Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Bug

Army Bug Bounty Researcher Compromises US Defense Department's Internal Network (threatpost.com) 5

Thursday the U.S. Army shared some surprising results from its first bug bounty program -- a three-week trial in which they invite 371 security researchers "trained in figuring out how to break into computer networks they're not supposed to." An anonymous reader quotes Threatpost: The Army said it received more than 400 bug reports, 118 of which were unique and actionable. Participants who found and reported unique bugs that were fixed were paid upwards of $100,000... The Army also shared high-level details on one issue that was uncovered through the bounty by a researcher who discovered that two vulnerabilities on the goarmy.com website could be chained together to access, without authentication, an internal Department of Defense website.

"They got there through an open proxy, meaning the routing wasn't shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system," said a post published on HackerOne, which managed the two bounty programs on its platform. "On its own, neither vulnerability is particularly interesting, but when you pair them together, it's actually very serious."

Firefox

The SHA-1 End Times Have Arrived (threatpost.com) 41

"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...

Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant.
The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare
Open Source

Raspberry Pi Gets Competitors (hackaday.com) 95

Hackaday reports that Asus has "quietly released their Tinker board that follows the Pi form factor very closely, and packs a 1.8 GHz quad-core ARM Cortes A17 alongside an impressive spec At £55 (about $68) where this is being written it's more expensive than the Pi, but Asus go to great lengths to demonstrate that it is significantly faster."

And though the Raspberry Pi foundation upgraded their Compute Module, Pine64 has just unveiled their new SOPINE A64 64-bit computing module, a smaller version of the $15 Pine64 computer. An anonymous reader quotes ComputerWorld: At $29, the SOPINE A64 roughly matches the price of the Raspberry Pi Compute Module 3, which ranges from $25 to $30. The new SOPINE will ship in February, according to the website. The SOPINE A64 can't operate as a standalone computer like the Pine64. It needs to be plugged in as a memory slot inside a computer. But if you want a full-blown computer, Pine64 also sells the $15 SOPINE Baseboard Model-A, which "complements the SOPINE A64 Compute Module and turns it into a full single board computer," according to the company...

The original Pine64 was crowdsourced and also became popular for its high-end components like a 64-bit chip and DDR3 memory... It has 2GB RAM, which is twice that of Raspberry Pi's compute module. SOPINE also has faster DDR3 memory, superior to DDR2 memory in Raspberry Pi Compute Module 3 board.

Movies

CBS, Paramount Settle Lawsuit Over 'Star Trek' Fan Film (hollywoodreporter.com) 141

An anonymous reader quotes a report from Hollywood Reporter: Stand down from battle stations. Star Trek rights holders CBS and Paramount have seen the logic of settling a copyright suit against Alec Peters, who solicited money on crowdfunding sites and hired professionals to make a YouTube short and a script of a planned feature film focused on a fictional event -- a Starfleet captain's victory in a war with the Klingon Empire -- referenced in the original 1960s Gene Roddenberry television series. Thanks to the settlement, CBS and Paramount won't be going to trial on Stardate 47634.44, known to most as Jan. 31, 2017. According to a joint statement, "Paramount Pictures Corporation, CBS Studios Inc., Axanar Productions, Inc. and Alec Peters are pleased to announce that the litigation regarding Axanar's film Prelude to Axanar and its proposed film Axanar has been resolved. Axanar and Mr. Peters acknowledge that both films were not approved by Paramount or CBS, and that both works crossed boundaries acceptable to CBS and Paramount relating to copyright law." Peters' Axanar video and script, which feature such arguably copyrighted elements as Vulcan ears, the Klingon language and an obscure character from a 1969 episode, sparked a lawsuit in December 2015. The litigation then proceeded at warp speed with the case almost making it to trial in just 13 months, an amazingly brisk pace by typical standards. When Axanar comes out, it will look different. "Axanar and Mr. Peters have agreed to make substantial changes to Axanar to resolve this litigation, and have also assured the copyright holders that any future Star Trek fan films produced by Axanar or Mr. Peters will be in accordance with the 'Guidelines for Fan Films' distributed by CBS and Paramount in June 2016," states the parties' joint announcement of a settlement.
Communications

Jay Z's Tidal Music Streaming Service Is Fraudulently Inflating Subscriber Numbers, Report Says (digitalmusicnews.com) 32

A new report published by Markus Tobiassen and Kjetil Saeter of Norwegian publication Dagens Naeringsliv is accusing Jay Z's Tidal music streaming service of fabricating their subscriber numbers by creating fake accounts and lying to the media and partners. The company claims to have more than 3 million paying subscribers with more than half of those paying $20-a-month. Digital News Music reports: Tobiassen and Saeter interviewed staffers at TIDAL, as well as partners and confidential sources. And the information that came back was pretty damning. "When 16 of the world's biggest pop stars, one a convicted cocaine smuggler and a former Israeli intelligence officer was not able to obtain enough customers to Jay Z's Tidal, the company began to inflate subscription numbers," the report alleges. DMN spoke this morning with Tobiassen, who offered a translation of the report. "On March 30th of last year, Tidal issued a press release stating that the company had reached 'three million members,'" the report states. "The news story reported worldwide was that Tidal had three million paying subscribers. Tidal also specified to online newspaper The Verge that this figure did not include trial subscribers. This was the last time Tidal reported a total number of subscribers to the public." The only problem with that? "In April 2016, one month after the press release issued by the company claiming three million members, Tidal made payments to the record labels for around 850,000 subscribers. The figure reported internally by Tidal in April is 1.2 million subscribers." The report further states that Tidal itself reported a figure of 1.1 million to the major record labels in late 2016. In other words, nowhere near the numbers reported to media outlets like Digital Music News and Verge.
AT&T

Despite Glitches, AT&T's DirecTV Now Hits 200,000 Subscribers in Its First Month (techcrunch.com) 25

AT&T's new live TV streaming service DirecTV Now has been off to a shaky start in terms of performance, but that hasn't stemmed the flow of sign-ups, AT&T reports. The company said the service added more than 200,000 subscribers in its first month of operations. From a report on TechCrunch: These details were included in an SEC filing for the quarter ending on December 31, 2016. DirecTV Now launched on November 30, 2016. The filing also notes the additions only include paying customers. To be clear, there's no free tier for DirecTV Now, but the company has been offering free trials so customers can kick the tires before committing to a subscription plan. Of course, it's not entirely surprising that DirecTV Now was able to gain so many customers in such a short period of time. On paper, at least, the service sounds compelling.
Facebook

Facebook Has a Team That Handles Mark Zuckerberg's Page (cnet.com) 55

theodp writes: Q. How many Facebook employees does it take to produce Mark Zuckerberg's Facebook page? A. More than a dozen! CNET's Ian Sherr offers his take on the news that Facebook has a team that handles Mark Zuckerberg's page: "Ever notice the photos, videos and posts on the profile page for Facebook's CEO are a lot nicer looking or better written than yours? Don't feel bad. Mark Zuckerberg has a team of people who are increasingly managing his public persona, according to a Wednesday report from Bloomberg Businessweek. Not only do they help write speeches and posts, but they also take photographs of his family and his travels, interspersing them with infographics about the company's user growth and sales. There're even people who delete harassing comments and spam for him. A Facebook spokeswoman said the company's service is an easy way for executives to connect with people." Wonder how many people it took to help craft the latest post, in which Zuck fired back at "some misleading stories going around" about "some land" he purchased in Hawaii (which another Zuck post noted also serves as a petting zoo of sorts for his daughter).
The Internet

Netflix Calls Out HBO For Not Letting Subscribers Binge On New Shows (arstechnica.com) 57

An anonymous reader quotes a report from Ars Technica: Netflix has gleefully poked a stick at its competitors in the video streaming market, after revealing it had added more than seven million subscribers to its service in the last three months of 2016. HBO also got a special mention. In a letter to shareholders, the company's boss Reed Hastings teased the TV drama maker by noting that, if the BBC was willing to stream shows before they air on television, then maybe HBO -- which has rigidly stuck to its strategy of eking out episodes to viewers -- should do the same. He said: "[...] the BBC has become the first major linear network to announce plans to go binge-first with new seasons, favoring internet over linear viewers. We presume HBO is not far behind the BBC. In short, it's becoming an Internet TV world, which presents both challenges and opportunities for Netflix as we strive to earn screen time." But it's worth noting that HBO currently has an exclusive deal with Sky in the UK, Ireland, Germany, Austria, and Italy, allowing the broadcaster to have first-run rights on the likes of Game of Thrones and Westworld until 2020 -- so any such change isn't likely to happen in the near-term. Late last year, it struck a deal with Netflix rival Amazon, allowing Prime members in the US to sign up for a monthly HBO subscription. "We have a very successful partnership with this great company that continues to evolve," said HBO exec Sofia Chang in December. The company's HBO Now streaming service shows no sign of shifting strategy, either, with programs airing simultaneously on traditional TV and online.
Communications

5G Internet is the 'Beginning of the Fourth Industrial Revolution' (cnbc.com) 138

Next-generation 5G mobile internet technology marks the beginning of the "fourth industrial revolution," the chief executive of Turkey's leading telecoms player told CNBC on Thursday. From a report: 5G is viewed as a technology that can support the developing Internet of Things (IOT) market, which refers to millions -- or potentially billions -- of internet-connected devices that are expected soon to come on to the market. Kaan Terzioglu, the chief executive of Turkcell, which has a market capitalization of $23 billion, touted the potential of the technology, saying that while 4G revolutionized the consumer market, 5G could transform the industrial space. "I think this is the beginning of the fourth generation of the industrial revolution. This will be the platform linking billions of devices together," Terzioglu told CNBC at the World Economic Forum in Davos. Turkcell has been working on 5G technologies since 2013 and this week completed a test in partnership with Ericsson, using the next-generation internet.
Security

ProtonMail Adds Tor Onion Site To Fight Risk Of State Censorship (techcrunch.com) 26

ProtonMail now has a home on the dark web. The encrypted email provider announced Thursday it will allow its users to access the site through the Tor anonymity service. From a report: Swiss-based PGP end-to-end encrypted email provider, ProtonMail, now has an onion address, allowing users to access its service via a direct connection to the Tor anonymizing network -- in what it describes as an active measure aimed at defending against state-sponsored censorship. The startup, which has amassed more than two million users for its e2e encrypted email service so far, launching out of beta just over a year ago, says it's worried about an increased risk of state-level blocking of pro-privacy tools -- pointing to recent moves such as encryption messaging app Signal being blocked in Egypt, and the UK passing expansive surveillance legislation that mandates tracking of web activity and can also require companies to eschew e2e encryption and backdoor products. The service also saw a bump in sign ups after the election of Donald Trump as US president, last fall -- with web users apparently seeking a non-US based secure email provider in light of the incoming commander-in-chief's expansive digital surveillance powers.
Businesses

Netflix's Subscriber Boom Shows the World is Accepting Internet TV (cnbc.com) 145

Netflix's boom in subscribers is a sign that the world is accepting internet TV, meaning without commercials and on-demand, said CEO Reed Hastings during an earnings call with investors. From a report: "The basic demand is increasing as people get more comfortable and more aware of Internet television where you don't get the commercial interruptions, where you get to watch where and when you want," said Hastings. Netflix reported $2.47 billion in revenue during Q4 2016, and earnings per share of 15 cents. The streaming giant wildly beat its original projections for subscriber additions, bringing in 7.05 million new customers compared to its Q3 estimate of 5.2 million. The majority of adds were from international viewers. Even though some shows -- like "Gilmore Girls" -- started as traditional TV shows before moving to Netflix, a large part of the draw for new subscribers came from original shows. Almost half of the most searched for shows this year were Netflix originals, said Ted Sarandos, chief content officer. The company has 42 launches coming up, including Marvel's "Iron Fist" and Drew Barrymore's zombie comedy "Santa Clarita Diet."
Botnet

Krebs Pinpoints the Likely Author of the Mirai Botnet (engadget.com) 98

The Mirai botnet caused serious trouble last fall, first hijacking numerous IoT devices to make a historically massive Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's site in September before taking down a big chunk of the internet a month later. But who's responsible for making the malware? From a report on Engadget: After his site went dark, security researcher Brian Krebs went on a mission to identify its creator, and he thinks he has the answer: Several sources and corroborating evidence point to Paras Jha, a Rutgers University student and owner of DDoS protection provider Protraf Solutions. About a week after attacking the security site, the individual who supposedly launched the attack, going by the username Anna Senpai, released the source code for the Mirai botnet, which spurred other copycat assaults. But it also gave Krebs the first clue in their long road to uncover Anna Senpai's real-life identity -- an investigation so exhaustive, the Krebs made a glossary of cross-referenced names and terms along with an incomplete relational map.
Firefox

Mozilla's New Logo Reminds Us that It Is, In Fact, a Web Firm (cnet.com) 180

Mozilla has a new logo. The company has ditched the world "ill" from the name with a colon and two slashes. From a report: Last year, Mozilla, the internet company best known for the Firefox browser, publicly started the rebranding process by opening the door to public feedback. With several options on display, Mozilla asked for comments and input from all who cared to share. As of today, the new logo is official and the simple change is meant as a reminder that Mozilla is more than just a browser.
Android

Android Will Now Store Google Searches Offline and Deliver Them When You Get Signal (theverge.com) 35

Google is rolling out an update for its Android app that makes it easier to search on the web with an inconsistent internet connection. Users can make searches when offline and the Google app will store them, delivering the results later (with an optional notification) when the devices get signal again. From a report: As Google product manager Shekhar Sharad writes in a blog post: "So the next time you lose service, feel free to queue up your searches, put your phone away and carry on with your day. The Google app will work behind-the-scenes to detect when a connection is available again and deliver your search results once completed."
Crime

Dutch Developer Added Backdoor To Websites He Built, Phished Over 20,000 Users (bleepingcomputer.com) 122

An anonymous reader quotes a report from BleepingComputer: A Dutch developer illegally accessed the accounts of over 20,000 users after he allegedly collected their login information via backdoors installed on websites he built. According to an official statement, Dutch police officials are now in the process of notifying these victims about the crook's actions. The hacker, yet to be named by Dutch authorities, was arrested on July 11, 2016, at a hotel in Zwolle, the Netherlands, and police proceeded to raid two houses the crook owned, in Leeuwarden and Sneek. According to Dutch police, the 35-years-old suspect was hired to build e-commerce sites for various companies. After doing his job, the developer also left backdoors in those websites, which he used to install various scripts that allowed him to collect information on the site's users. Police say that it's impossible to determine the full breadth of his hacking campaign, but evidence found on his laptop revealed he gained access to over 20,000 email accounts. Authorities say the hacker used his access to these accounts to read people's private email conversations, access their social media profiles, sign-up for gambling sites with the victim's credentials, and access online shopping sites to make purchases for himself using the victim's funds.
Businesses

Verizon Looking To Buy Comcast or Charter, Says Report (nypost.com) 82

"Two well-placed sources" told The New York Post that Verizon is considering purchasing a big cable company to help it grow demand for its wireless data products. The source said the most likely targets would be "Charter or Comcast." New York Post reports: Verizon Chief Executive Lowell McAdam may be getting ready to answer rival ATT's moves to buy DirecTV and Time Warner. To be sure, Verizon is not in talks with any cable company and may not ever make such a move. Still, McAdam has been under pressure recently with Verizon's deal to acquire Yahoo still a question mark months after two major hacks of the internet portal were revealed. The wireless giants operate on 4G wireless networks but are preparing to become a real alternative to the cable company with phone, TV and data services. To do that more effectively, the phone companies are pouring money into 5G connections that can work with cable systems to provide more stable coverage for consumers. McAdam has already given Wall Street analysts and investors big hints that he's looking at a combination with, say, a Charter Communications. In a mid-December meeting with Wall Street analysts, McAdam said a get-together between the two "makes industrial sense." Three weeks later, at CES, his comments to friends make it clear that cable distribution is a path he is exploring, perhaps more seriously than first thought. "For regulatory reasons, Verizon can't dominate in FiOS and cable, so it appears to have to set its sights on cable," an industry source said. Charter could be a seller under the right conditions, the source added, emphasizing that Malone and Charter CEO Tom Rutledge are just getting going on their vision for Charter.
Windows

Windows 10 Privacy Changes Appease Watchdogs, But Still No Data 'Off-Switch' (zdnet.com) 210

Earlier this month, Microsoft announced several privacy changes in Windows 10, but it didn't give users an option to completely opt-out of data-collection feature. The announcement came at a time to coincide with a statement by the Swiss data protection and privacy regulator, the FDPIC, which last week said it would drop its threats of a lawsuit after the company "agreed to implement" a string of recommendations it made last year. The news closed the books on an investigation that began in 2015, shortly after Windows 10 was released. Though the Swiss appear satisfied, other critics are waiting for more. The French data protection watchdog, the CNIL, was equally unimpressed by Microsoft's actions, and it served the company with a notice in July to demand that it clean up its privacy settings. In an email, the CNIL said that the changes "seem to comply" with its complaint, but it's "now analyzing more in [sic] details Microsoft answers in order to know whether all the failures underlined in the formal notice do now comply with the law." ZDNet adds: Microsoft still hasn't said exactly what gets collected as part of the basic level of collection, except that the data is used to improve its software and services down the line; a reasonable ask -- but one that nonetheless lacks specifics. Microsoft said it wants users to "trust" it. And while the likelihood that the company is doing anything nefarious with users' information is frankly unlikely, the running risk is that the data could somehow be turned over to a government agency or even stolen by hackers is inescapable. That risk alone is enough for many to want to keep what's on their computer in their homes. While changing the privacy controls is a move in the right direction, it's still short of what many have called for. By ignoring the biggest privacy complaint from its consumer users -- the ability to switch off data collection altogether -- Microsoft has favored the "just enough" approach to appease the regulators. Without a way to truly opt-out, Microsoft's repeated pledge (eight times in the blog post, no less) to give its users "control" of their data comes off as a hollow soundbite.
China

China Orders App Stores To Join Register (bbc.com) 23

China's internet regulator has ordered mobile app stores to register themselves with it immediately. The Cyberspace Administration of China (CAC) said the move would help "promote the healthy and orderly development of the mobile internet." From a report on BBC: Most smartphones in the country run Android, but Google does not operate its Play Store locally, meaning users go elsewhere to add software. A report last year linked this to the spread of malware. Cheetah Mobile Security -- a Beijing-based firm -- reported that more than 1.4 million Chinese users' mobile devices had been struck by infections as of January 2016, making it the worst afflicted nation. India and Indonesia were in second and third place. This follows previous efforts to censor what appears online, including a recent demand that Apple remove the New York Times from the Chinese version of its iOS App Store. The US newspaper was the first to report the watchdog's move outside of China itself. Because of the Play store's absence, Android users in China typically go to stores operated by local tech giants including Tencent, Xiaomi, Baidu and Huawei.
The Internet

Thousands Of Cubans Now Have Internet Access (ap.org) 70

There's been a dramatic change in one of the world's least-connected countries. An anonymous reader quotes the AP: Since the summer of 2015, the Cuban government has opened 240 public Wi-Fi spots in parks and on street corners across the country... The government estimates that 100,000 Cubans connect to the internet daily. A new feature of urban life in Cuba is the sight of people sitting at all hours on street corners or park benches, their faces illuminated by the screen of smartphones connected by applications such as Facebook Messenger to relatives in Miami, Ecuador or other outposts of the Cuban diaspora...

Cuban ingenuity has spread internet far beyond those public places: thousands of people grab the public signals through commercially available repeaters, imported illegally into Cuba and often sold for about $100 -- double the original price. Mounted on rooftops, the repeaters grab the public signals and create a form of home internet increasingly available in private rentals for tourists and cafes and restaurants for Cubans and visitors alike.

The article also points out that last month, for the first time ever, 2,000 Cubans began receiving home internet access.
Open Source

Ask Slashdot: What's The Best Place To Suggest New Open Source Software? 221

dryriver writes: Somebody I know has been searching up and down the internet for an open source software that can apply GPU pixel shaders (HLSL/GLSL/Cg/SweetFX) to a video and save the result out to a video file. He came up with nothing, so I said "Why not petition the open source community to create such a tool?" His reply was "Where exactly does one go to ask for a new open source software?"

So that is my question: Where on the internet can one best go to request that a new open source software tool that does not exist yet be developed? Or do open source tools only come into existence when someone -- a coder -- starts to build a software, opens the source, and invites other coders to join the fray?

This is a good place to discuss the general logistics of new open source projects -- so leave your best answers in the comments. What's the best place to suggest new open source software?

Slashdot Top Deals