IT

Internet Traffic To Major Tech Firms Mysteriously Rerouted To Russia (securityweek.com) 62

wiredmikey writes: Internet traffic to some of the world's largest tech firms was briefly rerouted to Russia earlier this week in what appeared to be a Border Gateway Protocol (BGP) attack. Internet monitoring service BGPmon noticed that 80 IP prefixes for organizations such as Google, Microsoft, Apple, Facebook, NTT Communications, Twitch and Riot Games had been announced by a Russian Autonomous System (AS).

It happened twice on Tuesday and each time it only lasted for roughly three minutes. The first event took place between 04:43 and 04:46 UTC, and the second between 07:07 and 07:10 UTC. Despite being short-lived, BGPmon said the incidents were significant, including due to the fact that the announcements were picked up by several peers and some large ISPs, such as Hurricane Electric and Zayo in the U.S., Telstra in Australia, and NORDUnet, which is a joint project of several Nordic countries. The incident is rather suspicious, as the prefixes that were affected are all high profile destinations, as well as several more specific prefixes that aren't normally seen on the Internet.

Microsoft

Microsoft Unveils Improved AI-powered Search Features for Bing (engadget.com) 35

Microsoft unveiled a handful of new intelligent search features for Bing at an event held in San Francisco this week. From a report: Powered by AI, the search updates are meant to provide more thorough answers and allow for more conversational or general search queries. First, when answering a question, Bing will now validate its answers by sourcing a number of websites, not just one. And in cases where there are two valid perspectives, like, for example, in response to the question, "Is cholesterol bad," they'll be aggregated and Bing will show both at the top of the search page. Additionally, when there's more than one way to answer a query, Bing will provide a carousel of answers. The Bing team is also adding relevant analogies or comparisons to search answers that make the provided information easier to understand. [...] Bing will also help users find answers to broad or conversational queries by asking clarifying questions that will help refine the search. And Microsoft also introduced Bing's advanced image search capabilities, which will now let users search images or objects within images to, for example, help them track down a particular fashion item they'd like to purchase.
IT

Tech Support Scammers Invade Spotify Forums To Rank in Search Engines (bleepingcomputer.com) 33

Tech support scammers have been aggressively posting on Spotify forums to inject their phone numbers in a bid to vastly improve their odds of showing up on Google and Bing search results, a new report claims. And that bet seems to be working. From the report: They do this by submitting a constant stream of spam posts to the Spotify forums, whose pages tend to rank well in Google. While this behavior causes the Spotify forums to become harder to use for those who have valid questions, the bigger problem is that it allows tech support scammers to rank extremely well and trick unknowing callers into purchasing unnecessary services and software. BleepingComputer was alerted to this problem by security researcher Cody Johnston who started to see an alarming amount of tech support scam phone numbers being listed in Google search results through indexed Spotify forum posts. The tech support scams being posted to Spotify include Tinder, Linksys, AOL, Turbotax, Coinbase, Amazon, Apple, Microsoft, Norton, McAfee and more.
Nintendo

Nintendo Switch Sales Hit 10 Million Units, Could Outdo the Wii (fastcompany.com) 77

Nintendo's big bet on a hybrid portable and home game system is paying off, with 10 million Nintendo Switch units sold in nine months. From a report: Nintendo of America President Reggie Fils-Aime told Variety that the Switch could even top first-year sales of the Wii, the company's best-selling console yet -- if momentum holds up through the holidays. Strong sales will be important for Nintendo as it tries to convince game publishers to invest in the platform, whose less powerful hardware can't always handle the same games as Microsoft's Xbox and Sony's PlayStation consoles.
Microsoft

Microsoft Releases Free Preview of Its Quantum Development Kit (zdnet.com) 31

Microsoft is releasing a free preview version of its Quantum Development Kit. "The kit includes the Q# programming language and compiler and a local quantum computing simulator, and is fully integrated with Visual Studio," reports ZDNet. "There's also an Azure-based simulator that allows developers to simulate more than 40 logical qubits of computing power, plus documentation libraries, and sample programs, officials said in their December 11 announcement." From the report: Quantum computers are designed to process in parallel, thus enabling new types of applications across a variety of workloads. They are designed to harness the physics of subatomic particles to provide a different way to store data and solve problems compared to conventional computers, as my ZDNet colleague Tony Baer explains. The result is that quantum computers could solve certain high-performance-computing problems more efficiently. Microsoft officials have said applications that developers create for use with the quantum simulator ultimately will work on a quantum computer, which Microsoft is in the process of developing. Microsoft's goal is to build out a full quantum computing system, including both the quantum computing hardware and the related full software stack.
Bug

Microsoft's 'Malware Protection Engine' Had A Remote Code Execution Flaw (theregister.co.uk) 54

Slashdot reader Trax3001BBS shares an article from The Register: Microsoft posted an out-of-band security update Thursday to address a remote code execution flaw in its Malware Protection Engine. Redmond says the flaw, dubbed CVE-2017-11937, has not yet been exploited in the wild. Because it is an out-of-band critical fix, however, it should be installed as soon as possible. For most users, this will happen automatically.

The security hole is present in Windows Defender and Microsoft Security Essentials, as well as Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016... According to Microsoft, the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file to check for threats. In many systems this is set to happen automatically for all new files. By exploiting a memory corruption error in the malware scanning tool, the attack file would be able to execute code on the target machine with LocalSystem privileges.

Security

'Process Doppelganging' Attack Bypasses Most Security Products, Works On All Windows Versions (bleepingcomputer.com) 125

An anonymous reader quotes a report from Bleeping Computer: Yesterday, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelganging." This new attack works on all Windows versions and researchers say it bypasses most of today's major security products. Process Doppelganging is somewhat similar to another technique called "Process Hollowing," but with a twist, as it utilizes the Windows mechanism of NTFS Transactions.

"The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine," Tal Liberman & Eugene Kogan, the two enSilo researchers who discovered the attack told Bleeping Computer. "Very similar to process hollowing but with a novel twist. The challenge is doing it without using suspicious process and memory operations such as SuspendProcess, NtUnmapViewOfSection. In order to achieve this goal we leverage NTFS transactions. We overwrite a legitimate file in the context of a transaction. We then create a section from the modified file (in the context of the transaction) and create a process out of it. It appears that scanning the file while it's in transaction is not possible by the vendors we checked so far (some even hang) and since we rollback the transaction, our activity leaves no trace behind." The good news is that "there are a lot of technical challenges" in making Process Doppelganging work, and attackers need to know "a lot of undocumented details on process creation." The bad news is that the attack "cannot be patched since it exploits fundamental features and the core design of the process loading mechanism in Windows."
More research on the attack will be published on the Black Hat website in the following days.
IT

Amazon Opens Registration For .BOT Domain Name (amazonregistry.com) 44

Amazon began accepting registration requests for .BOT domain name from the public this week as the e-commerce giant comes to realize the potential of the top level domain name it secured rights for two years ago. For now, Amazon is keeping the registration for .BOT domains limited. "Creators with published bots who use Amazon Lex, Microsoft Bot Framework and Dialogflow can validate a bot and register a .BOT domain name," the company said, noting that the limited registration phase would end on March 30, 2018. At the time of registration, Amazon requires users to sign into their Amazon account and validate their published bot.
The Almighty Buck

'We Could Fund a Universal Basic Income With the Data We Give Away To Facebook and Google' (thenextweb.com) 583

Tristan Greene reports via The Next Web: A universal basic income (UBI), wherein government provides a monthly stipend so citizens can afford a home and basic necessities, is something experts believe would directly address the issue of unemployment and poverty, and possibly even eliminate hundreds of other welfare programs. It may also be the only real solution to the impending automation bonanza. According to AI expert Steve Fuller, the problem is, giving people money when they lose jobs won't fix the issue, it's a temporary solution and we need permanent ones. Sounds fair, and he even has some ideas on how to accomplish this end: "We could hold Google and Facebook and all those big multinationals accountable; we could make sure that people, like those who are currently 'voluntarily' contributing their data to pump up companies' profits, are given something that is adequate to support their livelihoods in exchange."

It's an interesting idea, but difficult to imagine it's implementation. If the government isn't assigning a specific stipend value, we'll have to be compensated individually by companies. One way to do this, is by emulating the old coal mining company scrip scams of early last century. Employees working for companies would be paid in currency only redeemable at the company store. This basically created a system where a company could tax its own workers for profit. Google, for example, could use a system like that and say "opt-in for $10 worth of Google Play music for free," if they wanted to. Which doesn't help pay the bills when machines replace you at work, but at least you'll be able to voice search for your favorite songs. Another idea is to charge companies an automation tax, but again there's concerns as to how this would be implemented. A solution that combines government oversight with a tax on AI companies -- a UBI funded by the dividends of our data -- may be the best option. To be blunt: we should make Google, Microsoft, Facebook and other such AI companies pay for it with a simple data tax.

Android

Qualcomm Announces Latest Snapdragon 845 Processor (9to5google.com) 38

The processor to power the next generation of Android flagship smartphones has been announced today. Qualcomm unveiled the new Snapdragon 845 processor at the 2017 Snapdragon Tech Summit, where Microsoft announced it was working with its PC partners to bring Windows 10 to Qualcomm's ARM processors. While more technical details of the chip will be announced tomorrow, we do know that the Snapdragon 845 processor is based on a 10nm processor and will feature the latest X20 LTE modem for gigabit connectivity speeds. Generally speaking, the new processor will bring improved performance, better power efficiency, and improved image processing.
Microsoft

Microsoft Debuts Windows 10 on ARM; Asus and HP Unveil Laptops With 20-Hour Battery Life, Gigabit LTE (zdnet.com) 139

Mary Jo Zoley, writing for ZDNet: A year ago, Microsoft announced it was working with its PC partners to bring Windows 10 to Qualcomm's ARM processors. The resulting machines, part of the "Always Connected PC" ecosystem, would start rolling out before the end of calendar 2017, officials said. Today, December 5, Microsoft provided a progress report on Windows on ARM at Qualcomm's Snapdragon Tech Summit. Microsoft and PC makers Asus and HP showed off new PCs running Windows 10 on Snapdragon 835 at the event. Asus' NovoGo will begin shipping at least in quantities before year-end, I've heard. Models with 4 GB of RAM and 16 GB of storage will be available starting at $599, and 8GB/256 GB storage model at $799, Asus officials said today. Asus is claiming 22 hours of continuous video playback and 30 days of standby. HP's Envy x2 -- like most of the ARM-based Always Connected Windows 10 devices -- won't be available until Spring of 2018. Users can get up to 20 hours of active use and 700 hours of "Connected Modern Standby." Pricing is not yet available.
Windows

Lead Developer of Popular Windows Application Classic Shell Is Quitting 97

WheezyJoe writes: Classic Shell is a free Windows application that for years has replaced Microsoft's Start Screen or Start Menu with a highly configurable, more familiar non-tile Start menu. Yesterday, the lead developer released what he said would be the last version of Classic Shell. Citing other interests and the frequency at which Microsoft releases updates to Windows 10, as well as lagging support for the Win32 programming model, the developer says that he won't work on the program anymore. The application's source code is available on SourceForge, so there is a chance others may come and fork the code to continue development. There are several alternatives available, some pay and some free (like Start10 and Start Is Back++), but Classic Shell has an exceptionally broad range of tweaks and customizability.
Education

Should Teachers Get $100 For Steering Kids To Google's 'Hour of Code' Lesson? 89

Tomorrow's "Hour of Code" kick-off event features Melinda Gates, Facebook COO Sheryl Sandberg, YouTube CEO Susan Wojcicki, and "multiple state governors," reports theodp -- who has some concerns. With Microsoft boasting that nearly 70 million of its Minecraft Hour of Code sessions have been launched, and tech companies pushing coding and their products into classrooms, it's probably no surprise that the 2017 Hour of Code -- organized by tech-bankrolled Code.org -- seems to have presented a too-hard-to-resist branding opportunity for Google, Microsoft, Apple and Amazon.

And, in what might evoke memories of Dollars for Doctors, some teachers will even be rewarded for steering their kids to Google's Hour of Code lesson. "Thanks to our friends at Google," explains crowdfunding website DonorsChoose.org, "4th-8th grade public school teachers who engage their students in a 'Create your own Google logo' Hour of Code activity can earn a $100 DonorsChoose.org gift code -- and have the opportunity to receive one of five other grand prizes (including $5,000 in DonorsChoose.org credits for your school!)."
Security

StartCom Will Stop Issuing Certificates, Revoking Them All in 2020 (startcomca.com) 42

thegarbz writes: Startcom, a certificate authority which as we covered previously has been distrusted by Mozilla, by Google, and recently also by Microsoft, has announced that it will cease trading as a Certificate Authority. While their website currently shows no indication that their certificates have any problems, a news posting has announced their intentions to stop providing certificates as of January 2018, and to revoke all remaining certificates in 2020.
The original submission also says StartCom sent an email to all their former customers -- including customers of their free StartSSL certificates -- announcing their intentions. As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers.

The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcoms website.

StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years. StartCom would like to thank you for your support during this difficult time.

Cloud

Is Open Source Innovation Now All About Vendor On-Ramps? (infoworld.com) 58

InfoWorld published an interesting essay from Matt Asay, former COO at Canonical (and an emeritus board member of the Open Source Initiative), about innovation from the big public cloud vendors, which "even when open-sourced, doesn't really help the community at large... All this innovation is available to buy; none of it is available to build. Not for mere mortals, anyway." Google in particular has figured out how to both open-source code in a useful way and make it pay. As Server Density CEO David Mytton has underlined, Google hopes to "standardize machine learning on a single framework and API," namely TensorFlow, then supplement it "with a service that can [manage] it all for you more efficiently and with less operational overhead," namely Google Cloud. By open-sourcing TensorFlow and backing it with machine-learning-heavy Google Cloud, Google has open-sourced a great on-ramp to future revenue.

My question: why not do this with the rest of its code? The simple answer is "Because it's a lot of work." That is, Google could open-source everything tomorrow without any damage to its revenue, but the code itself would provide other providers and enterprises only limited ability to increase their revenue unless Google did all the necessary prep work to make it useful to mere mortals not running superhuman Google infrastructure. This is the trick that AWS, Microsoft, and Google are all racing to figure out today. Not open source, per se, because that's the easy table stakes. No, the AWS/Microsoft Azure/Google Cloud trio are figuring out how to turn their innovations into open source on-ramps to their proprietary services. Companies used to lock up their code to sell it. Today, it's the opposite: They need to open it up to make their ability to operate the code at scale more valuable. For them.

Mozilla

Mozilla Revenue Jump Fuels Its Firefox Overhaul Plan (cnet.com) 127

Well, now we know what paid for all those programmers cranking out the overhauled Firefox Quantum browser: a major infusion of new money. From a report: Mozilla, the nonprofit behind the open-source web browser, saw its 2016 revenue increase 24 percent to an all-time high of $520 million, it said Friday. Expenses grew too, but not as much, from $361 million to $337 million, so the organization's war chest is significantly bigger now. Mozilla, which now has about 1,200 employees, releases prior-year financial results in conjunction with tax filings. Most of Mozilla's money comes from partnerships with search engines like Google, Yahoo, DuckDuckGo, Baidu and Yandex. When you search through Firefox's address bar, those search engines show search ads alongside results and share a portion of the revenue to Mozilla. Mozilla in 2014 signed a major five-year deal with Yahoo to be the default search engine in the US, but canceled it only three years in and moved back to Google instead in November. Mozilla's mission -- to keep the internet open and a place where you aren't in the thrall of tech giants -- may seem abstract. But Mozilla succeeded in breaking the lock Microsoft's Internet Explorer had on the web a decade ago, and now it's fighting the same battle again against Google's Chrome.
Microsoft

Microsoft's Edge Browser Now Generally Available For iOS, Android (zdnet.com) 140

An anonymous reader shares a report: Microsoft announced in October previews of new Edge browser apps for iOS and Android. On November 30, Microsoft officials are announcing that these apps are no longer in preview and are generally available for users in select markets. By making Edge apps available on non-Windows operating systems, Microsoft is hoping to do more than give Windows 10 users who use Edge a more convenient way to sync their bookmarks, tabs, etc., across devices. Microsoft also is doing this to improve its "Continue on PC" feature that it's been touting for Windows 10. With "Continue on PC," users will be able to share a web site, app, photo, and other information from their phones to their Windows 10 PCs in a faster and more seamless way. Microsoft is looking to Continue on PC to help keep Windows PCs relevant in a world where more and more computing is done on mobile devices.
Microsoft

Microsoft: We're Razing Our Redmond Campus To Build a Mini City (zdnet.com) 98

Armand Winter shares a report from ZDNet: Microsoft president Brad Smith said the company will spend $150 million in transport infrastructure, public spaces, sports fields and green space. It expects the project will create 2,500 construction and development jobs. Microsoft's renovation budget is modest compared with the $5 billion Apple spent on its new spaceship headquarters in Cupertino, while Microsoft's Washington neighbor and cloud rival, Amazon, will spend $5 billion on a second North American headquarters, which will offer space for 50,000 people. "We are not only creating a world-class work environment to help retain and attract the best and brightest global talent, but also building a campus that our neighbors can enjoy, and that we can build in a fiscally smart way with low environmental impact," said Smith in a blog post.
Windows

Windows 10 Now on 600 Million Active Devices (geekwire.com) 142

Windows 10 has found its way onto 600 million active devices, says CEO Satya Nadella. From a report: CEO Satya Nadella referenced the new number for the first time moments ago at the company's annual shareholders meeting. The number is up from the 500 million devices touted by Microsoft earlier this year, but it's still well short of the company's original goal of 1 billion Windows 10 devices within two to three years of its 2015 release.
Facebook

'Break Up Google and Facebook If You Ever Want Innovation Again' (theregister.co.uk) 268

Hal_Porter shares a report from The Register: If the tech industry wants another wave of innovation to match the PC or the internet, Google and Facebook must be broken up, journalist and film producer Jonathan Taplin told an audience at University College London's Faculty of Law this week. He was speaking at an event titled Crisis in Copyright Policy: How the digital monopolies have cornered culture and what it means for all of us, where he credited the clampers put on Bell then IBM for helping to create the PC industry and the internet. Taplin told his audience that he'd been moved by the fate of his friend Levon Helm, The Band's drummer, who was forced to go back on the road in his sixties, after radiation therapy for cancer. Helm died broke. Today, Taplin points out, YouTube accounts for 57 per cent of all songs streamed over the internet, but thanks to a loophole returns just 13.5 per cent of revenue. "That's not a willing buyer-seller relationship," he said, referring to the UGC loophole that Google enjoys, one not available to Spotify or Apple Music. But it isn't just songwriters and musicians who are poorly paid. The average person "works for two hours a day for Mark Zuckerberg" generating a data profile. Taplin pointed out that Bell held patents on many technologies including the transistor, the laser and the solar cell, that it agreed to license, royalty free, as part of a 1956 consent decree.

Taplin saw history repeated with IBM. Under the 1956 (again) consent decree IBM was obliged to unbundle software from hardware in the 1960s. But competition authorities again opened up an investigation in 1969 which ran for 13 years. Caution made IBM ensure its first microcomputer, the IBM PC, launched in 1981, was an open platform. IBM chose three operating systems to run on the first PC but clearly favoured an outsider, from a tiny Seattle outfit originally called "Micro-Soft." Then Microsoft got the treatment. "Every 20 years we have this fight -- and we're about to have it again," Taplin told the audience. Antitrust was necessary "not because they're too big, but because there's no market solution" to Google and Facebook. The barriers to entry are now so high nobody is going bust open the ad duopoly. Taplin cited Snapchat an example of a company that tried to innovate, but refused to take Facebook's buyout offer. Facebook has simply copied its features.

Slashdot Top Deals