Check out the brand new SourceForge HTML5 speed test! Test your internet connection now. Works on all devices. ×
Operating Systems

'UpgradeSubscription.exe' File In Preview Build Hints At Windows 10 Subscriptions (zdnet.com) 105

An anonymous reader writes: A file named "UpgradeSubscription.exe" is found buried in the System32 folder of Windows 10 build 14376, alongside 590 other .exe files. ZDNet reports the file has been part of other recent preview builds, but just recently uncovered. "In the file's properties, it's described as the Windows Upgrade to Subscription Tool, and its date and time stamp corresponds to other administrative tools in the same build," reports ZDNet. You can view the screenshot here. Microsoft responded to ZDNet saying: "The Windows Upgrade to Subscription tool, found in the latest Windows Insider builds, helps to manage certain volume licensing upgrades from Windows 10 Pro Anniversary Update to Windows 10 Enterprise. This binary file is not associated with the free consumer upgrade offering nor is it applicable to consumer Windows editions." When pressed for additional details, Microsoft responded with, "No further comment." While the file does nothing, it does appear to confirm that it's related to licensing, referencing a registry value called AllowWindowsSubscription. Build 14376 reveals a few references to servicing packages named Microsoft-Client-License-Platform-Upgrade-Subscription-Package. Last year, there was some talk about Windows 10 being the last version of Windows as Microsoft is pushing a "Windows as a service" vision. When news broke in April about Windows Phone's sharp revenue declines, PCWorld reported that CEO Satya Nadella's strategy is to grow Microsoft's revenues by convincing customers to adopt its paid subscription services.
Facebook

Hacker Takes Over Oculus CEO's Twitter Account, Announces New CEO (techcrunch.com) 27

Another day, another high-profile becoming victim of a hack attack. Somebody managed to find a way into Oculus CEO Brendan Iribe's Twitter account late Wednesday. The hacker, who appears to be a user who goes by the alias "lid" on Twitter changed Iribe's bio and cover photo, and made a couple of interesting "announcements" -- including him becoming the new CEO of Facebook-owned virtual reality company. TechCrunch reports:This is just the latest in a string of tech CEO's having their Twitter accounts compromised, this attack does not appear to be from the same hacker group responsible for the hacks on the accounts of Travis Kalanick, Sundar Pichai, Mark Zuckerberg and Dick Costolo. Late Wednesday night, Iribe's Twitter bio temporarily read, "hey its @Lid ... im not testing ya security im just havin a laugh." The hacker told me in a Twitter DM that he accessed the password via last month's MySpace breach, he also said that he also would've managed to access Iribe's email account had he not had two-factor authentication enabled.
Google

Spanish Authorities Raid Google Offices Over Tax (reuters.com) 121

An anonymous reader shares a Reuters report:Spanish officials raided Google's Madrid offices on Thursday in a probe related to its payment of taxes, a person familiar with the matter said, barely a month after the internet company had its headquarters in France searched on suspicion of tax evasion. A spokeswoman for Google said in a brief statement the company complied with fiscal legislation in Spain just as it did in all countries where it operated. The company was working with authorities to answer all questions, the spokeswoman added. Google is under pressure across Europe from politicians and the public upset at how multinationals exploit their presence around the world to minimize their tax bills.
Encryption

US Efforts To Regulate Encryption Have Been Flawed, Government Report Finds (theguardian.com) 96

An anonymous reader writes from a report via The Guardian: U.S. Republican congressional staff said in a report released Wednesday that previous efforts to regulate privacy technology were flawed and that lawmakers need to learn more about technology before trying to regulate it. The 25-page white paper is entitled Going Dark, Going Forward: A Primer on the Encryption Debate and it does not provide any solution to the encryption fight. However, it is notable for its criticism of other lawmakers who have tried to legislate their way out of the encryption debate. It also sets a new starting point for Congress as it mulls whether to legislate on encryption during the Clinton or Trump administration. "Lawmakers need to develop a far deeper understanding of this complex issue before they attempt a legislative fix," the committee staff wrote in their report. The committee calls for more dialogue on the topic and for more interviews with experts, even though they claim to have already held more than 100 such briefings, some of which are classified. The report says in the first line that public interest in encryption has surged once it was revealed that terrorists behind the Paris and San Bernardino attacks "used encrypted communications to evade detection." Congressman Ted Lieu is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients.
Databases

2 Million-Person Terror Database Leaked Online (thestack.com) 157

An anonymous reader writes from a report via The Stack: A 2014 version of the World-Check database containing more than 2.2 million records of people with suspected terrorist, organized crime, and corruption links has been leaked online. The World-Check database is administered by Thomson-Reuters and is used by 4,500 institutions, 49 of the world's 50 largest banks and by over 300 government and intelligence agencies. The unregulated database is intended for use as "an early warning system for hidden risk" and combines records from hundreds of terror and crime suspects and watch-lists into a searchable resource. Most of the individuals in the database are unlikely to know that they are included, even though it may have a negative impact on their ability to use banking services and operate a business. A Reddit user named Chris Vickery says he obtained a copy of the database, saying he won't reveal how until "a later time." To access the database, customers must pay an annual subscription charge, that can reach up to $1 million, according to Vice, with potential subscribers then vetted before approval. Vickery says he understands that the "original location of the leak is still exposed to the public internet" and that "Thomas Reuters is working feverishly to get it secured." He told The Register that he alerted the company to the leak, but is still considering whether to publish the information contained in it.
Security

Android Malware Pretends To Be WhatsApp, Uber and Google Play (fireeye.com) 57

Reader itwbennett writes: Security vendor FireEye said on Tuesday that malware that can spoof the user interfaces of Uber, WhatsApp and Google Play has been spreading through a phishing campaign over SMS. Once downloaded, the malware, which has struck Android users in Denmark, Italy and Germany, will create fake user interfaces on the phone as an 'overlay 's top of real apps. These interfaces ask for credit card information and then send the entered data to the hacker.
Crime

Istanbul Attack: A Grim Reminder Of Why Airports Are Easy Targets (firstpost.com) 261

An anonymous reader shares a FirstPost article:Even as I write this the echo of gunfire continues at Ataturk International Airport. For reasons that defy logic, Istanbul's main airport has always been seen as a vulnerable target which only underscores the fact that all airports in the world are open to attack and fail-safe is not a viable option. At Ataturk, security is usually high, but the weak underbelly lies in vehicular traffic entering the airport being given cursory checks, pretty much like most airports which is why President Erdogan was able to say this sort of attack could have occurred anywhere. That is true. Airports are easy targets. That even though Turkey was aware of the chinks nothing much was done to up the security levels. If you take Delhi International as a prime example, the access to the terminal is scarcely blockaded and one can reach the entry points with ease, crossing a couple of indolent checkpoints and a roller fence. (Editor's note: the article has been written by an Indian author, and so he uses an Indian airport as an example.) Indian airports are as porous as a sponge. Most of our airports are red-starred which places them in the inadequate category. Add to that the fact that several thousand VIPs are given privileges that make a pudding out of security and it indicates how easy peasy it would be to amble up to the terminal entrance. The weakness primarily lies in the absence of X-Rays and deterrent technology on approach. You practically can check in and get to immigration before being cleared for hazardous material.
Security

Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets' (fortune.com) 113

Google's Project Zero team has discovered a heap of critical vulnerabilities in Symantec and Norton security products. The flaws, the team says, allow hackers to completely compromise people's machines by simply sending them malicious self-replicating code through unopened emails or un-clicked links. According to a Fortune report, the vulnerabilities affect millions of people who run the company's endpoint security and antivirus software -- all 17 enterprise products (Symantec brand) and eight consumer and small business products (Norton brand). Dan Goodin, reporting for Ars Technica:The flaws reside in the engine the products use to reverse the compression tools malware developers use to conceal their malicious payloads. The unpackers work by parsing code contained in files before they're allowed to be downloaded or executed. Because Symantec runs the unpackers directly in the operating system kernel, errors can allow attackers to gain complete control over the vulnerable machine. Tavis Ormandy, a researcher with Google's Project Zero, said a better design would be for unpackers to run in a security "sandbox," which isolates untrusted code from sensitive parts of an operating system.
AI

The Moral Dilemma of Driverless Cars: Save The Driver or Save The Crowd? 357

HughPickens.com writes: What should a driverless car with one rider do if it is faced with the choice of swerving off the road into a tree or hitting a crowd of 10 pedestrians? The answer depends on whether you are the rider in the car or someone else is, writes Peter Dizikes at MIT News. According to recent research most people prefer autonomous vehicles to minimize casualties in situations of extreme danger -- except for the vehicles they would be riding in. "Most people want to live in in a world where cars will minimize casualties," says Iyad Rahwan. "But everybody wants their own car to protect them at all costs." The result is what the researchers call a "social dilemma," in which people could end up making conditions less safe for everyone by acting in their own self-interest. "If everybody does that, then we would end up in a tragedy whereby the cars will not minimize casualties," says Rahwan. Researchers conducted six surveys, using the online Mechanical Turk public-opinion tool, between June 2015 and November 2015. The results consistently showed that people will take a utilitarian approach to the ethics of autonomous vehicles, one emphasizing the sheer number of lives that could be saved. For instance, 76 percent of respondents believe it is more moral for an autonomous vehicle, should such a circumstance arise, to sacrifice one passenger rather than 10 pedestrians. But the surveys also revealed a lack of enthusiasm for buying or using a driverless car programmed to avoid pedestrians at the expense of its own passengers. "This is a challenge that should be on the mind of carmakers and regulators alike," the researchers write. "For the time being, there seems to be no easy way to design algorithms that would reconcile moral values and personal self-interest."
Medicine

Micro-Camera Can Be Injected With A Syringe -- May Pose Surveillance Concerns (phys.org) 60

Taco Cowboy quotes a report from ABC Online: German engineers have created a camera no bigger than a grain of salt that could change the future of health imaging -- and clandestine surveillance. Using 3D printing, researchers from the University of Stuttgart built a three-lens camera, and fit it onto the end of an optical fiber the width of two hairs. Such technology could be used as minimally-intrusive endoscopes for exploring inside the human body, the engineers reported in the journal Nature Photonics. The compound lens of the camera is just 100 micrometers (0.1 millimeters) wide, and 120 micrometers with its casing. It could also be deployed in virtually invisible security monitors, or mini-robots with "autonomous vision." The compound lens can also be printed onto image sensor other than optical fibers, such as those used in digital cameras. The researchers said it only took a few hours to design, manufacture and test the camera, which yielded "high optical performances and tremendous compactness." They believe the 3D printing method -- used to create the camera -- may represent "a paradigm shift."
Earth

Researchers Find Game-Changing Helium Reserve In Tanzania (cnn.com) 177

An anonymous reader writes from a report via CNN: Helium is an incredibly important element that is used in everything from party balloons to MRI machines -- it's even used for nuclear power. For many years, there have been global shortages of the element. For example, Tokyo Disneyland once had to suspend sales of its helium balloons due to the shortages. The shortages are expected to come to an end now that researchers from Oxford and Durham universities have discovered a "world-class" helium gas field in Tanzania's East African Rift Valley. They estimate that just one part of the reserve in Tanzania could be as large as 54 billion cubic feet (BCf), which is enough to fill more than 1.2 million medical MRI scanners. "To put this discovery into perspective, global consumption of helium is about 8 billion cubic feet (BCf) per year and the United States Federal Helium Reserve, which is the world's largest supplier, has a current reserve of just 24.2 BCf," said University of Oxford's Chris Ballentine, a professor with the Department of Earth Sciences. "Total known reserves in the USA are around 153 BCf. This is a game-changer for the future security of society's helium needs and similar finds in the future may not be far away," Ballentine added.
Security

US Healthcare Records Offered For Sale Online 88

An anonymous reader writes:Three U.S. healthcare organisations are reportedly being held to ransom by a hacker who stole data on hundreds of thousands of patients. The hacker has also put the 650,000 records up for sale on dark web markets where stolen data is traded. Prices for the different databases range from $100,000 to $411,000. Buyers have already been found for some of the stolen data, the hacker behind the theft told news site Motherboard. No information about the size of the ransom payment sought by the data thief has emerged, although he did say it was "a modest amount compared to the damage that will be caused to the organisations when I decide to publicly leak the victims."
China

China Tells App Developers To Increase User Monitoring 47

An anonymous reader writes: The Cyberspace Administration of China has imposed new regulation for the mobile app community, requiring that developers keep a close watch over users and keep a record of their activities. However, the proposed legislation would also prevent apps from requesting unnecessary access to users' contacts, camera, microphone and other spurious installation requests. The regulator introduced the new laws in the name of cracking down on illegal use of mobile platforms for the distribution of pornography, fraud and the spread of 'malicious' content.
Facebook

Facebook Backtracks, Now Says It Is Not Using Your Phone's Location To Suggest Friends 94

A report on Fusion on Monday, which cited a number of people, claimed that Facebook was using its users' phone location to suggest people to them. The publication also noted the privacy implications of this supposed feature. At the time of publishing, Facebook had noted that location was indeed one of the signals it looks into when suggesting new friends. But the social juggernaut has since backtracked on its statement with new assurances that it is not using anyone's location. In a statement to Slashdot, the company said:We're not using location data, such as device location and location information you add to your profile, to suggest people you may know. We may show you people based on mutual friends, work and education information, networks you are part of, contacts you've imported and other factors.
Government

US Customs Wants To Know Travelers' Social Media Account Names (helpnetsecurity.com) 375

Orome1 quotes a report from Help Net Security: The U.S. Customs and Border Protection agency has submitted a request to the Office of Management and Budget, asking for permission to collect travelers social media account names as they enter the country. The CBP, which is part of the U.S. Department of Homeland Security, proposes that the request "Please enter information associated with your online presence -- Provider/Platform -- Social media identifier" be added to the Electronic System for Travel Authorization (ESTA) and to the CBP Form I-94W (Nonimmigrant Visa Waiver Arrival/Departure). "It will be an optional field to request social media identifiers to be used for vetting purposes, as well as applicant contact information," the CBP noted. "Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case." The public and affected agencies are asked to comment on the request within 60 days of its publication. Commenters are asked to send their comments to this address.
Botnet

A Massive Botnet of CCTV Cameras Involved In Ferocious DDoS Attacks (softpedia.com) 79

An anonymous reader writes: "A botnet of over 25,000 bots is at the heart of recent DDoS attacks that are ferociously attacking businesses across the world with massive Layer 7 DDoS attacks that are overwhelming Web servers, occupying their resources and eventually crashing websites," reports Softpedia. This botnet's particularity is the fact that attacks never fluctuated and the attackers managed to keep a steady rhythm. This is not a classic botnet of infected computers that go on and off, but of compromised CCTV systems that are always on and available for attacks. The brands of CCTV DVRs involved in these attacks are the same highlighted in a report by a security researcher this winter, who discovered a backdoor in the firmware of 70 different CCTV DVR vendors. These companies had bought unbranded DVRs from Chinese firm TVT. When informed of the firmware issues, TVT ignored the researcher and the issues were never fixed, leading to crooks creating this huge botnet.
The Courts

President Obama Should Pardon Edward Snowden Before Leaving Office (theverge.com) 379

An anonymous reader writes from a report via The Verge: Ever since Edward Snowden set in motion the most powerful public act of whistleblowing in U.S. history, he has been living in exile in Russia from the United States. An article in this week's New York Magazine looks at how Snowden may have a narrow window of opportunity where President Obama could pardon him before he leaves office. Presumably, once he leaves office, the chances of Snowden being pardoned by Hillary Clinton or Donald Trump are miniscule. Obama has said nothing in the past few years to suggest he's interested in pardoning Snowden. Not only would it contradict his national security policy, but it will severely alienate the intelligence community for many years to come. With that said, anyone who values a free and secure internet believes pardoning Snowden would be the right thing to do. The Verge reports: "[Snowden] faces charges under the Espionage Act, which makes no distinction between delivering classified files to journalists and delivering the same files to a foreign power. For the first 80 years of its life, it was used almost entirely to prosecute spies. The president has prosecuted more whistleblowers under the Espionage Act than all president before him combined. His Justice Department has vastly expanded the scope of the law, turning it from a weapon against the nation's enemies to one that's pointed against its own citizens. The result will be less scrutiny of the nation's most powerful agencies, and fewer forces to keep them in check. With Snowden's push for clemency, the president has a chance to complicate that legacy and begin to undo it. It's the last chance we'll have."
Bitcoin

New and Improved CryptXXX Ransomware Rakes In $45,000 In 3 Weeks (arstechnica.com) 124

An anonymous reader writes:Whoever said crime doesn't pay didn't know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on. Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn't include revenue generated from previous campaigns.
Security

Google CEO Sundar Pichai's Quora Account Hacked (thenextweb.com) 24

Google CEO Sundar Pichai is the latest high-profile victim of a hacking group called OurMine. Earlier today, the group managed to get hold of Pichai's Quota account, which in turn, gave them access to his Twitter feed as well. In a statement to The Next Web, the group said that their intention is to just test people's security, and that they never change the victim's passwords. Looking at the comments they left after hacking Pichai's account, it is also clear that OurMine is promoting its security services. The same group recently also hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts.
Security

Religious Hacker Defaces 111 Escort Sites (softpedia.com) 161

An anonymous reader shares this article from Softpedia: A religiously-motivated Moroccan hacker has defaced 111 different web sites promoting escort services since last summer as part of an ongoing protest against the industry. "In January, the hacker defaced 79 escort websites," writes Softpedia. "His actions didn't go unnoticed, and on some online forums where escorts and webmasters of these websites met, his name was brought up in discussions and used to drive each other in implementing better Web security. While some webmasters did their job, some didn't. During the past days, the hacker has been busy defacing a new set of escort websites... Most of these websites bare ElSurveillance's defacement message even today... Most of the websites are from the UK."
His newest round of attacks replace the sites with a pro-Palestine message and a quote from the quran, though in January Softpedia reported the attacker was also stealing data from some of the sites about their users' accounts.

Slashdot Top Deals