posted 10 days ago on slashdot
A 31-year-old autistic man in the U.K. is suspected of hacking U.S. government computer systems in 2013 -- and he has one final chance to appeal his extradition. An anonymous reader quotes the Guardian Even if Love is guilty, however, there are important legal and moral questions about whether he should be extradited to the US -- a nation that has prosecuted hackers with unrivalled severity, and one where Love could be sentenced to spend the rest of his life in prison... His remaining hope for mercy is a final appeal against extradition in the high court in November. Love's hope is for a full and fair trial in Britain. Even if he is found guilty in a British court of the most serious crimes in the US government's indictment, his legal team estimate that he faces just a few months in prison. Failure means Love will be flown to a holding facility in New York, placed on suicide watch and probably forced to take antidepressants, prior to a trial. If he refuses to accept a plea deal and is convicted, he will face $9m (£6.8m) in fines and, experts estimate, a prison term of up to 99 years, a punishment illustrative of the US's aggressive sentencing against hackers under the controversial Computer Fraud and Abuse Act. Naomi Colvin, from the human rights group the Courage Foundation, tells the Guardian that "Lauri's case is critically important in determining the reach of America's unusually harsh punitive sanctions for computer crimes."

Read More...
posted 10 days ago on slashdot
Though Apple officially unveils their newest iPhone on Tuesday, information is already leaking on the internet. Mashable: "Physically, it's expected to be about the same size as an iPhone 7, but with an edge-to-edge OLED display that's bigger than what is currently on the iPhone 7 Plus. It won't have a home button or Touch ID, and will likely use some kind of facial recognition tech to unlock." MacRumors cites a report from KGI Securities analyst Ming-Chi Kuo suggesting facial recognition may just be one feature of a complex front camera with 3D sensing hardware, including a proximity sensor, ambient light sensor, and a structured light transmitter (using a surface-emitting laser) and receiver. CNET: "Irish iPhone programming guru Steve Troughton-Smith now feels sure he has the names of the three phones to be launched by Apple on Tuesday.... they'll (probably) be called the iPhone 8, iPhone 8 Plus and -- ta-da -- the iPhone X." Troughton-Smith also predicts a 3x screen at 1125x2436 resolution Fortune: "Apple's iPhone line is expected to catch up with Android phones in the area of wireless charging this year... just lay the phone down on a compatible charger mat or base or dock, and watch the battery fill up." 9to5Mac: "We've found a brand new feature called 'Animoji', which uses the 3D face sensors to create custom 3D animated emoji based on the expressions you make into the camera. Users will be able to make Animoji of unicorns, robots, pigs, pile of poo and many more."

Read More...
posted 10 days ago on slashdot
Slashdot reader unixisc writes: While it's always been well known that Windows phones in the market have floundered, one saving grace has always been that one could at least use it for the barest minimum of apps, even if updates have stopped... Aside from a door stop or a hand me down to someone who'll use it like a dumb phone, what are your suggested uses for this phone? A music player (if the songs are on an SD card)? Games? As far as phones go, I have what I need, so for this, anything it's good for? The original submission suggests problems connecting to wi-ifi -- something partially corroborated by complaints at Windows Central -- though Microsoft's site says they're still supporting wifi connections. Slashdot reader thegreatbob suggested "shuffleboard puck" -- then added, "Snark aside, if you're into writing custom applications and such for them, there's probably a bootloader/root solution for you out there." Leave your own best suggestions in the comments. What can you do with an old Windows Phone?

Read More...
posted 10 days ago on slashdot
An anonymous reader quotes security researcher Brian Krebs: The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach -- equifaxsecurity2017.com -- is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones. TechCrunch has concluded that "the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach." One user reports that entering the same information twice produced two different answers. And ZDNet's security editor reports that even if you just enter Test or 123456, "it says your data has been breached." TechCrunch writes: The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there's no way to tell if you were really impacted. It's clear Equifax's goal isn't to protect the consumer or bring them vital information. It's to get you to sign up for its revenue-generating product TrustID. Meanwhile, one web engineer claims the secret 10-digit "security freeze" PIN being issued by Equifax "is just a timestamp of when you made the freeze."

Read More...
posted 10 days ago on slashdot
An anonymous reader quotes Stack Overflow Blog: In this post, we'll explore the extraordinary growth of the Python programming language in the last five years, as seen by Stack Overflow traffic within high-income countries. The term "fastest-growing" can be hard to define precisely, but we make the case that Python has a solid claim to being the fastest-growing major programming language... June 2017 was the first month that Python was the most visited [programming language] tag on Stack Overflow within high-income nations. This included being the most visited tag within the US and the UK, and in the top 2 in almost all other high income nations (next to either Java or JavaScript). This is especially impressive because in 2012, it was less visited than any of the other 5 languages, and has grown by 2.5-fold in that time. Part of this is because of the seasonal nature of traffic to Java. Since it's heavily taught in undergraduate courses, Java traffic tends to rise during the fall and spring and drop during the summer. Does Python show a similar growth in the rest of the world, in countries like India, Brazil, Russia and China? Indeed it does. Outside of high-income countries Python is still the fastest growing major programming language; it simply started at a lower level and the growth began two years later (in 2014 rather than 2012). In fact, the year-over-year growth rate of Python in non-high-income countries is slightly higher than it is in high-income countries... We're not looking to contribute to any "language war." The number of users of a language doesn't imply anything about its quality, and certainly can't tell you which language is more appropriate for a particular situation. With that perspective in mind, however, we believe it's worth understanding what languages make up the developer ecosystem, and how that ecosystem might be changing. This post demonstrated that Python has shown a surprising growth in the last five years, especially within high-income countries. The post was written by Stack Overflow data scientist David Robinson, who notes that "I used to program primarily in Python, though I have since switched entirely to R."

Read More...
posted 11 days ago on slashdot
Slashdot reader troublemaker_23 writes, "A number of security researchers have dismissed an article by reporter Brian Krebs about Marcus Hutchins, the Briton who is awaiting trial in the US on charges of writing and distributing the Kronos banking malware, by pointing out that it has nothing to do with the case." An anonymous reader writes: Krebs investigated dozens of hacker forum pseudonyms, concluding "The clues suggest that Hutchins began developing and selling malware in his mid-teens -- only to later develop a change of heart and earnestly endeavor to leave that part of his life squarely in the rearview mirror." Krebs believes 15-year-old Hutchins registered a domain he'd later advertise as "mainly for blackhats wanting to phish," and in 2010 may have filmed YouTube videos about password-stealing malware. Krebs says the early activities are "fairly small-time -- and hardly rise to the level of coding from scratch a complex banking trojan and selling it to cybercriminals," though he believes Hutchins moved on to advertising exploit kits, password-stealers, and bot rentals. Krebs also talked to 27-year-old Brendan Johnston, a friend of Hutchins who did time in prison in 2014 for selling Trojans, who "said his old friend sincerely tried to turn things around in late 2012... 'I feel like I know Marcus better than most people do online, and when I heard about the accusations I was completely shocked,. He tried for such a long time to steer me down a straight and narrow path that seeing this tied to him didn't make sense to me at all." Krebs stresses that Hutchins didn't try to hide the fact that he'd written malware, "which in the United States at least is a form of protected speech." And his essay concludes, "Let me be clear: I have no information to support the claim that Hutchins authored or sold the Kronos banking trojan." Symantec's former cybersecurity czar Tarah Wheeler has now set up a new legal fund after it was discovered that most of the online donations to Hutchins' previous defense fund came from stolen or fake credit card numbers. Hutchins returns to court in October, and the new fund has already received more than $16,000 in donations from more than 200 contributors.

Read More...
posted 11 days ago on slashdot
"It's not about an undo button," writes Slashdot reader marcle, sharing an article by a senior member of the technical staff at Sandia National Laboratories who's studying advanced technologies for computation. "Just reading this story bends my mind." From IEEE Spectrum: [F]or several decades now, we have known that it's possible in principle to carry out any desired computation without losing information -- that is, in such a way that the computation could always be reversed to recover its earlier state. This idea of reversible computing goes to the very heart of thermodynamics and information theory, and indeed it is the only possible way within the laws of physics that we might be able to keep improving the cost and energy efficiency of general-purpose computing far into the future... Today's computers rely on erasing information all the time -- so much so that every single active logic gate in conventional designs destructively overwrites its previous output on every clock cycle, wasting the associated energy. A conventional computer is, essentially, an expensive electric heater that happens to perform a small amount of computation as a side effect... [I]t's really hard to engineer a system that does something computationally interesting without inadvertently incurring a significant amount of entropy increase with each operation. But technology has improved, and the need to minimize energy use is now acute... In 2004 Krishna Natarajan (a student I was advising at the University of Florida) and I showed in detailed simulations that a new and simplified family of circuits for reversible computing called two-level adiabatic logic, or 2LAL, could dissipate as little as 1 eV of energy per transistor per cycle -- about 0.001 percent of the energy normally used by logic signals in that generation of CMOS. Still, a practical reversible computer has yet to be built using this or other approaches. The article predicts "if we decide to blaze this new trail of reversible computing, we may continue to find ways to keep improving computation far into the future. Physics knows no upper limit on the amount of reversible computation that can be performed using a fixed amount of energy." But it also predicts that "conventional semiconductor technology could grind to a halt soon. And if it does, the industry could stagnate... Even a quantum-computing breakthrough would only help to significantly speed up a few highly specialized classes of computations, not computing in general."

Read More...
posted 11 days ago on slashdot
Friday the makers of an open source media player Kodi called out trademark trolls who they say have "attempted to register the Kodi name in various countries outside the United States with the goal of earning money off the Kodi name without doing any work beyond sending threatening letters." BrianFagioli shares an article in which BetaNews quotes Kodi community and project manager Nathan Betzen: "At least one trademark troll has so far not agreed to voluntarily release their grasp on their registration of our trademark and is actively blackmailing hardware vendors in an entire country, trying to become as rich as possible off of our backs and the backs of Kodi volunteers everywhere. His name is Geoff Gavora. He had written several letters to the Foundation over the years, expressing how important XBMC and Kodi were to him and his sales. And then, one day, for whatever reason, he decided to register the Kodi trademark in his home country of Canada. We had hoped, given the positive nature of his past emails, that perhaps he was doing this for the benefit of the Foundation. We learned, unfortunately, that this was not the case," says Nathan Betzen, Kodi Project Manager. "Instead, companies like Mygica and our sponsor Minix have been delisted by Gavora on Amazon, so that only Gavora's hardware can be sold, unless those companies pay him a fee to stay on the store. Now, if you do a search for Kodi on Amazon.ca, there's a very real chance that every box you see is giving Gavora money to advertise that they can run what should be the entirely free and open Kodi. Gavora and his company are behaving in true trademark troll fashion."

Read More...
posted 11 days ago on slashdot
turkeydance quotes Business Insider: A Spanish company has designed a speed bump that won't hinder slow drivers but will still stop motorists driving too fast. The speed bump is filled with a non-Newtonian liquid which changes viscosity when pressure is applied at high velocity. They've been installed in Villanueva de Tapia, Spain and there has also been interest from Israel and Germany. There's a video on the site showing the speed bump in action.

Read More...
posted 11 days ago on slashdot
"It soon will become easier to charge a Chevy Bolt or Tesla in China," reports 24/7 Wall Street, citing reports from China's official newspaper that they've built the highest number of electric-car charging facilities in the world, offering "the broadest coverage, and the most advanced technology." AmiMoJo quotes their announcement: A total of 167,000 charging piles have now been connected to the telematics platform of the State Grid Corporation of China, making it the world's largest electric vehicle (EV) charging network. By cooperating with 17 charging station operators, the SGCC now offers more than 1 million kilowatt-hours of power each day. 24/7 Wall Street says the ambitious (and government-subsidized) plan "is bound to help electronic car adoption since most vehicles in the category have ranges well under 300 miles."

Read More...
posted 11 days ago on slashdot
troublemaker_23 shares an article from ITWire: The Germany-based SUSE Linux marked a milestone last week: on Friday, September 2, the company turned 25, a remarkable achievement in an industry where the remains of software companies litter the landscape around the world... SUSE was formed in 1992 by three university students -- Hubert Mantel, Roland Dyroff, and Burchard Steinbild. The fourth man in the equation was software engineer Thomas Fehr. They had a simple objective: to build software and deliver UNIX support. Linux had been around for a little more than a year at that point and they decided to use it... The name S.u.S.E is a German acronym and means "Software und System-Entwicklung", or "Software and systems development". The name was later changed to SuSE and some years on became SUSE... Like other open source outfits, SUSE has widened its services and now not only provides an enterprise Linux distribution but has a well developed software-defined storage product and one for a container-as-a-service option. It also caters to those seeking cloud options and does more than its fair share in contributing to upstream FOSS projects. Along the way, it has spawned a top-notch community distribution, openSUSE, which is run by an autonomous board led by the ebullient British developer Richard Brown. S.u.S.E Linux was one of the first distros, arriving in 1994 after Soft Landing Systems Linux (in mid-1992) and Slackware.

Read More...
posted 11 days ago on slashdot
"I fought foreign propaganda for the FBI," writes a former special agent from its Counterintelligence Division. Now an associate dean at Yale Law School, he's warning that "the tools we had won't work anymore." An anonymous reader quotes Politico: The bureau is now faced with huge private companies, like Facebook and Twitter, which are ostensibly neutral and have no professional or ethical obligation to vet the material they distribute. Further, foreign intelligence service propaganda agents are no longer human operatives on American soil -- they are invisible "trolls," often operating from a foreign country and behind social media accounts that make them impossible for the FBI to approach directly. Or, in the case of so-called bots -- software programs designed to simulate humans -- they might not even be people at all... [S]ocial media platforms can reach an almost limitless audience, often within days or hours, more or less for free: Russia's Facebook ads alone reached between 23 million and 70 million viewers. Without any direct way to investigate and identify the source of the private accounts that generate this "fake news," there's literally nothing the FBI can do to stop a propaganda operation that can occur on such a massive scale... But Congress could pass legislation that requires social media companies to cooperate with counterintelligence in the same ways they do with law enforcement. For example, the Communications Assistance for Law Enforcement Act requires telecommunications companies to design their digital networks in such a way that would permit wiretaps for criminal cases. Similarly, requiring social media platforms to develop ways to vet and authenticate foreign users and proactively report potential bots to the FBI would enable the FBI to identify perception management operations as they are occurring. In addition to monitoring these specific FIS-based accounts, the FBI could publicly expose the source of particular accounts, ads or news... "At this point, we have no choice: It's clear that our current counterintelligence strategy hasn't caught up to the age of asymmetrical information warfare," the former counterintelligence agent concludes. "Until it does, we'll be silently allowing our freedoms to be manipulated...."

Read More...
posted 11 days ago on slashdot
An anonymous reader quotes Linux.com: What happens when you take Ubuntu 17.10, a new desktop interface (one that overlays on top of KDE), snap packages, and roll them all up into a pseudo rolling release? You get Nitrux. At first blush, this particular Linux distribution seems more of an experiment than anything else -- to show how much the KDE desktop can be tweaked to resemble the likes of the Elementary OS or MacOS desktops. At its heart, however, it's much more than that... This particular take on the Linux desktop is focused on the portable, universal nature of snap packages and makes use of a unique desktop, called Nomad, which sits atop KDE Plasma 5... The desktop includes a dock, a system/notification tray, a quick search tool (Plasma Search), and an app menu. Of all the elements on the desktop, it's the Plasma Search tool that will appeal to anyone looking for an efficient means to interact with their desktops. With this tool, you can just start typing on a blank desktop to see a list of results. Say, for example, you want to open LibreOffice writer; on the blank desktop, just start typing "libre" and related entries will appear... Skilled Linux users should have no problem using Nitrux and might find themselves intrigued with the snap-centric Nomad desktop. The one advantage of having a distribution centered around snap packages would be the ease with which you could quickly install and uninstall a package, without causing issues with other applications... In the end, Nitrux is a beautiful desktop that is incredibly efficient to use -- only slightly hampered by an awkward installer and a lack of available snap packages. Give this distribution a bit of time to work out the kinks and it could become a serious contender. The GUI-focused distro even includes Android apps in the menu -- although Linux.com's reviewer notes that "on two different installations, I have yet to get this feature to work. Even the pre-installed Android apps never start."

Read More...
posted 11 days ago on slashdot
Long-time Slashdot reader BinBoy writes: Science fiction author and Byte magazine columnist Jerry Pournelle has died according to a statement by his son Alex posted to Jerry's web site. A well-wishing page has been set up for visitor's to post their thoughts and memories of Mr. Pournelle. Pournelle's literary career included the 1985 science fiction novel Footfall with Larry Niven, which became a #1 New York Times best-seller -- one of several successful collaborations between the two authors. In a Slashdot interview in 2003, Larry Niven credited Jerry for the prominent role of religion in their 1974 book The Mote in God's Eye. Wikipedia also remembers how Byte magazine announced Pournelle's legendary debut as a columnist in their June 1980 issue. "The other day we were sitting around the BYTE offices listening to software and hardware explosions going off around us in the microcomputer world. We wondered, "Who could cover some of the latest developments for us in a funny, frank (and sometimes irascible) style?" The phone rang. It was Jerry Pournelle with an idea for a funny, frank (and sometimes irascible) series of articles to be presented in BYTE on a semi-regular (i.e.: every 2 to 3 months) basis, which would cover the wild microcomputer goings-on at the Pournelle House ("Chaos Manor") in Southern California. We said yes."

Read More...
posted 11 days ago on slashdot
An anonymous reader quotes a report from Bleeping Computer: Mozilla will drop an iconic section of its UI -- the search bar -- and will use one singular input bar atop the browser, similar to the approach of most Chromium browsers. This change will go live in Firefox 57, scheduled for release on November 14, and will be part of Photon -- the codename used to describe Firefox's new user interface (UI) -- also scheduled for a public release in v57. Mozilla engineers aren't removing the search bar altogether, but Firefox will hide this UI element by default. Users can still re-enable it by going to "Preferences -> Search -> Search Bar" and choosing the second option. The current Firefox search bar is redundant since most of its features can be performed by the URL address bar.

Read More...
posted 11 days ago on slashdot
intellitech shares a report from Engadget: For those of you who miss the iPhone headphone jack, you're definitely not alone. But Strange Parts creator Scotty Allen missed it so much that he decided to add one to his iPhone 7. He just posted a video of the project's entire saga, with all of its many ups and downs, and in the end he holds what he set out to create -- a current generation iPhone with a fully functional headphone jack. It turns out, real courage is adding the headphone jack back to the iPhone. The project took around 17 weeks to complete and throughout it Allen spent thousands of dollars on parts including multiple iPhones and screens and handfuls of lightning to headphone adaptors. Along the way, Allen bought a printer, a nice microscope and fancy tweezers. He had to design his own circuit boards, have a company manufacture multiple iterations of flexible circuit boards and at one point early on had to consult with a chip dealer that a friend hooked him up with. The final product works by using a lightning to headphone adaptor that's incorporated into the internal structure of the phone. However, because the headphone jack is powered via the phone's lightning jack with a circuit board switching between the two depending on whether headphones or a charger are plugged into the phone, you can't actually listen to music and charge the phone at the same time.

Read More...
posted 11 days ago on slashdot
Dan Drollette writes: Contrary to some items making the rounds of the Twitterverse, El Nino's are "Kryptonite for hurricanes." The Mercury News reports: "Irma has ripped a path of misery through the Caribbean and is aiming at Florida, but the first seed for its monster size and force was planted on the other side of the world more than six months ago. It happened innocently enough, when a widely anticipated El Nino failed to materialize over the Pacific Ocean. In time, that cleared a path for a hurricane to form in the Atlantic that grew to the size of the state of New York with winds topping 185 miles per hour. El Nino occurs when the Pacific heats up and flusters the atmosphere, setting off a chain reaction that causes wind shear across the Atlantic. Shear is wind blowing in different directions or speeds at various altitudes, and it can be Kryptonite for hurricanes. As powerful as they are, tropical cyclones have delicate structures. Shear can tear them apart. A budding storm can't get started and an established storm can't get strong."

Read More...
posted 11 days ago on slashdot
ugen shares a report from CNBC: Artificial Intelligence (AI) can now accurately identify a person's sexual orientation by analyzing photos of their face, according to new research. The Stanford University study, which is set to be published in the Journal of Personality and Social Psychology and was first reported in The Economist, found that machines had a far superior "gaydar" when compared to humans. Slashdot reader randomlygeneratename adds: Researchers built classifiers trained on photos from dating websites to predict the sexual orientation of users. The best classifier used logistic regression over features extracted from a VGG-Face conv-net. The latter was done to prevent overfitting to background, non-facial information. Classical facial feature extraction also worked with a slight drop in accuracy. From multiple photos, they achieved an accuracy of 91% for men and 83% for women (and 81% / 71% for a single photo). Humans were only able to get 61% and 54%, respectively. One caveat is the paper mentions it only used Caucasian faces. The paper went on to discuss how this capability can be an invasion of privacy, and conjectured that other types of personal information might be detectable from photos. The source paper can be found here.

Read More...
posted 11 days ago on slashdot
An anonymous reader quotes a report from Ars Technica: The manufacturer of EpiPen devices failed to address known malfunctions in its epinephrine auto-injectors even as hundreds of customer complaints rolled in and failures were linked to deaths, according to the Food and Drug Administration. The damning allegations came to light today when the FDA posted a warning letter it sent September 5 to the manufacturer, Meridian Medical Technologies, Inc. The company (which is owned by Pfizer) produces EpiPens for Mylan, which owns the devices and is notorious for dramatically raising prices by more than 400 percent in recent years. The auto-injectors are designed to be used during life-threatening allergic reactions to provide a quick shot of epinephrine. If they fail to fire, people experiencing a reaction can die or suffer serious illnesses. According to the FDA, that's exactly what happened for hundreds of customers. In the letter, the agency wrote: "In fact, your own data show that you received hundreds of complaints that your EpiPen products failed to operate during life-threatening emergencies, including some situations in which patients subsequently died." The agency goes on to lambast Meridian Medical for failing to investigate problems with the devices, recall bad batches, and follow-up on problems found. For instance, a customer made a complaint in April 2016 that an EpiPen failed. When Meridian disassembled the device, it found a deformed component that led to the problem -- the exact same defect it had found in February when another unit failed.

Read More...
posted 11 days ago on slashdot
gubol123 shares a report from The Economic Times: Six leading car makers are eyeing the government's plan to buy 10,000 electric vehicles while policy makers are considering generous fiscal incentives to make their capital and running cost cheaper than petrol cars within five years. Broadly, the aim is to put on roads one million electric three-wheelers and 10,000 electric city buses by mid-2019 and make India the world leader in at least some segments of the market as the country strives to shift entirely to battery-powered transportation by 2030. In six to eight months, 10,000 e-vehicles are expected to be running in the national capital region. The tender to buy 10,000 e-vehicles has already attracted Tata Motors, Hyundai, Nissan, Renault, Maruti Suzuki and Mahindra & Mahindra, and would be quickly followed by a dramatic scaling up of the e-vehicles program. The tender would be awarded by the end of this month and cars would start rolling in by mid-November.

Read More...
posted 12 days ago on slashdot
swschrad writes: Call it a stampede, call it a business decision, but Best Buy has pulled Kaspersky internet security software from its shelves and website. Some in the U.S. government suspect Russian ties make it a suspicious product. Since all major security companies have links with each other and with government security agencies, sharing threat evidence to find counters, Kaspersky's defense seems valid. But if you want it, be prepared to buy it off their own website. Best Buy will give Kaspersky software purchasers 45 days to exchange it for free for another product if they want. Additionally, customers can also uninstall it themselves or have a Geek Squad agent do it for free within that time window.

Read More...
posted 12 days ago on slashdot
In response to the massive Equifax cybersecurity incident impacting approximately 143 million U.S. consumer -- making it possibly the worst leak of personal info ever -- Slashdot reader AdamStarks asks: What steps can the average Joe take to protect their identity? Accepting Equifax's help forfeits your right to sue; it's the same with applying for protection at TransUnion (not sure about Experian). Extra services at those companies also cost money, but that's putting even more of your data in their hands, and it's not clear whether the protection/help they provide is worth it (leaving aside not wanting to reward bad behavior).

Read More...
posted 12 days ago on slashdot
An anonymous reader quotes a report from The Verge: The Note brand is still going strong despite Samsung recalling and discontinuing Note 7 devices last year for battery explosions. The company today announced that more customers in the U.S. have preordered the Note 8 than any other Notes it has ever sold in previous years during the same time period. Note 8 preorders went live on August 24th and the device is one of Samsung's most expensive smartphones to date, starting at $930. It's unapologetically pricey, though Samsung did attempt to offset that price tag with some presale offers. Samsung did not specify exactly how many Note 8 preorders it has received so far, but judging by how popular Note 7s were last year before everything went down, it seems that little has deterred Note fans from upgrading -- not even the price tag.

Read More...
posted 12 days ago on slashdot
Catalin Cimpanu, reporting for BleepingComputer: Microsoft has declined to patch a security bug Cisco Talos researchers discovered in the Edge browser, claiming the reported issue is by design. Apple and Google patched a similar flaw in Safari (CVE-2017-2419) and Chrome (CVE-2017-5033), respectively. According to Cisco Talos researcher Nicolai Grodum, the vulnerability can be classified as a bypass of the Content Security Policy (CSP), a mechanism that allows website developers to configure HTTP headers and instruct the browsers of people visiting their site what resources (JavaScript, CSS) they can load and from where. The Content Security Policy (CSP) is one of the tools that browsers use to enforce Same-Origin Policy (SOP) inside browsers. Grodum says that he found a way to bypass CSP -- technical details available here -- that will allow an attacker to load malicious JavaScript code on a remote site and carry out intrusive operations such as collecting information from users' cookies, or logging keystrokes inside the page's forms, and others.

Read More...
posted 12 days ago on slashdot
cdreimer writes: According to a report in The Wall Street Journal (Warning: source may be paywalled, alternative source), Uber is under investigation by federal law-enforcement authorities for using a program called "Hell" to illegally interfere with the competition by creating fake Lyft accounts, initiating phony ride requests for Lyft drivers, and offering cash bonuses for drivers who drive for both services to leave Lyft. This is creating a new headache for incoming CEO Dara Khosrowshahi to deal with. From the report: "Federal law-enforcement authorities in New York are investigating whether Uber Technologies Inc. used software to interfere illegally with its competitors, according to people familiar with the investigation, adding to legal pressures facing the embattled ride-hailing company and its new chief executive. The investigation, led by the Federal Bureau of Investigation's New York office and the Manhattan U.S. attorney's office, is focused on a defunct Uber program, known internally as 'Hell,' that could track drivers working for rival service Lyft Inc., the people said. 'We are cooperating with the SDNY investigation,' said an Uber spokesman, referring to New York's Southern District. He declined to offer additional details. Uber has never publicly discussed the details of the program. But people familiar with the matter said 'Hell' worked like this: Uber created fake Lyft customer accounts, tricking Lyft's system into believing prospective customers were seeking rides in various locations around a city. That allowed Uber to see which Lyft drivers were nearby and what prices they were offering for various routes, similar to how such information appears when an authentic Lyft app is opened on a user's smartphone, these people said. The program was also used to glean data on drivers who worked for both companies, and whom Uber could target with cash incentives to get them to leave Lyft, said these people, who added that the program was discontinued last year."

Read More...