DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Government

WikiLeaks Releases New CIA Secret: Tapping Microphones On Some Samsung TVs (fossbytes.com) 91

FossBytes reports: The whistleblower website Wikileaks has published another set of hacking tools belonging to the American intelligence agency CIA. The latest revelation includes a user guide for CIA's "Weeping Angel" tool... derived from another tool called "Extending" which belongs to UK's intelligence agency MI5/BTSS, according to Wikileaks. Extending takes control of Samsung F Series Smart TV. The highly detailed user guide describes it as an implant "designed to record audio from the built-in microphone and egress or store the data."

According to the user guide, the malware can be deployed on a TV via a USB stick after configuring it on a Linux system. It is possible to transfer the recorded audio files through the USB stick or by setting up a WiFi hotspot near the TV. Also, a Live Liston Tool, running on a Windows OS, can be used to listen to audio exfiltration in real-time. Wikileaks mentioned that the two agencies, CIA and MI5/BTSS made collaborative efforts to create Weeping Angel during their Joint Development Workshops.

Education

EFF Says Google Chromebooks Are Still Spying On Students (softpedia.com) 79

schwit1 quotes a report from Softpedia: In the past two years since a formal complaint was made against Google, not much has changed in the way they handle this. Google still hasn't shed its "bad guy" clothes when it comes to the data it collects on underage students. In fact, the Electronic Frontier Foundation says the company continues to massively collect and store information on children without their consent or their parents'. Not even school administrators fully understand the extent of this operation, the EFF says. According to the latest status report from the EFF, Google is still up to no good, trying to eliminate students privacy without their parents notice or consent and "without a real choice to opt out." This, they say, is done via the Chromebooks Google is selling to schools across the United States.
Botnet

Developer of BrickerBot Malware Claims He Destroyed Over Two Million Devices (bleepingcomputer.com) 78

An anonymous reader writes: In an interview today, the author of BrickerBot, a malware that bricks IoT and networking devices, claimed he destroyed over 2 million devices, but he never intended to do so in the first place. His intentions were to fight the rising number of IoT botnets that were used to launch DDoS attacks last year, such as Gafgyt and Mirai. He says he created BrickerBot with 84 routines that try to secure devices so they can't be taken over by Mirai and other malware. Nevertheless, he realized that some devices are so badly designed that he could never protect them. He says that for these, he created a "Plan B," which meant deleting the device's storage, effectively bricking the device. His identity was revealed after a reporter received an anonymous tip about a HackForum users claiming he was destroying IoT devices since last November, just after BrickerBot appeared. When contacted, BrickerBot's author revealed that the malware is a personal project which he calls "Internet Chemotherapy" and he's "the doctor" who will kill all the cancerous unsecured IoT devices.
Software

Ask Slashdot: How Do You Explain 'Don't Improve My Software Syndrome' Or DIMSS? 354

dryriver writes: I am someone who likes to post improvement suggestions for different software tools I use on the internet. If I see a function in a software that doesn't work well for me or could work better for everyone else, I immediately post suggestions as to how that function could be improved and made to work better for everybody. A striking phenomenon I have come across in posting such suggestions is the sheer number of "why would you want that at all" or "nobody needs that" or "the software is fine as it is" type responses from software users. What is particularly puzzling is that its not the developers of the software rejecting the suggestions -- its users of the software that often react sourly to improvement suggestions that could, if implemented well, benefit a lot of people using the software in question. I have observed this happening online for years even for really good software feature/function improvement ideas that actually wound up being implemented. My question is -- what causes this behavior of software users on the internet? Why would a software user see a suggestion that would very likely benefit many other users of the software and object loudly to that suggestion, or even pretend that "the suggestion is a bad one?"
Crime

DOJ: Russian 'Superhacker' Gets 27 Years In Prison (thedailybeast.com) 49

According to the Justice Department, a 32-year-old Russian "superhacker" has been sentenced to 27 years in prison for stealing and selling millions of credit-card numbers, causing more than $169 million worth of damages to business and financial institutions. The Daily Beast reports: Roman Valeryevich Seleznev, 32, aka Track2, son of a prominent Russian lawmaker, was convicted last year on 38 counts of computer intrusion and credit-card fraud. "This investigation, conviction and sentence demonstrates that the United States will bring the full force of the American justice system upon cybercriminals like Seleznev who victimize U.S. citizens and companies from afar," said Acting Assistant Attorney General Kenneth Blanco said in a statement. "And we will not tolerate the existence of safe havens for these crimes -- we will identify cybercriminals from the dark corners of the Internet and bring them to justice."
Security

Teenage Hackers Motivated By Morality Not Money, Study Finds (theguardian.com) 73

Teenage hackers are motivated by idealism and impressing their mates rather than money, according to a study by the National Crime Agency. From a report: The law enforcement organisation interviewed teenagers and children as young as 12 who had been arrested or cautioned for computer-based crimes. It found that those interviewed, who had an average age of 17, were unlikely to be involved in theft, fraud or harassment. Instead they saw hacking as a "moral crusade", said Paul Hoare, senior manager at the NCA's cybercrime unit, who led the research. Others were motivated by a desire to tackle technical problems and prove themselves to friends, the report found. Speaking to BBC Radio 4's Today programme, Hoare said: "They don't understand the implications on business, government websites and individuals."
Security

Ambient Light Sensors Can Be Used To Steal Browser Data (bleepingcomputer.com) 37

An anonymous reader writes: "Over the past decade, ambient light sensors have become quite common in smartphones, tablets, and laptops, where they are used to detect the level of surrounding light and automatically adjust a screen's intensity to optimize battery consumption... and other stuff," reports Bleeping Computer. "The sensors have become so prevalent, that the World Wide Web Consortium (W3C) has developed a special API that allows websites (through a browser) to interact with a device's ambient light sensors. Browsers such as Chrome and Firefox have already shipped versions of this API with their products." According to two privacy and security experts, Lukasz Olejnik and Artur Janc, malicious web pages can launch attacks using this new API and collect data on users, such as URLs they visited in the past and extract QR codes displayed on the screen. This is possible because the light coming from the screen is picked up by these sensors. Mitigating such attacks is quite easy, as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings. Furthermore, the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range. The two researchers filed bug reports with both Chrome and Firefox in the hopes their recommendations will be followed.
IT

CC'ing the Boss on Email Makes Employees Feel Less Trusted, Study Finds (hbr.org) 145

Do you ever loop your boss when having a conversation with a colleague when his or her presence in the thread wasn't really necessary? Turns out, many people do this, and your colleague doesn't find it helpful at all. From an article: My collaborators and I conducted a series of six studies (a combination of experiments and surveys) to see how cc'ing influences organizational trust. While our findings are preliminary and our academic paper is still under review, a first important finding was that the more often you include a supervisor on emails to coworkers, the less trusted those coworkers feel (alternative link). In our experimental studies, in which 594 working adults participated, people read a scenario where they had to imagine that their coworker always, sometimes, or almost never copied the supervisor when emailing them. Participants were then required to respond to items assessing how trusted they would feel by their colleague. ("In this work situation, I would feel that my colleague would trust my 'competence,' 'integrity,' and 'benevolence.'") It was consistently shown that the condition in which the supervisor was "always" included by cc made the recipient of the email feel trusted significantly less than recipients who were randomly allocated to the "sometimes" or "almost never" condition. Organizational surveys of 345 employees replicated this effect by demonstrating that the more often employees perceived that a coworker copied their supervisor, the less they felt trusted by that coworker. To make matters worse, my findings indicated that when the supervisor was copied in often, employees felt less trusted, and this feeling automatically led them to infer that the organizational culture must be low in trust overall, fostering a culture of fear and low psychological safety.
Security

Mastercard is Building Fingerprint Scanners Directly Into Its Cards (fastcompany.com) 84

Mastercard said on Thursday it's beginning trials of its "next-generation biometric card" in South Africa. In addition to the standard chip and pin, the new cards have a built-in fingerprint reader that the user can use to authenticate every purchase. From a report: Impressively, the new card is no thicker or larger than your current credit and debit cards.
Microsoft

Microsoft Says It Will Release Two Feature Updates Per Year For Windows 10, Office (petri.com) 60

Microsoft is making a few changes to how it will service Windows, Office 365 ProPlus and System Center Configuration Manager. From a report: Announced today, Microsoft will be releasing two feature updates a year for Windows 10 in March in September and with each release, System Center Configuration Manager will support this new aligned update model for Office 365 ProPlus and Windows 10, making both easier to deploy and keep up to date. This is a big change for Microsoft as Windows will now be on a more predictable pattern for major updates and by aligning it with Office 365 Pro Plus, this should make these two platforms easier to service from an IT Pro perspective. The big news here is also that Microsoft is announcing when Redstone 3 is targeted for release. The company is looking at a September release window but it is worth pointing out that they traditionally release the month after the code is completed.
Government

President Trump Misses 90-Day Deadline To Appoint a Cybersecurity Team After Alleged Russian Hacking (politico.com) 323

From a report: President-elect Donald Trump was very clear: "I will appoint a team to give me a plan within 90 days of taking office," he said in January, after getting a U.S. intelligence assessment of Russian interference in last year's elections and promising to address cybersecurity. Thursday, Trump hits his 90-day mark. There is no team, there is no plan, and there is no clear answer from the White House on who would even be working on what. It's the latest deadline Trump's set and missed -- from the press conference he said his wife would hold last fall to answer questions about her original immigration process to the plan to defeat ISIS that he'd said would come within his first 30 days in office. Since his inauguration, Trump's issued a few tweets and promises to get to the bottom of Russian hacking -- and accusations of surveillance of Americans, himself included, by the Obama administration.
Network

The Biggest Time Suck at the Office Might Be Your Computer (bloomberg.com) 168

Sharing personal anecdotes and recent studies, a new report on Bloomberg blames outdated computers, decade-old operating systems and ageing equipments for being one of the biggest hurdles that prevents people from doing actual work in their offices. From the article: Slow, outdated computers and intermittent internet connections demoralize workers, a survey of 6,000 European workers said. Half of U.K. employees said creaking computers were "restrictive and limiting," and 38 percent said modern technology would make them more motivated, according to the survey, commissioned by electronics company Sharp. Scott's (a 25-year-old researcher who works at an insurance firm) PC runs the relatively up-to-date Windows 8 operating system, but his computer sometimes struggles to handle large spreadsheets and multiple documents open simultaneously, slowing him down. Others are in a worse spot. One in every eight business laptops and desktops worldwide still run Windows XP, which was introduced in 2001. [...] Some businesses can't help using old hardware or operating systems, because they use specialized software that also hasn't been brought up-to-date.
China

China To Question Apple About Live-Streaming Apps On App Store That Violate Internet Regulations (theguardian.com) 31

Three Chinese government agencies are planning to tell Apple to "tighten up checks" on live-streaming software offered on its app store, which can be used to violate internet regulation in the country. "Law enforcement officers had already met with Apple representatives over live-streaming services, [state news agency Xinhua reported], but did not provide details of the meetings," reports The Guardian. From the report: The inquiry appears to be focused on third-party apps available for download through Apple's online marketplace. The company did not respond to requests for comment. China operates the world's largest internet censorship regime, blocking a host of foreign websites including Google, Facebook, Twitter and Instagram, but the authorities have struggled to control an explosion in popularity of live-streaming video apps. As part of the inquiry into live-streaming, three Chinese websites -- toutiao.com, huoshanzhibo.com and huajiao.com -- were already found to have violated internet regulations, and had broadcast content that violated Chinese law, including providing "pornographic content," the Xinhua report said. Pornography is banned in China. The three sites were told to increase oversight of live-broadcasting services, user registration and "the handling of tips-offs." Two of the websites, huoshanzhibo.com and huajiao.com, were under formal investigation and may have their cases transferred to the police for criminal prosecutions, the Xinhua report said. Casting a wide net, the regulations state that apps cannot "engage in activities prohibited by laws and regulations such as endangering national security, disrupting social order and violating the legitimate rights and interests of others."
Software

95% Engineers in India Unfit For Software Development Jobs: Report (gadgetsnow.com) 434

An anonymous reader shares a report: Talent shortage is acute in the IT and data science ecosystem in India with a survey claiming that 95 percent of engineers in the country are not fit to take up software development jobs. According to a study by employability assessment company Aspiring Minds, only 4.77 percent candidates can write the correct logic for a programme -- a minimum requirement for any programming job. Over 36,000 engineering students form IT related branches of over 500 colleges took Automata -- a Machine Learning based assessment of software development skills -- and over 2/3 could not even write code that compiles.
Communications

Microsoft's Skype Is Most Used Messaging Service For Cyber Criminals, Study Finds (securityledger.com) 57

chicksdaddy quotes a report from The Security Ledger: Cyber criminals lurk in the dark recesses of the internet, striking at random and then disappearing into the virtual ether. But when they want to talk shop with their colleagues, they turn to Redmond, Washington-based Microsoft and its Skype communications tools, according to an analysis by the firm Flashpoint. Mentions of different platforms were used as a proxy for gauging interest in and use of these messaging services. Flashpoint analysts looked, especially, for invitations to continue conversation outside of cyber criminal marketplaces, like references to ICQ accounts or other platforms. The survey results show that, out of a population of around 80 instant messenger platforms and protocols, a short list of just five platforms accounts for between 80% and 90% of all mentions within the cyber underground. Of those, Microsoft's Skype was the chat king. It ranked among the top five platforms across all language groups. That, despite the platform's lack of end-to-end encryption or forward secrecy features and evidence, courtesy of NSA hacker Edward Snowden, that U.S. spies may have snooped on Skype video calls in recent years, The Security Ledger reports. The conclusion: while security is a priority amongst thieves, it isn't the sole concern that cyber criminals and their associates have. In fact, sophisticated hacking communities like those in Russia to continue to rely on legacy platforms like ICQ when provably more secure alternatives exist. The reason? Business. "These cyber criminals have a lot of different options that they're juggling and a lot of factors that weigh on their options," said Leroy Terrelonge III, the Director of Middle East and Africa Research at Flashpoint. "We might suspect that cyber criminals use the most secure means of communication all the time, that's not what our research showed."
Ubuntu

Ubuntu Is Switching to Wayland (omgubuntu.co.uk) 224

An anonymous reader shares a report: Ubuntu is to ship Wayland in place of X.Org Server by default. Mir, Canonical's home-spun alternative to Wayland, had been billed as the future of Ubuntu's convergence play. But both Unity 8 the convergence dream was recently put out to pasture, meaning this decision was widely expected. It's highly likely that the traditional X.Org Server will, as on Fedora, be included on the disc and accessible from whichever login screen Ubuntu devs opt to use in ubuntu 17.10 onwards. This session will be useful for users whose system experience issues running on Wayland, or who need features and driver support that is only present in the legacy X.Org server session.
Security

User-Made Patch Lets Owners of Next-Gen CPUs Install Updates On Windows 7 & 8.1 (bleepingcomputer.com) 218

An anonymous reader quotes a report from BleepingComputer: GitHub user Zeffy has created a patch that removes a limitation that Microsoft imposed on users of 7th generation processors, a limit that prevents users from receiving Windows updates if they still use Windows 7 and 8.1. This limitation was delivered through Windows Update KB4012218 (March 2017 Patch Tuesday) and has made many owners of Intel Kaby Lake and AMD Bristol Ridge CPUs very angry last week, as they weren't able to install any Windows updates. Microsoft's move was controversial, but the company did its due diligence, and warned customers of its intention since January 2016, giving users enough time to update to Windows 10, move to a new OS, or downgrade their CPU, if they needed to remain on Windows 7 or 8.1 for various reasons. When the April 2017 Patch Tuesday came around last week, GitHub user Zeffy finally had the chance to test four batch scripts he created in March, after the release of KB4012218. His scripts worked as intended by patching Windows DLL files, skipping the CPU version check, and delivering updates to Windows 7 and 8.1 computers running 7th generation CPUs.
Businesses

Cylance Accused of Distributing Fake Malware Samples To Customers To Close Deals (arstechnica.com) 32

New submitter nyman19 writes: Ars Technica reports how security vendor Cylance has been distributing non-functioning malware samples to prospective customers in order to "close the sale[s] by providing files that other products wouldn't detect" According to the report: "A systems engineer at a large company was evaluating security software products when he discovered something suspicious. One of the vendors [Cylance] had provided a set of malware samples to test -- 48 files in an archive stored in the vendor's Box cloud storage account. The vendor providing those samples was Cylance, the information security company behind Protect, a 'next generation' endpoint protection system built on machine learning. In testing, Protect identified all 48 of the samples as malicious, while competing products flagged most but not all of them. Curious, the engineer took a closer look at the files in question -- and found that seven weren't malware at all."
Government

Trump Administration Kills Open.Gov, Will Not Release White House Visitor Logs (techdirt.com) 268

An anonymous reader quotes a report from Techdirt: It will never be said that the Trump presidency began with a presumption of openness. His pre-election refusal to release his tax returns set a bit of precedent in that regard. The immediate post-election muffling of government agency social media accounts made the administration's opacity goals um clearer. So, in an unsurprising move, the Trump administration will be doing the opposite of the Obama administration. The American public will no longer have the privilege of keeping tabs on White House visitors. TIME reports: "The Trump Administration will not disclose logs of those who visit the White House complex, breaking with his predecessor, the White House announced Friday. White House communications director Michael Dubke said the decision to reverse the Obama-era policy was due to 'the grave national security risks and privacy concerns of the hundreds of thousands of visitors annually.' Instead, the Trump Administration is relying on a federal court ruling that most of the logs are 'presidential records' and are not subject to the Freedom of Information Act." So, to further distance himself from the people he serves (and the people who elected him), Trump and his administration have shut down the transparency portal put in place by the previous Commander-in-Chief: "White House officials said the Administration is ending the contract for Open.gov, the Obama-era site that hosted the visitor records along with staff financial disclosures, salaries, and appointments. An official said it would save $70,000 through 2020 and that the removed disclosures, salaries and appointments would be integrated into WhiteHouse.gov in the coming months."
Microsoft

Microsoft Says Previous Windows Patches Fixed Newly Leaked NSA Exploits (pcworld.com) 48

Microsoft said it has already patched vulnerabilities revealed in last week's high-profile leak of suspected U.S. National Security Agency spying tools, meaning customers should be protected if they've kept their software up-to-date. From a report: Friday's leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such as Windows XP and Windows Server 2008. However, Microsoft said several patches -- one of which was made only last month -- address the vulnerabilities. "Our engineers have investigated the disclosed exploits, and most of the exploits are already patched," the company said in a blog post late on Friday. Three of the exploits found in the leak have not been patched but do not work on platforms that Microsoft currently supports, such as Window 7 or later and Exchange 2010 or later.

Slashdot Top Deals