Amazon Will Require Third-Party Sellers To Disclose Names, Addresses

Amazon announced a new policy Wednesday requiring third-party sellers in its marketplace to publicly display their names and addresses starting Sept. 1. Geekwire reports: The disclosure is already required in Europe, Japan, and Mexico. Amazon said it is updating its policy to “ensure there is a consistent baseline of seller information to help customers make informed shopping decisions” in a letter to sellers. Amazon has been working to crack down on knockoff sales on its marketplace for years, most recently forming an internal “Counterfeit Crimes Unit.” Despite spending more than $500 million in 2019 to fight various forms of fraud, counterfeits and defective or unsafe products continue to be a challenge for the company.

Read more of this story at Slashdot.

Source: Slashdot

Shock-Dissipating Fractal Cubes Could Forge High-Tech Armor

An anonymous reader quotes a report from Phys.Org: Tiny, 3-D printed cubes of plastic, with intricate fractal voids built into them, have proven to be effective at dissipating shockwaves, potentially leading to new types of lightweight armor and structural materials effective against explosions and impacts. “The goal of the work is to manipulate the wave interactions resulting from a shockwave,” said Dana Dattelbaum, a scientist at Los Alamos National Laboratory and lead author on a paper to appear in the journal AIP Advances. “The guiding principles for how to do so have not been well defined, certainly less so compared to mechanical deformation of additively manufactured materials. We’re defining those principles, due to advanced, mesoscale manufacturing and design.”

The researchers tested their fractal structures by firing an impactor into them at approximately 670 miles per hour. The structured cubes dissipated the shocks five times better than solid cubes of the same material. Although effective, it’s not clear that the fractal structure is the best shock-dissipating design. The researchers are investigating other void- or interface-based patterns in search of ideal structures to dissipate shocks. New optimization algorithms will guide their work to structures outside of those that consist of regular, repeating structures. Potential applications might include structural supports and protective layers for vehicles, helmets, or other human-wearable protection. The research will be published in the July 2020 issue of AIP Advances.

Read more of this story at Slashdot.

Source: Slashdot

The Far Side Returns After 25 Years, and It’s All Digital

Gary Larson has released new comics for the The Far Side, the first strips since January 1995. Larson does however caution that this is “not a resurrection of The Far Side daily cartoons.” He adds: “I’m just exploring, experimenting, and trying stuff.” The Verge reports: The first of the new comics features bears, aliens, and taxidermy (all staples of The Far Side). The style is comfortably familiar, with two large exceptions: instead of watercolor, the new comics are done in digital brushstrokes that make the images feel more volumetric and vibrant than the original full-color cartoons. Also, the penned outlines, which exist in both the watercolor and black-and-white original comics, are almost entirely gone. The end result is images that evoke the feel of the old comics but are somehow a little less cartoony. The characters and elements all feel unified in the scene together.

Both the style changes and the comic’s return are due to the fact that Larson is now using a digital tablet. After years of frustration dealing with clogged pens and dried-up markers, Larson decided to give going digital a chance. “I was stunned at all the tools the thing offered, all the creative potential it contained. I simply had no idea how far these things had evolved,” Larson writes in an opening letter for New Stuff, the title for his new works. “Perhaps fittingly, the first thing I drew was a caveman.”

Read more of this story at Slashdot.

Source: Slashdot

Police Are Buying Access To Hacked Website Data

Some companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more. Motherboard reports: Motherboard obtained webinar slides by a company called SpyCloud presented to prospective customers. In that webinar, the company claimed to “empower investigators from law enforcement agencies and enterprises around the world to more quickly and efficiently bring malicious actors to justice.” The slides were shared by a source who was concerned about law enforcement agencies buying access to hacked data. SpyCloud confirmed the slides were authentic to Motherboard. “We’re turning the criminals’ data against them, or at least we’re empowering law enforcement to do that,” Dave Endler, co-founder and chief product officer of SpyCloud, told Motherboard in a phone call.

The sale highlights a somewhat novel use of breached data, and signals how data ordinarily associated with the commercial sector can be repurposed by law enforcement too. But it also raises questions about whether law enforcement agencies should be leveraging information originally stolen by hackers. By buying products from SpyCloud, law enforcement would also be obtaining access to hacked data on people who are not associated with any crimes — the vast majority of people affected by data breaches are not criminals — and would not need to follow the usual mechanisms of sending a legal request to a company to obtain user data.

Read more of this story at Slashdot.

Source: Slashdot

Over 100 Wi-Fi Routers Fail Major Security Test — Protect Yourself Now

schwit1 shares a report from Tom’s Guide: Using its own analytical software, the [Fraunhofer Institute] tested the most recently available firmware for 117 home Wi-Fi models currently sold in Europe, including routers from ASUS, D-Link, Linksys, Netgear, TP-Link, Zyxel and the small German brand AVM. The models themselves were not physically tested. A full list of the tested models and firmware is on GitHub. The institute was not able to examine the firmware of 10 more models, mostly from Linksys. The report notes (PDF) that many firmware updates are issued without fixing known flaws.

So what can you do? You can make sure that the next router you buy automatically installs firmware updates. You can check to see whether your current router does so, or makes it fairly easy to install firmware updates manually. You should also make sure that the administrative password for your router has been changed from the factory default password. (Check the list of default passwords at https://www.routerpasswords.com.) You should also check its administrative interface to make sure that UPnP and remote access are disabled. And if your router was first released more than 5 years ago, consider buying a newer model unless it meets all of the above criteria. Alternatively, you could try to “flash” your older router to run more secure open-source router firmware such as OpenWrt, DD-WRT or Tomato. “The worst case regarding high severity CVEs [widely known flaws] is the Linksys WRT54GL powered by the oldest kernel found in our study,” the report said, noting that this model uses the 2.4.20 kernel from 2002. “There are 579 high severity CVEs affecting this product.”

“That particular model last had its firmware updated in January 2016, one of the oldest firmwares in the study,” adds Tom’s Guide. “The Linksys WRT54GL was first released in 2005 and is still sold today, even though it handles Wi-Fi protocols only up to 802.11g. However, the WRT54G series is possibly the best-selling family of Wi-Fi routers ever…”

Read more of this story at Slashdot.

Source: Slashdot

China’s Great Firewall Descends On Hong Kong Internet Users

An anonymous reader quotes a report from The Guardian: At midnight on Tuesday, the Great Firewall of China, the vast apparatus that limits the country’s internet, appeared to descend on Hong Kong. Unveiling expanded police powers as part of a contentious new national security law, the Hong Kong government enabled police to censor online speech and force internet service providers to hand over user information and shut down platforms. Many residents, already anxious since the law took effect last week, rushed to erase their digital footprint of any signs of dissent or support for the last year of protests. Charles Mok, a pro-democracy lawmaker who represents the technology sector, tweeted: “We are already behind the de facto firewall.”

“The law seems to be building up the Great Firewall locally in Hong Kong. Personal freedom on the internet will be eliminated,” said Charles Low, the chairman of the Hong Kong chapter of the Internet Society. “If you say something wrong they can request the service provider to give your IP address or mobile number so they can grab you.” Experts point out that China’s Great Firewall — which allows the government to inspect data as well as block IP addresses and domain names — could not be immediately replicated in Hong Kong, home to several private internet service providers and internet exchanges. “It will take at least a few years to build up the wall,” said Low, adding that what is more likely is a partial blackout, cutting off access to certain sites such as LIHKG or Telegram. “People are indeed kind of panicked and trying to install VPNs and have no idea what it can and cannot help,” said Low, noting that volunteers have been holding workshops to teach residents how to use such tools and how to better protect themselves. “I have faith in Hong Kong people. They will not forget about the freedom we once had.” “[T]he measures could go even further than in mainland China,” adds The Guardian. “The law covers not only permanent residents and foreigners within Hong Kong, but anyone seen as violating the law, regardless of where they are in the world. The security law may also add to the Balkanisation of the internet, with countries having their own fenced-off versions, and major international tech companies will be under pressure not to contribute to that.”

Read more of this story at Slashdot.

Source: Slashdot

Nvidia Eclipses Intel As Most Valuable US Chipmaker

Nvidia has overtaken Intel for the first time as the most valuable U.S. chipmaker. Reuters reports: In a semiconductor industry milestone, Nvidia’s shares rose 2.3% in afternoon trading on Wednesday to a record $404, putting the graphic component maker’s market capitalization at $248 billion, just above the $246 billion value of Intel, once the world’s leading chipmaker. Nvidia’s stock has been among Wall Street’s strongest performers in recent years as it expanded from its core personal computer chip business into datacenters, automobiles and artificial intelligence. Intel, which for decades has dominated in processors for PCs and servers, has struggled to diversify its business after making critical stumbles in the smartphone revolution.

While Intel’s stock has lost almost 3% in 2020, Nvidia’s has surged 68%. Investors have been betting that the shift to working remotely because of the coronavirus pandemic will continue to fuel fast growth in Nvidia’s datacenter business. […] Despite Nvidia’s meteoric stock rise, its sales remain a fraction of Intel’s. Analysts on average see Nvidia’s revenue rising 34% in its current fiscal year to $14.6 billion, while analysts expect Intel’s 2020 revenue to increase 2.5% to $73.8 billion, according to Refinitiv.

Read more of this story at Slashdot.

Source: Slashdot

Microsoft neuters Office 365 account attacks that used clever ruse

The Office Three 65 logo is emblazoned on TVs and boxes in a shopping mall.

Enlarge (credit: Emerson Alecrim / Flickr)

Microsoft has neutered a large-scale fraud campaign that used knock-off domains and malicious apps to scam customers in 62 countries around the world.

The software maker and cloud-service provider last week obtained a court order that allowed it to seize six domains, five of which contained the word “office.” The company said attackers used them in a sophisticated campaign designed to trick CEOs and other high-ranking business leaders into wiring large sums of money to attackers, rather than trusted parties. An earlier so-called BEC, or business email compromise, that the same group of attackers carried out in December used phishing attacks to obtain unauthorized access. The emails used generic business themes such as quarterly earnings reports. Microsoft used technical means to shut it down.

The attackers returned with a new BEC that took a different tack: instead of tricking targets into logging in to lookalike sites, and consequently divulging the passwords, the scam used emails that instructed the recipient to give what was purported to be a Microsoft app access to an Office 365 account. The latest scam used the COVID-19 pandemic as a lure.

Read 9 remaining paragraphs | Comments

Source:

Biz & IT – Ars Technica

Qualcomm Announces Snapdragon 865+: Breaking the 3GHz Threshold

Today, Qualcomm is announcing an update to its extremely successful Snapdragon 865 SoC: the new Snapdragon 865+. AnandTech reports: The new Snapdragon 865+ is a new binned variant of the [Snapdragon 865] with higher peak frequencies on the part of the “prime” CPU as well as the GPU, promising +10% performance on both aspects. Whilst in relative terms the new chipset’s +10% clock improvement isn’t all that earth-shattering, in absolute terms it finally allows the new Snapdragon 865+ to be the first mobile SoC to break past the 3GHz threshold, slightly exceeding that mark at a peak 3.1GHz frequency. Ever since the Cortex-A75 generation we’ve seen Arm make claims about their CPU microarchitectures achieving such high clock frequencies — however in all those years actual silicon products by vendors never really managed to quite get that close in commercial mass-production designs.

We’ve had a chat with Qualcomm’s SVP and GM of mobile business Alex Katouzian, about how Qualcomm achieved this, and fundamentally it’s a combination of aggressive physical design of the product as well as improving manufacturing yields during the product’s lifecycle. Katouzian explained that they would have been able to achieve these frequencies on the vanilla Snapdragon 865 — but they would have had a lower quantity of products being able to meet this mark due to manufacturing variations. Yield improvements during the lifecycle of the Snapdragon 865 means that the company is able to offer this higher frequency variant now. […] There will be a power increase to reach the higher frequencies, however this will only be linear with the increased clock speed, meaning energy efficiency of the new SoC will maintain the same excellent levels of that of the Snapdragon 865, so battery life will not be affected. […] Amongst other new novelties of the Snapdragon 865+ platform is the ability for vendors to bundle with the new FastConnect 6900 Wi-Fi chips from Qualcomm, the company’s new Wi-Fi 6 chipsets with 6GHz band capability (Wi-Fi 6E).

Read more of this story at Slashdot.

Source: Slashdot

Google Open Sources Trademarks With the Open Usage Commons

An anonymous reader quotes a report from ZDNet: Google has announced it is launching a new organization, Open Usage Commons (OUC), to host the trademarks for three of its most important new open-source projects. These are Angular, a web application framework for mobile and desktop; Gerrit, a web-based team code-collaboration tool; and Istio, a popular open mesh platform to connect, manage, and secure microservices. While it only covers three Google projects, for now, OUC is meant to give open-source projects a neutral, independent home for their project trademarks. The organization will also assist with conformance testing, establishing mark usage guidelines, and handling trademark usage issues. The organization will not provide services that are outside the realm of usage, such as technical mentorship, community management, project events, or project marketing. “Having an entity like this does make some sense for a certain number of use cases,” says Andrew “Andy” Updegrove, open-source standards and patent expert and founding partner of top-technology law firm Gesmer Updegrove. “The most obvious one is an unincorporated OSS project. An amorphous group of individuals can’t own a trademark efficiently, so there’s no way to protect the project name unless they agree on a singular owner. There are many cases where an individual member has owned a project mark, and that has often led to downstream problems. So simply having a neutral owner is a community good without going any farther than that.”

Updegrove also said noted trademarks have usually been achieved by a project “approaching a host, like The Apache Foundation or Linux Foundation and asking them to take over as host. But that usually requires taking the project under the umbrella, and subject to the rules, of that foundation.”

Updegrove wonders if there’s “more to the story than meets the eye.” He notes there is one important difference by only handing over the trademarks: “A project that is primarily important to a single vendor and primarily staffed and controlled by developers employed by that employer can continue to exercise effective control while avoiding the market suspicion that might arise if the vendor owned the mark.” He suspects Google is doing this “to up the credibility of some of its projects [to the open-source community] while not taking the more extreme step of turning the project over to a foundation in connection with which a new and more independent governance structure is put in place.”

Read more of this story at Slashdot.

Source: Slashdot