Android

Hackers Hit Russian Bank Customers, Planned International Cyber Raids (reuters.com) 8

Russian cyber criminals used malware planted on Android mobile devices to steal from domestic bank customers and were planning to target European lenders before their arrest, investigators and sources with knowledge of the case told Reuters. From the report: Their campaign raised a relatively small sum by cyber-crime standards -- more than 50 million roubles ($892,000) -- but they had also obtained more sophisticated malicious software for a modest monthly fee to go after the clients of banks in France and possibly a range of other western nations. Russia's relationship to cyber crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the U.S. presidency by hacking Democratic Party servers. The Kremlin has repeatedly denied the allegation. The gang members tricked the Russian banks' customers into downloading malware via fake mobile banking applications, as well as via pornography and e-commerce programs, according to a report compiled by cyber security firm Group-IB which investigated the attack with the Russian Interior Ministry.
Open Source

Why The US Government Open Sources Its Code (opensource.com) 43

He's been the White House technology advisor since 2015, and this month Alvand Salehi delivered a keynote address at OSCON about the U.S. government's commitment to open source software. An anonymous reader quotes OpenSource.com: The Federal Source Code Policy, released in August 2016, was the first U.S. government policy to support open source across the government... All new custom source code developed by or for the federal government must be available to all other federal agencies for sharing and reuse; and at least 20% of new government custom-developed code must be released to the public as open source. It also established Code.gov as a platform for access to government-developed open source code and a way for other developers to participate.

Before this policy was released, agencies were spending a lot of money to redevelop software already in use by other government agencies. This initiative is expected to save the government millions of dollars in wasteful and duplicative spending on software development. Because of this, Salehi said, open source is not a partisan issue, and "Code.gov is here to stay." Another benefit: Releasing open source code allows the government to benefit from the brainpower of developers across the country to improve their code.

Code.gov points potential contributors to their code repository on GitHub.
IBM

Ex-IBM Employee Guilty of Stealing Secrets For China (fortune.com) 61

An anonymous reader quotes Fortune: A former developer for IBM pled guilty on Friday to economic espionage and to stealing trade secrets related to a type of software known as a clustered file system, which IBM sells to customers around the world. Xu Jiaqiang stole the secrets during his stint at IBM from 2010 to 2014 "to benefit the National Health and Family Planning Commission of the People's Republic of China," according to the U.S. Justice Department. In a press release describing the criminal charges, the Justice Department also stated that Xu tried to sell secret IBM source code to undercover FBI agents posing as tech investors. (The agency does not explain if Xu's scheme to sell to tech investors was to benefit China or to line his own pockets).

Part of the sting involved Xu demonstrating the stolen software, which speeds computer performance by distributing works across multiple servers, on a sample network. The former employee acknowledged that others would know the software had been taken from IBM, but said he could create extra computer scripts to help mask its origins.

At one point 31-year-old Xu even showed undercover FBI agents the part of the source code that identified it as coming from IBM "as well as the date on which it had been copyrighted."
The Internet

Vint Cerf Reflects On The Last 60 Years (computerworld.com) 59

Computerworld celebrated its 50th anniversary by interviewing Vinton Cerf. The 73-year-old "father of the internet" remembers reading the early issues of the magazine, and reflects on how much things have changed since he gained access to computers at UCLA in 1960, "the beginning of my love affair with computing." I worry 100 years from now our descendants may not know much about us or be able to read our emails or tweets or documents because nobody saved them or the software you need to read them won't exist anymore. It's a huge issue. I have files of text that were written 20 years ago in WordPerfect, except I don't have WordPerfect running anywhere...

Q: Do you think [creating the internet] was your greatest accomplishment?

No. Getting it turned on was a big deal. Keeping it running for the last some odd years was an even bigger deal. Protecting it from hostile governments that want to shut it down and supporting new applications at a higher capacity are all evolutions. The evolution continues... I don't know if I can point to anything and say that's the biggest accomplishment. It's one big climb up the mountain.

Looking ahead to a future filled with AI, Cerf says "I worry about turning over too much autonomous authority to a piece of software," though he's not overly concerned, "not like Stephen Hawking or Elon Musk, who are alarmists about artificial intelligence. Every time you use Google search or self-driving cars, you're using A.I. These are all assistive technologies and I suspect this is how it will be used."

He also acknowledges that "I probably don't have another 50 years left, unless Ray Kurzweil's predictions come true, and I can upload my consciousness into a computer."
Data Storage

Endless OS Now Ships With Steam And Slack FlatPak Applications (endlessos.com) 81

An anonymous reader writes: Steam and Slack are now both included as Flatpak applications on the Endless OS, a free Linux distribution built upon the decades of evolution of the Linux operating system and the contributions of thousands of volunteers on the GNOME project. The beauty of Flatpak is the ability to bridge app creators and Linux distributions using a universal framework, making it possible to bring this kind of software to operating systems that encourage open collaboration...

As an open-source deployment mechanism, Flatpak was developed by an independent cohort made up of volunteers and contributors from supporting organizations in the open-source community. Alexander Larsson, lead developer of Flatpak and principal engineer at Red Hat, provided comment saying, "We're particularly excited about the opportunity Endless affords to advance the benefits of open-source environments to entirely new audiences."

IBM

New OS/2 Warp Operating System 'ArcaOS' 5.0 Released (arcanoae.com) 142

The long-awaited modern OS/2 distribution from Arca Noae was released Monday. martiniturbide writes: ArcaOS 5.0 is an OEM distribution of IBM's discontinued OS/2 Warp operating system. ArcaOS offers a new set of drivers for ACPI, network, USB, video and mouse to run OS/2 in newer hardware. It also includes a new OS installer and open source software like Samba, Libc libraries, SDL, Qt, Firefox and OpenOffice... It's available in two editions, Personal ($129 with an introductory price of $99 for the first 90 days [and six months of support and maintenance updates]) and Commercial ($239 with one year of support and maintenance).

The OS/2 community has been called upon to report supported hardware, open source any OS/2 software, make public as much OS/2 documentation as possible and post the important platform links. OS2World insists that open source has helped OS/2 in the past years and it is time to look under the hood to try to clone internal components like Control Program, Presentation Manager, SOM and Workplace Shell.

By Tuesday Arca Noae was reporting "excessive traffic on the server which is impacting our ordering and delivery process," though the actual downloads of the OS were unaffected, the server load issues were soon mitigated, and they thanked OS/2 enthusiasts for a "truly overwhelming response."
Robotics

Robots Could Wipe Out Another 6 Million Retail Jobs (cnn.com) 269

According to a new study this week from financial services firm Cornerstone Capital Group, between 6 million and 7.5 million retail jobs are at risk of being replaced over the course of the next 10 years by some form of automation. "That represents at least 38% of the current retail work force, which consists of 16 million workers," reports CNN. "Retail could actually lose a greater proportion of jobs to automation than manufacturing has, according to the study." From the report: That doesn't mean that robots will be roving the aisles of your local department store chatting with customers. Instead, expect to see more automated checkout lines instead of cashiers. This shift alone will likely eliminate millions of jobs. "Cashiers are considered one of the most easily automatable jobs in the economy," said the report. And these job losses will hit women particularly hard, since about 73% of cashiers are women. There will also be fewer sales jobs, as more and more consumers use in-store smartphones and touchscreen computers to find what they need, said John Wilson, head of research at Cornerstone. There will still be some sales people on the floor, but just not as many of them. Rising wages are also helping to drive automation, as state and city governments hike their minimum wages. Additionally, several major retailers including Walmart, the nation's largest employer, have increased wages in order to find and retain the workers they need. The increased competition from e-commerce is also a factor, since it requires retailers to be as efficient as possible in order to compete.
Microsoft

Linux Distros Won't Run On Microsoft's Education-Focused Windows 10 S OS (betanews.com) 115

Reader BrianFagioli writes: I was sort of hopeful for Windows 10 S when Microsoft made a shocking announcement at Build 2017 that it is bringing Linux distributions to the Windows Store. This gave the impression that students using the S variant of the OS would be able to tinker with Linux. Unfortunately, this is not the case as Microsoft will be blocking Linux on the new OS. In other words, not all apps in the store will be available for Windows 10 S. "Windows 10 S does not run command-line applications, nor the Windows Console, Cmd / PowerShell, or Linux/Bash/WSL instances since command-line apps run outside the safe environment that protects Windows 10 S from malicious / misbehaving software," says Rich Turner, Senior Product Manager, Microsoft. Tuner further explains, "Linux distro store packages are an exotic type of app package that are published to the Windows Store by known partners. Users find and install distros , safely, quickly, and reliably via the Windows Store app. Once installed, however, distros should be treated as command-line tools that run outside the UWP sandbox and secure runtime infrastructure. They run with the capabilities granted to the local user -- in the same way as Cmd and PowerShell do. This is why Linux distros don't run on Windows 10 S: Even though they're delivered via the Windows Store, and installed as standard UWP APPX's, they run as non-UWP command-line tools and this can access more of a system than a UWP can."
IBM

IBM is Telling Remote Workers To Get Back in the Office Or Leave (wsj.com) 209

For the last few years, IBM has built up a remote work program for its 380,000 employees. Now the Wall Street Journal reports that IBM is "quietly dismantling" this option, and has told its employees this week that they either need to work in the office or leave the company (Editor's note: the link could be paywalled; alternative source). From the report: IBM is giving thousands of its remote workers in the U.S. a choice this week: Abandon your home workspaces and relocate to a regional office -- or leave the company. The 105-year-old technology giant is quietly dismantling its popular decades-old remote work program to bring employees back into offices, a move it says will improve collaboration and accelerate the pace of work. The changes comes as IBM copes with 20 consecutive quarters of falling revenue and rising shareholder ire over Chief Executive Ginni Rometty's pay package. The company won't say how many of its 380,000 employees are affected by the policy change, which so far has been rolled out to its Watson division, software development, digital marketing, and design -- divisions that employ tens of thousands of workers. The shift is particularly surprising since the Armonk, N.Y., company has been among the business world's staunchest boosters of remote work, both for itself and its customers. IBM markets software and services for what it calls "the anytime, anywhere workforce," and its researchers have published numerous studies on the merits of remote work.
Operating Systems

ReactOS 0.4.5 Released (reactos.org) 117

An anonymous reader shares Colin Finck's forum post announcing ReactOS version 0.4.5: The ReactOS Project is pleased to release version 0.4.5 as a continuation of its three month cadence. Beyond the usual range of bug fixes and syncs with external dependencies, a fair amount of effort has gone into the graphical subsystem. Thanks to the work of Katayama Hirofumi and Mark Jansen, ReactOS now better serves requests for fonts and font metrics, leading to an improved rendering of applications and a more pleasant user experience. Your continued donations have also funded a contract for Giannis Adamopoulos to fix every last quirk in our theming components. The merits of this work can be seen in ReactOS 0.4.5, which comes with a smoother themed user interface and the future promises to bring even more improvements. In another funded effort, Hermes Belusca-Maito has got MS Office 2010 to run under ReactOS, another application from the list of most voted apps. On top of this, there have been several major fixes in the kernel and drivers that should lead to stability improvements on real hardware and on long-running machines. The general notes, tests, and changelog for the release can be found at their respective links. ISO images and prepared VMs for testing can be downloaded here.
Government

Apple Is Lobbying Against Your Right To Repair iPhones, New York State Records Confirm (vice.com) 230

An anonymous reader quotes a report from Motherboard: Lobbying records in New York state show that Apple, Verizon, and the tech industry's largest trade organizations are opposing a bill that would make it easier for consumers and independent companies to repair your electronics. The bill, called the "Fair Repair Act," would require electronics companies to sell replacement parts and tools to the general public, would prohibit "software locks" that restrict repairs, and in many cases would require companies to make repair guides available to the public. Apple and other tech giants have been suspected of opposing the legislation in many of the 11 states where similar bills have been introduced, but New York's robust lobbying disclosure laws have made information about which companies are hiring lobbyists and what bills they're spending money on public record. According to New York State's Joint Commission on Public Ethics, Apple, Verizon, Toyota, the printer company Lexmark, heavy machinery company Caterpillar, phone insurance company Asurion, and medical device company Medtronic have spent money lobbying against the Fair Repair Act this year. The Consumer Technology Association, which represents thousands of electronics manufacturers, is also lobbying against the bill. The records show that companies and organizations lobbying against right to repair legislation spent $366,634 to retain lobbyists in the state between January and April of this year. Thus far, the Digital Right to Repair Coalition -- which is generally made up of independent repair shops with several employees -- is the only organization publicly lobbying for the legislation. It has spent $5,042 on the effort, according to the records.
Firefox

Firefox 55: Flash Will Become 'Ask To Activate' For Everyone (bleepingcomputer.com) 112

An anonymous reader quotes a report from BleepingComputer: Starting with the release of Firefox 55, the Adobe Flash plugin for Firefox will be set to "Ask to Activate" by default for all users. This move was announced in August 2016, as part of Mozilla's plan to move away from plugins built around the NPAPI technology. Flash is currently the only NPAPI plugin still supported in Firefox, and moving its default setting from "Always Activate" to "Ask to Activate" is just another step towards the final step of stop supporting Flash altogether. This new Flash default setting is already live in Firefox's Nightly Edition and will move through the Alpha and Beta versions as Firefox nears its v55 Stable release. By moving Flash to a click-to-play setting, Firefox will indirectly start to favor HTML5 content over Flash for all multimedia content. Other browsers like Google Chrome, Brave, or Opera already run Flash on a click-to-play setting, or disabled by default. Firefox is scheduled to be released on August 8, 2017.
Databases

Font Sharing Site DaFont Has Been Hacked, Exposing Thousands of Accounts (zdnet.com) 17

A popular font sharing site DaFont.com has been hacked, resulting in usernames, email addresses, and hashed passwords of 699,464 user accounts being stolen. ZDNet reports: The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site's main database also contains the site's forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site's forums. The hacker told ZDNet that he carried out his attack after he saw that others had also purportedly stolen the site's database. "I heard the database was getting traded around so I decided to dump it myself -- like I always do," the hacker told me. Asked about his motivations, he said it was "mainly just for the challenge [and] training my pentest skills." He told me that he exploited a union-based SQL injection vulnerability in the site's software, a flaw he said was "easy to find." The hacker provided the database to ZDNet for verification.
Google

Google Launches Google Assistant On the iPhone (venturebeat.com) 6

At its I/O 2017 developer conference, Google announced the Google Assistant is coming to iOS as a standalone app. Previously, the only way for iOS users to get access to the Assistant was through Allo, the Google messaging app nobody uses. For those interested, you can download the Google Assistant on your iOS device here, but keep in mind that your device needs to be running iOS 9.1 or higher. VentureBeat reports: Google Assistant for iPhone won't ship on Apple's mobile devices by default, and naturally won't be as tightly integrated into the OS. But it is addressable by voice and does work with other Google apps on Apple's platform. Apple has API restrictions on iOS, so Google Assistant can't set alarms like Siri can. It can, however, send iMessages for you or start playing music in third-party apps like Spotify. You also won't be able to use the Home button to trigger Google Assistant, so you'll need to use the app icon or a widget.
Windows

Windows XP PCs Infected By WannaCry Can Be Decrypted Without Paying Ransom (arstechnica.com) 60

An anonymous reader quotes a report from Ars Technica: Owners of some Windows XP computers infected by the WCry ransomware may be able to decrypt their data without making the $300 to $600 payment demand, a researcher said Thursday. Adrien Guinet, a researcher with France-based Quarkslab, has released software that he said allowed him to recover the secret decryption key required to restore an infected XP computer in his lab. The software has not yet been tested to see if it works reliably on a large variety of XP computers, and even when it does work, there are limitations. The recovery technique is also of limited value because Windows XP computers weren't affected by last week's major outbreak of WCry. Still, it may be helpful to XP users hit in other campaigns. "This software has only been tested and known to work under Windows XP," he wrote in a readme note accompanying his app, which he calls Wannakey. "In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!"
Businesses

'WannaCry Makes an Easy Case For Linux' (techrepublic.com) 405

An anonymous reader writes: The thing is, WannaCry isn't the first of its kind. In fact, ransomware has been exploiting Windows vulnerabilities for a while. The first known ransomware attack was called "AIDS Trojan" that infected Windows machines back in 1989. This particular ransomware attack switched the autoexec.bat file. This new file counted the amount of times a machine had been booted; when the machine reached a count of 90, all of the filenames on the C drive were encrypted. Windows, of course, isn't the only platform to have been hit by ransomware. In fact, back in 2015, the LinuxEncoder ransomware was discovered. That bit of malicious code, however, only affected servers running the Magento ecommerce solution. The important question here is this: Have their been any ransomware attacks on the Linux desktop? The answer is no. With that in mind, it's pretty easy to draw the conclusion that now would be a great time to start deploying Linux on the desktop. I can already hear the tired arguments. The primary issue: software. I will counter that argument by saying this: Most software has migrated to either Software as a Service (SaaS) or the cloud. The majority of work people do is via a web browser. Chrome, Firefox, Edge, Safari; with few exceptions, SaaS doesn't care. With that in mind, why would you want your employees and staff using a vulnerable system? [...] Imagine, if you will, you have deployed Linux as a desktop OS for your company and those machines work like champs from the day you set them up to the day the hardware finally fails. Doesn't that sound like a win your company could use? If your employees work primarily with SaaS (through web browsers), then there is zero reason keeping you from making the switch to a more reliable, secure platform.
Desktops (Apple)

App Maker's Code Stolen in Malware Attack (bbc.com) 73

Mac and iOS software developer Panic has had the source code for several of its apps stolen. An anonymous reader writes: Panic founder Steven Frank said in a blog post that it happened after he downloaded an infected copy of the video encoding tool Handbrake. He said there was no sign that any customer data was accessed and that Panic's web server was not affected. Users have been warned to download Panic's apps only from its website or the Apple App Store. Panic is the creator of web editing and file transfer apps Coda and Transmit, and the video game Firewatch. On May 2, Handbrake was hacked, with the Mac version of the app on one of the site's download servers replaced by a malicious copy. In what Mr Frank called "a case of extraordinarily bad luck", he downloaded the malicious version of Handbrake and launched it "without stopping to wonder why Handbrake would need admin privileges... when it hadn't before. And that was that, my Mac was completely, entirely compromised in three seconds or less."
Security

Any Half-Decent Hacker Could Break Into Mar-a-Lago (alternet.org) 326

MrCreosote writes: Properties owned and run by the Trump Organization, including places where Trump spends much of his time and has hosted foreign leaders, are a network security nightmare. From a report via ProPublica (co-published with Gizmodo): "We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained. A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation. We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information. The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises."
Google

Google Home Gets Notifications, Hands-Free Calling, a TV Interface and More (theverge.com) 37

Google has announced several news features for Google Home to help it better compete against the Amazon Echo. The six new features coming to Google Home include: notifications, free calling to phones in the U.S. and Canada, calendar and reminders, more streaming services, a TV interface, and new locations. The Verge details each feature in its report: Notifications: Google calls this feature "proactive assistance." Essentially, Google Home will do its best to alert owners to things they need to know, like reminders, traffic alerts, or flight delays.
Free Calling To Phones In U.S. and Canada: Google is one-upping Amazon by letting the Home dial out to actual landline and mobile phones. Whenever this feature rolls out, you'll be able to ask the Home to call anyone on your contacts list, and it'll dial out to them on a private number.
Calendar and Reminders: You can finally set reminders and calendar entries. Finally.
More Streaming Services: Google Home has already been able to control a handful of music and video services, but it's about to get a bunch of major missing names. For music, that includes Spotify's free tier, Deezer, and SoundCloud. For video, it includes HBO Now and Hulu. On top of that, Home is also getting the ability to stream anything over Bluetooth.
A TV Interface: Sometimes you actually want to see what's going on, so Google's making a TV interface for the Google Home. You'll soon be able to ask the Home to send information to your TV, from basics like the weather and your calendar, to information it's looking up like nearby restaurants or YouTube videos you might want to watch.
New Locations: The Home is going to expand to five new countries this summer: Canada, Australia, France, Germany, and Japan.

Android

Amazon Refreshes Fire 7 and Fire HD 8 Tablets (betanews.com) 28

BrianFagioli quotes a report from BetaNews: Amazon's tablets have needed a refresh for a while now, and today it happened. The company announced two newly updated models -- the Fire 7 ($49) and the Fire HD 8 ($79). They both feature Alexa support, of course, and are designed for a quality experience with all types of media, such as movies, music, and books. The 7-inch has a 1024 x 600 resolution, while the 8-inch variant has 1280 x 800. Best of all, they are extremely affordable. At these insanely low prices, you might expect anemic performance, but both come with a respectable Quad-core 1.3 GHz processor. The Fire 7 has 1GB of RAM, while the HD 8 has 1.5GB. Regardless of which model you select, you will also get both front and rear cameras. The low cost might make you think they will be cheaply made, but Amazon claims they are more durable than Apple's newest iPad.

Slashdot Top Deals