Iran-Based Hacking Crew Uses Fake LinkedIn Profiles In Espionage Attacks ( 25

An anonymous reader writes: The Iranian hacker group Cleaver has been directing a cyber spying campaign at bodies in the Middle East across a network of fake LinkedIn accounts. It is thought that the threat actors were using the professional platform to gather intelligence using six 'leader' profiles, each with over 500 connections, and a collection of 'supporter' accounts. According to Dell researchers, recruitment advertisements and skill endorsements from 'supporter' accounts were used to boost credibility. Perhaps they're after the New Yorker crowd, too.

Barnes & Noble Has Been Quietly Refreshing Its Nook Hardware ( 17

itwbennett writes: Peter Smith writes that he 'had more or less written off the Nook when Barnes & Noble farmed hardware duties out to Samsung.' But now that Amazon is aiming for the low end with its downgraded Fire tablet line, Barnes & Noble has an opportunity to 'carve out a niche on the higher end of things,' says Smith. And so it has been quietly moving in that direction. Yesterday, Venture Beat wrote about the newly (and stealthily) launched $250 Samsung Galaxy Tab E Nook. As Smith notes, 'the specs for this new tablet aren't anything special,' which might explain the stealthy launch, except that another, pricier Nook tablet apparently came out a month ago (again, according to VentureBeat), the Samsung Galaxy Tab S2 Nook.

Man Behind Week-Long Bitcoin Attacks Reveals Himself 64

An anonymous reader writes: A Russian man that calls himself "Alister Maclin" has been disrupting the Bitcoin network for over a week, creating duplicate transactions, and annoying users. According to Bitcoin experts, the attack was not dangerous and is the equivalent of "spam" on the Bitcoin blockchain servers, known in the industry as a "malleability attack," creating duplicate transactions, but not affecting Bitcoin funds. Maclin recently gave an interview to Vice.

IP Address May Associate Lyft CTO With Uber Data Breach ( 93

An anonymous reader writes: According to two unnamed Reuters sources the IP address of Lyft CTO Chris Lambert has been revealed by Uber's investigations to be associated with the accessing of a security key that was accidentally deposited on GitHub in 2014 and used to access 50,000 database records of Uber drivers later that year. However, bearing in mind that the breach was carried out through a fiercely protectionist Scandinavian VPN, and that Lambert was a Google software engineer before become CTO of a major technology company, it does seem surprising that he would have accessed such sensitive data with his own domestic IP address.

Dell, EMC Said To Be In Merger Talks ( 96

itwbennett writes: According to a Wall Street Journal report (paywalled), Dell might buy some or all of storage giant EMC. (The grain of salt here is that the Journal's report cited unnamed sources, and cautioned that the companies might not finalize any agreement.) If the report has it right, though, "a total merger would be one of the biggest deals ever in the technology industry," writes Stephen Lawson for IDG, "with EMC holding a market value of about US$50 billion. It would also bring together two of the most important vendors to enterprise IT departments."
United States

NSF Awards $74.5 Million To Support Interdisciplinary Cybersecurity Research ( 8

aarondubrow writes: The National Science Foundation announced $74.5 million in grants for basic research in cybersecurity. Among the awards are projects to understand and offer reliability to cryptocurrencies; invent technologies to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the science of censorship resistance by developing accurate models of the capabilities of censors. According to NSF, long-term support for fundamental cybersecurity research has resulted in public key encryption, software security bug detection, spam filtering and more.
The Internet

Google's Effort To Speed Up the Mobile Web ( 91

An anonymous reader writes: Google has officially taken the wraps off its AMP project — Accelerated Mobile Pages — which aims to speed up the delivery of web content to mobile devices. They say, "We began to experiment with an idea: could we develop a restricted subset of the things we'd use from HTML, that's both fast and expressive, so that documents would always load and render with reliable performance?" That subset is now encapsulated in AMP, their proof-of-concept. They've posted the code to GitHub and they're asking for help from the open source community to flesh it out. Their conclusions are familiar to the Slashdot crowd: "One thing we realized early on is that many performance issues are caused by the integration of multiple JavaScript libraries, tools, embeds, etc. into a page. This isn't saying that JavaScript immediately leads to bad performance, but once arbitrary JavaScript is in play, most bets are off because anything could happen at any time and it is hard to make any type of performance guarantee. With this in mind we made the tough decision that AMP HTML documents would not include any author-written JavaScript, nor any third-party scripts." They're seeing speed boosts anywhere from 15-85%, but they're also looking at pre-rendering options to make some content capable of loading instantaneously. Their FAQ has a few more details.

Microsoft Claims 110M Devices Now Run Windows 10 ( 161

New submitter enterpriseITrocks writes: Computerworld reports that Windows 10 is running on 110 million devices, citing stats provided by Panos Panay, the chief of the Surface team. It's the first time since late August that Microsoft has provided usage stats for Win10 at a time when the new OS was running on 75 million machines. From the article: "Microsoft's 110 million described those running Windows 10, not downloads, the company confirmed. A spokeswoman declined to describe how the company tracks uptake, but presumably it does via Windows 10 activations, which it could easily tally from its logs."

Jimmy Wales and Former NSA Chief Ridicule Government Plans To Ban Encryption 175

Mickeycaskill writes: Jimmy Wales has said government leaders are "too late" to ban encryption which authorities say is thwarting attempts to protect the public from terrorism and other threats. The Wikipedia founder said any attempt would be "a moronic, very stupid thing to do" and predicted all major web traffic would be encrypted soon. Wikipedia itself has moved towards SSL encryption so all of its users' browsing habits cannot be spied on by intelligence agencies or governments. Indeed, he said the efforts by the likes of the NSA and GCHQ to spy on individuals have actually made it harder to implement mass-surveillance programs because of the public backlash against Edward Snowden's revelations and increased awareness of privacy. Wales also reiterated that his site would never co-operate with the Chinese government on the censorship of Wikipedia. "We've taken a strong stand that access to knowledge is a principle human right," he said. derekmead writes with news that Michael Hayden, the former head of the CIA and the NSA, thinks the US government should stop railing against encryption and should support strong crypto rather than asking for backdoors. The US is "better served by stronger encryption, rather than baking in weaker encryption," he said during a panel on Tuesday.

eSports Now a Part of College Athletics 110

jyosim writes: The University of Cincinnati hosted what was possibly the largest-ever collegiate video-game tournament last weekend. At the university, the League of Legends club has become an official club sport, just like rugby or rowing. "What's happening with college e-sports right now is that we're seeing a formalization and institutionalization of what's always been present," said T.L. Taylor, a professor of comparative media studies at the Massachusetts Institute of Technology.

Danish Bank Leaves Server In Debug Mode, Exposes Sensitive Data In JS Comments 41

An anonymous reader writes: Dutch IT security expert Sijmen Ruwhof has found a pretty big blunder on the part of Danske Bank, Denmark's biggest bank, which exposed sensitive user session information in the form of an encoded data dump, in their banking portal's JavaScript files. The data contained client IP addresses, user agent strings, cookie information, details about the bank's internal IT network, and more. He contacted the bank, who fixed the issue, but later denied it ever happened.

Boarding Pass Barcodes Can Reveal Personal Data, Future Flights 64

An anonymous reader writes: Security experts have warned that barcodes contained on airplane boarding passes could offer a detailed stream of information to malicious individuals, including data on travel habits and future flight plans. Brian Krebs explained yesterday that by using an easily available online barcode reader, attackers can retrieve a person's name, frequent flyer number, and record locator — information needed to access an individual's account and details of past and upcoming flights, phone numbers, and billing information, along with options to change seats and cancel flights.

Windows Phone Store Increasingly Targeted With Fake Mobile Apps 90

An anonymous reader writes: A post by security company Avast says not only are a large amount of fake apps available from the third-party marketplace of the Windows Phone Store, but they also remain available for quite a while despite negative comments and other flags from end-users. Avast speculates that improved security and auditing procedures at rival stores such as Google Play account for the increasing attention that fake app-publishers are giving to the Windows phone app market.

Why Is RAM Suddenly So Cheap? It Might Be Windows 208

jfruh writes: The average price of a 4GB DDR3 memory DIMM at the moment $18.50 — a price that's far lower than at this time last year. Why is it so cheap? The memory business tends to go in boom and bust cycles, but the free availability of Windows 10 means that fewer people are upgrading their PCs, reducing RAM demand. Analyst Avril Wu said, "Notebook shipments in the third quarter fall short of what is expected for a traditional peak season mainly because Windows 10 with its free upgrade plan negatively impacted replaced sales of notebooks to some extent rather than driving the demand for these products." And prices might stay low for another two years.

Larry Wall Unveils Perl 6.0.0 161

An anonymous reader writes: Last night Larry Wall unveiled the first development release of Perl 6, joking that now a top priority was fixing bugs that could be mistaken for features. The new language features meta-programming — the ability to define new bits of syntax on your own to extend the language, and even new infix operators. Larry also previewed what one reviewer called "exotic and new" features, including the sequence operator and new control structures like "react" and "gather and take" lists. "We don't want their language to run out of steam," Larry told the audience. "It might be a 30- or 40-year language. I think it's good enough."

Worries Mount Over Upcoming LTE-U Deployments Hurting Wi-Fi 170

alphadogg writes: LTE-U is a technology developed by Qualcomm that lets a service provider broadcast and receive signals over unlicensed spectrum, which is usable by anybody – specifically, in this case, the spectrum used by Wi-Fi networks in both businesses and homes. By opening up this new spectrum, major U.S. wireless carriers hope to ease the load on the licensed frequencies they control and help their services keep up with demand. Unsurprisingly, several outside experiments that pitted standard LTE technology or 'simulated LTE-U' technology, in the case of one in-depth Google study, against Wi-Fi transmitters on the same frequencies found that LTE drastically reduced the throughput on the Wi-Fi connection.
Open Source

Matthew Garrett Forks the Linux Kernel 683

jones_supa writes: Just like Sarah Sharp, Linux developer Matthew Garrett has gotten fed up with the unprofessional development culture surrounding the kernel. "I remember having to deal with interminable arguments over the naming of an interface because Linus has an undying hatred of BSD securelevel, or having my name forever associated with the deepthroating of Microsoft because Linus couldn't be bothered asking questions about the reasoning behind a design before trashing it," Garrett writes. He has chosen to go his own way, and has forked the Linux kernel and added patches that implement a BSD-style securelevel interface. Over time it is expected to pick up some of the power management code that Garrett is working on, and we shall see where it goes from there.

From Microsoft, HoloLens VR Dev Kit, New Phones, Continuum 87

Ars Technica and scads of other tech hardware sites are reporting that the big news so far from this morning's Microsoft product launch event in New York is that the company's Hololens development kit will begin shipping in the first quarter of next year, and at a price that puts the units out of the hands of typical consumers: $3000. At that level, developers are more likely to make the plunge, which Ars applauds.

The company also announced three new smartphones: two of them, the Lumia 950, 950XL, are worth designating "flagships," while the 550, notably, will sell for $139, putting it in the territory of cheap grey-market Android phones. More interesting than spec bumps, though, is Continuum for Windows, a Window 10 feature which made its official debut at the event. Continuum is one manifestation of the pocket-computer idea that others have had as well in various forms: it means that with an adapter, a phone can be used as the CPU and graphics engine when connected to a screen and keyboard: "The adapter features a Microsoft Display Dock, an HDMI and Display Port, plus 3 USB ports to provide productivity on the go and let you plug in additional peripherals, such as mice and keyboards. Other accessories can be connected too, Microsoft said."

Microsoft also demo'd the Surface 4. Its improved screen is 12.3" at 2160x1440, for a pixel density of 267 PPI. The new pro has a Skylake 6th-gen processor, which they say provides a 30% performance boost over the Surface Pro 3, and a 50% boost over the MacBook Air. The SP4 goes up to 1TB of storage, and up to 16GB of RAM. The Type Cover was improved as well — the touchpad is 40% larger and supports 5-point multi-touch, while the keys have better travel and pitch.

On top of this, Microsoft also unveiled the Surface Book laptop. Its defining feature is that you can unclip the 13.5" touchscreen and use it separately as a tablet. The keyboard dock has a dedicated GPU that will boost performance when attached. Microsoft is using a new type of hinge that bends and extends at multiple points, so you can also reattach the screen backward if you want to use it as a tablet while keeping the extra GPU power available. They claim a 12-hour battery life for the Surface Book.

International Exploit Kit Angler Thwarted By Cisco Security Team 36

An anonymous reader writes: Researchers at a Cisco security unit have successfully interrupted the spread of a massive international exploit kit which is commonly used in ransomware attacks. The scientists discovered that around 50% of computers infected with Angler were connecting with servers based at a Dallas facility, owned by provider Limestone Networks. Once informed, Limestone cut the servers from its network and handed over the data to the researchers who were able to recover Angler authentication protocols, information needed to disrupt future diffusion.

Software Defined Smart Battery Arrays Extend Laptop Life 42

An anonymous reader writes: A Microsoft research paper, titled 'Software Defined Batteries', outlines a radical charging alternative which uses a smart battery system to keep consumer-grade gadgets going for much longer than the current norm, by monitoring user habits. Making use of existing technologies, the engineers place multiple battery control under the duties of the operating system to create a software-defined approach optimized for different scenarios, such as word processing, email or video streaming.