Networking

New Privacy Vulnerability In IOT Devices: Traffic Rate Metadata (helpnetsecurity.com) 21

Orome1 quotes Help Net Security: Even though many IoT devices for smart homes encrypt their traffic, a passive network observer -- e.g. an ISP, or a neighborhood WiFi eavesdropper -- can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata. A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices: a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo smart outlet, and an Amazon Echo smart speaker... "Once an adversary identifies packet streams for a particular device, one or more of the streams are likely to encode device state. Simply plotting send/receive rates of the streams revealed potentially private user interactions for each device we tested," the researchers noted. [PDF]
In addition, the article notes, "Separating recorded network traffic into packet streams and associating each stream with an IoT device is not that hard."
Transportation

New Details On Sergey Brin's Plan For The World's Largest Aircraft (theguardian.com) 135

An anonymous reader shares The Guardian's report on plans for a new aircraft that's two-and-a-half times the size of a 747. Google co-founder Sergey Brin is building a hi-tech airship in Silicon Valley destined to be the largest aircraft in the world, according to multiple sources with knowledge of the project. "It's going to be massive on a grand scale," said one, adding that the airship is likely to be nearly 200 meters [656 feet] long... Brin wants the gargantuan airship, funded personally by the billionaire, to be able to deliver supplies and food on humanitarian missions to remote locations. However, it will also serve as a luxurious intercontinental "air yacht" for Brin's friends and family.

One source put the project's price tag at $100m to $150m. Igor Pasternak, an airship designer who was involved in the early stages of the project, believes airships could be as revolutionary for the trillion-dollar global cargo market as the internet was for communications. "Sergey is pretty innovative and forward looking," he said. "Trucks are only as good as your roads, trains can only go where you have rails, and planes need airports. Airships can deliver from point A to point Z without stopping anywhere in between."

The Guardian quips that while Brin's plans may stay secret for a while, "the good news is that the first flight test of such an enormous aircraft will be impossible to hide."
Chrome

Even For Businesses, Chrome Is The Top Browser (computerworld.com) 94

An anonymous reader shares Computerworld's interview with David Michael Smith of Gartner. "Most enterprises still have a 'standard' browser, and most of the time, that's something from Microsoft. These days it's IE11. But we've found that people actually use Chrome more than IE... It's the most-used browser in enterprise," he said... IE retains a sizable share -- Smith called it "a significant presence" -- largely because it's still required in most companies. "There are a lot of [enterprise] applications that only work in IE, because [those apps] use plug-ins," Smith said, ticking off examples like Adobe Flash, Java and Microsoft's own Silverlight. "Anything that requires an ActiveX control needs IE."

Many businesses have adopted the two-prong strategy that Gartner and others began recommending years ago: Keep a "legacy" browser to handle older sites, services and web apps, but offer another for everything else... Chrome, said Smith, is now the "overwhelming choice" as the modern enterprise browser... Smith wasn't optimistic that Edge would supplant Chrome, even when Windows 10 is widely deployed on corporate computers in the next few years. "Edge certainly will have opportunities" once Windows 10 is the enterprise-standard OS, "but I would say that Chrome has a lot of momentum, largely for the fact that it is so popular on the internet."

While a year ago Chrome and Microsoft's browsers both held 41% of the browser market share, now Chrome holds 59% to just 24% for both IE and Edge combined.
Bug

Wormable Code-Execution Bug Lurked In Samba For 7 Years (arstechnica.com) 81

Long-time Slashdot reader williamyf was the first to share news of "a wormable bug [that] has remained undetected for seven years in Samba verions 3.5.0 onwards." Ars Technica reports: Researchers with security firm Rapid7...said they detected 110,000 devices exposed on the internet that appeared to run vulnerable versions of Samba. 92,500 of them appeared to run unsupported versions of Samba for which no patch was available... Those who are unable to patch immediately can work around the vulnerability by adding the line nt pipe support = no to their Samba configuration file and restart the network's SMB daemon. The change will prevent clients from fully accessing some network computers and may disable some expected functions for connected Windows machines.
The U.S. Department of Homeland Security's CERT group issued an anouncement urging sys-admins to update their systems, though SC Magazine cites a security researcher arguing this attack surface is much smaller than that of the Wannacry ransomware, partly because Samba is just "not as common as Windows architectures." But the original submission also points out that while the patch came in fast, "the 'Many eyes' took seven years to 'make the bug shallow'."
Government

Investigation Demanded Over Fake FCC Comments Submitted By Dead People (bbc.com) 140

An anonymous reader writes: Fight for the Future has found another issue with the fake comments submitted to the FCC opposing net neutrality. "The campaign group says that some of the comments were posted using the names and details of dead people," according to the BBC. The exact same comment was also submitted more than 7,000 times using addresses in Colorado, where a reporter discovered that contacting the people at those addresses drew reactions which included "I have never seen this before in my life" and "No, I did not post this comment. In fact, I disagree with this comment." Fight for the Future also knocked on doors in Tampa, Florida, where the few people who answered "were shocked to hear that their name and address were publicly listed alongside a political message they did not necessarily understand or agree with." An alleged commenter in Montana told a reporter she didn't even know what net neutrality was.

14 people have already signed Fight for the Future's official complaint to the FCC, which calls for notification of all people affected, an investigation, and the immediate removal of all fake comments from the public docket. "Based on numerous media reports, nearly half a million Americans may have been impacted by whoever impersonated us," states the letter, "in a dishonest and deceitful campaign to manufacture false support for your plan to repeal net neutrality protections."

Fight for the Future says they've already verified "dozens" of instance of real people discovering a fake comment was submitted in their name -- and that in addition, more than 2,400 people have already used their site to contact their state Attorneys General demanding an investigation. They note the FCC has taken no steps to remove the fake comments from its docket, "risking the safety and privacy of potentially hundreds of thousands of people," while a campaign director at Fight for the Future added, "For the FCC's process to have any legitimacy, they simply cannot move forward until an investigation has been conducted."
Businesses

Comcast Customer Satisfaction Drops 6% After TV Price Hikes, ACSI Says (arstechnica.com) 52

An anonymous reader quotes a report from Ars Technica: Comcast's customer satisfaction score for subscription TV service fell 6 percent in a new survey, putting the company near the bottom of rankings published by the American Customer Satisfaction Index (ACSI). Comcast's score fell from 62 to 58 on ACSI's 100-point scale, a drop of more than 6 percent between 2016 and 2017. The ACSI's 2017 report on telecommunications released this week attributed the decrease to "price hikes for Xfinity (Comcast) subscriptions." Satisfaction with pay-TV providers dropped industry-wide, tying the segment with Internet service (a product offered by the same companies) for last place in the ACSI's rankings. The ACSI summarized the trend as follows: "Customer satisfaction with subscription television service slips 1.5 percent to 64, tied with Internet service providers for last place among 43 industries tracked by the ACSI. Many of the same large companies offer service for Internet, television, and voice via bundling. The threat of competition from streaming services has done little to spur improvement for pay TV. Customer service remains poor, and cord-cutting continues to accelerate. More than half a million subscribers defected from cable and satellite TV providers during the first quarter of 2017 -- the largest loss in the history of the industry. Customers still prefer fiber optic and satellite to cable, putting FiOS (Verizon Communications) in first place with a 1 percent uptick to 71. AT&T takes the next two spots with its fiber optic and satellite services."
Businesses

Sean Parker Is Going To Great Lengths To Ensure 'Screening Room' Is Piracy Free, Patents Reveal (torrentfreak.com) 139

Napster co-founder Sean Parker has been working on his new service called Screening Room, which when becomes reality, could allow people to watch the latest Hollywood blockbusters in their living room as soon as they premiere at the box office. This week we get a glimpse at the kind of technologies Parker is using to ensure that the movies don't get distributed easily. From a report: Over the past several weeks, Screening Room Media, Inc. has submitted no less than eight patent applications related to its plans, all with some sort of anti-piracy angle. For example, a patent titled "Presenting Sonic Signals to Prevent Digital Content Misuse" describes a technology where acoustic signals are regularly sent to mobile devices, to confirm that the user is near the set-top box and is authorized to play the content. Similarly, the "Monitoring Nearby Mobile Computing Devices to Prevent Digital Content Misuse" patent, describes a system that detects the number of mobile devices near the client-side device, to make sure that too many people aren't tuning in. The general technology outlined in the patents also includes forensic watermarking and a "P2P polluter." The watermarking technology can be used to detect when pirated content spreads outside of the protected network onto the public Internet. "At this point, the member's movie accessing system will be shut off and quarantined. If the abuse or illicit activity is confirmed, the member and the household will be banned from the content distribution network," the patent reads. [...] Screening Room's system also comes with a wide range of other anti-piracy scans built in. Among other things, it regularly scans the Wi-Fi network to see which devices are connected, and Bluetooth is used to check what other devices are near.
Businesses

Disney Chief Bob Iger Doesn't Believe Movie Hack Threat Was Real (hollywoodreporter.com) 27

You may remember Disney's boss revealing that hackers had threatened to leak one of the studio's new films unless it paid a ransom. Bob Iger didn't name the film, but it was thought to be "Pirates of the Caribbean: Dead Men Tell No Tales." But now Iger says: "To our knowledge we were not hacked." From a report: Disney chairman-CEO Bob Iger confirmed Thursday that a hacker claiming to have stolen an upcoming Disney movie and demanding a ransom didn't appear to have the goods. "To our knowledge we were not hacked," Iger told Yahoo Finance. "We had a threat of a hack of a movie being stolen. We decided to take it seriously but not react in the manner in which the person who was threatening us had required." Iger continued, "We don't believe that it was real and nothing has happened." On May 15, as first reported by The Hollywood Reporter, Iger told ABC employees at a town hall meeting in New York that someone claiming to have stolen an upcoming movie would release the film on the internet unless the company paid a ransom. Iger told staff that the studio wouldn't meet any such demands.
Government

Major US Tech Firms Press Congress For Internet Surveillance Reforms (reuters.com) 38

Dustin Volz, reporting for Reuters: Facebook, Amazon and more than two dozen other U.S. technology companies pressed Congress on Friday to make changes to a broad internet surveillance law, saying they were necessary to improve privacy protections and increase government transparency. The request marks the first significant public effort by Silicon Valley to wade into what is expected to be a contentious debate later the year over the Foreign Intelligence Surveillance Act, parts of which will expire on Dec. 31 unless Congress reauthorizes them. Of particular concern to the technology industry and privacy advocates is Section 702, which allows U.S. intelligence agencies to vacuum up vast amounts of communications from foreigners but also incidentally collects some data belonging to Americans that can be searched by analysts without a warrant.
Mozilla

Former Mozilla CTO: 'Chrome Won' (andreasgal.com) 263

Responding to Firefox marketing head Eric Petitt's blog post from earlier this week, Andreas Gal, former chief technology officer of Mozilla (who spent seven years at the company) offers his insights. Citing latest market share figures, Gal says "it's safe to say that Chrome is eating the browser market, and everyone else except Safari is getting obliterated." From his blog post (edited and condensed for length): With a CEO transition about 3 years ago there was a major strategic shift at Mozilla to re-focus efforts on Firefox and thus the Desktop. Prior to 2014 Mozilla heavily invested in building a Mobile OS to compete with Android: Firefox OS. I started the Firefox OS project and brought it to scale. While we made quite a splash and sold several million devices, in the end we were a bit too late and we didn't manage to catch up with Android's explosive growth. Mozilla's strategic rationale for building Firefox OS was often misunderstood. Mozilla's founding mission was to build the Web by building a browser. [...] Browsers are a commodity product. They all pretty much look the same and feel the same. All browsers work pretty well, and being slightly faster or using slightly less memory is unlikely to sway users. If even Eric -- who heads Mozilla's marketing team -- uses Chrome every day as he mentioned in the first sentence, it's not surprising that almost 65% of desktop users are doing the same. [...] I don't think there will be a new browser war where Firefox or some other competitor re-captures market share from Chrome. It's like launching a new and improved horse in the year 2017. We all drive cars now. Some people still use horses, and there is value to horses, but technology has moved on when it comes to transportation. Does this mean Google owns the Web if they own Chrome? No. Absolutely not. Browsers are what the Web looked like in the first decades of the Internet. Mobile disrupted the Web, but the Web embraced mobile and at the heart of most apps beats a lot of JavaScript and HTTPS and REST these days. The future Web will look yet again completely different. Much will survive, and some parts of it will get disrupted.
Opera

Opera Slows Its Development On The iOS Platform (betanews.com) 61

Reader BrianFagioli writes: After searching for Opera in the Apple App Store, I noticed something odd -- none of the company's iOS browsers (Opera Mini and Opera Coast) had been updated in 2017. Since we are almost halfway through the year, I decided to ask Opera what was up. Shockingly, the company told me that it no longer has a team working on iOS. An Opera employee by the name of 'Rosi' sent me a tweet this morning, making the revelation. While the desktop version of the browser is still in development, the company has chosen to abandon its efforts on iOS. To show just how bad it is, the Opera Mini browser hasn't been updated in almost a year. Opera Coast was updated in December of 2016, however -- almost six months ago.
Update: Opera has clarified that while they're not currently working on iOS, they still plan to support it.
Security

More Than Half of Streaming Users In US Are Sharing Their Passwords, Says Report (streamingobserver.com) 69

A new study conducted by Fluent shows a majority of Americans are sharing passwords to their streaming video services. While millennials lead the pack, non-millennials are doing the same. Streaming Observer reports: Nearly 3 out of every 4 (72% exactly) Americans who have cable also have access to at least one streaming service and 8% of cable subscribers plan to eliminate their service in the next year. But that doesn't necessarily mean they're paying for their streaming service. New numbers from a study conducted by Fluent show that the majority of Americans are sharing passwords to their streaming video services. Well over half of millennials (aged 18-34) -- 60% -- are either using someone someone else's password or giving their password to someone else. And just under half -- 48% -- of non-millennials are doing the same. The study also revealed that the main factor in what drives consumers to sign up for streaming video services is price, with 34% of Americans saying that low cost was the primary factor. That number jumps to 38% among millennials. When you take in to account that some streaming TV services start with prices as low as $20, it makes sense that price is the biggest issue. Convenience was the next biggest factor, coming in at just below 25%.
Android

T-Mobile's 'Digits' Program Revamps the Phone Number (arstechnica.com) 51

An anonymous reader quotes a report from Ars Technica: T-Mobile has announced the launch of its "Digits" program, coming May 31. Digits is a revamp of how T-Mobile phone numbers work, virtualizing customer numbers so they can work across multiple devices. It sounds a lot like Google Voice -- rather than having a phone number tied to a single SIM card or a device, numbers are now account-based, and you can "log in" to your phone number on several devices. T-Mobile says the new phone number system will work "across virtually all connected devices," allowing multiple phones, tablets, and PCs to get texts and calls. This means T-Mobile needs apps across all those platforms, with the press release citing "native seamless integration" in Samsung Android phones, Android and iOS apps, and a browser interface for PCs. The new phone number system is free to all T-Mobile customers. Customers can also buy an extra phone number for $10 or by signing up to the $5-per-month "T-Mobile One Plus" package, which is a bundle of extra features like a mobile hotspot and in-flight Wi-Fi.
Privacy

83 Percent Of Security Staff Waste Time Fixing Other IT Problems (betanews.com) 206

An anonymous reader shares a report: A new survey of security professionals reveals that 83 percent say colleagues in other departments turn to them to fix personal computer problems. The study by security management company FireMon shows a further 80 percent say this is taking up more than an hour of their working week, which in a year could equate to more than $88,000. For organizations, eight percent of professionals surveyed helping colleagues out five hours a week or more could be costing over $400,000. Organizations are potentially paying qualified security professionals salaries upwards of $100,000 a year and seeing up to 12.5 percent of that investment being spent on non-security related activities.
Mozilla

Firefox Marketing Head Expresses Concerns Over Google's Apparent 'Only Be On Chrome' Push (medium.com) 188

Eric Petitt, head up Firefox marketing, writing in a blog: I use Chrome every day. Works fine. Easy to use. There are multiple things that bug me about the Chrome product, for sure, but I'm OK with Chrome. I just don't like only being on Chrome. And that's what Chrome wants. It wants you to only use Chrome. Chrome is not evil, it's just too big for its britches. Its influence on the internet economy and individuals is out of balance. Chrome, with 4 times the market share of its nearest competitor (Firefox), is an eight-lane highway to the largest advertising company in the world. Google built it to maximize revenue from your searches and deliver display ads on millions of websites. To monetize every... single... click. And today, there exists no meaningful safety valve on its market dominance. Beyond Google, the web looks more and more like a feudal system, where the geography of the web has been partitioned off by the Frightful Five. Google, Facebook, Microsoft, Apple and Amazon are our lord and protectors, exacting a royal sum for our online behaviors. We're the serfs and tenants, providing homage inside their walled fortresses. Noble upstarts are erased or subsumed under their existing order. (Footnote: Petitt has made it clear that the aforementioned views are his own, and not those of Mozilla.)
Education

It's Time For Academics To Take Back Control Of Research Journals (theguardian.com) 74

Stephen Curry, a professor of structural biology at Imperial College London, has a piece on The Guardian today in which he outlines the history of the relationship between commercial interests, academic prestige and the circulation of research. An excerpt from the article: "Publish or perish" has long been the mantra of seeking to make a success of their research career. Reputations are built on the ability to communicate something new to the world. Increasingly, however, they are determined by numbers, not by words, as universities are caught in a tangle of management targets composed of academic journal impact factors, university rankings and scores in the government's research excellence framework. The chase for metricised success has been further exacerbated by the takeover of scholarly publishing by profit-seeking commercial companies, which pose as partners but no longer seem properly in tune with academia. Evidence of the growing divergence between academic and commercial interests is visible in the secrecy around negotiations on subscription and open access charges. It's also clear from the popularity among academics of the controversial site Sci-Hub, which has made over 60m research articles freely available on the internet. Over-worked researchers could be forgiven for thinking that the time-honoured mantra has morphed to "publish, and perish anyway."
Android

And Now, a Brief Definition of the Web (theverge.com) 62

Dieter Bohn, writing for The Verge: Traditionally, we think of the web as a combination of a set of specific technologies paired with some core philosophical principles. The problem -- the reason this question even matters -- is that there are a lot of potential replacements for the parts of the web that fix what's broken with technology, while undermining the principles that ought to go with it. [...] A lot of tech companies are flailing around looking for ways to fix this problem. There are web apps that work in Chrome but not really all that well elsewhere. There are Instant Articles in Facebook and AMP pages on Google. There are Instant Android apps that stream to your phone over the internet instead of being installed, which go away when you're done with them just like a browser tab. Google claims to be trying to bring some of the open ethos of the web to smart speakers. Hell, go back to 2014 and you'll find Apple pundit John Gruber arguing we should consider apps and "anything transmitted using HTTP and HTTPS" as part of the web. [...] And now, a brief definition of the web: To count as being part of the web, your app or page must: 1. Be linkable, and 2. Allow any client to access it. That's it.
Businesses

The Cable TV Industry Is Getting Even Less Popular (fortune.com) 102

Aaron Pressman, writing for Fortune: It seems nobody loves their cable TV or home Internet provider. Wireless carriers, however, are on the upswing.That's the news from the huge annual survey of 43 industries from the American Customer Satisfaction Index. In 2017, cable operators and ISP tied for last place, with an average customer satisfaction rating of just 64 percent. The wireless industry was still near the bottom of the rankings, in 38th place, just below the U.S. postal system. But its 73 percent score was up almost three percentage points from last year. Many of the same companies, like Comcast and Verizon, dominate both fields, ACSI noted. And neither industry offer much choice to consumers, with most localities having only one or two cable and Internet providers. The cable industry's rating slipped 1.5 percentage points from last year, while the rating for ISPs was unchanged.
Facebook

How Facebook Flouts Holocaust Denial Laws Except Where It Fears Being Sued (theguardian.com) 308

An anonymous reader quotes a report from The Guardian: Facebook's policies on Holocaust denial will come under fresh scrutiny following the leak of documents that show moderators are being told not to remove this content in most of the countries where it is illegal. The files explain that moderators should take down Holocaust denial material in only four of the 14 countries where it is outlawed. One document says the company "does not welcome local law that stands as an obstacle to an open and connected world" and will only consider blocking or hiding Holocaust denial messages and photographs if "we face the risk of getting blocked in a country or a legal risk." A picture of a concentration camp with the caption "Never again Believe the Lies" was permissible if posted anywhere other than the four countries in which Facebook fears legal action, one document explains. Facebook contested the figures but declined to elaborate. Documents show Facebook has told moderators to remove dehumanizing speech or any "calls for violence" against refugees. Content "that says migrants should face a firing squad or compares them to animals, criminals or filth" also violate its guidelines. But it adds: "As a quasi-protected category, they will not have the full protections of our hate speech policy because we want to allow people to have broad discussions on migrants and immigration which is a hot topic in upcoming elections." The definitions are set out in training manuals provided by Facebook to the teams of moderators who review material that has been flagged by users of the social media service. The documents explain the rules and guidelines the company applies to hate speech and "locally illegal content," with particular reference to Holocaust denial. One 16-page training manual explains Facebook will only hide or remove Holocaust denial content in four countries -- France, Germany, Israel and Austria. The document says this is not on grounds of taste, but because the company fears it might get sued.
The Internet

Manchester Attack Could Lead To Internet Crackdown (independent.co.uk) 383

New submitter boundary writes: The UK government looks to be about to put the most egregious parts of the Investigative Powers Act into force "soon after the election" (which is in a couple of weeks) in the wake of the recent bombing in Manchester. "Technical Capability Orders" require tech companies to break their own security. I wonder who'll comply? The Independent reports: "Government will ask parliament to allow the use of those powers if Theresa May is re-elected, senior ministers told The Sun. 'We will do this as soon as we can after the election, as long as we get back in,' The Sun said it was told by a government minister. 'The level of threat clearly proves there is no more time to waste now. The social media companies have been laughing in our faces for too long.'"

Slashdot Top Deals