IP Address May Associate Lyft CTO With Uber Data Breach ( 71

An anonymous reader writes: According to two unnamed Reuters sources the IP address of Lyft CTO Chris Lambert has been revealed by Uber's investigations to be associated with the accessing of a security key that was accidentally deposited on GitHub in 2014 and used to access 50,000 database records of Uber drivers later that year. However, bearing in mind that the breach was carried out through a fiercely protectionist Scandinavian VPN, and that Lambert was a Google software engineer before become CTO of a major technology company, it does seem surprising that he would have accessed such sensitive data with his own domestic IP address.

Dell, EMC Said To Be In Merger Talks ( 75

itwbennett writes: According to a Wall Street Journal report (paywalled), Dell might buy some or all of storage giant EMC. (The grain of salt here is that the Journal's report cited unnamed sources, and cautioned that the companies might not finalize any agreement.) If the report has it right, though, "a total merger would be one of the biggest deals ever in the technology industry," writes Stephen Lawson for IDG, "with EMC holding a market value of about US$50 billion. It would also bring together two of the most important vendors to enterprise IT departments."
United States

NSF Awards $74.5 Million To Support Interdisciplinary Cybersecurity Research ( 6

aarondubrow writes: The National Science Foundation announced $74.5 million in grants for basic research in cybersecurity. Among the awards are projects to understand and offer reliability to cryptocurrencies; invent technologies to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the science of censorship resistance by developing accurate models of the capabilities of censors. According to NSF, long-term support for fundamental cybersecurity research has resulted in public key encryption, software security bug detection, spam filtering and more.
The Internet

Google's Effort To Speed Up the Mobile Web ( 82

An anonymous reader writes: Google has officially taken the wraps off its AMP project — Accelerated Mobile Pages — which aims to speed up the delivery of web content to mobile devices. They say, "We began to experiment with an idea: could we develop a restricted subset of the things we'd use from HTML, that's both fast and expressive, so that documents would always load and render with reliable performance?" That subset is now encapsulated in AMP, their proof-of-concept. They've posted the code to GitHub and they're asking for help from the open source community to flesh it out. Their conclusions are familiar to the Slashdot crowd: "One thing we realized early on is that many performance issues are caused by the integration of multiple JavaScript libraries, tools, embeds, etc. into a page. This isn't saying that JavaScript immediately leads to bad performance, but once arbitrary JavaScript is in play, most bets are off because anything could happen at any time and it is hard to make any type of performance guarantee. With this in mind we made the tough decision that AMP HTML documents would not include any author-written JavaScript, nor any third-party scripts." They're seeing speed boosts anywhere from 15-85%, but they're also looking at pre-rendering options to make some content capable of loading instantaneously. Their FAQ has a few more details.

Microsoft Claims 110M Devices Now Run Windows 10 ( 141

New submitter enterpriseITrocks writes: Computerworld reports that Windows 10 is running on 110 million devices, citing stats provided by Panos Panay, the chief of the Surface team. It's the first time since late August that Microsoft has provided usage stats for Win10 at a time when the new OS was running on 75 million machines. From the article: "Microsoft's 110 million described those running Windows 10, not downloads, the company confirmed. A spokeswoman declined to describe how the company tracks uptake, but presumably it does via Windows 10 activations, which it could easily tally from its logs."

Jimmy Wales and Former NSA Chief Ridicule Government Plans To Ban Encryption 171

Mickeycaskill writes: Jimmy Wales has said government leaders are "too late" to ban encryption which authorities say is thwarting attempts to protect the public from terrorism and other threats. The Wikipedia founder said any attempt would be "a moronic, very stupid thing to do" and predicted all major web traffic would be encrypted soon. Wikipedia itself has moved towards SSL encryption so all of its users' browsing habits cannot be spied on by intelligence agencies or governments. Indeed, he said the efforts by the likes of the NSA and GCHQ to spy on individuals have actually made it harder to implement mass-surveillance programs because of the public backlash against Edward Snowden's revelations and increased awareness of privacy. Wales also reiterated that his site would never co-operate with the Chinese government on the censorship of Wikipedia. "We've taken a strong stand that access to knowledge is a principle human right," he said. derekmead writes with news that Michael Hayden, the former head of the CIA and the NSA, thinks the US government should stop railing against encryption and should support strong crypto rather than asking for backdoors. The US is "better served by stronger encryption, rather than baking in weaker encryption," he said during a panel on Tuesday.

Danish Bank Leaves Server In Debug Mode, Exposes Sensitive Data In JS Comments 41

An anonymous reader writes: Dutch IT security expert Sijmen Ruwhof has found a pretty big blunder on the part of Danske Bank, Denmark's biggest bank, which exposed sensitive user session information in the form of an encoded data dump, in their banking portal's JavaScript files. The data contained client IP addresses, user agent strings, cookie information, details about the bank's internal IT network, and more. He contacted the bank, who fixed the issue, but later denied it ever happened.

Boarding Pass Barcodes Can Reveal Personal Data, Future Flights 63

An anonymous reader writes: Security experts have warned that barcodes contained on airplane boarding passes could offer a detailed stream of information to malicious individuals, including data on travel habits and future flight plans. Brian Krebs explained yesterday that by using an easily available online barcode reader, attackers can retrieve a person's name, frequent flyer number, and record locator — information needed to access an individual's account and details of past and upcoming flights, phone numbers, and billing information, along with options to change seats and cancel flights.

Windows Phone Store Increasingly Targeted With Fake Mobile Apps 89

An anonymous reader writes: A post by security company Avast says not only are a large amount of fake apps available from the third-party marketplace of the Windows Phone Store, but they also remain available for quite a while despite negative comments and other flags from end-users. Avast speculates that improved security and auditing procedures at rival stores such as Google Play account for the increasing attention that fake app-publishers are giving to the Windows phone app market.

Why Is RAM Suddenly So Cheap? It Might Be Windows 207

jfruh writes: The average price of a 4GB DDR3 memory DIMM at the moment $18.50 — a price that's far lower than at this time last year. Why is it so cheap? The memory business tends to go in boom and bust cycles, but the free availability of Windows 10 means that fewer people are upgrading their PCs, reducing RAM demand. Analyst Avril Wu said, "Notebook shipments in the third quarter fall short of what is expected for a traditional peak season mainly because Windows 10 with its free upgrade plan negatively impacted replaced sales of notebooks to some extent rather than driving the demand for these products." And prices might stay low for another two years.

Worries Mount Over Upcoming LTE-U Deployments Hurting Wi-Fi 168

alphadogg writes: LTE-U is a technology developed by Qualcomm that lets a service provider broadcast and receive signals over unlicensed spectrum, which is usable by anybody – specifically, in this case, the spectrum used by Wi-Fi networks in both businesses and homes. By opening up this new spectrum, major U.S. wireless carriers hope to ease the load on the licensed frequencies they control and help their services keep up with demand. Unsurprisingly, several outside experiments that pitted standard LTE technology or 'simulated LTE-U' technology, in the case of one in-depth Google study, against Wi-Fi transmitters on the same frequencies found that LTE drastically reduced the throughput on the Wi-Fi connection.
Open Source

Matthew Garrett Forks the Linux Kernel 674

jones_supa writes: Just like Sarah Sharp, Linux developer Matthew Garrett has gotten fed up with the unprofessional development culture surrounding the kernel. "I remember having to deal with interminable arguments over the naming of an interface because Linus has an undying hatred of BSD securelevel, or having my name forever associated with the deepthroating of Microsoft because Linus couldn't be bothered asking questions about the reasoning behind a design before trashing it," Garrett writes. He has chosen to go his own way, and has forked the Linux kernel and added patches that implement a BSD-style securelevel interface. Over time it is expected to pick up some of the power management code that Garrett is working on, and we shall see where it goes from there.

From Microsoft, HoloLens VR Dev Kit, New Phones, Continuum 87

Ars Technica and scads of other tech hardware sites are reporting that the big news so far from this morning's Microsoft product launch event in New York is that the company's Hololens development kit will begin shipping in the first quarter of next year, and at a price that puts the units out of the hands of typical consumers: $3000. At that level, developers are more likely to make the plunge, which Ars applauds.

The company also announced three new smartphones: two of them, the Lumia 950, 950XL, are worth designating "flagships," while the 550, notably, will sell for $139, putting it in the territory of cheap grey-market Android phones. More interesting than spec bumps, though, is Continuum for Windows, a Window 10 feature which made its official debut at the event. Continuum is one manifestation of the pocket-computer idea that others have had as well in various forms: it means that with an adapter, a phone can be used as the CPU and graphics engine when connected to a screen and keyboard: "The adapter features a Microsoft Display Dock, an HDMI and Display Port, plus 3 USB ports to provide productivity on the go and let you plug in additional peripherals, such as mice and keyboards. Other accessories can be connected too, Microsoft said."

Microsoft also demo'd the Surface 4. Its improved screen is 12.3" at 2160x1440, for a pixel density of 267 PPI. The new pro has a Skylake 6th-gen processor, which they say provides a 30% performance boost over the Surface Pro 3, and a 50% boost over the MacBook Air. The SP4 goes up to 1TB of storage, and up to 16GB of RAM. The Type Cover was improved as well — the touchpad is 40% larger and supports 5-point multi-touch, while the keys have better travel and pitch.

On top of this, Microsoft also unveiled the Surface Book laptop. Its defining feature is that you can unclip the 13.5" touchscreen and use it separately as a tablet. The keyboard dock has a dedicated GPU that will boost performance when attached. Microsoft is using a new type of hinge that bends and extends at multiple points, so you can also reattach the screen backward if you want to use it as a tablet while keeping the extra GPU power available. They claim a 12-hour battery life for the Surface Book.

International Exploit Kit Angler Thwarted By Cisco Security Team 36

An anonymous reader writes: Researchers at a Cisco security unit have successfully interrupted the spread of a massive international exploit kit which is commonly used in ransomware attacks. The scientists discovered that around 50% of computers infected with Angler were connecting with servers based at a Dallas facility, owned by provider Limestone Networks. Once informed, Limestone cut the servers from its network and handed over the data to the researchers who were able to recover Angler authentication protocols, information needed to disrupt future diffusion.

Software Defined Smart Battery Arrays Extend Laptop Life 40

An anonymous reader writes: A Microsoft research paper, titled 'Software Defined Batteries', outlines a radical charging alternative which uses a smart battery system to keep consumer-grade gadgets going for much longer than the current norm, by monitoring user habits. Making use of existing technologies, the engineers place multiple battery control under the duties of the operating system to create a software-defined approach optimized for different scenarios, such as word processing, email or video streaming.

Disproving the Mythical Man-Month With DevOps 278

StewBeans writes: The Mythical Man-Month is a 40-year old theory on software development that many believe still holds true today. It states: "A project that requires five team members to work for five months cannot be completed by a twenty-five person team in one month." Basically, adding manpower to a development project counterintuitively lowers productivity because it increases complexity. Citing the 2015 State of DevOps Report, Anders Wallgren from Electric Cloud says that microservices architecture is proving this decades-old theory wrong, but that there is still some hesitation among IT decision makers. He points out three rookie mistakes to avoid for IT organizations just starting to dip their toes into agile methodologies.

Advertising Malware Affects Non-Jailbroken iOS Devices 69

An anonymous reader writes: Malware called YiSpecter is infecting iOS devices belonging to Chinese and Taiwanese users, and is the first piece of malware that successfully targets both jailbroken and non-jailbroken devices, Palo Alto Networks researchers warn. What's more, the techniques it uses for hiding are making it difficult to squash the infection. YiSpecter's malicious apps were signed with three iOS enterprise certificates issued by Apple so that they can be installed as enterprise apps on non-jailbroken iOS devices via in-house distribution. Through this kind of distribution, an iOS app can bypass Apple's strict code review procedures and can invoke iOS private APIs to perform sensitive operations.

OpenIndiana Hipster 2015.10: Keeping an Open-Source Solaris Going 148

An anonymous reader writes: It's been five years since Oracle killed off OpenSolaris while the community of developers are letting it live on with the new OpenIndiana "Hipster" 15.10 release. OpenIndiana 15.10 improves its Python-based text installer as it looks to drop its GUI installer, switches out the Oracle JDK/JRE for OpenJDK, and updates its vast package set. However, there are still a number of outdated packages on the system like Firefox 24 and X.Org Server 1.14 while the default office suite is a broken OpenOffice build, due to various obstacles in maintaining open-source software support for Solaris while being challenged by limited contributors. Download links are available via the release notes. There's also a page for getting involved if wishing to improve the state of open-source Solaris.

Stolen Patreon User Data Dumped On Internet 161

After the personal data breach at crowd-funding site Patreon reported a few days ago, there's some worse news: the information isn't just in limbo any more; Patreon reported Saturday that the compromised information has been leaked in the form of a massive data dump. (The slightly good news is that no credit card information was leaked.)
The Military

F-35 Ejection Seat Fears Ground Lightweight Pilots 178

An anonymous reader writes: Writing for Defense News, Lara Seligman and Aaron Mehta report that "[c]oncerns about increased risk of injury to F-35 pilots during low-speed ejections have prompted the US military services to temporarily restrict pilots who weigh less than 136 pounds from flying the aircraft. During August tests of the ejection seat, built by Martin-Baker, testers discovered an increased risk of neck injury when a lightweight pilot is flying at slower speeds. Until the problem is fixed, the services decided to restrict pilots weighing under 136 pounds from operating the plane, Maj. Gen. Jeffrey Harrigian, F-35 integration office director, told Defense News in a Tuesday interview."