Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Bitcoin Can Be Bought With Cash At Swiss Railway Ticket Machines ( 59

In what is seen as a move that could help boost the spread of Bitcoin, the cryptocurrency will be available to purchase from Swiss railway ticket machines starting next month. Reader Mickeycaskill writes: Swiss Federal Railways (SBB) has more than 1,000 ticket machines and has partnered with regulated financial intermediary SweePay to distribute Bitcoin. Customers need to select mobile top up on the machines, scan the QR code on their Bitcoin digital wallet and enter the number of Swiss Francs, up to 500 CHF, in to the machine, confirm the offer of Bitcoins they receive then identify themselves using a mobile number and a security code sent to their smartphone. While the machine can pay out Bitcoin, for the time being, it will not accept payments made with the cryptocurrency. Furthermore, credit card cannot be used with the machines to buy Bitcoins, SBB is effectively providing a way to swap local currency for a digital version that can be used anywhere around the world, thereby bypassing unfavourable exchange rates"From 11 November 2016, customers will be able to obtain Bitcoin at all SBB ticket machines. Until now, there have only been limited opportunities to purchase Bitcoin in Switzerland," the company was quoted as saying.

Canadian Police Are Texting Potential Murder Witnesses ( 118

On Thursday, the Ontario Provincial Police (OPP) will send text messages to anybody who was in the vicinity of a murder in the hopes that one of them will have information that can help catch the culprit. One of the recipients may even be the killer. Others may wonder how the police obtained their phone number in the first place, or knew where they were on the day in question. From a Motherboard report: The OPP is ramping up its efforts to find the murderer of 65-year-old hitchhiker John Hatch, who was found dead near Erin, Ontario, on December 17, 2015. He was last seen alive the day before, outside Ottawa. Now, the OPP has announced what it's describing as a "new investigative technique" for the force: obtaining the phone numbers of everyone who was in the area where and when Hatch was last seen alive, via a court order, and sending each person a text message directing them to a police website. If they follow those instructions, they'll be asked a series of online questions. According to digital privacy lawyer David Fraser, this technique is known as a "tower dump" -- essentially asking telecom companies for information about everyone who connected to a certain cellphone tower, at a given time. If the police plan on using this technique again, its future uses could have unintended effects, Frasier said.

Verizon Says Yahoo Name Isn't Going Away ( 27

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: "The deal makes strategic sense," said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acquisition. "We won't jump off of a cliff blindly." She continues to believe there's value in the Yahoo name, noting that it won't go away if Verizon completes its acquisition. Brands like Yahoo Mail and Yahoo Finance still draw plenty of eyeballs, and offer the kind of audience that Verizon and AOL lack, she said during a keynote session at The Wall Street Journal Digital conference on Wednesday. Her comments come just weeks after Yahoo disclosed a 2014 breach exposed at least 500 million accounts, making it the worst hack in history. Shortly after, reports found that Yahoo had participated in a government program to sniff user emails, further eroding trust. Verizon said this all had the potential to cause a "material impact" to the deal, which could mean Yahoo takes a reduced price or the deal falls through altogether.

Yahoo Scanning Order Unlikely To Be Made Public: Reuters ( 59

An anonymous reader quotes a report from Reuters: Obama administration officials briefed key congressional staffers last week about a secret court order to Yahoo that prompted it to search all users' incoming emails for a still undisclosed digital signature, but they remain reluctant to discuss the unusual case with a broader audience. Executive branch officials spoke to staff for members of the Senate and House of Representatives committees overseeing intelligence operations and the judiciary, according to people briefed on the events, which followed Reuters' disclosure of the massive search. But attempts by other members of Congress and civil society groups to learn more about the Yahoo order are unlikely to meet with success anytime soon, because its details remain a sensitive national security matter, U.S. officials told Reuters. Release of any declassified version of the order is unlikely in the foreseeable future, the officials said. The decision to keep details of the order secret comes amid mounting pressure on the U.S. government to be more transparent about its data-collection activities ahead of a congressional deadline next year to reauthorize some foreign intelligence authorities. On Tuesday, more than 30 advocacy groups will send a letter to Director of National Intelligence James Clapper asking for declassification of the Yahoo order that led to the search of emails last year in pursuit of data matching a specific digital symbol. The groups say that Title I of the Foreign Intelligence Surveillance Act, under which sources said the order was issued, requires a finding that the target of such a wiretap is probably an agent of a foreign power and that the facility to be tapped is probably going to be used for a transmission. An entire service, such as Yahoo, has never publicly been considered to be a "facility" in such a case: instead, the word usually refers to a phone number or an email account.

Warner Bros Claims Agency Ran Its Own Pirate Movie Site ( 23

Warner Bros Entertainment has sued talent agency Innovative Artists, claiming that the agency ran its own pirate site when it ripped DVD screeners and streamed them to associates via Google servers. TorrentFreak adds: In a lawsuit filed in a California federal court, Warner accuses the agency of effectively setting up its own pirate site, stocked with rips of DVD screeners that should have been kept secure. "Beginning in late 2015, Innovative Artists set up and operated an illegal digital distribution platform that copied movies and then distributed copies and streamed public performances of those movies to numerous people inside and outside of the agency," the complaint reads. "Innovative Artists stocked its platform with copies of Plaintiff's works, including copies that Innovative Artists made by ripping awards consideration 'screener' DVDs that Plaintiff sent to the agency to deliver to one of its clients." Given its position in the industry, Innovative Artists should have known better than to upload content, Warner's lawyers write.

The Phone Hackers At Cellebrite Have Had Their Firmware Leaked Online ( 29

An anonymous reader quotes a report from Motherboard: Cellebrite, an Israeli company that specializes in digital forensics, has dominated the market in helping law enforcement access mobile phones. But one apparent reseller of the company's products is publicly distributing copies of Cellebrite firmware and software for anyone to download. Although Cellebrite keeps it most sensitive capabilities in-house, the leak may still give researchers, or competitors, a chance to figure out how Cellebrite breaks into and analyzes phones by reverse-engineering the files. The apparent reseller distributing the files is McSira Professional Solutions, which, according to its website, "is pleased to serve police, military and security agencies in the E.U. And [sic] in other parts of the world." McSira is hosting software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED), hardware that investigators can use to bypass the security mechanisms of phones, and then extract data from them. McSira allows anyone to download firmware for the UFED Touch, and a PC version called UFED 4PC. It is also hosting pieces of Cellebrite forensic software, such as the UFED Cloud Analyzer. This allows investigators to further scrutinize seized data. McSira is likely offering downloads so customers can update their hardware to the latest version with as little fuss as possible. But it may be possible for researchers to take those files, reverse-engineer them, and gain insight into how Cellebrite's tools work. That may include what sort of exploits Cellebrite uses to bypass the security mechanisms of mobile phones, and weaknesses in the implementation of consumer phones that could be fixed, according to one researcher who has started to examine the files, but was not authorised by his employer to speak to the press about this issue.

AT&T CEO: DirecTV Now Streaming Service Will Cost $35 a Month ( 121

AT&T's upcoming DirecTV Now streaming service is going to cost $35 a month, AT&T CEO Randall Stephenson said during a panel at the Wall Street Journal's WSJD Live conference. The package wlll include over 100 channels, he added. From a Variety report: This price point is a significant departure from the company's previous stance, when it suggested that it would launch a premium product that wasn't looking to undercut existing pay TV services. Stephenson argued that it can afford this lower price point because DirecTV Now doesn't require operator-owned set-top boxes, satellite dishes, and customer service home visits. AT&T is set to launch DirecTV Now next month. The service will include channels from cablers like A+E Networks and Scripps, as well as broadcasters like Fox and NBCUniversal.

China Electronics Firm To Recall Some US Products After Hacking Attack ( 67

An anonymous reader writes:Chinese firm Hangzhou Xiongmai said it will recall some of its products sold in the United States after it was identified by security researchers as having made parts for devices that were targeted in a major hacking attack on Friday. Hackers unleashed a complex attack on the Internet through common devices like webcams and digital recorders, and cut access to some of the world's best known websites in a stunning breach of global internet stability. The electronics components firm, which makes parts for surveillance cameras, said in a statement on its official microblog that it would recall some of its earlier products sold in the United States, strengthen password functions and send users a patch for products made before April last year. It said the biggest issue was users not changing default passwords, adding that, overall, its products were well protected from cyber security breaches. It said reports that its products made up the bulk of those targeted in the attack were false. "Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too," the company statement said.

US Police Consider Flying Drones Armed With Stun Guns ( 163

Slashdot reader Presto Vivace tipped us off to news reports that U.S. police officials are considering the use of flying drones to taser their suspects. From Digital Trends: Talks have recently taken place between police officials and Taser International, a company that makes stun guns and body cameras for use by law enforcement, the Wall Street Journal reported on Thursday. While no decision has yet been made on whether to strap stun guns to remotely controlled quadcopters, Taser spokesman Steve Tuttle said his team were discussing the idea with officials as part of broader talks about "various future concepts."

Tuttle told the Journal that such technology could be deployed in "high-risk scenarios such as terrorist barricades" to incapacitate the suspect rather than kill them outright... However, critics are likely to fear that such a plan would ultimately lead to the police loading up drones with guns and other weapons. Portland police department's Pete Simpson told the Journal that while a Taser drone could be useful in some circumstances, getting the public "to accept an unmanned vehicle that's got some sort of weapon on it might be a hurdle to overcome."

The article points out that there's already a police force in India with flying drones equipped with pepper spray.

John McAfee Thinks North Korea Hacked Dyn, and Iran Hacked the DNC ( 149

"The Dark Web is rife with speculation that North Korea is responsible for the Dyn hack" says John McAfee, according to a new article on CSO: McAfee said they certainly have the capability and if it's true...then forensic analysis will point to either Russia, China, or some group within the U.S. [And] who hacked the Democratic National Committee? McAfee -- in an email exchange and follow up phone call -- said sources within the Dark Web suggest it was Iran, and he absolutely agrees. While Russian hackers get more media attention nowadays, Iranian hackers have had their share... "The Iranians view Trump as a destabilizing force within America," said McAfee. "They would like nothing more than to have Trump as President....

"If all evidence points to the Russians, then, with 100% certainty, it is not the Russians. Anyone who is capable of carrying out a hack of such sophistication is also capable, with far less effort than that involved in the hack, of hiding their tracks or making it appear that the hack came from some other quarter..."

Bruce Schneier writes that "we don't know anything much of anything" about yesterday's massive DDOS attacks. "If I had to guess, though, I don't think it's China. I think it's more likely related to the DDoS attacks against Brian Krebs than the probing attacks against the Internet infrastructure..." Earlier this month Krebs had warned that source code had been released for the massive DDOS attacks he endured in September, "virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices."
Open Source

Blockchain Platform Developed by Banks To Be Open-Source ( 32

A blockchain platform developed by a group that includes more than 70 of the world's biggest financial institutions is making its code publicly available, in what could become the industry standard for the nascent technology, reports Reuters. From the article: The Corda platform has been developed by a consortium brought together by New-York-based financial technology company R3. It represents the biggest shared effort among banks, insurers, fund managers and other players to work on using blockchain technology in the financial markets. Blockchain, which originated in the digital currency bitcoin, works as a web-based transaction-processing and settlement system. It creates a "golden record" of any given set of data that is automatically replicated for all parties in a secure network, eliminating any need for third-party verification. Banks reckon the technology could save them money by making their operations faster, more efficient and more transparent. They are racing to build products using the technology that will generate new revenue, with dozens of patent applications filed for blockchain-based products by Wall Street's top lenders. R3 says it hopes its platform will become the industry standard, although its intention is indeed for firms to build products on top of it.
Operating Systems

Researchers Bypass ASLR Protection On Intel Haswell CPUs ( 72

An anonymous reader writes: "A team of scientists from two U.S. universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research," reports Softpedia. The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory -- the very thing that ASLR protection was meant to hide. While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows. From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing. You can read the research paper, titled "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR," here.

Hillary Clinton's Campaign Creates Way To Make Money From Donald Trump's Tweets ( 331

Hillary Clinton's campaign has created a new fundraising tool called Troll Trump that lets supporters sign up to automatically donate money to the campaign when Donald Trump tweets. Adweek reports: The tool's landing page populates a new Trump tweet each time the site is refreshed to offer a sampling of the candidate's social media style. "Show Donald that his unhinged rhetoric comes at a cost," according to the Clinton campaign's website. "Sign up to donate to Hillary's campaign every time Donald tweets!" The idea was apparently inspired by a tweet by Matt Bellassai, a former BuzzFeed editor and social media star, who made a joke on Twitter threatening to donate to the campaign every time Trump tweets. (When the tool went live, Teddy Goff, a digital strategist with the Clinton campaign, tweeted Bellassai a thank-you.)

Why Your Devices Are Probably Eroding Your Productivity ( 99

University of California, San Francisco neuroscientist Adam Gazzaley and California State University, Dominguez Hills professor emeritus Larry Rosen explain in their book "The Distracted Mind: Ancient Brains in a High Tech World" why people have trouble multitasking, and specifically why one's productivity output is lowered when keeping up with emails, for example. Lesley McClurg writes via KQED Science: When you engage in one task at a time, the prefrontal cortex works in harmony with other parts of the brain, but when you toss in another task it forces the left and right sides of the brain to work independently. The process of splitting our attention usually leads to mistakes. In other words, each time our eyes glance away from our computer monitor to sneak a peak at a text message, the brain takes in new information, which reduces our primary focus. We think the mind can juggle two or three activities successfully at once, but Gazzaley says we woefully overestimate our ability to multitask. In regard to answering emails, McClurg writes: Gazzaley stresses that our tendency to respond immediately to emails and texts hinders high-level thinking. If you're working on a project and you stop to answer an email, the research shows, it will take you nearly a half-hour to get back on task. "When a focused stream of thought is interrupted it needs to be reset," explains Gazzaley. "You can't just press a button and switch back to it. You have to re-engage those thought processes, and recreate all the elements of what you were engaged in. That takes time, and frequently one interruption leads to another." In other words, repetitively switching tasks lowers performance and productivity because your brain can only fully and efficiently focus on one thing at a time. Plus, mounting evidence shows that multitasking could impair the brain's cognitive abilities. Stanford researchers studied the minds of people who regularly engage in several digital communication streams at once. They found that high-tech jugglers struggle to pay attention, recall information, or complete one task at a time. And the habit of multitasking could lower your score on an IQ test, according to researchers at the University of London. The saving grace is that we don't need to ditch technology as "there's a time and place for multitasking," according to Gazzaley. "If you're in the midst of a mundane task that just has to get done, it's probably not detrimental to have your phone nearby or a bunch of tabs open. The distractions may reduce boredom and help you stay engaged. But if you're finishing a business plan, or a high-level writing project, then it's a good idea to set yourself up to stay focused."
The Almighty Buck

Apple is 'Intransigent, Closed and Controlling' Say Banks ( 289

Apple is increasingly trying to get banks to implement its Apple Pay mobile payments solutions, but some banks are avoiding Cupertino giant's offer, saying that the company is "closed and controlling". From a report on Financial Review: Three of Australia's big four banks have described technology giant Apple as being "intransigent, closed and controlling" and accused it of attempting to freeload on their contactless payments infrastructure while slowing innovation in digital wallets. In an increasingly acrimonious dispute, Commonwealth Bank of Australia, National Australia Bank, Westpac Banking Corp and Bendigo and Adelaide Bank are arguing that the engineering of Apple iPhones prevent them from delivering mobile wallets to millions of customers. This is because Apple Pay is the only application that works with the iPhone's "near field communication" (NFC) antenna, which communicates with payment terminals. In their latest, 137-page submission filed with the competition regulator, the banks argue that by locking them out, "Apple is seeking for itself the exclusive use of Australia's existing NFC terminal infrastructure for the making of integrated mobile payments using iOS devices. Yet, this infrastructure was built and paid for by Australian banks and merchants for the benefit of all Australians."
The Internet

Say Hello To Branded Internet Addresses ( 146

On September 29, Google published a new blog which uses .google domain rather the standard .com. It seems the company may have inspired other companies to tout their brand names in the digital realm as well. According to a report on CNET, we have since seen requests for domain names such as .kindle, .apple, .ibm, .canon, and .samsung. And it's not just tech companies that are finding this very attractive, other domain requests include .ford, .delta, .hbo, .mcdonalds, and .nike. From the report: Approval, of course, is just a first step. It's not clear how enthusiastic most companies will be about the new names. So far, Google is the eager beaver. What's fun for Google is a daunting financial commitment to others. A $185,000 application fee and annual $30,000 operation fee will keep mom-and-pop shops away from their own domains. Still, plenty of businesses other than Google see the new domain names as a good investment. Branded domains can add distinction to an internet address, and renting out generic top-level domain (GTLD) names can potentially be a lucrative business. At a January auction, GMO Registry bid $41.5 million to win rights to sell .shop domain names. And in July, Nu Dot Co won .web with a bid of $135 million. Hundreds of new top-level domain names are approved. The single most popular in use is .xyz. Hundreds of new top-level domain names are approved. The single most popular in use is .xyz. Where does all the money go? To a nonprofit organization called ICANN -- the Internet Corporation for Assigned Names and Numbers. The organization oversees internet plumbing on behalf of companies, governments and universities, as well as the general public.

Firefox Users Reach HTTPS Encryption Milestone ( 63

For the first time ever, secure HTTPS encryption was used for over half the pageloads served to Mozilla users, representing a big milestone for encryption. TechCrunch reports on the telemetry data tweeted by the Head of Let's Encrypt: Mozilla, which is one of the organizations backing Let's Encrypt, was reporting that 40% of page views were encrypted as of December 2015. So it's an impressively speedy rise...

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.

The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)." But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).
United States

California City Converts Its Street Lights Into A High-Speed IoT Backbone ( 61

Harvard Law professor Susan Crawford describes how the city of Santa Monica installed its own high-speed IoT backbone on its street lights and traffic signals -- and why it's important. Neutral "micro" cell sites can make very high-capacity wireless transmissions available, competitively, to everyone (and every sensor) nearby. This can and should cause an explosion of options and new opportunities for economic growth, innovation, and human flourishing in general... Very few American cities have carried out this transmogrification, but every single one will need to. Santa a city that will be able to control its future digital destiny, because it is taking a comprehensive, competition-forcing approach to the transmission of data...

Cities that get control of their streetlights and connect them to municipally overseen, reasonably priced dark fiber can chart their own Internet of Things futures, rather than leave their destinies in the hands of vendors whose priorities are driven (rationally) by the desire to control whole markets and keep share prices and dividends high rather than provide public benefits.

Santa Monica's CIO warns that now telecoms "are looking for exclusive rights to poles and saying they can't co-locate [with their competitors]. They're all hiring firms to lock up their permits and rights to as many poles as possible, as quickly as possible, before governments can organize."

Non-Cable Internet Providers Offer Faster Speeds To the Wealthy ( 170

An anonymous reader quotes a report from Ars Technica: When non-cable Internet providers -- outlets like ATT or Verizon -- choose which communities to offer the fastest connections, they don't juice up their networks so everyone in their service area has the option of buying quicker speeds. Instead, they tend to favor the wealthy over the poor, according to an investigation by the Center for Public Integrity. The Center's data analysis found that the largest non-cable Internet providers collectively offer faster speeds to about 40 percent of the population they serve nationwide in wealthy areas compared with just 22 percent of the population in poor areas. That leaves tens of millions of Americans with the choice of either purchasing an expensive connection from the only provider in their area -- typically a cable company -- or just doing the best they can with slower speeds. Middle-income areas don't fare much better, with a bit more than 27 percent of the population having access to a DSL provider's fastest speeds. The Center reached its conclusions by merging the latest Federal Communications Commission (FCC) data with income information from the U.S. Census Bureau. The non-cable Internet providers -- the four largest are ATT Inc, Verizon Communications Inc, CenturyLink Inc, and Frontier Communications Corp -- hook up customers over telephone wires that are Digital Subscriber Lines (DSL), or they use hybrid networks that include some fiber connections near (and sometimes directly to) homes. The Center included all types of connection in its analysis. These companies account for nearly 40 percent of the 92 million Internet connections nationwide. Cable companies, such as Comcast Corp and Charter Communications Inc, operate under a different set of conditions. These providers offer the same fast speeds to almost every community they serve, in part because of franchise agreements with local governments. But a previous Center investigation and other reports have shown that cable firms sometimes avoid lower-income or hard-to-reach areas based on how franchise agreements are written. Poor areas not served by the cable companies are not included in the Centerâ(TM)s analysis, which results in what seems like an equitable distribution of speeds across income levels. "Society said it did not matter if you could pay for electricity; we wanted everyone to have it. Society said we would not limit dial tone to those who could pay the most, we gave it to all," said telecommunications lawyer Gerard Lederer of Best Best and Krieger LCC in Washington, D.C., in an e-mail. "Broadband is quickly becoming that utility, and if applications only work at high speeds, then the universal availability of that speed must be the goal, otherwise you are providing everyone with water, just some of the water is not drinkable."

DHS Warns of Mirai Botnet Threat To Cellular Modems ( 21

chicksdaddy writes from a report via The Security Ledger: The Mirai malware that is behind massive denial of service attacks involving hundreds of thousands of "Internet of Things" devices may also affect cellular modems that connect those devices to the internet, the Department of Homeland Security (DHS) is warning. An alert issued by DHS's Industrial Control System CERT on Wednesday warned that cellular gateways manufactured by Sierra Wireless are vulnerable to compromise by the Mirai malware. While the routers are not actively being targeted by the malware, "unchanged default factory credentials, which are publicly available, could allow the devices to be compromised," ICS-CERT warned. The alert comes after a number of reports identified devices infected with the Mirai malware as the source of massive denial of service attacks against media websites like Krebs on Security and the French hosting company OVH. The attacks emanated from a global network of hundreds of thousands of infected IP-enabled closed circuit video cameras, digital video recorders (DVRs), network video recorders (NVRs) and other devices. Analysis by the firm Imperva found that Mirai is purpose-built to infect Internet of Things devices and enlist them in distributed denial of service (DDoS) attacks. The malware searches broadly for insecure or weakly secured IoT devices that can be remotely accessed and broken into with easily guessed (factory default) usernames and passwords. The report adds: "Sierra said in an alert that the company has 'confirmed reports of the 'Mirai' malware infecting AirLink gateways that are using the default ACEmanager password and are reachable from the public internet.' Sierra Wireless LS300, GX400, GX/ES440, GX/ES450, and RV50 were identified in the bulletin as vulnerable to compromise by Mirai. Furthermore, devices attached to he gateway's local area network may also be vulnerable to infection by the Mirai malware, ICS-CERT warned. Sierra Wireless asked affected users to reboot their gateway. Mirai is memory resident malware, meaning that is erased upon reboot. Furthermore, administrators were advised to change the password to the management interface by logging in locally, or remotely to a vulnerable device."

Slashdot Top Deals