Fidelity and Charles Schwab now allow traders to use "voice prints" to authorize stock transactions. But there's more to the story, argues long-time Slashdot reader maiden_taiwan: Fidelity Investments is touting its new security feature, MyVoice, which allows a customer to access his/her financial accounts by telephone without a password. "When you call Fidelity, you'll no longer have to enter PINs or passwords because Fidelity MyVoice helps you interact with us securely and more conveniently. Through natural conversation, MyVoice will detect and verify your voiceprint in the first few moments of the call... Fidelity MyVoice performs even if you have a cold, allergies, or a sore throat."

Based on my own experience, Fidelity now enables MyVoice automatically for its customers who call in for other reasons. Apparently, their conversation with Fidelity customer service provides enough data for MyVoice to recognize them. (Customers are informed afterward that MyVoice has been enabled, and they can opt out, although they aren't told that opting out is possible.)
It's not clear whether Fidelity is creating voice profiles of their customers without asking first. (Fidelity's site says only that their representatives will "offer" to enroll you the next time you call.) But the original submission ends with two more questions. "In an era where Apple's face recognition is easily defeated by family members, is voice recognition any more secure?"

And "Is a 'voiceprint' even possible?"

Slashdot reader pefisher writes: A lot of us on Slashdot have noticed that potential employers advertise for things they don't need. To the point that sometimes they even ask for things that don't exist. Like asking for ten years of experience in a technology that has only just been introduced. It's frustrating because it makes you wonder "what's this employers real game?"

Do they just want to say they advertised for the position, or are they really so immensely stupid, so disconnected from their own needs, that they think they are actually asking for something they can have...? Here is a Harvard Study that addresses one particular angle of this. It doesn't answer any questions, but it does prove that you aren't crazy. And it quantifies the craziness.
The study's author calls it "degree inflation," and after studying 26 million job postings concluded that employers are now less willing to actually train new people on the job, possibly to save money. "Many companies have fallen into a lazy way of thinking about this," the study's author tells The Street, saying companies are "[looking for] somebody who is just job-ready to just show up." The irony is that college graduates will ultimately be paid a higher salary -- even though for many jobs, the study found that a college degree yields zero improvement in actual performance.

The Street reports that "In a market where companies increasingly rely on computerized systems to cull out early-round applicants, that has led firms to often consider a bachelor's degree indicative of someone who can socialize, run a meeting and generally work well with others." One company tells them that "we removed the requirement to have a computer science degree, and we removed the requirement to have experience in development computer programming. And when we removed those things we found that the pool of potential really good team members drastically expanded."

Slashdot reader AmiMoJo reports: Sharp's COCOROBO (heart-bot) vacuum cleaners can not just clean your house. They have cameras that can be viewed from a smart phone, and automatically take pictures of things they find under your sofa. They have microphones and voice recognition, and are able to ask how your day was when you get home from work. You can even activate their speakers and talk to your pets from the office. Unfortunately, so can anyone else if you don't install critical firmware updates.
JPCERT's warning says that the attacker must be on the same LAN to impersonate you, though "as a result, there is a possibility that an arbitrary operation may be conducted."

An anonymous reader quotes Reuters: A bipartisan Harvard University project aimed at protecting elections from hacking and propaganda will release its first set of recommendations today on how U.S. elections can be defended from hacking attacks. The 27-page guidebook calls for campaign leaders to emphasize security from the start and insist on practices such as two-factor authentication for access to email and documents and fully encrypted messaging via services including Signal and Wickr. The guidelines are intended to reduce risks in low-budget local races as well as the high-stakes Congressional midterm contests next year.

Though most of the suggestions cost little or nothing to implement and will strike security professionals as common sense, notorious attacks including the leak of the emails of Hillary Clinton's campaign chair, John Podesta, have succeeded because basic security practices were not followed... "We heard from campaigns that there is nothing like this that exists," said Debora Plunkett, a 31-year veteran of the National Security Agency who joined the Belfer Center this year. "We had security experts who understood security and election experts who understood campaigns, and both sides were eager to learn how the other part worked."
The group includes "top security experts" from both Google and Facebook.

An anonymous reader quotes a report from ZDNet: Imgur, one of the world's most visited websites, has confirmed a hack dating back to 2014. The company confirmed to ZDNet that hackers stole 1.7 million email addresses and passwords, scrambled with the SHA-256 algorithm, which has been passed over in recent years in favor of stronger password scramblers. Imgur said the breach didn't include personal information because the site has "never asked" for real names, addresses, or phone numbers. The stolen accounts represent a fraction of Imgur's 150 million monthly users. The hack went unnoticed for four years until the stolen data was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned. Hunt informed the company on Thursday, a US national holiday observing Thanksgiving, when most businesses are closed. A day later, the company started resetting the passwords of affected accounts, and published a public disclosure alerting users of the breach.