L-One-L-One (173461) writes In a surprise move, nine months after being bought by Facebook, WhatsApp has begun rolling out end-to-end encryption for its users. With true end-to-end encryption data becomes unaccessible to admins of WhatsApp or law enforcement authorities. This new feature first proposed on Android only has been developed in cooperation with Open Whisper Systems, based on TextSecure. With hundreds of million users, WhatsApp becomes by far the largest secure messaging application. FBI Director James Comey might not be pleased. Do you have a current favorite for encrypted online chat?
Become a fan of Slashdot on Facebook
angry tapir writes An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient. The botnet is mainly used for instant message spam and rogue ticket purchases, but it could be used to launch targeted attacks against corporate networks because the malware allows attackers to use the infected devices as proxies, according to security researchers.
Nerval's Lobster writes As an emerging company in a hotly contested space, Uber already had a reputation for playing hardball with competitors, even before reports leaked of one of its executives threatening to dig into the private lives of journalists. Faced with a vicious competitive landscape, Uber executives probably feel they have little choice but to plunge into multi-front battle. As the saying goes, when you're a hammer, everything looks like a nail; and when you're a startup that thinks it's besieged from all sides by entities that seem determined to shut you down, sometimes your executives feel the need to take any measure in order to keep things going, even if those measures are ethically questionable. As more than one analyst has pointed out, Uber isn't the first company in America to triumph through a combination of grit and ethically questionable tactics; but it's also not the first to implode thanks to the latter. Is a moral compass (or at least the appearance of one) a hindrance or a help for startups?
Rambo Tribble writes: The commissioners at the FCC are expected to vote, on December 11, on a proposal by Chairman Tom Wheeler to increase the funding for the nation's largest educational technology subsidy program, E-Rate, by 62 percent. The proposal is intended to be paid for by higher fees on phone service. The increased cost is pegged at $1.92 a year, per telephone line. Support for the proposal, or lack thereof, appears to be falling along partisan lines. To quote Wheeler, however, "Almost two-thirds of American schools cannot appropriately connect their students to the 21st century."
Peter Eckersley writes: Today EFF, Mozilla, Cisco, and Akamai announced a forthcoming project called Let's Encrypt. Let's Encrypt will be a certificate authority that issues free certificates to any website, using automated protocols (demo video here). Launching in summer 2015, we believe this will be the missing piece that deprecates the woefully insecure HTTP protocol in favor of HTTPS.
mrspoonsi writes Microsoft has announced that they will be pushing an out-of-band security patch today. The patch, which affects nearly all of the company's major platforms, is rated 'critical' and it is recommended that you install the patch immediately. The patch is rated 'critical' because it allows for elevation of privileges and will require a restart. The platforms that are affected include: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1. Windows 10 Technical Preview customers are affected, too.
ErichTheRed writes Perhaps this is the sign that the Web 2.0 bubble is finally at its peak. CNN produced a piece on DevBootcamp, a 19-week intensive coding academy designed to turn out Web developers at a rapid pace. I remember Microsoft and Cisco certification bootcamps from the peak of the last tech bubble, and the flood of under-qualified "IT professionals" they produced. Now that developer bootcamps are in the mainsteam media, can the end of the bubble be far away?
Nerval's Lobster writes Over at Dice, there's a discussion of the technologies that could actually alter how you work (and what you work on) over the next few years, including 3D printing, embedded systems, and evolving Web APIs. Granted, predicting the future with any accuracy is a nigh-impossible feat, and a lot of nascent technologies come with an accompanying amount of hype. But given how these listed technologies have actually been around in one form or another for years, and don't seem to be fading away, it seems likely that they'll prove an increasing factor in how we live and work over the next decade and beyond. For those who have no interest in mastering aspects of the so-called "Internet of Things," or other tech on this list, never fear: if the past two decades have taught us anything, it's that lots of old hardware and software never truly goes away, either (hi, mainframes!).
Hot on the heels of recent cyber attacks on NOAA, the USPS, and the White House, the New York Times reports that the U.S. State Department has also suffered an online security breach, though it's not clear who to blame. “This has impacted some of our unclassified email traffic and our access to public websites from our main unclassified system,” said one senior State Department official, adding that the department expected its systems to be up soon. ....The breach at the White House was believed to be the work of hackers in Russia, while the breaches at NOAA and the Postal Service were believed to the work of hackers inside China. Attributing attacks to a group or nation is difficult because hackers typically tend to route their attack through compromised web servers all over the world. A senior State Department official said the breach was discovered after “activity of concern” was detected on portions of its unclassified computer system. Officials did not say how long hackers may have been lurking in those systems, but security improvements were being added to them on Sunday.
When it comes to tablets, Google doesn't even follow its own design guidelines." That's the upshot of Ars Technica writer Andew Cunningham's detailed, illustrated look at how Android handles screens much larger than seven inches, going back to the first large Android tablets a few years ago, but including Android 5.0 (Lollipop) on the Nexus 10 and similar sized devices. Cunningham is unimpressed with the use of space for both practical and aesthetic reasons, and says that problems crop up areas that are purely under Google's control, like control panels and default apps, as well as (more understandably) in third party apps. The Nexus 10 took 10-inch tablets back to the "blown-up phone" version of the UI, where buttons and other UI stuff was all put in the center of the screen. This makes using a 10-inch tablet the same as using a 7-inch tablet or a phone, which is good for consistency, but in retrospect it was a big step backward for widescreen tablets. The old interface put everything at the edges of the screen where your thumbs could easily reach them. The new one often requires the pointer finger of one of your hands or some serious thumb-stretching. ... If anything, Lollipop takes another step backward here. You used to be able to swipe down on the left side of the screen to see your notifications and the right side of the screen to see the Quick Settings, and now those two menus have been unified and placed right in the center of the screen. The Nexus 10 is the most comfortable to use if it's lying flat on a table or stand and Lollipop does nothing to help you out there.
An anonymous reader writes I run the IT department for a medium-sized online retailer, and we own a set of marketing toll-free numbers that route to our VoIP system for sales. Yesterday we began receiving dozens and now hundreds of calls from non-customers claiming that we're calling out from our system and offering them $1 million in prizes and asking for their checking account details (a classic phishing scheme). After verifying that our own system wasn't compromised, we realized that someone was spoofing the Caller ID of our company on a local phone number, and then they were forwarding call-backs to their number to one of our 1-800 numbers. We contacted the registered provider of the scammer's phone number, Level3, but they haven't been able to resolve the issue yet and have left the number active (apparently one of their sub-carriers owns it). At this point, the malicious party is auto-dialing half of the phone book in the DC metro area and it's causing harm to our business reputation. Disabling our inbound 800 number isn't really possible due to the legitimate marketing traffic. Do you have any suggestions?
An anonymous reader writes Computer scientists have developed Linux based software that not only detects and eradicates never-before-seen viruses and other malware, but also automatically repairs damage caused by them. If a virus or attack stops the service, A3 could repair it in minutes without having to take the servers down. The software then prevents the invader from ever infecting the computer again. "It's pretty cool when you can pick the Bug of the Week and it works." (Here's a paper with more details.)
MojoKid (1002251) writes One of the disadvantages to buying an Apple system is that it generally means less upgrade flexibility than a system from a traditional PC OEM. Over the last few years, Apple has introduced features and adopted standards that made using third-party hardware progressively more difficult. Now, with OS X 10.10 Yosemite, the company has taken another step down the path towards total vendor lock-in and effectively disabled support for third-party SSDs. We say "effectively" because while third-party SSDs will still work, they'll no longer perform the TRIM garbage collection command. Being able to perform TRIM and clean the SSD when it's sitting idle is vital to keeping the drive at maximum performance. Without it, an SSD's real world performance will steadily degrade over time. What Apple did with OS X 10.10 is introduce KEXT (Kernel EXTension) driver signing. KEXT signing means that at boot, the OS checks to ensure that all drivers are approved and enabled by Apple. It's conceptually similar to the device driver checks that Windows performs at boot. However, with OS X, if a third-party SSD is detected, the OS will detect that a non-approved SSD is in use, and Yosemite will refuse to load the appropriate TRIM-enabled driver.
jones_supa writes OpenGL support under GTK is getting into good shape for providing a nice, out-of-the-box experience by default on key platforms for the GTK+ 3.16 / GNOME 3.16 release in March. For a few weeks now within mainline GTK+ has been native OpenGL support and as part of that a new GtkGLArea widget for allowing OpenGL drawing within GTK applications. Since that initial work landed, there's been more GTK+ OpenGL code progressing that right now primarily benefits Linux X11 and Wayland users. While good progress is being made and improvements still ongoing to the GNOME toolkit, GNOME developers are requesting help in ensuring other GTK+ backends can benefit from this OpenGL support. If you are using or planning to use GTK+ 3 on Windows or OS X, and you know how to use OpenGL on those two platforms, please consider helping out the GTK+ developers by implementing the GdkGLContext API using WGL and AppleGL.
An anonymous reader writes News suggesting that Microsoft plans to offer Windows 10 upgrades for all its Windows Phone 8 devices broke today. "It's our intention to enable a Windows 10 upgrade for Lumia Windows Phone 8 smartphones," a Microsoft spokesperson told VentureBeat. "At this early stage in the development process, and given the vast portfolio of Windows devices worldwide, we can't predict that all devices will be upgradeable, but it is our intention that the Lumia smartphone line be upgradeable to Windows 10."
An anonymous reader writes Version 10.1 of the venerable FreeBSD operating system has been released. The new version of FreeBSD offers support for booting from UEFI, automated generation of OpenSSH keys, ZFS performance improvements, updated (and more secure) versions of OpenSSH and OpenSSL and hypervisor enhancements. FreeBSD 10.1 is an extended support release and will be supported through until January 1, 2017. Adds reader aojensen: As this is the second release of the stable/10 branch, it focuses on improving the stability and security of the 10.0-RELEASE, but also introduces a set of new features including: vt(4) a new console driver, support for FreeBSD/i386 guests on the bhyve hypervisor, support for SMP on armv6 kernels, UEFI boot support for amd64 architectures, support for the UDP-Lite protocol (RFC 3828) support on both IPv4 and IPv6, and much more. For a complete list of changes and new features, the release notes are also available.
itwbennett writes Facebook has just started testing lithium-ion batteries as the backup power source for its server racks and plans to roll them out widely next year. Lithium-ion has been too expensive until now, says Matt Corddry, Facebook's director of hardware engineering, but its use in electric cars has changed the economics. It's now more cost effective than the bulky, lead-acid batteries widely used in data centers today.
An anonymous reader writes A former researcher at Columbia University's Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco's 'Netflow' package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the 'victim' client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: 'it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods  to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.'
alphadogg writes Three days after security company FireEye warned of an iPhone/iPad threat dubbed "Masque Attack", the U.S. government has issued a warning of its own about this new risk by malicious third-party apps to Apple iOS devices. US-CERT warned: "This attack works by luring users to install an app from a source other than the iOS App Store or their organizations' provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link." Revelations of Masque came on the heels of a related exploit (that also threatens Macs) called WireLurker.