Businesses

Dodging Russian Spies, Customers Are Ripping Out Kaspersky (thedailybeast.com) 233

From a report: Multiple U.S. security consultants and other industry sources tell The Daily Beast customers are dropping their use of Kaspersky software all together, particularly in the financial sector, likely concerned that Russian spies can rummage through their files. Some security companies are being told to only provide U.S. products. And former Kaspersky employees describe the firm as reeling, with department closures and anticipation that researchers will jump ship soon. "We are under great pressure to only use American products no matter the technical or performance consequences," said a source in a cybersecurity firm which uses Kaspersky's anti-virus engine in its own services. The Daily Beast granted anonymity to some of the industry sources to discuss internal deliberations, as well as the former Kaspersky employees to talk candidly about recent events.
AI

DeepMind's Go-Playing AI Doesn't Need Human Help To Beat Us Anymore (theverge.com) 120

An anonymous reader quotes a report from The Verge: Google's AI subsidiary DeepMind has unveiled the latest version of its Go-playing software, AlphaGo Zero. The new program is a significantly better player than the version that beat the game's world champion earlier this year, but, more importantly, it's also entirely self-taught. DeepMind says this means the company is one step closer to creating general purpose algorithms that can intelligently tackle some of the hardest problems in science, from designing new drugs to more accurately modeling the effects of climate change. The original AlphaGo demonstrated superhuman Go-playing ability, but needed the expertise of human players to get there. Namely, it used a dataset of more than 100,000 Go games as a starting point for its own knowledge. AlphaGo Zero, by comparison, has only been programmed with the basic rules of Go. Everything else it learned from scratch. As described in a paper published in Nature today, Zero developed its Go skills by competing against itself. It started with random moves on the board, but every time it won, Zero updated its own system, and played itself again. And again. Millions of times over. After three days of self-play, Zero was strong enough to defeat the version of itself that beat 18-time world champion Lee Se-dol, winning handily -- 100 games to nil. After 40 days, it had a 90 percent win rate against the most advanced version of the original AlphaGo software. DeepMind says this makes it arguably the strongest Go player in history.
Software

EA Shuts Down Visceral Games, Shifting Development On Its Star Wars Game (kotaku.com) 75

Visceral Games, the studio behind games like Battlefield Hardline and Dead Space, is being shut down by EA. The Star Wars game in development at Visceral will be revamped and moved to a different studio. Kotaku reports: "Our Visceral studio has been developing an action-adventure title set in the Star Wars universe," EA's Patrick Soderlund said in a blog post. "In its current form, it was shaping up to be a story-based, linear adventure game. Throughout the development process, we have been testing the game concept with players, listening to the feedback about what and how they want to play, and closely tracking fundamental shifts in the marketplace. It has become clear that to deliver an experience that players will want to come back to and enjoy for a long time to come, we needed to pivot the design." Soderlund added that Visceral will be "ramping down and closing" and that "we're in the midst of shifting as many of the team as possible to other projects and teams at EA." "Lastly," he said, "while we had originally expected this game to launch late in our fiscal year 2019, we're now looking at a new timeframe that we will announce in the future."
Android

Android Oreo Helps Google's Pixel 2 Smartphones Outperform Other Android Flagships (hothardware.com) 77

MojoKid highlights Hot Hardware's review of Google's new Pixel 2 and Pixel 2 XL smartphones: Google officially launched it's Pixel 2 phones today, taking the wraps off third-party reviews. Designed by Google but manufactured by HTC (Pixel 2) and LG (Pixel 2 XL), the two new handsets also boast Google's latest Android 8.0 operating system, aka Oreo, an exclusive to Google Pixel and certain Nexus devices currently. And in some ways, this is also a big advantage. Though they are based on the same Qualcomm Snapdragon 835 processor as many other Android devices, Google's new Pixel 2s manage to outpace similarly configured smartphones in certain benchmarks by significant margins (Basemark, PCMark and 3DMark). They also boot dramatically faster than any other Android handset on the market, in as little as 10 seconds. Camera performance is also excellent, with both the 5-inch Pixel 2 and 6-inch Pixel 2 XL sporting identical electronics, save for their displays and chassis sizes. Another notable feature built into Android Oreo is Google Now Playing, an always-listening, Shazam-like service (if you enable it) that displays song titles on the lock screen if it picks up on music playing in the room you're in. Processing is done right on the Pixel 2 and it doesn't need network connectivity. Another Pixel 2 Oreo-based trick is Google Lens, a machine vision system that Google notes "can recognize places like landmarks and buildings, artwork that you'd find in a museum, media covers such as books, movies, music albums, and video games..." The Google Pixel 2 and Pixel 2 XL are available now on Verizon or unlocked via the Google Store starting at $649 and $849 respectively for 64GB storage versions, with a $100 up-charge for 128GB variants.
Google

Google Maps Ditches Walking Calorie Counter After Backlash (engadget.com) 341

Following online backlash, Google is removing a planned feature in Maps that shows you how many calories you'd burn when in walking mode. Google's attempt to promote a healthy lifestyle caused a number of people to lambast the feature on Twitter, claiming it would "shame" and even "trigger" those with eating disorders. Engadget reports: Taking note of the negative reaction, Google is now dumping the experiment. It confirmed to Engadget that the update was briefly tested on iOS, and has been abandoned based on user feedback. As The Hill's Taylor Lorenz noted in her tweets, there was no way to turn off the feature. Lorenz also claimed that using pink cupcakes as the unit of measurement was "lowkey aimed at women." Others pointed out that Maps wasn't the appropriate place for the update. After all, there are plenty of fitness and calorie counting apps that keep track of your activity and consumption -- again emphasizing how misplaced the feature was.
Piracy

Netflix, Amazon, Movie Studios Sue Over TickBox Streaming Device (arstechnica.com) 128

Movies studios, Netflix, and Amazon have teamed up to file a lawsuit against a streaming media player called TickBox TV. The device in question runs Kodi on top of Android 6.0, and searches the internet for streams that it can make available to users without actually hosting any of the content itself. An anonymous reader quotes a report from Ars Technica: The complaint (PDF), filed Friday, says the TickBox devices are nothing more than "tool[s] for mass infringement," which operate by grabbing pirated video streams from the Internet. The lawsuit was filed by Amazon and Netflix Studios, along with six big movie studios that make up the Motion Picture Association of America: Universal, Columbia, Disney, Paramount, 20th Century Fox, and Warner Bros.

"What TickBox actually sells is nothing less than illegal access to Plaintiffs' copyrighted content," write the plaintiffs' lawyers. "TickBox TV uses software to link TickBox's customers to infringing content on the Internet. When those customers use TickBox TV as Defendant intends and instructs, they have nearly instantaneous access to multiple sources that stream Plaintiffs' Copyrighted Works without authorization." The device's marketing materials let users know the box is meant to replace paid-for content, with "a wink and a nod," by predicting that prospective customers who currently pay for Amazon Video, Netflix, or Hulu will find that "you no longer need those subscriptions." The lawsuit shows that Amazon and Netflix, two Internet companies that are relatively new to the entertainment business, are more than willing to join together with movie studios to go after businesses that grab their content.

Open Source

Companies Overlook Risks in Open Source Software, Survey Finds (betanews.com) 131

An anonymous reader shares a report: Open source code helps software suppliers to be nimble and build products faster, but a new report reveals hidden software supply chain risks of open source that all software suppliers and IoT manufacturers should know about. The recent Equifax breach for example exploited a vulnerability in a widely used open source web framework, Apache Struts, and the study by software monetization specialist Flexera points out that as much as 50 percent of code in commercial and IoT software products is open source. "We can't lose sight that open source is indeed a clear win. Ready-to-go code gets products out the door faster, which is important given the lightning pace of the software space," says Jeff Luszcz, vice president of product management at Flexera. "However, most software engineers don't track open source use, and most software executives don't realize there's a gap and a security/compliance risk." Flexera surveyed 400 software suppliers, Internet of Things manufacturers and in-house development teams. It finds only 37 percent of respondents to the survey have an open source acquisition or usage policy, while 63 percent say either their companies either don't have a policy, or they don't know if one exists. Worryingly, of the 63 percent who say their companies don't have an open source acquisition or usage policy, 43 percent say they contribute to open source projects. There is an issue over who takes charge of open source software too. No one within their company is responsible for open source compliance, or they don't know who is, according to 39 percent of respondents.
Microsoft

Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 (reuters.com) 43

Citing five former employees, Reuters reported on Tuesday that Microsoft's secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago. From the report: The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident. The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins. The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks. "Bad guys with inside access to that information would literally have a 'skeleton key' for hundreds of millions of computers around the world," said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.
Google

Google Photos Now Recognizes Your Pets (techcrunch.com) 60

Today, Google is introducing an easier way to aggregate your pet photos in its Photos app -- by allowing you to group all your pet's photos in one place, right beside the people Google Photos organized using facial recognition. TechCrunch reports: This is an improvement over typing in "dog," or another generalized term, because the app will now only group together photos of an individual pet together, instead of returning all photos you've captured with a "dog" in them. And like the face grouping feature, you can label the pet by name to more easily pull up their photos in the app, or create albums, movies or photo books using their pictures. In addition, Google Photos lets you type in an animal's breed to search for photos of pets, and it lets you search for photos using the dog and cat emojis. The company also earlier this year introduced a feature that would create a mini-movie starring your pet, but you can opt to make one yourself by manually selecting photos then choosing from a half-dozen tracks to accompany the movie, says Google.
XBox (Games)

Microsoft's Fall Update With Redesigned Xbox Dashboard Is Now Available To All (engadget.com) 38

Microsoft has released the next big "Fall" update for the Xbox One, which focuses on speed and simplicity. Engadget reports: The first "Fluid Design" interface comes with a redesigned Home page, which is all about simplicity and customization. The top-level section has four shortcuts (your current game, two personalized suggestions, and a deal from the Microsoft store) and a horizontal carousel underneath. The biggest change, however, is the new "Content Blocks" that sit below this screen. Scroll down and you'll find a series of large, visual panels dedicated to games and friends. These are completely customizable and act like miniature hubs for your favorite titles and communities. The quick-access Guide has been tweaked for speed, with small, horizontal tabs that you can slide between with the Xbox controller's LB and RB bumpers, D-pad or left thumbstick. If you launch the Guide while you're streaming or part of an active party, you'll also see the corresponding broadcast and party tabs by default. Other Guide tweaks include a new Tournaments section in the Multiplayer tab, which will summarize any official, professional or community tournaments that you've entered. In addition, Microsoft has overhauled the Community tab with a modern, grid-based layout. It's also tweaked the idle and screen dimming features that kick in when you walk away from the console momentarily. Larry Hryb, Xbox Live's Major Nelson and Mike Ybarra, the Platform Engineer, have posted a walkthrough video on YouTube highlighting all the major new changes.
Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 133

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Security

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word (neowin.net) 50

An anonymous reader quotes a report from Neowin: Kaspersky Lab, which has been under fire by the U.S. government as possibly being an agent of the Russian government and spying on U.S. computers, has found a previously unknown bug in Adobe Flash that was apparently exploited by a hacker group on October 10. Adobe issued a patch to fix the bug today. According to Kaspersky, "the exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware." The company worked with Adobe to get a patch ready as quickly as possible, with Adobe releasing it a few hours ago. Users and agencies running the following versions of Adobe Flash will need to update immediately, as the vulnerability has been labeled as critical. The patch updates all versions of Adobe Flash to version 27.0.0.170.
Google

Google Chrome for Windows Gets Basic Antivirus Features (betanews.com) 54

Google is rolling out a trio of important changes to Chrome for Windows users. From a report: At the heart of these changes is Chrome Cleanup. This feature detects unwanted software that might be bundled with downloads, and provides help with removing it. Google's Philippe Rivard explains that Chrome now has built-in hijack detection which should be able to detect when user settings are changes without consent. This is a setting that has already rolled out to users, and Google says that millions of users have already been protected against unwanted setting changes such as having their search engine altered. But it's the Chrome Cleanup tool that Google is particularly keen to highlight. A redesigned interface makes it easier to use and to see what unwanted software has been detected and singled out for removal.
Security

Millions of High-Security Crypto Keys Crippled by Newly Discovered Flaw (arstechnica.com) 55

Slovak and Czech researchers have found a vulnerability that leaves government and corporate encryption cards vulnerable to hackers to impersonate key owners, inject malicious code into digitally signed software, and decrypt sensitive data, reports ArsTechnica. From the report: The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.
Government

Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software? (slashdot.org) 306

First, here's the opinion of two former NSA cybersecurity analysts (via Consumer Reports): "It's a big deal," says Blake Darche, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. "For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn't recommend running Kaspersky." By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server. "One of the things people don't realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting," says Chris O'Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria.
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."

And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."

Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?
Windows

Munich Plans New Vote on Dumping Linux For Windows 10 (techrepublic.com) 410

An anonymous reader quotes TechRepublic: The city of Munich has suggested it will cost too much to carry on using Linux alongside Windows, despite having spent millions of euros switching PCs to open-source software... "Today, with a Linux client-centric environment, we are often confronted with major difficulties and additional costs when it comes to acquiring and operating professional application software," the city council told the German Federation of Taxpayers. Running Linux will ultimately prove unsustainable, suggests the council, due to the need to also keep a minority of Windows machines to run line-of-business software incompatible with Linux. "In the long term, this situation means that the operation of the non-uniform client landscape can no longer be made cost-efficient"... Since completing the multi-year move to LiMux, a custom-version of the Linux-based OS Ubuntu, the city always kept a smaller number of Windows machines to run incompatible software. As of last year it had about 4,163 Windows-based PCs, compared to about 20,000 Linux-based PCs.

The assessment is at odds with a wide-ranging review of the city's IT systems by Accenture last year, which found that most of the problems stem not from the use of open-source software, but from inefficiencies in how Munich co-ordinates the efforts of IT teams scattered throughout different departments. Dr. Florian Roth, leader of the Green Party at Munich City Council, said the review had also not recommended a wholesale shift to Windows. "The Accenture report suggested to run both systems because the complete 'rollback' to Windows and MS Office would mean a waste of experience, technology, work and money," he said... The city's administration is investigating how long it would take and how much it would cost to build a Windows 10 client for use by the city's employees. Once this work is complete, the council will vote again in November on whether this Windows client should replace LiMux across the authority from 2021.

A taxpayer's federation post urged "Penguin, adieu!" -- while also admitting that returning to Windows "will devour further tax money in the millions," according to TechRepublic.

"The federation's post also makes no mention of the licensing and other savings achieved by switching to LiMux, estimated to stand at about €10m."
Transportation

Dubai Police Get Hoverbikes (mashable.com) 118

An anonymous reader quotes Mashable: The Dubai police, which already has luxury patrol cars, self-driving pursuit drones, and a robot officer, just announced it will soon have officers buzzing around on hoverbikes, which look like an early version of the speeder bikes used by the scout troopers on Endor in Return of the Jedi. The force (see what I did there?) unveiled its new Hoversurf Scorpion craft at the Gitex Technology Week conference, according to UAE English language publication Gulf News. The police force will use the hoverbike for emergency response scenarios, giving officers the ability to zoom over congested traffic conditions by taking to the air... The Scorpion can also fly autonomously for almost four miles at a time for other emergencies.
The fully-electric hoverbike stays aloft for about 25 minutes per charge at a top speed around 43 mph.

Gulf News also reported that Dubai police "unveiled robotic vehicles which will be equipped with biometric software to scan for wanted criminals and undesirable elements."
Bitcoin

Ransomware Sales On the Dark Web Spike 2,502% In 2017 (carbonblack.com) 23

Slashdot reader rmurph04 writes: Ransomware is a $6.2 million industry, based on sales generated from a network of more than 6,300 Dark Web marketplaces that sell over 45,000 products, according to a report released Wednesday by cybersecurity firm Carbon Black.
While the authors of the software are earning six-figure incomes, ransom payments totalled $1 billion in 2016, according to FBI estimates -- up from just $24 million in 2015. Carbon Black, which was founded by former U.S. government "offensive security hackers," argues that ransomware's growth has been aided by "the emergence of Bitcoin for ransom payment, and the anonymity network, Tor, to mask illicit activities.. Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to 'follow the money.'"
Input Devices

What Will Replace Computer Keyboards? (xconomy.com) 301

jeffengel writes:Computer keyboards will be phased out over the next 20 years, and we should think carefully about what replaces them as the dominant mode of communicating with machines, argues Android co-founder Rich Miner. Virtual reality technology and brain-computer links -- whose advocates include Elon Musk -- could lead to a "dystopian" future where people live their lives inside of goggles, or they jack directly into computers and become completely "de-personalized," Miner worries.

He takes a more "humanistic" view of the future of human-machine interfaces, one that frees us to be more expressive and requires computers to communicate on our level, not the other way around. That means software that can understand our speech, facial expressions, gestures, and handwriting. These technologies already exist, but have a lot of room for improvement.

One example he gives is holding up your hand to pause a video.

Slashdot Top Deals