Compare cell phone plans using Wirefly's innovative plan comparison tool ×
AI

Microsoft Buys AI-Powered Scheduling App Genee (thestack.com) 28

An anonymous reader quotes a report from The Stack: Microsoft has announced that it has completed its acquisition of artificial intelligence-based scheduling app Genee for an undisclosed amount. The app, which was launched in beta last year, uses natural language processing tools and decision-making algorithms to allow users to schedule appointments without having to consult a calendar. Prior to the acquisition, Genee supported scheduling across Facebook, Twitter, Skype, email, and via SMS. From September 1, Genee will close its own service and will officially join Microsoft, supposedly the Office 365 team. Microsoft believes the addition will help it "further [its] ambition to bring intelligence into every digital experience."
Electronic Frontier Foundation

US Customs and Border Protection Wants To Know Who You Are On Twitter (eff.org) 340

An anonymous reader quotes a report from Electronic Frontier Foundation: U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers' privacy, and would have a wide-ranging impact on freedom of expression -- all while doing little or nothing to protect Americans from terrorism. A proposal has been issued by U.S. Customs and Border Protection to collect social media handles from visitors to the United States from visa waiver countries. The Electronic Frontier Foundation opposes the proposal and has commented on it individually and as part of a larger coalition. "CBP specifically seeks 'information associated with your online presence -- Provider/Platform -- Social media identifier' in order to provider DHS 'greater clarity and visibility to possible nefarious activity and connections' for 'vetting purposes,'" reports EFF. "In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism." They say this plan "would unfairly violate the privacy of innocent travelers," would cause "innocent travelers" to "engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government," and would lead to a "slippery slope, where CBP would require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data."
Businesses

Cisco Reports Fourth-Quarter 2016 Earnings (cnbc.com) 30

Cisco has reported its fiscal fourth-quarter earnings and they have exceeded analysts' expectations. CRN reported yesterday that the company will be laying off about 14,000 employees, representing nearly 20 percent of the company's global workforce, according to multiple sources close to the company. Instead, the company will be cutting only 5,500 positions, representing roughly 7 percent of its global workforce, beginning in the fiscal first quarter of 2017. CNBC reports: "The company reported fiscal fourth-quarter earnings of 63 cents a share on revenues of $12.64 billion, beating analyst expectations for 60 cents per share on revenues of $12.57 billion, according to a Thomson Reuters consensus estimate. The company said that 'today's market requires Cisco and our customers to be decisive, move with greater speed and drive more innovation than we've seen in our history.' Cisco said it expects to reinvest the cost savings from its restructuring plan into 'key priority areas such as security, IoT, collaboration, next generation data center and cloud.'"
Intel

Intel To Manufacture Rival ARM Chips In Mobile Push 81

An anonymous reader writes: Chip maker Intel has entered an unlikely partnership with British semiconductor firm ARM in an effort to boost opportunities for its foundry business. The licensing agreement, which was confirmed at the Intel Development Forum in San Francisco, means that from 2017 Intel's Custom Foundry will manufacture ARM chips -- used by smartphone giants such as Apple, Qualcomm and Samsung. On the announcement of its latest earnings report, Intel was clear to highlight a shift in focus, away from the traditional PC market, to emerging areas such as the Internet of Things and mobile -- a sector dominated by one-time arch rival ARM. It seems that Intel has now decided to surrender to the latter's prominence in the field.
Cloud

New RancherOS Offers Lean Linux Functionality Within Docker Containers (rancher.com) 48

RancherOS is a lean Linux distribution aiming to offer "the minimum necessary to get Docker up and running," and tucking many actual Linux services into Docker containers. An anonymous Slashdot reader quotes Distrowatch: Josh Curl has announced the release of a new version of RancherOS [which] moves the project out of its alpha status and introduces new features, including an official Raspberry Pi image... "We're especially excited about this since it offers users a cheap method of getting started with Docker and RancherOS."
Cloud

Researchers Warn Linux Vendors About Cloud-Memory Hacking Trick (thestack.com) 73

An anonymous Slashdot reader writes: Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS)...and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed...

Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer.

The researchers demonstrated two attacks on Debian and Ubuntu systems -- flipping a bit to change a victim's RSA public key, and installing a software package infected with malware by altering a URL used by apt-get. "Debian, Ubuntu and other companies involved in the research were notified before the paper was published, and have all responded to the issue."
Cloud

Should Cloud Vendors Decrypt Data For The Government? (helpnetsecurity.com) 136

An anonymous Slashdot reader quotes an article by Help Net Security's editor-in-chief: More than one in three IT pros believe cloud providers should turn over encrypted data to the government when asked, according to Bitglass and the Cloud Security Alliance (CSA). 35 percent believe cloud app vendors should be forced to provide government access to encrypted data while 55 percent are opposed. 64 percent of US-based infosec professionals are opposed to government cooperation, compared to only 42 percent of EMEA respondents.
Raj Samani, CTO EMEA at Intel Security, told Help Net Security the answers ranged from "no way, to help yourself, and even to I don't care..." But since vendors can't satisfy both camps, he believes the situation "demands some form of open debate on the best approach to take..."
Microsoft

Skype For Windows Phone Will Stop Working in 2017 (betanews.com) 147

Mark Wilson, writing for BetaNews: With the release of Windows 10 Mobile, Microsoft's support for Windows Phone is gradually starting to die off. We already knew that Windows Phone support for Skype was coming to an end, but now we know more. Microsoft has now announced that as well as ending support for Skype on Windows Phone in October, come 'early 2017' the apps will simply stop working. And it's all thanks to a move to the cloud. The company has already said that the future of Skype is cloud-based rather than peer-to-peer, and this is the reason Windows Phone support is coming to a complete stop. Considering the amount of investment Microsoft has put into Skype, the decision to kill the app entirely is perhaps a little strange, but legacy support -- particularly for such a niche handset -- does not come cheap.
Botnet

LinkedIn Suffers Huge Bot Attack That Steals Members' Personal Data (siliconbeat.com) 109

An anonymous reader quotes a report from SiliconBeat: Data thieves used a massive "botnet" against professional networking site LinkedIn and stole member's personal information, a new lawsuit reveals. "LinkedIn members populate their profiles with a wide range of information concerning their professional lives, including summaries (narratives about themselves), job histories, skills, interests, educational background, professional awards, photographs and other information," said the company's complaint, filed in Northern California U.S. District Court (PDF). "During periods of time since December 2015, and to this day, unknown persons and/or entities employing various automated software programs (often referred to as 'bots') have extracted and copied data from many LinkedIn pages." It is unclear to what extent LinkedIn has been able to stymie the attack. A statement from the firm's legal team suggests one avenue of penetration has been permanently closed, but does not address other means of incursion listed in the lawsuit. "Their actions have violated the trust that LinkedIn members place in the company to protect their information," the complaint said. "LinkedIn will suffer ongoing and irreparable harm to its consumer goodwill and trust, which LinkedIn has worked hard for years to earn and maintain, if the conduct continues." LinkedIn says it has more than 128 million U.S. members and more than 400 million worldwide. According to the complaint, the hackers got around six LinkedIn cybersecurity systems, and also manipulated a cloud-services company that was on the company's "whitelist" of "popular and reputable service providers, search engines and other platforms" which interact with LinkedIn under less severe security measures than other third parties. The manipulation allowed the hackers to send requests to LinkedIn servers. "This was not an attack or data breach where confidential data was stolen," LinkedIn's legal team said in a statement. "This suit is about unknown entities using automated systems to scrape and copy data that members have made available on LinkedIn, violating the law and our Terms of Service."
Security

Dota 2 Forum Breach Leaks 2 Million User Accounts (zdnet.com) 34

Reader cloud.pt writes: In another case of serious programmer impairment, the DOTA 2 official forums have been hacked, making available to the perpetrators around 2 million emails, usernames, and MD5 hashed passwords. [...] From the report: The hack was carried out last month on July 10. The copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data. The hacker took advantage of an SQL injection vulnerability used by the older vBulletin forum software, which powers the community. That allowed them to access the database of limited user data, such as username, email, IP address of the user. The data also includes the user's hashed password -- which uses the MD5 algorithm, which is widely considered insecure by today's standards, alongside the salt, used to scramble the password further. A member of the LeakedSource group told me that 1.54 million of the passwords -- or about 80 percent -- have already been unscrambled using rudimentary and run-of-the-mill cracking tools.
Windows

London's Metropolitan Police Still Running 27,000 Windows XP Desktops (thestack.com) 166

An anonymous reader writes: London's Met Police has missed its deadline for abandoning the out-of-date operating system Windows XP, as findings reveal 27,000 computers still run on the software two years after official support ended. Microsoft stopped issuing updates and patches for Windows XP in Spring 2014, meaning that any new bugs and flaws in the operating system are left open to attack. A particularly risky status for the UK capital's police force – itself running operations against hacking and other cybercrime activity. The figures were disclosed by Conservative politician Andrew Boff. The Greater London Assembly member said: 'The Met should have stopped using Windows XP in 2014 when extended support ended, and to hear that 27,000 computers are still using it is worrying.' As in similar cases across civil departments, the core problem is bespoke system development, and the costs and time associated with integrating a new OS with customized systems.
Cloud

Google Cloud Now Allows Customer-Generated Encryption (thestack.com) 19

An anonymous Slashdot reader quotes The Stack: The Google cloud platform, Google Compute Engine, now allows customers to create their own encryption keys as an alternative to the Google-provided default encryption. Google Compute Engine automatically encrypts all data at rest, managing customer data encryption as a part of the Compute Engine service. However, some customers prefer to manage and control cloud encryption internally, to further tighten data security.

Google has released a comprehensive set of instructions for a customer to create their own encryption key. The Customer-Supplied Encryption Key (CSEK) is then used to protect the Google-generated keys that are used automatically for data encryption. The CSEK is an additional layer of protection for data stored in the cloud. Using an internally-generated encryption key also allows customers to control data encryption without using third-party providers, whose services are available at an additional cost.

Cloud

Amazon and Microsoft Are Running One and Two in Two-Cloud Race (fortune.com) 75

When it comes to computing capacity for public cloud services, Amazon and Microsoft are dominating the pack. According to research firm Gartner, Google is the third in this cloud race. The conclusion comes as Gartner looks into Magic Quadrant's annual report surveys, which estimates the amount and type of cloud computing services offered for rent by big companies. Fortune reports: Amazon's continued strength will not surprise many considering the resources it has poured into this now-$10-plus billion a year business. AWS "has the largest share of compute capacity in use by paying customers -- many times the aggregate size of all other providers in the market," according to the report. Last year, Gartner's take was that AWS ran more than 10 times the cloud compute capacity as the next 14 cloud players combined. Asked whether that means Amazon's dominance has held steady, grown, or decreased year over year, Gartner managing vice president Rakesh Kumar told Fortune the research firm does not have the exact comparable figure, but that it is "reasonable to assume" that AWS has maintained the same lead this year. The odd man out here appears to be Google, which has been trying hard to win market share from the other two powers and to prove that it is serious about the public cloud market. Google remains the third largest player by Gartner's measures, but it has slipped a bit relative to the top two.
Canada

Canada Wants To Keep Federal Data Within National Borders (thestack.com) 104

An anonymous reader quotes a report from The Stack: Canada has released its latest federal cloud adoption strategy, now available for public comment, which includes policy concerning the storing of sensitive government information on Canadian citizens within national borders. The newly-published [Government of Canada Cloud Adoption Strategy] requires that only data which the government has categorized as "unclassified," or harmless to national and personal security, will be allowed outside of the country. This information will still be subject to strict encryption rules. The new strategy, which has been in development over the last year, stipulates that all personal data stored by the government on Canadian citizens, such as social insurance numbers and critical federal information, must be stored in Canada-based data centers in order to retain "sovereign control."
Data Storage

8TB Drives Are Highly Reliable, Says Backblaze (yahoo.com) 209

An anonymous reader writes from a report via Yahoo News: Cloud backup and storage provider Backblaze has published its hard drive stats for Q2 2016. Yahoo News reports: "The report is based on data drives, not boot drives, that are deployed across the company's data centers in quantities of 45 or more. According to the report, the company saw an annualized failure rate of 19.81 percent with the Seagate ST4000DX000 4TB drive in a quantity of 197 units working 18,428 days. The next in line was the WD WD40EFRX 4TB drive in a quantity of 46 units working 4,186 days. This model had an annualized failure rate of 8.72 percent for that quarter. The company's report also notes that it finally introduced 8TB hard drives into its fold: first with a mere 45 8TB HGST units and then over 2,700 units from Seagate crammed into the company's Blackblaze Vaults, which include 20 Storage Pods containing 45 drives each. The company moved to 8TB drives to optimize storage density. According to a chart provided in the report, the 8TB drives are highly reliable. The HGST HDS5C8080ALE600 worked for 22,858 days and only saw two failures, generating an annualized failure rate of 3.20 percent. The Seagate ST8000DM002 worked for 44,000 days and only saw four failures, generating an annual failure rate of 3.30 percent." For comparison, Backblaze's reliability report for Q1 2016 can be found here.

UPDATE 8/2/16: Corrected Seagate Model "DT8000DM002" to "ST8000DM002."
Privacy

Microsoft's SwiftKey Suspends Sync After Keyboard Leaks Strangers' Contact Details (zdnet.com) 41

Swiftkey has suspended its cloud-sync service and switched off email address predictions amid reports of Microsoft-owned keyboard app delivering suggestions for strangers' email addresses and phone numbers. ZDNet reports: The move followed reports a week ago that the app was offering up email addresses to people they've never met. According to The Telegraph, one user claimed to have been contacted by a stranger and told that their brand-new phone had suggested two of the user's email addresses, as well as contact phone numbers. Reports of the bug also cite some users receiving predictions in languages they'd never used previously. "I logged into SwiftKey with Google+ and now, I'm getting someone else's German predictions with only English (UK) pack installed. I have never typed German in my entire life," one Reddit user reported last week. SwiftKey on Friday suggested the leaked contact details are due to a glitch in this sync service, which normally backs up what the app learns about a user to SwiftKey servers and then syncs that data to the user's other devices.Microsoft acquired SwiftKey app earlier this year for an estimated sum of $250 million.
Operating Systems

Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host (itnews.com.au) 73

Slashdot reader Noryungi writes: Qubes OS certainly has an intriguing approach to security, but a newly discovered Xen vulnerability allows a hacker to escape a VM and own the host. If you are running Qubes, make sure you update the dom0 operating system to the latest version.
"A malicious, paravirtualized guest administrator can raise their system privileges to that of the host on unpatched installations," according to an article in IT News, which quotes Xen as saying "The bits considered safe were too broad, and not actually safe." IT News is also reporting that Qubes will move to full hardware memory virtualization in its next 4.0 release. Xen's hypervisor "is used by cloud giants Amazon Web Services, IBM and Rackspace," according to the article, which quotes a Qubes security researcher who asks the age-old question. "Has Xen been written by competent developers? How many more bugs of this caliber are we going to witness in the future?"
Microsoft

Court Ruling Shows The Internet Does Have Borders After All (csoonline.com) 47

itwbennett writes: Microsoft's recent victory in court, when it was ruled that the physical location of the company's servers in Ireland were out of reach of the U.S. government, was described on Slashdot as being "perceived as a major victory for privacy." But J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) has a different view of the implications of the ruling that speaks to John Perry Barlow's vision of an independent cyberspace: "By recognizing the jurisdictional boundaries of Ireland, it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries. We have seen similar laws emerge in Russia -- they fall under a policy trend towards 'data localization' that has many cloud service and global organizations deeply concerned. Which leads to a tough question: what happens if every country tries to assert jurisdictional control over the web? Might we end up with a fractured web, a 'splinternet,' of lessening utility?"
Security

SwiftKey Bug Leaked Email Addresses, Phone Numbers To Strangers (theverge.com) 29

An anonymous reader writes: After many users reported receiving predictions meant for other users, such as email addresses and phone numbers, SwiftKey has suspended part of its service. The service responsible for the bug was SwiftKey's cloud sync service. The Verge reports that one user, an English speaker, was getting someone else's German suggestions, while someone received NSFW porn search suggestions. The Telegraph also reports, "One SwiftKey user, who works in the legal profession and ask to remain anonymous, found out their details had been compromised when a stranger emailed them to say that a brand new phone had suggested their email address when logging into an account online. 'A few days ago, I received an email from a complete stranger asking if I had recently purchased and returned a particular model of mobile phone, adding that not one but two of my email addresses (one personal and one work address) were saved on the phone she had just bought as brand-new,' said the user." SwiftKey released an official statement today about the issue but said that it "did not pose a security issue."
Communications

Ask Slashdot: How Transparent Should Companies Be When Operational Technology Failures Happen? 93

New submitter supernova87a writes: Last week, Southwest Airlines had an epic crash of IT systems across their entire business when "a router failure caused the airlines' systems to crash [...] and all backups failed, causing flight delays and cancellations nationwide and costing the company probably $10 million in lost bookings alone." Huge numbers of passengers, crew, and airplanes were stranded as not only reservations systems, but scheduling, dispatch, and other critical operational systems had to be rebooted over the course of 12 hours. Passenger delays, which directly attributable to this incident, continued to trickle down all the way from Wednesday to Sunday as the airline recovered. Aside from the technical issues of what happened, what should a public-facing company's obligation be to discuss what happened in full detail? Would publicly talking about the sequence of events before and after failure help restore faith in their operations? Perhaps not aiming for Google's level of admirable disclosure (as in this 18-minute cloud computing outage where a full post-mortem was given), should companies aim to discuss more openly what happened and how they recovered from system failures?

Slashdot Top Deals