Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
United States

China Chases Silicon Valley Talent Who Are Worried About Trump Presidency (cnbc.com) 42

China is trying to capitalize on President-elect Donald Trump's hardline immigration stance and vow to clamp down on a foreign worker visa program that has been used to recruit thousands from overseas to Silicon Valley. From a report on CNBC: Leading tech entrepreneurs, including Robin Li, the billionaire CEO of Baidu, China's largest search engine, see Trump's plans as a huge potential opportunity to lure tech talent away from the United States. The country already offers incentives of up to $1 million as signing bonuses for those deemed "outstanding" and generous subsidies for start-ups. Meanwhile, the Washington Post last month reported on comments made by Steve Bannon, who is now the president-elect's chief strategist, during a radio conversation with Trump in Nov. 2015. Bannon, the former Breitbart.com publisher, indicated that he didn't necessarily agree with the idea that foreign talent that goes to school in America should stay in America. "When two-thirds or three-quarters of the CEOs in Silicon Valley are from South Asia or from Asia, I think ...," Bannon said, trailing off. "A country is more than an economy. We're a civic society."
Google

Google Preparing 'Invisible ReCAPTCHA' System For No User Interaction (bleepingcomputer.com) 45

An anonymous reader quotes a report from BleepingComputer: Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all. Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology. Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers. The service helped reduce the time needed to fill in forms, and maintained the same high-level of spam detection we've become accustomed from the reCAPTCHA service. The introduction of the new Invisible reCAPTCHA technology is unlikely to make the situation better for Tor users since CloudFlare will likely force them to solve the same puzzle if they come from IPs seen in the past performing suspicious actions. Nevertheless, CloudFlare started working on an alternative.
Security

Dailymotion Hack Exposes Millions of Accounts (zdnet.com) 17

Millions of accounts associated with video sharing site Dailymotion, one of the biggest video platforms in the world, have been stolen. From a ZDNet report: A hacker extracted 85.2 million unique email addresses and usernames from the company's systems, but about one-in-five accounts -- roughly 18.3 million-- had associated passwords, which were scrambled with the bcrypt hashing function, making the passwords difficult to crack. The hack is believed to have been carried out on October 20 by a hacker, whose identity isn't known, according to LeakedSource, a breach notification service, which obtained the data. Dailymotion launched in 2005, and is currently the 113rd most visited website in the world, according to Alexa rankings.
The Almighty Buck

Interns At Tech Companies Are Better Paid Than Most American Workers (qz.com) 144

According to a survey conducted by Jesse Collins, a senior at Purdue University and former Yelp intern, interns at tech companies make much more money on an annualized basis than workers in the vast majority of other occupations. From a report on Quartz: About 300 of the nearly 600 people who responded to the survey said they had received internship offers from big companies like Facebook, Twitter, Yelp, and Goldman Sachs for 2017. On average, the internship recipients said they would be paid $6,500 per month, the equivalent of $78,000 per year (the survey is still open, so results may change). Many also said they would receive more than $1,000 worth of stipends per month for housing and travel or signing bonuses. Internships typically run for a summer, but we've annualized the numbers. If the average intern who responded to Collins' survey were to work for a year, he would make $30,000 more than the average annual income for all occupations in the U.S., which is $48,000. Of the 1,088 occupation categories within which the Bureau of Labor Statistics tracks average income, workers in only about 200 of them on average make more money in a year than the intern would.
AI

Many CEOs Believe Technology Will Make People Largely Irrelevant (betanews.com) 417

An anonymous reader shares a report on BetaNews:Although artificial intelligence (AI), robotics and other emerging technologies may reshape the world as we know it, a new global study has revealed that the many CEOs now value technology over people when it comes to the future of their businesses. The study was conducted by the Los Angeles-based management consultant firm Korn Ferry that interviewed 800 business leaders across a variety of multi-million and multi-billion dollar global organizations. The firm says that 44 percent of the CEOs surveyed agreed that robotics, automation and AI would reshape the future of many work places by making people "largely irrelevant." The global managing director of solutions at Korn Ferry Jean-Marc Laouchez explains why many CEOs have adopted this controversial mindset, saying: "Leaders may be facing what experts call a tangibility bias. Facing uncertainty, they are putting priority in their thinking, planning and execution on the tangible -- what they can see, touch and measure, such as technology instruments."
Media

Netflix Keeping Bandwidth Usage Low By Encoding Its Video With VP9 and H.264/AVC Codecs (slashgear.com) 71

Netflix announced last week that it is getting offline video downloads support. The company has since shared that it is using VP9 video compression codec to ensure that the file sizes don't weigh a lot. An anonymous reader shares an article on Slashgear (edited): For streaming content, Netflix largely relies on H.264/AVC to reduce the bandwidth, but for downloading content, it uses VP9 encoding. VP9 can allow better quality videos for the same amount of data needed to download. The challenge is that VP9 isn't supported by all streaming providers -- it is supported on Android devices and via the Chrome browser. So to get around that lack of support on iOS, Netflix is offering downloads in H.264/AVC High whereas streams are encoded in H.264/AVC Main on such devices. Netflix chooses the optimal encoding format for each title on its service after finding, for instance, that animated films are easier to encode than live-action. Netflix says that H.264 High encoding saves 19% bandwidth compared to other encoding standards while VP9 saves 36%.
The Courts

Embedding Isn't Copyright Infringement, Says Italian Court (arstechnica.co.uk) 24

The appeal court of Rome has overturned one of the 152 website blocks another court imposed last month, and ruled that embedding does not constitute a copyright infringement. From an ArsTechnica report: The order against the Italian site Kisstube is annulled, but the other websites remain blocked. Kisstube is a YouTube channel, which also exists as a standalone website that does not host any content itself, linking instead to YouTube. Both the channel and website arrange content by categories for the convenience of users. The Italian court's decision was informed by an important ruling by the Court of Justice of the European Union (CJEU). In the BestWater case, the CJEU held that embedding or framing a video or image from another website is not copyright infringement if the latter is already accessible to the general public. However, another CJEU judgment ruled that posting hyperlinks to pirated copies of material is only legal provided it is done without knowledge that they are unauthorised versions, and it is not carried out for financial gain.
Microsoft

Does Windows 10's Data Collection Trade Privacy For Microsoft's Security? (pcworld.com) 172

jader3rd shares an article from PC World arguing that Windows 10's data collection "trades your privacy for Microsoft's security." [Anonymized] usage data lets Microsoft beef up threat protection, says Rob Lefferts, Microsoft's director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender... For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences.

Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns, Microsoft needs access to technical data, such as what processes are consuming system resources, hardware diagnostics, and file-level information like which applications had which files open, Lefferts says. Taken together, the hardware information, application details, and device driver data can be used to identify parts of the operating system are exposed and should be isolated into virtual containers.

The article points out that unlike home users, enterprise users of Windows 10 can select a lower level of data-sharing, but argues that enterprises "need to think twice before turning off Windows telemetry to increase corporate privacy" because Windows Update won't work without information about whether previous updates succeeded or failed.
Security

70 Laptops Got Left Behind At An Airport Security Checkpoint In One Month (bravotv.com) 166

America's Transportation Security Administration has been making some surprising announcements on social media. An anonymous reader writes: A TSA spokesperson says 70 laptops were left behind in just one month at an airport security checkpoint in Newark. "And yes, there are plenty of shiny MacBooks in that pile," reported BravoTV, "which can cost in the $2,000 range new." The TSA shared an image of the 70 laptops on their Instagram page and on Twitter, prompting at least one mobile project designer to reclaim his laptop. "The most common way laptops are forgotten is when traveler's stack a bin on top of the bin their laptop is in," the TSA warns. "Out of sight out of mind."
The TSA is also sharing pictures on social media of the 70 guns they confiscated at security checkpoints in one week in November, reporting they've also confiscated a blowtorch, batarangs, and a replica of that baseball bat from "The Walking Dead". They're reporting they found 33 loaded firearms in carry-on luggage in one week, and remind readers that gun-carrying passengers "can face a penalty as high as $11,000. This is a friendly reminder to please leave these items at home."
United States

Sysadmin Gets Two Years In Prison For Sabotaging ISP (bleepingcomputer.com) 129

After being let go over a series of "personal issues" with his employer, things got worse for 26-year-old network administrator Dariusz J. Prugar, who will now have to spend two years in prison for hacking the ISP where he'd worked. An anonymous reader writes: Prugar had used his old credentials to log into the ISP's network and "take back" some of the scripts and software he wrote... "Seeking to hide his tracks, Prugar used an automated script that deleted various logs," reports Bleeping Computer. "As a side effect of removing some of these files, the ISP's systems crashed, affecting over 500 businesses and over 5,000 residential customers."

When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.

Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015). Prugar's two-year prison sentence begins December 27.
Security

Crooks Need Just Six Seconds To Guess A Credit Card Number (independent.co.uk) 108

schwit1 quotes The Independent: Criminals can work out the card number, expiration date, and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found... Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack...

According to a study published in the academic journal IEEE Security & Privacy, fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously. Within seconds, by a process of elimination, the criminals could verify the correct card number, expiration date and the three-digit security number on the back of the card.

One of the researchers explained this attack combines two weaknesses into one powerful attack. "Firstly, current online payment systems do not detect multiple invalid payment requests from different websites... Secondly, different websites ask for different variations in the card data fields to validate an online purchase. This means it's quite easy to build up the information and piece it together like a jigsaw puzzle."
Iphone

iOS's 'Activation Lock' For Stolen iPads And iPhones Can Be Easily Bypassed (computerworld.com) 54

An anonymous reader quotes ComputerWorld: Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner... One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. [Security researcher] Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.

The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it... "After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock," he said in a blog post.

There's also a five-minute video on YouTube which purports to show a newer version of the same attack.
Encryption

Encryption Backdoor Sneaks Into UK Law (theregister.co.uk) 135

Coisiche found a disturbing article from The Register about the U.K.'s new "Snoopers' Charter" law that has implications for tech companies around the world: Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the U.K. government to undermine encryption and demand surveillance backdoors... As per the final wording of the law, comms providers on the receiving end of a "technical capacity notice" will be obliged to do various things on demand for government snoops -- such as disclosing details of any system upgrades and removing "electronic protection" on encrypted communications. Thus, by "technical capability," the government really means backdoors and deliberate security weaknesses so citizens' encrypted online activities can be intercepted, deciphered and monitored... At the end of the day, will the U.K. security services be able to read your email, your messages, your posts and private tweets, and your communications if they believe you pose a threat to national security? Yes, they will.
The bill added the Secretaries of State as a required signatory to the "technical capacity" notices, which "introduces a minor choke-point and a degree of accountability." But the article argues the law ultimately anticipates the breaking of encryption, and without customer notification. "The U.K. government can certainly insist that a company not based in the U.K. carry out its orders -- that situation is specifically included in the new law -- but as to whether it can realistically impose such a requirement, well, that will come down to how far those companies are willing to push back and how much they are willing to walk away from the U.K. market."
Security

The 'USB Killer' Has Been Mass Produced -- Available Online For About $50 (arstechnica.com) 237

New submitter npslider writes: The "USB Killer," a USB stick that fries almost everything that it is plugged into, has been mass produced -- available online for about $50. Ars Technica first wrote about this diabolical device that looks like a fairly humdrum memory stick a year ago. From the report: "The USB Killer is shockingly simple in its operation. As soon as you plug it in, a DC-to-DC converter starts drawing power from the host system and storing electricity in its bank of capacitors (the square-shaped components). When the capacitors reach a potential of -220V, the device dumps all of that electricity into the USB data lines, most likely frying whatever is on the other end. If the host doesn't just roll over and die, the USB stick does the charge-discharge process again and again until it sizzles. Since the USB Killer has gone on sale, it has been used to fry laptops (including an old ThinkPad and a brand new MacBook Pro), an Xbox One, the new Google Pixel phone, and some cars (infotainment units, rather than whole cars... for now). Notably, some devices fare better than others, and there's a range of possible outcomes -- the USB Killer doesn't just nuke everything completely." You can watch a video of EverythingApplePro using the USB Killer to fry a variety of electronic devices. It looks like the only real defense from the USB Killer is physically capping your ports.
Security

Hackers Steal $31 Million at Russia's Central Bank (cnn.com) 78

The Bank of Russia has confirmed Friday that hackers have stolen 2 billion rubles ($31 million) from correspondent accounts at the Russian central bank. Central bank security executive Artiom Sychev said it could've been much worse as hackers tried to steal 5 billion rubles, but the central banking authority managed to stop them. CNNMoney reports: Hackers also targeted the private banks and stole cash from their clients, the central bank reported. The central bank did not say when the heist occurred or how hackers moved the funds. But so far, the attack bears some similarity to a recent string of heists that has targeted the worldwide financial system. Researchers at the cybersecurity firm Symantec have concluded that the global banking system has been under sustained attack from a sophisticated group -- dubbed "Lazarus" -- that has been linked to North Korea. But it's unclear who has attacked Russian banks this time around. Earlier Friday, the Russian government claimed it had foiled an attempt to erode public confidence in its financial system. Russian's top law enforcement agency, the FSB, said hackers were planning to use a collection of computer servers in the Netherlands to attack Russian banks. Typically, hackers use this kind of infrastructure to launch a "denial of service" attack, which disrupts websites and business operations by flooding a target with data. The FSB said hackers also planned to spread fake news about Russian banks, sending mass text messages and publishing stories on social media questioning their financial stability and licenses to operate.

Slashdot Top Deals