Google

Google Maps Now Lets You Explore Your Local Planets and Moons (cnet.com) 5

Google has added three planets and nine moons to Google Maps. "The heavenly bodies include Saturn moons Dione, Enceladus, Iapetus, Mimas, Rhea and Titan, and Jupiter moons Europa, Ganymede and Io," reports CNET. "Google also added dwarf-planets Pluto and Ceres and full-planet Venus." From the report: Once inside Google Maps for planets, you can spin the space objects around, get more information on their place names and zoom in for a closer look. The new worlds are possible thanks to imagery from NASA and the European Space Agency. NASA's dearly departed Cassini spacecraft sent back a treasure trove of views of Saturn's moons. If you have a few moments to spare, fire up a browser, go to your current location on Google Maps, enter satellite mode and hit the zoom-out button until you've left the planet and are "floating" in space. A list of available planets and moons pops up on the side and you're off on your space adventure.
Android

Essential Is Getting Sued For Allegedly Stealing Wireless Connector Technology (gizmodo.com) 15

"Keyssa, a wireless technology company backed by iPod creator and Nest founder Tony Fadell, filed a lawsuit against Essential on Monday, alleging that the company stole trade secrets and breached their nondisclosure agreement," reports Gizmodo. Keyssa has proprietary technology that reportedly lets users transfer large files in a matter of seconds by holding two devices side by side. From the report: According to the lawsuit, Keyssa and Essential engaged in conversations in which the wireless tech company "divulged to Essential proprietary technology enabling every facet of Keyssa's wireless connectivity," all of which was protected under a non-disclosure agreement. More specifically, the lawsuit alleges that Keyssa "deployed a team 20 of its top engineers and scientists" to educate Essential on its proprietary tech, sending them "many thousands of confidential emails, hundreds of confidential technical documents, and dozens of confidential presentations." Essential ended this relationship after over 10 months and later told Keyssa that its engineers would use a competing chip in the Essential Phone. But Keyssa is accusing Essential of including techniques in its phone that were gleaned from their relationship, despite their confidentiality agreement. Central to this lawsuit is one of the Essential Phone's key selling points: the option to swap in modular add-ons, made possible thanks to the phone's unique cordless connector. In short, if Keyssa's claims hold water, then one of the phone's defining factors is a product of theft.
Google

Google Photos Now Recognizes Your Pets (techcrunch.com) 34

Today, Google is introducing an easier way to aggregate your pet photos in its Photos app -- by allowing you to group all your pet's photos in one place, right beside the people Google Photos organized using facial recognition. TechCrunch reports: This is an improvement over typing in "dog," or another generalized term, because the app will now only group together photos of an individual pet together, instead of returning all photos you've captured with a "dog" in them. And like the face grouping feature, you can label the pet by name to more easily pull up their photos in the app, or create albums, movies or photo books using their pictures. In addition, Google Photos lets you type in an animal's breed to search for photos of pets, and it lets you search for photos using the dog and cat emojis. The company also earlier this year introduced a feature that would create a mini-movie starring your pet, but you can opt to make one yourself by manually selecting photos then choosing from a half-dozen tracks to accompany the movie, says Google.
Television

Netflix Adds 5.3 Million Subs In Q3, Beating Forecasts (variety.com) 35

Netflix shows no signs of slowing down. The company announced its third quarter results, adding more subscribers in both the U.S. and abroad than expected. Variety reports: The company gained 850,000 streaming subs in the U.S. and 4.45 million overseas in the period. Analysts had estimated Netflix to add 784,000 net subscribers in the U.S. and 3.62 million internationally for Q3. "We added a Q3-record 5.3 million memberships globally (up 49% year-over-year) as we continued to benefit from strong appetite for our original series and films, as well as the adoption of internet entertainment across the world," the company said in announcing the results, noting that it had under-forecast both U.S. and international subscriber growth. Netflix also indicated that its content spending may be even higher next year than previously projected. The company had said it was targeting programming expenditures of $7 billion in 2018; on Monday, Netflix said it will spend between $7 billion and $8 billion on content (on a profit-and-loss basis) next year. For 2017, original content will represent more than 25% of total programming spending, and that "will continue to grow," Netflix said.
XBox (Games)

Microsoft's Fall Update With Redesigned Xbox Dashboard Is Now Available To All (engadget.com) 23

Microsoft has released the next big "Fall" update for the Xbox One, which focuses on speed and simplicity. Engadget reports: The first "Fluid Design" interface comes with a redesigned Home page, which is all about simplicity and customization. The top-level section has four shortcuts (your current game, two personalized suggestions, and a deal from the Microsoft store) and a horizontal carousel underneath. The biggest change, however, is the new "Content Blocks" that sit below this screen. Scroll down and you'll find a series of large, visual panels dedicated to games and friends. These are completely customizable and act like miniature hubs for your favorite titles and communities. The quick-access Guide has been tweaked for speed, with small, horizontal tabs that you can slide between with the Xbox controller's LB and RB bumpers, D-pad or left thumbstick. If you launch the Guide while you're streaming or part of an active party, you'll also see the corresponding broadcast and party tabs by default. Other Guide tweaks include a new Tournaments section in the Multiplayer tab, which will summarize any official, professional or community tournaments that you've entered. In addition, Microsoft has overhauled the Community tab with a modern, grid-based layout. It's also tweaked the idle and screen dimming features that kick in when you walk away from the console momentarily. Larry Hryb, Xbox Live's Major Nelson and Mike Ybarra, the Platform Engineer, have posted a walkthrough video on YouTube highlighting all the major new changes.
Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 68

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Security

Ask Slashdot: What Are Some Hard Truths IT Must Learn To Accept? (cio.com) 269

snydeq writes: "The rise of shadow IT, shortcomings in the cloud, security breaches -- IT leadership is all about navigating hurdles and deficiencies, and learning to adapt to inevitable setbacks," writes Dan Tynan in an article on six hard truths IT must learn to accept. "It can be hard to admit that you've lost control over how your organization deploys technology, or that your network is porous and your code poorly written. Or no matter how much bandwidth you've budgeted for, it never quite seems to be enough, and that despite its bright promise, the cloud isn't the best solution for everything." What are some hard truths your organization has been dealing with? Tynan writes about how the idea of engineering teams sticking a server in a closet and using it to run their own skunkworks has become more open; how an organization can't do everything in the cloud, contrasting the 40 percent of CIOs surveyed by Gartner six years ago who believed they'd be running most of their IT operations in the cloud by now; and how your organization should assume from the get-go that your environment has already been compromised and design a security plan around that. Can you think of any other hard truths IT must learn to accept?
Patents

Apple To Appeal Five-Year-Long Patent Battle After $439.7 Million Loss (theverge.com) 48

Appel has been ordered to pay $439.7 million to the patent-holding firm VirnetX for infringing on four patented technologies that were apparently used in FaceTime and other iOS apps. According to The Verge, Apple plans to appeal the ruling -- continuing this long-running patent battle, which began back in 2012. From the report: VirnetX first filed suit against Apple in 2010, winning $368 million just two years later. It then sued again in 2012, which is the suit that's being ruled on today. Apple initially lost the suit, then filed for a mistrial. It won a new trial, lost that trial, was ordered to pay around $300 million, then lost some more and is now having that amount upped even further. That's because a judge found Apple guilty of willful infringement, bumping its payment amount from $1.20 per infringing Apple device to $1.80 per device. Those include certain iPhones, iPads, and Macs. VirnetX says the ruling is "very reasonable." Apple didn't issue a statement other than to say that it plans to appeal. While $440 million isn't a lot of money for Apple, there's principle at stake here: VirnetX is a patent troll that makes its money from licensing patents and suing other parties. The company's SEC filing states, "Our portfolio of intellectual property is the foundation of our business model."
Security

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word (neowin.net) 40

An anonymous reader quotes a report from Neowin: Kaspersky Lab, which has been under fire by the U.S. government as possibly being an agent of the Russian government and spying on U.S. computers, has found a previously unknown bug in Adobe Flash that was apparently exploited by a hacker group on October 10. Adobe issued a patch to fix the bug today. According to Kaspersky, "the exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware." The company worked with Adobe to get a patch ready as quickly as possible, with Adobe releasing it a few hours ago. Users and agencies running the following versions of Adobe Flash will need to update immediately, as the vulnerability has been labeled as critical. The patch updates all versions of Adobe Flash to version 27.0.0.170.
Google

Google Chrome for Windows Gets Basic Antivirus Features (betanews.com) 53

Google is rolling out a trio of important changes to Chrome for Windows users. From a report: At the heart of these changes is Chrome Cleanup. This feature detects unwanted software that might be bundled with downloads, and provides help with removing it. Google's Philippe Rivard explains that Chrome now has built-in hijack detection which should be able to detect when user settings are changes without consent. This is a setting that has already rolled out to users, and Google says that millions of users have already been protected against unwanted setting changes such as having their search engine altered. But it's the Chrome Cleanup tool that Google is particularly keen to highlight. A redesigned interface makes it easier to use and to see what unwanted software has been detected and singled out for removal.
Microsoft

US Supreme Court To Decide Microsoft Email Privacy Dispute (reuters.com) 60

The U.S. Supreme Court on Monday agreed to resolve a major privacy dispute between the Justice Department and Microsoft Corp over whether prosecutors should get access to emails stored on company servers overseas. From a report: The justices will hear the Trump administration's appeal of a lower court's ruling last year preventing federal prosecutors from obtaining emails stored in Microsoft computer servers in Dublin, Ireland in a drug trafficking investigation. That decision by the New York-based 2nd U.S. Court of Appeals marked a victory for privacy advocates and technology companies that increasingly offer cloud computing services in which data is stored remotely. Microsoft, which has 100 data centers in 40 countries, was the first U.S. company to challenge a domestic search warrant seeking data held outside the country. There have been several similar challenges, most brought by Google.
Security

WPA2 Security Flaw Puts Almost Every Wi-Fi Device at Risk of Hijack, Eavesdropping (zdnet.com) 237

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. From a report: The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream. In other words: hackers can eavesdrop on your network traffic. The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk. "If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website. News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.
Windows

Munich Plans New Vote on Dumping Linux For Windows 10 (techrepublic.com) 387

An anonymous reader quotes TechRepublic: The city of Munich has suggested it will cost too much to carry on using Linux alongside Windows, despite having spent millions of euros switching PCs to open-source software... "Today, with a Linux client-centric environment, we are often confronted with major difficulties and additional costs when it comes to acquiring and operating professional application software," the city council told the German Federation of Taxpayers. Running Linux will ultimately prove unsustainable, suggests the council, due to the need to also keep a minority of Windows machines to run line-of-business software incompatible with Linux. "In the long term, this situation means that the operation of the non-uniform client landscape can no longer be made cost-efficient"... Since completing the multi-year move to LiMux, a custom-version of the Linux-based OS Ubuntu, the city always kept a smaller number of Windows machines to run incompatible software. As of last year it had about 4,163 Windows-based PCs, compared to about 20,000 Linux-based PCs.

The assessment is at odds with a wide-ranging review of the city's IT systems by Accenture last year, which found that most of the problems stem not from the use of open-source software, but from inefficiencies in how Munich co-ordinates the efforts of IT teams scattered throughout different departments. Dr. Florian Roth, leader of the Green Party at Munich City Council, said the review had also not recommended a wholesale shift to Windows. "The Accenture report suggested to run both systems because the complete 'rollback' to Windows and MS Office would mean a waste of experience, technology, work and money," he said... The city's administration is investigating how long it would take and how much it would cost to build a Windows 10 client for use by the city's employees. Once this work is complete, the council will vote again in November on whether this Windows client should replace LiMux across the authority from 2021.

A taxpayer's federation post urged "Penguin, adieu!" -- while also admitting that returning to Windows "will devour further tax money in the millions," according to TechRepublic.

"The federation's post also makes no mention of the licensing and other savings achieved by switching to LiMux, estimated to stand at about €10m."
Transportation

Dubai Police Get Hoverbikes (mashable.com) 118

An anonymous reader quotes Mashable: The Dubai police, which already has luxury patrol cars, self-driving pursuit drones, and a robot officer, just announced it will soon have officers buzzing around on hoverbikes, which look like an early version of the speeder bikes used by the scout troopers on Endor in Return of the Jedi. The force (see what I did there?) unveiled its new Hoversurf Scorpion craft at the Gitex Technology Week conference, according to UAE English language publication Gulf News. The police force will use the hoverbike for emergency response scenarios, giving officers the ability to zoom over congested traffic conditions by taking to the air... The Scorpion can also fly autonomously for almost four miles at a time for other emergencies.
The fully-electric hoverbike stays aloft for about 25 minutes per charge at a top speed around 43 mph.

Gulf News also reported that Dubai police "unveiled robotic vehicles which will be equipped with biometric software to scan for wanted criminals and undesirable elements."
The Military

Pentagon Turns To High-Speed Traders To Fortify Markets Against Cyberattack (wsj.com) 62

Slashdot reader Templer421 quotes the Wall Street Journal's report [non-paywalled version here] on DARPA's "Financial Markets Vulnerabilities Project": Dozens of high-speed traders and others from Wall Street are helping the Pentagon study how hackers could unleash chaos in the U.S. financial system. The Department of Defense's research arm over the past year and a half has consulted executives at high-frequency trading firms and quantitative hedge funds, and people from exchanges and other financial companies, participants in the discussions said. Officials described the effort as an early-stage pilot project aimed at identifying market vulnerabilities... Participants described meetings as informal sessions in which attendees brainstorm about how hackers might try to bring down U.S. markets, then rank the ideas by feasibility.

Among the potential scenarios: Hackers could cripple a widely used payroll system; they could inject false information into stock-data feeds, sending trading algorithms out of whack; or they could flood the stock market with fake sell orders and trigger a market crash... "We started thinking a couple years ago what it would be like if a malicious actor wanted to cause havoc on our financial markets," said Wade Shen, who researched artificial intelligence at the Massachusetts Institute of Technology before joining Darpa as a program manager in 2014.

Social Networks

Elon Musk Teases Reddit With Bad Answers About BFR Rocket (reddit.com) 97

Long-time Slashdot reader Rei writes: On Saturday evening, Elon Musk took questions in a Reddit AMA (Ask-Me-Anything) concerning SpaceX's new design for the BFR (Big F* Rocket). But unlike the 2016 IAC conference where many audience questions seemed to be trolling Musk, this time the tables were turned. Asked why Raptor thrust was reduced from 300 tons to 170, Musk replied, "We chickened out." He responded to a statement about landing on the moon by quoting Bob the Builder, while responding to a user's suggestion about caching internet data from Mars by writing simply "Nerd." A question as to whether BFR autogenous pressurization would be heat-exchanger based, Musk replied that they planned to utilize the Incendio spell from Harry Potter -- helpfully providing a Wikipedia link for the spell.

A technical question about the lack of a tail? "Tails are lame." A question about why the number of landing legs was increased from 3 to 4? "Because 4." After one Redditor observed "This is one bizarre AMA so far," Musk replied "Just wait..." While Musk ultimately did follow up some of the trolling with some actual responses, the overall event could be best described as "surreal".

To be fair, Musk provided some serious answers. (And his final comment ended with "Great questions nk!!") But one Redditor suggested Musk's stranger answers were like a threat, along the lines of "Just wait. It will get way more bizarre than that. Let me finish my whiskey."

Musk replied, "How did you know? I am actually drinking whiskey right now. Really."
Transportation

Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars (bleepingcomputer.com) 60

An anonymous reader writes: Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations. These codes -- called rolling codes or hopping code -- should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars. This is exactly what Wimmenhove did. He created a device that sniffs the code, computes the next rolling code and uses it to unlock cars...

The researcher said he reached out to Subaru about his findings. "I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told BleepingComputer. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them."

His Subaru-cracking feat -- documented in a video -- was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor.
Chrome

Microsoft Edge Beats Chrome and Firefox in Malware-Blocking Tests (computerworld.com) 125

An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.

Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%.

The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers. But in the real world, Edge runs on just 5% of all personal computers, while Firefox runs on 13% and Chrome on 60%.
Television

Cord-Cutters Drive Cable TV Subscribers to a 17-Year Low (houstonchronicle.com) 195

An anonymous reader quotes the Washington Post: On Wednesday, AT&T told regulators that it expects to finish the quarter with about 90,000 fewer TV subscribers than it began with. AT&T blamed a number of issues, including hurricane damage to infrastructure, rising credit standards and competition from rivals. The report also shows AT&T lost more traditional TV customers than it gained back through its online video app, DirecTV Now. And analysts are suggesting that that's evidence that cord-cutting is the main culprit... "DirecTV, like all of its cable peers, is suffering from the ravages of cord-cutting," said industry analyst Craig Moffett in a research note this week. Moffett added that while nobody expected AT&T's pay-TV numbers to look good, hardly anyone could have predicted they would look "this bad."

The outlook doesn't look much healthier for the rest of the television industry. Over the past year, cable and satellite firms have collectively lost nearly 3 million customers, according to estimates by market analysts at SNL Kagan and New Street Research. The number of households with traditional TV service is hovering at about the level it was in 2000, according to New Street's Jonathan Chaplin, in a study last week. Other analysts predict that, after factoring in AT&T's newly disclosed losses, the industry will have lost 1 million traditional TV subscribers by the end of this quarter.

The Internet

Not Just Equifax. Rival Site Transunion Served Malware Too -- and 1,000 More Sites (arstechnica.com) 68

An anonymous reader quotes Ars Technica: Equifax isn't the only credit-reporting behemoth with a website redirecting visitors to fake Adobe Flash updates. A security researcher from AV provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, [was] also sending visitors to the fraudulent updates and other types of malicious pages... Malwarebytes security researcher Jerome Segura says he was able to repeatedly reproduce a similar chain of fraudulent redirects when he pointed his browser to the transunioncentroamerica.com site. On some occasions, the final link in the chain would push a fake Flash update. In other cases, it delivered an exploit kit that tried to infect computers with unpatched browsers or browser plugins... "This is not something users want to have," Segura told Ars...

Equifax on Thursday was quick to say that its systems were never compromised in the attacks. TransUnion said much the same thing. This is an important distinction in some respects because it means that the redirections weren't the result of attackers having access to restricted parts of either company's networks. At the same time, the incidents show that visitors to both sites remain much more vulnerable to malicious content than they should be.

Both sites hosted fireclick.js, an old script from a small web analytics company which pulls pages from sites like Akamai, SiteStats.info, and Ostats.net. "It appears that attackers have compromised the third-party library," writes BankInfoSecurity, adding that Malwarebytes estimates over a 1,000 more sites are using the same library.

Slashdot Top Deals