posted 9 days ago on slashdot
An anonymous reader writes: Google today quietly announced that Google+ Hangouts On Air will no longer be available on September 12. Four weeks from now, Google users will be asked to use YouTube Live instead. Google first debuted the livestreaming feature for its Hangouts group video chat on Google+ back in September 2011, though it was only available to select performers and celebrities. Google started making Hangouts On Air available to all its users in May 2012, and completed the rollout a month later. But then in May 2013, Google debuted YouTube Live, which also gradually became available to more and more users.

Read More...
posted 9 days ago on slashdot
Reader Trailrunner7 writes: New research from a team at Johns Hopkins University shows that there are serious problems with the way Apple implemented encryption on its iMessage system, leaving it open to retrospective decryption attacks that can reveal the contents of all of a victim's past iMessage texts. The iMessage system, like much of what Apple does, is opaque and its inner workings have not been made available to outsiders. One of the key things that is known about the system is that messages are encrypted from end to end and Apple has said that it does not have the ability to decrypt users' messages. The researchers at JHU, led by Matthew Green, a professor of computer science at the school, reverse engineered the iMessage protocol and discovered that Apple made some mistakes in its encryption implementation that could allow an attacker who has access to encrypted messages to decrypt them.The team discovered that Apple doesn't rotate encryption keys at regular intervals (most encryption protocols such as OTR and Signal do). This means that the same attack can be used on iMessage historical data, which is often backed up inside iCloud. Apple was notified of the issue as early as November 2015 and it rolled out a patch for the iMessage protocol in iOS 9.3 and OS X 10.11.4.

Read More...
posted 9 days ago on slashdot
For most people out there, The Pirate Bay has been their on and off go to source for torrents. The website this month celebrates its 13th anniversary. TorrentFreak spoke with several crew members of the "world's most resilient torrent site" this week. Here's an excerpt of the conversation:While they are not happy with the circumstances, they do say that the site has an important role to fulfil in the torrent community. "TPB is as important today as it was yesterday, and its role in being the galaxy's most resilient torrent site will continue for the foreseeable future," Spud17 says. "Sure, TPB has its flaws and glitches but it's still the go-to site for all our media needs, and I can see TPB still being around in 20 or 30 years time, even if the technology changes," she adds. Veteran TPB-crew member Xe agrees that TPB isn't perfect but points to the site's resilience as a crucial factor that's particularly important today. "TPB ain't perfect. There are plenty of things wrong with it, but it is simple, steadfast and true," Xe tells TorrentFreak. "So it's no real surprise that it is once more the destination of choice or that it has survived for so long in spite of the inevitable turnover of crew." And resilient it is. Thirteen years after the site came online, The Pirate Bay is the "King of Torrents" once again.

Read More...
posted 9 days ago on slashdot
Reader blottsie writes: A group of hackers identifying themselves as theShadow Brokers claims to have hacked the NSA's Equation Group, a team of American hackers that have been described as both "omnipotent" and "the most advanced" threat cyberspace has ever seen. On the Shadow Brokers' website, the group has shared a sample of data that some cybersecurity experts say lends credibility to the breach. The the hackers' asking price for what they claim is a cache of NSA-built cyberweapons. Motherboard's take on this is here.

Read More...
posted 9 days ago on slashdot
David Kravets, writing for Ars Technica: Reddit says it won't give Atlantic Records the IP address of a Reddit user who posted a link on the site of a single by Twenty One Pilots a week before the song's planned release. The song, "Heathens," was originally uploaded on June 15 to the file-sharing site Dropfile. That same day, the file landed on Reddit. According to a lawsuit (PDF) in New York State Supreme Court, the file was posted to the Twenty One Pilots subreddit with the title âoe[Leak] New Song -- 'Heathens'. The Poster submitted the link under the username "twentyoneheathens," according to Atlantic. Atlantic and its subsidiary label, Fueled by Ramen, want the IP address of the Reddit leaker. The company said the file fell victim to "widespread distribution" on the Internet, so the company released the single June 16, a week ahead of schedule; the label also said the early release hindered a planned rollout on Spotify, iTunes, and other platforms. Atlantic says the leaker must be an Atlantic employee who was contractually obligated not to leak the track, which is featured in the movie Suicide Squad that debuted earlier this month. Reddit, however, said that Atlantic "has failed to show that its claims are meritorious." Reddit claims Atlantic has embarked on "an impermissible fishing expedition."

Read More...
posted 9 days ago on slashdot
Google is taking a strategy timeout on its high-speed-internet business. According to WSJ, the Google Fiber unit is -- including Los Angeles, Chicago, and Dallas -- after its initial rollouts proved time-consuming and expensive than anticipated -- is rethinking how to deliver internet connections in about a dozen metro areas (could be paywalled; alternate source). From a Fortune report: Turns out it is very expensive to run wires -- or in Google's case, fiber optic cables -- to each and every house that wants service. Known as the "last mile" problem, the high costs, in turn, make it difficult for companies to earn a solid rate of return on the installation investment. Google's effort, through its unit called Fiber that launched in 2010, is now seeking alternative means to connect to consumers homes or finding other people to pay the cost. Google has sought deals with municipalities and power companies to pay for the connections and is also exploring less expensive wireless technology. Meanwhile, Google has suspended efforts to add new cities such as San Jose, Calif., and Portland, Ore., using its prior strategy of stringing up cables to each customerâ(TM)s home.

Read More...
posted 9 days ago on slashdot
Motherboard is reporting that Australian authorities hacked Tor users in the United States as part of a child pornography investigation. The revelation comes through recently-filed US court documents. The incident underscores a trend where law enforcement around the world are increasingly pursuing targets overseas using hacking tools, raising legal questions around agencies' reach. From the report: In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect's IP address. "The Love Zone" was a prolific dark web child abuse site, where users were instructed to upload material at least once a month to maintain access to the forum. By July 2014, the site had over 29,000 members, according to US court documents, constituting what the US Department of Justice described as a "technologically sophisticated conspiracy." In 2014, Queensland Police Service's Task Force Argos, a small, specialised unit focused on combating child exploitation crimes, identified the site's Australian administrator in part because of a localized greeting he signed messages with. The unit quietly took over his account, and for months ran the site in an undercover capacity, posing as its owner. Task Force Argos' logo includes a scorpion, and the tagline "Leave No Stone Unturned." Because The Love Zone was based on the dark web, users typically connected via the Tor network, masking their IP addresses even from the law enforcement agents who were secretly in control of the site. Task Force Argos could see what the users were viewing, and what pages they were visiting, but not where they were really connecting from.

Read More...
posted 9 days ago on slashdot
Reader da_foz writes: A Canadian was reentering Canada when he was arrested and charged with hindering or obstructing border officials. At the time traces of cocaine were found on his bags and he was carrying $5,000 in cash. He provided his smartphone to border agents as requested, however refused to provide the password. Canada Border Services Agency officials asked for Philippon's smartphone and its password. From a report: "He handed over his BlackBerry but refused to disclose the code to access the phone. Philippon was arrested and charged under the federal Customs Act, accused of hindering or obstructing border officials." It is unclear if he provided the password while agreeing to the fine.

Read More...
posted 9 days ago on slashdot
The European Union is planning to extend telecom rules covering security and confidentiality of communications to web services such as Microsoft's Skype and Facebook's WhatsApp which could restrict how they use encryption, reports Reuters. From the report: The rules currently only apply to telecoms providers such as Vodafone and Orange. According to an internal European Commission document seen by Reuters, the EU executive wants to extend some of the rules to web companies offering calls and messages over the Internet. Telecoms companies have long complained that web groups such as Alphabet Inc's Google, Microsoft and Facebook are more lightly regulated despite offering similar services and have called for the EU's telecoms-specific rules to be repealed. They have also said that companies such as Google and Facebook can make money from the use of customer data. Under the existing "ePrivacy Directive", telecoms operators have to protect users' communications and ensure the security of their networks and may not keep customers' location and traffic data.Reuters adds that the exact confidentiality obligations for web firms would still have to be defined.

Read More...
posted 9 days ago on slashdot
Reader LichtSpektren writes: Widevine, the media protocol that allows users to watch videos on Netflix, is supported in Firefox for Windows and macOS. But until now, its users on Linux were required to use a plug-in. That changes with v49, which offers out-of-the-box support for Netflix.Mozilla plans to offer plug-in streaming for Netflix as well as Amazon Prime Video and other similar services. The v49 will be available on Linux in September. Mozilla adds that it will be removing support for NPAPI plugins from its browser in the near future, plugins that some video streaming sites rely on for playback. "Mozilla plan to support the Widevine CDM on Linux, letting users watch Netflix without plugins," the company said.

Read More...
posted 9 days ago on slashdot
A new report by Television New Zealand in collaboration with The Intercept, based on leaks of former U.S. National Security Agency worker Edward Snowden has for the first time named a target of the NSA's controversial Prism program. The target was a middle-aged civil servant and pro-democracy activist named Tony Fullman. Fullman, who is originally from Fiji but has lived in New Zealand for decades, is an advocate for democracy in Fiji and a critic of Fijian prime minister Frank Bainimarama, who took power in a 2006 coup. From a Fortune report: According to The Intercept, the NSA in 2012 monitored Fullman's communications through the Prism program and passed on information to the New Zealand intelligence services. Around the same time, the New Zealand authorities raided Fullman's home and revoked his passport. The New Zealand intelligence services were not themselves allowed to spy on Fullman, who was a New Zealand citizen. However, as Snowden has repeatedly described, the agencies of many Anglophone countries spy on each other's behalf, in order to bypass their national legal restrictions. Fullman suggested in the article that people in the group may well have said violent things about Bainimarama, but this was just venting, not a plot. According to the report, they never suspected someone was listening into their communications. The NSA was said to be helping by analyzing Fullman's Facebook and Gmail activities. The 190 pages of intercepted documentation seen by The Intercept apparently didn't reveal evidence of a plot.

Read More...
posted 9 days ago on slashdot
Twitter complained of "inaccuracies in the details and unfair portrayals" in an article which described their service as "a honeypot for assholes." Buzzfeed interviewed 10 "high-level" former employees who detailed a company "Fenced in by an abiding commitment to free speech above all else and a unique product that makes moderation difficult and trolling almost effortless". An anonymous Slashdot reader summarizes their report: Twitter's commitment to free speech can be traced to employees at Google's Blogger platform who all went on to work at Twitter. They'd successfully fought for a company policy that "We don't get involved in adjudicating whether something is libel or slander... We'll do it if we believe we are required to by law." One former Twitter employee says "The Blogger brain trust's thinking was set in stone by the time they became Twitter Inc." Twitter was praised for providing an uncensored voice during 2009 elections in Iran and the Arab Spring, and fought the secrecy of a government subpoena for information on their WikiLeaks account. The former of head of news at Twitter says "The whole 'free speech wing of the free speech party' thing -- that's not a slogan. That's deeply, deeply embedded in the DNA of the company... [Twitter executives] understand that this toxicity can kill them, but how do you draw the line? Where do you draw the line? I would actually challenge anyone to identify a perfect solution. But it feels to a certain extent that it's led to paralysis. While Twitter now says they are working on the problem, Buzzfeed argues this "maximalist approach to free speech was integral to Twitter's rise, but quickly created the conditions for abuse... Twitter has made an ideology out of protecting its most objectionable users. That ethos also made it a beacon for the internet's most vitriolic personalities, who take particular delight in abusing those who use Twitter for their jobs."

Read More...
posted 9 days ago on slashdot
How can you make a truly secure phone call? An anonymous Slashdot reader writes: I have a Windows 8.1 phone and mostly use it for Skype calls and chats. A bit of browsing every now and then, and checking public transportation schedules... What can I do to be able to securely chat and place audio/video calls? What do you think is the best device to buy and what apps to use on it? Skype for Windows Phone will stop working in 2017, and Skype's privacy was already suspect after Edward Snowden leaked evidence of Microsoft's secret collaboration with the NSA. But are there any good alternatives -- especially for a Windows Phone user? Leave your suggestions in the comments. What are the best secure alternatives to Skype?

Read More...
posted 9 days ago on slashdot
Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO: The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site. In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site...

Read More...
posted 10 days ago on slashdot
An anonymous Slashdot reader quotes ITWire: Linux kernel developer Christoph Hellwig has lost his case against virtualisation company VMware, which he had sued in March 2015 for violation of version 2 of the GNU General Public Licence... The case claimed that VMware had been using Hellwig's code right from 2007 and not releasing source code as required. The Linux kernel, which is released under the GNU GPL version 2, stipulates that anyone who distributes it has to provide source code for the same... In its ruling, the court said that Hellwig had failed to prove which specific lines of code VMware had used, from among those over which he claimed ownership. In a statement, Hellwig said he plans to appeal, adding that "The ruling concerned German evidence law; the Court did not rule on the merits of the case, i.e. the question whether or not VMware has to license the kernel of its product vSphere ESXi 5.5.0 under the terms of the GNU General Public License, version 2." The Software Freedom Conservancy has described the lawsuit as "the regretful but necessary next step in both Hellwig and Conservancy's ongoing effort to convince VMware to comply properly with the terms of the GPLv2, the license of Linux and many other Open Source and Free Software included in VMware's ESXi products."

Read More...
posted 10 days ago on slashdot
RancherOS is a lean Linux distribution aiming to offer "the minimum necessary to get Docker up and running," and tucking many actual Linux services into Docker containers. An anonymous Slashdot reader quotes Distrowatch: Josh Curl has announced the release of a new version of RancherOS [which] moves the project out of its alpha status and introduces new features, including an official Raspberry Pi image... "We're especially excited about this since it offers users a cheap method of getting started with Docker and RancherOS."

Read More...
posted 10 days ago on slashdot
"The first release candidate for the upcoming FreeBSD 11.0 is ready for testing," reports Distrowatch, noting various changes. ("A NULL pointer dereference in IPSEC has been fixed; support for SSH protocol 1 has been removed; OpenSSH DSA keys have been disabled by default...") Now an anonymous Slashdot reader writes: Sunday Phoronix performed some early benchmark testing, comparing FreeBSD 10.3 to FreeBSD 11.0 as well as DragonFlyBSD, Ubuntu, Intel Clear Linux and CentOS Linux 7. They reported mixed results -- some wins and some losses for FreeBSD -- using a clean install with the default package/settings on the x86_64/amd64 version for each operating system. FreeBSD 11.0 showed the fastest compile times, and "With the SQLite benchmark, the BSDs came out ahead of Linux [and] trailed slightly behind DragonFlyBSD 4.6 with HAMMER. The 11.0-BETA4 performance does appear to regress slightly for SQLite compared to FreeBSD 10.3... With the BLAKE2 crypto test, all four Linux distributions were faster than DragonFlyBSD and FreeBSD... with the Apache web server benchmark, FreeBSD was able to outperform the Linux distributions..."

Read More...
posted 10 days ago on slashdot
Xavier Niel is the billionaire founder of Franceâ(TM)s second-largest ISP. In February he bought a former campus from DeVry University, and tried building something better. Slashdot reader bheerssen writes: 42 US is a free coding school near Facebook's headquarters in Fremont, California. The courses are boot camp like experiences that do not offer traditional degrees, but hope to provide programming skills and experience to students for free. Ars Technica calls it "a radical education experiment" -- even the dorms are free -- and the school's COO describes their ambition to become a place "where individuals from all different kinds of backgrounds, all different kinds of financial backgrounds, can come and have access to this kind of education so that then we can have new kinds of ideas." Students between the ages of 18 and 30 are screened through an online logic test, according to the article, then tossed into a month-long "sink or swim" program that begins with C. "Students spend 12 or more hours per day, six to seven days per week. If they do well, students are invited back to a three- to five-year program with increasing levels of specialty."

Read More...
posted 10 days ago on slashdot
The National Science Foundation is developing a way to create working code using "automated program synthesis," a new technology called ExCAPE "that provides human operators with automated assistance.... By removing the need for would-be programmers to learn esoteric programming languages, the method has the potential to significantly expand the number of people engaged in programming in a variety of disciplines, from personalized education to robotics." Rajeev Alur, who leads a team of researchers from America's nine top computer science programs, says that currently software development "remains a tedious and error-prone activity." Slashdot reader the_insult_dog writes: While its lofty goals of broadly remaking the art of programming might not be realized, the research has already made some advances and resulted in several tools already in use in areas such as commercial software production and education... For example, the NSF created a new tool (which they've recently patented) called NetEgg, which generates code for controlling software-defined networks, as well as Automata Tutor and AutoProf, which provide automated feedback to computer science students.

Read More...
posted 10 days ago on slashdot
astroengine quotes a report from Seeker: Scientists are preparing to unveil a new planet in our galactic neighborhood which is "believed to be Earth-like" and orbits its star at a distance that could favor life, German weekly Der Spiegel reported Friday. The exoplanet orbits a well-investigated star called Proxima Centauri, part of the Alpha Centauri star system, the magazine said, quoting anonymous sources. "The still nameless planet is believed to be Earth-like and orbits at a distance to Proxima Centauri that could allow it to have liquid water on its surface -- an important requirement for the emergence of life," said the magazine. It's orbiting our sun's nearest neighboring star -- just 4.25 light years away -- meaning it could someday be considered for the world's first interstellar mission.

Read More...
posted 10 days ago on slashdot
Random web surfers could send a text message or even upload an image to be displayed on the back glass of Mark Lachniet's pinball machine, according to Mael517, while the machine itself webcast footage of both its playing field and backglass using Twitch. Interestingly, all the extra functionality was coded directly into the machine, according to Lachniet, who added only the webcam and an ethernet cord. The Hobbit [machine] has a whole bunch of hardware that I don't really understand and can barely fix... However, it has a computer in its guts, and this I can mostly understand. After identifying the pinball machine's motherboard, CPU, operating system (Ubuntu) and an SQL database, Lachniet was able to backup its software, and then create his own modifications. He envisions more possibilities -- for example, the ability to announce high scores on social media accounts or allow remote servicing of the machine. Lachniet even sees the possibility of a world-wide registry of pinball game scores with each player's location overlaid on Google Maps "so you could view pinball hot spots and where the high scores were coming from," and maybe even networking machines together to allow real-time global competition."

Read More...
posted 10 days ago on slashdot
Random web surfers could send a text message or even upload an image to be displayed on the back glass of Mark Lachniet's pinball machine, according to Mael517, while the machine itself webcast footage of both its playing field and backglass using Twitch. Interestingly, all the extra functionality was coded directly into the machine, according to Lachniet, who added only the webcam and an ethernet cord. The Hobbit [machine] has a whole bunch of hardware that I don't really understand and can barely fix... However, it has a computer in its guts, and this I can mostly understand. After identifying the pinball machine's motherboard, CPU, operating system (Ubuntu) and an SQL database, Lachniet was able to backup its software, and then create his own modifications. He envisions more possibilities -- for example, the ability to announce high scores on social media accounts or allow remote servicing of the machine. Lachniet even sees the possibility of a world-wide registry of pinball game scores with each player's location overlaid on Google Maps "so you could view pinball hot spots and where the high scores were coming from," and maybe even networking machines together to allow real-time global competition."

Read More...
posted 10 days ago on slashdot
Slashdot reader Nicola Hahn writes: While reporters clamor about the hacking of the Democratic National Committee, NSA whistleblower James Bamford offers an important reminder: American intelligence has been actively breaching email servers in foreign countries like Mexico and Germany for years. According to Bamford documents leaked by former NSA specialist Ed Snowden show that the agency is intent on "tracking virtually everyone connected to the Internet." This includes American citizens. So it might not be surprising that another NSA whistleblower, William Binney, has suggested that certain elements within the American intelligence community may actually be responsible for the DNC hack. This raises an interesting question: facing down an intelligence service that is in a class by itself, what can the average person do? One researcher responds to this question using an approach that borrows a [strategy] from the movie THX 1138: "The T-H-X account is six percent over budget. The case is to be terminated." To avoid surveillance, the article suggests "get off the grid entirely... Find alternate channels of communication, places where the coveted home-field advantage doesnâ(TM)t exist... this is about making surveillance expensive." The article also suggests "old school" technologies, for example a quick wireless ad-hoc network in a crowded food court. Any thoughts?

Read More...
posted 10 days ago on slashdot
Long-time Slashdot reader Lauren Weinstein writes: I'm told that Social Security Administration has now removed the mandatory cell phone access requirement that was strongly criticized... I appreciate that SSA has done the right thing in this case. Perhaps in the future they'll think these things through better ahead of time! The web site now describes the "extra security" of two-factor cellphone authentication as entirely optional -- but security researcher Brian Krebs had also warned that the bigger risk was how easy it was to impersonate somebody else when creating an account online. He wrote Thursday that now "the SSA is mailing letters if you sign up online, but they donâ(TM)t take that opportunity to deliver a special code to securely complete the sign up. Go figure."

Read More...
posted 10 days ago on slashdot
An anonymous Slashdot reader writes: Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS)...and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed... Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer. The researchers demonstrated two attacks on Debian and Ubuntu systems -- flipping a bit to change a victim's RSA public key, and installing a software package infected with malware by altering a URL used by apt-get. "Debian, Ubuntu and other companies involved in the research were notified before the paper was published, and have all responded to the issue."

Read More...