Security

Avast SafeZone Browser Lets Attackers Access Your Filesystem (softpedia.com) 4

An anonymous reader writes: Just two days after Comodo's Chromodo browser was publicly shamed by Google Project Zero security researcher Tavis Ormandy, it's now Avast's turn to be publicly scorned for failing to provide a "secure" browser for its users. Called SafeZone, and also known as Avastium, Avast's custom browser is offered as a bundled download for all who purchase or upgrade to a paid version of Avast Antivirus 2016. This poor excuse of a browser was allowing attackers to access files on the user's filesystem just by clicking on malicious links. The browser wouldn't even have to be opened, and the malicious link could be clicked in "any" browser.
Bug

Some Reversible USB-C Cables/Adapters Could Cause Irreversible Damage 87

TheRealHocusLocus writes: Three Decembers ago I lauded the impending death of the trapezoid. Celebration of the rectangle might be premature however, because in the rush-to-market an appalling number of chargers, cables and legacy adapters have been discovered to be non-compliant. There have been performance issues with bad USB implementation all along, but now — with improved conductors USB-C offers to negotiate up to 3A in addition the 900ma base, so use of a non-compliant adapter may result in damage. Google engineer and hero Benson Leung has been waging a one-man compliance campaign of Amazon reviews to warn of dodgy devices and praise the good. Reddit user bmcclure937 offers a spreadsheet summary of the reviews. It's a jungle out there, don't get fried.
DRM

In Japan, a Battle Brewing Over the Right To Record 4k and 8k Broadcasts (itmedia.co.jp) 98

AmiMoJo writes: Japanese broadcasters have indicated that 4k and 8k broadcasts may have recording disabled via a 'do not copy' flag [via Google Translate], which receivers would be expected to obey. Now the Internet Users Association (MIAU) and Shufuren (Housewives Federation) have submitted documentation opposing the ban. The document points out that the ban will only inconvenience the majority of the general audience, while inevitably failing to prevent unauthorized copying by anyone determined to circumvent the protection.
Education

K-12 CS Framework Draft: Kids Taught To 'Protect Original Ideas' In Early Grades 128

theodp writes: Remember that Code.org and ACM-bankrolled K-12 Computer Science Education Framework that Microsoft, Google, Apple, and others were working on? Well, a draft of the framework was made available for review on Feb. 3rd, coincidentally just 3 business days after U.S. President Barack Obama and Microsoft President Brad Smith teamed up to announce the $4+ billion Computer Science for All initiative for the nation's K-12 students. "Computationally literate citizens have the responsibility to learn about, recognize, and address the personal, ethical, social, economic, and cultural contexts in which they operate," explains the section on Fostering an Inclusive Computing Culture, one of seven listed 'Core K-12 CS Practices'. "Participating in an inclusive computing culture encompasses the following: building and collaborating with diverse computational teams, involving diverse users in the design process, considering the implication of design choices on the widest set of end users, accounting for the safety and security of diverse end users, and fostering inclusive identities of computer scientists." Hey, do as they say, not as they do! Also included in the 10-page draft (pdf) is a section on Law and Ethics, which begins: "In early grades, students differentiate between responsible and irresponsible computing behaviors. Students learn that responsible behaviors can help individuals while irresponsible behaviors can hurt individuals. They examine legal and ethical considerations for obtaining and sharing information and apply those behaviors to protect original ideas."
Advertising

Samsung's AdBlock Fast Removed From the Play Store (androidheadlines.com) 163

New submitter Alexander Maxham writes with the news reported at Android Headlines that Samsung's ad-blocking Android app called AdBlock Fast "was apparently ousted from the Play Store for violating section 4.4 of the Developer Distribution Agreement, stating that an app cannot disrupt or interfere with devices, networks or other parties' apps and services. (Also noted by Engadget.)
Google

Google Targets Fake "Download" and "Play" Buttons (torrentfreak.com) 116

AmiMoJo writes: Google says it will go to war against the fake 'download' and 'play' buttons that attempt to deceive users on file-sharing and other popular sites. According to a new announcement from the company titled 'No More Deceptive Download Buttons', Google says it will expand its eight-year-old Safe Browsing initiative to target some of the problems highlighted above. 'You may have encountered social engineering in a deceptive download button, or an image ad that falsely claims your system is out of date. Today, we're expanding Safe Browsing protection to protect you from such deceptive embedded content, like social engineering ads,' the company says.
Security

Chromodo Browser Disables Key Web Security (thestack.com) 53

An anonymous reader writes: A Google Security Research update has claimed that Comodo's internet browser Chromodo, based on the open-source project Chromium, contains significant security failings and puts its users at risk. This week's Google alert suggested that the Chromodo browser – available as a standalone download, as well as part of the company's Security package – is less secure than it promises. According to analysis, the browser is disabling the Same Origin policy, hijacking DNS settings, and replacing shortcuts with Chromodo links, among other security violations.
Businesses

Magic Leap Raises $794 Million To Accelerate Adoption of Secretive AR Tech (roadtovr.com) 51

An anonymous reader writes: A massive new $794 million Series C investment in secretive AR startup Magic Leap puts the company among the world's most valuable startups, now reportedly valued at $4.5 billion. The company has aggressively teased what they believe to be revolutionary augmented reality display technology, allowing a mixture of the real and virtual dimensions in a way previously not achieved. Although they've played coy to the public, offering little more than bold claims, investors like Alibaba, Google Ventures, and Qualcomm Ventures have bought into the company's vision to the tune of $1.39 billion in total raised by Magic Leap thus far. Also at Network World, which notes that their demo must be amazing.
Data Storage

Barracuda Copy Shutting Down (barracuda.com) 52

New submitter assaf07 writes: I received a notification [Monday] that Barracuda's excellent online storage option Copy will be shuttting down in May. A blog post by Rod Matthews, VP of Storage at Barracuda gives the usual business doublespeak excuse. Having used Google's Drive, Box, Dropbox, and Spideroak, I am very disappointed to lose Copy as its native Linux, Android, IOS, and Windows clients are/were wonderful.
Google

Google To Take 'Apple-Like' Control Over Nexus Phones (droid-life.com) 179

Soulskill writes: According to a (paywalled) report in The Information, Google CEO Sundar Pichai wants the company to take greater control over development of their Nexus smartphones. When producing Nexus phones, Google has always partnered with manufacturers, like Samsung, LG, and HTC, who actually built the devices. Rather than creating a true revenue stream, Google's main goal has been to provide a reference for what Android can be like without interference from carriers and manufacturers. (For example, many users are frustrated by Samsung's TouchWiz skin, as well as the bloatware resulting from deals with carriers.

But now, Google appears to want more control. The report indicates Google wants to do a better job of competing throughout the market. They want to compete with Apple on the high end, but also seem concerned that manufacturers haven't put enough effort into quality budget phones. The article at Droid-Life argues, "We all know that Nexus phones will never be household items until Google puts some marketing dollars behind them. Will a top-to-bottom approach finally push them to do that?"

Privacy

Ask Slashdot: How Do I Reduce Information Leakage From My Personal Devices? 255

Mattcelt writes: I find that using an ad-blocking hosts file has been one of the most effective way to secure my devices against malware for the past few years. But the sheer number of constantly-shifting server DNs to block means I couldn't possibly manage such a list on my own. And finding out today that Microsoft is, once again, bollocks at privacy (no surprise there) made me think I need to add a new strategic purpose to my hosts solution — specifically, preventing my devices from 'phoning home'. Knowing that my very Operating Systems are working against me in this regard incenses me, and I want more control over who collects my data and how. Does anyone here know of a place that maintains a list of the servers to block if I don't want Google/Apple/Microsoft to receive information about my usage and habits? It likely needs to be documented so certain services can be enabled or disabled on an as-needed basis, but as a starting point, I'll gladly take a raw list for now.
Spam

Ask Slashdot: Why Are Major Companies Exiting the Spam Filtering Business? (slashdot.org) 242

broswell writes: For years we used Postini for spam filtering. Google bought Postini in 2007, operated it for 5 years and then began shutting it down. Then we moved to MX Logic. McAfee bought MX Logic, and McAfee was purchased by Intel. Now Intel is shutting down the service. Neither company chose to raise prices, or spin off the division. Anyone want to speculate on the reasons?
Security

Google Will Soon Let You Know By Default When Websites Are Unencrypted (softpedia.com) 216

An anonymous reader writes: Permanent changes are planned for future Google Chrome releases, which will add a big shiny red cross in the URL bar if the website you're accessing is not using HTTPS. Google says it is planning to add this to Chrome by the end of 2016, after one of its developers proposed the idea back in December 2014. Many have argued that the web is predominantly unencrypted, so they're displaying a persistent and ambiguous error message for a large portion of the Internet. Since unencrypted content is not an error state, the Chrome team should use alternate iconography, because the default error message this will just confuse average people, and it will encourage error blindness.
Google

Google Testing Project Loon: Concerns Are Without Factual Basis (thestack.com) 78

An anonymous reader writes: In a filing submitted to the FCC, Google has stated that while concerns for health and environmental risks posed by Project Loon testing were 'genuinely held,' 'there is no factual basis for them.' Google's filing attempts to address a wide range of complaints, from environmental concerns related to increased exposure to RF and microwave radiation, to concerns for loss of control and crashes of the balloons themselves. First, it states that its proposed testing poses no health or environmental risks, and is all well within the standards of experimentation that the FCC regularly approves. It also pledges to avoid interference with any other users of the proposed bandwidth, by collocating transmitters on shared platforms and sharing information kept current daily by an FCC-approved third party database manager.
Classic Games (Games)

Computer Beats Go Champion 149

Koreantoast writes: Go (weiqi), the ancient Chinese board game, has long been held up as one of the more difficult, unconquered challenges facing AI scientists... until now. Google DeepMind researchers, led by David Silver and Demis Hassabis, developed a new algorithm called AlphaGo, enabling the computer to soundly defeat European Go champion Fan Hui in back-to-back games, five to zero. Played on a 19x19 board, Go players have more than 300 possible moves per turn to consider, creating a huge number of potential scenarios and a tremendous computational challenge. All is not lost for humanity yet: DeepMind is scheduled to face off in March with Lee Sedol, considered one of the best Go players in recent history, in a match compared to the Kasparov-Deep Blue duels of previous decades.
Communications

The Telecommunications Ball Is Now In Cuba's Court 59

lpress writes: The FCC has dropped Cuba from its exclusion list (PDF), so there are now no restrictions on U.S. telecom company dealings with ETECSA, the Cuban government telecommunication monopoly, or any other Cuban organization. Last week the U.S. sent its second high-level telecommunication delegation to Cuba. The delegates were FCC Chairman Tom Wheeler and other government officials plus representatives of Cisco, Comcast, and Ericsson. Some of the news: there are at least 6 proposals for an undersea cable between Havana and Florida; Cisco has proposed a Network Academy at Cuba's leading computer science university (Chinese infrastructure dominates today); 4G mobile connectivity was discussed and Google was conspicuously absent. The time for Cuba to act is now — while President Obama is still in office.
Bug

Discrepancy Detected In GPS Time 187

jones_supa writes that on Tuesday, 26th January, Aalto University's Metsähovi observatory located in Kirkkonummi, Finland, detected a rare anomaly in time reported by the GPS system (Google translation). The automatic monitoring system of a hydrogen maser atomic clock triggered an alarm which reported a deviation of 13.7 microseconds. While this is tiny, it is a sign of a problem somewhere, and does not exclude the possibility of larger timekeeping problems happening. The specific source of the problem is not known, but candidates are a faulty GPS satellite or an atomic clock placed in one. Particle flare-up from sun is unlikely, as the observatory has currently not detected unusually high activity from sun.
AI

Microsoft Releases Its Deep Learning Toolkit On GitHub (microsoft.com) 53

An anonymous reader writes: Microsoft is moving its machine learning Computational Network Toolkit (CNTK) from its own hosting site, CodePlex, to GitHub. They're also putting it under the MIT open source license. The move marks an effort to make it easier for developers to collaborate on building their own deep learning applications using the CNTK. Under the CodePlex license, access was restricted to academics only, and it was wholly targeted to that audience. Now that it's opening the project to everyone, Microsoft hopes to attract a greater number of developers, and a wider variety as well. This follows similar releases from Google and Baidu.
Transportation

Insurance Companies Looking For Fallback Plans To Survive Driverless Cars (csmonitor.com) 293

An anonymous reader writes: Driverless cars could mean a huge downsizing of the auto insurance industry, as the frequency of accidents declines and liability shifts from the driver to the vehicle's software or automaker. This is compounded by the rise of ride-sharing services. Once summoning a vehicle to take you somewhere isn't limited by the number of people available to drive them (and are correspondingly cheaper), car ownership is likely to decline. Many major automakers and tech companies are throwing billions of research dollars into making this happen, and insurance companies are trying to figure out how to survive. For example, a recent patent application shows State Farm is betting on collecting massive amounts of data about you. While they'll no doubt use it to set your insurance rates, they also plan to "send you advice, alerts, coupons or discounts on insurance or other goods and services." Traveler's Insurance is thinking along somewhat similar lines. They want to create "a device that offers specific suggestions for managing errands and other travel. Customers would be able to see a map of 'risk zone' data for places they want to go, such as stores, restaurants and roads. They could then plan the day 'with an eye toward how risky such endeavors may be,' according to the patent application."
Security

Amazon's Customer Service Backdoor (medium.com) 131

An anonymous reader writes: Eric Springer describes his recent troubles with Amazon to highlight one of the biggest weak points in information security: customer service. You can use complex passwords and two-factor authentication all you want — all it takes is a low-level representative trying to be helpful and your account information is now compromised. In this case, a bad actor was able to use Amazon's online chat support and a fake address to get the rep to tell him Springer's real address and phone number. That was enough to commit fraud with a couple of unrelated online services. Springer complained, but months later the same thing happened again. That time, he had Amazon put a note on his account not to give out his details.

But that didn't help; the attacker contacted Amazon's phone support line instead, and gathered yet more information. Springer writes, "At this point, Amazon has completely betrayed my trust three times. I have done absolutely everything in my power to secure my account, but it's hopeless. I am in the process of closing my Amazon account, and migrating as much to Google services which seem significantly more robust at stopping these attacks." Springer's advice for fixing this: "Never do customer support unless the user can log in to their account. The only exception to this would be if the user forgot the password, and there should be a very strict policy." He also says email services should make aliases easier, and whois protection should be default.

Slashdot Top Deals