Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

The Psychological Reasons Behind Risky Password Practices (helpnetsecurity.com) 176

Orome1 quotes a report from Help Net Security: Despite high-profile, large-scale data breaches dominating the news cycle -- and repeated recommendations from experts to use strong passwords -- consumers have yet to adjust their own behavior when it comes to password reuse. A global Lab42 survey, which polled consumers across the United States, Germany, France, New Zealand, Australia and the United Kingdom, highlights the psychology around why consumers develop poor password habits despite understanding the obvious risk, and suggests that there is a level of cognitive dissonance around our online habits. When it comes to online security, personality type does not inform behavior, but it does reveal how consumers rationalize poor password habits. My personal favorite: password paradox. "The survey revealed that the majority of respondents understand that their digital behavior puts them at risk, but do not make efforts to change it," reports Help Net Security. "Only five percent of respondents didn't know the characteristics of a secure password, with the majority of respondents understanding that passwords should contain uppercase and lowercase letters, numbers and symbols. Furthermore, 91 percent of respondents said that there is inherent risk associated with reusing passwords, yet 61 percent continue to use the same or similar passwords anyway, with more than half (55 percent) doing so while fully understanding the risk." The report also found that when attempting to create secure passwords, "47 percent of respondents included family names or initials," while "42 percent contain significant dates or numbers and 26 percent use the family pet."
News

Slashdot Asks: The Washington Post Says It Publishes Something Every Minute -- How Much Is Too Much? (washingtonian.com) 86

Media outlets are increasingly vying for your attention. But they are also feeding Google's algorithm. Some of them churn hundreds of news articles every day, hoping to offer a diverse range of articles to their readers, and also increase their "search space." The Washington Post is currently running a promotional offer -- letting people get a six-month digital subscription for $10 (pretty good if you ask me). But the Washington Post also mentions that is now publishes a new piece of content every minute. That's like 1,440 articles, videos and other forms of content in one single day. This raises a question: how much content is too much content? How many stories can a person possibly find time to read in a day? Do you feel that perhaps outlets should cut down on the number of things they publish? Or are you happy with the way things are?
Music

Spotify in Talks To Acquire SoundCloud (variety.com) 20

Janko Roettgers, writing for Variety: Spotify is in advanced talks to acquire rival music service SoundCloud, according to a report by the Financial Times. An announcement of the acquisition could be made soon, according to the Times. The acquisition would come just months after SoundCloud launched its own paid streaming service. A Spotify spokesperson declined to comment on the report when contacted by Variety; SoundCloud didn't immediately respond to a request for comment. Spotify is the market leader in the growing paid streaming business, disclosing earlier this month that it now has more than 40 million paying subscribers. Its biggest competitor is Apple Music with 17 million paying subscribers.
IBM

Banks Adopting Blockchain 'Dramatically Faster' Than Expected (reuters.com) 57

Banks and other financial institutions are adopting blockchain technology "dramatically faster" than initially expected, with 15 percent of top global banks intending to roll out full-scale, commercial blockchain products in 2017, IBM said on Wednesday. Reuters reports: The technology company said 65 percent of banks expected to have blockchain projects in production in three years' time, with larger banks -- those with more than 100,000 employees -- leading the charge. IBM, whose findings were based on a survey of 200 banks, said the areas most commonly identified by lenders as ripe for blockchain-based innovation were clearing and settlement, wholesale payments, equity and debt issuance and reference data. Blockchain, which originates from digital currency bitcoin, works as an electronic transaction-processing and record-keeping system that allows all parties to track information through a secure network, with no need for third-party verification.
Cloud

Microsoft Partners With Bank of America On Blockchain Trade Finance (securityweek.com) 43

wiredmikey quotes a report from SecurityWeek: Microsoft and Bank of America Merrill Lynch said they are working together to make financial transactions more efficient with blockchain technology -- the foundation of bitcoin digital currency. Blockchains are considered tamper-proof registers in which entries are time-stamped and linked to previous "blocks" in a data chain. As expected, the technology that drives the shadowy bitcoin cryptocurrency is drawing interest from the established banking industry, which sees a potential to revolutionize the sector. The companies said they will build and test frameworks for blockchain-powered exchanges between businesses and their customers and banks. Microsoft plans to use its Azure cloud service platform to enable blockchain transactions between a major corporate treasury and a financial institution. "Blockchains serve as public ledgers considered easy to audit and verify. They are also automated, speeding up transactions and limiting potential for error or revision," the report adds. The companies said that by using blockchain technology, they can digitalize and automate trade finance processes, which are traditionally highly manual, time-consuming and costly.
Transportation

HERE, Automakers Team Up To Share Data On Traffic Conditions (reuters.com) 52

German digital map maker HERE will introduce a new set of traffic services this week that allows drivers to see for themselves what live road conditions are like miles ahead using data from competing automakers, an industry first, reports Reuters. From the report: The Berlin-based company, owned by Germany's three premium automakers, will provide four services in which drivers share detailed video views of traffic jams or accidents, potential road hazards like fog or slippery streets, traffic signs including temporary speed limits and on-street parking. BMW, Daimler and Volkswagen will all contribute data to the service, making their first big collaboration since they bought HERE for 2.8 billion euros ($3.1 billion) late last year from mobile equipment maker Nokia of Finland. Other automakers are expected to join the project later and contribute data from their vehicles, HERE said. The new live traffic services are set to hit the road in the first half of 2017, HERE said on Monday before the opening of this week's Paris Motor Show.
Government

California Launches Mandatory Data Collection For Police Use-of-Force (seattletimes.com) 115

An anonymous Slashdot reader quotes the AP: All 800 police departments in California must begin using a new online tool launched Thursday to report and help track every time officers use force that causes serious injuries... The tool, named URSUS for the bear on California's flag, includes fields for the race of those injured and the officers involved, how their interaction began and why force was deemed necessary.

"It's sort of like TurboTax for use-of-force incidents," said Justin Erlich, a special assistant attorney general overseeing the data collection and analysis. Departments must report the data under a new state law passed last November. Though some departments already tracked such data on their own, many did not... "As a country, we must engage in an honest, transparent, and data-driven conversation about police use of force," California Attorney General Kamala Harris said in a news release.

It's an open source tool developed by Bayes Impact, and California plans to share the code with other interested law enforcement agencies across the country. Only three other states currently require their police departments to track data about use-of-force incidents, "but their systems aren't digital, and in Colorado's case, only capture shootings."
Security

97% of the Top Companies Have Leaked Credentials Online (onthewire.io) 21

Apparently lots of people have been use both their work email address and work password on third-party sites -- suggesting a huge vulnerability. Trailrunner7 quotes On The Wire: The last few years have seen a number of large-scale breaches at popular sites and companies, including LinkedIn, Adobe, MySpace, and Ashley Madison, and many of the credentials stolen during those incidents have ended up online in various places... [R]esearch from Digital Shadows found that the most significant breach for the global 1,000 companies it looked at was the LinkedIn incident... Digital Shadows found more than 1.6 million credentials online for the 1,000 companies it studied. Adobe's breach was next on the list, with more than 1.3 million credentials.
"For Ashley Madison alone, there were more than 200,000 leaked credentials from the top 1,000 global companies," the researchers report, noting they also found many leaked credentials from breaches at other dating and gaming sites, as well as Myspace. Their conclusion? "The vast majority of organizations have credentials exposed online..."
Security

Why the Silencing of KrebsOnSecurity Opens a Troubling Chapter For the Internet (arstechnica.com) 205

An anonymous reader quotes a report from Ars Technica: For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposes reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here. On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it's twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn't rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease. The attackers used Internet-of-things devices since they're always-connected and easy to "remotely commandeer by people who turn them into digital cannons that spray the internet with shrapnel." "The biggest threats as far as I'm concerned in terms of censorship come from these ginormous weapons these guys are building," Krebs said. "The idea that tools that used to be exclusively in the hands of nation states are now in the hands of individual actors, it's kind of like the specter of a James Bond movie." While Krebs could retain a DDoS mitigation service, it would cost him between $100,000 and $200,000 per year for the type of protection he needs, which is more than he can afford. What's especially troubling is that this attack can happen to many other websites, not just KrebsOnSecurity.
Crime

Cops Are Raiding Homes of Innocent People Based Only On IP Addresses (fusion.net) 241

Kashmir Hill has a fascinating story today on what can go wrong when you solely rely on IP address in a crime investigation -- also highlighting how often police resort to IP addresses. In the story she follows a crime investigation that led police to raid a couple's house at 6am in the morning, because their IP address had been associated with the publication of child porn on notorious 4chan porn. The problem was, Hill writes: the couple -- David Robinson and Jan Bultmann -- weren't the ones who had uploaded the child porn. All they did was voluntarily use one of their old laptops as a Tor exit relay, a software used by activists, dissidents, privacy enthusiasts as well as criminals, so that people who want to stay anonymous when surfing the web could do so. Hill writes: Robinson and Bultmann had [...] specifically operated the riskiest node in the chain: the exit relay which provides the IP address ultimately associated with a user's activity. In this case, someone used Tor to make the porn post, and his or her traffic had been routed through the computer in Robinson and Bultmann's house. The couple wasn't pleased to have helped someone post child porn to the internet, but that's the thing about privacy-protective tools: They're going to be used for good and bad purposes, and to support one, you might have to support the other.Robinson added that he was a little let down because police didn't bother to look at the public list which details the IP addresses associated with Tor exit relays. Hill adds: The police asked Robinson to unlock one MacBook Air, and then seemed satisfied these weren't the criminals they were looking for and left. But months later, the case remains open with Robinson and Bultmann's names on police documents linking them to child pornography. "I haven't run an exit relay since. The police told me they'd be back if it happened again," Robinson said; he's still running a Tor node, just not the end point anymore. "I have to take the threat seriously because I don't want my wife or I to wake up with guns in our faces."Technologist Seth Schoen, and EFF Executive Director Cindy Cohn in a white paper aimed at courts and cops. "For many reasons, connecting an individual to a crime linked to an IP address, without any additional investigation, is irresponsible and threatens the civil liberties of innocent people."
Piracy

Hackers Seed Torrent Trackers With Malware Disguised as Popular Downloads (grahamcluley.com) 64

An anonymous reader writes: Cybercriminals are spreading malware via torrent distribution networks, using an automated tool to disguise the downloads as trending audio, video and other digital content in an attempt to infect more unsuspecting victims. Researchers at InfoArmor say they have uncovered a malicious torrent distribution network that relies on a tool called RAUM to infect computers with malware. The network begins with a torrent parser, which collects information about some of the most popular torrent files circulating around the web. Computer criminals then apply their RAUM tool to create a series of malicious files. Some are fake copies of those popular torrent files that in reality hide notorious malware such as CryptXXX, Cerber, or Dridex. Others are weaponized torrent files, while others still are parsed torrent files that rely on a high download rating, a reputation which the attackers artificially inflate by abusing compromised users' accounts to set up new seeds.
Patents

'Corporate Troll' Wins $3 Million Verdict Against Apple For Ring-Silencing Patent (arstechnica.com) 84

An anonymous reader quotes a report from Ars Technica: A non-practicing entity called MobileMedia Ideas LLC won a patent lawsuit against Apple today, with a Delaware federal jury finding that Apple should pay $3 million for infringing MobileMedia's patent RE39,231, which relates to ring-silencing features on mobile phones. MobileMedia is an unusual example of the kind of pure patent-licensing entity often derided as a "patent troll." It is majority-owned by MPEG-LA, a patent pool that licenses common digital video technologies like H-264, MPEG-2, and MPEG-4. Minority stakes in MobileMedia are owned by Sony and Nokia, which both contributed the patents owned by the company. MobileMedia also has the same CEO as MPEG-LA, Larry Horn. The battle ended up being a long one, as MobileMedia first filed the case in 2010. It went to trial in 2012, and the jury found that Apple infringed three patents. After reviewing post-trial motions, the judge knocked out some, but not all, of the infringed patent claims. Then came an appeal in which a panel of Federal Circuit judges upheld (PDF) some of the lower court's judges and overturned others. A $3 million verdict is hardly going to make an impact on Apple, and it doesn't represent a huge win for MobileMedia, which was reportedly seeking $18 million in royalties from the trial. Still, getting a verdict in its favor does represent some validation of MobileMedia's business model, which was a striking example of technology corporations using the "patent troll" business model as a kind of proxy war. Nokia and Sony were able to use MobileMedia and the licensing talent at MPEG-LA to wage a patent attack on Apple without engaging directly in court. In all, after years of back-and-forth, the ring-silencing patent was the one that MobileMedia had left. While Apple didn't win the case against one of the first "corporate trolls," it was able to severely pare down the scale of the attack and show that it's willing to fight a long legal war of attrition to make its point.
Music

It Took a Couple Decades, But the Music Business Looks Like It's Okay Again (recode.net) 125

According to latest number from RIAA, music sales in the first half of the year were up 8.4 percent, to $3.4 billion -- the best performance the music industry has seen since its peak days back in the CD era. Recode adds: That boom is fueled entirely by the growth of paid subscription services. This year's numbers include Apple Music, which didn't exist a year ago but has 17 million worldwide subscribers today, as well as Spotify, which has been growing faster than Apple and has 40 million global subs. Digital downloads via stores like iTunes, meanwhile, are falling behind. Those sales dropped 17 percent to $1 billion. And some people still buy CDs, but soon that business will be a footnote: Those sales dropped 14 percent and now make up just 20 percent of U.S. sales. All good, right? Not according to Cary Sherman, who runs the RIAA, the labels' American trade group. He has a Medium post complaining that YouTube doesn't pay enough for all the music it streams, almost all of which is free.
Robotics

UK Standards Body Issues Official Guidance On Robot Ethics (digitaltrends.com) 68

An anonymous reader quotes a report from Digital Trends: The British Standards Institution, which is the U.K.'s national standards body charged with creating the technical standards and certification for various products and services, has just produced its first set of official ethics guidelines relating to robots. "The expert committee responsible for this thought there was really a need for a set of guidelines, setting out the ethical principles surrounding how robots are used," Dan Palmer, head of market development at BSI, told Digital Trends. "It's an area of big public debate right now." The catchily-named BS 8611 guidelines start by echoing Asimov's Three Laws in stating that: "Robots should not be designed solely or primarily to kill or harm humans." However, it also takes aim at more complex issues of transparency by noting that: "It should be possible to find out who is responsible for any robot and its behavior." There's even discussion about whether it's desirable for a robot to form an emotional bond with its users, an awareness of the possibility robots could be racist and/or sexist in their conduct, and other contentious gray areas. In all, it's an interesting attempt to start formalizing the way we deal with robots -- and the way roboticists need to think about aspects of their work that extend beyond technical considerations. You can check it out here -- although it'll set you back 158 pounds ($208) if you want to read the BSI guidelines in full. (Is that ethical?) "Robots have been used in manufacturing for a long time," Palmer said. "But what we're seeing now are more robots interacting with people. For instance, there are cases in which robots are being used to give care to people. These are usages that we haven't seen before -- [which is where the need for guidelines comes in.]"
Businesses

GoPro Launches Karma Drone and Voice-Controlled Hero5 Cameras (cnet.com) 14

The long-awaited GoPro drone has officially launched. Dubbed Karma, GoPro's new drone works with the Hero5 and Hero5 Session, two new flagship cameras. The Hero5 features a 2-inch touch display, 12-megapixel photos with RAW support, built-in GPS, electronic image stabilization, waterproofing up to 33 feet (10 meters), and voice control. The GoPro Hero5 Session on the other hand consists of a tiny cube camera that is capable of 4K video recording at 30 fps and 10-megapixel photos. It too is waterproof up to 33 feet (10 meters) and offers support for voice commands. You can say, "GoPro, start recording," and it will start recording. They are also both cloud-connected, meaning they can auto-upload photos and video to an account when the camera is charging (requires a paid subscription to GoPro's new cloud service). While the Karma works with the Hero5 and Hero5 Session, it also works with the Hero4 cameras. CNET reports: The Karma's small, too. Like fold-it-up-and-stick-it-in-a-regular-backpack small. In fact, it even comes with the backpack. And of course it's made with the new Hero5 Black and Hero5 Session cameras, but will also work with the Hero4 cameras. So you're not stuck with a camera that's permanently attached to a drone, you're getting a camera you can use on its own or in the drone. Perhaps its greatest asset is the three-axis camera stabilizer on the drone. Not only will it keep your video looking smooth in the air, but it can be removed and attached to the included Karma Grip. GoPro says the grip can then be used handheld, perfect for running, riding, skating, etc. alongside your friends, or mounted on other gear. Karma arrives on October 23 for $799 without a camera, $999 with a Hero5 Session and $1,099 with the Hero5 Black.
Games

Valve Bans Developer From Steam After It Sues Customers Over Bad Reviews (arstechnica.com) 194

From an ArsTechnica report: A game developer has been banned from Steam after users claimed that it had attempted to sue 100 users of the platform for $18 million -- for the crime of leaving bad reviews. Digital Homicide, which has released dozens of small games mostly available for a couple of quid each, had its titles removed from Valve's popular digital distribution platform on Friday night. Its boss, James Romine, was granted a subpoena by a court in Arizona apparently allowing him to demand the release of "identification and associated data" of anonymous Steam users. The lawsuit listed in turn the misdemeanours of dozens of John/Jane Does, which include counts of "harassment," "stalking," and "cyber-bullying." In a brief e-mail sent to Vice's Motherboard at the end of last week, Valve's marketing veep Doug Lombardi confirmed that "Valve has stopped doing business with Digital Homicide for being hostile to Steam customers."
Open Source

Netflix Releases 'Meridian' Test Footage To All Including Competitors, Open Sources Some Tools (variety.com) 40

Netflix has released 'Meridian' to not just all its 83 million subscribers, but to everyone. The company produced the title as test footage to evaluate anything from the performance of video codecs to the way Netflix streams look like on 4K TVs. But the company decided to make it to open to all -- be it hardware manufacturers, codec developers, or even competitors like Amazon and Hulu. From a report on Variety:Netflix is using a Creative Commons license for the release of "Meridian," which is new for an industry that isn't used to sharing a lot of resources. "They are in the business of exploiting content, not of giving it away," Chris Fetner, the company's director for content partner operations said. But for Netflix, it's just par of the course. Thanks to its Silicon Valley DNA, Netflix has long collaborated with other companies on cloud computing-focused open source projects. Now, it wants to nudge Hollywood to do the same -- and "Meridian" is only the beginning. This week, Netflix is also open-sourcing a set of tools tackling a common problem for studios and video services.
The Courts

'Unpatent' Begins Crowdfunding Challenges To Bad Patents (unpatent.co) 115

"Unpatent is a crowdfunding platform that eliminates bad patents," reads their web site. "We do that by crowdsourcing the prior art -- that is all the evidence that makes clear that a patent was not novel -- and filing reexamination requests to the patent office." An anonymous Slashdot reader reports: "Everyone in the world can back the crowdfunding campaign against the patent," explains their site, which includes a special section with "Featured stupid patents". The first $16,000 raised covers the lawyers and fees at the U.S. Patent and Trademark Office, and "The rest is distributed to those who find valid prior art...any evidence that a patent is not novel. We review all the prior art pieces and reward those that may invalidate a claim... Then, we file an ex partes reexamination to the USPTO."

Their team includes Lee Cheng, the legal officer at Newegg, "worldwide renowned as the patent trolls' nightmare," as well as Lus Cuende, who created his own Linux distro when he was 15 and is now CTO of Stampery, a company using the Bitcoin blockchain to notarize data.

They're currently targeting the infamous US8738435 covering "personalized content relating to offered products and services," which in February the EFF featured as their "stupid patent of the month." Its page on Unpatent.co argues that "Taking something so obvious such as personalizing content and offers...and writing the word online everywhere shouldn't grant you a monopoly over it." Unpatent's slogan? "We invalidate patents that shouldn't exist."
Space

Pluto Is Emitting X-Rays (digitaltrends.com) 106

An anonymous reader quotes a report from Digital Trends: Scientists have noticed the tiny trans-Neptunium object emitting X-rays, which, if it is confirmed, is both a baffling and exciting discovery. Carey Lisse and Ralph McNutt from Johns Hopkins University Applied Physics Laboratory and a team of colleagues detected the X-rays by pointing the Chandra X-Ray Obervatory telescope in Pluto's direction four different times between February 2014 and August 2015. Seven photons of X-ray light were detected during these observations, confirming the team's hypothesis that the dwarf planet is detectable on the X-ray spectrum, potentially due to the presence of an atmosphere. Their findings have been published in the scientific journal Icarus. Why is this such a big deal? First of all, it would challenge what scientists have previously believed to be true of Pluto's nature. Until now, the popular description of the dwarf planet is as a tiny ball of frozen rock slowly meandering around the sun some 3.6-billion miles away. One of the possible explanations for why Pluto is emanating X-rays would be that the high energy particles emitted by the sun are stripping away and reacting with Pluto's atmosphere, producing the X-rays that are visible to Chandra. There are other potential explanations, such as haze particles in Pluto's atmosphere scattering the sun's X-rays are possible, though unlikely given the temperature of the X-rays observed. It is also possible that these X-rays are actually bright auroras produced by the atmosphere, but that would require Pluto to have a magnetic field -- something that would have been detected during New Horizon's flyby, yet no evidence of one was found.

Slashdot Top Deals