Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Users Now Accuse Yahoo of Lock-In (

Tasha26 writes: After waiting 2 years to inform their users that 1 billion of them had their details stolen and installing a modified email scanner which turned out to be an NSA rootkit with full backdoor access, Yahoo has now disabled automatic email forwarding to another email provider. Users are claiming that this is an extremely suspicious timing as automatic email forwarding has been around for over a decade. In a statement to the BBC, Yahoo has denied any foul play and instead claimed they were working to improve the email forwarding functionality.

Submission + - SPAM: Chinese Supplier a Common Thread Binding Mirai Botnet of Things

chicksdaddy writes: A common, China-based supplier of circuit boards and software is the common thread that ties together the myriad digital video recorders, IP-based cameras and other devices that make up the Mirai botnet, according to analysis by the firm Flashpoint. ([spam URL stripped])

Weak, default credentials associated with software made by XiongMai Technologies ([spam URL stripped]) was abused by cyber criminals to compromise hundreds of thousands of DVR, NVR (network video recorder) and IP cameras globally. The credentials are written (or "hardcoded") into the software used by over five-hundred thousand devices on public IPs around the world, meaning they cannot be changed and make the devices susceptible to trivial compromise, Security Ledger reported on Monday. ([spam URL stripped])

The Mirai botnet is one of a number of networks of compromised devices that launched crippling denial of service attacks against a number of organizations in Europe and North America. Among the more prominent targets were the French hosting firm OVH and Krebs On Security, an independent cyber security blog that often exposes the deeds of cyber criminals operating distributed denial of service (DDOS) scams. Those attacks were the largest denial of service attacks, measured by the volume of bogus Internet traffic used to cripple their targets. Attacks on Krebs on Security topped 600 Gigabits per second (Gbps) and discrete attacks on OVH tipped the scales at more than 700 Gbps.

According to the Flashpoint analysis, cyber criminals abused the default username and password combination for Xiongmai’s Netsurveillance and CMS software. Those credentials – a user name root and password xc3511 allow anyone to gain access to the administrative interface of the device running the software, typically using the Telnet protocol.

Even worse: Flashpoint said that during its investigation it discovered another vulnerability affecting XiongMai’s software: an authentication bypass vulnerability that allows anyone with knowledge of the IP address of a device running the NetSurveillance or CMS software to bypass authentication and connect to the management interface, provided they know the correct URL.

Link to Original Source

Submission + - SPAM: Galaxy Note 7 Crackles, Pops, and Snaps, Spurring Evacuation of Plane

tasmir writes: Southwest Airlines on Wednesday evacuated a plane in Louisville, Kentucky, after a Samsung Galaxy Note 7 began popping and issuing thick smoke.

Samsung last month began replacing Galaxy Note 7s globally, following reports of several of the devices catching fire or exploding. It blamed the problem on an “isolated” faulty battery cell issue.

The device involved in the Southwest Airline incident reportedly was a replacement phone, according to owner Brian Green.

Samsung has said it will verify whether the phone actually was a replacement.

The latest incident throws a pall over the future of the Galaxy Note series, which had been Samsung’s flagship line.

“Wall Street and some retailers might understand that the problem may not have been created by Samsung, but they will not care,” said Larry Chiagouris, a professor of marketing at Pace University.

“Consumers will certainly care less,” he told TechNewsWorld. “All will hold Samsung responsible for its supply chain — and as a result, all will now rethink buying anything Samsung.”

Samsung officials may “be in denial, since they will likely view it as not their fault — but they specified the battery and chose the suppliers, and they cannot ignore the lingering impact on the Samsung brand and reputation,” Chiagouris said.

Link to Original Source

Submission + - Cyanogen Gets a New CEO, Shifts Away From Selling a Full Mobile Operating System (

An anonymous reader writes: Cyanogen, a startup behind its own, alternative version of the Android operating system, now has a new CEO. In the wake of reports that the company exaggerated its success in terms of active users, layoffs, and difficulties scaling, Cyanogen’s co-founder and CEO Kirt McMaster will be transitioning into an “Executive Chairman” role, while Lior Tal, previously COO, will now assume the CEO position. In addition, Steve Kondik, Cyanogen’s co-founder and CTO, will be taking on a new role as Chief Science Officer, the company announced. He will report Stephen Lawler, the company’s SVP of Engineering. Today’s blog post from new CEO Tal also somewhat acknowledged the company’s struggles, and announced plans to shift in its business model with the launch of a new Cyanogen Modular OS program. “in recent years, Android and the mobile ecosystem changed,” wrote Tal. “Android has become extremely fragmented causing serious security vulnerabilities and few or no incentives to device manufacturers to deliver software upgrades and/or security patches,” he said. “Increased demand for lower-priced smartphones, coupled with the specifications arms race, has left manufacturers focused on scale and efficiency while compromising investment in software and services. Innovation cannot happen in a vacuum, which is what we have today,” Tal added. The company will be moving away from its former model which involved it shipping the full-stack of the operating system, the company says. Its new program will instead allows manufacturers to introduce their own, customizable smartphones that use different parts of the Cyanogen OS via dynamic modules and MODs, while still using the ROM of their choice. That means they could still run stock Android on their devices, then pick and choose the pieces of Cyanogen’s technology they want to also add. The full Cyanogen OS is still available and being sold, but is no longer the main focus.

Submission + - Google Hires Joke Writers From Pixar Movies and The Onion For Assistant (

An anonymous reader writes: According to a Wall Street Journal report, comedy and joke writers from Pixar movies and the Onion are already working on making Google's upcoming Assistant AI voice service feel more loose and vibrant. The development of compelling voice AI will need to start drawing from deeper, more entertaining wells, especially as these home hubs try to have conversations all day long. Current voice AI like Apple's Siri and Amazon's Alexa on the Echo try to engage with personality, and they even tell jokes (usually, bad ones). But, as these services aim to be entirely voice-based, like the upcoming Google Home hub, they'll need to feel more alive and less canned. Google Home debuts this November, and the upcoming Google Pixel phone, arriving in stores and online on October 20, is the first Google product featuring the new Assistant voice service.

Submission + - "SandJacking" Attack Allows Install of Evil iOS Apps (

wiredmikey writes: An unpatched iOS vulnerability can be exploited to replace legitimate applications with a rogue version that allows attackers to access sensitive information without raising any suspicion.

While Apple's iOS 8.3 prevents the installation of an app that has an ID similar to an existing one, security researcher Chilik Tamir discovered a new method, which he dubbed “SandJacking."

Tamir demonstrated the SandJacking attack at the Hack In The Box (HITB) conference in Amsterdam on Thursday using Skype as the targeted application. However, the researcher told SecurityWeek that SandJacking attacks have been successfully tested against numerous popular applications.

The vulnerability was discovered in December 2015 and reported to Apple in January. The tech giant has confirmed the issue, but a patch has yet to be developed. Once Apple addresses the flaw, Tamir says he will release a SandJacker tool that automates the entire process of pushing malicious apps to iOS devices via the SandJacking vulnerability.

Submission + - Spybot Anti-Beacon: block and stop the various tracking (telemetry) issues (

An anonymous reader writes: Spybot Anti-Beacon: block and stop the various tracking (telemetry) issues present in Windows 7/8/8.1/10


"Spybot Anti-Beacon is a standalone tool which was designed to block and stop the various tracking (telemetry) issues present in Windows 10. It has since been modified to block similar tracking functionality in Windows 7, Windows 8 and Windows 8.1 operating systems.

Anti-Beacon is small, simple to use, and is provided free of charge. It was created to address the privacy concerns of users of Windows 10 who do not wish to have information about their PC usage sent to Microsoft. Simply clicking "Immunize" on the main screen of Anti-Beacon will immediately disable any known tracking features included by Microsoft in the operating system.

If any issues occur with your PC while using Anti-Beacon, undoing the changes made can be done by clicking the "Undo" button in the main window. This will re-enable all tracking services. If you experience any issues using Anti-Beacon or have any suggestions/recommendations, please be sure to let us know on the forum thread relating to this tool."

Submission + - SPAM: ForcePhone App Uses Ultrasonic Tone To Create Pressure-Sensitive Batphone 1

An anonymous reader writes: Researchers at the University of Michigan have created an app that makes any smartphone pressure-sensitive without additional hardware. The app, called ForcePhone, uses ultrasonic tones in the existing microphone and speaker hardware that respond to pressure for additional functionality for touchscreens. The app emits a high-frequency ultrasound tone from the device’s existing microphone, which is inaudible to humans but can be picked up by the phone. That tone is calibrated to change depending on the pressure that the user gives on the screen or on the body of the phone. This gives users an additional way to interact with their device through the app alone.

The additional functionality provided by ForcePhone can be used in a number of ways. Squeezing the body of the phone could take a user back a page, for example; or increased pressure on the touchscreen could act as a ‘right-click’ function, showing additional information on the app in use. Kan Shin, Professor at the University of Michigan, said, “You don’t need a special screen or built-in sensors to do this. Now this functionality can be realized on any phone.” He added, “We’ve augmented the user interface without requiring any special built-in sensors. ForcePhone increases the vocabulary between the phone and the user.”

Submission + - Phishing Attacks Rise to Highest Level Since 2004 (

An anonymous reader writes: The Anti-Phishing Working Group observed more phishing attacks in the first quarter of 2016 than at any other time in history. According to a new report, the total number of unique phishing websites observed in Q1 2016 was a record 289,371, with 123,555 of those phishing sites detected in March 2016. Those quarterly and monthly totals are the highest the APWG has seen since it began tracking and reporting on phishing in 2004.

Submission + - American Schools Teaching Kids to Code All Wrong 1

theodp writes: Over at Quartz, Globaloria CEO Idit Harel argues that American schools are teaching our kids how to code all wrong. She writes, "The light and fluffy version of computer science — which is proliferating as a superficial response to the increased need for coders in the workplace — is a phenomenon I refer to as 'pop computing.' While calling all policy makers and education leaders to consider 'computer science education for all' is a good thing, the coding culture promoted by and its library of movie-branded coding apps provide quick experiences of drag-and-drop code entertainment. This accessible attraction can be catchy, it may not lead to harder projects that deepen understanding." You mean the "first President to write a line of computer code" may not progressed much beyond moving Disney Princess Elsa forward?

Submission + - Site that exposed scam is being attacked

MikeDataLink writes: The Geek Pub posted an article about the woodprix scam, a scam where the scammers have stolen plans from numerous woodworking websites and magazines and are selling them on their site.

Now the scammers are attacking The Geek Pub site with spambots, and posting disinformation all over the web attempting to extort the site owner to delete the information about the scam (in exchange for deleting the derogatory posts on other sites).

Have you ever been attacked by scammers for exposing them? How did you fight back?

Submission + - Police Commissioner Bill Bratton Terrified Of Citizens With Cameras

JustAnotherOldGuy writes: NYPD Commissioner Bill Bratton recently criticized what he calls an ‘epidemic’ of citizens recording arrests amid the backlash over Harlem cop caught punching man who filmed him. "There is a phenomenon in this country that we need to examine," NYPD Commissioner Bill Bratton said. “This has become very serious. I would almost describe it an epidemic in this country,” Bratton added. As the NYPD continues to investigate a disturbing video of a Harlem cop pointing a gun at a group of onlookers armed only with smartphones and then punching one of the men recording him, the New York top cop's comments verged on the surreal. Since the advent of cellphone cameras, citizens have recorded an unending series of incidents showing police misconduct and brutality, up to and including murder. As the police are so fond of saying, "If you have nothing to hide, what are you afraid of?" So what is Police Commissioner Bill Bratton afraid of?

Submission + - Torrents Time Lets Anyone Launch Their Own Web Version Of Popcorn Time

An anonymous reader writes: Popcorn Time, an app for streaming video torrents, just got its own web version: Popcorn Time Online. Unlike other attempts to bring Popcorn Time into the browser, this one is powered by a tool called Torrents Time, which delivers the movies and TV shows via an embedded torrent client. Oh, and the developers have released the code so that anyone can create their own version. If Popcorn Time is Hollywood’s worst nightmare, Torrents Time is trying to make sure Hollywood can’t wake up.

Submission + - Stick Dad Reacts To Fine Bros Scandal (

PapaJesus writes: If you didn't hear, the now infamous YouTube duo The Fine Bros Ent. is trying to claim total rights to all reaction videos.. yes, ALL reaction videos with their new project Reaction World. As dumb as the whole thing sounds, many YouTubers have had their completely original videos taken down because of these menaces. Enraged and ready to take a stand is our friend and local superstar, Stick Dad. Armed with the logic of 1000 genius', Stick Dad tries to understand what these Fine Bros are really about.

Slashdot Top Deals

8 Catfish = 1 Octo-puss