Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×
Encryption

Browser Makers To End RC4 Support In Early 2016 31

msm1267 writes: Google, Microsoft and Mozilla today announced they've settled on an early 2016 timeframe to permanently deprecate the shaky RC4 encryption algorithm in their respective browsers. Mozilla said Firefox's shut-off date will coincide with the release of Firefox 44 on Jan. 26. Google and Microsoft said that Chrome and Internet Explorer 11 (and Microsoft Edge) respectively will also do so in the January-February timeframe. Attacks against RC4 are growing increasingly practical, rendering the algorithm more untrustworthy by the day.
Communications

Ashley Madison Source Code Shows Evidence They Created Bots To Message Men 197

An anonymous reader writes: Gizmodo's Annalee Newitz looked through the source code contained in the recent Ashley Madison data dump and found evidence that the company created tens of thousands of bot accounts designed to spur their male users into action by sending them messages. "The code tells the story of a company trying to weave the illusion that women on the site were plentiful and eager." The evidence suggests bots sent over 20 million messages on the website, and chatted with people over 11 million times. The vast majority of fake accounts — 70,529 to 43 — pretended to be female, and the users targeted were almost entirely men. Comments left in the code indicate some of the issues Ashley Madison's engineers had to solve: "randomizing start time so engagers don't all pop up at the same time" and "for every single state that has guest males, we want to have a chat engager." The AI was unsophisticated, though one type of bot would try to convince men to pay and then pass them to a real person.
Encryption

Turkey Arrests Journalists For Using Encryption 117

An anonymous reader sends news that three employees of Vice News were arrested in Turkey because one of them used an encryption system on his personal computer. That particular type of encryption has been used by the terrorist organization known as the Islamic State, so the men were charged with "engaging in terrorist activity." The head of a local lawyers association said, "I find it ridiculous that they were taken into custody. I don't believe there is any accuracy to what they are charged for. To me, it seems like an attempt by the government to get international journalists away from the area of conflict." The Turkish government denied these claims: "This is an unpleasant incident, but the judiciary is moving forward with the investigation independently and, contrary to claims, the government has no role in the proceedings."
Businesses

Comcast To Charge $30 For Unlimited Data Over 300GB Cap 192

For some time, Comcast has been testing 300 GB monthly data caps in certain markets. An anonymous reader notes a policy change unveiled today that gives customers in those markets the ability to switch back to unlimited data for $30 extra. Previously (and currently, for customers who don't pay the extra $30), Comcast would charge $10 per 50GB above the cap. "Comcast's intent on this front has been clear for some time. Comcast lobbyist and VP David Cohen last year strongly suggested that usage caps would be arriving for all Comcast customers sooner or later. The idea of charging users a premium to avoid arbitrary usage restrictions has been a pipe dream of incumbent ISP executives for a decade." The new policy goes into effect on October 1.
Networking

Ask Slashdot: Can Any Wireless Tech Challenge Fiber To the Home? 163

New submitter danielmorrison writes: In Holland, MI (birthplace of Slashdot) we're working toward fiber to the home. A handful of people have asked why not go wireless instead? I know my reasons (speed, privacy, and we have an existing fiber loop) but are any wireless technologies good enough that cities should consider them? If so, what technologies and what cities have had success stories?
Google

Google Facing Fine of Up To $1.4 Billion In India Over Rigged Search Results 151

An anonymous reader writes: The Competition Commission of India has opened an investigation into Google to decide whether the company unfairly prioritized search results to its own services. Google could face a fine of up to $1.4 billion — 10% of its net income in 2014. A number of other internet companies, including Facebook and FlipKart, responded to queries from the CCI by confirming that Google does this. "The CCI's report accuses Google of displaying its own content and services more prominently in search results than other sources that have higher hit rates. It also states that sponsored links shown in search results are dependent on the amount of advertising funds Google receives from its clients. Ecommerce portal Flipkart noted that it found search results to have a direct correlation with the amount of money it spent on advertising with Google." The company has faced similar antitrust concerns in the EU and the U.S
The Internet

Metal Gear Solid V PC Disc Contains Steam Installer, Nothing Else 182

dotarray writes: The boxed copy of Metal Gear Solid V: The Phantom Pain reportedly contains nothing but a Steam installer. That's right, even if you fork out real-world money for a physical copy of the game, you'll still have to download the whole thing from the internet. The game officially launches tomorrow. Early critical reviews are quite positive, though you should take that with a grain of salt until the game is more widely distributed. Game Informer says, "Unlike the linear design of previous entries, The Phantom Pain rarely assumes you have particular weapons and equipment, so the missions are brilliantly designed with multiple paths to success." The Washington Post notes, "The Phantom Pain’s openness feels like Kojima finally found a technical platform broad enough to make use of all of those tools and trusts players to build their own narrative drama from the way they choose to put these tools together for each mission." IGN has this criticism: "... where Phantom Pain’s gameplay systems are far richer and meatier than any the series has ever seen, its story feels insubstantial and woefully underdeveloped by comparison." Metal Gear Solid 5 is launching for PCs, current consoles, and previous-gen consoles; Digital Foundry thinks is likely to be the last true cross-generation AAA title.
The Internet

CenturyLink Takes $3B In Subsidies For Building Out Rural Broadband 199

New submitter club77er writes with a link to a DSL Reports article outlining some hefty subsidies (about $3 billion, all told) that CenturyLink has signed up to receive, in exchange for expanding its coverage to areas considered underserved: According to the CenturyLink announcement, the telco will take $500 million a year for six years from the Federal Communications Commission (FCC)'s Connect America Fund (CAF). In exchange, it will expand broadband to approximately 1.2 million rural households and businesses in 33 states. While the FCC now defines broadband as 25 Mbps down, these subsidies require that the deployed services be able to provide speeds of at least 10 Mbps down.
Communications

Ask Slashdot: Suggestions For Taking a Business Out Into the Forest? 144

An anonymous reader writes: I'm a huge fan of primitive survival reality TV. I am also self-employed in web troubleshooting and hosting services. I have to be available 24/7, but a lot of my work is just being online for a few minutes at a time. I often think about taking my business 'outdoors', camping, 3-7 days or so at a time — but staying online. Has anyone had experience with this? How did you do it, in terms of internet connectivity and portable power? Satellite internet or long distance Wi-Fi antennaes and a very tall pole? I've looked at some portable power stations with solar attachments, but the idea of hand-cranking to recharge if it's overcast isn't fun, after all, the point is to relax. But I'm willing to manually recharge if it's realistic (would prefer pedaling though!) I happen to have a Toughbook CF-52 (I just thought it was cool) but I may need to replace that with a more eco-friendly laptop as well. Thanks!
Censorship

Malaysia Blocking Websites Based On Political Content 120

An anonymous reader writes: A few days ago Slashdot carried a piece of news from Malaysia whereby [news] websites based in Malaysia must be registered. Now comes the news that Malaysia is actively blocking websites which carry political opinion contrary to those of the ruling elite. Granted, Malaysia is no US of A nor Europe, but the world must understand that Malaysia is the only country in the world where racial apartheid laws are still being actively practiced — and have received endorsement from the ruling elite which has controlled Malaysia for the past 58 years. (Wikipedia lists some other candidates for modern-day apartheid in its entry on Contemporary segregation.)
Censorship

Germany Wants Facebook To Obey Its Rules About Holocaust Denial 714

Bruce66423 writes: In a classic example of the conflict of cultures bought about by the internet, Germany is trying to get Facebook to obey its rules about banning holocaust denial posts. From the linked Jerusalem Post article: [Justice Minister Heiko] Maas, who has accused Facebook of doing too little to thwart racist and hate posts on its social media platform, said that Germany has zero tolerance for such expression and expects the US-based company to be more vigilant. "One thing is clear: if Facebook wants to do business in Germany, then it must abide by German laws," Maas told Reuters. "It doesn't matter that we, because of historical reasons, have a stricter interpretation of freedom of speech than the United States does." "Holocaust denial and inciting racial hatred are crimes in Germany and it doesn't matter if they're posted on Facebook or uttered out in the public on the market square," he added. ... "There's no scope for misplaced tolerance towards internet users who spread racist propaganda. That's especially the case in light of our German history."
Security

Symantec Researchers Find 49 New Modules of Regin Spying Tool 23

itwbennett writes: Security researchers from Symantec have identified 49 more modules (bringing the total number found so far to 75) of the sophisticated Regin cyberespionage platform that many believe is used by the U.S. National Security Agency and its close allies. Some of the modules implement basic malware functions, while other modules are much more specialized and built with specific targets in mind. 'One module was designed to monitor network traffic to Microsoft Internet Information Services (IIS) web servers, another was observed collecting administration traffic for mobile telephony base station controllers, while another was created specifically for parsing mail from Exchange databases,' the Symantec researchers said in an updated version of their white paper (PDF) published Thursday.
Privacy

Ashley Madison CEO Steps Down, Reporter Finds Clues To Hacker's Identity 213

Dave Knott writes: Following the recent hacks on the infidelity website Ashley Madison, Noel Biderman has stepped down as CEO of both AshleyMadison.com and its parent company. Avid Life Media Inc., the company that owns the site and many others, announced Biderman's move in a short press release on Friday: "Noel Biderman, in mutual agreement with the company, is stepping down as chief executive officer of Avid Life Media Inc. (ALM) and is no longer with the company. Until the appointment of a new CEO, the company will be led by the existing senior management team." Before the data hack, the company was planning an IPO in London that would have taken in as much as $200 million from investors. According to regulatory filings, the company had $115 million in revenue last year, more than four times the amount it obtained in 2009.

Meanwhile, in related news, Brian Krebs (the reporter who first uncovered the hack) says he has uncovered clues to the possible identity of the hacker. Krebs says he noticed the Twitter account operated by a known hacker recently posted a link to Ashley Madison's stolen proprietary source code before it was made public. Intrigued by the poster's apparent access, he examined the account's posting history and noticed a predilection for the music of Australian hard rock band AC/DC. This jibes with the behavior of the hacker(s), who had displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck. In a series of tweets, the owner of the account, one Thadeus Zu, appears to deny that he was behind the hack, and indeed makes several suggestions that the account itself isn't even run by one person, but is instead an amalgam of like-minded digital vigilantes.
The NY Times also reports that people whose details were contained in the leak are beginning to face threats of blackmail.
Privacy

German Intelligence Traded Citizen Data For NSA Surveillance Software 68

An anonymous reader sends news that Germany's domestic intelligence agency, the BfV, was so impressed with the NSA's surveillance software that they were willing to "share all data relevant to the NSA's mission" in order to get it. "The data in question is regularly part of the approved surveillance measures carried out by the BfV. In contrast, for example, to the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, the BfV does not use a dragnet to collect huge volumes of data from the Internet. Rather, it is only allowed to monitor individual suspects in Germany -- and only after a special parliamentary commission has granted approval. ... Targeted surveillance measures are primarily intended to turn up the content of specific conversations, in the form of emails, telephone exchanges or faxes. But along the way, essentially as a side effect, the BfV also collects mass quantities of so-called metadata. Whether the collection of this data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts."
Advertising

Inside the Booming, Unhinged, and Dangerous Malvertising Menace 244

mask.of.sanity writes: The Register has a feature on the online malicious advertising (malvertising) menace that has become an explosively potent threat to end-user security on the internet. Experts say advertising networks and exchanges need to vet their customers, and publishers need to vet the third party content they display. Users should also consider script and ad blockers in the interim. From the article: "Ads as an attack vector was identified in 2007 when security responders began receiving reports of malware hitting user machines as victims viewed online advertisements. By year's end William Salusky of the SANS Internet Storms Centre had concocted a name for the attacks. Since then malvertising has exploded. This year it increased by more than 260 percent on the previous year, with some 450,000 malicious ads reported in the first six months alone, according to numbers by RiskIQ. Last year, security firm Cyphort found a 300 percent increase in malvertising. In 2013, the Online Trust Alliance logged a more than 200 percent increase in malvertising incidents compared to 2012, serving some 12.4 billion malvertisement impressions."
Communications

A "Public Health" Approach To Internet of Things Security 46

New submitter StewBeans writes: Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do. David Bray, CIO of the FCC, emphasizes the exponential growth we are facing by comparing the Internet we know today to a beachball, and the Internet of Everything future to the Sun. Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything. He says this might look similar to public health on the consumer side — the digital equivalent of hand washing — and involve an open, opt-in model for the rapid detection of abnormal trends across global organizations and networks.
Privacy

Tech Nightmares That Keep Turing Award Winners Up At Night 82

itwbennett writes: At the Heidelberg Laureate Forum in Germany this week, RSA encryption algorithm co-inventor Leonard Adelman, "Father of the Internet" Vint Cerf, and cryptography innovator Manuel Blum were asked "What about the tech world today keeps you up at night?" And apparently they're not getting a whole lot of sleep these days. Cerf is predicting a digital dark age arising from our dependence on software and our lack of "a regime that will allow us to preserve both the content and the software needed to render it over a very long time." Adelman worries about the evolution of computers into "their own species" — and our relation to them. Blum's worries, by contrast, lean more towards the slow pace at which computers are taking over: "'The fact that we have brains hasn't made the world any safer,' he said. 'Will it be safer with computers? I don't know, but I tend to see it as hopeful.'"
IBM

IBM Tells Administrators To Block Tor On Security Grounds 70

Mickeycaskill writes: IBM says Tor is increasingly being used to scan organizations for flaws and launch DDoS, ransomware and other attacks. Tor, which provides anonymity by obscuring the real point of origin of Internet communications, was in part created by the US government, which helps fund its ongoing development, due to the fact that some of its operations rely on the network. However, the network is also widely used for criminal purposes. A report by the IBM says administrators should block access to Tor , noting a "steady increase" an attacks originating from Tor exit nodes, with attackers increasingly using Tor to disguise botnet traffic. "Spikes in Tor traffic can be directly tied to the activities of malicious botnets that either reside within the Tor network or use the Tor network as transport for their traffic," said IBM. "Allowing access between corporate networks and stealth networks can open the corporation to the risk of theft or compromise, and to legal liability in some cases and jurisdictions."
The Internet

Why In-Flight Wi-Fi Is Still Slow and Expensive 193

An anonymous reader writes: Let's grant that having access to the internet while on an airplane is pretty amazing. When airlines first began offering it several years ago, it was agonizingly slow and somewhat pricey as well. Unfortunately, it's only gotten more expensive over the years, and the speeds are still frustrating. This is in part because the main provider of in-flight internet, Gogo, knows most of its regular customers will pay for it, regardless of cost. Business travelers with expense accounts don't care if it's $1 or $10 or $50 — they need to stay connected. Data speeds haven't improved because Gogo says the scale isn't big enough to do much infrastructure investment, and most of the hardware is custom-made. A third of Gogo-equipped planes can manage 10 Mbps, while the rest top out at 3 Mbps. There's hope on the horizon — the company says a new satellite service should enable 70 Mbps per plane by the end of the year — but who knows how much they'll charge for an actual useful connection.
AT&T

AT&T Hotspots Now Injecting Ads 184

An anonymous reader writes: Computer scientist Jonathan Mayer did some investigating after seeing some unexpected ads while he browsed the web at an airport (Stanford hawking jewelry? The FCC selling shoes?). He found that AT&T's public Wi-Fi hotspot was messing with HTTP traffic, injecting advertisements using a service called RaGaPa. As an HTML pages loads over HTTP, the hotspot adds an advertising stylesheet, injects a simple advertisement image (as a backup), and then injects two scripts that control the loading and display of advertising content. Mayer writes, "AT&T has an (understandable) incentive to seek consumer-side income from its free Wi-Fi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user's browsing activity to an undisclosed and untrusted business. It clutters the user's web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don't plan for extra scripts and layout elements."