge base" support document.
Redmond Magazine reports that Microsoft still plans to continue to issue its security advisories, and to issue "out-of-band" security update releases as necessary.
Privacy

Hackers Corrupt Data For Cloud-Based Medical Marijuana System (bostonglobe.com) 144

Long-time Slashdot reader t0qer writes: I'm the IT director at a medical marijuana dispensary. Last week the point of sales system we were using was hacked... What scares me about this breach is, I have about 30,000 patients in my database alone. If this company has 1,000 more customers like me, even half of that is still 15 million people on a list of people that "Smoke pot"...
" No patient, consumer, or client data was ever extracted or viewed," the company's data directory has said. "The forensic analysis proves that. The data was encrypted -- so it couldn't have been viewed -- and it was never extracted, so nobody has it and could attempt decryption." They're saying it was a "targeted" attack meant to corrupt the data rather than retrieve it, and they're "reconstructing historical data" from backups, though their web site adds that their backup sites were also targeted.

"In response to this attack, all client sites have been migrated to a new, more secure environment," the company's CEO announced on YouTube Saturday, adding that "Keeping our client's data secure has always been our top priority." Last week one industry publication had reported that the outage "has sent 1,000 marijuana retailers in 23 states scrambling to handle everything from sales and inventory management to regulatory compliance issues."
Medicine

Rural Americans At Higher Risk From Five Leading Causes of Death: CDC (cbsnews.com) 373

An anonymous reader quotes a report from CBS News: Americans living in rural areas are more likely to die from five leading causes of death than people living in urban areas, according to a new government report. Many of these deaths are preventable, officials say, with causes including heart disease, cancer, unintentional injuries, stroke, and chronic lower respiratory disease. Approximately 46 million Americans -- about 15 percent of the U.S. population -- currently live in rural areas. According to the CDC report, several demographic, environmental, economic, and social factors might put rural residents at higher risk of death from these conditions. Rural residents in the U.S., for example, tend to be older and sicker than their urban counterparts, and have higher rates of cigarette smoking, high blood pressure, and obesity. People living in rural areas also report less leisure-time physical activity and lower seatbelt use than their those living in urban areas and have higher rates of poverty, less access to health care, and are less likely to have health insurance. Specifically, the report found that in 2014, deaths among rural Americans included: 25,000 from heart disease; 19,000 from cancer; 12,000 from unintentional injuries; 11,000 from chronic lower respiratory disease; 4,000 from stroke. The percentages of deaths that were potentially preventable were higher in rural areas than in urban areas, the authors report. For the study, the researchers analyzed numbers from a national database. The CDC suggests to help close the gap, health care providers in rural areas can: Screen patients for high blood pressure; Increase cancer prevention and early detection; Encourage physical activity and healthy eating; Promote smoking cessation; Promote motor vehicle safety; Engage in safer prescribing of opioids for pain.
Movies

IMDb Ignores New Law Banning It From Publishing Actors' Ages Online, Cites Free Speech Violations (betanews.com) 218

Back in September, the state of California passed a new law that banned sites that offer paid subscriptions, and allow people to post resumes, from publishing individuals' ages. It's a law that has the potential to affect many sites, but it is the Internet Movie Database (IMDb) that hit the headlines. From a report: IMDb was told to remove actors' ages from the site by 1 January, 2017, but the site has failed to take any action. A full week into 2017, IMDb has not only chosen to ignore the new law, but has also filed a lawsuit in a bid to stop California from implementing Assembly Bill No. 1687. The reason? IMDb believes that the law is a violation of the First Amendment and it says the state has "chosen instead to chill free speech and to undermine access to factual information of public interest" rather than trying to tackle age-discrimination in a more meaningful way.
Education

Ask Slashdot: What's The Best Job For This Recent CS Grad? 261

One year away from graduating with a CS degree, an anonymous reader wants some insights from the Slashdot community: [My] curriculum is rather broad, ranging from systems programming on a Raspberry Pi to HTML, CSS, JavaScript, C, Java, JPA, Python, Go, Node.js, software design patterns, basic network stuff (mostly Cisco) and various database technologies... I'm working already part-time as a system administrator for two small companies, but don't want to stay there forever because it's basically a dead-end position. Enjoying the job, though... With these skills under my belt, what career path should I pursue?
There's different positions as well as different fields, and the submission explains simply that "I'm looking for satisfying and rewarding work," adding that "pay is not that important." So leave your suggestions in the comments. What's the best job for this recent CS grad?
Privacy

WikiLeaks Threatens To Publish Twitter Users' Personal Info (usatoday.com) 211

WikiLeaks said on Twitter earlier today that it wants to publish the private information of hundreds of thousands of verified Twitter users. The group said an online database would include such sensitive details as family relationships and finances. USA Today reports: "We are thinking of making an online database with all 'verified' twitter accounts [and] their family/job/financial/housing relationships," the WikiLeaks Task Force account tweeted Friday. The account then tweeted: "We are looking for clear discrete (father/shareholding/party membership) variables that can be put into our AI software. Other suggestions?" Wikileaks told journalist Kevin Collier on Twitter that the organization wants to "develop a metric to understand influence networks based on proximity graphs." Twitter bans the use of Twitter data for "surveillance purposes." In a statement, Twitter said: "Posting another person's private and confidential information is a violation of the Twitter rules." Twitter declined to say how many of its users have verified accounts but the Verified Twitter account which follows verified accounts currently follows 237,000. Verified accounts confirm the identity of the person tweeting by displaying a blue check mark. Twitter says it verifies an account when "it is determined to be an account of public interest." Twitter launched the feature in 2009 after celebrities complained about people impersonating them on the social media service.
Bitcoin

Over 1,800 MongoDB Databases Held For Ransom By Mysterious Attacker (bleepingcomputer.com) 115

An anonymous reader writes: "An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a 0.2 Bitcoin ($200) ransom to return the data," reports Bleeping Computer. According to John Matherly, Shodan founder, over 1,800 MongoDB databases have had their content replaced with a table called WARNING that contains the ransom note. Spotted by security researcher Victor Gevers, these databases are MongoDB instances that feature no administrator password and are exposed to external connections from the internet. Database owners in China have been hit, while Bleeping Computer and MacKeeper have confirmed other infections, one which hit a prominent U.S. healthcare organization and blocked access to over 200,000 user records. These attacks are somewhat similar to attacks on Redis servers in 2016, when an unknown attacker had hijacked and installed the Fairware ransomware on hundreds of Linux servers running Redis DB. The two series of attacks don't appear to be related.
Books

Library Creates Fake Patron Records To Avoid Book-Purging (heraldnet.com) 258

An anonymous reader writes: Chuck Finley checked out 2,361 books from a Florida library in just nine months, increasing their total circulation by 3.9%. But he doesn't exist. "The fictional character was concocted by two employees at the library, complete with a false address and driver's license number," according to the Orlando Sentinel. The department overseeing the library acknowledges their general rule is "if something isn't circulated in one to two years, it's typically weeded out of circulation." So the fake patron scheme was concocted by a library assistant working with the library's branch supervisor, who "said he wanted to avoid having to later repurchase books purged from the shelf." But according to the newspaper the branch supervisor "said the same thing is being done at other libraries, too."
Bug

Nevada Website Bug Leaks Thousands of Medical Marijuana Dispensary Applications (zdnet.com) 55

An anonymous reader quotes a report from ZDNet: Nevada's state government website has leaked the personal data on over 11,700 applicants for dispensing medical marijuana in the state. Each application, eight pages in length, includes the person's full name, home address, citizenship, and even their weight and height, race, and eye and hair color. The applications also include the applicant's citizenship, their driving license number (where applicable), and social security number. Security researcher Justin Shafer found the bug in the state's website portal, allowing anyone with the right web address to access and enumerate the thousands of applications. Though the medical marijuana portal can be found with a crafted Google search query, we're not publishing the web address out of caution until the bug is fixed. A spokesperson for the Nevada Dept. Health and Human Services, which runs the medical marijuana application program, told ZDNet that the website has been pulled offline to limit the vulnerability. The spokesperson added that the leaked data was a "portion" of one of several databases.
Microsoft

LinkedIn Warns 9.5 Million Lynda Users About Database Breach (neowin.net) 35

Less than four weeks after Microsoft formally acquired LinkedIn for $26 billion, there's been a database breach. An anonymous reader writes: LinkedIn is sending emails to 9.5 million users of Lynda.com, its online learning subsidiary, warning the users of a database breach by "an unauthorized third party". The affected database included contact information for at least some of the users. An email to customers says "while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure." Ironically, the breach comes less than a month after Russia blocked access to LinkedIn over privacy concerns.
LinkedIn has also reset the passwords for 55,000 Lynda.com accounts (though apparently many of its users don't have accounts with passwords).
Java

Oracle Begins Aggressively Pursuing Java Licensing Fees (theregister.co.uk) 295

Java SE is free, but Java SE Suite and various flavors of Java SE Advanced are not, and now Oracle "is massively ramping up audits of Java customers it claims are in breach of its licenses," reports the Register. Oracle bought Java with Sun Microsystems in 2010 but only now is its License Management Services division chasing down people for payment, we are told by people familiar with the matter. The database giant is understood to have hired 20 individuals globally this year, whose sole job is the pursuit of businesses in breach of their Java licenses... Huge sums of money are at stake, with customers on the hook for multiple tens and hundreds of thousands of dollars.
Slashdot reader rsilvergun writes, "Oracle had previously sued Google for the use of Java in Android but had lost that case. While that case is being appealed, it remains to be seen if the latest push to monetize Java is a response to that loss or part of a broader strategy on Oracle's part." The Register interviewed the head of an independent license management service who says Oracle's even targeting its own partners now.

But after acquiring Sun in 2010, why did Oracle's License Management Services wait a full six years? "It is believed to have taken that long for LMS to devise audit methodologies and to build a detailed knowledge of customers' Java estates on which to proceed."
Businesses

Yahoo's Billion-User Database Reportedly Sold On the Dark Web for Just $300,000 - NYT (thenextweb.com) 71

An anonymous reader writes: As if 2016 wasn't shitty enough for Yahoo -- which admitted to two separate breaches that saw 500 million users' and then 1 billion users' details stolen by hackers -- the New York Times reports that a billion-user database was sold on the Dark Web last August for $300,000. That's according to Andrew Komarov, chief intelligence office at security firm InfoArmor. He told NYT that three buyers, including two prominent spammers and another who might be involved in espionage tactics purchased the entire database at the aforementioned price from a hacker group believed to based in Eastern Europe. It's lovely to know that it only costs $300,000 to be able to threaten a billion people's online existence -- which means each account is only worth $0.0003 to hackers who can ruin your life online in a matter of minutes. Yahoo also doesn't yet know who made off with all the data from the attack in 2013, which is said to be the largest breach of any company ever.
Privacy

Twitter Blocks Government 'Spy Centers' From Accessing User Data (theguardian.com) 46

An anonymous reader quotes a report from The Guardian: Twitter has blocked federally funded "domestic spy centers" from using a powerful social media monitoring tool after public records revealed that the government had special access to users' information for controversial surveillance efforts. The American Civil Liberties Union of California discovered that so-called fusion centers, which collect intelligence, had access to monitoring technology from Dataminr, an analytics company partially owned by Twitter. The ACLU's records prompted the companies to announce that Dataminr had terminated access for all fusion centers and would no longer provide social media surveillance tools to any local, state or federal government entities. The government centers are partnerships between agencies that work to collect vast amounts of information purportedly to analyze "threats". The spy centers, according to the ACLU, target protesters, journalists and others protected by free speech rights while also racially profiling people deemed "suspicious" by law enforcement. Records that the ACLU obtained uncovered that a fusion center in southern California had access to Dataminr's "geospatial analysis application", which allowed the government to do location-based tracking as well as searches tied to keywords. That means the center could use Dataminr to search billions of tweets and monitor specific demographics or organizations.
China

Why China Can't Lure Tech Talent (bloomberg.com) 219

China may have been hoping to attract tech talent to its nation, but it is unlikely that people in the tech industry will move there. A columnist at Bloomberg explains why: The biggest problem is government control of the internet. For a software developer, the inconvenience goes well beyond not being able to access YouTube during coffee breaks. It means that key software libraries and tools are often inaccessible. In 2013, China blocked Github, a globally important open-source depository and collaboration tool, thereby forcing developers to seek workarounds. Using a virtual private network to "tunnel" through the blockades is one popular option. But VPNs slow uploads, downloads and collaboration. And it isn't just developers who suffer. Among the restricted sites in China is Google Scholar, a tool that indexes online peer-reviewed studies, conference proceedings, books and other research material into an easily accessible format. It's become a crucial database for academics around the world, and Chinese researchers -- even those with VPNs -- struggle to use it. The situation grew so dire this summer that several state-run news outlets published complaints from Chinese scientists, with one practically begging the nationalist Global Times newspaper: "We hope the government can relax supervision for academic purposes." The cumulative impact of these restrictions is significant. Scientists unable to keep up with what researchers in other countries are publishing are destined to be left behind, which is one reason China is having difficulty luring foreign scholars to its universities. Programmers who can't take advantage of the sites and tools that make development a global effort are destined to write software customized solely for the Chinese market. The author has raised several other reasons to make his case.
Medicine

Researchers Successfully Fight Colon Cancer Using Immunotherapy (nytimes.com) 40

Slashdot reader schwit1 quotes the New York Times: The remarkable recovery of a woman with advanced colon cancer, after treatment with cells from her own immune system, may lead to new options for thousands of other patients with colon or pancreatic cancer, researchers are reporting. (Shorter non-paywalled version of the article here). Her treatment was the first to successfully target a common cancer mutation that scientists have tried to attack for decades... so resistant to every attempt at treatment that scientists have described it as "undruggable"... The researchers analyze tumors for mutations -- genetic flaws that set the cancer cells apart from normal ones. They also study tumor-infiltrating lymphocytes, looking for immune cells that can recognize mutations and therefore attack cancerous cells but leave healthy ones alone.
The patient, a 50-year-old database programmer in Michigan, is now cancer-free, according to the article. "Researchers twice denied her request to enter the clinical trial, saying her tumors were not large enough, she said. But she refused to give up and was finally let in."

The treatment ultimately eliminated six of her seven tumors, and because it targeted a cell mutation that's common in colon cancer patients, "Researchers say they now have a blueprint that may enable them to develop cell treatments for other patients as well."
Databases

YouTube, Facebook, Twitter and Microsoft Will Create 'Hash' Database To Remove Extremist Content (reuters.com) 262

bongey writes: Youtube, Facebook, Twitter and Microsoft are teaming up to create a common database to flag extremist videos and pictures. The database is set to go live in 2017. The system will not automatically remove content. Reuters reports: "The companies will share 'hashes' -- unique digital fingerprints they automatically assign to videos or photos -- of extremist content they have removed from their websites to enable their peers to identify the same content on their platforms. 'We hope this collaboration will lead to greater efficiency as we continue to enforce our policies to help curb the pressing global issue of terrorist content online,' the companies said in a statement on Tuesday. Each company will decide what image and video hashes to add to the database and matching content will not be automatically removed, they said. The database will be up and running in early 2017 and more companies could be brought into the partnership."
Government

California State Senator Introduces Bill That Would Mandate Reporting of 'Superbug' Infections, Deaths (reuters.com) 75

An anonymous reader quotes a report from Reuters: A California state senator introduced a bill on Monday that would mandate reporting of antibiotic-resistant infections and deaths and require doctors to record the infections on death certificates when they are a cause of death. The legislation also aims to establish the nation's most comprehensive statewide surveillance system to track infections and deaths from drug-resistant pathogens. Data from death certificates would be used to help compile an annual state report on superbug infections and related deaths. In September, a Reuters investigation revealed that tens of thousands of superbug deaths nationwide go uncounted every year. The infections are often omitted from death certificates, and even when they are recorded, they aren't counted because of the lack of a unified national surveillance system. Because there is no federal surveillance system, monitoring of superbug infections and deaths falls to the states. A Reuters survey of all 50 state health departments and the District of Columbia found that reporting requirements vary widely. Hill's bill would require hospitals and clinical labs to submit an annual summary of antibiotic-resistant infections to the California Department of Health beginning July 1, 2018; amend a law governing death certificates by requiring that doctors specify on death certificates when a superbug was the leading or a contributing cause of death; and require the state Health Department to publish an annual report on resistant infections and deaths, including data culled from death certificates.

Slashdot Top Deals