Businesses

Verizon Accused of Throttling Netflix and YouTube, Admits To 'Video Optimization' (arstechnica.com) 32

New submitter dgatwood writes: According to an Ars Technica article, Verizon recently began experimenting with throttling of video traffic. The remarkable part of this story is not that a wireless ISP would throttle video traffic, but rather that Verizon's own Go90 video platform is also affected by the throttling. From the article, "Verizon Wireless customers this week noticed that Netflix's speed test tool appears to be capped at 10Mbps, raising fears that the carrier is throttling video streaming on its mobile network. When contacted by Ars this morning, Verizon acknowledged using a new video optimization system but said it is part of a temporary test and that it did not affect the actual quality of video. The video optimization appears to apply both to unlimited and limited mobile plans. But some YouTube users are reporting degraded video, saying that using a VPN service can bypass the Verizon throttling."
If even Verizon can get on board with throttling sans paid prioritization, why is Comcast so scared of the new laws that are about to go into effect banning it?

Mozilla

The New Firefox and Ridiculous Numbers of Tabs (metafluff.com) 61

An anonymous reader shares a blog post: I've got a Firefox profile with 1691 tabs. As you would expect, Firefox handled this profile quite poorly for a long time. I got used to multi-minute startup time, waiting 15-30 seconds for tabs from external apps to show up, and all manner of non-responsive behavior. And then, quite recently, everything changed. Right now, more effort is being put into making Firefox fast than I've seen since... well, since I've been working on Firefox. And I've been at Mozilla for more than a decade. Part of this effort is a project called Quantum Flow -- a bunch of engineers making changes that directly impact Firefox responsiveness. A lot of the improvement in this particular scenario is from Kevin Jones' work on bringing the overall cost of unloaded tabs as close to zero as possible. While the major work has landed, the work continues in Bug 906076. Test scenario: I took my 1691 tab browser profile, and did a wall-clock measurement of start-up time and memory use for Firefox versions 20, 30, 40, and 50 through 56. In the result, the person found that Firefox startup time has gotten worse over time... until Firefox 51.
Communications

AlphaBay Owner Used Email Address For Both AlphaBay and LinkedIn Profile. 130

BarbaraHudson writes: The Register is reporting that Alexandre Cazes, the 25-year-old Canadian running the dark web site AlphaBay, was using a hotmail address easily connected to him via his Linkdin profile to administer the site. From the report: "[A]ccording to U.S. prosecutors, he used his real email address, albeit a Hotmail address -- Pimp_Alex_91@hotmail.com -- as the administrator password for the marketplace software. As a result, every new user received a welcome email from that address when they signed up to the site, and everyone using its password recovery tool also received an email from that address. However, rather than carefully set up and then abandon that email address, it turns out that Alexandre Cazes -- Pimp Alex -- had been using that address for years. Cazes had also used his Pimp Alex Hotmail address as well as an email address from his own business -- EBX Technologies -- to set up online bank accounts and crypto-currency accounts. How did law enforcement know that Cazes was behind EBX Technologies? It was on his LinkedIn profile."

BarbaraHudson adds: "His laptop wasn't encrypted, so expect more arrests as AlphaBay users are tracked down."
PlayStation (Games)

Sony Using Copyright Requests To Remove Leaked PS4 SDK From the Web (arstechnica.com) 133

An anonymous reader quotes a report from Ars Technica: Sony appears to be using copyright law in an attempt to remove all traces of a leaked PlayStation 4 Software Development Kit (PS4 SDK) from the Web. That effort also seems to have extended in recent days to the forced removal of the mere discussion of the leak and the posting of a separate open source, homebrew SDK designed to be used on jailbroken systems. The story began a few weeks ago, when word first hit that version 4.5 of the PS4 SDK had been leaked online by a hacker going by the handle Kromemods. These SDKs are usually provided only to authorized PS4 developers inside development kits. The SDKs contain significant documentation that, once made public, can aid hackers in figuring out how to jailbreak consoles, create and install homebrew software, and enable other activities usually prohibited by the hardware maker (as we've seen in the wake of previous leaks of PlayStation 3 SDKs). While you can still find reference to the version 4.5 SDK leak on places like Reddit and MaxConsole, threads discussing and linking to those leaked files on sites like GBATemp and PSXhax, for example, appear to have been removed after the fact. Cached versions of those pages show links (now defunct) to download those leaked files, along with a message from KromeMods to "Please spread this as much as possible since links will be taken down... We will get nowhere if everything keeps private; money isn't everything." KromeMods notes on Twitter that his original tweet posting a link to the leaked files was also hit with a copyright notice from Sony.
The Internet

Swedish Rail Firm Approves Trainy McTrainface As Name Following Online Poll (theguardian.com) 86

Those disappointed when Britain rejected the name Boaty McBoatface for a polar research ship should find joy in the name of a new train in Sweden. After a public vote, a Swedish rail operator has vowed to name one of its trains Trainy McTrainface. The Guardian reports: Trainy McTrainface won 49% of the votes in the naming competition, conducted online by train operator MTR Express and Swedish newspaper Metro, beating choices such as Hakan, Miriam and Poseidon. The train will run between the Swedish capital Stockholm and Gothenburg, the country's second-biggest city. MTR said another train had been voted to be named "Glenn," an apparent tribute to an IFK Gothenburg soccer team of the 1980s that featured four players of that name -- uncommon in Sweden -- including Glenn Hysen, who later captained Liverpool.
The Courts

Judge Rules That Government Can Force Glassdoor To Unmask Anonymous Users Online (arstechnica.com) 115

pogopop77 shares a report from Ars Technica: An appeals court will soon decide whether the U.S. government can unmask anonymous users of Glassdoor -- and the entire proceeding is set to happen in secret. Federal investigators sent a subpoena asking for the identities of more than 100 anonymous users of the business-review site Glassdoor, who apparently posted reviews of a company that's under investigation for potential fraud related to its contracting practices. The government later scaled back its demand to just eight users. Prosecutors believe these eight Glassdoor users are "third-party witnesses to certain business practices relevant to [the] investigation." The name of the company under investigation is redacted from all public briefs. Glassdoor made a compromise proposal to the government: it would notify the users in question about the government's subpoena and then provide identifying information about users who were willing to participate. The government rejected that idea. At that point, Glassdoor lawyered up and headed to court, seeking to have the subpoena thrown out. Lawyers for Glassdoor argued that its users have a First Amendment right to speak anonymously. While the company has "no desire to interfere" with the investigation, if its users were forcibly identified, the investigation "could have a chilling effect on both Glassdoor's reviewers' and readers' willingness to use glassdoor.com," states Glassdoor's motion (PDF). The government opposed the motion, though, and prevailed in district court.
Crime

Authorities Take Down Hansa Dark Web Market, Confirm AlphaBay Takedown (bleepingcomputer.com) 39

An anonymous reader writes via Bleeping Computer: Today, in coordinated press releases, the U.S. Department of Justice (DOJ) and Europol announced the takedown of two Dark Web marketplaces -- AlphaBay and Hansa Market. First to fall was the Hansa Market after Dutch officers seized control over their servers located inside one of the country's hosting providers. Dutch Police seized Hansa servers on June 20, but the site was allowed to operate for one more month as officers gathered more evidence about its clientele. The Hansa honeypot received an influx of new users as the FBI shut down AlphaBay on July 5, a day after it took control over servers on July 4. Europol and the FBI say they collected mountains of evidence such as "usernames and passwords of thousands of buyers and sellers of illicit commodities" and "delivery addresses for a large number of orders." FBI Active Director McCabe said AlphaBay was ten times larger than Silk Road, with over 350,000 listings. In opposition, Silk Road, which authorities seized in November 2013, listed a meager 14,000 listings for illicit goods and services at the time authorities took down the service.
Piracy

Game of Thrones Pirates Being Monitored By HBO, Warnings On The Way (torrentfreak.com) 276

HBO is leaving no stones unturned in keeping Game of Thrones' piracy under control. The company is monitoring various popular torrent swarms and sending thousands of warnings targeted at internet subscribers whose connections are used to share the season 7 premiere of the popular TV series, reports TorrentFreak: Soon after the first episode of the new season appeared online Sunday evening, the company's anti-piracy partner IP Echelon started sending warnings targeted at torrenting pirates. The warnings in question include the IP-addresses of alleged BitTorrent users and ask the associated ISPs to alert their subscribers, in order to prevent further infringements. "We have information leading us to believe that the IP address xx.xxx.xxx.xx was used to download or share Game of Thrones without authorization," the notification begins. "HBO owns the copyright or exclusive rights to Game of Thrones, and the unauthorized download or distribution constitutes copyright infringement. Downloading unauthorized or unknown content is also a security risk for computers, devices, and networks." Under US copyright law, ISPs are not obligated to forward these emails, which are sent as a DMCA notification. However, many do as a courtesy to the affected rightsholders. The warnings are not targeted at a single swarm but cover a wide variety of torrents. TorrentFreak has already seen takedown notices for the following files, but it's likely that many more are being tracked.
Businesses

Why is Comcast Using Self-driving Cars To Justify Abolishing Net Neutrality? (theverge.com) 222

Earlier this week, Comcast filed its comments in favor of the FCC's plan to eliminate the 2015 net neutrality rules. While much of the document was devoted to arguments we've heard before -- Comcast believes the current rules are anti-competitive and hurt investment, but generally supports the principles of net neutrality -- one statement stood out. The Verge adds: Buried in the 161-page document was this quirky assertion (emphasis ours): "At the same time, the Commission also should bear in mind that a more flexible approach to prioritization may be warranted and may be beneficial to the public... And paid prioritization may have other compelling applications in telemedicine. Likewise, for autonomous vehicles that may require instantaneous data transmission, black letter prohibitions on paid prioritization may actually stifle innovation instead of encouraging it. In other words, Comcast is arguing for paid prioritization and internet fast lanes to enable self-driving cars to communicate better with other vehicles and their surrounding environment, thus making them a safer and more efficient mode of transportation. The only problem is that autonomous and connected cars don't use wireless broadband to communicate. When cars talk with each other, they do it by exchanging data wirelessly over an unlicensed spectrum called the Dedicated Short Range Communications (DSRC) band, using technology similar to Wi-Fi. The FCC has set aside spectrum in the 5.9GHz band specifically for this purpose, and it is only meant to be used for vehicle-to-everything (V2X) applications. That includes vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-pedestrian (V2P) -- so cars talking to other cars, to traffic signals, to the phone in your pocket... you name it. Soon enough, all cars sold in the US will be required to include V2V technology for safety purposes, if the Department of Transportationâ(TM)s new rule goes into effect.
EU

EU Court to Rule On 'Right to Be Forgotten' Outside Europe (wsj.com) 180

The European Union's top court is set to decide whether the bloc's "right to be forgotten" policy stretches beyond Europe's borders, a test of how far national laws can -- or should -- stretch when regulating cyberspace. From a report: The case stems from France, where the highest administrative court on Wednesday asked the EU's Court of Justice to weigh in on a dispute between Alphabet's Google and France's privacy regulator over how broadly to apply the right (Editor's note: the link could be paywalled; alternative source), which allows EU residents to ask search engines to remove some links from searches for their own names. At issue: Can France force Google to apply it not just to searches in Europe, but anywhere in the world? The case will set a precedent for how far EU regulators can go in enforcing the bloc's strict new privacy law. It will also help define Europe's position on clashes between governments over how to regulate everything that happens on the internet -- from political debate to online commerce. France's regulator says enforcement of some fundamental rights -- like personal privacy -- is too easily circumvented on the borderless internet, and so must be implemented everywhere. Google argues that allowing any one country to apply its rules globally risks upsetting international law and, when it comes to content, creates a global censorship race among autocrats.
Privacy

Ask Slashdot: Is Password Masking On Its Way Out? 234

New submitter thegreatbob writes: Perhaps you've noticed in the last 5 years or so, progressively more entities have been providing the ability to reveal the contents of a password field. While this ability is, in many cases (especially on devices with lousy keyboards), legitimately useful, it does seem to be a reasonable source of concern. Fast forward to today; I was setting up a new router (cheapest dual-band router money can, from Tenda) and I was almost horrified to discover that it does not mask any of its passwords by default. So I ask Slashdot: is password masking really on its way out, and does password masking do anything beyond preventing the casual shoulder-surfer?
Communications

FCC Refuses To Release Text of More Than 40,000 Net Neutrality Complaints (arstechnica.com) 63

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission has denied a request to extend the deadline for filing public comments on its plan to overturn net neutrality rules, and the FCC is refusing to release the text of more than 40,000 net neutrality complaints that it has received since June 2015. The National Hispanic Media Coalition (NHMC) filed a Freedom of Information Act (FoIA) request in May of this year for tens of thousands of net neutrality complaints that Internet users filed against their ISPs. The NHMC argues that the details of these complaints are crucial for analyzing FCC Chairman Ajit Pai's proposal to overturn net neutrality rules. The coalition also asked the FCC to extend the initial comment deadline until 60 days after the commission fully complies with the FoIA request. A deadline extension would have given people more time to file public comments on the plan to eliminate net neutrality rules. Instead, the FCC yesterday denied the motion for an extension and said that it will only provide the text for a fraction of the complaints, because providing them all would be too burdensome.
Security

Should We Ignore the South Carolina Election Hacking Story? (securityledger.com) 137

chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."
Bug

Flaw In IoT Security Cameras Leaves Millions of Devices Open To Hackers (vice.com) 53

New submitter Aliciadivo writes: A nasty vulnerability found in Axis security cameras could allow hackers to take full control of several types of Internet of Things devices, and in some cases, software programs, too. The Senrio research team found that devices and software programs using an open source software library called gSOAP to enable their product to communicate to the internet could be affected. Stephen Ridley, founder of Senrio, said: "I bet you all these other manufacturers have the same vulnerability throughout their product lines as well. It's a vulnerability in virtually every IoT device [...] Every kind of device you can possibly think of." A spokesperson for ONVIF, an electronics industry consortium that includes Axis and has includes some members that use gSOAP, said it has notified its members of the flaw, but it's not "up to each member to handle this in the way they best see fit." Also, gSOAP "is not in any way mandated by the ONVIF specifications, but as SOAP is the base for the ONVIF API, it is possible that ONVIF members would be affected." Hundreds of thousands of devices might be affected, as a search for the term "Axis" on Shodan, an engine that scours the internet for vulnerable devices, returns around 14,000 results. You can view Senrio Labs' video on the exploit (which they refer to as the "Devil's Ivy Exploit") here.
Social Networks

Nearly 90,000 Sex Bots Invaded Twitter in 'One of the Largest Malicious Campaigns Ever Recorded on a Social Network' (gizmodo.com) 53

An anonymous reader shares a report: Last week, Twitter's security team purged nearly 90,000 fake accounts after outside researchers discovered a massive botnet peddling links to fake "dating" and "romance" services. The accounts had already generated more than 8.5 million posts aimed at driving users to a variety of subscription-based scam websites with promises of -- you guessed it -- hot internet sex. The accounts were first identified by ZeroFOX, a Baltimore-based security firm that specializes in social-media threat detection. The researchers dubbed the botnet "SIREN" after sea-nymphs described in Greek mythology as half-bird half-woman creatures whose sweet songs often lured horny, drunken sailors to their rocky deaths. ZeroFOX's research into SIREN offers a rare glimpse into how efficient scammers have become at bypassing Twitter's anti-spam techniques. Further, it demonstrates how effective these types of botnets can be: The since-deleted accounts collectively generated upwards of 30 million clicks -- easily trackable since the links all used Google's URL shortening service.
Google

Google Bolsters Security To Prevent Another Google Docs Phishing Attack (zdnet.com) 25

Google is adding a set of features to its security roster to prevent a second run of last month's massive phishing attack. From a report: The company is adding warnings and interstitial screens to warn users that an app they are about to use is unverified and could put their account data at risk. This so-called "unverified app" screen will land on all new web apps that connect to Google user accounts to prevent a malicious app from appearing legitimate. Any Google Chrome user landing on a hacked or malicious website will recognize the prompt as the red warning screen. Some existing apps will also have to go through the same verification process as new apps, Google said. Google also said it will add those warnings to its Apps Scripts, which let Google use custom macros and add-ons for its productivity apps, like Google Docs.
Network

Mesh Networking Comes To Bluetooth, Which Could Set Off a New Wave of Smart Buildings (geekwire.com) 70

One of the most widely used technologies in mobile computing is getting an important upgrade that could accelerate the development of the smart home and industrial internet. From a report: The Bluetooth Special Interest Group, the Kirkland, Wash.-based group that enforces compatibility among the billions of devices that use the short-range Bluetooth wireless technology, plans to announce Tuesday that the standard now supports mesh networking. Mesh networks connect a variety of access points and devices across a distributed network, rather than the one-to-one connection that currently exists between your smartphone and that headset that makes you look ridiculous. This approach dramatically improves the range and reliability of a wireless network, since information can be relayed across several different devices rather than having to stretch between two far-apart devices. And if part of the network goes offline, mesh technology has the capability to route around that outage and still carry out its original mission. Wi-Fi networks have also been getting in on this mesh networking act, which has an additional bonus: mesh networks are much easier to set up than traditional wireless networks.
China

China's Censors Can Now Erase Images Mid-Transmission (wsj.com) 90

Eva Dou, reporting for WSJ: China's already formidable internet censors have demonstrated a new strength -- the ability to delete images in one-on-one chats as they are being transmitted, making them disappear before receivers see them. The ability is part of a broader technology push by Beijing's censors to step up surveillance and get ahead of activists and others communicating online in China (Editor's note: the link could be paywalled; alternative source). Displays of this new image-filtering capability kicked into high gear last week as Chinese dissident Liu Xiaobo lay dying from liver cancer and politically minded Chinese tried to pay tribute to him, according to activists and a new research report. Wu Yangwei, a friend of the long-jailed Nobel Peace Prize laureate, said he used popular messaging app WeChat to send friends a photo of a haggard Mr. Liu embracing his wife. Mr. Wu believed the transmissions were successful, but he said his friends never saw them. "Sometimes you can get around censors by rotating the photo," said Mr. Wu, a writer better known by his pen name, Ye Du. "But that doesn't always work." There were disruptions on Tuesday to another popular messaging app, Facebook's WhatsApp, with many China-based users saying they were unable to send photos and videos without the use of software that circumvents Chinese internet controls. Text messages appeared to be largely unaffected.
Security

Hacks 'Probably Compromised' UK Industry (bbc.com) 19

Some industrial software companies in the UK are "likely to have been compromised" by hackers, according to a document reportedly produced by British spy agency GCHQ. A copy of the document from the National Cyber Security Centre (NCSC) -- part of GCHQ -- was obtained by technology website Motherboard. From a report: A follow-up by the BBC indicated that the document was legitimate. There have been reports about similar cyber-attacks around the world lately. Modern, computer-based industrial control systems manage equipment in facilities such as power stations. And attacks attempting to compromise such systems had become more common recently, one security researcher said. The NCSC report specifically discusses the threat to the energy and manufacturing sectors. It also cites connections from multiple UK internet addresses to systems associated with "advanced state-sponsored hostile threat actors" as evidence of hackers targeting energy and manufacturing organisations.
Google

Google Fiber Is Losing Its Second CEO in Less Than a Year (businessinsider.com) 71

An anonymous reader shares a report: Google Fiber, the high-speed internet service operated by Alphabet, has lost its second CEO in less than a year. Gregory McCray is stepping down from the CEO job of Access, the Alphabet subsidiary that houses the Fiber unit, Google confirmed to Business Insider on Monday. The change is the latest shake-up at Access, which announced in October that it would stop rolling out its 1 gigabit per second wired broadband networks to new cities and focus on newer, wireless options, such as the Webpass wireless service it acquired last year. The Access group also had layoffs towards the end of 2016 and shifted hundreds of other employees to different units within Google earlier this year. Alphabet CEO Larry Page said in an emailed statement to Business Insider on Monday that the company is "committed to the success of Google Fiber" and was looking for new leader for the business.

Slashdot Top Deals