An anonymous reader writes: A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies. The new framework recommends, among other things: “Remove periodic password change requirements.” There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach. Read more of this story at Slashdot.
See the article here:
NIST’s Draft To Remove Periodic Password Change Requirements Gets Vendors’ Approval
The U.S. Department of Labor is accusing Google of discriminating against its female employees and violating federal employment laws with its salaries for women. “We found systemic compensation disparities against women pretty much across the entire workforce, ” Janette Wipper, a Department of Labor regional director, testified in court in San Francisco on Friday. The Guardian reports: Google strongly denied the accusations of inequities, claiming it did not have a gender pay gap. The allegations emerged at a hearing in federal court as part of a lawsuit the DoL filed against Google in January, seeking to compel the company to provide salary data and documents to the government. Google is a federal contractor, which means it is required to allow the DoL to inspect and copy records and information about its its compliance with equal opportunity laws. Last year, the department’s office of federal contract compliance programs requested job and salary history for Google employees, along with names and contact information, as part of the compliance review. Google, however, repeatedly refused to hand over the data, which was a violation of its contractual obligations with the federal government, according to the DoL’s lawsuit. Labor officials detailed the government’s discrimination claims against Google at the Friday hearing while making the case for why the company should be forced to comply with the DoL’s requests for documents. Wipper said the department found pay disparities in a 2015 snapshot of salaries and said officials needed earlier compensation data to evaluate the root of the problem and needed to be able to confidentially interview employees. Read more of this story at Slashdot. 
One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37bn email addresses thanks to a faulty backup. From a report: A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It’s a situation that’s described as “a tangible threat to online privacy and security.” Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who — with a team of helpers — has been investigating since January. River City Media’s database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: “Chances are you, or at least someone you know, is affected.” The leaked, and unprotected, database is what’s behind the sending of over a billion spam emails every day — helped, as Vickery points out, by “a lot of automation, years of research, and fair bit of illegal hacking techniques.” But it’s more than a database that has leaked — it’s River City Media’s entire operation. Read more of this story at Slashdot. 
An anonymous reader writes: Today Staples announced plans to buy Office Depot in a deal worth $6.3 billion. This is a huge consolidation within the office supply industry. Office Depot and OfficeMax were the second- and third-biggest suppliers when they merged in 2013. Adding those to the enormity of Staples would effectively bring the U.S. under a single office supply chain. “The move is expected to draw scrutiny from the Federal Trade Commission, though regulators have been increasingly willing to approve retail mergers in light of burgeoning e-commerce competition. … This isn’t the first time Staples has tried to buy Office Depot. In 1997, the FTC derailed Staples’ acquisition of its rival as anticompetitive. By 2013, though, the agency’s view had shifted. When the FTC allowed Office Depot to buy OfficeMax, it said the advent of online retailing ensured competition in the market for office supplies. Consumers today also rely more heavily on big-box chains such as Wal-Mart Stores Inc. for office products, the commission said.” Read more of this story at Slashdot. 
Thorfinn.au writes with this paper from four researchers (Jehan-François Pâris, Ahmed Amer, Darrell D. E. Long, and Thomas Schwarz, S. J.), with an interesting approach to long-term, fault-tolerant storage: As the prices of magnetic storage continue to decrease, the cost of replacing failed disks becomes increasingly dominated by the cost of the service call itself. We propose to eliminate these calls by building disk arrays that contain enough spare disks to operate without any human intervention during their whole lifetime. To evaluate the feasibility of this approach, we have simulated the behaviour of two-dimensional disk arrays with N parity disks and N(N – 1)/2 data disks under realistic failure and repair assumptions. Our conclusion is that having N(N + 1)/2 spare disks is more than enough to achieve a 99.999 percent probability of not losing data over four years. We observe that the same objectives cannot be reached with RAID level 6 organizations and would require RAID stripes that could tolerate triple disk failures. Read more of this story at Slashdot.