Earth

Ophelia Became a Major Hurricane Where No Storm Had Before (arstechnica.com) 180

An anonymous reader quotes a report from Ars Technica: The system formerly known as Hurricane Ophelia is moving into Ireland on Monday, bringing "status red" weather throughout the day to the island. The Irish National Meteorological Service, Met Eireann, has warned that, "Violent and destructive gusts of 120 to 150km/h are forecast countrywide, and in excess of these values in some very exposed and hilly areas. There is a danger to life and property." Ophelia transitioned from a hurricane to an extra-tropical system on Sunday, but that only marginally diminished its threat to Ireland and the United Kingdom on Monday, before it likely dissipates near Norway on Tuesday. The primary threat from the system was high winds, with heavy rains. Forecasters marveled at the intensification of Ophelia on Saturday, as it reached Category 3 status on the Saffir-Simpson scale and became a major hurricane. For a storm in the Atlantic basin, this is the farthest east that a major hurricane has been recorded during the satellite era of observations. Additionally, it was the farthest north, at 35.9 degrees north, that an Atlantic major hurricane has existed this late in the year since 1939.
Google

Google Photos Now Recognizes Your Pets (techcrunch.com) 60

Today, Google is introducing an easier way to aggregate your pet photos in its Photos app -- by allowing you to group all your pet's photos in one place, right beside the people Google Photos organized using facial recognition. TechCrunch reports: This is an improvement over typing in "dog," or another generalized term, because the app will now only group together photos of an individual pet together, instead of returning all photos you've captured with a "dog" in them. And like the face grouping feature, you can label the pet by name to more easily pull up their photos in the app, or create albums, movies or photo books using their pictures. In addition, Google Photos lets you type in an animal's breed to search for photos of pets, and it lets you search for photos using the dog and cat emojis. The company also earlier this year introduced a feature that would create a mini-movie starring your pet, but you can opt to make one yourself by manually selecting photos then choosing from a half-dozen tracks to accompany the movie, says Google.
Television

Netflix Adds 5.3 Million Subs In Q3, Beating Forecasts (variety.com) 70

Netflix shows no signs of slowing down. The company announced its third quarter results, adding more subscribers in both the U.S. and abroad than expected. Variety reports: The company gained 850,000 streaming subs in the U.S. and 4.45 million overseas in the period. Analysts had estimated Netflix to add 784,000 net subscribers in the U.S. and 3.62 million internationally for Q3. "We added a Q3-record 5.3 million memberships globally (up 49% year-over-year) as we continued to benefit from strong appetite for our original series and films, as well as the adoption of internet entertainment across the world," the company said in announcing the results, noting that it had under-forecast both U.S. and international subscriber growth. Netflix also indicated that its content spending may be even higher next year than previously projected. The company had said it was targeting programming expenditures of $7 billion in 2018; on Monday, Netflix said it will spend between $7 billion and $8 billion on content (on a profit-and-loss basis) next year. For 2017, original content will represent more than 25% of total programming spending, and that "will continue to grow," Netflix said.
XBox (Games)

Microsoft's Fall Update With Redesigned Xbox Dashboard Is Now Available To All (engadget.com) 38

Microsoft has released the next big "Fall" update for the Xbox One, which focuses on speed and simplicity. Engadget reports: The first "Fluid Design" interface comes with a redesigned Home page, which is all about simplicity and customization. The top-level section has four shortcuts (your current game, two personalized suggestions, and a deal from the Microsoft store) and a horizontal carousel underneath. The biggest change, however, is the new "Content Blocks" that sit below this screen. Scroll down and you'll find a series of large, visual panels dedicated to games and friends. These are completely customizable and act like miniature hubs for your favorite titles and communities. The quick-access Guide has been tweaked for speed, with small, horizontal tabs that you can slide between with the Xbox controller's LB and RB bumpers, D-pad or left thumbstick. If you launch the Guide while you're streaming or part of an active party, you'll also see the corresponding broadcast and party tabs by default. Other Guide tweaks include a new Tournaments section in the Multiplayer tab, which will summarize any official, professional or community tournaments that you've entered. In addition, Microsoft has overhauled the Community tab with a modern, grid-based layout. It's also tweaked the idle and screen dimming features that kick in when you walk away from the console momentarily. Larry Hryb, Xbox Live's Major Nelson and Mike Ybarra, the Platform Engineer, have posted a walkthrough video on YouTube highlighting all the major new changes.
Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 140

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Security

Ask Slashdot: What Are Some Hard Truths IT Must Learn To Accept? (cio.com) 421

snydeq writes: "The rise of shadow IT, shortcomings in the cloud, security breaches -- IT leadership is all about navigating hurdles and deficiencies, and learning to adapt to inevitable setbacks," writes Dan Tynan in an article on six hard truths IT must learn to accept. "It can be hard to admit that you've lost control over how your organization deploys technology, or that your network is porous and your code poorly written. Or no matter how much bandwidth you've budgeted for, it never quite seems to be enough, and that despite its bright promise, the cloud isn't the best solution for everything." What are some hard truths your organization has been dealing with? Tynan writes about how the idea of engineering teams sticking a server in a closet and using it to run their own skunkworks has become more open; how an organization can't do everything in the cloud, contrasting the 40 percent of CIOs surveyed by Gartner six years ago who believed they'd be running most of their IT operations in the cloud by now; and how your organization should assume from the get-go that your environment has already been compromised and design a security plan around that. Can you think of any other hard truths IT must learn to accept?
Patents

Apple To Appeal Five-Year-Long Patent Battle After $439.7 Million Loss (theverge.com) 69

Appel has been ordered to pay $439.7 million to the patent-holding firm VirnetX for infringing on four patented technologies that were apparently used in FaceTime and other iOS apps. According to The Verge, Apple plans to appeal the ruling -- continuing this long-running patent battle, which began back in 2012. From the report: VirnetX first filed suit against Apple in 2010, winning $368 million just two years later. It then sued again in 2012, which is the suit that's being ruled on today. Apple initially lost the suit, then filed for a mistrial. It won a new trial, lost that trial, was ordered to pay around $300 million, then lost some more and is now having that amount upped even further. That's because a judge found Apple guilty of willful infringement, bumping its payment amount from $1.20 per infringing Apple device to $1.80 per device. Those include certain iPhones, iPads, and Macs. VirnetX says the ruling is "very reasonable." Apple didn't issue a statement other than to say that it plans to appeal. While $440 million isn't a lot of money for Apple, there's principle at stake here: VirnetX is a patent troll that makes its money from licensing patents and suing other parties. The company's SEC filing states, "Our portfolio of intellectual property is the foundation of our business model."
Security

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word (neowin.net) 50

An anonymous reader quotes a report from Neowin: Kaspersky Lab, which has been under fire by the U.S. government as possibly being an agent of the Russian government and spying on U.S. computers, has found a previously unknown bug in Adobe Flash that was apparently exploited by a hacker group on October 10. Adobe issued a patch to fix the bug today. According to Kaspersky, "the exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware." The company worked with Adobe to get a patch ready as quickly as possible, with Adobe releasing it a few hours ago. Users and agencies running the following versions of Adobe Flash will need to update immediately, as the vulnerability has been labeled as critical. The patch updates all versions of Adobe Flash to version 27.0.0.170.
Businesses

eBay Launches Authentication Service To Combat Counterfeit High-End Goods (venturebeat.com) 70

Ecommerce giant eBay has launched a previously announced service designed to combat the scourge of fake goods on the platform. From a report: eBay has proven popular with fake goods' sellers for some time, with fashion accessories and jewelry featuring highly on counterfeiters' agenda. The company announced eBay Authenticate way back in January with a broad focus on giving "high-end" goods an official stamp of approval prior to sale. Ultimately designed to encourage buyers to part with cash on expensive items, it uses a network of professional authenticators who take physical receipt of a seller's products, validates them, and then photographs, lists, and ships the goods to the successful buyer. For today's launch of eBay Authenticate, the service is only available for luxury handbags from 12 brands, including Chanel, Gucci, Louis Vuitton, Prada, and Valentino, though the program will be expanded to cover other luxury goods and brands from next year. "With tens-of-thousands of high-end handbags currently available, eBay is primed to boost customer confidence in selling and shopping for an amazing selection of designer merchandise," noted Laura Chambers, vice president of consumer selling at eBay. "We also believe our sellers will love this service, as it provides them with a white-glove service when selling luxury handbags."
United States

EPA Says Higher Radiation Levels Pose 'No Harmful Health Effect' (bloomberg.com) 296

Readers share a report: In the event of a dirty bomb or a nuclear meltdown, emergency responders can safely tolerate radiation levels equivalent to thousands of chest X-rays, the Environmental Protection Agency said in new guidelines that ease off on established safety levels. The EPA's determination sets a level ten times the drinking water standard for radiation recommended under President Barack Obama. It could lead to the administration of President Donald Trump weakening radiation safety levels, watchdog groups critical of the move say. "It's really a huge amount of radiation they are saying is safe," said Daniel Hirsch, the retired director of the University of California, Santa Cruz's program on environmental and nuclear policy. "The position taken could readily unravel all radiation protection rules." The change was included as part of EPA "guidance" on messaging and communications in the event of a nuclear power plant meltdown or dirty bomb attack. The FAQ document, dated September 2017, is part of a broader planning document for nuclear emergencies, and does not carry the weight of federal standards or law.
Google

Google Chrome for Windows Gets Basic Antivirus Features (betanews.com) 55

Google is rolling out a trio of important changes to Chrome for Windows users. From a report: At the heart of these changes is Chrome Cleanup. This feature detects unwanted software that might be bundled with downloads, and provides help with removing it. Google's Philippe Rivard explains that Chrome now has built-in hijack detection which should be able to detect when user settings are changes without consent. This is a setting that has already rolled out to users, and Google says that millions of users have already been protected against unwanted setting changes such as having their search engine altered. But it's the Chrome Cleanup tool that Google is particularly keen to highlight. A redesigned interface makes it easier to use and to see what unwanted software has been detected and singled out for removal.
United States

Leave It To the Heat to Dull Autumn's Glory (wsj.com) 140

It's autumn. Somebody tell the trees. From a report: Ordinarily, two signals alert deciduous trees that it's time to relinquish the green hues of summer in favor of autumn's yellows, oranges and reds. First, the days begin to grow shorter. Second, the temperature begins to drop. But this year, unseasonably warm weather across most of the U.S. has tricked trees into delaying the onset of fall's color extravaganza. Temperatures in the eastern half of the country have been as much as 15 degrees above normal since mid-September, and the warmth is expected to persist through the end of October. The unfortunate result for leaf peepers is a lackluster fall. Two kinds of pigments produce the season's liveliest foliage. Carotenoid, responsible for yellows and oranges, is always present in leaves but is usually masked by chlorophyll. The initial trigger for its appearance is shorter days. Anthocyanin, responsible for reds and deep purples, is different. Not all deciduous trees have this pigment, and those that do manufacture it from scratch in the fall. The primary trigger for its appearance is lower temperatures. Without that cooling cue, the colors of maple and other species that generally ignite New England with brilliant reds this time of year are likely to fizzle.
Security

Millions of High-Security Crypto Keys Crippled by Newly Discovered Flaw (arstechnica.com) 55

Slovak and Czech researchers have found a vulnerability that leaves government and corporate encryption cards vulnerable to hackers to impersonate key owners, inject malicious code into digitally signed software, and decrypt sensitive data, reports ArsTechnica. From the report: The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.
Science

Astronomers Strike Gravitational Gold In Colliding Neutron Stars (npr.org) 109

For the first time, scientists have caught two neutron stars in the act of colliding, revealing that these strange smash-ups are the source of heavy elements such as gold and platinum. From a report: The discovery, announced today at a news conference and in scientific reports written by some 3,500 researchers, solves a long-standing mystery about the origin of these heavy elements -- which are found in everything from wedding rings to cellphones to nuclear weapons. It's also a dramatic demonstration of how astrophysics is being transformed by humanity's newfound ability to detect gravitational waves, ripples in the fabric of space-time that are created when massive objects spin around each other and finally collide. "It's so beautiful. It's so beautiful it makes me want to cry. It's the fulfillment of dozens, hundreds, thousands of people's efforts, but it's also the fulfillment of an idea suddenly becoming real," says Peter Saulson of Syracuse University, who has spent more than three decades working on the detection of gravitational waves. Albert Einstein predicted the existence of these ripples more than a century ago, but scientists didn't manage to detect them until 2015. Until now, they'd made only four such detections, and each time the distortions in space-time were caused by the collision of two black holes. That bizarre phenomenon, however, can't normally be seen by telescopes that look for light. Neutron stars, by contrast, spew out visible cosmic fireworks when they come together. These incredibly dense stars are as small as cities like New York and yet have more mass than our sun. Further reading: 'A New Rosetta Stone for Astronomy' (The Atlantic), and Gravitational Wave Astronomers Hit Mother Lode (Scientific American).
Microsoft

Microsoft Has Already Fixed the Wi-Fi Attack Vulnerability; Android Will Be Patched Within Weeks (theverge.com) 136

Microsoft says it has already fixed the problem for customers running supported versions of Windows. From a report: "We have released a security update to address this issue," says a Microsoft spokesperson in a statement to The Verge. "Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected." Microsoft is planning to publish details of the update later today. While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices "in the coming weeks." Google's own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates. Security researchers claim 41 percent of Android devices are vulnerable to an "exceptionally devastating" variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices.
AI

Voice Assistants Will Be Difficult To Fire (wired.com) 181

mirandakatz writes: As voice assistants crop up left and right, consumers are facing a decision: Are you an Alexa? A Google Assistant? A Siri? Choose wisely -- because once you pick one voice assistant, it'll be difficult to switch. As Scott Rosenberg writes at Backchannel, "If I want to switch assistants down the line, sure, I can just go out and buy another device. But that investment of time and personal data isn't so easy to replace... Right now, all these assistants behave like selfish employees who think they can protect their jobs by holding vital expertise or passwords close to their chests. Eventually , the data that runs the voice assistant business is going to have to be standardized."
Microsoft

US Supreme Court To Decide Microsoft Email Privacy Dispute (reuters.com) 70

The U.S. Supreme Court on Monday agreed to resolve a major privacy dispute between the Justice Department and Microsoft Corp over whether prosecutors should get access to emails stored on company servers overseas. From a report: The justices will hear the Trump administration's appeal of a lower court's ruling last year preventing federal prosecutors from obtaining emails stored in Microsoft computer servers in Dublin, Ireland in a drug trafficking investigation. That decision by the New York-based 2nd U.S. Court of Appeals marked a victory for privacy advocates and technology companies that increasingly offer cloud computing services in which data is stored remotely. Microsoft, which has 100 data centers in 40 countries, was the first U.S. company to challenge a domestic search warrant seeking data held outside the country. There have been several similar challenges, most brought by Google.
Security

WPA2 Security Flaw Puts Almost Every Wi-Fi Device at Risk of Hijack, Eavesdropping (zdnet.com) 262

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. From a report: The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream. In other words: hackers can eavesdrop on your network traffic. The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk. "If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website. News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.
First Person Shooters (Games)

PlayerUnknown's Battlegrounds Blocks 322,000 Cheaters (pcgamer.com) 184

The new anti-cheating system installed in PlayerUnknown's Battlegrounds has been banning more than 6,000 suspected cheaters every day. An anonymous reader quotes PC Gamer: That's according to BattlEye, which polices the game's servers. Its official account tweeted yesterday that between 6,000 and 13,000 players are getting their marching orders daily. On Saturday morning, it had cracked down on nearly 20,000 players within the previous 24-hour period... In total, the service has blocked 322,000 people, double the number that was reported by the game's creator Brendan Greene, aka PlayerUnknown, last month.
Yesterday the game had more than 2.2 million concurrent players.
Government

Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software? (slashdot.org) 313

First, here's the opinion of two former NSA cybersecurity analysts (via Consumer Reports): "It's a big deal," says Blake Darche, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. "For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn't recommend running Kaspersky." By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server. "One of the things people don't realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting," says Chris O'Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria.
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."

And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."

Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?

Slashdot Top Deals