DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Businesses

A Lithuanian Phisher Tricked Two Big US Tech Companies Into Wiring Him $100 Million (theverge.com) 128

According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.
Social Networks

Reddit To Transform Into a Social Network With New Profile Pages (digitaljournal.com) 130

An anonymous reader quotes a report from Digital Journal: Reddit has announced it has begun trialling a radical new profile page design that's reminiscent of Facebook and Twitter. It will evolve the discussion board site towards being a social network by enabling users to post directly to their new profile page. At present, posts on Reddit have to be directed into a specific sub-Reddit community. You can't simply write a post and have it appear across the network which can make it difficult to get your voice heard. Unless you've got some reputation in a relevant sub-Reddit, your posts may end up going unnoticed. That could soon change. Last night, Reddit announced it's working on a drastic revision of its user profile page experience. The site has commenced testing of an early version of the design. According to a report from Reuters, just three "high-profile" users currently have access to the feature. When the new pages are eventually opened up to all, they'll showcase the user's profile picture and description. Below the header, posts from the user will be publicly displayed. The user will be able to add new posts to their page, without submitting to a sub-Reddit. Users will be able to follow each other to stay informed of new posts, effectively creating a social network atmosphere above the discussion boards.
Google

Android O First Developer Preview Featuring Notification Channels, Background Limits Now Available (googleblog.com) 64

A year after Google released the Android N Developer Preview, the company has made available the developer preview of the next major version of Android, "Android O." You will not want to put it on your primary Android smartphone as the preview is likely to have rough edges. Google says as much. "it's early days, there are more features coming, and there's still plenty of stabilization and performance work ahead of us. But it's booting :)."

The company is using the developer preview to give beta testers a sneak peek into some new features, such as "notification channels," which will offer users the ability to group notifications. There is also Picture in Picture, which will enable you to have a video appear in a small window on top of homescreen or any application. Google is also adding "multi-display support" and improved "keyboard navigation." Your guess is as good as mine as to what these features will actually do. There's also better "background limits" which will supposedly help save battery, and wider Wi-Fi support to include things like Neighborhood Aware Networking (NAN).

No word on what "O" in Android O stands for.
Google

After Years Waiting For Google Fiber, KC Residents Get Cancellation Emails (arstechnica.com) 64

An anonymous reader quotes a report from Ars Technica: Some Kansas City residents who have been waiting years for Google Fiber to install service at their homes recently received e-mails canceling their installations, with no word on whether they'll ever get Internet service from the company. KSHB 41 Action News in Kansas City, Missouri, "spoke to several people, living in different parts of the metro, all who have recently received cancellation e-mails," the station reported last week. "The e-mails do not provide a specific reason for the cancellations. Instead they say the company was 'unable to build our network to connect your home or business at this time.'" While Google Fiber refuses to say how many installations have been canceled, KSHB said, "there is speculation the number of cancellations in the metro is as high as 2,700." "The company says it has slowed down in some areas to experiment with new techniques," such as wireless technology, the report also said. Google Fiber is still hooking up fiber for some new customers in parts of the Kansas City area. One resident who had his installation canceled is Larry Meurer, who was seeing multiple Google Fiber trucks in his neighborhood nearly two years ago, in the spring of 2015. "I'm left wondering what's going on," he told KSHB after getting the cancellation e-mail. Meurer lives in Olathe, Kansas, one of the largest cities in the Kansas City metro area. Residents only five houses away and around the corner have Google Fiber service, the report said. But Meurer said he and several neighbors who never got service were "terminated."
Communications

Hundreds of Cisco Switches Vulnerable To Flaw Found in WikiLeaks Files (zdnet.com) 76

Zack Whittaker, writing for ZDNet: Cisco is warning that the software used in hundreds of its products are vulnerable to a "critical"-rated security flaw, which can be easily and remotely exploited with a simple command. The vulnerability can allow an attacker to remotely gain access and take over an affected device. More than 300 switches are affected by the vulnerability, Cisco said in an advisory. According to the advisory, the bug is found in the cluster management protocol code in Cisco's IOS and IOS XE software, which the company installs on the routers and switches it sells. An attacker can exploit the vulnerability by sending a malformed protocol-specific Telnet command while establishing a connection to the affected device, because of a flaw in how the protocol fails to properly process some commands. Cisco said that there are "no workarounds" to address the vulnerability, but it said that disabling Telnet would "eliminate" some risks.
Crime

Company's Former IT Admin Accused of Accessing Backdoor Account 700+ Times (bleepingcomputer.com) 63

An anonymous reader writes: "An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer," reports BleepingComputer. Court papers reveal the IT admin left to be the CTO at one of the sportswear company's IT suppliers after working for 14 years at his previous employer. For more than two years, he's [allegedly] been using an account he created before he left to access his former colleagues' emails and gather information about the IT services they might need in the future. The IT admin was fired from his CTO job after his new employer found out what he was doing.
One backdoor, which enabled both VPN and VDI connections to the company's network, granted access to a "jmanming" account for a non-existent employee named Jeff Manning...
Encryption

Ask Slashdot: How Would You Implement Site-Wide File Encryption? 151

Recently-leaked CIA documents prove that encryption works, according to the Associated Press. But how should sys-admins implement site-wide file encryption? Very-long-time Slashdot reader Pig Hogger writes: If you decide to implement server-level encryption across all your servers, how do you manage the necessary keys/passwords/passphrases to insure that you have both maximum uptime (you can access your data if you need to reboot your servers), yet that the keys cannot be compromised... What are established practices to address this issue?
Keep in mind that you can't change your password once the server's been seized, bringing up the issue of how many people know that password. Or is there a better solution? Share you suggestions and experiences in the comments. How would you implement site-wide file encryption?
Social Networks

The Last Days of Club Penguin (theoutline.com) 75

Club Penguin, a decade-old tween-focused social network by Disney is shutting down. From a report on The Outline: Club Penguin, which launched in 2005, will shutter on March 29, ending an 11-year run that at its peak drew 200 million users to the site. While the traffic has reportedly been in decline over the past few years -- the OG Club Penguin kids have mostly aged out (most of the site's user are 8-13), and there's growing competition from other social networking games, like the new LEGO Life -- fans both young and old are reacting to the news with emotions that run the Kubler-Ross gamut. Some have been reduced to shell-like human embodiments of the Loudly Crying Face emoji. James Charles, the beauty-obsessed 17-year-old Instagram star who was recently announced as the first male face of CoverGirl, tweeted, "my entire childhood is going down the drain wow I'm gonna cry RIP greendude50." Others are lashing out, attempting speedruns or willfully disobeying chat rules in the hopes of getting booted in an act of you-can't-fire-me-I-quit defiance. And of course, plenty are soaking up the last days, taking part in the community-wide "Waddle On" celebration that's essentially a G-rated version of an end-of-days rager.
Education

Ask Slashdot: How To Teach Generic Engineers Coding, Networking, and Computing? 196

davegravy writes: I work at a small but quickly growing acoustic consulting engineering firm, consisting of a mix of mechanical, electrical, civil, and other engineering backgrounds. When I joined almost 10 years ago I was in good company with peers who were very computer literate -- able to develop their own complex excel macros, be their own IT tech support, diagnose issues communicating with or operating instrumentation, and generally dive into any technology-related problem to help themselves. In 2017, these skills and tendencies are more essential than they were 10 years ago; our instruments run on modern OS's and are network/internet-capable, the heavy data processing and analysis we need to do is python-based (SciPy, NumPy) and runs on AWS EC2 instances, and some projects require engineers to interface various data-acquisition hardware and software together in unique ways. The younger generation, while bright in their respective engineering disciplines, seems to rely on senior staff to a concerning degree when it comes to tech challenges, and we're stuck in a situation where we've provided procedures to get results but inevitably the procedures don't cover the vast array of scenarios faced day-to-day. Being a small company we don't have dedicated IT specialists. I believe I gathered my skills and knowledge through insatiable curiosity of all things technology as a child, self-teaching things like Pascal, building and experimenting with my own home LAN, and assembling computers from discrete components. Technology was a fringe thing back then, which I think drew me in. I doubt I'd be nearly as curious about it growing up today given its ubiquity, so I sort of understand why interest might be less common in today's youth.

How do we instill a desire to learn the fundamentals of networking, computing, and coding, so that the younger generation can be self-sufficient and confident working with the modern technology and tools they need to perform -- and be innovative in -- their jobs? I believe that the most effective learning occurs when there's a clearly useful purpose or application, so I'm hesitant to build a training program that consists solely of throwing some online courses at staff. That said, online courses may be a good place to get some background that can be built upon, however most that I've come across are intended for people pursuing careers in computer science, web development, software engineering, etc. Are there any good resources that approach these topics from a more general purpose angle?
Facebook

Facebook and Instagram Ban Developers From Using Data For Surveillance (theguardian.com) 63

An anonymous reader quotes a report from The Guardian: Facebook and Instagram have banned developers from using their data for surveillance with a new privacy policy that civil rights activists have long sought to curb spying by law enforcement. Following revelations last year that police departments had gained special access to the social networks to track protesters, Facebook, which owns Instagram, announced on Monday that it had updated its rules to state that developers could not "use data obtained from us to provide tools that are used for surveillance." The American Civil Liberties Union obtained government records last year revealing that Facebook, Instagram and Twitter had provided users' data to a software company that aids police surveillance programs and had helped law enforcement monitor Black Lives Matter demonstrations. The ACLU found that the social networking sites had given "special access" to Geofeedia, a controversial startup that has partnered with law enforcement to track streams of user content. "Our goal is to make our policy explicit," Facebook said in its announcement on Monday. "Over the past several months we have taken enforcement action against developers who created and marketed tools meant for surveillance, in violation of our existing policies; we want to be sure everyone understands the underlying policy and how to comply."
Communications

Ask Slashdot: How Would You Solve the Instant Messaging Problem? 456

Artem Tashkinov writes: The XKCD comics has posted a wonderful and exceptionally relevant post in regard to the today's situation with various instant messaging solutions. E-mail has served us well in the past, however, it's not suitable for any real-time communications involving video and audio. XMPP was a nice idea, however, it has largely failed except for a low number of geeks who stick to it. Nowadays, some people install up to seven instant messengers to be able to keep up with various circles of people. How do you see this situation being resolved?

People desperately need a universal solution which is secure, decentralized, fault tolerant, not attached to your phone number, protects your privacy, supports video and audio chats and sending of files, works behind NATs and other firewalls and has the ability to send offline messages. I believe we need a modern version of SMTP. [How would you solve the instant messaging problem?]
Encryption

What The CIA WikiLeaks Dump Tells Us: Encryption Works (ap.org) 202

"If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works," writes the Associated Press, "and the industry should use more of it." An anonymous reader quotes their report: Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can't break. In many cases, physical presence is required to carry off these targeted attacks. "We are in a world where if the U.S. government wants to get your data, they can't hope to break the encryption," said Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. "They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago"... Cindy Cohn, executive director for Electronic Frontier Foundation, a group focused on online privacy, likened the CIA's approach to "fishing with a line and pole rather than fishing with a driftnet."
The article points out that there are still some exploits that bypass encryption, according to the recently-released CIA documents. "Although Apple, Google and Microsoft say they have fixed many of the vulnerabilities alluded to in the CIA documents, it's not known how many holes remain open."
Network

T-Mobile Raises Deprioritization Threshold To 30GB (tmonews.com) 60

An anonymous reader quotes a report from TmoNews: T-Mobile's new deprioritization threshold is 30GB of usage in a single billing cycle. While T-Mo didn't make an official announcement about the change, you can see in this cached page that the network management policy says 28GB: "Based on network statistics for the most recent quarter, customers who use more than 28GB of data during a billing cycle will have their data usage prioritized below other customers' data usage for the remainder of the billing cycle in times and at locations where there are competing customer demands for network resources." Navigating to the webpage today now says 30GB. What this change means is that if you use more than 30GB of data in one billing cycle, your data usage will be prioritized below others for the remainder of that billing cycle. The only time that you're likely to see the effects of that, though, is when you're at a location on the network that is congested, during which time you may see slower speeds. Once you move to a different location or the congestion goes down, your speeds will likely go back up. And once the new billing cycle rolls around, your usage will be reset.
AT&T

FCC Investigating Coast-To-Coast 911 Outage For AT&T Wireless Users (nbcnews.com) 53

AT&T says it has fixed a nationwide outage that prevented its wireless customers from making 911 emergency calls. "Service has been restored for wireless customers affected by an issue connecting to 911. We apologize to those affected," the company officials said in a statement. The outage was serious enough to gain the attention of the Federal Communications Commission. The FCC chairman, Ajit Pai, said via Twitter that they are investigating what went wrong. NBC News reports: The company didn't say how widespread the outage was, but as reports poured in from across the country, Karima Holmes, director of unified communications for the Washington, D.C., government, said her office had been "advised there is a nationwide outage for AT&T." At 10:20 p.m. ET, about 10 minutes before AT&T gave the all-clear, DownDetector, a site that monitors internet traffic for real-time information on wireless and broadband carriers, indicated that outage reports for AT&T were clustered most prominently around New York City, Philadelphia, Washington, D.C., Chicago, Miami, Dallas, Houston, San Francisco, Los Angeles and Seattle. But emergency authorities across the country confirmed 911 outages and publicized direct police, fire and ambulance dispatch telephone numbers that AT&T customers should call in emergencies.
Google

Google AMP Is Rolling Out For 1 Billion People In Asia-Pacific Region (meshrepublic.com) 48

meshrepublic shares a report: As per the latest announcement, Google AMP is rolling out for 1 billion people in Asia Pacific. Baidu and Sogou, which account for around 90% of the search market in China, made the announcement on the opening day of the first AMP developer conference which is taking place in New York. Also, Yahoo Japan will connect to AMP pages from their Search results. This will bring all the benefits of AMP to their 58m daily users in Japan. With the addition of these search giant's, means, a billion more people will be using Google Accelerated Mobile Pages. Per Google research, 70 percent of conventional mobile pages take seven to 10 seconds for visual page content to load. By comparison, AMP pages' load in less than one second, on average.
Communications

The Dark Web Has Shrunk By 85% (bleepingcomputer.com) 107

An anonymous reader quotes a report from BleepingComputer: The number of Dark web services has gone down significantly following the Freedom Hosting II hack that took place at the start of February, and only consists of around 4,400 services, according to a recently published OnionScan report. Previous research published in April 2016 by threat intelligence firm Deep Light had the total number of Dark Web services at around 30,000. Comparing the two numbers, the report shows a decrease of over 85% in the overall size of Dark Web in the last year alone. According to the recent OnionScan statistics, the Dark Web is laughably small, with around 4,000 HTTP websites, 250 TLS (HTTPS) endpoints, 100 SMTP services, and only 10 FTP nodes.
Education

University of California, Berkeley, To Delete Publicly Available Educational Content (insidehighered.com) 337

In response to a U.S. Justice Department order that requires colleges and universities make website content accessible for citizens with disabilities and impairments, the University of California, Berkeley, will cut off public access to tens of thousands of video lectures and podcasts. Officials said making the videos and audio more accessible would have proven too costly in comparison to removing them. Inside Higher Ed reports: Today, the content is available to the public on YouTube, iTunes U and the university's webcast.berkeley site. On March 15, the university will begin removing the more than 20,000 audio and video files from those platforms -- a process that will take three to five months -- and require users sign in with University of California credentials to view or listen to them. The university will continue to offer massive open online courses on edX and said it plans to create new public content that is accessible to listeners or viewers with disabilities. The Justice Department, following an investigation in August, determined that the university was violating the Americans With Disabilities Act of 1990. The department reached that conclusion after receiving complaints from two employees of Gallaudet University, saying Berkeley's free online educational content was inaccessible to blind and deaf people because of a lack of captions, screen reader compatibility and other issues. Cathy Koshland, vice chancellor for undergraduate education, made the announcement in a March 1 statement: "This move will also partially address recent findings by the Department of Justice, which suggests that the YouTube and iTunes U content meet higher accessibility standards as a condition of remaining publicly available. Finally, moving our content behind authentication allows us to better protect instructor intellectual property from 'pirates' who have reused content for personal profit without consent."
China

Hidden Backdoor Discovered In Chinese IoT Devices (techradar.com) 85

"A backdoor has been found in devices made by a Chinese tech firm specializing in VoIP products," reports TechRadar. An anonymous reader quotes their article: Security outfit Trustwave made the discovery of a hidden backdoor in DblTek's devices which was apparently put there to allow the manufacturer access to said hardware -- but of course, it's also open to being exploited by other malicious parties. The backdoor is in the Telnet admin interface of DblTek-branded devices, and potentially allows an attacker to remotely open a shell with root privileges on the target device.

What's perhaps even more worrying is that when Trustwave contacted DblTek regarding the backdoor last autumn -- multiple times -- patched firmware was eventually released at the end of December. However, rather than removing the flaw, the vendor simply made it more difficult to access and exploit. And further correspondence with the Chinese company has apparently fallen on deaf ears.

The firmware with the hole "is present on almost every GSM-to-VoIP device which DblTek makes," and Trustwave "found hundreds of these devices on the net, and many other brands which use the same firmware, so are equally open to exploit."
Chrome

Which Linux Browser Is The Fastest? (zdnet.com) 160

ZDNet's Networking blog calls Firefox "the default web browser for most Linux distributions" and "easily the most popular Linux web browser" (with 51.7% of the vote in a recent survey by LinuxQuestions, followed by Chrome with 15.67%). But is it the fastest? An anonymous reader writes: ZDNet's Networking blog just ran speed tests on seven modern browsers -- Firefox, Chrome, Chromium, Opera (which is also built on Chromium), GNOME Web (formerly Epiphany), and Vivaldi (an open-source fork of the old Opera code for power-users). They subjected each browser to the JavaScript test suites JetStream, Kraken, and Octane, as well as reaction speed-testing by Speedometer and scenarios from WebXPRT, adding one final test for compliance with the HTML5 standard.

The results? Firefox emerged "far above" the other browsers for the everyday tasks measured by WebXPRT, but ranked near the bottom in all of the other tests. "Taken all-in-all, I think Linux users should look to Chrome for their web browser use," concludes ZDNet's contributing editor. "When it's not the fastest, it's close to being the speediest. Firefox, more often than not, really isn't that fast. Of the rest, Opera does reasonably well. Then, Chromium and Vivaldi are still worth looking at. Gnome Web, however, especially with its dreadful HTML 5 compatibility, doesn't merit much attention."

The article also reports some formerly popular Linux browsers are no longer being maintained, linking to a KDE forum discussion that concludes that Konqueror and Rekonq "are both more or less dead."
Communications

A New Video Shows Uber CEO Travis Kalanick Arguing With a Driver Over Fares (bloomberg.com) 187

A new video published by Bloomberg shows Uber CEO Travis Kalanick arguing with an Uber driver over fares. It all started when one of Kalanick's "companions" appears to say that she's heard that Uber is having a hard year. Bloomberg reports: That pleasant conversation between Kalanick and his friends in the back of an Uber Black? It devolved into a heated argument over Uber's fares between the CEO and his driver, Fawzi Kamel, who then turned over a dashboard recording of the conversation to Bloomberg. Kamel, 37, has been driving for Uber since 2011 and wants to draw attention to the plight of Uber drivers. The video shows off Kalanick's pugnacious personality and short temper, which may cause some investors to question whether he has the disposition to lead a $69 billion company with a footprint that spans the globe. Uber declined to comment on the video. Here's part of the conversation:
Travis Kalanick: "So we are reducing the number of black cars in the next few months."
Fawzi Kamel: "It's good."
Kalanick: "You probably saw some email."
Kamel: "I saw the email [says] it starts in May. But you're raising the standards and dropping the prices."
Kalanick: "We're not dropping the prices on black."
Kamel: "But in general."
Kalanick: "In general but we have competitors. Otherwise we'd be out of business."
Kamel: "Competitors? You had the business model in your hands you could have the prices you want but you choose to buy everybody a ride."

You can read the transcript of the conversation here via Recode.

UPDATE 2/28/17: Uber CEO Travis Kalanick has issued "a profound apology."

Slashdot Top Deals