Privacy

How a Wi-Fi Pineapple Can Steal Your Data (And How To Protect Yourself From It) (vice.com)

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."
Windows

Microsoft Confirms Surface Book 2 Can't Stay Charged During Gaming Sessions (engadget.com) 72

The Verge mentioned in their review that the Surface Book 2's power supply can't charge the battery fast enough to prevent it from draining in some cases. Microsoft has since confirmed that "in some intense, prolonged gaming scenarios with Power Mode Slider set to 'best performance' the battery may discharge while connected to the power supply." Engadget reports: To let you choose between performance and battery life, the Surface Book has a range of power settings. If you're doing video editing or other GPU intensive tasks, you can crank it up to "best performance" to activate the NVIDIA GPU and get more speed. Battery drain is normally not an issue with graphics apps because the chip only kicks in when needed. You'll also need the "best performance" setting for GPU-intensive games, as they'll slow down or drop frames otherwise. The problem is that select titles like Destiny 2 use the NVIDIA chip nearly continuously, pulling up to 70 watts of power on top of the 35 watt CPU. Unfortunately, the Surface Book comes with a 102-watt charger, and only about 95 watts of that reaches the device, the Verge points out. Microsoft says that the power management system will prevent the battery from draining completely, even during intense gaming, but it would certainly mess up your Destiny 2 session. It also notes that the machine is intended for designers, developers and engineers, with the subtext that it's not exactly marketed as a gaming rig.
Security

Ask Slashdot: How Are So Many Security Vulnerabilities Possible? 230

dryriver writes: It seems like not a day goes by on Slashdot and elsewhere on the intertubes that you don't read a story headline reading "Company_Name Product_Name Has Critical Vulnerability That Allows Hackers To Description_Of_Bad_Things_Vulnerability_Allows_To_Happen." A lot of it is big brand products as well. How, in the 21st century, is this possible, and with such frequency? Is software running on electronic hardware invariably open to hacking if someone just tries long and hard enough? Or are the product manufacturers simply careless or cutting corners in their product designs? If you create something that communicates with other things electronically, is there no way at all to ensure that the device is practically unhackable?
Security

Sacramento Regional Transit Systems Hit By Hacker (cbslocal.com) 28

Zorro shares a report from CBS Local: Sacramento Regional Transit is the one being taken for a ride on this night, by a computer hacker. That hacker forced RT to halt its operating systems that take credit card payments, and assigns buses and trains to their routes. The local transit agency alerted federal agents following an attack on their computers that riders may not have noticed Monday. "We actually had the hackers get into our system, and systematically start erasing programs and data," Deputy General Manager Mark Lonergan. Inside RT's headquarters, computer systems were taken down after the hacker deleted 30 million files. The hacker also demanded a ransom in bitcoin, and left a message on the RT website reading "I'm sorry to modify the home page, I'm good hacker, I just want to help you fix these vulnerability."
The Internet

FCC Will Also Order States To Scrap Plans For Their Own Net Neutrality Laws (arstechnica.com) 190

An anonymous reader quotes a report from Ars Technica: In addition to ditching its own net neutrality rules, the Federal Communications Commission also plans to tell state and local governments that they cannot impose local laws regulating broadband service. This detail was revealed by senior FCC officials in a phone briefing with reporters today, and it is a victory for broadband providers that asked for widespread preemption of state laws. FCC Chairman Ajit Pai's proposed order finds that state and local laws must be preempted if they conflict with the U.S. government's policy of deregulating broadband Internet service, FCC officials said. The FCC will vote on the order at its December 14 meeting. It isn't clear yet exactly how extensive the preemption will be. Preemption would clearly prevent states from imposing net neutrality laws similar to the ones being repealed by the FCC, but it could also prevent state laws related to the privacy of Internet users or other consumer protections. Pai's staff said that states and other localities do not have jurisdiction over broadband because it is an interstate service and that it would subvert federal policy for states and localities to impose their own rules.
Transportation

Uber Fined $8.9 Million In Colorado For Allowing Drivers With Felonies, Motor Violations To Work (jalopnik.com) 84

Uber has been fined by a Colorado regulator on Monday for nearly $9 million, after an investigation revealed that 57 people with criminal and motor vehicle offenses were allowed to drive with the ride-hailing company. Jalopnik reports: States across the U.S. have been considering laws to require additional background checks for individuals who drive for Uber and competitors like Lyft. In Colorado, the state's Public Utilities Commission investigated the company's drivers after an incident this past March, reported The Denver Post, when a driver dragged a passenger out of a car and kicked them in the face. The commission said it found 57 drivers had issues that should've disqualified them from driving for Uber, including felony convictions for driving under the influence and reckless driving, while others had revoked, suspended or canceled licenses. A similar investigation was conducted on Lyft, the Post reported, but no violations were revealed. An Uber spokesperson said the situation stems from a "process error" that was "inconsistent with Colorado's ridesharing regulations." The spokesperson said Uber "proactively notified" the commission. "This error affected a small number of drivers and we immediately took corrective action," the company said in a statement to the Post. "Per Uber safety policies and Colorado state regulations, drivers with access to the Uber app must undergo a nationally accredited third-party background screening. We will continue to work closely with the CPUC to enable access to safe, reliable transportation options for all Coloradans."
Businesses

HP Enterprise CEO Meg Whitman To Step Down (reuters.com) 87

Hewlett Packard Enterprise's Meg Whitman is stepping down as chief executive officer. Reuters reports: Whitman engineered the biggest breakup in corporate history during her 6 year tenure at the helm, creating HPE and PC-and-printer business HP Inc from parent Hewlett Packard Co in 2015. Whitman will be succeeded by the company's president, Antonio Neri, who takes over from Feb. 1. "Now is the right time for Antonio and a new generation of leaders to take the reins of HPE," Whitman said in a statement. Whitman, who will continue as a board member, had been steering the company towards areas such as networking, storage and technology services.
Privacy

Uber Concealed Cyberattack That Exposed 57 Million People's Data (bloomberg.com) 28

According to Bloomberg, hackers stole the personal data of 57 million customers and drivers from Uber. The massive breach was reportedly concealed by the company for more than a year. From the report: Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers were accessed as well, including some 600,000 U.S. driver's license numbers. No Social Security numbers, credit card details, trip location info or other data were taken, Uber said. At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

Here's how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

Businesses

Russia To Act Against Google if Sputnik, RT Get Lower Search Rankings (reuters.com) 151

Paresh Dave and Jack Stubbs, reporting for Reuters: The Kremlin will take action against Alphabet's Google if articles from Russian news websites Sputnik and Russia Today are placed lower in search results, the Interfax news service cited Russia's chief media regulator as saying on Tuesday. Alexander Zharov, head of media regulator Roskomnadzor, said his agency sent a letter to Google on Tuesday requesting clarification on comments Saturday by Alphabet Executive Chairman Eric Schmidt about how the Russian websites would be treated in search, according to Interfax. "We will receive an answer and understand what to do next," Interfax quoted Zharov as saying. "We hope our opinion will be heard, and we won't have to resort to more serious" retaliatory measures.
OS X

New Windows Search Interface Borrows Heavily From MacOS (arstechnica.com) 78

An anonymous reader quotes a report from Ars Technica: Press clover-space on a Mac (aka apple-space or command-space to Apple users) and you get a search box slap bang in the middle of the screen; type things into it and it'll show you all the things it can find that match. On Windows, you can do the same kind of thing -- hit the Windows key and then start typing -- but the results are shown in the bottom left of your screen, in the Start menu or Cortana pane. The latest insider build of Windows, build 17040 from last week, has a secret new search interface that looks a lot more Mac-like. Discovered by Italian blog Aggiornamenti Lumia, set a particular registry key and the search box appears in the middle of the screen. The registry key calls it "ImmersiveSearch" -- hit the dedicated key, and it shows a simple Fluent-designed search box and results. This solution looks and feels a lot like Spotlight on macOS.
Microsoft

Microsoft Offering Free Windows 10 Development Environment VM for a Limited Time (bleepingcomputer.com) 78

An anonymous reader shares a report: Microsoft is providing a free virtual machine that comes preloaded with Windows 10 Enterprise, Visual Studio 2017, and various utilities in order to promote the development of Universal Windows Platform apps. Before you get too excited about a free version of Windows 10 Enterprise, this Virtual Machine will expire on January 15th 2018. When downloading the development environment, you can choose either a VMware, VirtualBox, Hyper-V, or Parallels virtual machine depending on what virtual machine software you use. Each of these images are about 17-20GB when extracted from the downloaded archive and include almost everything you need to develop Universal Windows Platform apps.
Communications

To Save Net Neutrality, We Must Build Our Own Internet (vice.com) 177

In light of reports that FCC plans to announce a full repeal of net neutrality protections later this week, Jason Koebler, editor-in-chief of Motherboard, suggests that it is time we cut our reliance on big telecom monopolies. He writes: Net neutrality as a principle of the federal government will soon be dead, but the protections are wildly popular among the American people and are integral to the internet as we know it. Rather than putting such a core tenet of the internet in the hands of politicians, whose whims and interests change with their donors, net neutrality must be protected by a populist revolution in the ownership of internet infrastructure and networks. In short, we must end our reliance on big telecom monopolies and build decentralized, affordable, locally owned internet infrastructure. The great news is this is currently possible in most parts of the United States. There has never been a better time to start your own internet service provider, leverage the publicly available fiber backbone, or build political support for new, local-government owned networks. For the last several months, Motherboard has been chronicling the myriad ways communities passed over by big telecom have built their own internet networks or have partnered with small ISPs who have committed to protecting net neutrality to bring affordable high speed internet to towns and cities across the country. Update: FCC has announced a plan to repeal net neutrality.
Censorship

Skype Vanishes From App Stores in China (nytimes.com) 34

Skype, Microsoft's Internet phone call and messaging service, has been unavailable for download from a number of app stores in China, including Apple's, for almost a month (Editor's note: the link could be paywalled; alternative source), The New York Times reported on Tuesday. From the report: "We have been notified by the Ministry of Public Security that a number of voice over internet protocol apps do not comply with local law. Therefore these apps have been removed from the app store in China," an Apple spokeswoman said Tuesday in an emailed statement responding to questions about Skype's disappearance from the app store. "These apps remain available in all other markets where they do business." The removal led to a volley of complaints from Chinese users on internet message boards who were no longer able to pay for Skype's services through Apple. The users said that the disruption began in late October. Skype, which is owned by Microsoft, still functions in China, and its fate in the country is not yet clear. But its removal from the app stores is the most recent example of a decades-long push by China's government to control and monitor the flow of information online.
Security

Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions (zdnet.com) 190

Liam Tung, writing for ZDNet: Thanks to an investigation by third-party researchers into Intel's hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers. The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS). Intel discovered the bugs after Maxim Goryachy and Mark Ermolov from security firm Positive Technologies found a critical vulnerability in the ME firmware that Intel now says would allow an attacker with local access to execute arbitrary code. The researchers in August published details about a secret avenue that the US government can use to disable ME, which is not available to the public. Intel ME has been a source of concern for security-minded users, in part because only Intel can inspect the firmware, yet many researchers suspected the powerful subsystem had bugs that were ripe for abuse by attackers.
Privacy

Google Collects Android Users' Locations Even When Location Services Are Disabled (qz.com) 193

Google has been collecting Android phones' locations even when location services are turned off, and even when there is no carrier SIM card installed on the device, an investigation has found. Keith Collins, reporting for Quartz: Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers -- even when location services are disabled -- and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy. Quartz observed the data collection occur and contacted Google, which confirmed the practice. The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.
Graphics

Google Cloud Platform Cuts the Price of GPUs By Up To 36 Percent (techcrunch.com) 28

In a blog post, Google's Product Manager, Chris Kleban, announced that the company is cutting the price of using Nvidia's Tesla GPUs through its Compute Engine by up to 36 percent. The older K80 GPUs will now cost $0.45 per hour while the more powerful P100 machines will cost $1.46 per minute (all with per-second billing). TechCrunch reports: The company is also dropping the prices for preemptible local SSDs by almost 40 percent. "Preemptible local SSDs" refers to local SSDs attached to Google's preemptible VMs. You can't attach GPUs to preemptible instances, though, so this is a nice little bonus announcement -- but it isn't going to directly benefit GPU users. As for the new GPU pricing, it's clear that Google is aiming this feature at developers who want to run their own machine learning workloads on its cloud, though there also are a number of other applications -- including physical simulations and molecular modeling -- that greatly benefit from the hundreds of cores that are now available on these GPUs. The P100, which is officially still in beta on the Google Cloud Platform, features 3594 cores, for example. Developers can attach up to four P100 and eight K80 dies to each instance. Like regular VMs, GPU users will also receive sustained-use discounts, though most users probably don't keep their GPUs running for a full month.
Privacy

Over 400 of the World's Most Popular Websites Record Your Every Keystroke (vice.com) 251

An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn't new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled "No Boundaries," three researchers from Princeton's Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world's most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers' findings. If you accidentally paste something into a form that was copied to your clipboard, it's also recorded. These scripts, or bits of code that websites run, are called "session replay" scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don't just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don't run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can't "reasonably be expected to be kept anonymous," according to the researchers.
Power

UCLA Researchers Use Solar To Create and Store Hydrogen (phys.org) 57

UCLA researchers have designed a device that can use solar energy to inexpensively and efficiently create and store energy, which could be used to power electronic devices, and to create hydrogen fuel for eco-friendly cars. Phys.Org reports: The device could make hydrogen cars affordable for many more consumers because it produces hydrogen using nickel, iron and cobalt -- elements that are much more abundant and less expensive than the platinum and other precious metals that are currently used to produce hydrogen fuel. Traditional hydrogen fuel cells and supercapacitors have two electrodes: one positive and one negative. The device developed at UCLA has a third electrode that acts as both a supercapacitor, which stores energy, and as a device for splitting water into hydrogen and oxygen, a process called water electrolysis. All three electrodes connect to a single solar cell that serves as the device's power source, and the electrical energy harvested by the solar cell can be stored in one of two ways: electrochemically in the supercapacitor or chemically as hydrogen. The device also is a step forward because it produces hydrogen fuel in an environmentally friendly way. Currently, about 95 percent of hydrogen production worldwide comes from converting fossil fuels such as natural gas into hydrogen -- a process that releases large quantities of carbon dioxide into the air, said Maher El-Kady, a UCLA postdoctoral researcher and a co-author of the research. The technology is described in the journal Energy Storage Materials.
Transportation

Uber Expands Driverless-Car Push With Deal For 24,000 Volvos (bloomberg.com) 168

Uber agreed to buy 24,000 sport utility vehicles from Volvo to form a fleet of driverless autos. According to Bloomberg, "The XC90s, priced from $46,900 at U.S. dealers, will be delivered from 2019 to 2021 in the first commercial purchase by a ride-hailing provider." Uber will add its own sensors and software to permit pilot-less driving. From the report: Uber's order steps up efforts to replace human drivers, the biggest cost in its on-demand taxi service. The autonomous fleet is small compared with the more than 2 million people who drive for Uber but reflects dedication to the company's strategy of developing self-driving cars. "This new agreement puts us on a path toward mass-produced, self-driving vehicles at scale," Jeff Miller, Uber's head of auto alliances, told Bloomberg News. "The more people working on the problem, we'll get there faster and with better, safer, more reliable systems."
iMac

iMac Pro Will Have An A10 Fusion Coprocessor For 'Hey, Siri' Support and More Secure Booting, Says Report (theverge.com) 162

According to Apple firmware gurus Steven Troughton-Smith and Guilherme Rambo, the upcoming iMac Pro will feature an A10 Fusion coprocessor to enable two interesting new features. "The first is the ability for the iMac Pro to feature always-on 'Hey, Siri' voice command support, similar to what's currently available on more recent iPhone devices," reports The Verge. "[T]he bigger implication of the A10 Fusion is for a less user-facing function, with Apple likely to use the coprocessor to enable SecureBoot on the iMac Pro." From the report: In more practical terms, it means that Apple will be using the A10 Fusion chip to handle the initial boot process and confirm that software checks out, before passing things off to the regular x86 Intel processor in your Mac. It's not something that will likely change how you use your computer too much, like the addition of "Hey, Siri" support will, but it's a move toward Apple experimenting with an increased level of control over its software going forward.

Slashdot Top Deals