Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

'Adding a Phone Number To Your Google Account Can Make it Less Secure' ( 1

You may think that adding a backup phone number to your account will make it prone to hack, but that is not always the case. Vijay Pandurangan, EIR at Benchmark (and formerly with Eng Site Lead at Twitter) argues that your phone number is likely the weakest link for many attackers (at least when they are trying to hack your Google account). He has shared the story of his friend who had his Google account compromised. The friend in this case, let's call him Bob, had a very strong password, a completely independent recovery email, hard-to-guess security questions, and he never logged in from unknown devices. Though Bob didn't have multi-factor authentication enabled, he did add a backup phone number. On October 1, when Bob attempted to check his email, he discovered that he was logged out of his Gmail account. When he tried to login, he was told that his password was changed less than an hour ago. He tried calling Verizon, and discovered that his phone service was no longer active, and that the attacker had switched his service to an iPhone 4. "Verizon later conceded that they had transferred his account despite having neither requested nor being given the 4-digit PIN they had on record." The attacker reset Bob's password and changed the recover email, password, name on the account, and enabled two-factor authentication. He got his account back, thanks to support staff and colleagues at Google, but the story illustrates how telco are the weakest link. From the article: Using a few old Google accounts, I experimented with Google's account recovery options and discovered that if a Google account does not have a backup phone number associated with it, Google requires you to have access to the recovery email account OR know the security questions in order to take over an account. However, if a backup phone number is on the account, Google allows you to type in a code from an SMS to the device in lieu of any other information. There you have it: adding a phone number reduces the security of your account to the lowest of: your recovery email account, your security questions, your phone service, and (presumably) Googleâ(TM)s last-ditch customer service in case all other options fail. There are myriad examples of telcos improperly turning over their users' accounts: everything from phone hacking incidents in the UK to more recent examples. Simply put, telcos can be quite bad at securing your privacy and they should not be trusted. Interestingly, it appears that if two-factor-auth via SMS is enabled, Google will not allow your password to be reset unless you can also answer a security question in addition to having access to a phone number.

How Hackers Broke Into John Podesta and Colin Powell's Gmail Accounts ( 97

An anonymous reader quotes a report from Motherboard: On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the U.S. government, believe are spies working for the Russian government. At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account. The data linking a group of Russian hackers -- known as Fancy Bear, APT28, or Sofacy -- to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks. All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link. Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta. According to Bitly's own statistics, that link, which has never been published, was clicked two times in March. That's the link that opened Podesta's account to the hackers, a source close to the investigation into the hack confirmed to Motherboard. That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private, according to SecureWorks, a security firm that's been tracking Fancy Bear for the last year. Bitly allowed "third parties to see their entire campaign including all their targets -- something you'd want to keep secret," Tom Finney, a researcher at SecureWorks, told Motherboard. Thomas Rid, a professor at King's College who studied the case extensively, wrote a new piece about it in Esquire.

Google To Launch Streaming TV Service In Early 2017 ( 21

It looks like the internet search giant is expected to beat Apple to the punch by releasing its streaming TV service early next year. The Wall Street Journal notes that CBS has agreed to bring content to the service, while 21st Century Fox and Walt Disney are in the final stages of talks to add their content to the service. What's more is that the service is expected to be "housed under the YouTube brand." Karl Bode for DSLReports writes: The service, to be called "Unplugged," aims to be a "low-cost option targeting customers who either have resisted subscribing to traditional pay-TV or cut the cord due to rising costs." While Google sells traditional TV service in its Google Fiber footprint, subscriber numbers have been low for the service. An over the top service might be well received by the general public, but it also might provide promising if bundled with Google FIber's existing broadband offerings. Google is looking to offer a "skinny" bundle of live TV channels with a price in the range of $25 to $40 a month, states the Journal. The report also notes that the service will be entirely separate from YouTube Red, a subscription service ($10 or $13 for iOS users) that offers ad-free YouTube video viewing.
Operating Systems

OMGUbuntu: 'Why Use Linux?' Answered in 3 Short Words ( 255

Linux-focused blog OMGUbuntu's Joey-Elijah Sneddon shared a post today in which he is trying to explain why people should Linux. He stumbled upon the question when he typed "Why use" and Google suggested Linux as one of the most frequent questions. From the article: The question posed is not one that I sincerely ask myself very often. The answer has, over the years, become complicated. It's grown into a bloated ball of elastic bands, each reason stretched around and now reliant on another. But I wanted to answer. Helpfully, my brain began to spit out all the predictable nouns: "Why use Linux? Because of security! Because of control! Because of privacy, community, and a general sense of purpose! Because it's fast! Because it's virus free! Because I'm dang-well used to it now! Because, heck, I can shape it to look like pretty much anything I want it to using themes and widgets and CSS and extensions and blingy little desktop trinkets!"

Chrome For Android Gets Its Own Canary Channel ( 22

Google is bringing bleeding-edge Canary channel for Chrome to Android. Through Canary channel, the company introduces early versions of Chrome upgrades to the early adopter and developers, and seeks feedback. Prior to this, Canary channel was available for the desktop version of Chrome. Alex Mineer, APK Administrator & Bug Basher said, "Just like the Canary channel for other platforms, new versions are built from the most recent code available and often contain a variety of new features, enhancements, and bug fixes. These builds are shipped automatically with no manual testing, which means that the build can be unstable and may even stop working entirely for days at a time. However, the goal is for Canary to remain usable at all times, and the Chrome team prioritizes fixing major issues as quickly as possible."

Clinton Campaign Considered Bill Gates, Tim Cook For Vice President ( 171

WikiLeaks has been releasing thousands of emails over the past couple of weeks belonging to Hillary Clinton's campaign chair John Podesta. One of the more interesting tidbits revealed from the email dump was the list of potential running mates considered by Clinton's campaign. The Verge reports: Clinton's vice presidential candidates, while not altogether surprising, include some vaguely interesting choices like Bill and Melinda Gates, Apple CEO Tim Cook, and General Motors CEO Mary Barra. In the mail, Podesta says he has organized the list into "rough food groups," one of which includes all the people mentioned above. Xerox CEO Ursula Burns and Starbucks CEO Howard Shultz are also in this "food group," along with Michael Bloomberg. With just under 40 names on the list, it's not immediately obvious how close any of these people came to actually being asked to take on the role (Tim Kaine is on the list).
The Internet

Say Hello To Branded Internet Addresses ( 146

On September 29, Google published a new blog which uses .google domain rather the standard .com. It seems the company may have inspired other companies to tout their brand names in the digital realm as well. According to a report on CNET, we have since seen requests for domain names such as .kindle, .apple, .ibm, .canon, and .samsung. And it's not just tech companies that are finding this very attractive, other domain requests include .ford, .delta, .hbo, .mcdonalds, and .nike. From the report: Approval, of course, is just a first step. It's not clear how enthusiastic most companies will be about the new names. So far, Google is the eager beaver. What's fun for Google is a daunting financial commitment to others. A $185,000 application fee and annual $30,000 operation fee will keep mom-and-pop shops away from their own domains. Still, plenty of businesses other than Google see the new domain names as a good investment. Branded domains can add distinction to an internet address, and renting out generic top-level domain (GTLD) names can potentially be a lucrative business. At a January auction, GMO Registry bid $41.5 million to win rights to sell .shop domain names. And in July, Nu Dot Co won .web with a bid of $135 million. Hundreds of new top-level domain names are approved. The single most popular in use is .xyz. Hundreds of new top-level domain names are approved. The single most popular in use is .xyz. Where does all the money go? To a nonprofit organization called ICANN -- the Internet Corporation for Assigned Names and Numbers. The organization oversees internet plumbing on behalf of companies, governments and universities, as well as the general public.

1 In 2 Samsung Galaxy Note 7 Owners To Switch To iPhone 7, Says Analyst ( 212

Branding Brand recently conducted a post-recall study asking Samsung Galaxy Note 7 users which smartphones they would consider upgrading to. While 40 percent of them said they are ready to jump ship to a different manufacturer, 30 percent of respondents said they are likely going to be switching to the iPhone. However, according to one analyst, that number could be even higher. Softpedia reports: KGI analyst Ming-Chi Kuo said in a note to investors that approximately 50 percent of those who ordered a Note 7 are now very likely to go for an iPhone 7, as customer trust is collapsing in the Samsung ecosystem and all these buyers are no longer planning to stick with phones manufactured by the South Korean firm. Between 5 to 7 million Note 7 orders are likely to transfer to Apple, the analyst says, and the iPhone 7 Plus is expected to be the main model benefitting from this transition. Other Android phone manufacturers, including Huawei, are also likely to benefit from Samsung's fiasco, and Google itself could also record an increase in Pixel sales following the Note 7 demise. But Apple will certainly take the lion's share here, mostly thanks to the iPhone 7 Plus currently being positioned as a direct rival to the Note 7.

Apple and Other Tech Companies Have Registered Their IP in Jamaica, Tonga, and Elsewhere For Years ( 42

Apple's product launches are notoriously secretive, but the Cupertino, California tech giant is sure to do one thing ahead of a big reveal: file trademark paperwork in Jamaica. From a Quartz report: It did this for Siri, the Apple Watch, macOS, and dozens of its major products months before the equivalent paperwork was lodged in the United States. Likewise, Google, Amazon, and Microsoft routinely file trademarks for their most important products in locales far flung from Silicon Valley and Seattle. These include Jamaica, Tonga, Iceland, South Africa, and Trinidad and Tobago -- places where trademark authorities don't maintain easily searchable databases. The tech giants are exploiting a US trademark-law provision that lets them effectively claim a trademark in secret. Under this provision, once a mark is lodged with an intellectual property office outside the US, the firm has six months to file it with the US Patent and Trademark Office (USPTO). When the firm does file in the US, it can point to its original application made abroad to show that it has a priority claim on the mark.

FTC Says It May Be Unable To Regulate Comcast, Google, and Verizon ( 86

The Federal Trade Commission is worried that it may no longer be able to regulate companies such as Comcast, Google, and Verizon unless a recent court ruling is overturned, ArsTechnica reports. From the article: The FTC on Thursday petitioned the 9th US Circuit Court of Appeals for a rehearing in a case involving AT&T's throttling of unlimited data plans. A 9th Circuit panel previously ruled that the FTC cannot punish AT&T, and the decision raises questions about the FTC's ability to regulate any company that operates a common carrier business such as telephone or Internet service. While the FTC's charter from Congress prohibits it from regulating common carriers, the agency has previously exercised authority to regulate these companies when they offer non-common carrier services. But the recent court ruling said that AT&T is immune from FTC oversight entirely, even when it's not acting as a common carrier. It isn't clear whether the ruling sets an ironclad precedent preventing the FTC from regulating any company with a common carrier business.

Google's AI Can Now Learn From Its Own Memory Independently ( 70

The DeepMind artificial intelligence (AI) being developed by Google's parent company, Alphabet, can now intelligently build on what's already inside its memory, the system's programmers have announced. An anonymous reader writes: Their new hybrid system -- called a Differential Neural Computer (DNC) -- pairs a neural network with the vast data storage of conventional computers, and the AI is smart enough to navigate and learn from this external data bank. What the DNC is doing is effectively combining external memory (like the external hard drive where all your photos get stored) with the neural network approach of AI, where a massive number of interconnected nodes work dynamically to simulate a brain. "These models... can learn from examples like neural networks, but they can also store complex data like computers," write DeepMind researchers Alexander Graves and Greg Wayne in a blog post. At the heart of the DNC is a controller that constantly optimizes its responses, comparing its results with the desired and correct ones. Over time, it's able to get more and more accurate, figuring out how to use its memory data banks at the same time.
United States

Report: Russian Hackers Phished The DNC And Clinton Campaign Using Fake Gmail Forms ( 435

Citing a report from SecureWorks, BuzzFeed is reporting that Russian hackers "used emails disguised to look as Gmail security updates to hack into the computers of the Democratic National Committee and members of Hillary Clinton's top campaign staff": The emails were sent to 108 members of Democratic presidential nominee Hillary Clinton's campaign and 20 people clicked on them, at least four people clicking more than once, Secureworks' research found. The emails were sent to another 16 people from the DNC and four people clicked on them, the report said.

Researchers found the emails by tracing the malicious URLs set up by [state-sponsored hacking group] Fancy Bear using Bitly, a link shortening service... "We were monitoring and saw the accounts being created in real time," said Phil Burdette, a senior security researcher at SecureWorks, explaining how they stumbled upon the the URLs set up by Fancy Bear.

The URL apparently resolved to (rather than, and Burdette says "They did a great job with capturing the look and feel of Google."

Google's Go Language Surges In Popularity ( 251

2016 saw a big spike in the popularity of Go, attributed to the rising importance of Docker and Kubernetes. An anonymous Slashdot reader quotes InfoWorld: Ranked 65th a year ago in the Tiobe Index of language popularity, it has climbed to 16th this month and is on track to become Tiobe's Programming Language of the Year, a designation awarded to the language with the biggest jump in the index...which gauges popularity based on a formula assessing searches on languages in popular search engines...

Elsewhere in the index, Java again came in first place, with an 18.799 rating while C, still in second place, nonetheless continued its precipitous drop, to 9.835% (it had been 16.185% a year ago). In third was C++ (5.797%) followed by C# (4.367%), Python (3.775%), JavaScript (2.751%), PHP (2.741%), Visual Basic .Net (2.66%), and Perl (2.495%).

The article also cites an alternate set of rankings. "In the PyPL index, the top 10 were: Java, with a share of 23.4%, followed by Python (13.6%), PHP (9.9%), C# (8.8%), JavaScript (7.6%), C++ (6.9%), C (6.9%), Objective-C (4.5%), R (3.3%), and Swift (3.1%)."

No One Wants To Buy Twitter ( 313

At one point, it seemed that many were interested in purchasing the micro-blogging social platform (which now calls itself a news service) Twitter, but its fate is quickly drying up. Salesforce (which couldn't buy LinkedIn) showed the most interest in Twitter, but this week its CEO Marc Benioff said his company has "walked away" from making a bid to buy it. The Verge sums up the situation: If you're keeping track, that's now... pretty much everyone who's said they're not interested in buying Twitter. Neither Google nor Disney plan to bid on Twitter, despite reports saying both were interested. Recode says that Apple is likely also out of the picture. And Verizon immediately dismissed speculation that it was considering a bid. Facebook is also said to be uninterested, according to CNBC. And while Microsoft's name has been tossed around, no one seems to think the acquisition would make any sense for an increasingly enterprise-focused company.The situation is so bad that as soon as the news of Salesforce withdrawing its name from the bidding race broke, its stock quickly went up by 6 percent, while Twitter's stock registered a 6 percent drop.

Google Reveals It Received Secret FBI Subpoena ( 61

An anonymous reader quotes a report from The Intercept: Google revealed Wednesday it had been released from an FBI gag order that came with a secret demand for its customers' personal information. The FBI secret subpoena, known as a national security letter, does not require a court approval. Investigators simply need to clear a low internal bar demonstrating that the information is "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities." The national security letter issued to Google was mentioned without fanfare in Google's latest bi-annual transparency report, which includes information on government requests for data the company received from around the world in the first half of 2016. Google received the secret subpoena in first half of 2015, according to the report. An accompanying blog post titled "Building on Surveillance Reform," also identified new countries that made requests -- Algeria, Belarus, and Saudi Arabia among them -- and reveals that Google saw an increase in requests made under the Foreign Intelligence Surveillance Act. But Google in its short blog post did not publish the contents of the actual letter the way other companies, including Yahoo, have done in recent months. Asked about plans to release the national security letter, a Google spokesperson told The Intercept it will release it, though it wouldn't say when or in what form it will do so. Google hasn't previously published any national security letters, though it's possible gag orders for prior demands are still in place. It's also unclear why Google wouldn't immediately publish the document -- unless the gag is only partially lifted, or the company is involved in ongoing litigation to challenge the order, neither of which were cited as reasons for holding it back

Android Trojan Asks Victims To Submit a Selfie Holding Their ID Card ( 25

An anonymous reader writes from a report via Softpedia: Untrained and gullible Android users are now the target of an Android banking trojan that asks them to send a selfie holding their ID card. The trojan, considered the most sophisticated Android trojan known today, is named Acecard, and this most recent version has been detected only in Hong Kong and Singapore for now. The purpose of requiring a selfie of the victim holding his/her ID card is for the crook to prove himself when making fraudulent bank transactions, calling tech support posing as the victim, or for taking over social media accounts for Facebook or Twitter, which often require ID scans in the case of account takeover disputes. The report adds: "A previous version of the Acecard trojan hid inside a Black Jack game delivered via the official Google Play Store. In the most recent version of this threat, security experts from McAfee have found a new version of the Acecard trojan hidden inside all sorts of apps that pose as Adobe Flash Player, pornographic apps, or video codecs. All of these apps are distributed outside of the Play Store and constantly pester users with permission requirement screens until they get what they want, which is administrator rights. Once this step is achieved, the trojan lays in hiding until the user opens a specific app. McAfee experts found that when the user opens the Google Play app, the trojan springs a new social engineering trap."

OpenCAPI: Google and IBM Lead Tech Consortium To Speed Data Centre Performance ( 11

An anonymous reader writes: IBM is leading a prestigious consortium of tech players in the open development of a new framework that, the company says, can speed data centre performance by a factor of 10. Participants in the OpenCAPI group include IBM, Google, Nvidia, Mellanox, Hewlett Packard Enterprise, Micron and Xilinx. Chris Johnson, a Principal Engineer at Google commented 'Google is committed to open standards and we are excited to contribute to the cross-industry use and development of OpenCAPI'. Google's collaboration with RackSpace on the Zaius server will include IBM's forthcoming POWER9 processor technology, which is built around OpenCAPI. Tom Eby, vice president of Micron's compute and networking business said:"While memory has always been an essential building block for computing, it is quickly becoming the critical technology to unlocking next-generation performance."

Google To Divide Its Index, Giving Mobile Users Better and Fresher Content ( 113

Desktop Google searches could soon feel slightly out of touch compared to those done via smartphones as the company begins to push mobile search. Google has said it is fully splitting its search index into two versions: a rapid updated mobile one, and a secondary search index for the desktop web. SearchEngineLand reports: The news came today during a keynote address from Gary Illyes, a webmaster trends analyst with Google, at Pubcon. Illyes didn't give a timeline in his talk, but in a follow-up with Search Engine Land, he confirmed that it would happen within "months." Google first announced that it was experimenting with the idea of a mobile index last year at SMX East. Since that time, Google's clearly decided that a mobile index makes sense and is moving ahead with the idea. It's unclear exactly how the mobile index will work. For example, since the mobile index is the "primary" index, will it really not be used for any desktop queries? Will it only contain "mobile-friendly" content? How out-of-date will the desktop index be? Desktop usage is now a minority of Google queries but still generates substantial usage. The most substantial change will likely be that by having a mobile index, Google can run its ranking algorithm in a different fashion across "pure" mobile content rather than the current system that extracts data from desktop content to determine mobile rankings.

Facebook Now Lets You Use Google Cast or AirPlay To Stream Video On Your TV ( 31

Facebook has made it a high priority over the years to improve its video platform so that it can better compete with the monolithic video service that is YouTube. Today, the company has added another feature, one that allows users to stream Facebook video content to the Apple TV via AirPlay and to various Google Cast-enabled devices. Digital Trends reports: The feature is available on the Facebook iOS app and, according to Facebook, it will be available on Android soon. The best thing about it, however, is how easy it is to use. Simply find a video you want to watch, then tap the TV button and select which device the app should stream to. Another highlight of the feature is that it is truly built for Facebook -- that is to say, when you are watching a video on the big screen, your phone is not on lockdown until the video is over. Instead, you can keep scrolling through the News Feed, treating your TV as more of a second screen than simply a mirror of your phone.

Google Creates AI Program That Uses Reasoning To Navigate the London Tube ( 76

An anonymous reader quotes a report from The Guardian: Google scientists have created a computer program that uses basic reasoning to learn to navigate the London Underground system by itself. Deep learning has recently stormed ahead of other computing strategies in tasks like language translation, image and speech recognition and even enabled a computer to beat top-ranked player, Lee Sedol, at Go. However, until now the technique has generally performed poorly on any task where an overarching strategy is needed, such as navigation or extracting the actual meaning from a text. The latest program achieved this by adding an external memory, designed to temporarily store important pieces of information and fish them out when needed. The human equivalent of this is working memory, a short-term repository in the brain that allows us to stay on task when doing something that involves several steps, like following a recipe. In the study, published in the journal Nature, the program was able to find the quickest route between underground stops and work out where it would end up if it traveled, say, two stops north from Victoria station. It was also given story snippets, such as "John is in the playground. John picked up the football." followed by the question "Where is the football?" and was able to answer correctly, hinting that in future assistants such Apple's Siri may be replaced by something more sophisticated. Alex Graves, the research scientist at Google DeepMind in London who led the work, said that while the story tasks "look so trivial to a human that they don't seem like questions at all," existing computer programs "do really badly on this." The program he developed got questions like this right 96% of the time.

Slashdot Top Deals