An anonymous reader quotes a report from Softpedia: Ardit Ferizi, aka Th3Dir3ctorY, 20, a citizen of Kosovo, will spend 20 years in a U.S. prison for providing material support to ISIS hackers by handing over data for 1,351 U.S. government employees. Ferizi obtained the data by hacking into a U.S. retail company on June 13, 2015. The hacker then filtered the stolen information and put aside records related to government officials, which he later handed over to Junaid Hussain, the then leader of the Islamic State Hacking Division (ISHD). Hussain then uploaded this information online, asking fellow ISIS members to seek out these individuals and execute lone wolf attacks. Because of this leak, the U.S. Army targeted and killed Hussain in a drone strike in Syria in August 2015. Before helping ISIS, Ferizi had a prodigious hacking career as the leader of Kosova Hacker's Security (KHS) hacking crew. He was arrested on October 6, 2015, at the international airport in Kuala Lumpur, Malaysia, while trying to catch a flight back to Kosovo. Ferizi was in Kuala Lumpur studying computer science.
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Yahoo apparently took two years to investigate and tell people that its service had been breached, and that over 500 million users were affected. Amid the announcement, a user is suing Yahoo, accusing the company of gross negligence. From a Reuters report: The lawsuit was filed in the federal court in San Jose, California, one day after Yahoo disclosed the hacking, unprecedented in size, by what it believed was a "state-sponsored actor." Ronald Schwartz, a New York resident, sued on behalf of all Yahoo users in the United States whose personal information was compromised. The lawsuit seeks class-action status and unspecified damages. A Yahoo spokeswoman said the Sunnyvale, California-based company does not discuss pending litigation. The attack could complicate Chief Executive Marissa Mayer's effort to shore up the website's flagging fortunes, two months after she agreed to a $4.8 billion sale of Yahoo's Internet business to Verizon Communications. Yahoo on Thursday said user information including names, email addresses, phone numbers, birth dates and encrypted passwords had been compromised in late 2014.
An anonymous reader quotes a report from Ars Technica: For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposes reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here. On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it's twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn't rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease. The attackers used Internet-of-things devices since they're always-connected and easy to "remotely commandeer by people who turn them into digital cannons that spray the internet with shrapnel." "The biggest threats as far as I'm concerned in terms of censorship come from these ginormous weapons these guys are building," Krebs said. "The idea that tools that used to be exclusively in the hands of nation states are now in the hands of individual actors, it's kind of like the specter of a James Bond movie." While Krebs could retain a DDoS mitigation service, it would cost him between $100,000 and $200,000 per year for the type of protection he needs, which is more than he can afford. What's especially troubling is that this attack can happen to many other websites, not just KrebsOnSecurity.
jenningsthecat writes: The Swedish government is putting its money where its mouth is when it comes to encouraging the repair of stuff that would otherwise be thrown away, according to both The Guardian and Fast Company. The country's Social Democrat and Green party coalition have submitted proposals to Parliament that would reduce the value-added-tax (VAT) on bicycle, clothing, and shoe repairs from 25% to 12%. Also proposed is an income tax deduction equalling half the labor cost of repairing household appliances. According to The Guardian, "the incentives are part of a shift in government focus from reducing carbon emissions produced domestically to reducing emissions tied to goods produced elsewhere." Per Bolund, Sweden's Minister for Financial Markets and Consumer Affairs, said the policy also tied in with international trends around reduced consumption and crafts, such as the "maker movement" and the sharing economy, both of which have strong followings in Sweden. The VAT cut may create more jobs for immigrants as it could spur the creation of a new home-repairs service industry. Also, from a science standpoint, the incentives could help cut the cost of carbon emissions on the planet as it should in theory reduce emissions linked to consumption. "I believe there is a shift in view in Sweden at the moment. There is an increased knowledge that we need to make our things last longer in order to reduce materials' consumption," Bolund said. The Guardian's report concludes: "The proposals will be presented in parliament as part of the government's budget proposals and if voted through in December will become law from January 1, 2017."
While the IT industry is making progress in securing information and communications systems from cyberattacks, a new survey from cybersecurity company CyberArk says several critical areas, such as privileged account security, third-party vendor access and cloud platforms are undermining them. An anonymous Slashdot reader shares with us the details of the report via eSecurity Planet: According to the results of a recent survey of 750 IT security decision makers worldwide, 40 percent of organizations store privileged and administrative passwords in a Word document or spreadsheet, while 28 percent use a shared server or USB stick. Still, the survey, sponsored by CyberArk and conducted by Vanson Bourne, also found that 55 percent of respondents said they have evolved processes for managing privileged accounts. Fully 79 percent of respondents said they have learned lessons from major cyberattacks and have taken appropriate action to improve security. Sixty-seven percent now believe their CEO and board of directors provide sound cybersecurity leadership, up from 57 percent in 2015. Three out of four IT decision makers now believe they can prevent attackers from breaking into their internal network, a huge increase from 44 percent in 2015 -- and 82 percent believe the security industry in general is making progress against cyberattackers. Still, 36 percent believe a cyberattacker is currently on their network or has been within the past 12 months, and 46 percent believe their organization was a victim of a ransomware attack over the past two years. And while 95 percent of organizations now have a cybersecurity emergency response plan, only 45 percent communicate and regularly test that plan with all IT staff. Sixty-eight percent of organizations cite losing customer data as one of their biggest concerns following a cyberattack, and 57 percent of organizations that store information in the cloud are not completely confident in their cloud provider's ability to protect their data.
An anonymous reader quotes a report from Quartz: UPS announced Sept. 23 that it has begun testing drone deliveries in the U.S. with drone manufacturer CyPhy Works. The two companies yesterday completed a test of delivering medicine from the coastal town of Beverly, Massachusetts, to Children's Island, a small island about three miles into the Atlantic Ocean. CyPhy's drone has night-vision capabilities, according to a release shared with Quartz. The test yesterday involved a trial situation where an asthmatic child urgently needed an inhaler, which was dispatched from the mainland to the island, arriving far more quickly than it would've taken a boat to get there. CyPhy's drone autonomously flew supplies over the ocean to a group waiting to receive them on the other end, although there was no actual child with asthma in danger. In May, UPS had announced that it was partnering with the drone company Zipline to deliver medical supplies to rural Rwanda, having invested nearly $1 million into the company. UPS has also invested an undisclosed amount in CyPhy. UPS told Quartz that the FAA was aware of its test, and Houston Mills, a commercial pilot with UPS for over a decade and the company's director of airline safety, was recently announced as a member of the FAA's Drone Advisory Committee. The committee is working with industry experts and companies to figure out how to safely integrate a network of commercial drones into U.S. airspace. You can watch the heroic footage of the trial run here.
After it was revealed that Oculus founder Palmer Luckey backed a pro-Trump political organization called Nimble America that is dedicated to "shitposting" and spreading inflammatory memes about Hillary Clinton, several developers of the Oculus Rift virtual-reality headset have announced that they will stop supporting the headset until its founder steps down. One of the biggest developers for Oculus Rift, Insomniac Games, told Motherboard, "Insomniac Games condemns all forms of hate speech. While everyone has a right to express his or her political opinion, the behavior and sentiments reported do not reflect the values of our company. We are also confident that his behavior and sentiment does not reflect the values of the many Oculus employees we work with on a daily basis." Fez and Superhypercube developer Polytron also said in a statement, "In a political climate as fragile and horrifying as this one, we cannot tacitly endorse these actions by supporting Luckey or his platform." Motherboard reports: Motherboard has reached out to several other, more well-known VR developers who work with Oculus including Fantastic Contraption makers Northway Games and Job Simulator makers Owlchemy Labs. Northway Games couldn't be reached immediately for comment but tweeted the following: "What. The. Fuck. [accompanied with a link to the news via Kotaku]" and "Definitely using every fibre of my 'professionalism' to not tweet some tweets right now." Owlchemy Labs, which is currently developing for Job Simulator for the Oculus Touch controls, declined to comment either way. E McNeill, who has developed a couple of games for Oculus Rift and GearVR, suggested that like-minded VR developers raise money for Hillary Clinton's campaign to counter the money Luckey has raised for Trump. [E McNeill tweeted: "Idle Q: Would any Oculus devs join me in a donation drive for HIllary? We could aim to beat Nimble America's $11k. I'd start with $1k myself."] "This backlash is nonsense," said James Green, co-founder of VR developer Carbon Games. "I absolutely support him doing whatever he wants politically if it's legal. To take any other position is against American values."
An anonymous reader quotes a report from Ars Technica: The federal judge who presided over the Google-Oracle API copyright infringement trial excoriated one of Oracle's lawyers Thursday for disclosing confidential information in open court earlier this year. The confidential information included financial figures stating that Google generated $31 billion in revenue and $22 billion in profits from the Android operating system in the wake of its 2008 debut. The Oracle attorney, Annette Hurst, also revealed another trade secret: Google paid Apple $1 billion in 2014 to include Google search on iPhones. Judge William Alsup of San Francisco has been presiding over the copyright infringement trial since 2010, when Oracle lodged a lawsuit claiming that Google's Android operating system infringed Oracle's Java APIs. After two trials and various trips to the appellate courts, a San Francisco federal jury concluded in May that Google's use of the APIs amounted to fair use. Oracle's motion before Alsup for a third trial is pending. Oracle argues that Google tainted the verdict by concealing a plan to extend Android on desktop and laptop computers. As this legal saga was playing out, Hurst blurted out the confidential figures during a January 14 pre-trial hearing, despite those numbers being protected by a court order. The transcript of that proceeding has been erased from the public record. But the genie is out of the bottle. Google lodged a motion (PDF) for sanctions and a contempt finding against Hurst for unveiling a closely guarded secret of the mobile phone wars. During a hearing on that motion Thursday, Judge Alsup had a back-and-forth with Hurst's attorney, former San Francisco U.S. Attorney Melinda Haag. According to the San Francisco legal journal The Recorder, Haag said that her client Hurst -- of the law firm Orrick, Herrington and Sutcliffe -- should not be sanctioned because of "one arguable mistake made through the course of a very complex litigation."
TechRax -- a popular YouTuber who destroys technology for fame and riches -- has uploaded a video where he drills a hole into an iPhone 7, claiming it to be a "secret hack" to reinstall a headphone jack in the device. The only problem is that he didn't tell people it was a joke, and of course, some people fell for it. Crave Online reports: The YouTube video has amassed over 7.5 million views since being posted online last week, with it attracting 81,000 dislikes in the process. The comments section is currently torn between people who are in on the joke, people who criticize TechRax for damaging his iPhone 7, and most unfortunately, people who have tried the "hack" out for themselves. Although this is YouTube so you can never be quite sure of whether or not these folks are trolling, parsing the comments section reveals some pretty convincing complaints lobbed in TechRax's direction. It's also firmly believable that there are people dumb enough to attempt drilling a hole into their iPhone 7, which is unfortunate but that's the way the world is in 2016. You can read the comments under the YouTube video for more "convincing complaints." But as if the report didn't make it clear enough already, the video is a joke. Apple removed the headphone jack and there's no way to get it back, unless you use an adapter.
Android Police has learned of a new Google device that will launch alongside the Google Pixel smartphones, Google Home, and 4K 'Chromecast Ultra' dongle on October 4th. Called Google Wifi, the Wi-Fi router will cost $129 and contain several "smart" features. Android Police reports: [The] source additionally claims that Google will advertise the router as having "smart" features -- probably similar to OnHub in some respects -- and that Google will claim it provides enhanced range over typical Wi-Fi routers (a claim we see basically every router make, to be fair). But the one thing that will make it an insta-buy for many over OnHub? Our source claims multiple Google Wifi access points (two or more) can be linked together to create one large wireless network. We don't have any details on how this works, unfortunately. But one source claims that Google Wifi device will essentially be like a little white Amazon Echo Dot. So, relatively small and inconspicuous. In a separate report, Android Police details Google's upcoming smart speaker called Google Home, along with their upcoming 4K 'Chromecast Ultra' devices. Specifically, they will be priced at $129 and $69 respectively: Google Home was announced at Google I/O in May. Our sources also confirmed that the personalized base covers Google showed at I/O will be a feature of the final device. $129 also undercuts Amazon's Echo by a full $40, and though matches the price of the portable Amazon Tap, it's clear Google has Amazon's flagship smart home product in its sights with Home. Chromecast Ultra, which we are now all but certain is the name of Google's upcoming 4K version of Chromecast, will come in at $69 retail. As for what it brings beyond 4K, one of our sources claims that HDR is indeed on the list of bullet points.
Weeks after a SpaceX rocket exploded inexplicably, engineers at Elon Musk's company have traced the flaw to its source. Space today released the initial results of its investigation, in which it says that a breach in helium system in the Falcon 9's liquid oxygen system caused the sudden flare up. From a Reuters report: SpaceX, owned and operated by technology entrepreneur Elon Musk, was fueling a Falcon 9 rocket on the launch pad in Florida on Sept. 1 in preparation for a routine test-firing when a bright fireball suddenly emerged around the rocket's upper stage. "At this stage of the investigation, preliminary review of the data and debris suggests that a large breach in the cryogenic helium system of the second stage liquid oxygen tank took place," SpaceX said in a statement posted on its website. No one was hurt in the explosion, which could be heard 30 miles (48 km) away from SpaceX's launch pad 40 at Cape Canaveral Air Force Station. The cause of the accident is under investigation.
To many's surprise, Amazon introduced a consumer-focused storage option -- unlimited photo backup for only $12 per year. This was Amazon's attempt to lure customers away from Google, Dropbox, and iCloud. But it seems, even for Amazon, $12 per year for so much storage space is not feasible. The company has reportedly started to inform the customers that the plan is being discontinued. PetaPixel reports: Subscribers of the plan, which was launched in March 2015, are taking to the web to report receiving an email from Amazon informing them of the change. Amazon is offering customers free months of the Unlimited Storage plan, which costs $60 per year. It seems that some people are being offered a standard 3-month free trial of the service, while others are being offered a 12-month free period.
It's no secret that more companies are getting hacked now than ever. The government is getting hacked, major corporate companies are getting hacked, and even news outlets are getting hacked. This raises the obvious question: why aren't people investing more in bolstering their security? The answer is, as a report on The Register points out, money. Despite losing a significant sum of money on a data breach, it is still in a company's best interest to not spend on upgrading their security infrastructure. From the report: A study by the RAND Corporation, published in the Journal of Cybersecurity, looked at the frequency and cost of IT security failures in US businesses and found that the cost of a break-in is much lower than thought -- typically around $200,000 per case. With top-shelf security systems costing a lot more than that, not beefing up security looks in some ways like a smart business decision. "I've spent my life in security and everyone expects firms to invest more and more," the report's author Sasha Romanosky told The Reg. "But maybe firms are making rational investments and we shouldn't begrudge firms for taking these actions. We all do the same thing, we minimize our costs." Romanosky analyzed 12,000 incident reports and found that typically they only account for 0.4 per cent of a company's annual revenues. That compares to billing fraud, which averages at 5 per cent, or retail shrinkage (ie, shoplifting and insider theft), which accounts for 1.3 per cent of revenues. As for reputational damage, Romanosky found that it was almost impossible to quantify. He spoke to many executives and none of them could give a reliable metric for how to measure the PR cost of a public failure of IT security systems.
According to data from Leichtman Research's annual study, pay TV subscriptions keep going up and up. So much so that in the last five years, they have gone up by 40 percent. In 2011, subscribers were paying an average of $73.63 for cable or satellite, but now that average stands at roughly $103. From a BusinessInsider report: And it's not helping subscriber growth. "About 82% of households that use a TV currently subscribe to a pay-TV service," Bruce Leichtman said in a statement. "This is down from where it was five years ago, and similar to the penetration level eleven years ago." The pay-TV industry lost 800,000 last quarter subscribers last quarter, according to the research firm SNL Kagan. Putting that on a personal level, NBCUniversal CEO Steve Burke recently said his own kids don't even pay for TV. Burke has five "millennial" children, ages 19 to 28, and exactly "none" subscribe to cable or satellite, he said at a conference last week.
An anonymous reader writes: Siri may soon be making the jump from your pocket to your end table. Apple has been working on a standalone product to control internet-of-things devices for a while, but a new report from Bloomberg suggests that the company has moved the project from a research phase to prototyping. It would theoretically be pitted against other smart-home devices, including Amazon's sleeper hit, the Echo, and Google's forthcoming Home Hub. According to the report, Apple's device would be controlled using its Siri voice assistant technology. It would be able to perform the same functions that it can complete now on iPhones, Macs, and other Apple products, such as being able to tell you when the San Francisco Giants are next playing, or possibly send a poorly transcribed text message. The device would also be able to control other internet-connected devices in the home, such as lights, door locks, and web-enabled appliances, as Google and Amazon's products can. It would also have the same ability to play music through built-in speakers.