Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

India's Biggest ATM Breach? 3.2 Million Debit Cards Across 19 Banks May Have Been Compromised ( 28

A total of 32 lakh (3.2 million) debit cards across 19 banks could have been compromised on account of a purported fraud, the National Payment Corporation of India said in a statement. BloombergQuint adds: "The genesis of the problem was receipt of complaints from few banks that their customer's cards were used fraudulently mainly in China and USA while customers were in India," the NPCI said. "The complaints of fraudulent withdrawal are limited to cards of 19 banks and 641 customers. The total amount involved is Rs 1.3 crore as reported by various affected banks to NPCI." SISA Security, a Bengaluru-based company is currently undertaking a forensic study to identify the extent of the problem and will submit a final report in November. Initial reports had suggested that ATMs operated by Hitachi Payment Services had been attacked by malware and were the source of the breach. However, the company has said in a statement that an interim report by the audit agency does not suggest any breach or compromise in its systems.

Yahoo Wants To Know If FBI Ordered Yahoo To Scan Emails ( 67

Reader Trailrunner7 writes: In an odd twist to an already odd story, Yahoo officials have asked the Director of National Intelligence to confirm whether the federal government ordered the company to scan users' emails for specific terms last year and if so, to declassify the order. The letter is the result of news reports earlier this month that detailed an order that the FBI allegedly served on Yahoo in 2015 in an apparent effort to find messages with a specific set of terms. The stories allege that Yahoo complied with the order and installed custom software to accomplish the task. Yahoo officials said at the time the Reuters story came out that there is no such scanning system on its network, but did not say that the scanning software never existed on the network at all. "Yahoo was mentioned specifically in these reports and we find ourselves unable to respond in detail. Your office, however, is well positioned to clarify this matter of public interest. Accordingly, we urge your office to consider the following actions to provide clarity on the matter: (i) confirm whether an order, as described in these media reports, was issued; (ii) declassify in whole or in part such order, if it exists; and (iii) make a sufficiently detailed public and contextual comment to clarify the alleged facts and circumstances," the letter says.
Operating Systems

Researchers Bypass ASLR Protection On Intel Haswell CPUs ( 59

An anonymous reader writes: "A team of scientists from two U.S. universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research," reports Softpedia. The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory -- the very thing that ASLR protection was meant to hide. While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows. From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing. You can read the research paper, titled "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR," here.

Czechs Arrest Russian Hacker Wanted By FBI ( 52

Bookworm09 quotes a report from New York Times (paywalled, alternate source): A man identified as a Russian hacker suspected of pursuing targets in the United States has been arrested in the Czech Republic, the police announced Tuesday evening. The suspect was captured in a raid at a hotel in central Prague on Oct. 5, about 12 hours after the authorities heard that he was in the country, where he drove around in a luxury car with his girlfriend, according to the police. The man did not resist arrest, but he had medical problems and was briefly hospitalized, the police said in a statement. The FBI said in a statement that the man was "suspected of conducting criminal activities targeting U.S. interests. As cybercrime can originate anywhere in the world, international cooperation is crucial to successfully defeat cyber adversaries." ABC News reports: "Prague's Municipal Court will now have to decide on his extradition to the United States, with Justice Minister Robert Pelikan having the final say. Russian officials, however, are demanding that the suspect be handed over to them. Spokeswoman Marketa Puci said the court ruled on Oct. 12 that the man will remain in detention until the extradition hearing. No date has yet been set. U.S. authorities have two months to deliver to their Czech counterparts all of the documents necessary for the Czech authorities to decide on the extradition request."

Donald Trump Running Insecure Email Servers ( 370

Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out his inboxes aren't that secure either. From a report on The Register: Security researcher Kevin Beaumont discovered the Trump organization uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization's domain,, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months. In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That's particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. "Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down," the UK-based researcher concludes. Beaumont's findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.
Operating Systems

OMGUbuntu: 'Why Use Linux?' Answered in 3 Short Words ( 229

Linux-focused blog OMGUbuntu's Joey-Elijah Sneddon shared a post today in which he is trying to explain why people should Linux. He stumbled upon the question when he typed "Why use" and Google suggested Linux as one of the most frequent questions. From the article: The question posed is not one that I sincerely ask myself very often. The answer has, over the years, become complicated. It's grown into a bloated ball of elastic bands, each reason stretched around and now reliant on another. But I wanted to answer. Helpfully, my brain began to spit out all the predictable nouns: "Why use Linux? Because of security! Because of control! Because of privacy, community, and a general sense of purpose! Because it's fast! Because it's virus free! Because I'm dang-well used to it now! Because, heck, I can shape it to look like pretty much anything I want it to using themes and widgets and CSS and extensions and blingy little desktop trinkets!"

RIP, David Bunnell, Founder of More Major Computer Magazines Than Anyone ( 24

Reader harrymcc writes: David Bunnell has passed away. He stumbled into a job at PC pioneer MITS in the 1970s and went on to create the first PC magazine and first PC conference -- and, later on, PC Magazine, PC World, Macworld, and Macworld Expo. He was a remarkable guy on multiple fronts. Harry McCracken, who edited some of those magazines, shared some thoughts about why Bunnell mattered so much in a post at Fast Company.

LinkedIn Promises To Bring Order and Meaning To Your Useless Endorsements ( 48

Oliver Staley, reporting for Quartz: LinkedIn's endorsement feature has never felt like the most trustworthy of sources. Rather than a panel of star witnesses who can honestly vouch for you, it more often seems like a random assortment of friends, acquaintances, and opportunists hoping for an endorsement in return. LinkedIn has recognized the problem and is trying to address it by creating a hierarchy of endorsers. Instead of all your endorsements having equal weight, the site will highlight people who might actually have some claim on knowing you, such as former colleagues and classmates, or who have credibility in the field. The goal is to make the feature more like the real world, where you ask for recommendations from people you trust or are in a position to know, says Hari Srinivasan, head of the LinkedIn team developing the feature. "If you want to find a good designer, you ask other good designers," he said.

Traditional Keyboard Sounds Can be Decoded By Listening Over a VoIP Connection, Researchers Say ( 55

Reader Trailrunner7 writes: Researchers have known for a long time that acoustic signals from keyboards can be intercepted and used to spy on users, but those attacks rely on grabbing the electronic emanation from the keyboard. New research from the University of California Irvine shows that an attacker, who has not compromised a target's PC, can record the acoustic emanations of a victim's keystrokes and later reconstruct the text of what he typed, simply by listening over a VoIP connection.

The researchers found that when connected to a target user on a Skype call, they could record the audio of the user's keystrokes. With a small amount of knowledge about the victim's typing style and the keyboard he's using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware on the victim's machine and simply takes advantage of the way that VoIP software acquires acoustic emanations from the machine it's on.


DNA Testing For Jobs May Be On Its Way, Warns Gartner ( 224

Reader dcblogs writes: It is illegal today to use DNA testing for employment, but as science advances its understanding of genes that correlate to certain desirable traits -- such as leadership and intelligence -- business may want this information. People seeking leadership roles in business, or even those in search of funding for a start-up, may volunteer their DNA test results to demonstrate that they have the right aptitude, leadership capabilities and intelligence for the job. This may sound farfetched, but it's possible based on the direction of the science, according to Gartner analysts David Furlonger and Stephen Smith, who presented their research Wednesday at the firm's Symposium IT/xpo in Orlando. This research is called 'maverick' in Gartner parlance, meaning it has a somewhat low probability and is still years out, but its potential is nonetheless worrisome to the authors. It isn't as radical as it seems. Job selection on the basis of certain desirable genetic characteristics is already common in the military and sports. Even without testing, businesses, governments and others may use this understanding about how some characteristics are genetically determined to develop new interview methodologies and testing to help identify candidates predisposed to the traits they desire.

CIA-Backed Surveillance Tool 'Geofeedia' Was Marketed To Public Schools ( 41

An anonymous reader quotes a report from The Daily Dot: An online surveillance tool that enabled hundreds of U.S. law enforcement agencies to track and collect information on social media users was also marketed for use in American public schools, the Daily Dot has learned. Geofeedia sold surveillance software typically bought by police to a high school in a northern Chicago suburb, less than 50 miles from where the company was founded in 2011. An Illinois school official confirmed the purchase of the software by phone on Monday. In the fall of 2014, the Lincolnshire-Prairie School District paid Geofeedia $10,000 to monitor the social media posts of children at Adlai E. Stevenson High School. "We did have for one year a contract with Geofeedia," said Jim Conrey, a spokesperson for Lincolnshire-Prairie School District. "We were mostly interested in the possibility of trying to prevent any kind of harm, either that students would do to themselves or to other students." Conrey said the district simply wanted to keep its students safe. "It was really just about student safety; if we could try to head off any potential dangerous situations, we thought it might be worth it," he said. Ultimately, the school found little use for the platform, which was operated by police liaison stationed on school grounds, and chose not to renew its subscription after the first year, citing cost and a lack of actionable information. "A lot of kids that were posting stuff that we most wanted, they weren't doing the geo-tagging or making it public," Conrey said. "We weren't really seeing a lot there." The school's experience, added Conrey, was that more often than not students would approach school administrators with sensitive issues, as opposed to the school unearthing problems affecting students using Geofeedia. "Quite frankly, we found that it wasn't worth the money," Conrey said.

Half of American Adults Are In a Face-Recognition Database ( 63

An anonymous reader quotes a report from Ars Technica: Half of American adults are in a face-recognition database, according to a Georgetown University study released Wednesday. That means there's about 117 million adults in a law enforcement facial-recognition database, the study by Georgetown's Center on Privacy and Technology says. The report (PDF), titled "The Perpetual Line-up: Unregulated Police Face Recognition in America," shows that one-fourth of the nation's law enforcement agencies have access to face-recognition databases, and their use by those agencies is virtually unregulated. Where do the mug shots come from? For starters, about 16 states allow the FBI to use facial recognition to compare faces of suspected criminals to their driver's licenses or ID photos, according to the study. "In this line-up," the study says, "it's not a human that points to the suspect -- it's an algorithm." The study says 26 states or more allow police agencies to "run or request searches" against their databases or driver's licenses and ID photos. This equates to "roughly one in two American adults has their photos searched this way," according to the study. Many local police agencies also insert mug shots of people they arrest into searchable, biometric databases, according to the report. According to the report, researchers obtained documents stating that at least five "major police departments," including those in Chicago, Dallas, and Los Angeles, "either claimed to run real-time face recognition off of street cameras, bought technology that can do so, or expressed an interest in buying it." The Georgetown report's release comes three months after the U.S. Government Accountability Office (GAO) concluded that the FBI has access to as many as 411.9 million images as part of its face-recognition database. The study also mentioned that the police departments have little oversight of their databases and don't audit them for misuse: "Maryland's system, which includes the license photos of over two million residents, was launched in 2011. It has never been audited. The Pinellas Country Sheriff's Office system is almost 15 years old and may be the most frequently used system in the country. When asked if his office audits searches for misuse, Sheriff Bob Gualtieri replied, "No, not really." Despite assurances to Congress, the FBI has not audited use of its face recognition system, either. Only nine of 52 agencies (17%) indicated that they log and audit their officers' face recognition searchers for improper use. Of those, only one agency, the Michigan State Police, provided documentation showing that their audit regime was actually functional."

Microsoft Claims Its Speech Transcription AI is Now Better Than Human Professionals ( 97

Microsoft announced today a system that can transcribe the content of a phone call with "the same or fewer errors" than real actual human professionals trained in transcription -- even when the human transcript is double-checked by a second human for accuracy. As you can imagine, this is a huge milestone for speech recognition. From a Quartz report:The team doesn't attribute this achievement to any breakthrough in algorithm or data, but the careful tuning of existing AI architectures. To test how their algorithm stacked up against humans, first researchers had to get a baseline. Microsoft hired a third-party service to tackle a piece of audio for which they had a confirmed 100 percent accurate transcription. The service worked in two stages: one person types up the audio, and then a second person listens to the audio and corrects any errors on the transcript. Based on the correct transcript for the standardized tests, the professionals had 5.9 percent and 11.3 percent error rates. After learning from 2,000 hours of human speech, Microsoft's system went after the same audio file -- and scored 5.9 percent and 11.1 percent error rates. That minute difference ends up being about a dozen fewer errors. Microsoft's next challenge is making this level of speech recognition work in noisier environments, like in a car or at a party. This implementation is crucial for Microsoft, and goes well beyond just transcription.

Windows is the Most Open Platform There is, Says Satya Nadella ( 283

On Tuesday in a conversation with Gartner analysts, Satya Nadella talked about the future of AI, the cloud, Windows, and what his company plans to do with LinkedIn. But the most notable remark from Nadella was when he said this, "Windows is the most open platform there is." ZDNet adds: It came in the context of Nadella talking about Microsoft's mission to unite the three big constituencies in the technology world. "That's the approach we've always taken," said Nadella, "bringing users, IT, and developers together... When you bring them together, that's where the magic happens." He reminded the audience of several thousand technology leaders that Microsoft began by making tools, then it made apps, and now it makes platforms. Or, it buys them.
The Internet

Say Hello To Branded Internet Addresses ( 146

On September 29, Google published a new blog which uses .google domain rather the standard .com. It seems the company may have inspired other companies to tout their brand names in the digital realm as well. According to a report on CNET, we have since seen requests for domain names such as .kindle, .apple, .ibm, .canon, and .samsung. And it's not just tech companies that are finding this very attractive, other domain requests include .ford, .delta, .hbo, .mcdonalds, and .nike. From the report: Approval, of course, is just a first step. It's not clear how enthusiastic most companies will be about the new names. So far, Google is the eager beaver. What's fun for Google is a daunting financial commitment to others. A $185,000 application fee and annual $30,000 operation fee will keep mom-and-pop shops away from their own domains. Still, plenty of businesses other than Google see the new domain names as a good investment. Branded domains can add distinction to an internet address, and renting out generic top-level domain (GTLD) names can potentially be a lucrative business. At a January auction, GMO Registry bid $41.5 million to win rights to sell .shop domain names. And in July, Nu Dot Co won .web with a bid of $135 million. Hundreds of new top-level domain names are approved. The single most popular in use is .xyz. Hundreds of new top-level domain names are approved. The single most popular in use is .xyz. Where does all the money go? To a nonprofit organization called ICANN -- the Internet Corporation for Assigned Names and Numbers. The organization oversees internet plumbing on behalf of companies, governments and universities, as well as the general public.

Slashdot Asks: Do We Need To Plan For a Future Without Jobs And Should We Resort To Universal Basic Income? ( 875

Andy Stern (former president of the Service Employees International Union (SEIU), which today represents close to 2 million workers in the United States and Canada) has spent his career organizing workers. He has a warning for all of us: our jobs are really, really doomed. Stern adds that one of the only way outs of this is a universal basic income. Stern has been arguing about the need for a universal basic income (UBI) for more than a year now. Stern pointed out that people with college degrees are not making anywhere near the kind of progress that their parents made, and that it's not their fault. He adds: The possibility that you can end up with job security and retirement attached to it is statistically diminishing over time. The American dream doesn't have to be dead, but it is dying. All the resources and assets are available to make it real. It's just that we have a huge distribution problem. Unions and the government used to play an important part at the top of the market, but this is less true today. The market completely distributes toward those at the top. Unions simply aren't as effective in terms of their impact on the economy, and government has been somewhat on the sidelines in recent years.Making a case for the need of universal basic income, he adds:A universal basic income is essentially giving every single working-age American a check every month, much like we do with social security for elderly people. It's an unconditional stipend, as it were. The reason it's necessary is we're now learning through lots of reputable research that technological change is accelerating, and that this process will continue to displace workers and terminate careers. A significant number of tasks now performed by humans will be performed by machines and artificial intelligence. He warned that we could very well see five million jobs eliminated by the end of the decade because of technology. He elaborates: It looks like the Hunger Games. It's more of what we're beginning to see now: an enclave of extremely successful people at the center and then everyone else on the margins. There will be fewer opportunities in a hollowed out and increasingly zero-sum economy. If capital trumps labor, the people who own will keep getting wealthier and the people who supply labor will become less necessary. And this is exactly what AI and robotics and software are now doing: substituting capital for labor.What's your thoughts on this? Do you think in the next two-three decades to come we will have significantly fewer jobs than we do now?

Tomorrow's Wars Will Be Livestreamed ( 75

Something unique and (in some way) unprecedented happened earlier today. The start of the invasion of Mosul, a city held by ISIS in Iraq, was live-streamed on Facebook and YouTube, and thousands of people around the world watched it. There were several streams that got popular, but one shared by Kurdish outlet Rudaw was getting the most traction -- it was re-posted by major outlets like the Washington Post and Channel 4 in the United Kingdom. Motherboard adds: While some viewers commented on the merits of the offensive, for others, the livestream itself was the most startling thing. As angry cartoon faces and "Wow!" emoticons floated over top of live images of war, viewers noted that it all seemed like a bit too much like a sci-fi fever dream about a war-obsessed culture. For most English-language viewers watching these streams, there was no explanation, no given context, no subtitles or translation -- merely images of a mostly-barren foreign landscape peppered with men and trucks, idling and standing around, sparsely punctuated by violence. But in 2016, decades after Lessons of Darkness was completed and on social media instead of in a darkened arthouse theatre, the void spits out something other than deep, metaphysical understanding about human nature. Instead, in the comments, people ask for money. They talk about porn. They quote Green Day lyrics. They call people "cucks." To be fair, however, not everyone reacted this way. But a lot of people did. "There's journalistic value in the livestream,"

Hackers Steal Credit Card Data From Visitors of US Senate GOP Committee Website ( 27

pdclarry writes: While all of the recent news has been about hacking the Democratic National Committee, apparently the Republicans have also been hacked over many months (since March 2016). This was not about politics, however; it was to steal credit card numbers. Brian Krebs reports: "a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the web storefront of the National Republican Senatorial Committee (NRSC). [...] If you purchased a 'Never Hillary' poster or donated funds to the NRSC through its website between March 2016 and the first week of this month [October 2016], there's an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground." Krebs says his information comes from Dutch researcher Willem De Groot, co-founder and head of security at Dutch e-commerce site The Republicans were not alone; theirs was just one of 5,900 e-commerce sites hacked by the same Russian actors. You can view De Groot's analysis of the malware planted on the NRSC's site and other services here. Krebs adds: "The NRSC did not respond to multiple requests for comment, but a cached copy of the site's source code from October 5, 2016 indicates the malicious code was on the site at the time (load this link, click 'view source' and then Ctrl-F for '')."
United Kingdom

UK Security Agencies Unlawfully Collected Data For 17 Years, Court Rules ( 56

British security agencies have secretly and unlawfully collected massive volumes of confidential personal data, including financial information, on citizens for more than a decade, top judges have ruled. The Guardian adds:The investigatory powers tribunal, which is the only court that hears complaints against MI5, MI6 and GCHQ, said the security services operated secret regimes to collect vast amounts of personal communications data, tracking individual phone and web use and large datasets of confidential personal information, without adequate safeguards or supervision for more than 10 years. The ruling said the regime governing the collection of bulk communications data (BCD) -- the who, where, when and what of personal phone and web communications -- failed to comply with article 8 protecting the right to privacy of the European convention of human rights (ECHR) between 1998, when it started, and 4 November 2015, when it was made public. It said the holding of bulk personal datasets (BPD) -- which might include medical and tax records, individual biographical details, commercial and financial activities, communications and travel data -- also failed to comply with article 8 for the decade it was in operation until its public avowal in March 2015.

More Unblocking Companies Give Up Their Fight Against Netflix ( 210

Earlier this year, Netflix announced it was going to block the VPN services that were circumventing the streaming service's geoblocking technology, and it seems in the months since many of the top VPN players have given up on finding ways to workaround Netflix's block tech. From a report on TechSpot (condensed): Australian company uFlix discovered that some of its users could no longer access Netflix. It said that a fix was coming soon, but, uFlix announced recently in a recent blog post that it has given up the fight. "As of today we are going to stop supporting Netflix as an unblocked channel. Unfortunately every time we set up a new network or find a workaround it is getting blocked within hours." Uflix isn't the only service to throw in the towel -- most of the other unblockers have quietly decided to stop trying to evade Netflix's geoblocks, as more customers complain they can no longer watch the streaming site. Popular VPN TorGuard had assured customers that the crackdown wouldn't affect them. But there is no mention of Netflix on TorGuard's website, and its shared Netflix server was taken offline four months ago.

Slashdot Top Deals