Microsoft

Microsoft Connects LinkedIn and Office 365 Via Profile Cards, Starting To Capitalize on $26B Deal (geekwire.com) 38

More than a year after Microsoft announced its plans to purchase LinkedIn for $26.2 billion, the technology giant is rolling out some of the first integrations with the business social network. From a report: At its Ignite conference in Orlando this morning, Microsoft plans to announce that Office 365 will include a new "profile card" that can display LinkedIn information. For example, interviewers using Outlook would be able to easily access LinkedIn profiles of job seekers. This integration, the first between Office 365 and LinkedIn since the acquisition, is designed to make it easier for people to search for others inside their organizations. Here's how it works, according to the company: "Users who have access to this feature can access LinkedIn profile information by hovering over a person's name and navigating to the 'LinkedIn' tab on the new profile card. Microsoft service administrators continue to have control over organizational privacy and connected features in their tenant. We respect end-user privacy and will honor your LinkedIn privacy and profile visibility settings."
Sci-Fi

'Star Trek: Discovery' Premieres Tonight (ew.com) 388

An anonymous reader quotes EW.com: Tonight CBS will premiere the first new Star Trek TV series in 12 years at 8:30 p.m. on the company's regular broadcast network. Immediately afterward, the second episode of Star Trek: Discovery will stream exclusively on CBS All Access -- the company's $6 per month streaming service... CBS saw an opportunity to leverage the built-in popularity of Star Trek to help fuel its fledgling All Access streaming service. The service currently has about 1 million subscribers and the company's goal is to grow it to 4 million by 2020...

But once fans watch Discovery, they'll notice the show's production values aren't like a typical broadcast show, but more reminiscent of a premium cable or streaming show. CBS was able to justify spending a bit more money on Discovery since it's going onto the paid tier. Sometimes, you really do get what you pay for.

The Los Angeles Times reports each episode costs $8 million -- though Netflix is paying $6 million for each episode's international broadcast rights. The show's main title sequence has been released, and the Verge reports that the show is set before the original 1966 series (but after Star Trek: Enterprise) along with some other possible spoilers.

Space.com asked one of the show's actors who his favorite Star Trek captain was. "I mean, Kirk," answered James Frain, who plays the Vulcan Sarek in Discovery. "That's like, 'Who's your favorite James Bond?', and if you don't say 'Sean Connery,' really? Come on."
Communications

Verizon Backtracks Slightly In Plan To Kick Customers Off Network (arstechnica.com) 50

An anonymous reader quotes a report from Ars Technica: Verizon Wireless is giving a reprieve to some rural customers who are scheduled to be booted off their service plans, but only in cases when customers have no other options for cellular service. Verizon recently notified 8,500 customers in 13 states that they will be disconnected on October 17 because they used roaming data on another network. But these customers weren't doing anything wrong -- they are being served by rural networks that were set up for the purpose of extending Verizon's reach into rural areas. Today, Verizon said it is extending the deadline to switch providers to December 1. The company is also letting some customers stay on the network -- although they must switch to a new service plan. "If there is no alternative provider in your area, you can switch to the S (2GB), M (4GB), 5GB single-line, or L (8GB) Verizon plan, but you must do so by December 1," Verizon said in a statement released today. These plans range from $35 to $70 a month, plus $20 "line fees" for each line. The 8,500 customers who received disconnection letters have a total of 19,000 lines. Verizon sells unlimited plans in most of the country but said only those limited options would be available to these customers. Verizon also reiterated its promise that first responders will be able to keep their Verizon service even though some public safety officials received disconnection notices. "We have become aware of a very small number of affected customers who may be using their personal phones in their roles as first responders and another small group who may not have another option for wireless service," Verizon said. "After listening to these folks, we are committed to resolving these issues in the best interest of the customers and their communities. We're committed to ensuring first responders in these areas keep their Verizon service."
Privacy

DC Court Rules Tracking Phones Without a Warrant Is Unconstitutional (cbsnews.com) 84

An anonymous reader writes: Law enforcement use of one tracking tool, the cell-site simulator, to track a suspect's phone without a warrant violates the Constitution, the D.C. Court of Appeals said Thursday in a landmark ruling for privacy and Fourth Amendment rights as they pertain to policing tactics. The ruling could have broad implications for law enforcement's use of cell-site simulators, which local police and federal agencies can use to mimic a cell phone tower to the phone connect to the device instead of its regular network. In a decision that reversed the decision of the Superior Court of the District of Columbia and overturned the conviction of a robbery and sexual assault suspect, the D.C. Court of Appeals determined the use of the cell-site simulator "to locate a person through his or her cellphone invades the person's actual, legitimate and reasonable expectation of privacy in his or her location information and is a search."
Businesses

Judge Kills FTC Lawsuit Against D-Link for Flimsy Security (dslreports.com) 97

Earlier this year, the Federal Trade Commission filed a complaint against network equipment vendor D-Link saying inadequate security in the company's wireless routers and internet cameras left consumers open to hackers and privacy violations. The FTC, in a complaint filed in the Northern District of California charged that "D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras." For its part, D-Link Systems said it "is aware of the complaint filed by the FTC." Fast forward nine months, a judge has dismissed the FTC's case, claiming that the FTC failed to provide enough specific examples of harm done to consumers, or specific instances when the routers in question were breached. From a report: "The FTC does not identify a single incident where a consumer's financial, medical or other sensitive personal information has been accessed, exposed or misused in any way, or whose IP camera has been compromised by unauthorized parties, or who has suffered any harm or even simple annoyance and inconvenience from the alleged security flaws in the [D-Link] devices," wrote the Judge. "The absence of any concrete facts makes it just as possible that [D-Link]'s devices are not likely to substantially harm consumers, and the FTC cannot rely on wholly conclusory allegations about potential injury to tilt the balance in its favor."
Security

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (wired.com) 149

An anonymous reader shares a report: Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. It wound up installed on more than 700,000 computers. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected. On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 20 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they'd compromised within the company's network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.
Twitter

Twitter Suspends 300,000 Accounts Tied To Terrorism In 2017 (bloomberg.com) 69

According to a new transparency report, Twitter said it suspended nearly 300,000 accounts globally linked to terrorism in the first half of the year. The company is improving automation tools used to help block accounts that promote terrorism and violence. Bloomberg reports: Of [the nearly 300,000 accounts that were suspended], roughly 95 percent were identified by the company's spam-fighting automation tools. Meanwhile, the social network said government data requests continued to increase, and that it provided authorities with data on roughly 3,900 accounts from January to June. Twitter said about 75 percent of the blocked accounts this year were spotted before a single tweet was sent, and that 935,897 accounts had been suspended since August 2015, with two-thirds of those coming in the past year. American authorities made 2,111 requests from Twitter from January to June, the most of the 83 countries tracked by the company. Twitter supplied information on users in 77 percent of the inquiries. Japan made 1,384 requests and the U.K. issued 606 requests. Turkish authorities continued a trend of aggressively policing Twitter, making 554 requests for account data and issuing court orders to remove 715 pieces of content. Other governments made only 38 total content-removal requests.
Encryption

Why You Shouldn't Use Texts For Two-Factor Authentication (theverge.com) 102

An anonymous reader quotes a report from The Verge: A demonstration video posted by Positive Technologies (and first reported by Forbes) shows how easy it is to hack into a bitcoin wallet by intercepting text messages in transit. The group targeted a Coinbase account protected by two-factor authentication, which was registered to a Gmail account also protected by two-factor. By exploiting known flaws in the cell network, the group was able to intercept all text messages sent to the number for a set period of time. That was enough to reset the password to the Gmail account and then take control of the Coinbase wallet. All the group needed was the name, surname and phone number of the targeted Bitcoin user. These were security researchers rather than criminals, so they didn't actually steal anyone's bitcoin, although that would have been an easy step to take. At a glance, this looks like a Coinbase vulnerability, but the real weakness is in the cellular system itself. Positive Technologies was able to hijack the text messages using its own research tool, which exploits weaknesses in the cellular network to intercept text messages in transit. Known as the SS7 network, that network is shared by every telecom to manage calls and texts between phone numbers. There are a number of known SS7 vulnerabilities, and while access to the SS7 network is theoretically restricted to telecom companies, hijacking services are frequently available on criminal marketplaces. The report notes of several ways you can protect yourself from this sort of attack: "On some services, you can revoke the option for SMS two-factor and account recovery entirely, which you should do as soon as you've got a more secure app-based method established. Google, for instance, will let you manage two-factor and account recovery here and here; just set up Authenticator or a recovery code, then go to the SMS option for each and click 'Remove Phone.'"
Bitcoin

Ethereum Will Match Visa In Scale In a 'Couple of Years,' Says Founder (techcrunch.com) 114

Ethereum's founder, Vitalik Buterin, believes that his cryptocurrency has the potential to replace things like credit card networks and gaming servers. He even goes as far to say that Ethereum will replace Visa in "a couple of years," though he later clarified that "ethereum *will have Visa-scale tx capacity*, not that it will 'replace Visa.'" TechCrunch reports: "There's the average person who's already heard of bitcoin and the average person who hasn't," he said. His project itself builds upon that notion by adding more utility to the blockchain, thereby creating something everyone will want to hear about. "Where Ethereum comes from is basically you take the idea of crypto economics and the kinds of economic incentives that keeps things like bitcoin going to create decentralized networks with memory for a whole bunch of applications," he said. "A good blockchain application is something that needs decentralization and some kind of shared memory." That's what he's building and hopes others will build on the Ethereum network.

Right now the network is a bit too slow for most mainstream applications. "Bitcoin is processing a bit less than 3 transactions per second," he said. "Ethereum is doing five a second. Uber gives 12 rides a second. It will take a couple of years for the blockchain to replace Visa." Buterin doesn't think everything should run on the blockchain but many things can. As the technology expands it can grow to replace many services that require parallelization -- that is programs that should run at the same time.

Communications

T-Mobile To Increase Deprioritization Threshold To 50GB This Week (tmonews.com) 67

After raising its deprioritization threshold to 32GB in May, it looks like T-Mobile will bump it up to 50GB on September 20th, according to a TmoNews source. The move will widen the gap between T-Mobile and its competition. For comparison, Sprint's deprioritization threshold is currently 23GB, while AT&T and Verizon's are both 22GB. TmoNews reports: It's said that this 50GB threshold won't change every quarter and no longer involves a specific percentage of data users. As with the current 32GB threshold, customers that exceed this new 50GB deprioritization threshold in a single month may experience reduced speeds in areas where the network is congested. T-Mobile hasn't issued an announcement regarding this news, but the official @TMobileHelp account recently tweeted "Starting 9/20, the limit will be increased!" in response to a question about this news.
AI

AI Just Made Guessing Your Password a Whole Lot Easier (sciencemag.org) 135

sciencehabit shares a report from Science Magazine: The Equifax breach is reason for concern, of course, but if a hacker wants to access your online data by simply guessing your password, you're probably toast in less than an hour. Now, there's more bad news: Scientists have harnessed the power of artificial intelligence (AI) to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles.

Researchers at Stevens Institute of Technology in Hoboken, New Jersey, started with a so-called generative adversarial network, or GAN, which comprises two artificial neural networks. A "generator" attempts to produce artificial outputs (like images) that resemble real examples (actual photos), while a "discriminator" tries to detect real from fake. They help refine each other until the generator becomes a skilled counterfeiter. The Stevens team created a GAN it called PassGAN and compared it with two versions of hashCat and one version of John the Ripper. The scientists fed each tool tens of millions of leaked passwords from a gaming site called RockYou, and asked them to generate hundreds of millions of new passwords on their own. Then they counted how many of these new passwords matched a set of leaked passwords from LinkedIn, as a measure of how successful they'd be at cracking them. On its own, PassGAN generated 12% of the passwords in the LinkedIn set, whereas its three competitors generated between 6% and 23%. But the best performance came from combining PassGAN and hashCat. Together, they were able to crack 27% of passwords in the LinkedIn set, the researchers reported this month in a draft paper posted on arXiv. Even failed passwords from PassGAN seemed pretty realistic: saddracula, santazone, coolarse18.

Medicine

Sedentary Lifestyle Study Called 'A Raging Dumpster Fire' (arstechnica.com) 153

Ars Technica's health reporter argues that a new study suggesting sitting will kill you "is kind of a raging dumpster fire. It's funded by Big Soda and riddled with weaknesses -- including not measuring sitting." An anonymous reader quotes this report: Let's start with the money: It was funded in part by Coca-Cola... [I]t's hard to look past the fact that this is exactly the type of health and nutrition research Coke wants. In fact, Coca-Cola secretly spent $1.5 million to fund an entire network of academic researchers whose goal was to shift the national health conversation away from the harms of sugary beverages. Instead, their research focused on the benefits of exercise -- i.e., the health risks of sedentary and inactive lifestyles. The research network disbanded after The New York Times published an investigation on the network's funding in 2015...

It didn't actually measure sitting... In their words, "Our study has several limitations. First, the Actical accelerometer cannot distinguish between postures (such as sitting vs. standing); thus, we relied on an intensity-only definition of sedentary behavior." The "intensity-only" definition of sedentary behavior is based on metabolic equivalents, basically units defined by how much oxygen a person uses up doing various activities. But those definitions are also not cut and dried. There are no clear lines between lying down, sitting, standing in place, or light movement... Then there's the participant data: It's not representative -- like, at all... At the time of wearing the accelerometer, the most active group's mean age was 65. The mean age of the least active group: 75.

Groups were assigned based on just a week's worth of data -- or less. And the people placed in the least-active group were already more likely to be smokers, to have diabetes and hypertension, and to have a history of coronary heart disease and stroke.
Government

NSA Launches 'Codebreaker Challenge' For Students: Stopping an Infrastructure Attack (ltsnet.net) 53

Slashdot reader eatvegetables writes: The U.S. National Security Agency launched Codebreaker Challenge 2017 Friday night (Sept 15) at 9 p.m. EST. It started off as a reverse-engineering challenge a few years ago but has grown in scope to include network analysis, reverse-engineering, and vulnerability discovery/exploitation.

This year's challenge story centers around hackers attacking critical "supervisory control and data acquisition" (SCADA) infrastructure. Your mission, should you choose to accept it, is to figure out how the SCADA network is being attacked, find the attack vector(s), and stop the bad guy(s)/gal(s)/other(s).

Codebreaker-Challenge is unusual for capture-the-flag(ish) contests due to the scope/number of challenges and how long the contest runs (now until end of year). Also (this year, at least), the challenge is built around a less than well-known networking protocol, MQTT. It's open to anyone with a school.edu email address. A site leader-board shows which school/University has the most l33t students. Carnegie Mellon and Georgia Institute of Tech are at the top of the leader-board as of Saturday morning.

Last year, 3,300 students (from 481 schools) participated, with 15 completing all six tasks. One Carnegie Mellon student finished in less than 18 hours.

A resources page offers "information on reverse engineering," and the NSA says the first 50 students who complete all the tasks ths year will receive a "small token" of appreciation from the agency.
Social Networks

Facebook Shares Details Of Russia-Bought Ads With US Investigators (cnn.com) 232

An anonymous reader quotes CNN: Special counsel Robert Mueller and his team are now in possession of Russian-linked ads run on Facebook during the presidential election, after they obtained a search warrant for the information. Facebook gave Mueller and his team copies of ads and related information it discovered on its site linked to a Russian troll farm, as well as detailed information about the accounts that bought the ads and the way the ads were targeted at American Facebook users, a source with knowledge of the matter told CNN. The disclosure, first reported by the Wall Street Journal, may give Mueller's office a fuller picture of who was behind the ad buys and how the ads may have influenced voter sentiment during the 2016 election...

As CNN reported Thursday, Facebook is still not sure whether pro-Kremlin groups may have made other ad buys intended to influence American politics that it simply hasn't discovered yet. It is even possible that unidentified ad buys may still exist on the social media network today.

Networking

Scientists Explore A Light Bulb-Based Based 10Gbps Li-Fi/5G Home Network (ispreview.co.uk) 12

Mark.JUK writes: Researchers at Brunel University in London have begun to develop a new 10 Gbps home wireless network using both Li-Fi (light fidelity) and 5G based mmWave technology, which will fit inside LED (light-emitting diode) light bulbs on your ceiling.

In simple terms, the Visible Light Communication (VLC) based Li-Fi technology works by flicking a LED light off and on thousands of times a second (by altering the length of the flickers you can introduce digital communications).

The article says it'd be more energy efficient (and faster) than a standard Wi-Fi network -- though both technologies have trouble penetrating walls, so "you'd have to buy lots of pricey new bulbs in order to cover your home..."

"It's probably not something that an ordinary home owner would want to install; unless you're happy with running lots of optical fibre cable around your various light fittings."
Verizon

8,500 Verizon Customers Disconnected Because of 'Substantial' Data Use (arstechnica.com) 108

An anonymous reader quotes a report from Ars Technica: Verizon is disconnecting another 8,500 rural customers from its wireless network, saying that roaming charges have made certain customer accounts unprofitable for the carrier. The 8,500 customers have 19,000 lines and live in 13 states (Alaska, Idaho, Iowa, Indiana, Kentucky, Maine, Michigan, Missouri, Montana, North Carolina, Oklahoma, Utah, and Wisconsin), a Verizon Wireless spokesperson told Ars today. They received notices of disconnection this month and will lose access to Verizon service on October 17. Verizon said in June that it was only disconnecting "a small group of customers" who were "using vast amounts of data -- some as much as a terabyte or more a month -- outside of our network footprint." But one customer, who contacted Ars this week about being disconnected, said her family never used more than 50GB of data across four lines despite having an "unlimited" data plan. We asked Verizon whether 50GB a month is a normal cut-off point in its disconnections of rural customers, but the company did not provide a specific answer. "These customers live outside of areas where Verizon operates our own network," Verizon said. "Many of the affected consumer lines use a substantial amount of data while roaming on other providers' networks and the roaming costs generated by these lines exceed what these consumers pay us each month. We sent these notices in advance so customers have plenty of time to choose another wireless provider."
Security

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices (bleepingcomputer.com) 121

An anonymous reader quotes a report from Bleeping Computer: Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world. "These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email. "Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device." Consumers are recommended to disable Bluetooth unless you need to use it, but then turn it off immediately. When a patch or update is issued and installed on your device, you should be able to turn Bluetooth back on and leave it on safely. The BlueBorne Android App on the Google Play Store will be able to determine if a user's Android device is vulnerable. A technical report on the BlueBorne flaws is available here (PDF).
Businesses

The New Corporate Recruitment Pool: Workers In Dead-End Jobs (msn.com) 207

New submitter cdreimer writes: According a report from The Wall Street Journal (Warning: source may be paywalled, alternative source), corporations looking to hire new employees are opening offices in cities with high concentration of workers in dead-end jobs who are reluctant to locate but are cheaper to hire than competing locally in tight labor markets. From the report: "Pressed for workers, a New Jersey-based software company went hunting for a U.S. city with a surplus of talented employees stuck in dead-end jobs. Brian Brown, chief operating officer at AvePoint, Inc., struck gold in Richmond. Despite the city's low unemployment rate, the company had no trouble filling 70 jobs there, some at 20% below what it paid in New Jersey. New hires, meanwhile, got more interesting work and healthy raises. Irvine, Calif.-based mortgage lender Network Capital Funding Corp. opened an office in Miami to scoop up an attractive subset of college graduates -- those who settled for tolerable jobs in exchange for living in a city they loved. 'They were not in real careers,' said Tri Nguyen, Network Capital chief executive. He now plans a similar expansion in Philadelphia. Americans have traditionally moved to find jobs. But with a growing reluctance by workers to relocate, some companies have decided to move closer to potential hires. Firms are expanding to cities with a bounty of underemployed, retrieving men and women from freelance gigs, manual labor and part-time jobs with duties that, one worker said, required only a heartbeat to perform. With the national jobless rate near a 16-year low, these pockets of underemployment are a wellspring for companies that recognize most new hires already have jobs but can be poached with better pay and room for advancement. That's preferable to competing for higher-priced workers at home in a tight labor market."
China

China Builds World's Largest EV Charging Network With 167,000 Stations (247wallst.com) 103

"It soon will become easier to charge a Chevy Bolt or Tesla in China," reports 24/7 Wall Street, citing reports from China's official newspaper that they've built the highest number of electric-car charging facilities in the world, offering "the broadest coverage, and the most advanced technology." AmiMoJo quotes their announcement: A total of 167,000 charging piles have now been connected to the telematics platform of the State Grid Corporation of China, making it the world's largest electric vehicle (EV) charging network. By cooperating with 17 charging station operators, the SGCC now offers more than 1 million kilowatt-hours of power each day.
24/7 Wall Street says the ambitious (and government-subsidized) plan "is bound to help electronic car adoption since most vehicles in the category have ranges well under 300 miles."
Social Networks

Why It's So Hard To Trust Facebook (cnn.com) 139

Brian Stelter, writing for CNN: Why won't Facebook show the public the propagandistic ads that a so-called Russian troll farm bought last year to target American voters? That lack of transparency is troubling to many observers. "Show us the ads Zuck!" Silicon Valley entrepreneur Jason Calacanis wrote on Twitter when The Washington Post reported on the surreptitious ad buys on Wednesday. Calacanis said Facebook was "profiting off fake news," echoing a widely held criticism of the social network. It was only the latest example of Facebook's credibility problem. For a business based on the concept of friendship, it's proving to be a hard company to trust. On the business side, Facebook's metrics for advertisers have been error-prone, to say the least. Analysts and reporters have repeatedly uncovered evidence of faulty data and measurement mistakes. Facebook's opaqueness has also engendered mistrust in the political arena. Conservative activists have accused the company of censoring right-wing voices and stories. Liberal activists have raised alarms about its exploitation of personal information to target ads. And the news business is worried about the spread of bogus stories and hoaxes on the site. Some critics have even taken to calling Facebook a "surveillance company," seeking to reframe the business the social network is in -- not networking but ad targeting based on monitoring of users. Over at The Verge, Casey Newton documents inconsistencies in Facebook's public remarks over its role in the outcome of the presidential election last year. Newton says Facebook's shifting Russian ads stories and unwillingness to disclose information citing laws (which seem to imply otherwise) are damaging its credibility.

Slashdot Top Deals