DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Security

Hacking Group Is Charging German Companies $275 For 'DDoS Tests' (bleepingcomputer.com) 11

An anonymous reader writes: "A group calling itself XMR Squad has spent all last week launching DDoS attacks against German businesses and then contacting the same companies to inform them they had to pay $275 for 'testing their DDoS protection systems,' reports Bleeping Computer. Attacks were reported against DHL, Hermes, AldiTalk, Freenet, Snipes.com, the State Bureau of Investigation Lower Saxony, and the website of the state of North Rhine-Westphalia. The attack against DHL Germany was particularly effective as it shut down the company's business customer portal and all APIs, prompting eBay Germany to issue an alert regarding possible issues with packages sent via DHL. While the group advertised on Twitter that their location was in Russia, a German reporter who spoke with the group via telephone said "the caller had a slight accent, but spoke perfect German." Following the attention they got in Germany after the attacks, the group had its website and Twitter account taken down. Many mocked the group for failing to extract any payments from their targets. DDoS extortionists have been particularly active in Germany, among any other countries. Previously, groups named Stealth Ravens and Kadyrovtsy have also extorted German companies, using the same tactics perfected by groups like DD4BC and Armada Collective.
Software

Ask Slashdot: Are Accurate Software Development Time Predictions a Myth? (medium.com) 104

New submitter DuroSoft writes: For myself and the vast majority of people I have talked to, this is the case. Any attempts we make to estimate the amount of time software development tasks will take inevitably end in folly. Do you find you can make accurate estimates, or is it really the case, as the author, DuroSoft Technologies' CTO/Co-CEO Sam Johnson, suggests via Hacker Noon, that "writing and maintaining code can be seen as a fundamentally chaotic activity, subject to sudden, unpredictable gotchas that take up an inordinate amount of time" and that therefore attempting to make predictions in the first place is itself a waste of our valuable time?
Bug

GE Fixing Bug in Software After Warning About Power Grid Hacks (reuters.com) 29

General Electric said on Wednesday it is fixing a bug in software used to control the flow of electricity in a utility's power systems after researchers found that hackers could shut down parts of an electric grid. From a report: The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to "disconnect sectors of the power grid at will," according to an abstract posted late last week on the Black Hat security conference website. Protection relays are circuit breakers that utilities program to open and halt power transmission when dangerous conditions surface.
Windows

Windows is Bloated, Thanks to Adobe's Extensible Metadata Platform (bit.ly) 122

An anonymous reader shares a report: Over the weekend, I put together a little tool that scans executable files for PNG images containing useless Adobe Extensible Metadata Platform (XMP) metadata. I ran it against a vanilla Windows 10 image and was surprised that Windows contains a lot of this stuff. Adobe XMP, generally speaking, is an Adobe technology that serializes metadata like titles, internal identifiers, GPS coordinates, and color information into XML and jams it into things, like images. This data can be extremely valuable in some cases but Windows doesn't need or use this stuff. It just eats up disk space and CPU cycles. Thanks to horrible Adobe Photoshop defaults, it's very easy to unknowingly include this metadata in your final image assets. So easy, almost all the images on this site are chock full of it. But you can appreciate my surprise when a bunch of important Windows binaries showed up in my tool.
The Almighty Buck

Suicide of an Uber Engineer: Widow Blames Job Stress (sfchronicle.com) 252

An anonymous reader shares a report: Joseph Thomas thought he had it made when he landed a $170,000 job as a software engineer at Uber's San Francisco headquarters last year. [...] But his time at Uber turned into a personal tragedy, one that will compel the ride-hailing company to answer questions before a judge about its aggressive work culture. Always adept with computers, Joseph Thomas worked his way up the ladder at tech jobs in his native Atlanta, then at LinkedIn in Mountain View, where he was a senior site reliability engineer. He turned down an offer from Apple to go to Uber, because he felt he could grow more with the younger company and was excited about the chance to profit from stock options when it went public. But at Uber, Thomas struggled in a way he'd never experienced in over a decade in technology. He worked long hours. He told his father and his wife that he felt immense pressure and stress at work, and was scared he'd lose his job. [...] One day in late August, Zecole (the wife) came home from dropping their boys off at school. Joseph was sitting in his car in the garage. She got into the passenger seat to talk to him. Then she saw the blood. Joseph had shot himself. [...] Uber declined to comment on the legal dispute and said Thomas never complained to the company of extreme stress or racial discrimination.
Databases

Five Years Later, Legal Megaupload Data Is Still Trapped On Dead Servers (arstechnica.com) 79

An anonymous reader quotes a report from Ars Technica: It's been more than five years since the government accused Megaupload and its founder Kim Dotcom of criminal copyright infringement. While Dotcom himself was arrested in New Zealand, U.S. government agents executed search warrants and grabbed a group of more than 1,000 servers owned by Carpathia Hosting. That meant that a lot of users with gigabytes of perfectly legal content lost access to it. Two months after the Dotcom raid and arrest, the Electronic Frontier Foundation filed a motion in court asking to get back data belonging to one of those users, Kyle Goodwin, whom the EFF took on as a client. Years have passed. The U.S. criminal prosecution of Dotcom and other Megaupload executives is on hold while New Zealand continues with years of extradition hearings. Meanwhile, Carpathia's servers were powered down and are kept in storage by QTS Realty Trust, which acquired Carpathia in 2015. Now the EFF has taken the extraordinary step of asking an appeals court to step in and effectively force the hand of the district court judge. Yesterday, Goodwin's lawyers filed a petition for a writ of mandamus (PDF) with the U.S. Court of Appeals for the 4th Circuit, which oversees Virginia federal courts. "We've been asking the court for help since 2012," said EFF attorney Mitch Stolz in a statement about the petition. "It's deeply unfair for him to still be in limbo after all this time."
The Internet

US ISP Goes Down As Two Malware Families Go To War Over Its Modems (bleepingcomputer.com) 92

An anonymous reader writes from a report via Bleeping Computer: Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month, on April 10. The attack, which the company claimed was a "malicious hacking event," was the work of BrickerBot, an IoT malware family that bricks unsecured IoT and networking devices. "BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity." The crook, going by Janit0r, tried to pin some of the blame on Mirai, but all the clues point to BrickerBot, as Sierra Tel had to replace bricked modems altogether, or ask customers to bring in their modems at their offices to have them reset and reinstalled. Mirai brought down over 900,000 Deutsche Telekom modems last year, but that outage was fixed within hours with a firmware update. All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.
Facebook

Facebook Shows Related Articles and Fact Checkers Before You Open Links (techcrunch.com) 109

An anonymous reader quotes a report from TechCrunch: Facebook wants you to think about whether a headline is true and see other perspectives on the topic before you even read the article. In its next step against fake news, Facebook today begins testing a different version of its Related Articles widget that normally appears when you return to the News Feed after opening a link. Now Facebook will also show Related Articles including third-party fact checkers before you read an article about a topic that many people are discussing. If you saw a link saying "Chocolate cures cancer!" from a little-known blog, the Related Article box might appear before you click to show links from the New York Times or a medical journal noting that while chocolate has antioxidants that can lower your risk for cancer, it's not a cure. If an outside fact checker like Snopes had debunked the original post, that could appear in Related Articles too. Facebook says this is just a test, so it won't necessarily roll out to everyone unless it proves useful. It notes that Facebook Pages should not see a significant change in the reach of their News Feed posts. There will be no ads surfaced in Related Articles.
Crime

Murdered Woman's Fitbit Nails Cheating Husband (nydailynews.com) 130

BarbaraHudson writes: A murdered woman's Fitbit data shows she was still alive an hour after her husband claims she was murdered and he was tied up, contradicting her husband's description of events. New York Daily News reports: "Richard Dabate, 40, was charged this month with felony murder, tampering with physical evidence and making false statements following his wife Connie's December 2015 death at their home in Ellington, Tolland County. Dabate called 911 reporting that his wife was the victim of a home invasion, alleging that she was shot dead by a 'tall, obese man' with a deep voice like actor Vin Diesel's, sporting 'camouflage and a mask,' according to an arrest warrant. Dabate alleged her death took place more than an hour before her Fitbit-tracked movements revealed."
EU

EU Lawmakers Include Spotify and iTunes In Geoblocking Ban (reuters.com) 65

An anonymous reader quotes a report from Reuters: European Union lawmakers voted on Tuesday to ban online retailers from treating consumers differently depending on where they live and expanded their proposed law to include music streaming services such as Spotify and Apple's iTunes. Ending so-called geoblocking is a priority for the European Commission as it tries to create a single market for digital services across the 28-nation bloc, but many industries argue that they tailor their prices to specific domestic markets. The proposal, which will apply to e-commerce websites such as Amazon, Zalando and eBay, as well as for services provided in a specific location like car rental, forbids online retailers from automatically re-routing customers to their domestic website without their consent. In a blow for the book publishing and music industries, European Parliament members voted to include copyright-protected content such as music, games, software and e-books in the law. That would mean music streaming services such as Spotify and iTunes would not be able to prevent, for example, a French customer buying a cheaper subscription in Croatia, if they have the required rights.
The Courts

Uber Gets Sued Over Alleged 'Hell' Program To Track Lyft Drivers (techcrunch.com) 36

An anonymous reader quotes a report from TechCrunch: Uber has another lawsuit on its hands. This time, it's about Uber's alleged use of a program called "Hell." The plaintiff, Michael Gonzales, drove for Lyft during the time Uber allegedly used the software. He's seeking $5 million in a class action lawsuit. As the story goes, Uber allegedly tracked Lyft drivers using a secret software program internally referred to as "Hell." It allegedly let Uber see how many Lyft drivers were available to give rides, and what their prices were. Hell could allegedly also determine if people were driving for both Uber and Lyft. The lawsuit, filed in the U.S. District Court for the Northern District of California, alleges Uber broadly invaded the privacy of the Lyft drivers, specifically violated the California Invasion of Privacy Act and Federal Wiretap Act and engaged in unfair competition. Uber has not confirmed nor outright denied the claims.
Software

Lyrebird Claims It Can Recreate Anyone's Voice Based On Just a 1 Minute Sample (theverge.com) 120

Artem Tashkinov writes: Today, a Canadian artificial intelligence startup named Lyrebird unveiled its voice imitation deep learning algorithm that can mimic a person's voice and have it read any text with a given emotion, based on the analysis of just a few dozen seconds of audio recording. The website features samples using the recreated voices of Donald Trump, Barack Obama and Hillary Clinton. A similar technology was created by Adobe around a year ago but it requires over 20 minutes of recorded speech. The company sets to open its APIs to the public, while the computing for the task will be performed in the cloud.
Microsoft

Microsoft's Nadella Banks On LinkedIn Data To Challenge Salesforce (reuters.com) 34

Microsoft is rolling out upgrades to its sales software that integrates data from LinkedIn, an initiative that Microsoft CEO Satya Nadella told Reuters was central to the company's long-term strategy for building specialized business software. From the report: The improvements to Dynamics 365, as Microsoft's sales software is called, are a challenge to market leader Salesforce.com and represent the first major product initiative to spring from Microsoft's $26 billion acquisition of LinkedIn, the business-focused social network. The new features will comb through a salesperson's email, calendar and LinkedIn relationships to help gauge how warm their relationship is with a potential customer. The system will recommend ways to save an at-risk deal, like calling in a co-worker who is connected to the potential customer on LinkedIn. [...] The artificial intelligence, or AI, capabilities of the software would be central, Nadella said. "I want to be able to democratize AI so that any customer using these products is able to, in fact, take their own data and load it into AI for themselves," he said. On Monday, LinkedIn said it has surpassed 500 million members globally, one of the first big milestones for the business social network since its acquisition.
The Internet

The Linux Foundation Launches IoT-focused Open Source EdgeX Foundry (betanews.com) 33

Reader BrianFagioli writes: Today, The Linux Foundation launches the open source EdgeX Foundry -- an attempt to unify and simplify the Internet of Things. The Linux Foundation says, "EdgeX Foundry is unifying the marketplace around a common open framework and building an ecosystem of companies offering interoperable plug-and-play components. Designed to run on any hardware or operating system and with any combination of application environments, EdgeX can quickly and easily deliver interoperability between connected devices, applications, and services, across a wide range of use cases. Interoperability between community-developed software will be maintained through a certification program."
GNU is Not Unix

Richard Stallman Interviewed By Bryan Lunduke (youtube.com) 169

Many Slashdot readers know Bryan Lunduke as the creator of the humorous "Linux Sucks" presentations at the annual Southern California Linux Exposition. He's now also a member of the OpenSUSE project board and an all-around open source guy. (In September, he released every one of his books, videos and comics under a Creative Commons license, while his Patreon page offers a tip jar and premiums for monthly patrons). But now he's also got a new "daily computing/nerd show" on YouTube, and last week -- using nothing but free software -- he interviewed the 64-year-old founder of the Free Software Foundation, Richard Stallman. "We talk about everything from the W3C's stance on DRM to opinions on the movie Galaxy Quest," Lunduke explains in the show's notes.

Click through to read some of the highlights.
Security

Companies Are Paying Millions For White Hat Hacking (nypost.com) 58

White hat hackers "are in very high demand," says PwC's director of cyber investigation and breach response, in a New York Post article titled "Companies are paying millions to get hacked -- on purpose." An anonymous reader quotes their report: HackerOne, a San Francisco-based "vulnerability coordination and bug bounty platform," reports that it has some 800 corporate customers who paid out more than $15 million in bonuses to white-hat hackers since its founding in 2012. Most of that bounty was paid in the past two years, as companies have become more aware of their cyber vulnerabilities. Clients that have used the platform include General Motors, Uber, Twitter, Starbucks and even the US Department of Defense.
Google paid $3 million last year through its own bounty program, according to HackerOne's CEO Marten Micko, who touts his company's "turn-key" solution -- a platform which now offers the services of 100,000 ethical (and vetted) hackers. "With a diverse group, all types of vulnerabilities can be found," Micko told TechRepublic. "This is a corollary to the 'given enough eyeballs' wisdom... they find them faster than other solutions, the hunting is ongoing and not happening at just one time, and the cost is a tenth of what it would be with other methods." And one of the platform's white hat hackers has already earned over $600,000 in just two years.
Programming

Flawed Online Tutorials Led To Vulnerabilities In Software (helpnetsecurity.com) 93

An anonymous reader quotes Help Net Security: Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials. The researchers identified popular tutorials by inputting search terms such as "mysql tutorial", "php search form", "javascript echo user input", etc. into Google Search. The first five results for each query were then manually reviewed and evaluated for SQLi and XSS vulnerabilities by following the Open Web Application Security Project's Guidelines. This resulted in the discovery of 9 tutorials containing vulnerable code (6 with SQLi, 3 with XSS).
The researchers then checked for the code in GitHub repositories, and concluded that "there is a substantial, if not causal, link between insecure tutorials and web application vulnerabilities." Their paper is titled "Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery."
Businesses

Linux PC Maker System76 Plans To Design And Manufacture Its Own Hardware (liliputing.com) 101

An anonymous reader quotes Liliputing: System76 is one of only a handful of PC vendors that exclusively sells computers with Linux-based software. Up until now, that's meant the company has chosen hardware that it could guarantee would work well with custom firmware and the Ubuntu Linux operating system... Starting in 2018 though, you may be able to buy a System76 computer that was designed and built in-house... CAD files for System76 computers will be open source, allowing anyone with the appropriate skills and equipment to build or modify their own cases based on the company's designs.
"We're prototyping with acrylic and moving to metal soon," the company says in a blog post, adding "Our first in-house designed and manufactured desktops will ship next year. Laptops are more complex and will follow much later."
Microsoft

Microsoft Will Block Desktop 'Office' Apps From 'Office 365' Services In 2020 (techradar.com) 216

An anonymous reader writes: Microsoft is still encouraging businesses to rent their Office software, according to TechRadar. "In a bid to further persuade users of the standalone versions of Office to shift over to a cloud subscription (Office 365), Microsoft has announced that those who made a one-off purchase of an Office product will no longer get access to the business flavours of OneDrive and Skype come the end of the decade." PC World explains that in reality this affects very few users. "If you've been saving all of your Excel spreadsheets into your OneDrive for Business cloud, you'll need to download and move them over to a personal subscription -- or pony up for Office 365, as Microsoft really wants you to do."

Microsoft is claiming that when customers connect to Office 365 services using a legacy version of Office, "they're not enjoying all that the service has to offer. The IT security and reliability benefits and end user experiences in the apps is limited to the features shipped at a point in time. To ensure that customers are getting the most out of their Office 365 subscription, we are updating our system requirements." And in another blog post, they're almost daring people to switch to Linux. "Providing over three years advance notice for this change to Office 365 system requirements for client connectivity gives you time to review your long-term desktop strategy, budget and plan for any change to your environment."

In a follow-up comment, Microsoft's Alistair Speirs explained that "There is still an option to get monthly desktop updates, but we are changing the 3x a year update channel to be 2x a year to align closer to Windows 10 update model. We are trying to strike the right balance between agile, ship-when-ready updates and enterprise needs of predictability, reliability and advanced notice to validate and prepare."
Android

Anbox Can Run Android Apps Natively On Linux (In A Container) (anbox.io) 66

Slashdot user #1083, downwa, writes: Canonical engineer Simon Fels has publicly released an Alpha version of Anbox. Similar to the method employed for Android apps on ChromeOS, Anbox runs an entire Android system (7.1.1 at present) in an LXC container. Developed over the last year and a half, the software promises to seamlessly bring performant Android apps to the Linux desktop.

After installing Anbox (based on Android 7.1.1) and starting Anbox Application Manager, ten apps are available: Calculator, Calendar, Clock, Contacts, Email, Files, Gallery, Music, Settings, and WebView. Apps run in separate resizeable windows. Additional apps (ARM-native binaries are excluded) can be installed via adb. Installation currently is only supported on a few Linux distributions able to install snaps. Contributions are welcome on Github.

In a blog post Simon describes it as "a side project" that he's worked on for over a year and a half. "There were quite a few problems to solve on the way to a really working implementation but it is now in a state that it makes sense to share it with a wider audience."

Slashdot Top Deals