Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Crime

Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) 66

An anonymous reader quotes Hot Hardware: Stu Gale, who just so happens to be a computer security expert, had the misfortune of having his laptop stolen from his car overnight. However, Gale did have remote software installed on the device which allowed him to track whenever it came online. So, he was quite delighted to see that a notification popped up on one of his other machines alerting him that his stolen laptop was active. Gale took the opportunity to remote into the laptop, only to find that the not-too-bright thief was using his laptop to login to her Facebook account.

The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.

In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.

Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."
Firefox

The SHA-1 End Times Have Arrived (threatpost.com) 30

"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...

Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant.
The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare
AI

Newest Tesla Autopilot Data Shows A 40% Drop in Crashes (bloomberg.com) 120

There's a surprise in the data from an investigation into Tesla safety by the U.S. National Highway Traffic Safety Administration. An anonymous reader quotes Bloomberg: [W]hile all Tesla vehicles come with the hardware necessary for Autopilot, you need a software upgrade that costs thousands of dollars to make it work. Since buyers can add Autopilot features after purchase, this provides a perfect before-and-after comparison. It turns out that, according to the data Tesla gave investigators, installing Autopilot prevents crashes -- by an astonishing 40 percent...

Now -- thanks to an investigation that initially hurt the company -- there is finally some real data, and it's good news for Tesla... As the software matures to match the new hardware, Musk said on Thursday via a Tweet, Tesla is targeting a 90 percent reduction in car crashes.

Security

Pwn2Own 2017 Offers Big Bounties For Linux, Browser, and Apache Exploits (eweek.com) 34

Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:
  • $100,000 for escaping a virtualization hypervisor
  • $80,000 for a Microsoft Edge or Google Chrome exploit
  • $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
  • $50,000 for an Apple Safari exploit
  • $30,000 for a Firefox exploit
  • $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
  • $200,000 for an Apache Web Server exploit

Google

Google Pressured 90,000 Android Developers Over Insecure Apps (pcworld.com) 46

An anonymous reader quotes PCWorld: Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps...

In the early days of the App Security Improvement program, developers only received notifications, but were under no pressure to do anything. That changed in 2015 when Google expanded the types of issues it scanned for and also started enforcing deadlines for fixing many of them... Google added checks for six new vulnerabilities in 2015, all of them with a patching deadline, and 17 in 2016, 12 of which had a time limit for fixes. These issues ranged from security flaws in third-party libraries, development frameworks and advertising SDKs to insecure implementations of Android Java classes and interfaces.

100,000 applications had been patched by April of 2016, but that number tripled over the next nine months, with 90,000 developers fixing flaws in over 275,000 apps.
Cellphones

FTC Dismantles Two Huge Robocall Organizations (onthewire.io) 110

Billions of robocalls came from two groups selling extended auto warranties, SEO services, and home security systems over the last seven years -- many to numbers on the "Do Not Call" list -- but this week the Federal Trade Commission took action. Trailrunner7 shares this report from OnTheWire: Continuing its campaign against phone fraud operations, the FTC has dismantled two major robocall organizations... They and many of their co-defendants have agreed to court-ordered bans on robocall activities and financial settlements... The FTC and the FCC both have been cracking down on illegal robocall operations recently. The FCC has formed a robocall strike force with the help of carriers and also has signed an agreement to cooperate with Canadian authorities to address the problem.
"The law is clear about robocalls," says one FTC executive. "If a telemarketer doesn't have consumers' written permission, it's illegal to make these calls."
Microsoft

Microsoft To Lay Off 700 Employees Next Week, Report Says (geekwire.com) 154

According to a report by Business Insider (Warning: may be paywalled), Microsoft will cut about 700 jobs in conjunction with its quarterly earnings release next week. GeekWire reports: The latest layoffs are part of the company's previously announced plan to cut about 2,850 roles globally during its current fiscal year, according to the Business Insider report. The company declined to comment this afternoon, but we understand the report to be accurate, based on our own sources. Next week's cuts will be spread across a variety of job functions inside the company. The company's previous job cuts have come in areas including its smartphone business and global sales team. Microsoft announced its largest cuts in July 2014, eliminating 18,000 jobs, or 14 percent of the company at the time.
Mars

Scientists Enter Hawaii Dome In Eight-Month Mars Space Mission Study (reuters.com) 87

An anonymous reader quotes a report from Reuters: Six scientists have entered a dome perched atop a remote volcano in Hawaii where they will spend the next eight months in isolation to simulate life for astronauts traveling to Mars, the University of Hawaii said. The study is designed to help NASA better understand human behavior and performance during long space missions as the U.S. space agency explores plans for a manned mission to the Red Planet. The crew will perform geological field work and basic daily tasks in the 1,200-square-foot (365 m) dome, located in an abandoned quarry 8,000 feet (2.5 km) above sea level on the Mauna Loa volcano on Hawaii's Big Island. There is little vegetation and the scientists will have no contact with the outside world, said the university, which operates the dome. Communications with a mission control team will be time-delayed to match the 20-minute travel time of radio waves passing between Earth and Mars. "Daily routines include food preparation from only shelf-stable ingredients, exercise, research and fieldwork aligned with NASA's planetary exploration expectations," the university said. The project is intended to create guidelines for future missions to Mars, some 35 million miles (56 million km) away, a long-term goal of the U.S. human space program. The NASA-funded study, known as the Hawaii Space Exploration Analog and Simulation (Hi-SEAS), is the fifth of its kind.
The Almighty Buck

The Mind-Reading Gadget For Dogs That Got Funded, But Didn't Get Built (ieee.org) 62

the_newsbeagle writes: Crowdfunding campaigns that fail to deliver may be all too common, but some flameouts merit examination. Like this brain-scanning gadget for dogs, which promised to translate their barks into human language. It's not quite as goofy as it sounds: The campaigners planned to use standard EEG tech to record the dogs' brainwaves, and said they could correlate those electrical patterns with general states of mind like excitement, hunger, and curiosity. The campaign got a ton of attention in the press and raised twice the money it aimed for. But then the No More Woof team seemed to vanish, leaving backers furious. This article explains what went wrong with the campaign, and what it says about the state of neurotech gadgets for consumers.
Movies

CBS, Paramount Settle Lawsuit Over 'Star Trek' Fan Film (hollywoodreporter.com) 139

An anonymous reader quotes a report from Hollywood Reporter: Stand down from battle stations. Star Trek rights holders CBS and Paramount have seen the logic of settling a copyright suit against Alec Peters, who solicited money on crowdfunding sites and hired professionals to make a YouTube short and a script of a planned feature film focused on a fictional event -- a Starfleet captain's victory in a war with the Klingon Empire -- referenced in the original 1960s Gene Roddenberry television series. Thanks to the settlement, CBS and Paramount won't be going to trial on Stardate 47634.44, known to most as Jan. 31, 2017. According to a joint statement, "Paramount Pictures Corporation, CBS Studios Inc., Axanar Productions, Inc. and Alec Peters are pleased to announce that the litigation regarding Axanar's film Prelude to Axanar and its proposed film Axanar has been resolved. Axanar and Mr. Peters acknowledge that both films were not approved by Paramount or CBS, and that both works crossed boundaries acceptable to CBS and Paramount relating to copyright law." Peters' Axanar video and script, which feature such arguably copyrighted elements as Vulcan ears, the Klingon language and an obscure character from a 1969 episode, sparked a lawsuit in December 2015. The litigation then proceeded at warp speed with the case almost making it to trial in just 13 months, an amazingly brisk pace by typical standards. When Axanar comes out, it will look different. "Axanar and Mr. Peters have agreed to make substantial changes to Axanar to resolve this litigation, and have also assured the copyright holders that any future Star Trek fan films produced by Axanar or Mr. Peters will be in accordance with the 'Guidelines for Fan Films' distributed by CBS and Paramount in June 2016," states the parties' joint announcement of a settlement.
AT&T

Second Time In 9 Months: AT&T Raises Phone Activation Fee $5, Now Charges $25 (arstechnica.com) 64

For the second time in 9 months, ATT is raising its activation and upgrade fee. In April 2016, the fee for non-contract customers was raised from $15 to $20. Today, it has been raised another $5, from $20 to $25, according to PhoneScoop. Ars Technica reports: As the mobile carrier switched from contracts to device payment plans, ATT initially did not charge an activation and upgrade fee for customers who brought their own phone or bought one from ATT on an installment plan. But in July 2015, ATT started charging a $15 activation fee to customers who don't sign two-year contracts. (ATT also raised the activation/upgrade fee for contract customers from $40 to $45 in July 2015.) The $25 fee is charged for new activations or upgrades when customers purchase devices on installment agreements, ATT says. Customers who bring their own phone to the network are charged the $25 fee when they activate a new line of service, but not when they upgrade phones on an existing line. "We are making a minor adjustment to our activation and upgrade fees. The change is effective today," ATT told Ars. ATT also still charges the $45 activation and upgrade fee on two-year contracts, but those contracts are "available only on select devices."
Communications

Jay Z's Tidal Music Streaming Service Is Fraudulently Inflating Subscriber Numbers, Report Says (digitalmusicnews.com) 32

A new report published by Markus Tobiassen and Kjetil Saeter of Norwegian publication Dagens Naeringsliv is accusing Jay Z's Tidal music streaming service of fabricating their subscriber numbers by creating fake accounts and lying to the media and partners. The company claims to have more than 3 million paying subscribers with more than half of those paying $20-a-month. Digital News Music reports: Tobiassen and Saeter interviewed staffers at TIDAL, as well as partners and confidential sources. And the information that came back was pretty damning. "When 16 of the world's biggest pop stars, one a convicted cocaine smuggler and a former Israeli intelligence officer was not able to obtain enough customers to Jay Z's Tidal, the company began to inflate subscription numbers," the report alleges. DMN spoke this morning with Tobiassen, who offered a translation of the report. "On March 30th of last year, Tidal issued a press release stating that the company had reached 'three million members,'" the report states. "The news story reported worldwide was that Tidal had three million paying subscribers. Tidal also specified to online newspaper The Verge that this figure did not include trial subscribers. This was the last time Tidal reported a total number of subscribers to the public." The only problem with that? "In April 2016, one month after the press release issued by the company claiming three million members, Tidal made payments to the record labels for around 850,000 subscribers. The figure reported internally by Tidal in April is 1.2 million subscribers." The report further states that Tidal itself reported a figure of 1.1 million to the major record labels in late 2016. In other words, nowhere near the numbers reported to media outlets like Digital Music News and Verge.
Businesses

Uber Hires Former Google Search Chief Amit Singhal As SVP of Engineering (techcrunch.com) 26

The former Senior Vice President of Search and employee number 176 at Google has joined the ride-hailing company Uber as SVP of Engineering. TechCrunch is reporting that "Singhal will be heading up the Maps and Marketplace departments at Uber, while also advising CEO Travis Kalanick and Uber VP of Engineering and Otto co-founder Anthony Levandowski on their efforts to build out the company's self-driving technology." From the report: The last time we in tech news circles heard from Singhal, he was saying goodbye after a 15-year career at Google, in a farewell letter that felt a lot like a retirement announcement. Singhal wrote that he was leaving to "see what kind of impact [he could] make philanthropically" and to"spend more time with [his] family," in an effort to "define [his] next fifteen years." Now, a little under a year later, Singhal is back in an executive role -- this time at a much younger company, but still at one of the most influential technology firms in the world. So how did Singhal get from there to here? Well, for starters, Singhal did throw himself into philanthropic pursuits, focusing on the Singhal Foundation established by him and his wife Shipa, which aims to deliver access to high quality education for kids who normally wouldn't be able to attend top schools, and which began with a focus on the city of Jodhpur, in India. Singhal met Travis Kalanick through a mutual friend, which sparked a series of conversations between the search expert and the famous founder about Uber, its goals and its technical challenges. The combination of the scope of both Uber's potential impact, and the extent of the engineering hurdles it faces in achieving its aims were what drew Singhal in; he is, after all, a true engineer at heart, and mountainous technical challenges attract skilled engineers like nothing else. "This company is not only doing things that are amazing, this company also has some of the toughest computer science challenges that I have seen in my career of 25 years," Singhal told me. "Those computer science challenges for a computer science geek are just intriguing -- you give a geek a puzzle, they can't drop it; they need to solve the puzzle. That's how it felt to me."
Education

New Senate Bill Would Give US Grads Preference In Receiving H-1B Visas (computerworld.com) 213

dcblogs quotes a report from Computerworld: A new bill in Congress would give foreign students who graduate from U.S. schools priority in getting an H-1B visa. The legislation also "explicitly prohibits" the replacement of American workers by visa holders. This bill, the H-1B and L-1 Visa Reform Act, was announced Thursday by its co-sponsors, U.S. Senators Chuck Grassley (R-Iowa) and Sen. Dick Durbin (D-Ill.), longtime allies on H-1B reform. Grassley is chairman of the Senate Judiciary Committee, which gives this bill an immediate big leg up in the legislative process. This legislation would end the annual random distribution, via a lottery, of H-1B visas, and replace it with a system to give priority to certain types of students. Foreign nationals in the best position to get one of the 85,000 H-1B visas issued annually will have earned an advanced degree from a U.S. school, have a well-paying job offer, and have preferred skills. The specific skills weren't identified, but will likely be STEM-related. "Congress created these programs to complement America's high-skilled workforce, not replace it," said Grassley, in a statement. "Unfortunately, some companies are trying to exploit the programs by cutting American workers for cheaper labor."
AI

Elite Scientists Have Told the Pentagon That AI Won't Threaten Humanity (vice.com) 144

An anonymous reader quotes a report from Motherboard: A new report authored by a group of independent U.S. scientists advising the U.S. Dept. of Defense (DoD) on artificial intelligence (AI) claims that perceived existential threats to humanity posed by the technology, such as drones seen by the public as killer robots, are at best "uninformed." Still, the scientists acknowledge that AI will be integral to most future DoD systems and platforms, but AI that could act like a human "is at most a small part of AI's relevance to the DoD mission." Instead, a key application area of AI for the DoD is in augmenting human performance. Perspectives on Research in Artificial Intelligence and Artificial General Intelligence Relevant to DoD, first reported by Steven Aftergood at the Federation of American Scientists, has been researched and written by scientists belonging to JASON, the historically secretive organization that counsels the U.S. government on scientific matters. Outlining the potential use cases of AI for the DoD, the JASON scientists make sure to point out that the growing public suspicion of AI is "not always based on fact," especially when it comes to military technologies. Highlighting SpaceX boss Elon Musk's opinion that AI "is our biggest existential threat" as an example of this, the report argues that these purported threats "do not align with the most rapidly advancing current research directions of AI as a field, but rather spring from dire predictions about one small area of research within AI, Artificial General Intelligence (AGI)." AGI, as the report describes, is the pursuit of developing machines that are capable of long-term decision making and intent, i.e. thinking and acting like a real human. "On account of this specific goal, AGI has high visibility, disproportionate to its size or present level of success," the researchers say.
Encryption

Lavabit Is Relaunching (theintercept.com) 51

The encrypted email service once used by whistleblower Edward Snowden is relaunching today. Ladar Levison, the founder of the encrypted email service Lavabit, announced on Friday that he's relaunching the service with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. In addition, he's also announcing plans to roll out end-to-end encryption later this year. The Intercept provides some backstory in its report: In 2013, [Levison] took the defiant step of shutting down the company's service rather than comply with a federal law enforcement request that could compromise its customers' communications. The FBI had sought access to the email account of one of Lavabit's most prominent users -- Edward Snowden. Levison had custody of his service's SSL encryption key that could help the government obtain Snowden's password. And though the feds insisted they were only after Snowden's account, the key would have helped them obtain the credentials for other users as well. Lavabit had 410,000 user accounts at the time. Rather than undermine the trust and privacy of his users, Levison ended the company's email service entirely, preventing the feds from getting access to emails stored on his servers. But the company's users lost access to their accounts as well. Levison, who became a hero of the privacy community for his tough stance, has spent the last three years trying to ensure he'll never have to help the feds break into customer accounts again. "The SSL key was our biggest threat," he says.
Businesses

Apple Sues Qualcomm For Roughly $1 Billion Over Royalties (cnbc.com) 51

An anonymous reader quotes a report from CNBC: Apple is suing Qualcomm for roughly $1 billion, saying Qualcomm has been "charging royalties for technologies they have nothing to do with." The suit follows the U.S. Federal Trade Commission's lawsuit against Qualcomm earlier this week over unfair patent licensing practices. Apple says that Qualcomm has taken "radical steps," including "withholding nearly $1 billion in payments from Apple as retaliation for responding truthfully to law enforcement agencies investigating them." Apple added, "Despite being just one of over a dozen companies who contributed to basic cellular standards, Qualcomm insists on charging Apple at least five times more in payments than all the other cellular patent licensors we have agreements with combined." Apple also alleges that once it began cooperating with Korean authorities' antitrust investigation of Qualcomm, the company withheld $1 billion in retaliation. Korean regulators fined Qualcomm $854 million for unfair trade practices in December.
AT&T

Despite Glitches, AT&T's DirecTV Now Hits 200,000 Subscribers in Its First Month (techcrunch.com) 25

AT&T's new live TV streaming service DirecTV Now has been off to a shaky start in terms of performance, but that hasn't stemmed the flow of sign-ups, AT&T reports. The company said the service added more than 200,000 subscribers in its first month of operations. From a report on TechCrunch: These details were included in an SEC filing for the quarter ending on December 31, 2016. DirecTV Now launched on November 30, 2016. The filing also notes the additions only include paying customers. To be clear, there's no free tier for DirecTV Now, but the company has been offering free trials so customers can kick the tires before committing to a subscription plan. Of course, it's not entirely surprising that DirecTV Now was able to gain so many customers in such a short period of time. On paper, at least, the service sounds compelling.
Android

Galaxy S7 Display Defaults To Full HD After Nougat Update, But You Can Switch Back (androidcentral.com) 20

An anonymous reader writes: Samsung's new display scaling options change the default resolution of the Galaxy S7 and S7 edge. The Nougat update to the Galaxy S7 and S7 edge introduces a new display scaling option that lets you reduce the screen resolution as a way to conserve battery life. With the update, you can now choose between three modes -- WQHD (2560x1440), FHD (1920x1080), and HD (1280x720). While it's a nifty feature to have, the display on the Galaxy S7 and S7 edge is automatically defaulting to Full HD for those that have installed the update. Fortunately, you can easily switch back to the native Quad HD resolution by navigating to Settings -> Display.
Windows

Microsoft Targets Chrome Users With Windows 10 Pop-up Ad (pcmag.com) 160

Google Chrome users on Windows 10 are apparently being treated to a new experience: a pop-up ad. From a PCMag report: If you have Chrome installed and the icon present on the Windows Taskbar, chances are you're going to start seeing a pop-up advert appear suggesting you install Microsoft's Personal Shopping Assistant Chrome extension. Microsoft touts it as "Your smart shopping cart across the web." Opting to install the extension results in Microsoft monitoring which products you've searched for and viewed while using Chrome, and then offering to compare those products to find the best price. There's also alerts when prices change, and the ability to track products across all your devices. Of course, Microsoft will make money if you opt to purchase any products using the Assistant.

Slashdot Top Deals