Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

Several Sites Including Twitter, GitHub, Spotify, PayPal, NYTimes Suffering Outage -- Dyn DNS Under DDoS Attack [Update] ( 260

Several popular websites and services are down right now for many users. The affected sites include Twitter, SoundCloud, Spotify, and PayPal among others. The cause appears to be a sweeping outage of DNS provider Dyn -- which in turn is under DDoS attack, according to an official blog post. From a TechCrunch report:Other sites experiencing issues include Box, Boston Globe, New York Times, Github, Airbnb, Reddit, Freshbooks, Heroku and Vox Media properties. Users accessing these sites might have more or less success depending on where they're located, as some European and Asian users seem not to be encountering these issues. Last month, Bruce Schneier warned that someone was learning how to take down the internet. Update: 10/21 14:41 GMT by M : Dyn says that it has resolved the issue and sites should function normally. Update: 10/21 17:04 GMT by M : Department of Homeland Security says it is aware of the first DDoS attack on Dyn today and "investigating all potential causes." Dyn says it is still under DDoS attack. News outlet The Next Web says it is also facing issues. Any website that uses Dyn's service -- directly or indirectly -- is facing the issue. Motherboard has more details. Update: 10/21 17:57 GMT by M : It seems even PlayStation Network is also hit. EA Sports Games said it is aware of the issues in live-play. Dyn says it is facing a second round of DDoS attacks.

Update: 10/21 18:45 GMT by M : U.S. government probing whether east coast internet attack was a 'criminal act' - official.

Editor's note: the story is being updated as we learn more. The front page was updated to move this story up. Are you also facing issues? Share your experience in the comments section below.

Macs End Up Costing 3 Times Less Than Windows PCs Because of Fewer Tech Support Expense, Says IBM's IT Guy ( 490

An anonymous reader shares a report on Yahoo (edited): Last year, Fletcher Previn became a cult figure of sorts in the world of enterprise IT. As IBM's VP of Workplace as a Service, Previn is the guy responsible for turning IBM (the company that invented the PC) into an Apple Mac house. Previn gave a great presentation at last year's Jamf tech conference where he said Macs were less expensive to support than Windows. Only 5% of IBM's Mac employees needed help desk support versus 40% of PC users. At that time, some 30,000 IBM employees were using Macs. Today 90,000 of them are, he said. And IBM ultimately plans to distribute 150,000 to 200,000 Macs to workers, meaning about half of IBM's approximately 370,000 employees will have Macs. Previn's team is responsible for all the company's PCs, not just the Macs. All told IBM's IT department supports about 604,000 laptops between employees and its 100,000+ contractors. Most of them are Windows machines -- 442,000 -- while 90,000 are Macs and 72,000 are Linux PCs. IBM is adding about 1,300 Macs a week, Previn said.

HackerOne CEO: Every Computer System is Subject To Vulnerabilities ( 49

An anonymous reader writes: Every computer system in the world is vulnerable to hackers and criminals, according to Marten Mickos, CEO of HackerOne. That's nothing new with major data breaches at Yahoo and the federal government. But not to worry, teams of ethical hackers could be an answer to the growing cybersecurity concerns. "There are far more ethical hackers, white hat hackers, in the world than criminals," Mickos told CNBC's "Squawk Alley" on Thursday. "So when you just invite the good guys to help you, you will always be safe. It's like a neighborhood watch. You're asking the good guys around you to help you see what's wrong with your system and help you fix it." Mickos has assembled 70,000 white hat hackers in his venture-backed company HackerOne. He explains the intent of white hat hackers is to hack for good and not for exploitation.
Operating Systems

Researchers Bypass ASLR Protection On Intel Haswell CPUs ( 71

An anonymous reader writes: "A team of scientists from two U.S. universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research," reports Softpedia. The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory -- the very thing that ASLR protection was meant to hide. While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows. From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing. You can read the research paper, titled "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR," here.

Donald Trump Running Insecure Email Servers ( 429

Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out his inboxes aren't that secure either. From a report on The Register: Security researcher Kevin Beaumont discovered the Trump organization uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization's domain,, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months. In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That's particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. "Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down," the UK-based researcher concludes. Beaumont's findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.

Patriots Coach Bill Belichick on Microsoft Surface: 'I Just Can't Take It Anymore' ( 185

New England Patriots head coach Bill Belichick is not happy with the Surface tablet provided to him via a deal between Microsoft and the NFL. Not only has he physically thrown the tablets at things, but he has verbally expressed his negative opinions of them. TechCrunch reports: When asked about the Patriots' headsets malfunctioning during last weeks game, Belichick instead took the time to let everyone know he's "done with the tablets." While he didn't go into too much detail on the tablets, Belichick essentially said that Microsoft's surface tablets are too "undependable," and there "isn't enough consistency in their performance." In terms of the rest of the sideline technology like headsets, Belichick is essentially fed up with the fact that everything always malfunctions and is impossible to fix during games. So why is the sideline technology so hard to get right? The tablets (as well as the headphones and all other sideline technology) are owned and maintained by the NFL. That means it gets delivered to teams literally hours before the game and taken away when it ends. This makes it hard for teams to test for issues before a game and to troubleshoot when something goes wrong. Belichick's full rant can be read here, which reads in part: "As you probably noticed, I'm done with the tablets. They're just too undependable for me. I'm going to stick with (paper) pictures, which several of our other coaches do, as well, because there just isn't enough consistency in the performance of the tablets. I just can't take it anymore..."

Windows is the Most Open Platform There is, Says Satya Nadella ( 284

On Tuesday in a conversation with Gartner analysts, Satya Nadella talked about the future of AI, the cloud, Windows, and what his company plans to do with LinkedIn. But the most notable remark from Nadella was when he said this, "Windows is the most open platform there is." ZDNet adds: It came in the context of Nadella talking about Microsoft's mission to unite the three big constituencies in the technology world. "That's the approach we've always taken," said Nadella, "bringing users, IT, and developers together... When you bring them together, that's where the magic happens." He reminded the audience of several thousand technology leaders that Microsoft began by making tools, then it made apps, and now it makes platforms. Or, it buys them.

There's Bugs In The Windows 10 Implementation of Bash ( 163

First-time submitter Big O Notation shares "an honest review about the new Ubuntu Bash" that shipped with the Windows 10 Anniversary Update. While it's still officially beta, most of the commands work as expected, and it includes popular programs like the Pico text editor. Here's some of the review's highlights: Pros: You can also manage and manipulate other files inside your entire Hard Disk, even those outside of your Linux home directory.
Cons: Even if you chmod something properly, when you use ls -l the Bash would not show the correct permissions. [And] if you try to create a Folder in your Linux Home Directory by using the Windows GUI, it would be impossible to read and manage it. Don't try this at home.

Microsoft says they've included the Windows Subsystem for Linux primarily as "a tool for developers -- especially web developers and those who work on or with open source projects." One Scandinavian developer has even tried running X on Bash on Ubuntu on Windows, reporting success running simpler programs like xcalc and xclock, as well as Gnome Control Center and xeditor and SciTE. "Things start to fall apart if you try to get more ambitious, though."

The Slashdot Interview With Security Expert Mikko Hypponen: 'Backupception' 38

You asked, he answered!

Mikko Hypponen, Chief Research Officer at security firm F-Secure, has answered a range of your questions. Read on to find his insight on the kind of security awareness training we need, whether anti-virus products are relevant anymore, and whether we have already lost the battle to bad guys. Bonus: his take on whether or not you should take backups of your data.

It's Time For Laptop Companies To Switch To Precision Touchpad ( 183

A new Windows 10 insider build (version 14946) comes with a new interface for configuring touchpad gestures. In the recent months, Microsoft has also improved the detection of two-finger gestures and clicking on Windows 10, and also added new four-finger gestures. These are welcome changes, and something that many would find useful. Except they won't because their computers likely don't comply with Precision Touchpad spec. ArsTechnica has an opinion piece today in which journalist Peter Bright is calling on all the OEMs to do the needful changes moving forward. From the article: Precision Touchpad made its debut with Windows 8. Co-developed between Microsoft and touchpad company Synaptics, the spec changed how Windows works with touchpads. Traditionally, touchpads masqueraded to Windows as essentially USB- or PS/2-connected mice -- simple two-dimension, single-input devices. Features such as multitouch and gestures were handled by a combination of the touchpad firmware and proprietary drivers. This meant that Windows itself had no ability to add new gestures or refine the finger-detection algorithms; it was all an opaque feature of the third-party drivers. With Precision Touchpad, the raw touchpad input is exposed to Windows itself, allowing the operating system to choose how it handles the complex multi-finger inputs. The gestures, the disambiguation of taps and swipes -- these are all now performed by Windows, not a third-party driver. Unfortunately, many PC OEMs haven't been equipping their laptops with Precision Touchpads. As such, they can't take advantage of the new Windows capabilities. As far as we can tell, it would normally be straightforward for an OEM to make the switch; touchpads from Synaptics, for example, can work as both Precision Touchpads and "legacy" mouse-emulating touchpads that use the Synaptics driver. It's just up to the OEM to pick one option or the other.

Chrome 54 Arrives With YouTube Flash Embed Rewriting To HTML5 ( 76

Krystalo quotes a report from VentureBeat: Google today launched Chrome 54 for Windows, Mac, and Linux. This release is mainly focused on developers, but the improvements to how the browser handles YouTube embeds is also noteworthy. You can update to the latest version now using the browser's built-in silent updater, or download it directly from Chrome 54 rewrites YouTube Flash players to use the YouTube HTML5 embed style. YouTube ditched Flash for HTML5 by default in January 2015, but the old embeds still exist all over the web. Google says the change improves both performance and security for its desktop browser. The report adds that "Chrome also now provides support for the custom elements V1 spec," which allows "developers to create custom HTML tags as well as define their API and behavior in JavaScript." BroadcastChannel API will also be implemented "to allow one-to-many messaging between windows, tabs, iframes, web workers, and service workers." You can read more about Chrome 54 on Google's blog post.

'StrongPity' Malware Infects Users Through Legitimate WinRAR and TrueCrypt Installers ( 104

Kaspersky Labs has revealed a new strain of malware -- named 'StrongPity' which targets users looking for two popular applications - WinRaR and TrueCrypt. The malware contains components that not only has the ability to give attackers complete control on the victim's computer, but also steal disk contents and download other software that the cybercriminals need. From a Neowin report: To be able to gather victims, the attackers have built special fake websites that supposedly host the two programs. One instance that was discovered by the researchers is that the criminals transposed two letters in a domain name, in order to fool the potential victim into thinking that the program was a legitimate WinRAR installer website.

A Spotify Ad Slipped Malware Onto PCs and Macs ( 96

An anonymous Slashdot reader quotes TechHive: Spotify's ads crossed from nuisance over to outright nasty this week, after the music service's advertising started serving up malware to users on Wednesday. The malware was able to automatically launch browser tabs on Windows and Mac PCs, according to complaints that surfaced online...the ads directed users' browsers to other malware-containing sites in the hopes that someone would be duped into downloading more malicious software.
It didn't last long -- Spotify quickly posted that they'd identified "the source of the problem." And they're not the only company dealing with hidden malware in ads, since the same thing has happened to both Google and Yahoo.

Melinda Gates Was Encouraged To Use an Apple and BASIC. Her Daughters Were Not. ( 370

Long-time Slashdot reader theodp writes: In August, Melinda Gates penned Computers Are For Girls, Too, in which she lamented that her daughters "are half as likely to major in computer science as I was 30 years ago." So, what's changed in the last 30 years? Well, at last week's DreamForce Conference, Gates credited access to Apple computers at school and home for sparking her own interest in computer science [YouTube], leading to a career at Microsoft.

So, as she seeks ways to encourage more women to get into tech, Melinda may want to consider the effects of denying her own children access to Apple products [2010 interview] and of Microsoft [in 1984] stopping computers from shipping with a beginner's programming language (a 14-year-old Melinda reportedly cut her coding teeth on BASIC).

Melinda can raise her kids however she wants -- maybe her kids will just start programming with the Ubuntu that's shipping with Windows 10. But is it a problem that there's no beginner's programming language currently shipping with Macs? Over the years Macs have shipped with Perl, Python, Ruby, tcl, and a Unix shell. Do you think Apple could encourage young programmers more by also shipping their Macs with BASIC?

Microsoft Is Redesigning the Paint App For Windows 10 ( 118

Microsoft is redesigning the Paint app with Windows 10 in mind. As mentioned in the leaked video posted by Twitter user WalkingCat, the "ability to create in 3D" is one of the biggest new features in the works. The Verge reports: A launch video notes that the new "Paint Preview" app includes all the familiar features of the regular version of Paint, but Microsoft is adding in 3D object support. Paint Preview users will be able to create 3D objects, and annotate them freely. Microsoft has a range of markers and art tools to help artists create objects, and brushes that can be used directly on 3D objects. All of the tools appear to be pen- and touch-friendly, with an interface that mixes 3D models, 2D images, stickers, and community tools for 3D content. Microsoft appears to be testing early "alpha" versions of the Paint app, and the videos indicate it could be ready to be released publicly soon. The timing of the Paint videos come just hours after Microsoft revealed it's planning to hold a special event in New York City later this month. Microsoft is widely expected to unveil a new Surface device at the event, with rumors suggesting it will be an all-in-one desktop PC.

Microsoft Likely To Launch All-in-One Surface At its October 26 Event ( 49

Microsoft today sent out invitations to an event on October 26 in which it will discuss "what's next for Windows 10." The invitations follow months of rumors that a Microsoft Surface all-in-one PC, so naturally it's expected to be launched at the event. VentureBeat adds: It's also likely that Microsoft will talk about updates coming to Windows 10, given the billing of the event. Judging by the pomp of last year's Microsoft hardware event, the October 26 affair will be a big deal, too.Microsoft's Surface tablet, or Surface Book 2-in-1 aren't expected to see a refresh. Anyone who would like to see Microsoft take another go at smartphones at the event?

Microsoft Allows Users To Remove Some System Applications in Windows 10 Insider Preview 14936 ( 124

Until now, Microsoft restricted users from deleting many of the system applications on Windows 10. But it is finally giving users that option in the latest Windows 10 Insider Preview -- 14936. From an article on Ghacks:If you open the Mail and Calendar application for instance, you will notice that the uninstall button is active now. This means that you can remove the system app from the machine without having to resort to Powershell or third-party programs to do so. Users who are on the stable version of Windows 10 cannot uninstall system apps using the apps & features menu currently. It seems likely that Microsoft will introduce the feature with the next feature update, codename Redstone 2, which will be out in 2017. Before you start jumping up and down in joy, note that some system applications cannot be removed. While you can uninstall Mail and Calendar, Calculator, Groove Music, Maps, and Weather, you cannot remove Alarm & Clock, Camera, Cortana, Messaging, and others.

Netflix Partners With iPic To Release Its Original Movies In Theaters, NATO Urges To 'Tread Lightly' ( 134

turkeydance quotes a report from Variety: The National Association of Theatre Owners (NATO) is sounding the alarm over a recent deal between Netflix and iPic, in which the luxury-theater chain will screen 10 movies simultaneously with their release on the streaming service. The lobbying organization represents the country's theater chains and has been a staunch defender of traditional release windows that keep films exclusively on screens for roughly 90 days before they debut on home entertainment platforms. In a statement, NATO chief John Fithian warned that while iPic was free to make its own decisions, "We all should tread lightly and be mindful that over the years, the film industry's success is a direct result of a highly successful collaboration between film makers, distributors and exhibitors." The deal with iPic should help Netflix' movies quality for awards. Variety reports: "iPic will release the war thriller 'The Siege of Jadotville,' starring Jamie Dornan ('Fifty Shades of Grey'), on Oct. 7. That will be followed by Christopher Guest's mockumentary 'Mascots' on Oct. 13. This summer, iPic first tested showings of Netflix's 'The Little Prince.'" "Simultaneous release, in practice, has reduced both theatrical and home revenues when it has been tried," Fithian said in a statement. "Just as Netflix and its customers put a value on exclusivity, theater owners and their customers do too."

New Project Lets You Install Arch Linux In the Windows Subsystem For Linux 77

prisoninmate writes: Softpedia reports that there's a new project on GitHub, called alwsl, which promises to let you install the Arch Linux operating system on Windows 10's new WSL (Windows Subsystem for Linux) feature, which allows users to run native Linux command-line tools directly on the Windows operating system alongside their modern desktop and apps. For example, Canonical and Microsoft brought Bash on Ubuntu on Windows using the new WSL functionality. For now, the alwsl project, which is developed by a group of German developers that call themselves "Turbo Developers," offers a .bat file that you can use to install Arch Linux on a WSL (Windows Subsystem for Linux) host, but the software is in developer preview stage. The first stable release, alwsl 1.0 will be able not only to install Arch Linux on the Windows Subsystem for Linux host in Windows 10 editions that support it, but also to create and manage users and snapshots. Also, it looks like it will get rolling upgrades just like a normal Arch Linux installation gets. The final release is expected to launch on December 2016, and you can monitor its development progress on GitHub.

The Microsoft Band Is Dead ( 58

Microsoft's fitness-band line of devices have not be very well adopted over the years. Last month it was reported that Microsoft will be killing off the Lumia brand in favor of a new Surface Phone brand. Now, it appears the company is discontinuing its Band devices, as it has removed all references to them from its Microsoft Store listing online. Mary Jo Foley writes via ZDNet: A tipster who asked not to be named showed me a cached version of the Microsoft Online Store listing from yesterday, October 2, which included Band devices; today, October 3, references to the Band devices are gone from the company's Store sites. Microsoft also removed the Band software development kit (SDK) today, which isn't surprising given it's no longer selling Band 2 devices. Microsoft is believed to have disbanded the software team that was looking to bring Windows 10 to the Band a couple months ago. I've gotten various tips that at least some of the Band hardware team members have dispersed, too, with some moving to other Microsoft hardware teams inside the company. Even though sources of mine have said Microsoft is planning to phase out its fitness band devices and to have no plans to roll out a Band 3 device any time soon (or likely, ever), company officials still haven't completely conceded that it's the end of the line for Band. I asked again today and have yet to get an updated statement from the company regarding when and why Band devices were removed from Microsoft's online stores. A spokesperson sent me the following statement: "We have sold through our existing Band 2 inventory and have no plans to release another Band device this year. We remain committed to supporting our Microsoft Band 2 customers through Microsoft Stores and our customer support channels and will continue to invest in the Microsoft Health platform, which is open to all hardware and apps partners across Windows, iOS, and Android devices."

Slashdot Top Deals