Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
IBM

Banks Adopting Blockchain 'Dramatically Faster' Than Expected (reuters.com) 19

Banks and other financial institutions are adopting blockchain technology "dramatically faster" than initially expected, with 15 percent of top global banks intending to roll out full-scale, commercial blockchain products in 2017, IBM said on Wednesday. Reuters reports: The technology company said 65 percent of banks expected to have blockchain projects in production in three years' time, with larger banks -- those with more than 100,000 employees -- leading the charge. IBM, whose findings were based on a survey of 200 banks, said the areas most commonly identified by lenders as ripe for blockchain-based innovation were clearing and settlement, wholesale payments, equity and debt issuance and reference data. Blockchain, which originates from digital currency bitcoin, works as an electronic transaction-processing and record-keeping system that allows all parties to track information through a secure network, with no need for third-party verification.
Businesses

Amazon Looking To Abandon UPS, FedEx In Favor of Its Own Delivery Service (arstechnica.com) 92

An anonymous reader quotes a report from Ars Technica: A report by The Wall Street Journal claims that Amazon is building its own shipping service to replace FedEx and UPS, giving it more control over its packages and possibly allowing it to ship packages from other retailers. Amazon has said its own delivery services would be meant to increase its capacity during busier times of the year, like the upcoming holiday season. However, "current and former Amazon managers and business partners" claim that the company's plans are bigger than that. The initiative dubbed "Consume the City" will eventually let Amazon "haul and deliver" its own packages and those of other retailers and consumers. That delivery network would also directly compete with the likes of UPS and FedEx. It makes sense that Amazon would want to sell, ship, and deliver orders on its own. The report estimates that the company spent $11.5 billion on shipping just last year, amounting to 10.8 percent of sales. The shipping process is currently a bit convoluted: packages from Amazon warehouses get sent to one of two shipping routes, either FedEx or UPS, or to a sorting facility that lumps all packages with similar zip codes together. FedEx and UPS handle its shipments and deliver them to customers, while the packages at the sorting facilities either get delivered via USPS or by Amazon employees themselves. If Amazon were to have control over its shipments over longer distances, it's estimated that the company could save about $3 per package -- about $1.1 billion annually.
Cellphones

Verizon Technician Is Accused of Selling Customers' Call Records and Location Data To Private Investigator (ap.org) 33

A former Verizon technician who worked in Alabama is being accused of selling customers' private call records and location data to an unnamed private investigator. Authorities said the data was sold for more than four years, from 2009 to 2014. The Associated Press reports: [Daniel Eugene Traeger] logged into one Verizon computer system to gain access to customers' call records, authorities said. He used another company system known as Real Time Tool to "ping" cellphones on Verizon's network to get locations of the devices, according to the plea agreement. He then compiled the data in spreadsheets, which he sent to the private investigator for years, the court records show. "Between April 2009 and January 2014, the defendant was paid more than $10,000 in exchange for his provision of confidential customer information and cellular location data to the PL, an unauthorized third party," court records state. Though Traeger was based in the Birmingham area, the court records do not indicate whether the information that was sold involved Verizon Wireless customers in Alabama or elsewhere. He faces up to five years in prison, but prosecutors are recommending a lesser sentence since he accepted responsibility, according to terms of the plea agreement.
Government

FCC Official Asks Agency To Investigate Ban On Journalists' Wi-Fi Personal Hotspots At Debate (arstechnica.com) 159

Yesterday, it was reported that journalists attending the presidential debate at Hofstra University were banned from using personal hotspots and were told they had to pay $200 to access the event's Wi-Fi. The journalists were reportedly offered the option to either turn off their personal hotspots or leave the debate. Cyrus Farivar via Ars Technica is now reporting that "one of the members of the Federal Communications Commission, Jessica Rosenworcel, has asked the agency to investigate the Monday evening ban." Ars Technica reports: Earlier, Commissioner Jessica Rosenworcel tweeted, saying that something was "not right" with what Hofstra did. She cited an August 2015 order from the FCC, forcing a company called SmartCity to no longer engage in Wi-Fi blocking and to pay $750,000. Ars has since updated their report with a statement from Karla Schuster, a spokeswoman for Hofstra University: The Commission on Presidential Debates sets the criteria for services and requires that a completely separate network from the University's network be built to support the media and journalists. This is necessary due to the volume of Wi-Fi activity and the need to avoid interference. The Rate Card fee of $200 for Wi-Fi access is to help defray the costs and the charge for the service does not cover the cost of the buildout. For Wi-Fi to perform optimally the system must be tuned with each access point and antenna. When other Wi-Fi access points are placed within the environment the result is poorer service for all. To avoid unauthorized access points that could interfere, anyone who has a device that emits RF frequency must register the device. Whenever a RF-emitting device was located, the technician notified the individual to visit the RF desk located in the Hall. The CPD RF engineer would determine if the device could broadcast without interference.
Network

OVH Hosting Suffers From Record 1Tbps DDoS Attack Driven By 150K Devices (hothardware.com) 112

MojoKid writes: If you thought that the massive DDoS attack earlier this month on Brian Krebs' security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH. OVH was the victim of a wide-scale DDoS attack that was carried via a network of over 152,000 IoT devices. According to OVH founder and CTO Octave Klaba, the DDoS attack reached nearly 1 Tbps at its peak. Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs. Many of these devices have improperly configured network settings, which leaves them ripe for the picking for hackers that would love to use them to carry out destructive attacks.The DDoS peaked at 990 Gbps on September 20th thanks to two concurrent attacks, and according to Klaba, the original botnet was capable of a 1.5 Tbps DDoS attack if each IP topped out at 30 Mbps. This massive DDoS campaign was directed at Minecraft servers that OHV was hosting. Octave Klaba / Oles tweeted: "Last days, we got lot of huge DDoS. Here, the list of 'bigger that 100Gbps' only. You can the simultaneous DDoS are close to 1Tbps!"
AI

Google's New Translation Software Powered By Brainlike Artificial Intelligence (sciencemag.org) 86

sciencehabit quotes a report from Science Magazine: Today, Google rolled out a new translation system that uses massive amounts of data and increased processing power to build more accurate translations. The new system, a deep learning model known as neural machine translation, effectively trains itself -- and reduces translation errors by up to 87%. When compared with Google's previous system, the neural machine translation system scores well with human reviewers. It was 58% more accurate at translating English into Chinese, and 87% more accurate at translating English into Spanish. As a result, the company is planning to slowly replace the system underlying all of its translation work -- one language at a time. The report adds: "The new method, reported today on the preprint server arXiv, uses a total of 16 processors to first transform words into a value known as a vector. What is a vector? 'We don't know exactly,' [Quoc Le, a Google research scientist in Mountain View, California, says.] But it represents how related one word is to every other word in the vast dictionary of training materials (2.5 billion sentence pairs for English and French; 500 million for English and Chinese). For example, 'dog' is more closely related to 'cat' than 'car,' and the name 'Barack Obama' is more closely related to 'Hillary Clinton' than the name for the country 'Vietnam.' The system uses vectors from the input language to come up with a list of possible translations that are ranked based on their probability of occurrence. Other features include a system of cross-checks that further increases accuracy and a special set of computations that speeds up processing time."
Network

IEEE Sets New Ethernet Standard That Brings 5X the Speed Without Cable Ripping (networkworld.com) 150

Reader coondoggie writes: As expected the IEEE has ratified a new Ethernet specification -- IEEE P802.3bz -- that defines 2.5GBASE-T and 5GBASE-T, boosting the current top speed of traditional Ethernet five-times without requiring the tearing out of current cabling. The Ethernet Alliance wrote that the IEEE 802.3bz Standard for Ethernet Amendment sets Media Access Control Parameters, Physical Layers and Management Parameters for 2.5G and 5Gbps Operation lets access layer bandwidth evolve incrementally beyond 1Gbps, it will help address emerging needs in a variety of settings and applications, including enterprise, wireless networks. Indeed, the wireless component may be the most significant implication of the standard as 2.5G and 5G Ethernet will allow connectivity to 802.11ac Wave 2 Access Points, considered by many to be the real driving force behind bringing up the speed of traditional NBase-T products.
Businesses

Microsoft Is Killing Yammer Enterprise in January 2017, Will Start Integrating Office 365 Groups First (venturebeat.com) 44

Microsoft today provided new information about how it will be integrating Office 365 Groups into its Yammer enterprise-focused social network. The Yammer Enterprise service tier will be going away on January 1, 2017. But Yammer itself will remain available, and there are many levels of integration with the Office 365 services, reports VentureBeat. From the report: It will be possible for people to make Word, Excel, and PowerPoint documents using Office Online within Yammer, and it will be easy to go from Yammer to a shared OneNote notebook or the Microsoft Planner project management tool. Team members will be able to select existing files from OneDrive and SharePoint and share them with colleagues in Yammer, too. And Yammer teams will get their own SharePoint sites, enabling them to build wikis and blogs. Microsoft will be rolling out the integration in phases, with the first phase beginning later this year, the Yammer team said in a blog post. The first Yammer customers to get it are those whose users log in with their Office 365 identity. And Microsoft will initially be targeting organizations with a single Yammer network connected to one Office 365 tenant.
Privacy

Facebook Told To Stop Taking Data From German WhatsApp Users (bloomberg.com) 38

An anonymous reader shares a Bloomberg report: Facebook, already under scrutiny in the U.S. and the European Union for revisions to privacy policies for its WhatsApp messaging service, was ordered by Hamburg's privacy watchdog to stop processing data of German users of the chat service. In a renewed clash with the social-network operator, Johannes Caspar, one of Germany's most outspoken data protection commissioners, ordered Facebook to delete any data it already has. The news comes as EU privacy regulators, who previously expressed concerns about the policy shift, meet in Brussels to discuss their position. There's no legal basis for Facebook to use information of WhatsApp customers, Caspar said Tuesday. "This order protects the data of about 35 million WhatsApp users in Germany," Caspar said. "It has to be their decision as to whether they want to connect their account with Facebook. Therefore, Facebook has to ask for their permission in advance. This has not happened."
Security

Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe (arstechnica.com) 157

An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.
Government

ISP To FCC: Using The Internet Is Like Eating Oreos (consumerist.com) 226

New submitter Rick Schumann shares with us a report highlighting an analogy presented by an ISP that relates Double Stuf Oreos to the internet. Specifically, that Double Stuf Oreos cost more than regular Oreos, and therefore you should pay more for internet: The Consumerist reports: "Ars Technica first spotted the crumbly filing, from small (and much-loathed) provider Mediacom. Mediacom's comment is in response to the same proceeding that Netflix commented on earlier this month. However, while Netflix actually addressed data and the ways in which their customers use it, Mediacom went for the more metaphor-driven approach. The letter literally starts out under the header, 'You Have to Pay Extra For Double-Stuffed,' and posits that you, the consumer, are out for a walk with $2 in your pocket when you suddenly develop a ferocious craving for Oreo cookies." Of course their analogy is highly questionable, since transmitting data over a network doesn't actually consume anything, now does it? You eat the cookie, the cookie is gone, but you transmit data over a network, the network is still there and can transmit data endlessly. Mediacom's assertion that the Internet is like a cookie you eat, is like saying copying a file on your computer somehow diminishes or degrades the original file, which of course is ridiculous.
Entertainment

Plex Cloud Means Saying Goodbye To the Always-On PC (theverge.com) 164

Finally, you don't need an always-on PC or any other network-attached storage device if you want to use Plex's media player. The company has announced that it now allows you to stream TV shows and movies from your own collection via a new online option called Plex Cloud. From a report on The Verge: Plex is giving the world another reason to subscribe to Plex Pass subscriptions today with the launch of Plex Cloud. As the name suggests, Plex Cloud eliminates the need to run the Plex Media Server on a computer or Networked Attached Storage (NAS) in your house. It does, however, require a subscription to Amazon Drive ($59.99 per year for unlimited storage) and the aforementioned Plex Pass ($4.99 per month or $39.99 per year). Plex Cloud functions just like a regular Plex Media Server giving you access to your media -- no matter how you acquire it -- from an incredibly broad range of devices. Most, but not all Plex features are available in today's beta.
Botnet

Ask Slashdot: Is My IoT Device Part of a Botnet? 277

As our DVRs, cameras, and routers join the Internet of Things, long-time Slashdot reader galgon wonders if he's already been compromised: There has been a number of stories of IoT devices becoming part of botnets and being used in distributed denial of service attacks. If these devices are seemingly working correctly to the user, how would they ever know the device was compromised? Is there anything the average user can do to detect when they have a misbehaving device on their network?
I'm curious how many Slashdot readers are even using IoT devices -- so leave your best answers in the comments. How would you know if your IoT device is part of a botnet?
Space

Cisco Blamed A Router Bug On 'Cosmic Radiation' (networkworld.com) 144

Network World's news editor contacted Slashdot with this report: A Cisco bug report addressing "partial data traffic loss" on the company's ASR 9000 Series routers contended that a "possible trigger is cosmic radiation causing SEU [single-event upset] soft errors." Not everyone is buying: "It IS possible for bits to be flipped in memory by stray background radiation. However it's mostly impossible to detect the reason as to WHERE or WHEN this happens," writes a Redditor identifying himself as a former [technical assistance center] engineer...
"While we can't speak to this particular case," Cisco wrote in a follow-up, "Cisco has conducted extensive research, dating back to 2001, on the effects cosmic radiation can have on our service provider networking hardware, system architectures and software designs. Despite being rare, as electronics operate at faster speeds and the density of silicon chips increases, it becomes more likely that a stray bit of energy could cause problems that affect the performance of a router or switch."

Friday a commenter claiming to be Xander Thuijs, Cisco's principal engineer on the ASR 9000 router, posted below the article, "apologies for the detail provided and the 'concept' of cosmic radiation. This is not the type of explanation I would like to see presented to the respected users of our products. We have made some updates to the DDTS [defect-tracking report] in question with a more substantial data and explanation. The issue is something that we can likely address with an FPD update on the 2x100 or 1x100G Typhoon-based linecard."
Botnet

Spam Hits Its Highest Level Since 2010 (networkworld.com) 45

Long-time Slashdot reader coondoggie quotes Network World: Spam is back in a big way -- levels that have not been seen since 2010 in fact. That's according to a blog post from Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet... "Many of the host IPs sending Necurs' spam have been infected for more than two years.

"To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions... This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again."

Before this year, the SpamCop Block List was under 200,000 IP addresses, but surged to over 450,000 addresses by the end of August. Interestingly, Proofpoint reported that between June and July, Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.
Security

Why the Silencing of KrebsOnSecurity Opens a Troubling Chapter For the Internet (arstechnica.com) 203

An anonymous reader quotes a report from Ars Technica: For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposes reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here. On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it's twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn't rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease. The attackers used Internet-of-things devices since they're always-connected and easy to "remotely commandeer by people who turn them into digital cannons that spray the internet with shrapnel." "The biggest threats as far as I'm concerned in terms of censorship come from these ginormous weapons these guys are building," Krebs said. "The idea that tools that used to be exclusively in the hands of nation states are now in the hands of individual actors, it's kind of like the specter of a James Bond movie." While Krebs could retain a DDoS mitigation service, it would cost him between $100,000 and $200,000 per year for the type of protection he needs, which is more than he can afford. What's especially troubling is that this attack can happen to many other websites, not just KrebsOnSecurity.
Security

40 Percent of Organizations Store Admin Passwords In Word Documents, Says Survey (esecurityplanet.com) 114

While the IT industry is making progress in securing information and communications systems from cyberattacks, a new survey from cybersecurity company CyberArk says several critical areas, such as privileged account security, third-party vendor access and cloud platforms are undermining them. An anonymous Slashdot reader shares with us the details of the report via eSecurity Planet: According to the results of a recent survey of 750 IT security decision makers worldwide, 40 percent of organizations store privileged and administrative passwords in a Word document or spreadsheet, while 28 percent use a shared server or USB stick. Still, the survey, sponsored by CyberArk and conducted by Vanson Bourne, also found that 55 percent of respondents said they have evolved processes for managing privileged accounts. Fully 79 percent of respondents said they have learned lessons from major cyberattacks and have taken appropriate action to improve security. Sixty-seven percent now believe their CEO and board of directors provide sound cybersecurity leadership, up from 57 percent in 2015. Three out of four IT decision makers now believe they can prevent attackers from breaking into their internal network, a huge increase from 44 percent in 2015 -- and 82 percent believe the security industry in general is making progress against cyberattackers. Still, 36 percent believe a cyberattacker is currently on their network or has been within the past 12 months, and 46 percent believe their organization was a victim of a ransomware attack over the past two years. And while 95 percent of organizations now have a cybersecurity emergency response plan, only 45 percent communicate and regularly test that plan with all IT staff. Sixty-eight percent of organizations cite losing customer data as one of their biggest concerns following a cyberattack, and 57 percent of organizations that store information in the cloud are not completely confident in their cloud provider's ability to protect their data.
Medicine

UPS Is Starting To Test Drone Deliveries In the US (qz.com) 44

An anonymous reader quotes a report from Quartz: UPS announced Sept. 23 that it has begun testing drone deliveries in the U.S. with drone manufacturer CyPhy Works. The two companies yesterday completed a test of delivering medicine from the coastal town of Beverly, Massachusetts, to Children's Island, a small island about three miles into the Atlantic Ocean. CyPhy's drone has night-vision capabilities, according to a release shared with Quartz. The test yesterday involved a trial situation where an asthmatic child urgently needed an inhaler, which was dispatched from the mainland to the island, arriving far more quickly than it would've taken a boat to get there. CyPhy's drone autonomously flew supplies over the ocean to a group waiting to receive them on the other end, although there was no actual child with asthma in danger. In May, UPS had announced that it was partnering with the drone company Zipline to deliver medical supplies to rural Rwanda, having invested nearly $1 million into the company. UPS has also invested an undisclosed amount in CyPhy. UPS told Quartz that the FAA was aware of its test, and Houston Mills, a commercial pilot with UPS for over a decade and the company's director of airline safety, was recently announced as a member of the FAA's Drone Advisory Committee. The committee is working with industry experts and companies to figure out how to safely integrate a network of commercial drones into U.S. airspace. You can watch the heroic footage of the trial run here.
Google

Google To Introduce Google Wifi, Google Home and 4K Chromecast Ultra Devices On October 4th (androidpolice.com) 51

Android Police has learned of a new Google device that will launch alongside the Google Pixel smartphones, Google Home, and 4K 'Chromecast Ultra' dongle on October 4th. Called Google Wifi, the Wi-Fi router will cost $129 and contain several "smart" features. Android Police reports: [The] source additionally claims that Google will advertise the router as having "smart" features -- probably similar to OnHub in some respects -- and that Google will claim it provides enhanced range over typical Wi-Fi routers (a claim we see basically every router make, to be fair). But the one thing that will make it an insta-buy for many over OnHub? Our source claims multiple Google Wifi access points (two or more) can be linked together to create one large wireless network. We don't have any details on how this works, unfortunately. But one source claims that Google Wifi device will essentially be like a little white Amazon Echo Dot. So, relatively small and inconspicuous. In a separate report, Android Police details Google's upcoming smart speaker called Google Home, along with their upcoming 4K 'Chromecast Ultra' devices. Specifically, they will be priced at $129 and $69 respectively: Google Home was announced at Google I/O in May. Our sources also confirmed that the personalized base covers Google showed at I/O will be a feature of the final device. $129 also undercuts Amazon's Echo by a full $40, and though matches the price of the portable Amazon Tap, it's clear Google has Amazon's flagship smart home product in its sights with Home. Chromecast Ultra, which we are now all but certain is the name of Google's upcoming 4K version of Chromecast, will come in at $69 retail. As for what it brings beyond 4K, one of our sources claims that HDR is indeed on the list of bullet points.
Security

Akamai Kicked Journalist Brian Krebs' Site Off Its Servers After He Was Hit By a Record Cyberattack (businessinsider.com) 207

An anonymous reader writes:Cloud hosting giant Akamai Technologies has dumped journalist Brian Krebs from its servers after his website came under a "record" cyberattack. "It's looking likely that KrebsOnSecurity will be offline for a while," Krebs tweeted Thursday. "Akamai's kicking me off their network tonight." Since Tuesday, Krebs' site has been under sustained distributed denial-of-service (DDoS), a crude method of flooding a website with traffic in order to deny legitimate users from being able to access it. The assault has flooded Krebs' site with more than 620 Gbps per second of traffic -- nearly double what Akamai has seen in the past.

Slashdot Top Deals