Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
United States

Sysadmin Gets Two Years In Prison For Sabotaging ISP (bleepingcomputer.com) 63

After being let go over a series of "personal issues" with his employer, things got worse for 26-year-old network administrator Dariusz J. Prugar, who will now have to spend two years in prison for hacking the ISP where he'd worked. An anonymous reader writes: Prugar had used his old credentials to log into the ISP's network and "take back" some of the scripts and software he wrote... "Seeking to hide his tracks, Prugar used an automated script that deleted various logs," reports Bleeping Computer. "As a side effect of removing some of these files, the ISP's systems crashed, affecting over 500 businesses and over 5,000 residential customers."

When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.

Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015). Prugar's two-year prison sentence begins December 27.
Iphone

iOS's 'Activation Lock' For Stolen iPads And iPhones Can Be Easily Bypassed (computerworld.com) 53

An anonymous reader quotes ComputerWorld: Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner... One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. [Security researcher] Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.

The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it... "After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock," he said in a blog post.

There's also a five-minute video on YouTube which purports to show a newer version of the same attack.
Power

Nikola Motor Company Reveals Hydrogen Fuel Cell Truck With Range of 1,200 Miles (valuewalk.com) 97

An anonymous reader quotes a report from ValueWalk: Nikola Motor Company just unveiled a huge class 8 truck which will run on hydrogen fuel cells. Nikola claimed that the truck's operational range will be as much as 1,200 miles (1,900 km), and it will be released in 2020. Nikola designed the Nikola One for long-haul transport across a large landmass. The truck will deliver over 1,000 horsepower and 2,000 foot-pounds of torque. Provided these claims are true, the vehicle will provide nearly double the power of the current-gen diesel-powered semis/articulated lorries, notes Ars Technica. The leasing cost of the trucks will include the fuel price, servicing costs and warranty, but exactly how the lease will work is not known now, notes Ars Technica. The company says it has already accepted nearly $3 billion in future orders. A fully-electric drivetrain which gets power from high-density lithium batteries runs the vehicle, and a hydrogen fuel cell charges the batteries on the go. Its reach is presently limited, as hydrogen fueling stations currently exist in only small numbers. This made Nikola decide to construct a network of 364 hydrogen fueling stations across the U.S. and Canada, just like Tesla with its network of Superchargers. Milton claims it will come with a smart dashboard which has the capability of picking the most cost-efficient route for drivers. Also one or two full-size beds will be included inside the vehicle's enormous cab. It will have other luxuries and necessities as well, such as Wi-Fi, a refrigerator, 4G LTE connectivity, freezer, a 40-inch curved 4K TV with Apple TV and a microwave.
Twitter

Reuters Built An Algorithm That Can Identify Real News On Twitter (popsci.com) 114

Reuters has built an algorithm called News Tracer that flags and verifies breaking news on Twitter. The algorithm weeds through all 500 million tweets that are posted on a daily basis to "sort real news from spam, nonsense, ads, and noise," writes Corinne Iozzio via Popular Science: In development since 2014, reports the Columbia Journalism Review, News Tracer's work starts by identifying clusters of tweets that are topically similar. Politics goes with politics; sports with sports; and so on. The system then uses language-processing to produce a coherent summary of each cluster. What differentiates News Tracer from other popular monitoring tools, is that it was built to think like a reporter. That virtual mindset takes 40 factors into account, according to Harvard's NiemanLab. It uses information like the location and status of the original poster (e.g. is she verified?) and how the news is spreading to establish a "credibility" rating for the news item in question. The system also does a kind of cross-check against sources that reporters have identified as reliable, and uses that initial network to identify other potentially reliable sources. News Tracer can also tell the difference between a trending hashtag and real news. The mix of data points News Tracer takes into account means it works best with actual, physical events -- crashes, protests, bombings -- as opposed to the he-said-she-said that can dominate news cycles.
Facebook

Facebook Knows What You're Streaming (bloomberg.com) 98

Facebook is gathering information about the shows Roku and Apple TV owners are streaming. The company then uses the Facebook profile linked to the same IP addresses to tailor the commercials that are shown to individual users. From a report on Bloomberg: For the past few weeks, the social network says, it's been targeting ads to people streaming certain shows on their Roku or Apple TV set-top boxes. It customizes commercials based on the Facebook profiles tied to the IP addresses doing the streaming, according to a company spokesman. He says Facebook is trying out this approach with the A&E network (The Killing, Duck Dynasty) and streaming startup Tubi TV, selecting free test ads for nonprofits or its own products along with a handful of name brands. This push is part of a broader effort by social media companies to build their revenue with ads on video. Twitter is placing much of its ad-sales hopes on streaming partnerships with sports leagues and other content providers. In October, CFO Anthony Noto told analysts on an earnings call that the ads played during Twitter's NFL Thursday Night Football streaming exclusives had been especially successful, with many people watching them in their entirety with the sound turned on. The participants in these partnerships don't yet have a default answer to questions such as who should be responsible for selling the ads or who should get which slice of revenue.
Android

Multiple Vulnerabilities In AirDroid Opens At Least 10 Million Android Users To MITM Attacks, Hijackings (androidpolice.com) 29

AirDroid is a popular Android application that allows users to send and receive text messages and transfer files and see notifications from their computer. Zimperium, a mobile security company, recently released details of several major security vulnerabilities in the application, allowing attackers on the same network to access user information and execute code on a user's device. Since there are between 10 and 50 million installations of the app, many users may be imperiled by AirDroid. Android Police reports: The security issues are mainly due to AirDroid using the same HTTP request to authorize the device and send usage statistics. The request is encrypted, but uses a hardcoded key in the AirDroid application (so essentially, everyone using AirDroid has the same key). Attackers on the same network an intercept the authentication request (commonly known as a Man-in-the-middle attack) using the key extracted from any AirDroid APK to retrieve private account information. This includes the email address and password associated with the AirDroid account. Attackers using a transparent proxy can intercept the network request AirDroid sends to check for add-on updates, and inject any APK they want. AirDroid would then notify the user of an add-on update, then download the malicious APK and ask the user to accept the installation. Zimperium notified AirDroid of these security flaws on May 24, and a few days later, AirDroid acknowledged the problem. Zimperium continued to follow up until AirDroid informed them of the upcoming 4.0 release, which was made available last month. Zimperium later discovered that version 4.0 still had all these same issues, and finally went public with the security vulnerabilities today.
Botnet

International Authorities Take Down Massive 'Avalanche' Botnet, Sinkhole Over 800,000 Domains (arstechnica.com) 53

plover writes: Investigators from the U.S. Department of Justice, the FBI, Eurojust, Europol, and other global partners announced the takedown of a massive botnet named "Avalanche," estimated to have involved as many as 500,000 infected computers worldwide on a daily basis. A Europol release says: "The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, five individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. In addition, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800,000 domains seized, sinkholed or blocked." Sean Gallagher writes via Ars Technica: "The domains seized have been 'sinkholed' to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world. The Justice Department's Office for the Western Federal District of Pennsylvania and the FBI's Pittsburgh office led the U.S. portion of the takedown. 'The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network,' the FBI and DOJ said in their joint statement. In 2010, an Anti-Phishing Working Group report called out Avalanche as 'the world's most prolific phishing gang,' noting that the Avalanche botnet was responsible for two-thirds of all phishing attacks recorded in the second half of 2009 (84,250 out of 126,697). 'During that time, it targeted more than 40 major financial institutions, online services, and job search providers,' APWG reported. In December of 2009, the network used 959 distinct domains for its phishing campaigns. Avalanche also actively spread the Zeus financial fraud botnet at the time."
Earth

Earthquake-Sensing Mobile App 'MyShake' Detects Over 200 Earthquakes Large and Small (techcrunch.com) 25

Back in February, researchers at UC Berkeley released an app called MyShake that detects strong earthquakes seconds before the damaging seismic waves arrive. Several months have passed since its release and app has already detected over 200 earthquakes in more than ten countries. TechCrunch reports: The app has received nearly 200,000 downloads, though only a fraction of those are active at any given time; it waits for the phone to sit idle so it can get good readings. Nevertheless, over the first six months the network of sensors has proven quite effective. "We found that MyShake could detect large earthquakes, but also small ones, which we never thought would be possible," one of the app's creators, Qingkai Kong, told New Scientist. A paper describing the early results was published in Geophysical Research Letters -- the abstract gives a general idea of the app's success: "On a typical day about 8000 phones provide acceleration waveform data to the MyShake archive. The on-phone app can detect and trigger on P waves and is capable of recording magnitude 2.5 and larger events. The largest number of waveforms from a single earthquake to date comes from the M5.2 Borrego Springs earthquake in Southern California, for which MyShake collected 103 useful three-component waveforms. The network continues to grow with new downloads from the Google Play store everyday and expands rapidly when public interest in earthquakes peaks such as during an earthquake sequence." You can download the app for Android here.
Government

FBI To Gain Expanded Hacking Powers as Senate Effort To Block Fails (reuters.com) 153

A last-ditch effort in the Senate to block or delay rule changes that would expand the U.S. government's hacking powers failed Wednesday, despite concerns the changes would jeopardize the privacy rights of innocent Americans and risk possible abuse by the incoming administration of President-elect Donald Trump. Reuters adds: Democratic Senator Ron Wyden attempted three times to delay the changes which, will take effect on Thursday and allow U.S. judges will be able to issue search warrants that give the FBI the authority to remotely access computers in any jurisdiction, potentially even overseas. His efforts were blocked by Senator John Cornyn of Texas, the Senate's second-ranking Republican. The changes will allow judges to issue warrants in cases when a suspect uses anonymizing technology to conceal the location of his or her computer or for an investigation into a network of hacked or infected computers, such as a botnet.
United States

Trump Will Get Power To Send Unblockable Mass Text Messages To All Americans (nymag.com) 552

President-elect Donald Trump will have access to a system which can send unblockable texts to every phone in the United States once he becomes the president. From a report on NYMag: These 90-character messages, known as Wireless Emergency Alerts (or WEAs), are part of a program put in place after Congress passed the Warning, Alert, and Response Network (WARN) Act, in 2006. WEAs allow for targeted messages to be sent to every cell phone getting a signal from certain geographically relevant cell towers (or, in a national emergency, all of them). While it'd be a true nightmare to get screeching alerts from your phone that "Loser Senate Democrats still won't confirm great man Peter Thiel to Supreme Court. Sad!", there are some checks and balances on this. While President-elect Trump hasn't shown much impulse control when it comes to his favorite mass-messaging service, Twitter, the process for issuing a WEA isn't as simple as typing out a 90-character alert from a presidential smartphone and hitting "Send." All WEAs must be issued through FEMA's Integrated Public Alert Warning System, meaning that an emergency alert from the president still has at least one layer to pass through before being issued. While FEMA is under control of the executive branch (the head of FEMA is selected by the president, and reports to the Department of Homeland Security), the agency would have a vested interest in not seeing their alert system bent toward, uh, non-emergency ends.
Facebook

Facebook Cuts Off Competitor Prisma's API Access (nymag.com) 65

Photo-filter app Prisma, the popular program which makes pictures and video look like painterly art, had its access to Facebook's Live Video API revoked this month. From a report on NYMag:According to Prisma, Facebook justified choking off Prisma's access by stating, "Your app streams video from a mobile device camera, which can already be done through the Facebook app. The Live Video API is meant to let people publish live video content from other sources such as professional cameras, multi-camera setups, games or screencasts." This is the implied aim of Facebook's video API, the technical entry point for producers to pump video into Facebook's network: The API is meant for broadcasting setups that are not phone-based. The problem is that none of this is explained in Facebook's documentation for developers. In fact, it states the opposite. Here is the very first question from the company's Live API FAQ: "The Live API is a data feed and the "glue" needed to create higher-quality live videos on Facebook. It allows you to send live content directly to Facebook from any camera."
Java

Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability (arstechnica.com) 30

An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.
EU

Europe Is Getting a Network of 'Ultra-Fast, High-Powered' EV Chargers (theverge.com) 72

An anonymous reader quotes a report from The Verge: BMW Group, Daimler AG, Ford, and Volkswagen have entered into a partnership to create a network of high-speed charging stations for electric vehicles across Europe. The new chargers will be capable of doling out up to 350 kW of power -- which would make them almost three times as powerful as Tesla's Supercharging stations. The result will be "the highest-powered charging network in Europe," according to a statement released by the manufacturers. The automakers say that construction will begin in 2017 with "about 400 sites" being targeted, and that the network will have "thousands of high-powered charging points" available by 2020. Those four major conglomerates will be "equal partners" in the joint venture, but according to the statement they are encouraging other manufacturers to "participate in the network." One of the reasons for bothering to call on other automakers to hook into this system is because there's a standards war happening with fast charging networks. The charging network announced today will use the Combined Charging System (CCS) technology, which is what that most major automakers already use for their EVs. But Nissan, Toyota, and Honda are notable holdouts from CCS, because many of their EVs and plug-in hybrids use a competing standard known as CHAdeMO.
Businesses

CNN Acquires Social-Video Startup Beme, Co-Founded By YouTube Star Casey Neistat (variety.com) 61

CNN announced Monday that it has purchased video-sharing app Beme, and will work with its founder, Casey Neistat, to build a new media brand next year focused on storytelling for a younger audience. Casey Neistat is a YouTube celebrity and tech entrepreneur who launched Beme last year. Variety reports: CNN said the new venture that it's forming out of the acquisition -- aimed at reaching millennial viewers with the street cred of Neistat's reporting and commentary -- will launch in the summer of 2017. All 11 of Beme's employees will join CNN; the cable news network will be shutting down Beme, which had garnered more than 1 million downloads. New York-based filmmaker Neistat, who has more than 5.8 million subscribers on YouTube, announced earlier this month on his channel that he would be suspending his personal vlog to focus on new projects, one of which turns out is the pact with CNN. His daily vlog dispatches cover current political and news events as well as action sequences like his viral "Snowboarding With the NYPD" video last winter. Led by Hackett, formerly VP of engineering at Yahoo's Tumblr, Beme's development team will "build technology to enable the new company and also develop mobile video capabilities for CNN's portfolio of digital properties," according to the Turner-owned cable news network. Neistat, 35, will lead the new venture's "editorial vision" as executive producer. CNN said it will employ its global resources to launch the new media brand, and plans to hire dozens of producers, builders, developers, designers and content creators for the new company. CNN said the new Beme-based company will operate as a standalone business under the CNN Digital umbrella.
Network

Deutsche Telekom Says 900,000 Fixed-Line Customers Suffer Outages (reuters.com) 27

About 900,000 Deutsche Telekom fixed-line customers have been hit by network outages, the carries said on Monday, and it could not rule out "targeted external factors" as the reason. From a Reuters report: Fixed-line customers have had problems connecting to Deutsche Telekom's network since Sunday afternoon, the company said. "Based on the pattern of errors, it can not be ruled out that the router has been targeted externally, with the result that it can no longer log on to the network," Deutsche Telekom, which has 20 million fixed-line customers, said in a statement on it website.
Transportation

Self-Driving Trucks Begin Real-World Tests on Ohio's Highways (cbsnews.com) 178

An anonymous reader writes: "A vehicle from self-driving truck maker Otto will travel a 35-mile stretch of U.S. Route 33 on Monday in central Ohio..." reports the Associated Press. The truck "will travel in regular traffic, and a driver in the truck will be positioned to intervene should anything go awry, Department of Transportation spokesman Matt Bruning said Friday, adding that 'safety is obviously No. 1.'"

Ohio sees this route as "a corridor where new technologies can be safely tested in real-life traffic, aided by a fiber-optic cable network and sensor systems slated for installation next year" -- although next week the truck will also start driving on the Ohio Turnpike.

Government

Trump National Security Adviser Michael Flynn Had 'Forbidden' Internet Connection At the Pentagon, Says Report (businessinsider.com) 313

According to The New Yorker, President-elect Donald Trump's national security advisor, retired Lt. Gen. Michael Flynn, installed a secret internet connection into his office at the Pentagon even though it was "forbidden." Business Insider reports: The network connection was among other rules the former chief of the Defense Intelligence Agency broke because he found them to be "stupid," including sometimes sneaking out of a CIA station in Iraq without authorization and sharing classified information with NATO allies without approval, according to The New Yorker. While Flynn -- who was recently tapped to be President-elect Donald Trump's national security adviser -- apparently had his own private connection, the New Yorker profile doesn't provide a clear picture as to why. It's likely his Pentagon office already had an authorized, unclassified connection to the internet called NIPRNet, which is separate from classified networks such as SIPRNet and JWICS, a former DIA analyst told Business Insider. All of those networks are monitored in some way. A separate, unknown network would not have had the same -- or possibly any -- level of monitoring. If it were implemented in secret, it would also not have the same protections from hackers that a known connection would have. It's also possible that Flynn's Pentagon office was known as a SCIF, or sensitive compartmented information facility -- a secure facility in which intelligence can be discussed without fear of it being compromised. Network connections in SCIFs are closely controlled, and outside electronics such as mobile phones are not allowed inside.
Google

Google's DeepMind Made an AI Watch Close To 5000 Videos So That It Surpasses Humans in Lip-Reading (thetechportal.com) 80

A new AI tool created by Google and Oxford University researchers could significantly improve the success of lip-reading and understanding for the hearing impaired. In a recently released paper on the work, the pair explained how the Google DeepMind-powered system was able to correctly interpret more words than a trained human expert. From a report: To accomplish the task, a cohort of scientists fed thousands of hours of TV footage -- 5000 to be precise -- from the BBC to a neural network. It was made to watch six different TV shows, which aired between the period of January 2010 and December 2015. This included 118,000 difference sentences and some 17,500 unique words. To understand the progress, it successfully deciphered words with a 46.8 percent accuracy. The neural network had to recognize the same based on mouth movement analysis. The under 50 percent accuracy might seem laughable to you but let me put things in perspective for you. When the same set of TV shows were shown to a professional lip-reader, they were able to decipher only 12.4 percent of words without error. Thus, one can understand the great difference in the capability of the AI as compared to a human expert in that particular field.
Microsoft

Microsoft Set To Win EU Approval for LinkedIn Buy (reuters.com) 24

Microsoft is set to gain EU approval for its $26 billion buy of professional social network LinkedIn with tweaks to concessions aimed at addressing competition concerns, three people close to the matter said on Wednesday. From a report on Reuters: Microsoft last week told the European Commission that it would still allow LinkedIn's rivals access to its software such as its Outlook program and give hardware makers the option of installing competing professional social networks on computers after the acquisition. The second plank of the concession is important because of the company's battle with the EU competition authority over the last decade and the policy of tying its products to block rivals, resulting in fines of more than 2.2 billion euros.
NASA

Trump To Scrap NASA Climate Research In Crackdown On 'Politicized Science' (theguardian.com) 667

dryriver quotes a report from The Guardian: Donald Trump is poised to eliminate all climate change research conducted by NASA as part of a crackdown on "politicized science," his senior adviser on issues relating to the space agency has said. Nasa's Earth science division is set to be stripped of funding in favor of exploration of deep space, with the president-elect having set a goal during the campaign to explore the entire solar system by the end of the century. This would mean the elimination of NASA's world-renowned research into temperature, ice, clouds and other climate phenomena. [NASA's network of satellites provide a wealth of information on climate change, with the Earth science division's budget set to grow to $2 billion (PDF) next year. By comparison, space exploration has been scaled back somewhat, with a proposed budget of $2.8 billion in 2017.] Kevin Trenberth, senior scientist at the National Center for Atmospheric Research, said as Nasa provides the scientific community with new instruments and techniques, the elimination of Earth sciences would be "a major setback if not devastating." "It could put us back into the 'dark ages' of almost the pre-satellite era," he said. "It would be extremely short sighted."

Slashdot Top Deals