Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Spam

Amazon Marketplace Shoppers Slam the Spam (fortune.com) 12

Spammy follow-up email messages are turning off Amazon Marketplace shoppers. Shoppers who buy from Amazon's Marketplace typically like the convenience and prices. But many are also unhappy about the barrage of emails that sellers send them after the purchase, notes Fortune. It adds: Sellers deluge often inboxes with requests for product reviews, inquiries about how the process went, and sales pitches for more stuff. Considering the comments on social media, feedback from friends and family, and in posts in Amazon.com's customer service forum over the past two years, this problem is not getting any better. There appears to be no way to opt out of this email flood, which is odd, given Amazon's self-professed zeal for great customer service. One shopper in Amazon's customer forum thread posted a response from an Amazon service representative that apologized for the notifications and noted that the feedback had been forwarded to the company's "investigations team."
Security

Hack iOS 10, Get $1.5 Million 23

Reader Trailrunner7 writes: The stakes in the vulnerability acquisition and bug bounty game have just gone up several notches, with a well-known security startup now offering $1.5 million for a remote jailbreak in iOS 10.The payout was put on the table Thursday by Zerodium, a company that buys vulnerabilities and exploits for high-value target platforms and applications. The company has a set of standing prices for the information it will buy, which includes bugs and exploits for iOS, Android, Flash, Windows, and the major browsers, and the top tier of that list has been $500,000 for an iOS jailbreak. But that all changed on Thursday when Zerodium announced that the company has tripled the standing price for iOS to $1.5 million.
The Internet

Author Says Going Offline For 24 Hours a Week Has Significantly Improved His Health, Sanity and Happiness (businessinsider.com) 121

You don't need someone to point out to you that you probably spend too many hours on the internet. Maybe it's your job, maybe it's a growing habit, maybe it's both of them. An anonymous reader shared a link on Business Insider, in which an author named Roy Hessel shares what happened after he started to force himself to go offline for 24 hours every week. (He chose the duration between sundown on Friday to sunset on Saturday as the time for disconnect.) From the article:No emails, no calls, no Tweets, no tech, no matter what. For anyone who's struggling with finding time for self and family, I'd like to share what I've learned. For health, sanity, and happiness, I think it can make all the difference. It's not enough to carve out time in your schedule. You need to approach this blackout period with an unwavering belief in its benefit and a commitment to see it through. For me, this means abstaining from work and, in the deepest sense, simply resting. It grounds me and allows me to re-energize and focus on what's really important in my life. The key is to be unapologetic rather than aspirational about unplugging. As soon my family and I get home from our workweek, there's nothing, with the exception of a life and death situation, that would cause me to compromise that time. As far as business and my income is concerned, it can wait.We understand that not everyone wants or afford to go offline for a complete day, but do you also ensure that you are offline for a few hours everyday or every week or every month?

Paul Miller, a reporter at The Verge, went offline in 2012 for a complete year and shared his experience when he got back. You might find it insightful.
Businesses

Avast Not Done With Deal-Making After AVG Buy, But No Rush (reuters.com) 14

Avast Software, maker of the world's most popular computer antivirus program, will need a year to absorb its $1.3 billion buy of rival AVG but may seek further acquisitions before an expected flotation, its chief executive said in an interview, according to Reuters. From a report: Prague-based Avast closed its purchase on Friday of AVG Technologies, another software firm with Czech roots specializing in consumer security. The combined company will have over 400 million users and 40 percent of the consumer computer market outside of China. While Avast will delist AVG shares, it has its own plans to eventually offer shares, maybe as soon as 2019. Before that, it must fully integrate AVG and will then look at mid-tier acquisitions for its push into mobile and, possibly, to expand its small- and medium-sized business offering. "We have to digest AVG first and that is going to take us pretty much all of 2017 to really integrate. Then we will look at expanding the business after that," Avast CEO Vincent Steckler said.
Earth

Oscar Winners, Sports Stars and Bill Gates Are Building Lavish Bunkers (hollywoodreporter.com) 267

turkeydance quotes a report from Hollywood Reporter: Given the increased frequency of terrorist bombings and mass shootings and an under-lying sense of havoc fed by divisive election politics, it's no surprise that home security is going over the top and hitting luxurious new heights. Or, rather, new lows, as the average depth of a new breed of safe haven that occupies thousands of square feet is 10 feet under or more. Those who can afford to pull out all the stops for so-called self-preservation are doing so -- in a fashion that goes way beyond the submerged corrugated metal units adopted by reality show "preppers" -- to prepare for anything from nuclear bombings to drastic climate-change events. Gary Lynch, GM at Rising S Bunkers, a Texas-based company that specializes in underground bunkers and services scores of Los Angeles residences, says that sales at the most upscale end of the market -- mainly to actors, pro athletes and politicians (who require signed NDAs) -- have increased 700 percent this year compared with 2015, and overall sales have risen 150 percent. Any time there is a turbulent political landscape, we see a spike in our sales. Given this election is as turbulent as it is, "we are gearing up for an even bigger spike," says marketing director Brad Roberson of sales of bunkers that start at $39,000 and can run $8.35 million or more (FYI, a 12-stall horse shelter is $98,500). Adds Mike Peters, owner of Utah-based Ultimate Bunker, which builds high-end versions in California, Texas and Minnesota: "People are going for luxury [to] live underground because they see the future is going to be rough. Everyone I've talked to thinks we are doomed, no matter who is elected." Robert Vicino, founder of Del Mar, Calif.-based Vivos, which constructs upscale community bunkers in Indiana (he believes coastal flooding scenarios preclude bunkers being safely built west of the Rockies), says, "Bill Gates has huge shelters under every one of his homes, in Rancho Santa Fe and Washington. His head of security visited with us a couple years ago, and for these multibillionaires, a few million is nothing. It's really just the newest form of insurance."
Security

The Psychological Reasons Behind Risky Password Practices (helpnetsecurity.com) 171

Orome1 quotes a report from Help Net Security: Despite high-profile, large-scale data breaches dominating the news cycle -- and repeated recommendations from experts to use strong passwords -- consumers have yet to adjust their own behavior when it comes to password reuse. A global Lab42 survey, which polled consumers across the United States, Germany, France, New Zealand, Australia and the United Kingdom, highlights the psychology around why consumers develop poor password habits despite understanding the obvious risk, and suggests that there is a level of cognitive dissonance around our online habits. When it comes to online security, personality type does not inform behavior, but it does reveal how consumers rationalize poor password habits. My personal favorite: password paradox. "The survey revealed that the majority of respondents understand that their digital behavior puts them at risk, but do not make efforts to change it," reports Help Net Security. "Only five percent of respondents didn't know the characteristics of a secure password, with the majority of respondents understanding that passwords should contain uppercase and lowercase letters, numbers and symbols. Furthermore, 91 percent of respondents said that there is inherent risk associated with reusing passwords, yet 61 percent continue to use the same or similar passwords anyway, with more than half (55 percent) doing so while fully understanding the risk." The report also found that when attempting to create secure passwords, "47 percent of respondents included family names or initials," while "42 percent contain significant dates or numbers and 26 percent use the family pet."
Security

The Yahoo Hackers Weren't State-Sponsored, Security Firm Says (csoonline.com) 33

itwbennett writes from a report via CSO Online: After Yahoo raised eyebrows in the security community with its claim that state-sponsored hackers were responsible for the history-making breach, security firm InfoArmor now says it has evidence to the contrary. InfoArmor claims to have acquired some of the stolen information as part of its investigation into "Group E," a team of five professional hackers-for-hire believed to be from Eastern Europe. The database that InfoArmor has contains only "millions" of accounts, but it includes the users' login IDs, hashed passwords, mobile phone numbers and zip codes, said Andrew Komarov, InfoArmor's chief intelligence officer. Earlier this week, Chase Cunningham, director of cyber operations at security provider A10 Networks, called Yahoo's claim of state-sponsored actors a convenient, if trumped up, excuse: "If I want to cover my rear end and make it seem like I have plausible deniability, I would say 'nation-state actor' in a heartbeat." "Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations," Scottsdale, Arizona-based InfoArmor said Wednesday in a report. "The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur."
Networking

Researcher Find D-Link DWR-932 Router Is 'Chock Full of Holes' (helpnetsecurity.com) 69

Reader JustAnotherOldGuy writes: Security researcher Pierre Kim has unearthed a bucketload of vulnerabilities in the LTE router/portable wireless hotspot D-Link DWR-932. Kim found the latest available firmware has these vulnerabilities: Two backdoor accounts with easy-to-guess passwords that can be used to bypass the HTTP authentication used to manage the router
-A default, hardcoded Wi-Fi Protected Setup (WPS) PIN, as well as a weak WPS PIN generation algorithm
- Multiple vulnerabilities in the HTTP daemon
- Hardcoded remote Firmware Over The Air credentials
- Lowered security in Universal Plug and Play, and more.
"At best, the vulnerabilities are due to incompetence; at worst, it is a deliberate act of security sabotage from the vendor," says Kim, and advises users to stop using the device until adequate fixes are provided.

Security

Microsoft Widens Edge Browser Bug Hunt For Bounty Hunters (theregister.co.uk) 12

Microsoft said today it is expanding its program for rewarding those who find and report bugs in Edge, its latest web browser, enabling bounty hunters to claim their prize for a broader range of vulnerabilities. The Register adds: The snappily titled "Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Programme" was launched in August, and enabled anyone to report vulnerabilities they discover in Microsoft Edge in exchange for flippin' great wodges of cash. Now, the firm has expanded the programme, with a focus on vulnerabilities that lead to "violation of W3C standards that compromise privacy and integrity of important user data," or which enable remote code execution by a particular threat vector. Specifically, the bounty programme now covers the following: Same Origin Policy bypass vulnerabilities (such as universal cross-site scripting), Referrer Spoofing vulnerabilities, Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview, and Vulnerabilities in open source sections of Chakra.
Democrats

Comey Denies Clinton Email 'Reddit' Cover-Up (politico.com) 428

An anonymous reader quotes a report from Politico: The FBI concluded that a computer technician working on Clinton's email was not engaged in an illicit cover-up when he asked on the Reddit website for a tool that could delete a "VIP" email address throughout a large file, FBI Director James Comey said Wednesday. Republican lawmakers have suggested that the July 2014 Reddit post from a user believed to be Platte River Networks specialist Paul Combetta showed an effort to hide Clinton's emails from investigators. However, at a House Judiciary Committee hearing Wednesday, Comey said FBI agents concluded that all the computer aide was trying to do was replace Clinton's email address so it wouldn't be revealed to the public. "Our team concluded that what he was trying to do was when they produced emails not have the actual address but have some name or placeholder instead of the actual dot-com address in the 'From:' line," Comey said. Comey said he wasn't sure whether the FBI knew about the Reddit posting when prosecutors granted Combetta immunity to get statements from him about what transpired. However, he added that such a deletion wouldn't automatically be considered an effort to destroy evidence. "Not necessarily ... It would depend what his intention was and why he wanted to do it," the FBI director said.
Government

US Believes Hackers Are Shielded By Russia To Hide Its Role In Cyberintrusions: WSJ (newsmax.com) 108

According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.
IBM

Banks Adopting Blockchain 'Dramatically Faster' Than Expected (reuters.com) 57

Banks and other financial institutions are adopting blockchain technology "dramatically faster" than initially expected, with 15 percent of top global banks intending to roll out full-scale, commercial blockchain products in 2017, IBM said on Wednesday. Reuters reports: The technology company said 65 percent of banks expected to have blockchain projects in production in three years' time, with larger banks -- those with more than 100,000 employees -- leading the charge. IBM, whose findings were based on a survey of 200 banks, said the areas most commonly identified by lenders as ripe for blockchain-based innovation were clearing and settlement, wholesale payments, equity and debt issuance and reference data. Blockchain, which originates from digital currency bitcoin, works as an electronic transaction-processing and record-keeping system that allows all parties to track information through a secure network, with no need for third-party verification.
Cellphones

Verizon Technician Is Accused of Selling Customers' Call Records and Location Data To Private Investigator (ap.org) 50

A former Verizon technician who worked in Alabama is being accused of selling customers' private call records and location data to an unnamed private investigator. Authorities said the data was sold for more than four years, from 2009 to 2014. The Associated Press reports: [Daniel Eugene Traeger] logged into one Verizon computer system to gain access to customers' call records, authorities said. He used another company system known as Real Time Tool to "ping" cellphones on Verizon's network to get locations of the devices, according to the plea agreement. He then compiled the data in spreadsheets, which he sent to the private investigator for years, the court records show. "Between April 2009 and January 2014, the defendant was paid more than $10,000 in exchange for his provision of confidential customer information and cellular location data to the PL, an unauthorized third party," court records state. Though Traeger was based in the Birmingham area, the court records do not indicate whether the information that was sold involved Verizon Wireless customers in Alabama or elsewhere. He faces up to five years in prison, but prosecutors are recommending a lesser sentence since he accepted responsibility, according to terms of the plea agreement.
HP

HP To Issue 'Optional Firmware Update' Allowing 3rd-Party Ink (arstechnica.com) 79

Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.
Hardware

US Warns Samsung Washing Machine Owners After Explosion Reports (cnn.com) 164

Samsung may have a new problem on its hands, and it feels too familiar. The U.S. regulators on Wednesday warned users of certain top-loading Samsung washing machines of safety issues following reports that "some have exploded." CNN reports: The warning, from the Consumer Product Safety Commission, covered machines made between March 2011 and April 2016. It did not specify a model. The commission suggested people use only the delicate cycle to wash bedding and water-resistant and bulky items because the lower spin speed "lessens the risk of impact injuries or property damage due to the washing machine becoming dislodged." The agency said it is working with Samsung on a remedy.

Slashdot Top Deals