dinscott and an anonymous reader are reporting of a new type of attack that bypasses SQRLs or Secure, Quick, Reliable Logins: "[As detailed by Seekurity Labs researcher Mohamed A. Baset], QRLJacking (i.e. Quick Response Code Login Jacking) is a method for tricking users into effectively logging into an online account on behalf of the attacker by making them scan the wrong QR code," reports Help Net Security. An anonymous Slashdot reader adds from a report via Softpedia: "In a Facebook post, Baset says he tested his attack on sites such as WhatsApp, WeChat, Line, Weibo, QQ Instant Messaging, QQ Mail, Alibaba, and more," reports Softpedia. The QRLJacking attack is nothing more than a social engineering attack that works by requesting a QR code for the service the victim is trying to log in to and modifying the QR code to send the confirmation message to the attacker's computer. The crook can modify these login details, add the data belonging to his PC, relay the data from his phone to the default login server, and access the victim's account from his PC. This attack needs both the attacker and the victim to be online at the same time, and can be defeated by any user that pays attention to the URL [of the page they're logging into with an account]. Judging that it's 2016 and people are still falling victim to phishing attacks, there's a high chance the attack can work. Baset demonstrated the attack against a WhatsApp user in a video posted to YouTube.

BarbaraHudson writes: When is a deadline not a deadline? The Register is reporting that the Windows 10 upgrade is still free for 7/8.1 users. [Microsoft] had previously said that those who use assistive technologies would continue to be eligible after the July 29th deadline had passed, and I pointed out in a story last month that Microsoft hadn't figured out yet how they would be able to tell who would be eligible. Looks like they never did figure that one out. [The Register reports:] "Microsoft's year-long Windows 10 free upgrade offer ended over the weekend, but it's still possible to secure Redmond's finest -- even the new Anniversary Update -- for the low low price of 0.00 in whatever currency you prefer. The free upgrade is reserved for those who use assistive technologies, the many features that magnify text, offer text-to-speech or otherwise assist those who don't see or hear with the perfect acuity. But The Register browsed the site and found no checks before downloading. It looks like it's open to anyone."

Presto Vivace writes: [Gawker reports:] "Peter Thiel, the tech billionaire-turned-Trump delegate who successfully bankrupted Gawker Media, has long been obsessed with anti-aging technologies. He believes people have been conned by 'the ideology of the inevitability of the death of every individual,' and has funded startups dedicated to extending the human lifespan. According to Jeff Bercovici of Inc. magazine, Thiel is so afraid of dying that he has begun exploring a novel, and fairly unsettling, technique: Harvesting, and injecting himself with, the blood of younger people." Vampire capitalism is real. In an unpublished interview with Bercovici last year, Thiel said: "I'm looking into parabiosis stuff [...] where they [infected] the young blood into older mice and they found that had a massive rejuvenating effect. [...] I think there are a lot of these things that have been strangely under-explored." When asked if he meant parabiosis was "really interesting" as a business opportunity or a personal-health treatment, Thiel suggested the latter: "That would be one where it's more just, do we think the science works? Some of these it's not clear there's actually a great company to start around it. [...]"

The Xbox One is finally getting the anticipated Summer update. The update brings Cortana voice assistant to all Xbox One systems in the United States and UK. "With Cortana, gamers can expect more from voice commands on Xbox," the company wrote in a blog post. In addition, the update is also adding the ability to play background music while you're playing a game. Also, users will be able to set whatever language they want, no matter what country they are in. Mashable reports: Other summer update changes tweak the usability of the console's dashboard and sharing features. There are also a number of invisible changes that prepare the console for the Windows 10 Anniversary update. Launching on Aug. 2, the Anniversary Update carries a number of benefits for gamers, chief among them the launch of Microsoft's Xbox Play Anywhere program. Play Anywhere is Microsoft's version of cross-play, allowing Xbox One users to download and play the PC version of supported games on Windows 10 machines. The list of initially supported games is rather small and it only works if you bought the game digitally, but it's a significant step toward Microsoft's goal of joining the Xbox and Windows platforms under one development umbrella.

Apple has a announced a number of new emoji changes on Monday, but the most controversial new change is that the pistol emoji will be replaced with a green water gun emoji in the company's upcoming iOS 10 operating system: The water gun swap is not Apple's first foray into cartoon gun control. Earlier this year the governing body in charge of emojis nixed a proposed rifle emoji. It was one of a number of possible new additions, but Unicode Consortium members Apple and Microsoft argued against the Olympics-inspired gun, according to Buzzfeed. Last year, an organization called New Yorkers Against Gun Violence started a campaign to get Apple to replace its version of the pistol emoji. It launched a site, disarmtheiphone.com, and sent an open letter to remove the firearm emoji "as a symbolic gesture to limit gun accessibility." As it stands, Microsoft is the only major software company to use a toy gun emoji instead of a pistol emoji in Windows -- Google, Samsung, Facebook and Twitter all use realistic pistol emojis. Apple's iOS 10 will be released in fall, but you can download the iOS 10 public beta to be one of the first to wield the toy gun emoji.

An anonymous reader quotes a report from CNBC: Theranos CEO Elizabeth Holmes Monday outlined the steps she will take to increase transparency regarding the efficacy of the company's testing methods. Speaking at the conference of the American Association for Clinical Chemistry, Holmes said that Theranos will partner with other institutions "to validate and publish our results." And Holmes' planned presentation includes research conducted under Institutional Review Board-approved protocols. The company also said it intends to submit its results to a publication for peer-review. Holmes' presentation includes a slate of new products such as its miniLab, a robot that can process samples that normally require manual processing in traditional protocols. Theranos seems to be going back to the research and development drawing board, focusing on these new products instead of its much-debated small-volume blood collection technology. Theranos' miniLab is a self-contained laboratory that allows a robot to run a number of tests on samples. The miniLab contains different modules that allow it to conduct a series of tasks that traditionally would require multiple, separate machines. Theranos used its miniLab to run its Zika nucleic acid-amplification-based assay using finger-prick samples the company collected, some in the Dominican Republic. The samples were shipped back to Palo Alto, California, for analysis. Holmes said the results "demonstrate the miniLab's ability to perform automated, integrated molecular testing comparable to methods that require highly-trained personnel."

Republican presidential candidate Donald Trump has pledged to crack down on Internet pornography via corporate partnerships -- and he could possibly establish a federal commission on the harmful effects of porngraphy, a nonprofit announced Monday. The announcement comes a day after the New York Post ran a full-page nude photo of Melania Trump, wife of Donald Trump, on its cover. PCWorld reports: Enough is Enough, a nonprofit dedicated to confronting online pornography, child pornography, child stalking and sexual predation, published Trump's signed pledge on Monday. Trump's opponent Hillary Clinton refused to sign the pledge, Enough is Enough said, though her campaign told EiE that she supported its goals. "Preventing the sexual exploitation of youth online requires a multi-faceted holistic strategy with a shared responsibility between the public, industry, and government," Donna Rice Hughes, the chief executive of Enough is Enough, said in a statement. "The need for aggressive enforcement of existing laws and adequate funding for Law Enforcement to do the job is long overdue. For nearly two decades, bi-partisan government commissions, task forces, Internet safety groups, and researchers, who have recognized the significant risks associated with unfettered Internet access by youth, and have called upon the government and law enforcement to take aggressive action."

An anonymous reader quotes a report from New York Daily News: Gawker's founder Nick Denton filed for personal bankruptcy Monday after a Florida appeals court refused to give him an emergency order that would block wrestler Hulk Hogan from collecting on a $140 million jury verdict. The District Court of Appeal in Lakeland, Fla., denied a request by Gawker and Denton to stay a ruling by lower court judge Pamela Campbell -- who said Hogan could start collecting on his award immediately. But declaring bankruptcy will give Denton protection from collectors including Hogan, whose real name is Terry Bollea. In the filing, Denton says he has assets of $10 to $50 million and liabilities of $100 to $500 million. His debts includes $125 million that he owes to Hogan, an $11.5 million loan that he took out on June 10 from Silicon Valley Bank, a $50,000 loan he took from his 401(k) at Gawker and his Time Warner Cable bill for $120.88. The jury's March verdict was the result of Gawker's decision to publish a tape on the internet of Hogan having sex with a friend's wife. The former WWF star said it was an invasion of his privacy. Gawker filed for bankruptcy shortly after the jury's verdict, but Denton resisted, asking the bankruptcy court to protect him as part of the process. The federal court refused. Now that the Florida courts have opened the door for Hogan to start collecting from Denton, he is expected to follow Gawker into federal bankruptcy court in lower Manhattan.

An anonymous reader writes: Washington State has filed a lawsuit against Comcast to the sum of $100 million, accusing Comcast of "engaging in a pattern of deceptive practices." It claims that Comcast's documents reveal a pattern of illegally deceiving its own customers for profit. KOMO News reports: "The lawsuit (PDF) alleges more than 1.8 million individual violations of the Washington Consumer Protection Act. The Attorney General's Office says 500,000 Washington consumers were affected. The lawsuit also accuses Comcast of violating the Consumer Protection Act to all of its nearly 1.2 million Washington subscribers due to its deceptive 'Comcast Guarantee,' Ferguson said. The lawsuit accuses Comcast of misleading 500,000 Washington consumers and deceiving them into paying at least $73 million in subscription fees over the last five years for what the attorney general says is a a near-worthless protection plan. Customers who sign up for Comcast's Service Protection Plan pay a $4.99 monthly fee to avoid being charged if a Comcast technician visits their home. But the plan did not cover wiring inside a wall, the lawsuit says. The Attorney General Office says 75 percent of the time, customers who contacted Comcast were told the plan covered inside wiring. Customer service scripts, which the Attorney General's Office said it obtained during its investigation, told Comcast representatives to say that the plan covers calls 'related to inside wiring' and 'wiring inside your home.'" According to KOMO News, the lawsuit is seeking more than $73 million in restitution to pay back Service Protection Plan subscriber payments; full restitution for all service calls that applied an improper resolution code, estimated to be at least $1 million; removal of improper credit checks from the credit reports of more than 6,000 customers; up to $2,000 per violation of the Consumer Protection Act; and that Comcast clearly disclose the limitations of its Service Protection Plan in advertising and through its representatives, correct improper service codes that should not be chargeable and implement a compliance procedure for improper customer credit checks.

An anonymous reader writes: Earlier today, the FCC reached a settlement with TP-Link over Wi-Fi router interference. Most of the agreement was routine, addressing compliance with radio emission rules.

But the FCC also did something unprecedented. It required TP-Link to support open source firmware on its routers. You might recall that, last year, the FCC caused a ruckus when it mistakenly suggested it was banning open source router firmware. In fact, the FCC only required that router vendors implement protections for specific radio emission parameters. But the FCC didn't work with router vendors in advance to maintain open source compatibility, resulting in certain vendors (including TP-Link) trying to lock down their routers.

The FCC eventually issued a clarification, but the damage was done. Only recently have a couple router vendors (Linksys and Asus) affirmed that they will continue to support open source firmware.

Today's settlement is a milestone for the FCC. The agency is finally doing something, with deeds and not just words, to demonstrate its support for the open source community. It would be better if the agency hadn't created this mess, but they deserve serious credit for working so hard to fix it.

Google said Monday that HTTPS now accounts for 97% of all connections to YouTube. In a blog post, the video portal made the announcement, also underscoring the challenges it faced making the site more secure. TechCrunch reports:Given its massive scale, YouTube obviously presents some extra challenges for Google. But the company argues that its Global Cache content delivery network is able to handle encrypted connections relatively easily, in large parts because hardware acceleration for AES, the algorithm at the core of the HTTPS protocol, is now ubiquitous. Google also argues that using HTTPS connections has improved the user experience on YouTube. "You watch YouTube videos on everything from flip phones to smart TVs," the team writes today. "We A/B tested HTTPS on every device to ensure that users would not be negatively impacted. We found that HTTPS improved quality of experience on most clients: by ensuring content integrity, we virtually eliminated many types of streaming errors."

Adi Robertson, reporting for The Verge: At the direction of Governor Andrew Cuomo, New York's correctional department has made playing online games a violation of parole for sex offenders -- particularly Pokemon Go. In a statement, Cuomo said that people on the sex offender registry are now banned from "downloading, accessing, or otherwise engaging in any internet enabled gaming activities, including Pokemon Go." He also published a letter that he sent to game developer Niantic, asking for its cooperation in preventing registrants from signing up. The decision is based on a report from two New York state senators, released last week. Jeffrey Klein and Diane Savino visited the locations of 100 registered sex offenders in New York City and found 57 pokemon and 59 pokestops and gyms within half a city block. They were particularly worried about the "lures" that draw pokemon -- and thus players, including children -- to a location. While criminals have used pokestops and lures to attract and rob players, there are no known cases of sexual predators using them so far. Nonetheless, Klein and Savino have crafted bills that would ban sex offenders from playing the game and require Niantic to remove any Pokemon Go-related items or locations from near their homes.

An anonymous reader writes: Louisville's largest cable and internet provider says the city is giving Google Fiber an unfair advantage, and it wants Mayor Greg Fischer to step in and ease key regulations in the coming weeks. In a July 28 letter, Charter Communications told Fischer the city's separate franchise agreements allow Google to operate under less burdensome rules despite the two companies offering local customers similar services. "There is no justification for different regulatory treatment," said Jason Keller, Charter's government liaison. The letter was addressed to Fischer, the 26-member Metro Council and more than five dozen other mayors representing smaller suburban cities. Charter representatives claim unlike Google, it is obligated to pay money to the city above and beyond the millions in tax proceeds Louisville receives; to provide free internet and cable television to dozens of city-owned buildings; and provide costly government channels, as well as a studio for public access channels. Kellie Watson, Fischer's general counsel, said in a statement that Charter "raised some interesting issues and ideas" but that the administration will need to consult with the county attorney's office given the franchise agreement involves federal regulations.

Finally, someone has managed to hack PS Vita, allowing people to install emulators and homebrew software on the handheld gaming console. The jailbreak dubbed HENkaku works on the latest 3.60 Vita firmware. From an article on Geek.com: The exploit allowing full access to the Vita hardware has been created by Team Molecule and named HENkaku. The code injected into the handheld when visiting the website unlocks the hardware and removes the file system from its protective sandbox. It's then possible to access it and the Vita memory card using FTP. The super simple unlock opens up the Vita to homebrew developers who want to create their own games for the system without going through official channels. But it also allows full access to the hardware meaning the ability to overclock the processor, and for PlayStation TV owners it also means all games are whitelisted. That's great news as there are many blocked games known to work perfectly fine on the PSTV.

An anonymous reader shares a report via The Next Web: Noise-canceling headphones are great for tuning out the din around you when you just want to focus on listening to music or enjoy some peace and quiet. Unfortunately, they also mute sounds that you might need to hear -- like someone calling your name. Amazon has a pretty cool idea for solving that problem. It was recently granted a patent for headphones that not only cancel out noise, but also listen to specific sounds or phrases (like 'Hey Ben') and respond by automatically turning off the feature so the user can hear sound from their surroundings. That should make it safer for use in noisy environments where you might actually need to pay attention to the occasional alert, such as a construction site or an industrial facility. In addition, the headphones can also listen for phrases to turn noise canceling back on again, so the user can resume their listening experience hands-free.

Swiftkey has suspended its cloud-sync service and switched off email address predictions amid reports of Microsoft-owned keyboard app delivering suggestions for strangers' email addresses and phone numbers. ZDNet reports: The move followed reports a week ago that the app was offering up email addresses to people they've never met. According to The Telegraph, one user claimed to have been contacted by a stranger and told that their brand-new phone had suggested two of the user's email addresses, as well as contact phone numbers. Reports of the bug also cite some users receiving predictions in languages they'd never used previously. "I logged into SwiftKey with Google+ and now, I'm getting someone else's German predictions with only English (UK) pack installed. I have never typed German in my entire life," one Reddit user reported last week. SwiftKey on Friday suggested the leaked contact details are due to a glitch in this sync service, which normally backs up what the app learns about a user to SwiftKey servers and then syncs that data to the user's other devices.Microsoft acquired SwiftKey app earlier this year for an estimated sum of $250 million.

Tesla Motors announced Monday that it has reached a deal to buy SolarCity (San Mateo-based provider of energy services), the next step in Elon Musk's plan to combine his electric-car and solar-energy companies. It's already a family affair: Musk, Tesla's chief executive, owns about 21% of SolarCity and serves as chairman. His cousins Lyndon R. Rive and Peter J. Rive are SolarCity's chief executive and chief technology officer, respectively. The independent members of both companies' boards approved the $2.6-billion all-stock deal, Tesla said. Tesla said it expects to have cost synergies of $150 million in the first year after the deal closes. Tesla said it expects the deal to close in the fourth quarter, although the proposal must still be approved by a majority of the disinterested shareholders of Tesla and SolarCity and requires regulatory approval. It also contains a "go shop" provision that gives SolarCity 45 days to "solicit, discuss or negotiate alternative proposals from third parties."

Kara Swisher, reporting for Recode: Uber, which has been spending hugely in China over the last two years, has folded, striking a deal in which it will merge its Chinese operations with its main rival there, Didi Chuxing. Under terms of the deal, Uber China, the ride-hailing company's Chinese subsidiary, will be part of a larger Didi company valued at $35 billion. Uber gets a 20 percent stake in that -- Didi's previous valuation was $28 billion. That's a $7 billion value for upward of $2 billion that Uber has frittered away, um, spent there. In turn, Didi will invest in Uber at a valuation of almost $70 billion. That was about the value of Uber's last round. Now, everyone owns everyone everywhere.

A new experiment suggests sleeping with amber-tinted glasses can reduce the manic symptoms of bipolar disorder within three days. Slashdot reader schwit1 quotes a report from Science Alert: The benefits of amber-tinted glasses are that they block blue light -- a major component of sunlight and the light beamed at us from our computer and phone screens. In the mornings, it's this blue light that helps reset our body clock each day. But a growing body of evidence is linking too much blue-light exposure in the evenings to problems including insomnia, obesity, depression, and other mental illnesses.
I wonder how many Slashdot readers are already trying to improve their sleep patterns by avoiding exposure to blue light?

"To use a nonscientific term, the scientists in the country are freaking out," reports the Washington Post. An anonymous Slashdot reader quotes their report: The researchers worry that Britain will not replace funding it loses when it leaves the E.U., which has supplied about $1.2 billion a year to support British science, approximately 10 percent of the total spent by government-funded research councils. There is a whiff of panic in the labs.

Worse than a possible dip in funding is the research community's fear that collaborators abroad will slink away and the country's universities will find themselves isolated. British research today is networked, expensive, competitive and global. Being part of a pan-European consortium has helped put Britain in the top handful of countries, based on the frequency of citations of its scientific papers... Anecdotal evidence suggests that headhunters may already be circling.
Meanwhile, NPR reports that Britain's vote to leave the EU "has depressed the value of the British pound," prompting many Britons to vacation at home rather than abroad -- while "Americans will find their dollars go further in Britain these days." And an anonymous Slashdot reader quotes a report from CNBC that Ford "is considering closing plants in the UK and across Europe in response to Britain's vote to leave the EU, as it forecast a $1 billion hit to its business over the next two years."