Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Operating Systems

Researchers Bypass ASLR Protection On Intel Haswell CPUs ( 71

An anonymous reader writes: "A team of scientists from two U.S. universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research," reports Softpedia. The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory -- the very thing that ASLR protection was meant to hide. While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows. From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing. You can read the research paper, titled "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR," here.

Czechs Arrest Russian Hacker Wanted By FBI ( 55

Bookworm09 quotes a report from New York Times (paywalled, alternate source): A man identified as a Russian hacker suspected of pursuing targets in the United States has been arrested in the Czech Republic, the police announced Tuesday evening. The suspect was captured in a raid at a hotel in central Prague on Oct. 5, about 12 hours after the authorities heard that he was in the country, where he drove around in a luxury car with his girlfriend, according to the police. The man did not resist arrest, but he had medical problems and was briefly hospitalized, the police said in a statement. The FBI said in a statement that the man was "suspected of conducting criminal activities targeting U.S. interests. As cybercrime can originate anywhere in the world, international cooperation is crucial to successfully defeat cyber adversaries." ABC News reports: "Prague's Municipal Court will now have to decide on his extradition to the United States, with Justice Minister Robert Pelikan having the final say. Russian officials, however, are demanding that the suspect be handed over to them. Spokeswoman Marketa Puci said the court ruled on Oct. 12 that the man will remain in detention until the extradition hearing. No date has yet been set. U.S. authorities have two months to deliver to their Czech counterparts all of the documents necessary for the Czech authorities to decide on the extradition request."

Donald Trump Running Insecure Email Servers ( 415

Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out his inboxes aren't that secure either. From a report on The Register: Security researcher Kevin Beaumont discovered the Trump organization uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization's domain,, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months. In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That's particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. "Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down," the UK-based researcher concludes. Beaumont's findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.
Operating Systems

OMGUbuntu: 'Why Use Linux?' Answered in 3 Short Words ( 258

Linux-focused blog OMGUbuntu's Joey-Elijah Sneddon shared a post today in which he is trying to explain why people should Linux. He stumbled upon the question when he typed "Why use" and Google suggested Linux as one of the most frequent questions. From the article: The question posed is not one that I sincerely ask myself very often. The answer has, over the years, become complicated. It's grown into a bloated ball of elastic bands, each reason stretched around and now reliant on another. But I wanted to answer. Helpfully, my brain began to spit out all the predictable nouns: "Why use Linux? Because of security! Because of control! Because of privacy, community, and a general sense of purpose! Because it's fast! Because it's virus free! Because I'm dang-well used to it now! Because, heck, I can shape it to look like pretty much anything I want it to using themes and widgets and CSS and extensions and blingy little desktop trinkets!"

RIP, David Bunnell, Founder of More Major Computer Magazines Than Anyone ( 25

Reader harrymcc writes: David Bunnell has passed away. He stumbled into a job at PC pioneer MITS in the 1970s and went on to create the first PC magazine and first PC conference -- and, later on, PC Magazine, PC World, Macworld, and Macworld Expo. He was a remarkable guy on multiple fronts. Harry McCracken, who edited some of those magazines, shared some thoughts about why Bunnell mattered so much in a post at Fast Company.

LinkedIn Promises To Bring Order and Meaning To Your Useless Endorsements ( 48

Oliver Staley, reporting for Quartz: LinkedIn's endorsement feature has never felt like the most trustworthy of sources. Rather than a panel of star witnesses who can honestly vouch for you, it more often seems like a random assortment of friends, acquaintances, and opportunists hoping for an endorsement in return. LinkedIn has recognized the problem and is trying to address it by creating a hierarchy of endorsers. Instead of all your endorsements having equal weight, the site will highlight people who might actually have some claim on knowing you, such as former colleagues and classmates, or who have credibility in the field. The goal is to make the feature more like the real world, where you ask for recommendations from people you trust or are in a position to know, says Hari Srinivasan, head of the LinkedIn team developing the feature. "If you want to find a good designer, you ask other good designers," he said.

Traditional Keyboard Sounds Can be Decoded By Listening Over a VoIP Connection, Researchers Say ( 56

Reader Trailrunner7 writes: Researchers have known for a long time that acoustic signals from keyboards can be intercepted and used to spy on users, but those attacks rely on grabbing the electronic emanation from the keyboard. New research from the University of California Irvine shows that an attacker, who has not compromised a target's PC, can record the acoustic emanations of a victim's keystrokes and later reconstruct the text of what he typed, simply by listening over a VoIP connection.

The researchers found that when connected to a target user on a Skype call, they could record the audio of the user's keystrokes. With a small amount of knowledge about the victim's typing style and the keyboard he's using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware on the victim's machine and simply takes advantage of the way that VoIP software acquires acoustic emanations from the machine it's on.


DNA Testing For Jobs May Be On Its Way, Warns Gartner ( 227

Reader dcblogs writes: It is illegal today to use DNA testing for employment, but as science advances its understanding of genes that correlate to certain desirable traits -- such as leadership and intelligence -- business may want this information. People seeking leadership roles in business, or even those in search of funding for a start-up, may volunteer their DNA test results to demonstrate that they have the right aptitude, leadership capabilities and intelligence for the job. This may sound farfetched, but it's possible based on the direction of the science, according to Gartner analysts David Furlonger and Stephen Smith, who presented their research Wednesday at the firm's Symposium IT/xpo in Orlando. This research is called 'maverick' in Gartner parlance, meaning it has a somewhat low probability and is still years out, but its potential is nonetheless worrisome to the authors. It isn't as radical as it seems. Job selection on the basis of certain desirable genetic characteristics is already common in the military and sports. Even without testing, businesses, governments and others may use this understanding about how some characteristics are genetically determined to develop new interview methodologies and testing to help identify candidates predisposed to the traits they desire.

CIA-Backed Surveillance Tool 'Geofeedia' Was Marketed To Public Schools ( 41

An anonymous reader quotes a report from The Daily Dot: An online surveillance tool that enabled hundreds of U.S. law enforcement agencies to track and collect information on social media users was also marketed for use in American public schools, the Daily Dot has learned. Geofeedia sold surveillance software typically bought by police to a high school in a northern Chicago suburb, less than 50 miles from where the company was founded in 2011. An Illinois school official confirmed the purchase of the software by phone on Monday. In the fall of 2014, the Lincolnshire-Prairie School District paid Geofeedia $10,000 to monitor the social media posts of children at Adlai E. Stevenson High School. "We did have for one year a contract with Geofeedia," said Jim Conrey, a spokesperson for Lincolnshire-Prairie School District. "We were mostly interested in the possibility of trying to prevent any kind of harm, either that students would do to themselves or to other students." Conrey said the district simply wanted to keep its students safe. "It was really just about student safety; if we could try to head off any potential dangerous situations, we thought it might be worth it," he said. Ultimately, the school found little use for the platform, which was operated by police liaison stationed on school grounds, and chose not to renew its subscription after the first year, citing cost and a lack of actionable information. "A lot of kids that were posting stuff that we most wanted, they weren't doing the geo-tagging or making it public," Conrey said. "We weren't really seeing a lot there." The school's experience, added Conrey, was that more often than not students would approach school administrators with sensitive issues, as opposed to the school unearthing problems affecting students using Geofeedia. "Quite frankly, we found that it wasn't worth the money," Conrey said.

Half of American Adults Are In a Face-Recognition Database ( 64

An anonymous reader quotes a report from Ars Technica: Half of American adults are in a face-recognition database, according to a Georgetown University study released Wednesday. That means there's about 117 million adults in a law enforcement facial-recognition database, the study by Georgetown's Center on Privacy and Technology says. The report (PDF), titled "The Perpetual Line-up: Unregulated Police Face Recognition in America," shows that one-fourth of the nation's law enforcement agencies have access to face-recognition databases, and their use by those agencies is virtually unregulated. Where do the mug shots come from? For starters, about 16 states allow the FBI to use facial recognition to compare faces of suspected criminals to their driver's licenses or ID photos, according to the study. "In this line-up," the study says, "it's not a human that points to the suspect -- it's an algorithm." The study says 26 states or more allow police agencies to "run or request searches" against their databases or driver's licenses and ID photos. This equates to "roughly one in two American adults has their photos searched this way," according to the study. Many local police agencies also insert mug shots of people they arrest into searchable, biometric databases, according to the report. According to the report, researchers obtained documents stating that at least five "major police departments," including those in Chicago, Dallas, and Los Angeles, "either claimed to run real-time face recognition off of street cameras, bought technology that can do so, or expressed an interest in buying it." The Georgetown report's release comes three months after the U.S. Government Accountability Office (GAO) concluded that the FBI has access to as many as 411.9 million images as part of its face-recognition database. The study also mentioned that the police departments have little oversight of their databases and don't audit them for misuse: "Maryland's system, which includes the license photos of over two million residents, was launched in 2011. It has never been audited. The Pinellas Country Sheriff's Office system is almost 15 years old and may be the most frequently used system in the country. When asked if his office audits searches for misuse, Sheriff Bob Gualtieri replied, "No, not really." Despite assurances to Congress, the FBI has not audited use of its face recognition system, either. Only nine of 52 agencies (17%) indicated that they log and audit their officers' face recognition searchers for improper use. Of those, only one agency, the Michigan State Police, provided documentation showing that their audit regime was actually functional."

Microsoft Claims Its Speech Transcription AI is Now Better Than Human Professionals ( 97

Microsoft announced today a system that can transcribe the content of a phone call with "the same or fewer errors" than real actual human professionals trained in transcription -- even when the human transcript is double-checked by a second human for accuracy. As you can imagine, this is a huge milestone for speech recognition. From a Quartz report:The team doesn't attribute this achievement to any breakthrough in algorithm or data, but the careful tuning of existing AI architectures. To test how their algorithm stacked up against humans, first researchers had to get a baseline. Microsoft hired a third-party service to tackle a piece of audio for which they had a confirmed 100 percent accurate transcription. The service worked in two stages: one person types up the audio, and then a second person listens to the audio and corrects any errors on the transcript. Based on the correct transcript for the standardized tests, the professionals had 5.9 percent and 11.3 percent error rates. After learning from 2,000 hours of human speech, Microsoft's system went after the same audio file -- and scored 5.9 percent and 11.1 percent error rates. That minute difference ends up being about a dozen fewer errors. Microsoft's next challenge is making this level of speech recognition work in noisier environments, like in a car or at a party. This implementation is crucial for Microsoft, and goes well beyond just transcription.

Windows is the Most Open Platform There is, Says Satya Nadella ( 284

On Tuesday in a conversation with Gartner analysts, Satya Nadella talked about the future of AI, the cloud, Windows, and what his company plans to do with LinkedIn. But the most notable remark from Nadella was when he said this, "Windows is the most open platform there is." ZDNet adds: It came in the context of Nadella talking about Microsoft's mission to unite the three big constituencies in the technology world. "That's the approach we've always taken," said Nadella, "bringing users, IT, and developers together... When you bring them together, that's where the magic happens." He reminded the audience of several thousand technology leaders that Microsoft began by making tools, then it made apps, and now it makes platforms. Or, it buys them.
The Internet

Say Hello To Branded Internet Addresses ( 146

On September 29, Google published a new blog which uses .google domain rather the standard .com. It seems the company may have inspired other companies to tout their brand names in the digital realm as well. According to a report on CNET, we have since seen requests for domain names such as .kindle, .apple, .ibm, .canon, and .samsung. And it's not just tech companies that are finding this very attractive, other domain requests include .ford, .delta, .hbo, .mcdonalds, and .nike. From the report: Approval, of course, is just a first step. It's not clear how enthusiastic most companies will be about the new names. So far, Google is the eager beaver. What's fun for Google is a daunting financial commitment to others. A $185,000 application fee and annual $30,000 operation fee will keep mom-and-pop shops away from their own domains. Still, plenty of businesses other than Google see the new domain names as a good investment. Branded domains can add distinction to an internet address, and renting out generic top-level domain (GTLD) names can potentially be a lucrative business. At a January auction, GMO Registry bid $41.5 million to win rights to sell .shop domain names. And in July, Nu Dot Co won .web with a bid of $135 million. Hundreds of new top-level domain names are approved. The single most popular in use is .xyz. Hundreds of new top-level domain names are approved. The single most popular in use is .xyz. Where does all the money go? To a nonprofit organization called ICANN -- the Internet Corporation for Assigned Names and Numbers. The organization oversees internet plumbing on behalf of companies, governments and universities, as well as the general public.

Slashdot Asks: Do We Need To Plan For a Future Without Jobs And Should We Resort To Universal Basic Income? ( 883

Andy Stern (former president of the Service Employees International Union (SEIU), which today represents close to 2 million workers in the United States and Canada) has spent his career organizing workers. He has a warning for all of us: our jobs are really, really doomed. Stern adds that one of the only way outs of this is a universal basic income. Stern has been arguing about the need for a universal basic income (UBI) for more than a year now. Stern pointed out that people with college degrees are not making anywhere near the kind of progress that their parents made, and that it's not their fault. He adds: The possibility that you can end up with job security and retirement attached to it is statistically diminishing over time. The American dream doesn't have to be dead, but it is dying. All the resources and assets are available to make it real. It's just that we have a huge distribution problem. Unions and the government used to play an important part at the top of the market, but this is less true today. The market completely distributes toward those at the top. Unions simply aren't as effective in terms of their impact on the economy, and government has been somewhat on the sidelines in recent years.Making a case for the need of universal basic income, he adds:A universal basic income is essentially giving every single working-age American a check every month, much like we do with social security for elderly people. It's an unconditional stipend, as it were. The reason it's necessary is we're now learning through lots of reputable research that technological change is accelerating, and that this process will continue to displace workers and terminate careers. A significant number of tasks now performed by humans will be performed by machines and artificial intelligence. He warned that we could very well see five million jobs eliminated by the end of the decade because of technology. He elaborates: It looks like the Hunger Games. It's more of what we're beginning to see now: an enclave of extremely successful people at the center and then everyone else on the margins. There will be fewer opportunities in a hollowed out and increasingly zero-sum economy. If capital trumps labor, the people who own will keep getting wealthier and the people who supply labor will become less necessary. And this is exactly what AI and robotics and software are now doing: substituting capital for labor.What's your thoughts on this? Do you think in the next two-three decades to come we will have significantly fewer jobs than we do now?

Tomorrow's Wars Will Be Livestreamed ( 75

Something unique and (in some way) unprecedented happened earlier today. The start of the invasion of Mosul, a city held by ISIS in Iraq, was live-streamed on Facebook and YouTube, and thousands of people around the world watched it. There were several streams that got popular, but one shared by Kurdish outlet Rudaw was getting the most traction -- it was re-posted by major outlets like the Washington Post and Channel 4 in the United Kingdom. Motherboard adds: While some viewers commented on the merits of the offensive, for others, the livestream itself was the most startling thing. As angry cartoon faces and "Wow!" emoticons floated over top of live images of war, viewers noted that it all seemed like a bit too much like a sci-fi fever dream about a war-obsessed culture. For most English-language viewers watching these streams, there was no explanation, no given context, no subtitles or translation -- merely images of a mostly-barren foreign landscape peppered with men and trucks, idling and standing around, sparsely punctuated by violence. But in 2016, decades after Lessons of Darkness was completed and on social media instead of in a darkened arthouse theatre, the void spits out something other than deep, metaphysical understanding about human nature. Instead, in the comments, people ask for money. They talk about porn. They quote Green Day lyrics. They call people "cucks." To be fair, however, not everyone reacted this way. But a lot of people did. "There's journalistic value in the livestream,"

Slashdot Top Deals