Massive DDOS Attacks Are Now Targeting Google, Amazon, and the NRA ( 121

PC Magazine reports: A new way to amplify DDoS attacks has been spotted harassing Google, Amazon, Pornhub and even the National Rifle Association's main website after striking Github last week. The attacks, which exploit vulnerable "memcached servers," have been trying to hose down scores of new targets with a flood of internet traffic, according to Chinese security firm Qihoo 360... Github was the first high-profile victim and suffered a 1.35 Tbps assault -- or what was then the biggest DDoS attack on record. But days later, an unnamed U.S. service provider fended off a separate assault, which measured at 1.7 Tbps. Unfortunately, the amplified DDoS attacks haven't stopped. They've gone on to strike over 7,000 unique IP addresses in the last seven days, Qihoo 360 said in a blog post... Gaming sites including,, and have been among those hit...

The security community is also steadily addressing the linchpin to all the assaults: the vulnerable memcached servers. About 100,000 of these online storage systems were publicly exposed over a week ago. But the server owners have since patched or firewalled about 60,000 of them, Radware security researcher Daniel Smith said. That leaves 40,000 servers open to exploitation. Smith points to how the coding behind the attack technique has started to circulate online through free tools and scripts.

Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating: "The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization."

SgxSpectre Attack Can Extract Data From Intel SGX Enclaves ( 28

An anonymous reader quotes BleepingComputer: A new variation of the Spectre attack has been revealed this week by six scientists from the Ohio State University. Named SgxSpectre, researchers say this attack can extract information from Intel SGX enclaves. Intel Software Guard eXtensions (SGX) is a feature of modern Intel processors that allow an application to create so-called enclaves. This enclave is a hardware-isolated section of the CPU's processing memory where applications can run operations that deal with extremely sensitive details, such as encryption keys, passwords, user data, and more... Neither Meltdown and Spectre were able to extract data from SGX enclaves. This is where SgxSpectre comes in.

According to researchers, SgxSpectre works because of specific code patterns in software libraries that allow developers to implement SGX support into their apps. Vulnerable SGX development kits include the Intel SGX SDK, Rust-SGX, and Graphene-SGX. Academics say an attacker can leverage the repetitive code execution patterns that these SDKs introduce in SGX enclaves and watch for small variations of cache size. This allows for side-channel attacks that allow a threat actor to infer and slowly recover data from secure enclaves.

Intel's recent Spectre patches don't necessarily help, as an attacker can work around these fixes. Intel says an update for the Intel SGX SDK that adds SgxSpectre mitigations will be released on March 16. Apps that implement Google's Retpoline anti-Spectre coding techniques are safe, researchers say.


Project Gutenberg Blocks German Users After Outrageous Court Ruling ( 265

Slashdot reader David Rothman writes: The oldest public domain publisher in the world, Project Gutenberg, has blocked German users after an outrageous legal ruling saying this American nonprofit must obey German copyright law... Imagine the technical issues for fragile, cash-strapped public domain organizations -- worrying not only about updated databases covering all the world's countries, but also applying the results to distribution. TeleRead carries two views on the German case involving a Holtzbrinck subsidiary...

Significantly, older books provide just a tiny fraction of the revenue of megaconglomerates like Holtzbrinck but are essential to students of literature and indeed to students in general. What's more, as illustrated by the Sonny Bono Copyright Term Extension Act in the U.S., copyright law in most countries tends to reflect the wishes and power of lobbyists more than it does the commonweal. Ideally the travails of Project Gutenberg will encourage tech companies, students, teachers, librarians and others to step up their efforts against oppressive copyright laws. While writers and publishers deserve fair compensation, let's focus more on the needs of living creators and less on the estates of authors dead for many decades. The three authors involved in the German case are Heinrich Mann (died in 1950), Thomas Mann (1955) and Alfred Döblin (1957).

One solution in the U.S. and elsewhere for modern creators would be national library endowments... Meanwhile, it would be very fitting for Google and other deep-pocketed corporations with an interest in a global Internet and more balanced copyright to help Gutenberg finance its battle. Law schools, other academics, educators and librarians should also offer assistance.


FCC Accuses Stealthy Startup of Launching Rogue Satellites 128

Back in January, the FCC pulled permission from Silicon Valley startup Swarm Technologies to launch four satellites into space after what it says was an "apparent unauthorized launch." IEEE Spectrum reports that the unauthorized launch consisted of four experimental satellites that the FCC had decided were too small to be noticed in space -- and hence pose an unacceptable risk of collision -- but which the company may have launched anyway, using a rocket based in India. The federal regulator has since issued a letter to Swarm revoking its authorization for a follow-up mission to launch four new, larger versions of its "SpaceBee" satellites. From the report: Swarm was founded in 2016 by one engineer who developed a spacecraft concept for Google and another who sold his previous company to Apple. The SpaceBees were built as technology demonstrators for a new space-based Internet of Things communications network. Swarm believes its network could enable satellite communications for orders of magnitude less cost than existing options. It envisages the worldwide tracking of ships and cars, new agricultural technologies, and low cost connectivity for humanitarian efforts anywhere in the world. The four SpaceBees would be the first practical demonstration of Swarm's prototype hardware and cutting-edge algorithms, swapping data with ground stations for up to eight years.
The FCC told the startup that the agency would assess "the impact of the applicant's apparent unauthorized launch and operation of four satellites... on its qualifications to be a Commission licensee." If Swarm cannot convince the FCC otherwise, the startup could lose permission to build its revolutionary network before the wider world even knows the company exists. An unauthorized launch would also call into question the ability of secondary satellite "ride-share" companies and foreign launch providers to comply with U.S. space regulations.

Android Beats iOS In Smartphone Loyalty, Study Finds 145

Android users don't appear to be switching to the iPhone like they used to. According to a new study from Consumer Intelligence Research Partners (CIRP), Android users have higher loyalty than iOS users do. "The research firm found that Android brand loyalty has been remaining steadily high since early 2016, and remains at the highest levels ever seen," reports TechCrunch. From the report: Today, Android has a 91 percent loyalty rate, compared with 86 percent for iOS, measured as the percentage of U.S. customers who stayed with their operating system when they upgraded their phone in 2017. From January 2016 through December 2017, Android loyalty ranged from 89 to 91 percent (ending at 91 percent), while iOS loyalty was several percentage points lower, ranging from 85 to 88 percent. Explains Mike Levin, partner and co-founder of CIRP, users have pretty much settled on their brand of choice at this point. "With only two mobile operating systems at this point, it appears users now pick one, learn it, invest in apps and storage, and stick with it. Now, Apple and Google need to figure out how to sell products and services to these loyal customer bases," he said. It's worth noting that Android hasn't always led in user loyalty as it does now. CIRP has been tracking these metrics for years, and things used to be the other way around.

YouTube Is Full of Easy-To-Find Neo-Nazi Propaganda ( 378

An anonymous reader quotes an exclusive report from Motherboard: Through a software-aided investigation, Motherboard has found that while YouTube has managed to clamp down on Islamic extremists uploading propaganda, the video giant is still awash with videos supporting violent and established neo-Nazi organizations, even when, in some cases, users have reported the offending videos. Clips of neo-Nazi propaganda operations, hate-filled speeches, and extremists pushing for direct action have remained on the site for weeks, months, or years at a time. Arguably, many if not all of these videos may fall under YouTube's own policy on hate speech, which "refers to content that promotes violence against or has the primary purpose of inciting hatred against individuals or groups based on certain attributes," including race or ethnic origin, religion, and sexual orientation, according to the policy.

Motherboard built a tool to monitor YouTube and make a record of when the platform removed certain videos, and limited the clips to propaganda for established neo-Nazi and far-right terrorist organizations like Atomwaffen, rather than people in the so-called "alt-right." Most of the videos were discovered through simple YouTube searches of relevant organizations' names, or sometimes through the "recommended videos" sidebar after Motherboard had built up a browsing history of neo-Nazi material. For the sake of comparison, over a week-long period Motherboard also tracked pro-ISIS videos uploaded by the group's supporters and then distributed through a network of Telegram channels. Typically, YouTube removed these Islamic extremism videos in a matter of hours, including those that did not contain images of violence, but were instead speeches or other not directly violent content. But YouTube is playing catch up with neo-Nazi material. YouTube removed only two videos that Motherboard was monitoring: two identical clips of a speech from UK terrorist organization National Action.


China's Alibaba is Investing Huge Sums in AI Research and Resources -- and It Is Building Tools To Challenge Google and Amazon ( 30

Alibaba is already using AI and machine learning to optimize its supply chain, personalize recommendations, and build products like Tmall Genie, a home device similar to the Amazon Echo. China's two other tech supergiants, Tencent and Baidu, are likewise pouring money into AI research. The government plans to build an AI industry worth around $150 billion by 2030 and has called on the country's researchers to dominate the field by then. But Alibaba's ambition is to be the leader in providing cloud-based AI. From a report: Like cloud storage (think Dropbox) or cloud computing (Amazon Web Services), cloud AI will make powerful resources cheaply and readily available to anyone with a computer and an internet connection, enabling new kinds of businesses to grow. The real race in AI between China and the US, then, will be one between the two countries' big cloud companies, which will vie to be the provider of choice for companies and cities that want to make use of AI. And if Alibaba is anything to go by, China's tech giants are ready to compete with Google, Amazon, IBM, and Microsoft to serve up AI on tap. Which company dominates this industry will have a huge say in how AI evolves and how it is used.

[...] There have been other glimpses of Alibaba's progress in AI lately. Last month a research team at the company released an AI program capable of reading a piece of text, and answering simple questions about that text, more accurately than anything ever built before. The text was in English, not Chinese, because the program was trained on the Stanford Question Answering Dataset (SQuAD), a benchmark used to test computerized question-and-answer systems. [...] One advantage China's tech companies have over their Western counterparts is the government's commitment to AI. Smart cities that use the kind of technology found in Shanghai's metro kiosks are likely to be in the country's future. One of Alibaba's cloud AI tools is a suite called City Brain, designed for tasks like managing traffic data and analyzing footage from city video cameras.


Comcast's Protected Browsing Is Blocking PayPal, Steam and TorrentFreak, Customers Say ( 82

Comcast's Xfinity internet customers have been reporting multiple websites, including PayPal, Steam, and TorrentFreak have been getting blocked by the ISP's "protected browsing" setting. From a report: The "protected browsing" setting is designed to "reduce the risk of accessing known sources of malware, spyware, and phishing for all devices connected to your home network." This, in general, isn't a bad thing. It's similar to Google Chrome's security settings that warn you when you have an insecure connection. But it's odd that Xfinity's security setting would be blocking perfectly harmless sites like PayPal. Multiple consumers have been reporting on Comcast's forums and elsewhere that they've been blocked while trying to access sites that many people use every day. After posting about it on the forums, one user who said they couldn't access PayPal said the problem with that particular site had been fixed. Further reading: Comcast's Protected Browsing Blocks TorrentFreak as "Suspicious" Site (TorrentFreak).

Can the Most Contentious Piece of the Web Form the Basis of a New Standard? Inside Google's Plan To Make the Whole Web as Fast as AMP ( 59

Dieter Bohn, writing for The Verge: In a blog post today, Google is announcing that it's formally embarking on a project to convince the group in charge of web standards to adopt technology inspired by its Accelerated Mobile Pages (AMP) framework. In theory, it would mean that virtually any webpage could gain the same benefits as AMP: near-instantaneous loading, distribution on multiple platforms, and (critically) more prominent placement on Google properties. This is important, a little tricky to understand, and critical to how the web and Google interact in the future. In many ways, Google's success or failure in this endeavor will play a major role in shaping how the web works on your phone.

[...] By creating AMP, Google blithely walked right into the center of a thicket comprised of developers concerned about the future of the web. Publishers are worried about ceding too much control of their distribution to gigantic tech companies, and all of the above are worried that Google is not so much a steward of the web but rather its nefarious puppet master. The whole situation is slightly frustrating to David Besbris, VP of search engineering at Google. Earlier this week, I went to Mountain View to talk with Besbris and Malte Ubl, engineering lead for AMP. "This is honestly a fairly altruistic project from our perspective," says Besbris. "It wasn't like we invented AMP because we wanted to control everything, like people assume," he says. Instead, he argues, go back and look at how dire the state of the mobile web was a few years ago, before AMP's inception.


Android P Drops Support For Nexus Phones, Pixel Tablet ( 86

Google has launched the first developer preview of Android P, the company's new mobile operating system that brings new features and improvements over Android Oreo. Unfortunately, developers will only have a small set of blessed hardware to choose from with Android P: the Pixel, Pixel XL, Pixel 2, and Pixel 2 XL. Google's Nexus smartphones and Pixel C tablet will not get Android P when it's fully released. The Verge reports: Eventually, Android P will ship on new phones from other manufacturers, along with the handful of handsets that third-parties bother to update, but there are a couple Android mainstays that won't get to enjoy this marvelous future: Google's Nexus 5X and Nexus 6P phones, and the oft-forgotten Pixel C tablet. As Ars Technica confirmed with Google, those devices won't be getting Android P when it's released fully. Also, as Android Police notes, there's no Developer Preview image for the Nexus Player, which came out in 2014, so it might be done getting updates as well. It's 2018, and we're beyond the two years of major OS update support these devices were promised, so this isn't hugely surprising. All three devices will continue to get monthly security updates through at least November of this year, but they'll remain stuck on Android 8.1 for an underlying OS as far as official Google updates go.

Google Launches First Android P Developer Preview ( 42

Google today launched the first Android P developer preview, available for download now at From a report: The preview includes an updated SDK with system images for the Pixel, Pixel XL, Pixel 2, Pixel 2 XL, and the official Android Emulator. Unlike last year, there is no emulator for testing Android Wear on Android P.

[...] Today's preview includes the following new APIs and features (but you can expect much more; this is just the first preview, after all): Display cutout support; HDR VP9 Video, HEIF image compression, and Media APIs; HEIF (heic) images encoding has been added to the platform; multi-camera API; ImageDecoder for bitmaps and drawables; Improved messaging notifications; Data cost sensitivity in JobScheduler; indoor positioning with Wi-Fi RTT: Platform support for the IEEE 802.11mc WiFi protocol -- also known as WiFi Round-Trip-Time (RTT) -- lets you take advantage of indoor positioning in your apps.
Other features and their descriptions are listed here.

Chrome 65 Arrives With Material Design Extensions Page, New Developer Features ( 34

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 65 for Windows, Mac, Linux, and Android. Additions in this release include Material Design changes and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from Chrome 65 comes with a few visual changes. The most obvious is related to Google's Material Design mantra. The extensions page has been completely revamped to follow it. Next up, Chrome 65 replaces the Email Page Location link in Chrome for Mac's File menu with a Share submenu. As you might expect, Mac users can use this submenu to share the URL of a current tab via installed macOS Share Extensions. Speaking of Macs, Chrome 65 is also the last release for OS X 10.9 users. Chrome 66 will require OS X 10.10 or later. Moving on to developer features, Chrome 65 includes the CSS Paint API, which allows developers to programmatically generate an image, and the Server Timing API, which allows web servers to provide performance timing information via HTTP headers.

Google Lens Is Coming To All Android Phones Running Google Photos ( 57

Google announced that Google Lens, a machine learning-powered image analyzer, will be rolling out to more Android devices and make an appearance on iOS. "This means users will be able to scan things through the app to receive information, like a dog's breed or a flower type," reports The Verge. Some phones will also be able to access Lens through the Google Assistant too, including flagships from Samsung, Huawei, LG, Motorola, Sony, and HMD / Nokia. "Google says Lens is rolling out in batches, so you might not get the update right away," reports The Verge.

Google Is Selling Off Zagat ( 33

An anonymous reader quotes a report from TechCrunch: Seven years after picking up Zagat for $151 million, Google is selling off the perennial restaurant recommendation service. The New York Times is reporting this morning that the technology giant is selling off the company to The Infatuation, a review site founded nine years back by former music execs. The company had been rumored to be courting a buyer since early this year. As Reuters noted at the time, Zagat has increasingly become less of a focus for Google, as the company began growing its database of restaurant recommendations organically. Zagat, meanwhile, has lost much of the shine it had when Google purchased it nearly a decade ago. The Infatuation, which uses an in-house team of reviewers to write up restaurants in major cities like New York, San Francisco, Los Angeles and London, is picking up the service for an undisclosed amount. The site clearly believes there's value left in the Zagat brand, even as the business of online reviews has changed significantly in the seven years sinceGoogle picked it up.

Google Is Helping the Pentagon Build AI for Drones ( 95

Google has partnered with the United States Department of Defense to help the agency develop artificial intelligence for analyzing drone footage, a move that set off a firestorm among employees of the technology giant when they learned of Google's involvement, Gizmodo reported on Tuesday. From the report: Google's pilot project with the Defense Department's Project Maven, an effort to identify objects in drone footage, has not been previously reported, but it was discussed widely within the company last week when information about the project was shared on an internal mailing list, according to sources who asked not to be named because they were not authorized to speak publicly about the project. Some Google employees were outraged that the company would offer resources to the military for surveillance technology involved in drone operations, sources said, while others argued that the project raised important ethical questions about the development and use of machine learning.

Chrome On Windows Ditches Microsoft's Compiler, Now Uses Clang ( 94

An anonymous reader quotes a report from Ars Technica: Google's Chrome browser is now built using the Clang compiler on Windows. Previously built using the Microsoft C++ compiler, Google is now using the same compiler for Windows, macOS, Linux, and Android, and the switch makes Chrome arguably the first major software project to use Clang on Windows. Chrome on macOS and Linux has long been built using the Clang compiler and the LLVM toolchain. The open-source compiler is the compiler of choice on macOS, making it the natural option there, and it's also a first-class choice for Linux; though the venerable GCC is still the primary compiler choice on Linux, by using Clang instead, Google ensured that it has only one set of compiler quirks and oddities to work with rather than two. But Chrome on Windows has instead used Microsoft's Visual C++ compiler. The Visual C++ compiler is the best-supported, most widely used compiler on Windows and, critically, is the compiler with the best support for Windows' wide range of debugging and diagnostic tools. The Visual Studio debugger is widely loved by the C++ community, and other tools, such as the WinDbg debugger (often used for analyzing crash dumps), are core parts of the Windows developer experience.

Europe Plans Special Tax For Google, Apple, Facebook, and Amazon ( 253

An anonymous reader quotes a report from The Register: Bruno Le Maire, France's minister for the economy, has revealed that a plan to levy a special tax on Google, Apple, Facebook, and Amazon will soon be revealed by European authorities. Le Maire told French newspaper Le Journal du Dimanche "A European directive will be unveiled in the coming weeks, the minister reveals, and it will mark a considerable step forward." The minister told the paper that a tax of between two and six per cent has been considered, with the proposal to be "closer to two than six." The proposed tax will be levied on the four companies' turnover, rather than profits. Taxing turnover is hoped to offer a simple way to tax the companies, as all use legal-but-cynical ways to minimize their taxable income. Le Maire added that a turnover tax is seen as being quick to implement and that the four companies know they're going to have to pay more tax in Europe, so may be amenable to such an arrangement.

Spotify Is Cracking Down On Users Pirating Premium-Like Service ( 83

People who access Spotify using hacked apps that remove some of the restrictions placed on free accounts are receiving warning emails from the company. Noting that "abnormal activity" has been observed from the user's software, Spotify warns that future breaches could result in suspension or even termination of a user's account. TorrentFreak reports: "We detected abnormal activity on the app you are using so we have disabled it. Don't worry -- your Spotify account is safe," the email from Spotify reads. "To access your Spotify account, simply uninstall any unauthorized or modified version of Spotify and download and install the Spotify app from the official Google Play Store. If you need more help, please see our support article on Reinstalling Spotify." While the email signs off with a note thanking the recipient for being a Spotify user, there is also a warning. "If we detect repeated use of unauthorized apps in violation of our terms, we reserve all rights, including suspending or terminating your account," Spotify writes.

Google Unveils 72-Qubit Quantum Computer With Low Error Rates ( 76

An anonymous reader quotes a report from Tom's Hardware: Google announced a 72-qubit universal quantum computer that promises the same low error rates the company saw in its first 9-qubit quantum computer. Google believes that this quantum computer, called Bristlecone, will be able to bring us to an age of quantum supremacy. In a recent announcement, Google said: "If a quantum processor can be operated with low enough error, it would be able to outperform a classical supercomputer on a well-defined computer science problem, an achievement known as quantum supremacy. These random circuits must be large in both number of qubits as well as computational length (depth). Although no one has achieved this goal yet, we calculate quantum supremacy can be comfortably demonstrated with 49 qubits, a circuit depth exceeding 40, and a two-qubit error below 0.5%. We believe the experimental demonstration of a quantum processor outperforming a supercomputer would be a watershed moment for our field, and remains one of our key objectives."

According to Google, a minimum error rate for quantum computers needs to be in the range of less than 1%, coupled with close to 100 qubits. Google seems to have achieved this so far with 72-qubit Bristlecone and its 1% error rate for readout, 0.1% for single-qubit gates, and 0.6% for two-qubit gates. Quantum computers will begin to become highly useful in solving real-world problems when we can achieve error rates of 0.1-1% coupled with hundreds of thousand to millions of qubits. According to Google, an ideal quantum computer would have at least hundreds of millions of qubits and an error rate lower than 0.01%. That may take several decades to achieve, even if we assume a "Moore's Law" of some kind for quantum computers (which so far seems to exist, seeing the progress of both Google and IBM in the past few years, as well as D-Wave).


Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X For The Feds ( 106

Thomas Fox-Brewster, reporting for Forbes: Just a week after Forbes reported on the claim of Israeli U.S. government manufacturer Cellebrite that it could unlock the latest Apple iPhone models, another service has emerged promising much the same. Except this time it comes from an unkown entity, an obscure American startup named Grayshift, which appears to be run by long-time U.S. intelligence agency contractors and an ex-Apple security engineer. In recent weeks, its marketing materials have been disseminated around private online police and forensics groups, offering a $15,000 iPhone unlock tool named GrayKey, which permits 300 uses. That's for the online mode that requires constant connectivity at the customer end, whilst an offline version costs $30,000. The latter comes with unlimited uses. Another ad showed Grayshift claiming to be able to unlock iPhones running iOS 10 and 11, with iOS 9 support coming soon. It also claims to work on the latest Apple hardware, up to the iPhone 8 and X models released just last year. In a post from one private Google group, handed to Forbes by a source who asked to remain anonymous, the writer indicated they'd been demoed the technology and that it had opened an iPhone X.

Slashdot Top Deals