Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Communications

NIST Prepares To Ban SMS-Based Two-Factor Authentication (softpedia.com) 99

An anonymous reader writes: "The U.S. National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA)," reports Softpedia. The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone number, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone. The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: "Biometrics SHALL be used with another authentication factor (something you know or something you have)," the guideline's draft reads. The NIST DAG draft reads in part: "If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance."
Microsoft

Windows 10 Anniversary Update: the Best New Features (theverge.com) 276

A year after the release of Windows 10, Microsoft is gearing up for Anniversary Update, the first major update to the company's desktop operating system. Ahead of the public release of Anniversary Update on August 2, Microsoft provided media outlets with the Anniversary Update, and their first impressions and reviews are out. The Verge has listed the big changes Windows 10 Anniversary ships with. From the article: Windows Ink: Windows Ink is without a doubt the best part of the Anniversary Update. It's essentially a central location to find built-in or third-party apps that work with your stylus. You can use the new sticky notes to note down reminders, and they'll even transform into true reminders as Cortana understands what you write.
Microsoft Edge extensions: If you're a fan of Chrome extensions, then you'll be glad to hear that they're heading to Microsoft's Edge browser. The Anniversary Update brings support for extensions, and it's now up to third-party developers to fill the Windows Store with their add-ons.
Cortana improvements: Microsoft's digital assistant, Cortana, debuted on Windows 10 last year, and the software maker is bringing it to the lock screen with the Anniversary Update. You'll be able to ask it to make a note, play music, set a reminder, and lots more without ever logging in. Cortana is also getting a little more intelligent, with the ability to schedule appointments in Outlook or options to send friends a document you were working on a week ago.
Dark theme and UI tweaks: You can switch on what I call even darker mode in settings, and it will switch built-in apps that typically use a white background over to black.
Other improvements include things like Windows 10's ability to set your time zone automatically, and opening up of Windows Hello, the biometric feature to apps and websites. Additionally, the Xbox One is getting Windows apps. The Verge adds, "It feels like a promise that was made years ago, but it's finally coming true with the Anniversary Update. As Windows 10 now powers the Xbox One, Microsoft will start rolling out an update to its console to provide support for Cortana on Xbox One and the new universal apps." Microsoft is also adding Bash, the Linux command line to Windows with the new update. It's an optional feature and users will need to enable it to use it. Users will also be able to "project to PC," a feature that will allow one to easily find a PC to project to from a phone or another PC. There's also a new Skype app, and syncing of notifications between PC and phone is getting better.
Going by the reviews, it appears Windows 10 Anniversary Update is substantially more stable, and has interesting new features. You can read the first impressions of it on ZDNet, and review on PCWorld.
Yahoo!

Once Valued at $125B, Yahoo's Web Assets To Be Sold To Verizon For $4.83B, Companies Confirm 184

The reports were spot on. Verizon Communications on Monday announced that it plans to purchase Yahoo's Web assets for a sum of $4.83 billion in cash. The multi-billion dollars deal will get Verizon Yahoo's core internet business and some real estate. The announcement also marks a remarkable fall for the Silicon Valley web pioneer, which once had a market capitalization of more than $125 billion. For Verizon, the deal adds another piece to the mammoth digital media and advertising empire it owns. The deal is expected to close early 2017. CNBC reports: The transaction is seen boosting Verizon's AOL internet business, which the company acquired last year for $4.4 billion, by giving it access to Yahoo's advertising technology tools, as well as other assets such as search, mail, messenger and real estate. It also marks the end of Yahoo as an operating company, leaving it only as the owner of a 35.5 percent stake in Yahoo Japan, as well as its 15 percent interest in Chinese e-commerce company Alibaba. In December, Yahoo scrapped plans to spin off its Alibaba stake after investors worried about whether that transaction could have been carried out on a tax-free basis. It instead decided to explore a sale of its core assets, spurred on by activist hedge fund Starboard Value. Forbes has called it one of the "saddest $5B deals in tech history."Yahoo CEO Marissa Mayer, who was expected to leave -- or get fired -- said she intends to stay. "For me personally, I'm planning to stay," Mayer said in a note on Yahoo's Tumblr page. "I love Yahoo, and I believe in all of you. It's important to me to see Yahoo into its next chapter."
Security

Can Iris-Scanning ID Systems Tell the Difference Between a Live and Dead Eye? (ieee.org) 90

the_newsbeagle writes: Iris scanning is increasingly being used for biometric identification because it's fast, accurate, and relies on a body part that's protected and doesn't change over time. You may have seen such systems at a border crossing recently or at a high-security facility, and the Indian government is currently collecting iris scans from all its 1.2 billion citizens to enroll them in a national ID system. But such scanners can sometimes be spoofed by a high-quality paper printout or an image stuck on a contact lens.

Now, new research has shown that post-mortem eyes can be used for biometric identification for hours or days after death, despite the decay that occurs. This means an eye could theoretically be plucked from someone's head and presented to an iris scanner. The same researcher who conducted that post-mortem study is also looking for solutions, and is working on iris scanners that can detect the "liveness" of an eye. His best method so far relies on the unique way each person's pupil responds to a flash of light, although he notes some problems with this approach.

Biotech

Scientists Find Chemical-Free Way To Extend Milk's Shelf Life For Up To 3 Weeks (digitaltrends.com) 254

An anonymous reader writes from a report via Digital Trends: Researchers at Purdue University and the University of Tennessee have found a non-chemical way to extend regular milk's shelf life to around 2-3 weeks, and without affecting the nutrients or flavor. The technology they've developed involves increasing the temperature of milk by just 10 degrees for less than a second, which is well below the 70-degree Celsius threshold needed for pasteurization. That quick heat blast is still able to eliminate more than 99 percent of the bacteria left from pasteurization. "The developed technology uses low temperature, short time (LTST) in a process that disperses milk in the form of droplets with low heat/pressure variation over a short treatment time in conjunction with pasteurization," Bruce Applegate, Purdue's associate professor in the Department of Food Science, explained to Digital Trends. "The resultant product was subjected to a taste panel and participants had equal or greater preference for the LTST pasteurized milk compared to normally pasteurized milk. The shelf was determined to be a minimum of two weeks longer than the standard shelf life from pasteurization alone." As for whether or not this method will make its way to store shelves, it won't in the near future. "Currently an Ohio-based milk processor is using this technology and distributing the milk," Applegate says. "The unit is approved for processing milk in Ohio and distribution nationwide. The product is currently being distributed, however it has not been labeled as extended shelf life milk. Once the commercial application is validated the milk will be labelled with the extended shelf life." Scientists from Duke University believe there may be a large source of hydrogen gas under the ocean, caused by rocks forming from fast-spreading tectonic plates.
Advertising

Spotify Is Now Selling Your Information To Advertisers (engadget.com) 107

An anonymous reader writes from a report via Engadget: Spotify is now opening its data to targeted advertising. "Everything from your age and gender, to the music genres you like to listen to will be available to various third-party companies," reports Engadget. "Spotify is calling it programmatic ad buying (Warning: source may be paywalled) and has already enabled it." The nearly 70 million people that currently use Spotify's free, ad-supported streaming service across 59 countries will be affected. The ads will be audio-based and stretch between 15-30 seconds in length. The advertisers who buy ad spots will be able to look for specific users by viewing their song picks to find the best matches for the products they're selling. Two weeks ago, China has released its first ever set of digital ad regulations that seems to all but ban ad blocking.
Nintendo

Apple To Make $3 Billion From Pokemon Go (theguardian.com) 79

An anonymous reader writes from a report via The Guardian: We all know what Pokemon Go is, and we all know how successful it is. The Guardian is reporting that Apple will "rake in $3 billion in revenue from Pokemon Go in the next one to two years as gamers buy 'PokeCoins' from its app store, according to analysts." One pack of 100 PokeCoins costs about $1 in Apple's app store, but gamers can purchase as many as 14,500 PokeCoins for about $100. "We believe Apple keeps 30% of Pokemon Go's revenue spent on iOS devices, suggesting upside to earnings," Needham and Co brokerage analyst Laura Martin wrote in a client note on Wednesday. The game, which is also available on Android, had over 21 million active users after only being on the market for less than two weeks. It has also been rolled out in 35 countries since its U.S. debut. "Martin said Pokemon Go's ratio of paid users to total users was 10 times that of Candy Crush, the hit game from King Digital that generated more than $1 billion of revenue in both 2013 and 2014," reports The Guardian. Not only has Apple's stock risen since the launch of Pokemon Go, but Nintendo's stock has more than doubled.
DRM

EFF Is Suing the US Government To Invalidate the DMCA's DRM Provisions (boingboing.net) 92

Cory Doctorow, writes for BoingBoing: The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. EFF is representing two clients in its lawsuit: Andrew "bunnie" Huang, a legendary hardware hacker whose NeTV product lets users put overlays on DRM-restricted digital video signals; and Matthew Green, a heavyweight security researcher at Johns Hopkins who has an NSF grant to investigate medical record systems and whose research plans encompass the security of industrial firewalls and finance-industry "black boxes" used to manage the cryptographic security of billions of financial transactions every day. Both clients reflect the deep constitutional flaws in the DMCA, and both have standing to sue the US government to challenge DMCA 1201 because of its serious criminal provisions (5 years in prison and a $500K fine for a first offense).Doctorow has explained aspects of this for The Guardian today. You should also check Huang's blog post on this.
Advertising

China Bans Ad Blocking (adexchanger.com) 111

An anonymous reader writes: Two weeks ago, China released its first ever set of digital ad regulations that impacted Chinese market leaders like Baidu and Alibaba. "But hidden among (the new regulations) is language that would seem to all but ban ad blocking," wrote Adblock Plus (ABP) operations manager Ben Williams in a blog post Wednesday. The new regulations prohibit "the use of network access, network devices, applications, and the disruption of normal advertising data, tampering with or blocking others doing advertising business (or) unauthorized loading the ad." There is also a clause included that addresses tech companies that "intercept, filter, cover, fast-forward and [impose] other restrictions" on online ad campaigns. ABP general counsel Kai Recke said in an email to AdExchanger that the Chinese State Administration for Industry and Commerce (SAIC) has much more control over the market than its otherwise equal U.S. counterpart, the Federal Communications Commission (FCC). "After all it looks like the Chinese government tries to get advertising more under their control and that includes that they want to be the only ones to be allowed to remove or alter ads," said Recke. "Ad-block users are a distinct audience and they require a distinct strategy and ways to engage them," said ABP CEO Till Faida at AdExchanger's Clean Ads I/O earlier this year. "They have different standards they've expressed for accessing them, and advertising has to reflect that."
Facebook

Facebook Messenger Hits 1B Monthly Active Users, Accounts For 10 Percent Of All VoIP Calls (techcrunch.com) 55

Speaking of instant messaging and VoIP call apps, Facebook announced on Wednesday that Facebook Messenger has hit the 1 billion monthly active users milestone. The company adds that Messenger is just more than a text messenger -- in addition to the ambitious bot gamble, a digital assistant, and the ability to send money to friends -- Messenger now accounts for 10 percent of all VoIP calls made globally. Messenger's tremendous growth also underscores Facebook's mammoth capture of the world. The social network is used by more than 1.6 billion people actively every month. WhatsApp, the chat client it owns, is also used by more than one billion people.

TechCrunch has a brilliant story on the growth of Messenger from the scratch.
Government

Library of Congress Hit With a Denial-Of-Service Attack (fedscoop.com) 23

An anonymous reader writes: The Library of Congress (LOC) announced via Twitter Monday that they were the target of a denial-of-service attack. The attack was detected on July 17 and has caused other websites hosted by the LOC, including the U.S. Copyright Office, to go down. In addition, employees of the Library of Congress were unable to access their work email accounts and to visit internal websites. The outages continue to affect some online properties managed by the library. "In June 2015, the Government Accountability Office, or GAO, published a limited distribution report -- undisclosed publicly though it was sourced in a 2015 GAO testimony to the Committee on House Administration -- highlighting digital security deficiencies apparent at the Library of Congress, including poor software patch management and firewall protections," reports FedScoop.
Google

Google Is Spending Half a Billion Dollars To Curry Europe's Favor (cnet.com) 72

An anonymous reader writes: Google has ratchet up its investment in European goodwill, aiming to spend about $450 million from 2015 to 2017 as EU regulators narrow their gaze on the search giant, according to a report by the New York Times. The company is pouring money into wide-ranging sponsorships, like an exhibition at a Belgian museum incorporating virtual reality, a fund to help European news publishers amp up their web savvy, a digital training course for Irish teachers, and YouTube-backed concerts, according to the report.
Television

Star Trek CBS Series To Be Streamed Internationally On Netflix (variety.com) 161

An anonymous reader writes: Netflix has announced that it has secured a deal to stream every episode of the new Star Trek TV series within 24 hours of its original network broadcast. However, neither the U.S. nor Canadian subscribers are included in the deal, which otherwise covers every territory that Netflix operates in worldwide. Stateside viewers will be able to stream the new show via CBS's own All Access digital subscription video-on-demand and live streaming service, with Canadian streaming provisions yet to be announced. The deal represents a potential major step forward in the company's determination to bypass regional licensing, and at one stroke eliminates the typical years of delay that occur when a U.S. program seeks foreign audiences.
Earth

Do You Have A Living Doppelgänger? (bbc.com) 142

HughPickens.com writes: Folk wisdom has it that everyone has a doppelganger; somewhere out there there's a perfect duplicate of you, with your mother's eyes, your father's nose and that annoying mole you've always meant to have removed. Now BBC reports that last year Teghan Lucas set out to test the hypothesis that everyone has a living double. Armed with a public collection of photographs of U.S. military personnel and the help of colleagues from the University of Adelaide, Lucas painstakingly analyzed the faces of nearly four thousand individuals, measuring the distances between key features such as the eyes and ears. Next she calculated the probability that two peoples' faces would match. What she found was good news for the criminal justice system, but likely to disappoint anyone pining for their long-lost double: the chances of sharing just eight dimensions with someone else are less than one in a trillion. Even with 7.4 billion people on the planet, that's only a one in 135 chance that there's a single pair of doppelgangers. Lucas says this study has provided much-needed evidence that facial anthropometric measurements are as accurate as fingerprints and DNA when it comes to identifying a criminal. "The use of video surveillance systems for security purposes is increasing and as a result, there are more and more instances of criminals leaving their 'faces' at a scene of a crime," says Ms Lucas. "At the same time, criminals are getting smarter and are avoiding leaving DNA or fingerprint traces at a crime scene." But that's not the whole story. The study relied on exact measurements; if your doppelganger's ears are 59mm but yours are 60mm, your likeness wouldn't count. "It depends whether we mean 'lookalike to a human' or 'lookalike to facial recognition software,'" says David Aldous. If fine details aren't important, suddenly the possibility of having a lookalike looks a lot more realistic. It depends on the way faces are stored in the brain: more like a map than an image. To ensure that friends and acquaintances can be recognized in any context, the brain employs an area known as the fusiform gyrus to tie all the pieces together. This holistic 'sum of the parts' perception is thought to make recognizing friends a lot more accurate than it would be if their features were assessed in isolation. Using this type of analysis, and judging by the number of celebrity look-alikes out there, unless you have particularly rare features, you may have literally thousands of doppelgangers. "I think most people have somebody who is a facial lookalike unless they have a truly exceptional and unusual face," says Francois Brunelle has photographed more than 200 pairs of doppelgangers for his I'm Not a Look-Alike project. "I think in the digital age which we are entering, at some point we will know because there will be pictures of almost everyone online.
Earth

Null Island: The Land of Lousy Directional Data (vice.com) 91

An anonymous reader writes: Null Island is one of the world's most visited places for directional data that doesn't exist in real life. The Wall Street Journal reports (Warning: source may be paywalled): "In the world of geographic information systems, the island is an apparition that serves a practical purpose. It lies at 'zero-zero,' a mapper's shorthand for zero degrees latitude and zero degrees longitude. By a programming quirk introduced by developers, those are the default coordinates where Google maps and other digital Global Positioning System applications are directed to send the millions of users who make mistakes in their searches. [About seven years ago, Mr. Kelso, who had heard the phrase used by other cartographers, encoded Null Island as the default destination for mistakes into a widely used public-domain digital-mapping data set called Natural Earth, which has been downloaded several million times. On a whim, he made the location at zero-zero appear as a tiny outcrop one-meter square. In no time at all, other mappers gave the 'island' its own natural geography, created a website, and designed T-shirts and a national flag.]" If you're feeling cognitively lazy, you can watch the short animated YouTube video explaining Null Island.
Businesses

Tor Project Installs New Board of Directors After Jacob Appelbaum Controversy (theverge.com) 105

An anonymous reader writes: The Tor Project announced today that is has elected an entirely new board of directors as part of a larger shake-up after accusations of misconduct by former employee Jacob Appelbaum. Appelbaum left the company in June after the nonprofit organization said it had received multiple accusations against him. The seven board members that are leaving the organization said in a statement today that it is their "duty to ensure that the Tor Project has the best possible leadership." The New York Times reports that the board agreed to step down following the controversy surrounding Appelbaum. Some of the board members who will be leaving include Tor Project co-founders Roger Dingledine and Nick Mathewson, who will continue to work on the organization's technical research and development team, according to the statement. They will be replaced with several prominent cryptographers and scholars, including University of Pennsylvania professor Matt Blaze, Electronic Frontier Foundation Executive Director Cindy Cohn, and security technologist Bruce Schneier. Meanwhile, researchers at MIT have been working on a new anonymity network that they say is more secure than Tor.
Bitcoin

Ex-Google Engineer Launches Blockchain-Based System For Banks (reuters.com) 62

An anonymous reader quotes a report from Reuters: A former Google engineer, whose speech recognition software is used in more than a billion Android smartphones, has launched a company that uses blockchain technology to build a new operating system for banks. Paul Taylor, a Cambridge University academic with an expertise in artificial intelligence, speech synthesis and machine learning, started working on the system, called Vault OS, two years ago in a basement in London's Shoreditch district, known for being a tech start-up hub. The technology, which underpins the digital currency bitcoin, creates a shared database in which participants can trace every transaction ever made. The ledger is tamper-proof and transparent, meaning that transactions can be processed without the need for third-party verification. The system also negates the need for costly in-house data centers, as it uses cloud-based systems, which banks can use on a "pay-as-you-go" basis, which means that there is no single point of failure. Taylor said major high-street banks were spending around a billion pounds ($1.3 billion) a year on computer technology, much of which he said was being used for propping up the current "legacy" systems rather than on any innovative technology. The start-up has been working with about ten banks, Taylor said, at least one of which would be starting a trial using the new system in August. He expects the system to be up-and-running within about a year. In banking-related news, a Congressional report shows that China's spies hacked into computers at the Federal Deposit Insurance Corporation (FDIC) from 2010 until 2013 and American government officials tried to cover it up.
Encryption

FBI Agent: Decrypting Data 'Fundamentally Alters' Evidence (vice.com) 89

Joseph Cox, reporting for Motherboard: An FBI agent has brought up an interesting question about the nature of digital evidence: Does decrypting encrypted data "fundamentally alter" it, therefore contaminating it as forensic evidence? According to a hearing transcript filed last week, FBI Special Agent Daniel Alfin suggested just that. The hearing was related to the agency's investigation into dark web child pornography site Playpen. In February 2015, the FBI briefly assumed control of Playpen and delivered its users a network investigative technique (NIT) -- or a piece of malware -- in an attempt to identify the site's visitors. [...] According to experts called by the defense in the affected case, the fact that the data was unencrypted means there is a chance that sensitive, identifying information of people who had not been convicted of a crime was being sent over the internet, and could have been manipulated. (Alfin paints this scenario as unlikely, saying that an attacker would have to know the IP address the FBI was using, have some sort of physical access to the suspect's computer to learn his MAC address, and other variables.)
Privacy

XDedic, Underground Market For Hacked Servers, Resurfaces On Tor Domain (threatpost.com) 20

Reader msm1267 writes: The defunct xDedic marketplace has resurfaced again, this time on a Tor network domain. The marketplace provides a platform for buying and selling of hacked servers. Its original open web domain, xdedic[,]biz, had disappeared shortly after a June 15 Kaspersky Lab report on its activities. The original market had upwards of 70,000 hacked servers for sale from more than 400 unique sellers. It's unknown how much inventory is being peddled on the new site, which was uncovered by researchers at Digital Shadows, who found a post on a Russian and French criminal forum pointing to a Tor domain as the new home of xDedic. The new site has the same look and feel as the old one, but Digital Shadows said accounts had not been transferred, and that there is now a $50 USD enrollment fee to join the new market.
Technology

Hamilton Producer Jeffrey Seller: Live Theater Is the Antidote To Digital Overload (recode.net) 100

As more people come online and get hold of smartphones, we are witnessing a generation that is reliant on their phones to get news, entertainment, and educational resources among other things. They watch movies and TV shows on Netflix and other services, and they listen to music on Spotify, Apple Music and YouTube. Naturally, you would think that people in the Broadway theater business must be threatened that nobody will physically attend their show anymore, but that's not necessarily the case, at least not with everyone. Take Jeffrey Seller, for example, the producer of Broadway megahit Hamilton refuses to fold to the virtual reality laden world, and he has numbers on his side. From a Recode article (you can also found an hour-long podcast on this there): The success of "Hamilton," which is sold out in New York through May 2017 and will soon spread to Chicago, San Francisco and London, has convinced Seller that demand for a real, non-digital experience is stronger than ever. He said 13 million people went to see Broadway shows in the past season, and only 500,000 of those were "Hamilton" attendees. By contrast, when Seller first made a splash as the co-producer of "Rent" in 1996, he estimated total Broadway attendance was around eight million to nine million people. "Experiencing art live with friends, with family, with people we love, is so rewarding that people are searching it out amidst the digital age, in which our faces are in our phones seemingly every other hour of the day," he said.Explaining why he thinks that virtual reality cannot completely take over, in a rather crass example, Seller adds, "Do you want to have sex or do you want to have a virtual reality experience of sex?"

Slashdot Top Deals