Tesla Short Sellers Actually Made Over $1 Billion After Musk’s Taking-Private Tweet

An anonymous reader quotes Fortune:
Investors betting that Tesla stock will lose value — so-called “shorts” — have made $1.2 billion since CEO Elon Musk first tweeted about taking the company private. Much of that gain came on Friday, after the New York Times published a revealing, emotional interview with Musk that drove Tesla stock down nearly 9%. The tally comes from a report released Friday by stock analytics firm S3 Partners. The Friday collapse helped reverse a price spike after Musk’s August 7 Tweet saying he was “considering taking Tesla private at $420,” about 18% higher than the stock’s market value at the time.
According to S3, the subsequent surge in Tesla stock cost short positions $1.3 billion. But soon after, it became clear that Musk had exaggerated the certainty of his funding, and the SEC began a probe of his statements, driving the stock back down. On Friday, the Times interview with Musk detailed his 120-hour work weeks, lack of social life, and reliance on Ambien to sleep. That sent the stock down 9% in one day, for a total drop of 19% over 10 days. That gave $2.5 billion back to the shorts, for a net gain of $1.2 billion since Musk’s going-private tweet.

Tesla remains the most-shorted stock on the American stock exchanges, and the researchers note that only 4% of shorts have actually cashed in these on-paper gains.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Australians Who Won’t Unlock Their Phones Could Face 10 Years In Jail

An anonymous reader quotes the Sophos security blog:

The Australian government wants to force companies to help it get at suspected criminals’ data. If they can’t, it would jail people for up to a decade if they refuse to unlock their phones. The country’s Assistance and Access Bill, introduced this week for public consultation, strengthens the penalties for people who refuse to unlock their phones for the police. Under Australia’s existing Crimes Act, judges could jail a person for two years for not handing over their data. The proposed Bill extends that to up to ten years, arguing that the existing penalty wasn’t strong enough…
[C]ompanies would be subject to two kinds of government order that would compel them to help retrieve a suspect’s information. The first of these is a “technical assistance notice” that requires telcos to hand over any decryption keys they hold. This notice would help the government in end-to-end encryption cases where the target lets a service provider hold their own encryption keys. But what if the suspect stores the keys themselves? In that case, the government would pull out the big guns with a second kind of order called a technical capability notice. It forces communications providers to build new capabilities that would help the government access a target’s information where possible. In short, the government asks companies whether they can access the data. If they can’t, then the second order asks them to figure out a way….
The government’s explanatory note says that the Bill could force a manufacturer to hand over detailed specs of a device, install government software on it, help agencies develop their own “systems and capabilities”, and notify agencies of major changes to their systems.

“[T]he proposed legislation also creates a new class of access warrant that lets police officers get evidence from devices in secret before the device encrypts it, including intercepting communications and using other computers to access the data. It also amends existing search and seizure warrants, allowing the cops to access data remotely, including online accounts.”

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Nvidia Is Giving Up On the Cryptocurrency Mining Market

“Nvidia’s nine-month crypto gold rush is over,” reports the Los Angeles Times. An anonymous reader quotes their report:
“Our core platforms exceeded our expectations, even as crypto largely disappeared,” founder and Chief Executive Jensen Huang said Thursday on a conference call. “We’re projecting no cryptomining going forward….” Nvidia said it had expected about $100 million in sales of chips bought by currency miners in the fiscal second quarter. Instead, the total was $18 million in the period, and that revenue is likely to disappear entirely in future quarters, the company said.
Investors are expressing their concern at the sudden collapse of what had looked like a billion-dollar business. Three months ago, Nvidia said it generated $289 million in sales from cryptocurrency miners, but warned that demand was declining rapidly and might fall by as much as two-thirds. Even that prediction was too optimistic.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

New VORACLE Attack Can Recover HTTP Data From Some VPN Connections

“A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions,” reports Bleeping Computer, citing research presented last week at the Black Hat and DEF CON security conferences. An anonymous reader writes:

The conditions are that the VPN service/client uses the OpenVPN protocol and that the VPN app compresses the HTTP traffic before it encrypts it using TLS. To make matters worse, the OpenVPN protocol compresses all data by default before sending it via the VPN tunnel. At least one VPN provider, TunnelBear, has now updated its client to turn off the compression. [UPDATE: ExpressVPN has since also disabled compression to prevent VORACLE attacks.]

HTTPS traffic is safe, and only HTTP data sent via the VPN under these conditions can be recovered. Users can also stay safe by switching to another VPN protocol if their VPN client suppports multiple tunneling technologies.
In response to the security researcher’s report, the OpenVPN project “has decided to add a more explicit warning in its documentation regarding the dangers of using pre-encryption compression.”

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Linux Study Argues Monolithic OS Design Leads To Critical Exploits

Long-time Slashdot reader Mike Bouma shares a paper (via OS News) making the case for “a small microkernel as the core of the trusted computing base, with OS services separated into mutually-protected components (servers) — in contrast to ‘monolithic’ designs such as Linux, Windows or MacOS.”

While intuitive, the benefits of the small trusted computing base have not been quantified to date. We address this by a study of critical Linux CVEs [PDF] where we examine whether they would be prevented or mitigated by a microkernel-based design. We find that almost all exploits are at least mitigated to less than critical severity, and 40% completely eliminated by an OS design based on a verified microkernel, such as seL4….

Our results provide very strong evidence that operating system structure has a strong effect on security. 96% of critical Linux exploits would not reach critical severity in a microkernel-based system, 57% would be reduced to low severity, the majority of which would be eliminated altogether if the system was based on a verified microkernel. Even without verification, a microkernel-based design alone would completely prevent 29% of exploits…

The conclusion is inevitable: From the security point of view, the monolithic OS design is flawed and a root cause of the majority of compromises. It is time for the world to move to an OS structure appropriate for 21st century security requirements.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Twitter Is ‘Rethinking’ Its Service, and Suspending 1M Accounts Each Day

Twitter’s CEO told the Washington Post he’s “rethinking” core parts of Twitter:
Dorsey said he was experimenting with features that would promote alternative viewpoints in Twitter’s timeline to address misinformation and reduce “echo chambers.” He also expressed openness to labeling bots — automated accounts that sometimes pose as human users — and redesigning key elements of the social network, including the “like” button and the way Twitter displays users’ follower counts. “The most important thing that we can do is we look at the incentives that we’re building into our product,” Dorsey said. “Because they do express a point of view of what we want people to do — and I don’t think they are correct anymore.”
Dorsey’s openness to broad changes shows how Silicon Valley leaders are increasingly reexamining the most fundamental aspects of the technologies that have made these companies so powerful and profitable. At Facebook, for example, CEO Mark Zuckerberg has commissioned a full review of his company’s products to emphasize safety and trust, from mobile payments to event listings…. In recent months, Twitter has made several changes to promote safety and trust. It has introduced new machine learning software to monitor account behavior and is suspending over a million problematic accounts a day…. Dorsey said Twitter hasn’t changed its incentives, which were originally designed to nudge people to interact and keep them engaged, in the 12 years since Twitter was founded.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Wifi Could Be Used To Detect Guns and Bombs, Researchers Say

An anonymous reader quotes the BBC:
Ordinary wi-fi could be used to detect weapons and explosives in public places, according to a study led by the Rutgers University in New Jersey. Wireless signals can penetrate bags to measure the dimensions of metal objects or estimate the volume of liquids, researchers claim. Initial tests appeared to show that the system was at least 95% accurate. It could provide a low-cost alternative to airport-style security, researchers said. The system works by analysing what happens when wireless signals penetrate and bounce off objects and materials.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

H-1B Visa Use Soared Last Year At Major Tech Firms

“Even as the White House began cracking down on U.S. work visas, major Silicon Valley technology firms last year dramatically ramped up hiring of workers under the controversial H-1B visa program,” reports the Mercury News.

Menlo Park-based Facebook in 2017 received 720 H-1B approvals, a 53 percent increase over 2016, according to the National Foundation for American Policy, which obtained federal government data. Mountain View’s Google received 1,213 H-1B approvals, a 31 percent increase. The number of H-1B approvals at Intel in Santa Clara rose 19 percent and Cupertino-based Apple received 673, a 7 percent increase…. [E]xperts say the data doesn’t show how many additional H-1B contractors tech companies may get from staffing agencies or outsourcing companies. In response to this news organization’s inquiries, Facebook said it does not publicly discuss its use of H-1B workers or contractors. Google, Apple and Intel did not respond to requests for information about their use of H-1B workers or contractors….
Amazon chalked up the largest increase in H-1B approvals, with 2,515 in 2017, a 78 percent leap. Microsoft received 1,479 approvals, an increase of 29 percent. Neither company responded to a request for comment.
A distinguished fellow at Carnegie Mellon’s School of Engineering at Silicon Valley believes that the threat of a U.S. crackdown on H-1B visas may simply have prompted companies to secure as many visas as possible while they could.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

Encrypt NFSv4 with TLS Encryption Using Stunnel

The systems and database administrator for a Fortune 500 company notes that while NFS is “decades old and predating Linux…the most obvious feature missing from NFSv4 is native, standalone encryption.” emil (Slashdot reader #695) summarizes this article from Linux Journal:
NFS is the most popular remote file system in the Linux, UNIX, and greater POSIX community. The NFS protocol pushes file traffic over cleartext connections in the default configuration, which is poison to sensitive information.
TLS can wrap this traffic, finally bringing wire security to files vulnerable to compromise in transit. Before using a cloud provider’s toolset, review NFS usage and encrypt where necessary.
The article’s author complains that Google Cloud “makes no mention of data security in its documented procedures,” though “the performance penalty for tunneling NFS over stunnel is surprisingly small….”
“While the crusade against telnet may have been largely won, Linux and the greater UNIX community still have areas of willful blindness. NFS should have been secured long ago, and it is objectionable that a workaround with stunnel is even necessary.”

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized

EU Accepts Resolution Abolishing Planned Obsolescence, Making Devices Easier to Repair

Long-time Slashdot reader AmiMoJo writes: The European Parliament accepted a resolution to lengthen consumer goods and software’s longevity, a counter to the alleged planned obsolescence process built into a lot of products. The European Parliament now wants the European Commission to create a clear definition of the term “planned obsolescence” and to develop a system to track that aging process. It also wants longer warranty periods and criteria to measure a product’s strength. Each and every device should also have a mention of its minimal life expectancy.

Devices should also be easier to repair: batteries and other components should be freely accessible for replacement, unless safety dictates otherwise. Manufacturers will also need to give other companies access to their components so that consumers can visit those companies for repairs.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized