Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Android

Motorola Confirms That It Will Not Commit To Monthly Security Patches (arstechnica.com) 6

If you are planning to purchase the Moto Z or a Moto G4 smartphone, be prepared to not see security updates rolling out to your phone every month -- and in a timely fashion. After Ars Technica called out Motorola's security policy as "unacceptable" and "insecure," in a recent review, the company tried to handle the PR disaster, but later folded. In a statement to the publication, the company said: Motorola understands that keeping phones up to date with Android security patches is important to our customers. We strive to push security patches as quickly as possible. However, because of the amount of testing and approvals that are necessary to deploy them, it's difficult to do this on a monthly basis for all our devices. It is often most efficient for us to bundle security updates in a scheduled Maintenance Release (MR) or OS upgrade. As we previously stated, Moto Z Droid Edition will receive Android Security Bulletins. Moto G4 will also receive them.Monthy security updates -- or the lack thereof -- remains one of the concerning issues that plagues the vast majority of Android devices. Unless it's a high-end smartphone, it is often rare to see the smartphone OEM keep the device's software updated for more than a year. Even with a flagship phone, the software update -- and corresponding security patches -- are typically guaranteed for only 18 to 24 months. Reports suggest that Google has been taking this issue seriously, and at some point, it was considering publicly shaming its partners that didn't roll out security updates to their respective devices fast enough.
Government

Obama Creates a Color-Coded Cyber Threat 'Schema' After the DNC Hack (vice.com) 56

The White House on Tuesday issued new instructions on how government agencies should respond to major cyber security attacks, in an attempt to combat perceptions that the Obama administration has been sluggish in addressing threats from sophisticated hacking adversaries, Reuters reports. The announcement comes amid reports that hackers working for Russia may have engineered the leak of emails stolen from the Democratic National Committee in an attempt to influence the outcome of the upcoming presidential election. Motherboard adds: George W. Bush's Homeland Security Advisory System -- the color-coded terrorism "threat level" indicator that became a symbol of post-9/11 fear mongering -- is getting its spiritual successor for hacking: the "Cyber Incident Severity Schema." President Obama announced a new policy directive Tuesday that will codify how the federal government will respond to hacking incidents against both the government and private American companies. [...] The Cyber Incident Severity Schema ranges from white (an "unsubstantiated or inconsequential event") to black (a hack that "poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of U.S. persons") , with green, yellow, orange, and red falling in between. Any hack or threat of a hack rated at orange or above is a "significant cyber incident" that will trigger what the Obama administration is calling a "coordinated" response from government agencies. As you might expect, there are many unanswered questions here, and the federal government has announced so many cyber programs in the last few years that it's hard to know which, if any of them, will actually make the US government or its companies any safer from hackers.
Security

'DNC Hacker' Unmasked: He Really Works for Russia, Researchers Say (thedailybeast.com) 194

The hacker who claimed to compromise the DNC swore he was Romanian, but new investigation shows he worked directly for Russia President Vladimir Putin's government in Moscow. The Daily Beast reports: The hacker who claims to have stolen emails from the Democratic National Committee and provided them to WikiLeaks is actually an agent of the Russian government and part of an orchestrated attempt to influence U.S. media coverage surrounding the presidential election, a security research group concluded on Tuesday. The researchers, at Arlington, Va.-based ThreatConnect, traced the self-described Romanian hacker Guccifer 2.0 back to an Internet server in Russia and to a digital address that has been linked in the past to Russian online scams. Far from being a single, sophisticated hacker, Guccifer 2.0 is more likely a collection of people from the propaganda arm of the Russian government meant to deflect attention away from Moscow as the force behind the DNC hacks and leaks of emails, the researchers found. ThreatConnect is the first known group of experts to link the self-proclaimed hacker to a Russian operation, amidst an ongoing FBI investigation and a presidential campaign rocked by the release of DNC emails that have embarrassed senior party leaders and inflamed intraparty tensions turning the Democratic National Convention. The emails revealed that party insiders plotted ways to undermine Sen. Bernie Sanders' presidential bid. The researchers at the aforementioned security firm are basing their conclusion on three signals: the hacker used Russian computers to edit PDF files, he also used Russian VPN -- and other internet infrastructure from the country, and that he was unable to speak Romanian.
Blackberry

BlackBerry Says Its New Android Smartphone DTEK 50 Is the 'World's Most Secure' (theverge.com) 68

BlackBerry, which once assumed the tentpole position in the mobile market, announced on Tuesday the BlackBerry DTEK 50, its second smartphone powered by Google's Android operating system. The Canadean company is marketing the DTEK as the 'world's most secure' phone. It is priced at $300, and will go on sale in select markets on August 8. The Verge adds:The DTEK50 has a 5.2-inch, 1080p display, Qualcomm Snapdragon 617 processor, 3GB RAM, 13-megapixel camera, and 2,610mAh battery. The 8-megapixel front camera also includes a flash for taking selfies. It runs Android 6.0 Marshmallow with BlackBerry's software features, such as the Hub. The software is similar to the software on the Priv released last year. The security features are highlighted right in the device's name, as it has BlackBerry's DTEK software that protects users from malware and other security problems often seen on Android smartphones. The DTEK app lets users quickly get an overview of their device's security and take action on any potential issues. BlackBerry says that it has modified Android with its own technology originally developed for the BB10 platform to make it more secure. The company is also committing to rapid updates to deliver security patches shortly after they are released.
Security

Notorious Group OurMine Hacks TechCrunch (betanews.com) 9

Prominent technology blog TechCrunch -- which is often cited on Slashdot -- has become the latest victim of the OurMine hacking group. The notorious group gained access to Seattle-based writer Devin Coldewey's account, and posted the following message earlier today: "Hello Guys, don't worry we are just testing techcrunch security, we didn't change any passwords, please contact us." The post was then promoted as a ticker, the top banner in red and as the main story on TechCrunch's front page. BetaNews adds: The OurMine website says that the group offers "top notch vulnerability assessment", so it's possible that the hack was little more than a PR stunt touting for business. It did not take TechCrunch long to notice and remove the story (and presumably change a series of passwords...) but the site is yet to issue a statement about what has happened.
Security

Pop Star Tells Fans To Send Their Twitter Passwords, But It Might Be Illegal (arstechnica.com) 80

Cyrus Farivar, reporting for Ars Technica: As a new way to connect with his fans, Jack Johnson -- one half of the pop-rap duo Jack & Jack, not to be confused with the laid back Hawaiian singer-songwriter of the same name -- has spent the last month soliciting social media passwords. Using the hashtag #HackedByJohnson, the performer has tweeted at his fans to send him their passwords. (Why he didn't go for the shorter and catchier #JackHack, we'll never know.) Then, Johnson posts under his fans' Twitter accounts, leaving a short personalized message, as them. While Johnson and his fans likely find this password sharing silly and innocuous, legal experts say that Jack Johnson, 20, may be opening himself up to civil or criminal liability under the Computer Fraud and Abuse Act, a notorious anti-hacking statute that dates back to the 1980s. "While the entertainer in question likely considers this password collection to be a harmless personalized promotional activity, there may indeed be legal implication of both the fans' and the entertainer's conduct," Andrea Matwyshyn, a law professor at Northeastern University, told Ars.
Microsoft

Steam On Windows 10 Will Get 'Progressively Worse': Gears of War Developer (ndtv.com) 262

Microsoft's Universal Windows Platform, or UWP, approach isn't sitting well with many game developers. Four months after criticising UWP ecosystem for being a walled-garden, curtailing "users' freedom to install full-featured PC software, and subverting the rights of developers and publishers to maintain a direct relationship with their customers," Tim Sweeney, co-founder of Epic Games, the studio behind the Gears of War and Unreal franchises has once again lashed out at the Redmond-based company. He alleges that Microsoft plans to make Steam -- the world's largest PC gaming platform, "progressively worse and more broken." in a move to bolster people's reliance on the Windows Store. From a Gadgets 360 report: "Slowly, over the next five years, they will force-patch Windows 10 to make Steam progressively worse and more broken. They'll never completely break it, but will continue to break it until, in five years, people are so fed up that Steam is buggy that the Windows Store seem like an ideal alternative. That's exactly what they did to their previous competitors in other areas. Now they're doing it to Steam. It's only just starting to become visible. Microsoft might not be competent enough to succeed with their plan but they are certainly trying," Sweeney said. He adds the outcome of this would be forcing every app and game to be sold through the Windows Store alone. "If they can succeed in doing that then it's a small leap to forcing all apps and games to be distributed through the Windows store. Once we reach that point, the PC has become a closed platform. It won't be that one day they flip a switch that will break your Steam library -- what they're trying to do is a series of sneaky manoeuvres. They make it more and more inconvenient to use the old apps, and, simultaneously, they try to become the only source for the new ones," he claims.
Earth

54C Recorded In Kuwait Likely Hottest On Record In Asia (foxnews.com) 216

An anonymous reader writes from an Associated Press report: The UN weather agency said it suspects that the 54C temperature recorded in Kuwait has set a record for the eastern hemisphere. The World Meteorological Organisation (WMO) said Tuesday it is setting up a committee to look into whether the temperature recorded last Thursday in Mitrabah, Kuwait, was a new high for the eastern hemisphere and in Asia. WMO's Omar Baddour said it is "likely" to be an eastern hemisphere record. Last week, swathes of the Middle East and North Africa and were hit by heatwaves that have become more frequent over the last half-century, and Earth is fresh off the hottest six months on record. WMO says the world record high of 56.7C was recorded at Furnace Creek in Death Valley, California, in 1913. In the UAE, highs of 49C are expected inland on Wednesday. Last year, the mercury rose above 50C in Sweiham, near Al Ain.An article on Citylab, citing NOAA's latest analysis notes that it was the warmest June in the modern history and also the 14th consecutive month of unprecedented hotness.
Movies

Slashdot Asks: What's Next For Netflix? (500ish.com) 150

What does the future hold for Netflix? The company first earned a name for itself over a decade ago renting DVDs via mails in an era when Blockbuster used to laugh at the mere idea of DVDs-by-mail. It then moved to offering online streaming service way before most of the companies. As VC and former journalist MG Siegler writes, Netflix was always ahead of the curve. But the market -- and the demand from the market is changing, again. To address that, the on-demand streaming service has over the past three-four years started to invest heavily in getting exclusive rights for movies and TV shows, as well as make its own original content. But this time, Netflix is facing immense competition from its rivals -- and its moves aren't that unpredictable. It's also worth pointing out just recently, the company's decision to hike prices led its stocks to tank. Siegler writes: The streaming content game is now hyper competitive. And even the streaming original content game has gotten extremely competitive. And this means it has gotten extremely expensive. The result has been great for us, the users, as we do seem to be in a golden age of television-like content, even if it's being delivered via streaming "channels" like Netflix. With 54 Emmy nominations this year, second to only HBO, Netflix is seemingly closing in on what they set out to do once again. They've become HBO faster than HBO has been able to become Netflix. Of course, HBO still has the warm blanket of cable operator fees to keep them cozy; Netflix's model has them a bit out in the cold in that regard. So, again, what's next? Is it VR? Something else? Don't tell me it's 4k. Worldwide expansion is huge, but that's really just growing into the last business. What's the next business pivot?What you, Slashdot readers, think Netflix's next move will be? Or do you think the company will soon become just another name in its respective category?
AMD

AMD Unveils Radeon Pro WX and Pro SSG Professional Graphics Cards (hothardware.com) 44

MojoKid writes: AMD took the wraps off its latest pro graphics solutions at SIGGRAPH today, and announced three new professional graphics cards in the new Polaris-based Radeon Pro WX Series. The Radeon Pro WX 4100 is the entry-level model with a half-height design for use in small form-factor workstations. The Radeon Pro WX 5100 is the middle child, while the Radeon Pro WX 7100 is AMD's current top-end WX model. The Radeon Pro WX 7100 has 32 compute units, offers 5 TFLOPs of compute performance, and is backed by 8GB of GDDR4 memory over a 256-bit memory interface. The Radeon Pro WX 5100 offers 28 compute units and 4 TFLOPs of performance along with 8GB memory over the same 256-bit interface, and the Radeon Pro WX 4100 is comprised of 16 compute units at 2 TFLOPs of perf with 4GB memory over a 128-bit memory link. The Radeon Pro WX 4100 has four mini DisplayPort outputs, while the Radeon Pro WX 5100 and 7100 each have four full-size DisplayPort connectors. None of these cards will be giving the new NVIDIA Quadro P6000 a run for its money in terms of performance, but they don't have to. The Quadro card will no doubt cost thousands of dollars, while the Radeon Pro WX 7100 will eek in at just under $1,000. The Radeon Pro WX 5100 and 4100 will slot in somewhat below that mark. AMD also announced the Radeon Solid State Storage Architecture and the Radeon Pro SSG card today. Details are scant, but AMD is essentially outfitting Radeon Pro SSG cards with large amounts of Solid State Flash Memory, which can allow much larger data sets to reside close to the GPU in an extended frame buffer. Whereas the highest-end professional graphics cards today may have up to 24GB of memory, the Radeon Pro SSG will start with 1TB, linked to the GPU via a custom PCI Express interface. Giving the GPU access to a large, local data repository should offer significantly increased performance for demanding workloads like real-time post-production of 8K video, high-resolution rendering, VR content creation and others.
Businesses

Apple's Electric Car Project To Be Led By Bob Mansfield (techcrunch.com) 122

An anonymous reader writes: Long-time Apple executive Bob Mansfield will lead Apple's electric car project, according to the Wall Street Journal. TechCrunch reports: "Mansfield stepped down from the Apple executive board in 2013, yet stayed around the company to work on, what Apple called, special projects. In this role he was reporting directly to Apple CEO Tim Cook. One of Mansfield's projects turned out to be the Apple Watch. Now it seems he will head-up Apple's car ambitions -- a project Apple has yet to publicly confirm. During Mansfield's tenure he lead the engineering teams responsible for numerous products including the MacBook Air, iMac, and the iPad."
China

Chinese State Company Unveils World's Largest Seaplane (theguardian.com) 139

An anonymous reader quotes a report from The Guardian: China has completed production of the world's largest amphibious aircraft, state media has said, the latest effort in the country's program to wean itself off dependence on foreign aviation firms. The state-owned Aviation Industry Corporation of China (AVIC) unveiled the first of the new planes, dubbed the AG600, Saturday in the southern port city of Zhuhai, the official Xinhua news agency reported. The aircraft, which has a maximum range of 4,500 km (2,800 miles), is intended for fighting forest fires and performing marine rescues, it said. At around the size of a Boeing 737, it is far larger than any other plane built for marine take off and landing, Xinhua quoted AVIC's deputy general manager Geng Ruguang as saying. The AG600 could potentially extend the Asian giant's ability to conduct a variety of operations in the South China Sea, where it has built a series of artificial islands featuring air strips, among other infrastructure with the potential for either civilian or military use.
Earth

Feds To Deploy Anti-Drone Software Near Wildfires (thehill.com) 141

An anonymous reader quotes a report from The Hill: Federal officials are launching a new "geofencing" program to alert drone pilots when they're flying too close to wildfire prevention operations. The Department of Interior said Monday it would deploy software warnings to pilots when their drones pose a risk to the aircraft used by emergency responders fighting wildfires. The agency said there have been 15 instances of drones interfering with firefighter operations this year, including several leading to grounded aircraft. Drone-related incidents doubled between 2014 and 2015, the agency said. Officials built the new warning system with the drone industry, and the agency said manufacturers could eventually use it to build drones that automatically steer away from wildfire locations. The program is in its pilot phase, the agency said; officials hope to have a full public release in time for next year's wildfire season. "No responsible drone operator wants to endanger the lives of the men and women who work to protect them and we believe this program, which uses the global positioning system to create a virtual barrier, will move us one step closer to eliminating this problem for wildfire managers," Mark Bathrick, the director of the Interior Department's Office of Aviation Service, said in a statement.
Communications

NIST Prepares To Ban SMS-Based Two-Factor Authentication (softpedia.com) 142

An anonymous reader writes: "The U.S. National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA)," reports Softpedia. The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone number, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone. The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: "Biometrics SHALL be used with another authentication factor (something you know or something you have)," the guideline's draft reads. The NIST DAG draft reads in part: "If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance."
Security

Vine's Source Code Was Accidentally Made Public For Five Minutes (theregister.co.uk) 42

An anonymous reader writes from The Register: Vine, the six-second-video-loop app acquired by Twitter in 2012, had its source code made publicly available by a bounty-hunter for everyone to see. The Register reports: "According to this post by @avicoder (Vjex at GitHub), Vine's source code was for a while available on what was supposed to be a private Docker registry. While docker.vineapp.com, hosted at Amazon, wasn't meant to be available, @avicoder found he was able to download images with a simple pull request. After that it's all too easy: the docker pull https://docker.vineapp.com:443/library/vinewww request loaded the code, and he could then open the Docker image and run it. 'I was able to see the entire source code of Vine, its API keys and third party keys and secrets. Even running the image without any parameter, [it] was letting me host a replica of Vine locally.' The code included 'API keys, third party keys and secrets,' he writes. Twitter's bounty program paid out -- $10,080 -- and the problem was fixed in March (within five minutes of him demonstrating the issue)."

Slashdot Top Deals