Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Nuclear Plants Leak Critical Alerts In Unencrypted Pager Messages ( 4

mdsolar quotes a report from Ars Technica: A surprisingly large number of critical infrastructure participants -- including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers -- rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage. Earlier this year, researchers from security firm Trend Micro collected more than 54 million pages over a four-month span using low-cost hardware. In some cases, the messages alerted recipients to unsafe conditions affecting mission-critical infrastructure as they were detected. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert a hospital to a potentially dangerous level of sewage water. Meanwhile, a supervisory and control data acquisition system belonging to one of the world's biggest chemical companies sent a page containing a complete "stack dump" of one of its devices. Other unencrypted alerts sent by or to "several nuclear plants scattered among different states" included:

-Reduced pumping flow rate
-Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
-Fire accidents in an unrestricted area and in an administration building
-Loss of redundancy
-People requiring off-site medical attention
-A control rod losing its position indication due to a data fault
-Nuclear contamination without personal damage
Trend Micro researchers wrote in their report titled "Leaking Beeps: Unencrypted Pager Messages in Industrial Environments": "We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, semiconductor and commercial manufacturers, and HVAC. These unencrypted pager messages are a valuable source of passive intelligence, the gathering of information that is unintentionally leaked by networked or connected organizations. Taken together, threat actors can do heavy reconnaissance on targets by making sense of the acquired information through paging messages. Though we are not well-versed with the terms and information used in some of the sectors in our research, we were able to determine what the pages mean, including how attackers would make use of them in an elaborate targeted attack or how industry competitors would take advantage of such information. The power generation sector is overseen by regulating bodies like the North American Electric Reliability Corporation (NERC). The NERC can impose significant fines on companies that violate critical infrastructure protection requirements, such as ensuring that communications are encrypted. Other similar regulations also exist for the chemical manufacturing sector."

Renewables Overtake Coal As World's Largest Source of Power Capacity ( 84

The world's largest source of power capacity is now renewables, as roughly half a million solar panels were installed every single day last year. In addition, two wind turbines were erected every hour in countries such as China, according to the International Energy Agency. Financial Times reports (Editor's note: may be paywalled; alternate source): Although coal and other fossil fuels remain the largest source of electricity generation, many conventional power utilities and energy groups have been confounded by the speed at which renewables have grown and the rapid drop in costs for the technologies. Average global generation costs for new onshore wind farms fell by an estimated 30 percent between 2010 and 2015 while those for big solar panel plants fell by an even steeper two-thirds, an IEA report published on Tuesday showed. The Paris-based agency thinks costs are likely to fall even further over the next five years, by 15 percent on average for wind and by a quarter for solar power. It said an unprecedented 153 gigawatts of green electricity was installed last year, mostly wind and solar projects, which has more than the total power capacity in Canada. It was also more than the amount of conventional fossil fuel or nuclear power added in 2015, leading renewables to surpass coal's cumulative share of global power capacity -- though not electricity generation. A power plant's capacity is the maximum amount of electricity it can potentially produce. The amount of energy a plant actually generates varies according to how long it produces power over a period of time. Coal power plants supplied close to 39 percent of the world's power in 2015, while renewables, including old hydropower dams, accounted for 23 percent, IEA data show. But the agency expects renewables' share of power generation to rise to 28 percent by 2021, when it predicts they will supply the equivalent of all the electricity generated today in the U.S. and E.U. combined.

Apple's Annual Sales Fall For First Time Since 2001 ( 116

An anonymous reader quotes a report from CNNMoney: Apple just posted its first annual sales decline since 2001, the year it launched the iPod and kicked off a tremendous run of groundbreaking products. The tech company revealed Tuesday that annual sales fell to $216 billion in the 2016 fiscal year ending September 30, from a record $234 billion in 2015. The sales decline is closely connected to the falling sales for the iPhone, which remains Apple's largest source of revenue. Apple sold 45.5 million iPhones in the September quarter, down from 48 million iPhones in the same quarter a year earlier. That marks the third consecutive quarter when iPhone sales and overall revenue have declined from a year prior. Many analysts have raised concerns that the global smartphone market is saturated. Customers are taking longer to replace their phones. And Apple's latest iPhone is a dead ringer for the previous two models, eliminating some of the desire to upgrade. The good news is that this sales decline may prove to be a blip and not the new norm. Apple is projecting that it will post sales of $76 billion to $78 billion in the upcoming quarter, up from $74.8 billion a year earlier.

Scientists Create AI Program That Can Predict Human Rights Trials With 79 Percent Accuracy ( 53

An anonymous reader quotes a report from The Verge: Computer scientists have created an AI program capable of predicting the outcome of human rights trials. The program was trained on data from nearly 600 cases brought before the European Court of Human Rights (ECHR), and was able to predict the court's final judgement with 79 percent accuracy. Its creators say it could be useful in identifying common patterns in court cases, but stress that they do not believe AI will be able to replace human judgement. As described in a study published in the journal PeerJ Computer Science, the AI program worked by analyzing descriptions of court cases submitted to the ECHR. These descriptions included summaries of legal arguments, a brief case history, and an outline of the relevant legislation. The cases were grouped into three main violations of human rights law, including the prohibition on torture and degrading treatment; the right to a fair trial; and the right to "respect for private and family life." (Used in a wide range of cases including illegal searches and surveillance.) The AI program then looked for patterns in this data, correlating the courts' final judgements with, for example, the type of evidence submitted, and the exact part of the European Convention on Human Rights the case was alleged to violate. Aletras says a number of patterns emerged. For example, cases concerning detention conditions (eg access to food, legal support, etc.) were more likely to end in a positive judgement that an individual's human rights had been violated; while cases involving sentencing issues (i.e., how long someone had been imprisoned) were more likely to end in acquittal. The researchers also found that the judgements of the court were more dependent on the facts of the case itself (that is to say, its history and its particulars) than the legal arguments (i.e., how exactly the Convention on Human Rights had or had not been violated).

Apple Has Created 'Detailed Mockups' of iMessage For Android ( 84

One of the biggest features on iOS that isn't available on Android is iMessage, an instant messaging service that allows users to send information over Wi-Fi, 4G LTE, and other forms of internet access to other iOS or OS X users. Earlier this year, there were been rumors swirling around the possibility of the service coming to Android due to Apple's increased focus on services, "which means opening up certain avenues beyond its own iOS and OS X platforms." Today, Daring Fireball's John Gruber has added fuel to the fire by mentioning that he's "heard from little birdies" that a handful of "detailed mockups" of iMessage for Android have been shared around Apple. MacRumors reports: The user interface of the Android app is said to have gone through numerous designs, from one that looks identical to the version on iOS, to another that has a "pure Material Design," using Google's design language it developed a few years ago. Gruber still thinks iMessage on Android "might happen sooner or later," mainly because of iMessage's new monetized Messages App Store, which could net Apple increased income in its already profitable services category if it translated the app to Android. Apple undoubtedly created mockups for all types of products and services, the vast majority of which never make it to release, and it's unclear exactly how far along the iMessage for Android preliminary designs were at the time of their circulation through Apple, or when exactly that occurred. Still, Gruber notes that while an Android version of iMessage "may never see the light of day," even the existence of such mockups "strongly suggests that there's no 'of course not' to it."

Yahoo Scanning Order Unlikely To Be Made Public: Reuters ( 39

An anonymous reader quotes a report from Reuters: Obama administration officials briefed key congressional staffers last week about a secret court order to Yahoo that prompted it to search all users' incoming emails for a still undisclosed digital signature, but they remain reluctant to discuss the unusual case with a broader audience. Executive branch officials spoke to staff for members of the Senate and House of Representatives committees overseeing intelligence operations and the judiciary, according to people briefed on the events, which followed Reuters' disclosure of the massive search. But attempts by other members of Congress and civil society groups to learn more about the Yahoo order are unlikely to meet with success anytime soon, because its details remain a sensitive national security matter, U.S. officials told Reuters. Release of any declassified version of the order is unlikely in the foreseeable future, the officials said. The decision to keep details of the order secret comes amid mounting pressure on the U.S. government to be more transparent about its data-collection activities ahead of a congressional deadline next year to reauthorize some foreign intelligence authorities. On Tuesday, more than 30 advocacy groups will send a letter to Director of National Intelligence James Clapper asking for declassification of the Yahoo order that led to the search of emails last year in pursuit of data matching a specific digital symbol. The groups say that Title I of the Foreign Intelligence Surveillance Act, under which sources said the order was issued, requires a finding that the target of such a wiretap is probably an agent of a foreign power and that the facility to be tapped is probably going to be used for a transmission. An entire service, such as Yahoo, has never publicly been considered to be a "facility" in such a case: instead, the word usually refers to a phone number or an email account.

Benchmark Battle October 2016: Chrome Vs. Firefox Vs. Edge ( 81

Krystalo quotes a report from VentureBeat: It's been more than a year since our last browser benchmark battle, and the competition remains fierce. Google Chrome, Mozilla Firefox, and Microsoft Edge have all gained a variety of new features and improvements over the past year. It's time to see if any of them have managed to pull ahead of the pack. It appears that Edge has made the biggest gains since last year. That said, browser performance is improving at a very rapid pace, and it shouldn't be your only consideration when picking your preferred app for consuming Internet content. You can click on individual tests below to see the details:

SunSpider: Edge wins!
Octane: Edge wins!
Kraken: Chrome wins!
JetStream: Edge wins!
Oort Online: Firefox wins!
Peacekeeper: Firefox wins!
WebXPRT: Edge wins!
HTML5Test: Chrome wins!

You can also read all about the setup used for the benchmark tests here. VentureBeat used a custom desktop PC, featuring an Intel Core i5 4440 processor (6M Cache, 3.10 GHz), 8GB of DDR3 1600MHz RAM, a 500GB SATA hard drive (7200 RPM), an Nvidia GeForce GTX 460 graphics card, and a 24-inch widescreen LED monitor (1920 x 1080).

Largest Auto-Scandal Settlement In US History: Judge Approves $15 Billion Volkswagen Settlement ( 80

A federal just has approved the largest auto-scandal settlement in U.S. history, a $14.7 billion settlement concerning Volkswagen Group's diesel car emissions scandal. USA Today reports: U.S. District Court Judge Charles Breyer in San Francisco approved the sweeping agreement between consumers, the government, California regulators and the German automaker in a written ruling a week after signaling he was likely to sign off. He said the agreement is "fair, reasonable and adequate." The settlement comes about a year after Volkswagen admitted that it rigged 11 million vehicles worldwide with software designed to dodge emissions standards. The company is still facing criminal investigations by the U.S. Justice Department and German prosecutors. The U.S. probe could lead to additional financial penalties and criminal indictments. About 475,000 Volkswagen owners in the U.S. can choose between a buyback or a free fix and compensation, if a repair becomes available. VW will begin administering the settlement immediately, having already devoted several hundred employees to handling the process. Buybacks range in value from $12,475 to $44,176, including restitution payments, and varying based on milage. People who opt for a fix approved by the Environmental Protection Agency will receive payouts ranging from $5,100 to $9,852, depending on the book value of their car. Volkswagen will also pay $2.7 billion for environmental mitigation and another $2 billion for clean-emissions infrastructure.

Warner Bros Claims Agency Ran Its Own Pirate Movie Site ( 18

Warner Bros Entertainment has sued talent agency Innovative Artists, claiming that the agency ran its own pirate site when it ripped DVD screeners and streamed them to associates via Google servers. TorrentFreak adds: In a lawsuit filed in a California federal court, Warner accuses the agency of effectively setting up its own pirate site, stocked with rips of DVD screeners that should have been kept secure. "Beginning in late 2015, Innovative Artists set up and operated an illegal digital distribution platform that copied movies and then distributed copies and streamed public performances of those movies to numerous people inside and outside of the agency," the complaint reads. "Innovative Artists stocked its platform with copies of Plaintiff's works, including copies that Innovative Artists made by ripping awards consideration 'screener' DVDs that Plaintiff sent to the agency to deliver to one of its clients." Given its position in the industry, Innovative Artists should have known better than to upload content, Warner's lawyers write.

The Phone Hackers At Cellebrite Have Had Their Firmware Leaked Online ( 24

An anonymous reader quotes a report from Motherboard: Cellebrite, an Israeli company that specializes in digital forensics, has dominated the market in helping law enforcement access mobile phones. But one apparent reseller of the company's products is publicly distributing copies of Cellebrite firmware and software for anyone to download. Although Cellebrite keeps it most sensitive capabilities in-house, the leak may still give researchers, or competitors, a chance to figure out how Cellebrite breaks into and analyzes phones by reverse-engineering the files. The apparent reseller distributing the files is McSira Professional Solutions, which, according to its website, "is pleased to serve police, military and security agencies in the E.U. And [sic] in other parts of the world." McSira is hosting software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED), hardware that investigators can use to bypass the security mechanisms of phones, and then extract data from them. McSira allows anyone to download firmware for the UFED Touch, and a PC version called UFED 4PC. It is also hosting pieces of Cellebrite forensic software, such as the UFED Cloud Analyzer. This allows investigators to further scrutinize seized data. McSira is likely offering downloads so customers can update their hardware to the latest version with as little fuss as possible. But it may be possible for researchers to take those files, reverse-engineer them, and gain insight into how Cellebrite's tools work. That may include what sort of exploits Cellebrite uses to bypass the security mechanisms of mobile phones, and weaknesses in the implementation of consumer phones that could be fixed, according to one researcher who has started to examine the files, but was not authorised by his employer to speak to the press about this issue.
Desktops (Apple)

It Looks Like Apple is Killing the Physical Esc and Power Keys On New MacBook Pro 414

Curious minds on the internet have uncovered an image file on their Mac, which was added by Apple in the latest macOS update. The image reveals a new laptop that fully fits the description of rumored MacBook Pro, which Apple is expected to launch on October 27. The laptop in the picture has what seems like a "contextual" OLED display (some are calling it Magic Toolbar display) on the top. What's interesting from that picture is that there's no physical Escape key or Power key to be found anywhere.

Editor's note: We usually tend to avoid covering leaks and rumors, but several readers pitched the story to us, and media outlets are also covering it now, which adds some credibility to the matter.

AT&T CEO: DirecTV Now Streaming Service Will Cost $35 a Month ( 114

AT&T's upcoming DirecTV Now streaming service is going to cost $35 a month, AT&T CEO Randall Stephenson said during a panel at the Wall Street Journal's WSJD Live conference. The package wlll include over 100 channels, he added. From a Variety report: This price point is a significant departure from the company's previous stance, when it suggested that it would launch a premium product that wasn't looking to undercut existing pay TV services. Stephenson argued that it can afford this lower price point because DirecTV Now doesn't require operator-owned set-top boxes, satellite dishes, and customer service home visits. AT&T is set to launch DirecTV Now next month. The service will include channels from cablers like A+E Networks and Scripps, as well as broadcasters like Fox and NBCUniversal.

Snapchat, Skype Put Users' 'Human Rights at Risk', Amnesty Int'l Reports ( 42

Shanika Gunaratna, writing for CBS News: Snapchat and Skype are falling short in protecting users' privacy -- a failure that puts users' "human rights at risk," according to a report by the organization Amnesty International. Snapchat and Skype received dismal grades in a new set of rankings released by Amnesty that specifically evaluate how popular messaging apps use encryption to protect users' private communications. In the report, Amnesty is trying to elevate encryption as a human rights necessity, due to concerns that activists, opposition politicians and journalists in some countries could be put in grave danger if their communications on popular messaging apps were compromised. "Activists around the world rely on encryption to protect themselves from spying by authorities, and it is unacceptable for technology companies to expose them to danger by failing to adequately respond to the human rights risks," Sherif Elsayed-Ali, head of Amnesty's technology and human rights team, said in a statement. "The future of privacy and free speech online depends to a very large extent on whether tech companies provide services that protect our communications, or serve them up on a plate for prying eyes."Microsoft's Skype received 40 out of 100. WhatsApp fared at 73, and Apple scored 67 out of 100 for its iMessage and FaceTime apps. BlackBerry, Snapchat, and China's Tencent did 30 out of 100.

AT&T Is Spying on Americans For Profit, New Documents Reveal ( 143

AT&T has been secretly spying on its own customers, the Daily Beast reports. The revelation comes days after the top carrier announced plans to purchase Time Warner. The report claims that AT&T ran a program called Project Hemisphere through which it analyzed cellular data from the company's call records to determine where a given individual is located and with whom they are speaking. The New York Times reported about the program's existence in 2013, but it was described as a "partnership" between A&T and the government for fighting narcotics trafficking. But today's report, which cites several classifed documents, claims that AT&T used Hemisphere for a range of other functions -- and always without a warrant. From the report:Hemisphere is a secretive program run by AT&T that searches trillions of call records and analyzes cellular data to determine where a target is located, with whom he speaks, and potentially why. [...] Hemisphere isn't a "partnership" but rather a product AT&T developed, marketed, and sold at a cost of millions of dollars per year to taxpayers. No warrant is required to make use of the company's massive trove of data, according to AT&T documents, only a promise from law enforcement to not disclose Hemisphere if an investigation using it becomes public. These new revelations come as the company seeks to acquire Time Warner in the face of vocal opposition saying the deal would be bad for consumers. While telecommunications companies are legally obligated to hand over records, AT&T appears to have gone much further to make the enterprise profitable, according to ACLU technology policy analyst Christopher Soghoian. "Companies have to give this data to law enforcement upon request, if they have it. AT&T doesn't have to data-mine its database to help police come up with new numbers to investigate," Soghoian said. AT&T has a unique power to extract information from its metadata because it retains so much of it. The company owns more than three-quarters of U.S. landline switches, and the second largest share of the nation's wireless infrastructure and cellphone towers, behind Verizon. AT&T retains its cell tower data going back to July 2008, longer than other providers. Verizon holds records for a year and Sprint for 18 months, according to a 2011 retention schedule obtained by The Daily Beast.

Samsung is Hoping To Rekindle Note Brand Name Next Year ( 75

Samsung is stepping up its brand damage limitation efforts in the wake of the flaming battery disaster of the Galaxy Note 7 smartphone by offering owners of the recalled device in South Korea the ability to upgrade to a Galaxy S8 or Note 8 device next year if they trade in their Note 7 for a Galaxy S7 now. TechCrunch adds:The offer implies Samsung is not in fact intending to retire the Note brand name for good, despite it now being associated with smoldering batteries and exploding smartphones. A cause for the battery overheating problem, which affected some replacement Note 7 devices as well as a number of original devices, has yet to be conclusively identified by the company. Users in its home country who opt for the upgrade program will only need to pay half the price of a Galaxy S7 in order to exchange to an S8 or Note 8 next year -- so they're being offered next year's flagship Samsung phablet at around half price. The company is presumably hoping brand loyalty to the Note can begin at home, although it's possible it might extent the offer to other markets.

Slashdot Top Deals