Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Botnet

A 'Turkish Hacker' Is Giving Out Prizes For DDoS Attacks (csoonline.com) 8

Security firm Forcepoint has discovered a DDoS competition which requires participants install a DDoS software which contains a backdoor. An anonymous reader quotes CSO: A hacker in Turkey has been trying to encourage distributed denial-of-attacks by making it into a game, featuring points and prizes for attempting to shut down political websites... Users that participate will be given a tool known as Balyoz, the Turkish word for Sledgehammer, that can be used to launch DDoS attacks against a select number of websites... The attack tool involved is designed to only harass 24 political sites related to the Kurds, the German Christian Democratic Party -- which is led by Angela Merkel -- and the Armenian Genocide, and others... Forcepoint noticed that the DDoS attack tool given to the participants also contains a backdoor that will secretly install a Trojan on the computer.
Botnet

US Think Tank Wants To Regulate The Design of IoT Devices For Security Purposes (theregister.co.uk) 65

New submitter mikehusky quotes a report from The Register: Washington D.C. think tank the Institute for Critical Infrastructure Technology is calling for regulation on "negligence" in the design of internet-of-things (IoT) devices. If the world wants a bonk-detecting Wi-Fi mattress, it must be a malware-free bonk-detecting Wi-Fi mattress. The report adds: "Researchers James Scott and Drew Spaniel point out in their report Rise of the Machines: The Dyn Attack Was Just a Practice Run [PDF] that IoT represents a threat that is only beginning to be understood. The pair say the risk that regulation could stifle market-making IoT innovation (like the Wi-Fi cheater-detection mattress) is outweighed by the need to stop feeding Shodan. 'Regulation on IoT devices by the United States will influence global trends and economies in the IoT space, because every stakeholder operates in the United States, works directly with United States manufacturers, or relies on the United States economy. Nonetheless, IoT regulation will have a limited impact on reducing IoT DDoS attacks as the United States government only has limited direct influence on IoT manufacturers and because the United States is not even in the top 10 countries from which malicious IoT traffic originates.' State level regulation would be 'disastrous' to markets and consumers alike. The pair offer their report in the wake of the massive Dyn and Mirai distributed denial of service attacks in which internet of poorly-designed devices were enslaved into botnets to hammer critical internet infrastructure, telcos including TalkTalk, routers and other targets."
Music

Bose Launches 'Hearphones' That Act Like Hearing Aids (theverge.com) 53

Bose has launched a new pair of earbuds called Hearphones that augment the sounds of the world around you, letting you select what kinds of outside noises you'd like to listen to. "Hearphones users can also pick which direction those outside noises come from, with what appears to be specific emphasis on helping people hear voices better in crowded places," reports The Verge: A "Bose Hear" app was recently added to the App Store, and offers a little more detail about what Hearphones are capable of. You can turn the "world volume" up or down, and change the direction you're hearing those sounds from. There are preset modes like "television," "focused conversation," "airplane," "doctor's office," or "gym," all of which presumably block out different sounds from different directions while letting in things like speech. A user manual was also recently submitted to the FCC. No pricing or availability can be found anywhere on Bose's website or in the app. Here's some more from that app's description: "Innovative technologies amplify softer sounds, let you turn down the distractions in noisy environments and focus on what you want to hear -- like a conversation across the table. You can also use them as controllable noise cancelling [sic] wireless headphones for your music or calls or just for quiet. Take control of the noise, and hear the world better."
Privacy

Twitter Cuts API Access For Media Sonar, Spy Tool Used To Target Black Lives Matter (dailydot.com) 99

Police have now one less tool to monitor users on Twitter. The Daily Dot is reporting that Twitter has cut ties with a third-party social network surveillance firm, citing company policies intended to safeguard users against the surreptitious collection of data by law enforcement agencies. From the report: The severed contract follows Twitter nullifying the commercial data agreements of two other leading social-network-surveillance firms, Geofeedia and Snaptrends. Previously unreported, Twitter severed the access of Media Sonar, an Ontario-based company founded in 2012, which has sold surveillance software to police departments across the United States. Nineteen local government services are known to have each spent at least $10,000 on the software between 2014 and 2016, according to documents acquired under state open-records laws. Twitter informed the Daily Dot this week that it had terminated Media Sonar's access to its public API in October. If the company attempts to create other API keys, Twitter said, "we will terminate those as well and take further action as appropriate."
Android

Verizon Says It Will Not Push Samsung's Update That Disables Galaxy Note7 Because Of User Inconvenience (verizon.com) 188

Samsung confirmed on Friday that it will indeed release an update to Galaxy Note7 smartphones in the United States to "prevent US Galaxy Note7 devices from charging and will eliminate their ability to work as mobile devices." In a new wrinkle to this whole situation, Verizon said today it will not be releasing Samsung's software update to Galaxy Note7 users on Verizon network. In a blog post, Verizon said: "Verizon will not be taking part in this update because of the added risk this could pose to Galaxy Note 7 users that do not have another device to switch to. We will not push a software upgrade that will eliminate the ability for the Note 7 to work as a mobile device in the heart of the holiday travel season. We do not want to make it impossible to contact family, first responders or medical professionals in an emergency situation." To recall, the Galaxy Note7 remains banned on airlines by the FAA and has also been prohibited from being used on many other public transit services in the United States. Elsewhere in the world, similar bans have been imposed on the phone.
Cellphones

Samsung May Permanently Disable Galaxy Note 7 Phones In The US As Soon As Next Week (theverge.com) 180

Those who are still clinging on to their Galaxy Note 7, even after Samsung recalled the devices due to faulty batteries in mid-September, may want to seriously reconsider returning them to the Korean company. The Verge has obtained an image of an alert that went out to at least one Note 7 owner on U.S. Cellular today stating that, "As of December 15th, Samsung will modify the software to prevent the Galaxy Note 7 from charging. The phone will no longer work." The Verge reports: It's not clear whether Note 7s will be disabled across the major U.S. carriers as well, but it seems likely that'll be the case. In the past, updates disabling Note 7 features have rolled out across Verizon, ATT, and other carriers within a matter of days. That's probably what'll happen here, as well. By preventing the phone from charging, Samsung takes the final step to making the phone entirely unusable. It's still offering Note 7 owners the ability to fully return the phone or exchange it for another Samsung device. As of November 4th, when Samsung last provided an update, 85 percent of Note 7s sold in the U.S. had been recovered. That still left around 285,000 phones unaccounted for. Completely disabling the phone seems to be Samsung's last-ditch effort to either recover the remaining devices or remove what risk they still pose to consumers.
Communications

Google Now Lets Developers Write Apps For the Assistant On Google Home (techcrunch.com) 38

Google today announced it will open up Home to third-party developers, allowing all developers to start bringing their applications and services to the Google Assistant. Developers can start building "conversation actions" for the Google Assistant, which "allows developers to create back-and-forth conversations with users through the Assistant," writes Frederic Lardinois via TechCrunch. "Users can simply start these conversations by using a phrase like 'OK Google, talk to Eliza.'" TechCrunch reports: While the Assistant also runs on the Pixel phones and inside the Allo chat app, Google says it plans to bring actions to these other "Assistant surfaces" in the future, but it's unclear when exactly this will happen. To help developers who want to build these new Conversation Actions get started, Google has teamed up with a number of partners, including API.AI, GupShup, DashBot and VoiceLabs, Assist, Notify.IO, Witlingo and Spoken Layer. Google has also allowed a small number of partners to enable their apps on Google Home already. These integrations will roll out as early as next week. Given that users will be able to invoke these new actions with a simple command (and without having to first enable a skill, like on Alexa), Google's platform looks to be a rather accessible and low-friction way for developers to get their voice-enabled services to users. Google will have the final say over which actions will be enabled on Google Home.
Businesses

Yik Yak Lays Off 60 Percent of Employees As Growth Collapses (theverge.com) 71

An anonymous reader quotes a report from The Verge: Yik Yak has laid off 60 percent of employees amid a downturn in the app's growth prospects, The Verge has learned. The three-year-old anonymous social network has raised $73.5 million from top-tier investors on the promise that its young, college-age network of users could one day build a company to rival Facebook. But the challenge of growing its community while moving gradually away from anonymity has so far proven to be more than the company could muster. Employees who were affected were informed of the layoffs Thursday morning, sources told The Verge. Yik Yak employed about 50 people, and now only about 20 remain, the company said. The community, marketing, design, and product teams were all deeply affected, one source said. Atlanta-based Yik Yak was founded in 2014 by Furman University students Tyler Droll and Brooks Buffington. The app updated the concept of dorm newsletters for the mobile era, letting anyone post comments about school, their campus, or life in general. The fact that comments were anonymous initially helped the app grow, as it encouraged more candid forms of sharing than students might otherwise post on Facebook or Instagram.
Government

Congress Passes BOTS Act To Ban Ticket-Buying Software (arstechnica.com) 213

Congress passed a bill yesterday that will make it illegal for people to use software bots to buy concert tickets. Ars Technica reports: The Better Online Ticket Sales (BOTS) Act makes it illegal to bypass any computer security system designed to limit ticket sales to concerts, Broadway musicals, and other public events with a capacity of more than 200 persons. Violations will be treated as "unfair or deceptive acts" and can be prosecuted by the Federal Trade Commission or the states. The bill passed the Senate by unanimous consent last week, and the House of Representatives voted yesterday to pass it as well. It now proceeds to President Barack Obama for his signature. Computer programs that automatically buy tickets have been a frustration for the concert industry and fans for a few years now. The issue had wide exposure after a 2013 New York Times story on the issue. Earlier this year, the office of New York Attorney General Eric Schneiderman completed an investigation into bots. The New York AG's ticket sales report (PDF) found that the tens of thousands of tickets snatched up by bots were marked up by an average of 49 percent.
AMD

AMD's Major Radeon Software Graphics Driver Update Goes Live With Gameplay Capture, More (venturebeat.com) 97

Advanced Micro Devices, or AMD is launching an update for its Radeon graphics drivers that will help PC gamers enjoy more power-efficient gameplay during the holiday season. Radeon Software Crimson ReLive Edition offers high-performance gaming and better stability for consumers, professionals, and developers. From a report on VentureBeat: The new edition enables power-efficient gameplay with Radeon Chill and seamless in-game screen capture and streaming with Radeon ReLive. For designers, content creators, and game developers, Radeon Pro Software Crimson ReLive Edition delivers productivity and stability with up to 30 percent performance improvements in key applications. With Radeon ReLive, gamers can "relive" their gameplay by capturing, streaming, and sharing recorded gaming sessions. Highly efficient with minimal impact to gameplay, Radeon ReLive enables seamless playback of ReLive recordings via an easily accessible in-game toolbar, and offers quick and convenient customizable settings, custom scene layouts, and more, AMD said. With Radeon ReLive, gamers now have a way to capture gaming highlights, and share their gaming exploits and conquests with online friends and competitors -- all integrated within Radeon Software.
Emulation (Games)

Microsoft and Qualcomm Collaborate To Bring Windows 10, x86 Emulation To Snapdragon Processors (anandtech.com) 85

An anonymous reader quotes a report from AnandTech: Today at Microsoft's WinHEC event in Shenzhen, China, the company announced that it's working with Qualcomm to bring the full Windows 10 experience to future devices powered by Snapdragon processors. These new Snapdragon-powered devices should support all things Microsoft, including Microsoft Office, Windows Hello, Windows Pen, and the Edge browser, alongside third-party Universal Windows Platform (UWP) apps and, most interestingly, x86 (32-bit) Win32 apps. They should even be able to play Crysis 2. This announcement fits nicely with Microsoft's "Windows Everywhere" doctrine and should come as no surprise. It's not even the first time we've seen Windows running on ARM processors. Microsoft's failed Windows RT operating system was a modified version of Windows 8 that targeted the ARMv7-A 32-bit architecture. It grew from Microsoft's MinWin effort to make Windows more modular by reorganizing the operating system and cleaning up API dependencies. The major change with today's announcement over Windows RT and UWP is that x86 apps will be able to run on Qualcomm's ARM-based SoCs, along with support for all of the peripherals that are already supported with Windows 10. This alone is a huge change from Windows RT, which would only work with a small subset of peripherals. Microsoft is also focusing on having these devices always connected through cellular, which is something that is not available for many PCs at the moment. Support will be available for eSIM to avoid having to find room in a cramped design to accommodate a physical SIM, and Microsoft is going so far as to call these "cellular PCs" meaning they are expecting broad support for this class of computer, rather than the handful available now with cellular connectivity. The ability to run x86 Win32 apps on ARM will come through emulation, and to demonstrate the performance Microsoft has released a video of an ARM PC running Photoshop.
Bug

Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016 (onthewire.io) 72

Trailrunner7 quotes a report from On the Wire: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year, with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it's no surprise that Flash and IE exploits dominated the landscape. Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it's deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future's analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups. "Adobe Flash Player's CVE-2015-7645, number 10 in terms of references to exploit kits, stands out as the vulnerability with the most adoption by exploit kits. Exploit kits adopting the Adobe bug in the past year include Neutrino, Angler, Magnitude, RIG, Nuclear Pack, Spartan, and Hunter," the analysis by Recorded Future says.
Bug

Nintendo Offers Up To $20,000 To Hack the 3DS (silicon.co.uk) 44

Mickeycaskill writes: Nintendo will pay up to $20,000 for system and software vulnerabilities in the Nintendo 3DS family of handheld gaming consoles. The company is looking to prevent activities such as piracy, cheating and the circulation of inappropriate content to children. The stated goal is to "provide a secure environment for our customers so that they can enjoy our games and services. In order to achieve this goal, Nintendo is interested in receiving vulnerability information that researchers may discover regarding Nintendo's platforms." Silicon.co.uk reports: "Rewards will range from $100 to $20,000, with one given per 'qualifying piece of vulnerability information.' Hackers looking to claim a reward will have to provide Nintendo with either a proof-of-concept or a piece of functional exploit code in order to qualify."
Intel

Qualcomm Debuts 10nm Server Chip To Attack Intel Server Stronghold (tomshardware.com) 107

An anonymous reader quotes a report from Tom's Hardware: Qualcomm and its Qualcomm Datacenter Technologies subsidiary announced today that the company has already begun sampling its first 10nm server processor. The Centriq 2400 is the second generation of Qualcomm server SOCs, but it is the first in its new family of 10nm FinFET processors. The Centriq 2400 features up to 48 custom Qualcomm ARMv8-compliant Falkor cores and comes a little over a year after Qualcomm began developing its first-generation Centriq processors. Qualcomm's introduction of a 10nm server chip while Intel is still refining its 14nm process appears to be a clear shot across Intel's bow--due not only to the smaller process, but also its sudden lead in core count. Intel's latest 14nm E7 Broadwell processors top out at 24 cores. Qualcomm isn't releasing more information, such as clock speeds or performance specifications, which would help to quantify the benefit of its increased core count. The server market commands the highest margins, which is certainly attractive for the mobile-centric Qualcomm, which found its success in the relatively low-margin smartphone segment. However, Intel has a commanding lead in the data center with more than a 99% share of the world's server sockets, and penetrating the segment requires considerable time, investment, and ecosystem development. Qualcomm unveiled at least a small portion of its development efforts by demonstrating Apache Spark and Hadoop on Linux and Java running on the Centriq 2400 processor. The company also notes that Falkor is SBSA compliant, which means that it is compatible with any software that runs on an ARMv8-compliant server platform.
Businesses

Google, HTC, Oculus, Samsung, Sony Join Forces To Create Global VR Association (techcrunch.com) 58

Google, HTC, Oculus, Samsung, Sony and Acer have teamed up to form the Global Virtual Reality Association (GVRA) in an effort to reduce fragmentation and failure in the industry. GVRA aims to "unlock and maximize VR's potential," but there are little details as to what this may mean for consumers. TechCrunch reports: What many in the VR community have been thirsting for is some unification of standards in terms of software and hardware. Games bought in the Oculus store don't play on the Vive or PS VR. Sensors for the Vive don't work on Oculus. Sony doesn't play nice with anyone else's standards etc. etc. Valve, which makes the Steam store and SteamVR platform for the HTC Vive and others, is notably not a member of this collective so any hopes of a unified standard (like its OpenVR platform) emerging from this collective is likely not in the cards. From the GVRA press release: "The goal of the Global Virtual Reality Association is to promote responsible development and adoption of VR globally. The association's members will develop and share best practices, conduct research, and bring the international VR community together as the technology progresses. The group will also serve a resource for consumers, policymakers, and industry interested in VR."
Businesses

T-Mobile's 'Digits' Solution Lets You Use One Phone Number Across All Your Devices (theverge.com) 46

An anonymous reader quotes a report from The Verge: T-Mobile just revealed its answer to ATT's NumberSync technology, which lets customers use one phone number across all their connected devices. T-Mobile's version is called Digits and it will launch in a limited, opt-in customer beta beginning today before rolling out to everyone early next year. "You can make and take calls and texts on whatever device is most convenient," the company said in its press release. "Just log in and, bam, your call history, messages and even voicemail are all there. And it's always your same number, so when you call or text from another device, it shows up as you." When it leaves beta, Digits will cost an extra monthly fee, but T-Mobile isn't revealing pricing today. "This is not going to be treated as adding another line to your account," said COO Mike Sievert. "Expect us to be disruptive here." And while its main feature is one number for everything, Digits does offer T-Mobile customers another big perk: multiple numbers on the same device. This will let you swap between personal and work numbers without having to maintain separate lines and accounts. You can also give out an "extra set" of Digits in situations where you might be hesitant to give someone your primary number; this temporary number forwards to your devices like any other call. You can have multiple numbers for whatever purposes you want, based on T-Mobile's promotional video.
Businesses

Pebble Gets Acquired By Fitbit - Ends Production and Ceases Support Of Its Existing Lineup of Smartwatches (getpebble.com) 186

Reader phorm writes: In a notice to Kickstarter backers, pebble has stated that -- following the acquisition by Fitbit (official now) -- they will no longer promote, manufacture, or sell devices. Further, while existing functionality may continue, it is likely to be degraded and warranty support will no longer be provided. This includes any recently shipped Pebble models. For those that were eagerly awaiting shipment of Pebble Time 2 and other newer devices, those devices will not ship at all. Pebble has indicated refunds will be made within 4-8 weeks. Those expecting their money may not want to hold their breath, however, because a contradictory statement made by to backers by email says that refunds will be made via Kickstarter by March 2017.Fitbit said it is only purchasing software assets from Pebble.
Windows

Microsoft Likely To See a Boost in Windows 10 Sales This New Year (fortune.com) 171

Because many businesses are wary of new software updates, let alone a new operating system, Microsoft could see a significant surge in Windows 10 install base and sales in the New Year. From a report on Fortune: Businesses have been slow to upgrade all of their corporate computers to the latest Windows OS in 2016, according to research by IT services and technology company Adaptiva. Adaptiva said Tuesday that based on its findings, it believes companies are going to be upgrading to the latest version in 2017. Adaptiva based its findings from a survey it conducted over the summer of 300 IT professionals at various businesses. The company said that 41% of the companies it surveyed have been avoiding the upgrade, and some "have gone so far as to actively resist the move by using software to prevent or disable Windows 10 installation." The survey didn't say why exactly companies were avoiding the upgrade, but the majority of respondents that did upgrade "rated the Windows 10 migration process to be somewhat to extremely challenging," the survey said. According to latest figures provided by Microsoft, Windows 10 is running on over 400 million devices.
Sony

Sony Has Sold 50 Million PlayStation 4 Units (gamespot.com) 72

Sony today shared sales figures of the PlayStation 4, saying the gaming console surpassed 50 million units as of this week. The console was launched in November 2013, and hit 40 million sales mark in May this year. In a statement, the company said, via GameSpot: "We're truly delighted that the PS4 community continues to flourish since launch three years ago," Sony Interactive Entertainment boss Andrew House said in a statement. "With tremendous support from our fans and partners across the globe, this year we were able to deliver an unprecedented lineup of hardware, including the new slimmer PS4, PS4 Pro, and PlayStation VR. We will continue to provide the best gaming experiences available through our ground-breaking software lineup and network services, as we focus on accelerating our business and expanding the PS4 ecosystem."According to an estimate Nvidia provided in August, Microsoft's Xbox One has an install base of 29 million.
NES (Games)

Doyodo RetroEngine Sigma Is a Linux-Powered Classic Video Game Emulation Console (betanews.com) 91

BrianFagioli quotes a report from BetaNews: The Nintendo NES Classic is quite an amazing console. True, it is not as powerful as modern game systems like Xbox One and PlayStation 4, but it comes pre-loaded with many classic NES titles. Unfortunately, its strength is also its weakness -- those pre-loaded titles are the only games you can play. You cannot load other games, so you are stuck with what you got. As an alternative, some folks use software emulation and ROMs on their computers to play countless video game titles. Of course, there are moral concerns here, as you are often downloading the games illegally -- unless you own the physical copy, that is. Even then, it is a gray area. Today, a company called Doyodo launched a new Linux-powered emulation console on Indiegogo. The device not only plays NES games, but Atari, Game Boy, PlayStation 1, Genesis, and more. You play using USB controllers. In addition, it can serve as a media player (with Kodi) or a full-fledged Linux desktop. Some other features include 4K video playback, Wi-Fi networking built in, and a compact and portable design. There's even a deluxe version that ships with Bluetooth, an extra controller and 32GB of storage; the basic configuration includes just one controller and 16GB of storage. You can view the Indiegogo page here.

Slashdot Top Deals