Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
United States

Yahoo Sale To Verizon Delayed After Hack Disclosures (securityweek.com) 7

wiredmikey quotes a report from SecurityWeek: Yahoo said Monday that the closing of a $4.8 billion deal to sell its core internet assets to U.S. telecom titan Verizon has been delayed several months. A close originally set for this quarter has been pushed into next quarter, and has been thrown into doubt following disclosures of two huge data breaches. Yahoo announced in September that hackers in 2014 stole personal data from more than 500 million of its user accounts. It admitted another cyberattack in December, this one dating from 2013, affecting over a billion users. The U.S. Securities and Exchange Commission has opened an investigation into whether Yahoo should have informed investors sooner about the two major data breaches.
Security

Ransomware Infects All St Louis Public Library Computers (theguardian.com) 101

An anonymous reader quotes a report from The Guardian: Libraries in St Louis have been bought to a standstill after computers in all the city's libraries were infected with ransomware, a particularly virulent form of computer virus used to extort money from victims. Hackers are demanding $35,000 (£28,000) to restore the system after the cyberattack, which affected 700 computers across the Missouri city's 16 public libraries. The hackers demanded the money in electronic currency bitcoin, but, as CNN reports, the authority has refused to pay for a code that would unlock the machines. As a result, the library authority has said it will wipe its entire computer system and rebuild it from scratch, a solution that may take weeks. On Friday, St Louis public library announced it had managed to regain control of its servers, with tech staff continuing to work to restore borrowing services. The 16 libraries have all remained open, but computers continue to be off limits to the public. Spokeswoman Jen Hatton told CNN that the attack had hit the city's schoolchildren and its poor worst, as many do not have access to the internet at home. "For many [...] we're their only access to the internet," she said. "Some of them have a smartphone, but they don't have a data plan. They come in and use the wifi." As well as causing the loans system to seize up, preventing borrowers from checking out or returning books, the attack froze all computers, leaving no one able to access the four million items that should be available through the service. The system is believed to have been infected through a centralized computer server, and staff emails have also been frozen by the virus. The FBI has been called in to investigate.
Communications

AT&T Offering Day Pass For International Travelers (cnet.com) 78

Starting Friday, AT&T customers who travel abroad can sign up for a new International Day Pass plan. Instead of paying by the minute, message or megabyte, the plan lets you pay a $10-a-day flat free so you can talk and text "all you want" and also access your data plan as though you're in the states. From a report: AT&T said the new plan is available for customers traveling to more than 100 countries listed here. To use the new plan, customers just need to add it once and it will automatically kick in each time they travel to a supported country, until it's removed.
Databases

Database Attacks Spread To CouchDB, Hadoop, and ElasticSearch Servers (bleepingcomputer.com) 65

An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
Mozilla

Mozilla Releases New Open Source 'Internet Health Report' (venturebeat.com) 68

Slashdot reader Krystalo shared this VentureBeat article: Fresh off its brand redesign, Mozilla has released The Internet Health Report, an open-source initiative to document the state of the internet, combining research and reporting from multiple sources... Mozilla's goal is to start a constructive discussion about the health of the internet by exploring what is currently healthy and unhealthy, as well as what lies ahead...

One notable statistic is the number of people who can't get online in the first place. The report shows that 57.8% of the world's population cannot afford broadband internet, and 39.5% cannot afford an internet connection on their mobile device. Other findings include the fact that there were 51 intentional internet shutdowns across 18 countries in the first 10 months of 2016; almost one-third of the world's population has no data protection rights; and 52% of all websites are in English, even though only 25% of the global population understands the language.

They're now gathering feedback and choosing which metrics to revisit every year, but five key topics include "decentralization: who controls the internet" and "open innovation: how open is it?" as well as security, web literacy, and digital inclusion. But Mozilla says their ultimate goal is very simple: to identify what's helping -- and what's hurting -- the internet.
Education

The 32-Bit Dog Ate 16 Million Kids' CS Homework (code.org) 149

"Any student progress from 9:19 to 10:33 a.m. on Friday was not saved..." explained the embarrassed CTO of the educational non-profit Code.org, "and unfortunately cannot be recovered." Slashdot reader theodp writes: Code.org CTO Jeremy Stone gave the kids an impromptu lesson on the powers of two with his explanation of why The Cloud ate their homework. "The way we store student coding activity is in a table that until today had a 32-bit index... The database table could only store 4 billion rows of coding activity information [and] we didn't realize we were running up to the limit, and the table got full. We have now made a new student activity table that is storing progress by students. With the new table, we are switching to a 64-bit index which will hold up to 18 quintillion rows of information.
The issue also took the site offline, temporarily making the work of 16 million K-12 students who have used the nonprofit's Code Studio disappear. "On the plus side, this new table will be able to store student coding information for millions of years," explains the site's CTO. But besides Friday's missing saves, "On the down side, until we've moved everything over to the new table, some students' code from before today may temporarily not appear, so please be patient with us as we fix it."
Bug

Army Bug Bounty Researcher Compromises US Defense Department's Internal Network (threatpost.com) 41

Thursday the U.S. Army shared some surprising results from its first bug bounty program -- a three-week trial in which they invite 371 security researchers "trained in figuring out how to break into computer networks they're not supposed to." An anonymous reader quotes Threatpost: The Army said it received more than 400 bug reports, 118 of which were unique and actionable. Participants who found and reported unique bugs that were fixed were paid upwards of $100,000... The Army also shared high-level details on one issue that was uncovered through the bounty by a researcher who discovered that two vulnerabilities on the goarmy.com website could be chained together to access, without authentication, an internal Department of Defense website.

"They got there through an open proxy, meaning the routing wasn't shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system," said a post published on HackerOne, which managed the two bounty programs on its platform. "On its own, neither vulnerability is particularly interesting, but when you pair them together, it's actually very serious."

Firefox

The SHA-1 End Times Have Arrived (threatpost.com) 49

"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...

Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant.
The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare
Open Source

Raspberry Pi Gets Competitors (hackaday.com) 115

Hackaday reports that Asus has "quietly released their Tinker board that follows the Pi form factor very closely, and packs a 1.8 GHz quad-core ARM Cortes A17 alongside an impressive spec At £55 (about $68) where this is being written it's more expensive than the Pi, but Asus go to great lengths to demonstrate that it is significantly faster."

And though the Raspberry Pi foundation upgraded their Compute Module, Pine64 has just unveiled their new SOPINE A64 64-bit computing module, a smaller version of the $15 Pine64 computer. An anonymous reader quotes ComputerWorld: At $29, the SOPINE A64 roughly matches the price of the Raspberry Pi Compute Module 3, which ranges from $25 to $30. The new SOPINE will ship in February, according to the website. The SOPINE A64 can't operate as a standalone computer like the Pine64. It needs to be plugged in as a memory slot inside a computer. But if you want a full-blown computer, Pine64 also sells the $15 SOPINE Baseboard Model-A, which "complements the SOPINE A64 Compute Module and turns it into a full single board computer," according to the company...

The original Pine64 was crowdsourced and also became popular for its high-end components like a 64-bit chip and DDR3 memory... It has 2GB RAM, which is twice that of Raspberry Pi's compute module. SOPINE also has faster DDR3 memory, superior to DDR2 memory in Raspberry Pi Compute Module 3 board.

Movies

CBS, Paramount Settle Lawsuit Over 'Star Trek' Fan Film (hollywoodreporter.com) 146

An anonymous reader quotes a report from Hollywood Reporter: Stand down from battle stations. Star Trek rights holders CBS and Paramount have seen the logic of settling a copyright suit against Alec Peters, who solicited money on crowdfunding sites and hired professionals to make a YouTube short and a script of a planned feature film focused on a fictional event -- a Starfleet captain's victory in a war with the Klingon Empire -- referenced in the original 1960s Gene Roddenberry television series. Thanks to the settlement, CBS and Paramount won't be going to trial on Stardate 47634.44, known to most as Jan. 31, 2017. According to a joint statement, "Paramount Pictures Corporation, CBS Studios Inc., Axanar Productions, Inc. and Alec Peters are pleased to announce that the litigation regarding Axanar's film Prelude to Axanar and its proposed film Axanar has been resolved. Axanar and Mr. Peters acknowledge that both films were not approved by Paramount or CBS, and that both works crossed boundaries acceptable to CBS and Paramount relating to copyright law." Peters' Axanar video and script, which feature such arguably copyrighted elements as Vulcan ears, the Klingon language and an obscure character from a 1969 episode, sparked a lawsuit in December 2015. The litigation then proceeded at warp speed with the case almost making it to trial in just 13 months, an amazingly brisk pace by typical standards. When Axanar comes out, it will look different. "Axanar and Mr. Peters have agreed to make substantial changes to Axanar to resolve this litigation, and have also assured the copyright holders that any future Star Trek fan films produced by Axanar or Mr. Peters will be in accordance with the 'Guidelines for Fan Films' distributed by CBS and Paramount in June 2016," states the parties' joint announcement of a settlement.
Communications

Jay Z's Tidal Music Streaming Service Is Fraudulently Inflating Subscriber Numbers, Report Says (digitalmusicnews.com) 32

A new report published by Markus Tobiassen and Kjetil Saeter of Norwegian publication Dagens Naeringsliv is accusing Jay Z's Tidal music streaming service of fabricating their subscriber numbers by creating fake accounts and lying to the media and partners. The company claims to have more than 3 million paying subscribers with more than half of those paying $20-a-month. Digital News Music reports: Tobiassen and Saeter interviewed staffers at TIDAL, as well as partners and confidential sources. And the information that came back was pretty damning. "When 16 of the world's biggest pop stars, one a convicted cocaine smuggler and a former Israeli intelligence officer was not able to obtain enough customers to Jay Z's Tidal, the company began to inflate subscription numbers," the report alleges. DMN spoke this morning with Tobiassen, who offered a translation of the report. "On March 30th of last year, Tidal issued a press release stating that the company had reached 'three million members,'" the report states. "The news story reported worldwide was that Tidal had three million paying subscribers. Tidal also specified to online newspaper The Verge that this figure did not include trial subscribers. This was the last time Tidal reported a total number of subscribers to the public." The only problem with that? "In April 2016, one month after the press release issued by the company claiming three million members, Tidal made payments to the record labels for around 850,000 subscribers. The figure reported internally by Tidal in April is 1.2 million subscribers." The report further states that Tidal itself reported a figure of 1.1 million to the major record labels in late 2016. In other words, nowhere near the numbers reported to media outlets like Digital Music News and Verge.
AT&T

Despite Glitches, AT&T's DirecTV Now Hits 200,000 Subscribers in Its First Month (techcrunch.com) 25

AT&T's new live TV streaming service DirecTV Now has been off to a shaky start in terms of performance, but that hasn't stemmed the flow of sign-ups, AT&T reports. The company said the service added more than 200,000 subscribers in its first month of operations. From a report on TechCrunch: These details were included in an SEC filing for the quarter ending on December 31, 2016. DirecTV Now launched on November 30, 2016. The filing also notes the additions only include paying customers. To be clear, there's no free tier for DirecTV Now, but the company has been offering free trials so customers can kick the tires before committing to a subscription plan. Of course, it's not entirely surprising that DirecTV Now was able to gain so many customers in such a short period of time. On paper, at least, the service sounds compelling.
Facebook

Facebook Has a Team That Handles Mark Zuckerberg's Page (cnet.com) 55

theodp writes: Q. How many Facebook employees does it take to produce Mark Zuckerberg's Facebook page? A. More than a dozen! CNET's Ian Sherr offers his take on the news that Facebook has a team that handles Mark Zuckerberg's page: "Ever notice the photos, videos and posts on the profile page for Facebook's CEO are a lot nicer looking or better written than yours? Don't feel bad. Mark Zuckerberg has a team of people who are increasingly managing his public persona, according to a Wednesday report from Bloomberg Businessweek. Not only do they help write speeches and posts, but they also take photographs of his family and his travels, interspersing them with infographics about the company's user growth and sales. There're even people who delete harassing comments and spam for him. A Facebook spokeswoman said the company's service is an easy way for executives to connect with people." Wonder how many people it took to help craft the latest post, in which Zuck fired back at "some misleading stories going around" about "some land" he purchased in Hawaii (which another Zuck post noted also serves as a petting zoo of sorts for his daughter).
The Internet

Netflix Calls Out HBO For Not Letting Subscribers Binge On New Shows (arstechnica.com) 57

An anonymous reader quotes a report from Ars Technica: Netflix has gleefully poked a stick at its competitors in the video streaming market, after revealing it had added more than seven million subscribers to its service in the last three months of 2016. HBO also got a special mention. In a letter to shareholders, the company's boss Reed Hastings teased the TV drama maker by noting that, if the BBC was willing to stream shows before they air on television, then maybe HBO -- which has rigidly stuck to its strategy of eking out episodes to viewers -- should do the same. He said: "[...] the BBC has become the first major linear network to announce plans to go binge-first with new seasons, favoring internet over linear viewers. We presume HBO is not far behind the BBC. In short, it's becoming an Internet TV world, which presents both challenges and opportunities for Netflix as we strive to earn screen time." But it's worth noting that HBO currently has an exclusive deal with Sky in the UK, Ireland, Germany, Austria, and Italy, allowing the broadcaster to have first-run rights on the likes of Game of Thrones and Westworld until 2020 -- so any such change isn't likely to happen in the near-term. Late last year, it struck a deal with Netflix rival Amazon, allowing Prime members in the US to sign up for a monthly HBO subscription. "We have a very successful partnership with this great company that continues to evolve," said HBO exec Sofia Chang in December. The company's HBO Now streaming service shows no sign of shifting strategy, either, with programs airing simultaneously on traditional TV and online.
Communications

5G Internet is the 'Beginning of the Fourth Industrial Revolution' (cnbc.com) 142

Next-generation 5G mobile internet technology marks the beginning of the "fourth industrial revolution," the chief executive of Turkey's leading telecoms player told CNBC on Thursday. From a report: 5G is viewed as a technology that can support the developing Internet of Things (IOT) market, which refers to millions -- or potentially billions -- of internet-connected devices that are expected soon to come on to the market. Kaan Terzioglu, the chief executive of Turkcell, which has a market capitalization of $23 billion, touted the potential of the technology, saying that while 4G revolutionized the consumer market, 5G could transform the industrial space. "I think this is the beginning of the fourth generation of the industrial revolution. This will be the platform linking billions of devices together," Terzioglu told CNBC at the World Economic Forum in Davos. Turkcell has been working on 5G technologies since 2013 and this week completed a test in partnership with Ericsson, using the next-generation internet.
Security

ProtonMail Adds Tor Onion Site To Fight Risk Of State Censorship (techcrunch.com) 26

ProtonMail now has a home on the dark web. The encrypted email provider announced Thursday it will allow its users to access the site through the Tor anonymity service. From a report: Swiss-based PGP end-to-end encrypted email provider, ProtonMail, now has an onion address, allowing users to access its service via a direct connection to the Tor anonymizing network -- in what it describes as an active measure aimed at defending against state-sponsored censorship. The startup, which has amassed more than two million users for its e2e encrypted email service so far, launching out of beta just over a year ago, says it's worried about an increased risk of state-level blocking of pro-privacy tools -- pointing to recent moves such as encryption messaging app Signal being blocked in Egypt, and the UK passing expansive surveillance legislation that mandates tracking of web activity and can also require companies to eschew e2e encryption and backdoor products. The service also saw a bump in sign ups after the election of Donald Trump as US president, last fall -- with web users apparently seeking a non-US based secure email provider in light of the incoming commander-in-chief's expansive digital surveillance powers.
Businesses

Netflix's Subscriber Boom Shows the World is Accepting Internet TV (cnbc.com) 147

Netflix's boom in subscribers is a sign that the world is accepting internet TV, meaning without commercials and on-demand, said CEO Reed Hastings during an earnings call with investors. From a report: "The basic demand is increasing as people get more comfortable and more aware of Internet television where you don't get the commercial interruptions, where you get to watch where and when you want," said Hastings. Netflix reported $2.47 billion in revenue during Q4 2016, and earnings per share of 15 cents. The streaming giant wildly beat its original projections for subscriber additions, bringing in 7.05 million new customers compared to its Q3 estimate of 5.2 million. The majority of adds were from international viewers. Even though some shows -- like "Gilmore Girls" -- started as traditional TV shows before moving to Netflix, a large part of the draw for new subscribers came from original shows. Almost half of the most searched for shows this year were Netflix originals, said Ted Sarandos, chief content officer. The company has 42 launches coming up, including Marvel's "Iron Fist" and Drew Barrymore's zombie comedy "Santa Clarita Diet."
Botnet

Krebs Pinpoints the Likely Author of the Mirai Botnet (engadget.com) 98

The Mirai botnet caused serious trouble last fall, first hijacking numerous IoT devices to make a historically massive Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's site in September before taking down a big chunk of the internet a month later. But who's responsible for making the malware? From a report on Engadget: After his site went dark, security researcher Brian Krebs went on a mission to identify its creator, and he thinks he has the answer: Several sources and corroborating evidence point to Paras Jha, a Rutgers University student and owner of DDoS protection provider Protraf Solutions. About a week after attacking the security site, the individual who supposedly launched the attack, going by the username Anna Senpai, released the source code for the Mirai botnet, which spurred other copycat assaults. But it also gave Krebs the first clue in their long road to uncover Anna Senpai's real-life identity -- an investigation so exhaustive, the Krebs made a glossary of cross-referenced names and terms along with an incomplete relational map.
Firefox

Mozilla's New Logo Reminds Us that It Is, In Fact, a Web Firm (cnet.com) 185

Mozilla has a new logo. The company has ditched the world "ill" from the name with a colon and two slashes. From a report: Last year, Mozilla, the internet company best known for the Firefox browser, publicly started the rebranding process by opening the door to public feedback. With several options on display, Mozilla asked for comments and input from all who cared to share. As of today, the new logo is official and the simple change is meant as a reminder that Mozilla is more than just a browser.
Android

Android Will Now Store Google Searches Offline and Deliver Them When You Get Signal (theverge.com) 35

Google is rolling out an update for its Android app that makes it easier to search on the web with an inconsistent internet connection. Users can make searches when offline and the Google app will store them, delivering the results later (with an optional notification) when the devices get signal again. From a report: As Google product manager Shekhar Sharad writes in a blog post: "So the next time you lose service, feel free to queue up your searches, put your phone away and carry on with your day. The Google app will work behind-the-scenes to detect when a connection is available again and deliver your search results once completed."

Slashdot Top Deals