Slashdot.org

Orome1 shares a report from Help Net Security: Nothing should be more important for these sites and apps than the security of the users who keep them in business. Unfortunately, Dashlane found that that 46% of consumer sites, including Dropbox, Netflix, and Pandora, and 36% of enterprise sites, including DocuSign and Amazon Web Services, failed to implement the most basic password security requirements. The most popular sites provide the least guidance when it comes to secure password policies. Of the 17 consumer sites that failed Dashlane's tests, eight are entertainment/social media sites, and five are e-commerce. Most troubling? Researchers created passwords using nothing but the lowercase letter "a" on Amazon, Google, Instagram, LinkedIn, Venmo, and Dropbox, among others. GoDaddy emerged as the only consumer website with a perfect score, while enterprise sites Stripe and QuickBooks also garnered a perfect score of 5/5. Here's a screenshot of how each consumer/enterprise website performed.

Read more of this story at Slashdot.

NBC News originally reported: Google employees will gather for a town hall meeting Thursday afternoon to discuss the tensions ignited by a memo circulated inside the company that claimed to explain why more women are not engineers. Town hall meetings are nothing new at Google, but this one will likely be different after the so-called "Google Manifesto" went viral over the weekend, adding fresh fuel to the debate around gender bias in Silicon Valley. Google CEO Sundar Pichai told employees in an email earlier this week that he would cut his family vacation short in order to facilitate the forum. "The past few days have been very difficult for many at the company, and we need to find a way to debate issues on which we might disagree -- while doing so in line with our Code of Conduct," he wrote. "I'd encourage each of you to make an effort over the coming days to reach out to those who might have different perspectives from your own. I will be doing the same." The town hall comes amid a report from The Guardian that as many as 60 women are considering filing a class action lawsuit against Google, alleging sexism and wage disparity. UPDATE: NBC News now reports the event has been cancelled, with Google CEO Sundar Pichai saying "Googlers are writing in, concerned about their safety and worried they may be 'outed' publicly for asking a question in the Town Hall... we need to step back and create a better set of conditions for us to have the discussion." Instead of the company-wide format, Google will now hold several smaller forums "to gather and engage with Googlers, where people can feel comfortable to speak freely," Pichai wrote.

Read more of this story at Slashdot.

According to Reuters, Amazon is seeking to partner with U.S. venue owners to sell event tickets -- a move that could loosen Ticketmaster's powerful grip on the lucrative ticketing business. From the report: The Seattle-based company sees the U.S. ticketing market as ripe for attack. Consumers dislike ticket fees, and venue owners, sports leagues and teams want more distributors for their tickets as they seek to boost sales. Access to tickets could be another means to lure members to the Amazon Prime shopping club. For music acts and sports teams, selling tickets through Amazon could help sell their merchandise. Currently Ticketmaster, owned by Live Nation Entertainment, is the exclusive seller of primary tickets for many top venues in the United States. Would-be challengers have struggled to compete in the face of Ticketmaster's strong relationships with the operators of major U.S. sports stadiums, arenas, concert halls and other venues. Amazon has had success with ticketing in Britain, where it has been selling seats to West End shows since 2015, even outselling Ticketmaster for some events, according to one of the sources, who owns venues in that country. It is less common for venues in Britain to have an exclusive ticket provider.

Read more of this story at Slashdot.

Archeron writes: It seems that scientists at University of Washington in Seattle have managed to encode malware into genomic data, allowing them to gain full access to a computer being used to analyze the data. While this may be a highly contrived attack scenario, it does ask the question whether we pay sufficient attention to data-driven exploits, especially where the data is instrument-derived. What other systems could be vulnerable to a tampered raw data source? Perhaps audio and RF analysis systems? MIT Technology Review reports: "To carry out the hack, researchers led by Tadayoshi Kohno and Luis Ceze encoded malicious software in a short stretch of DNA they purchased online. They then used it to gain 'full control' over a computer that tried to process the genetic data after it was read by a DNA sequencing machine. The researchers warn that hackers could one day use faked blood or spit samples to gain access to university computers, steal information from police forensics labs, or infect genome files shared by scientists. To make the malware, the team translated a simple computer command into a short stretch of 176 DNA letters, denoted as A, G, C, and T. After ordering copies of the DNA from a vendor for $89, they fed the strands to a sequencing machine, which read off the gene letters, storing them as binary digits, 0s and 1s. Yaniv Erlich, a geneticist and programmer who is chief scientific officer of MyHertige.com, a genealogy website, says the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command. In this case, the command contacted a server controlled by Kohno's team, from which they took control of a computer in their lab they were using to analyze the DNA file." You can read their paper here.

Read more of this story at Slashdot.