Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Android

Google Voice Receives First Update in Five Years (zdnet.com) 65

Google Voice hasn't seen a lot of love or attention since it launched with some fanfare in 2009, but surprisingly Google wants people to know that it still cares about the communication app. In a new sprawling release -- the first of its kind in years -- Google has revamped all versions of its Voice app and site with a clean, modern look, new features, and, perhaps the best news of all, the promise of regular updates. From a report: Google is finally adding two features Google Voice users have long missed out on: MMS support for photo messaging and group chats. Previously workarounds were required to send and receive picture messages, and group chats were flat out not possible.
Technology

Alexa and Google Assistant Have a Problem: People Aren't Sticking With Voice Apps They Try (recode.net) 144

Amazon Echo and Google Home were the breakaway hits of the holiday shopping season. But both devices -- and the voice technologies that power them -- have some major hurdles to overcome if they want to keep both consumers and software developers engaged. From a report on Recode: That's one of the big takeaways from a new report that an industry startup, VoiceLabs, released on Monday. For starters, 69 percent of the 7,000-plus Alexa "Skills" -- voice apps, if you will -- have zero or one customer review, signaling low usage. What's more, when developers for Alexa and its competitor, Google Assistant, do get someone to enable a voice app, there's only a 3 percent chance, on average, that the person will be an active user by week 2, according to the report. (There are outliers that have week 2 retention rates of more than 20 percent.) For comparison's sake, Android and iOS apps have average retention rates of 13 percent and 11 percent, respectively, one week after first use. "There are lots of [voice] apps out there, but they are zombie apps," VoiceLabs co-founder Adam Marchick said in an interview.
China

China Cracks Down On International VPN Usage (thestack.com) 45

An anonymous reader writes: China's government has announced a 14-month crackdown on the use of unauthorised Virtual Private Networks (VPNs), commonly used by visitors and native activists, amongst others, to communicate with the world beyond the Great Firewall of China. Sunday's announcement [Chinese] from the Ministry of Industry and Information Technology reiterated regulations first outlined in 2002, but which have since been subject to sparse, selective or lenient enforcement. The new announcement promises a 'clean up' regarding the VPN situation in China, beginning immediately and running until March of 2018.
Security

Android Device's Pattern Lock Can Be Cracked Within Five Attempts, Researchers Show (phys.org) 123

The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts -- and more complicated patterns are the easiest to crack, security experts reveal. From a research paper: Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 percent of Android device owners. In order to access a device's functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked. New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software. By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy cafe; for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner's fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.
Google

More People Than Ever Are Using DuckDuckGo; Site Says It Observed 14M Searches in One Day This Month (betanews.com) 155

An anonymous reader shares a BetaNews article: A lot of people are more privacy aware than they have been in the past, and are wary of entrusting everything they search for to Google. That's where privacy-focused sites like DuckDuckGo come in. Its growth since it launched 8 years ago has been nothing short of staggering, with the number of searches skyrocketing since 2013, when Edward Snowden first revealed how the US government was spying on its people. The search site says it has to date served up over 10 billion anonymous searches, with 4 billion of those occurring in the last year alone, and the company says it is growing faster than ever. On January 10 2017, the site received in excess of 14 million private searches.
Chrome

Every Upcoming Chromebook Will Run Android Apps (laptopmag.com) 66

Google announced last year that it will be bringing Android apps to Chromebooks. The company has now announced that moving forward all the new Chromebooks will have access to the Google Play Store, the marquee store for Android apps. From a report: The news comes from a single line of text in Google's list of Chromebooks that can support the programs: "All Chromebooks launching in 2017 and after as well as the Chromebooks listed below will work with Android apps in the coming future." We knew this would eventually come, and now isn't terribly surprising timing. There are more Chromebooks with touchscreens than ever, including the Asus Chromebook Flip C302CA and Samsung's upcoming Chromebook Plus and Pro, all of which were announced at CES in Las Vegas.
Databases

Database Attacks Spread To CouchDB, Hadoop, and ElasticSearch Servers (bleepingcomputer.com) 65

An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
United States

Is The Tech Industry Driving Families Out of San Francisco? (nytimes.com) 366

Why does San Francisco now have fewer children per capita than any of America's largest 100 cities? An anonymous reader writes: A move to the suburbs began in the 1970s, but "The tech boom now reinforces the notion that San Francisco is a place for the young, single and rich," according to the New York Times. "When we imagine having kids, we think of somewhere else," one software engineer tells the paper. The article describes "neighborhoods where employees of Google, Twitter and so many other technology companies live or work" where the sidewalks make it seem "as if life started at 22 and ended somewhere around 40."

Or is San Francisco just part of a larger trend? "California, which has one of the world's 10 largest economies, recently released data showing the lowest birthrate since the Great Depression. And the Los Angeles Times argues California's experience may just be following national trends. The drop "likely stems from the recession, a drop in teenage pregnancies and an increase in people attending college and taking longer to graduate, therefore putting off having children, said Walter Schwarm, a demographer at the Department of Finance."

So is this part of a larger trend -- or something unique about San Francisco? The New York Times also quotes Richard Florida, author of The Rise of the Creative Class, who believes technology workers are putting off families when they move to the Silicon Valley area because they anticipate long working hours. There's also complaints about San Francisco's public school system -- 30% of its children now attend private schools, the highest percentage of any large American city. But according to the article, Peter Thiel believes that San Francisco is just "structurally hostile to families."
Open Source

Free Software Foundation Shakes Up Its List of Priority Projects (networkworld.com) 92

alphadogg quotes Network World: The Free Software Foundation Tuesday announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development, among other areas. The foundation has maintained the High Priority Projects list since 2005, when it contained just four free software projects. [That rose to 12 projects by 2008, though the changelog shows at least seven projects have since been removed.] Today's version mostly identifies priority areas, along with a few specific projects in key areas.
The new list shows the FSF will continue financially supporting Replicant, their free version of Android, and they're also still supporting projects to create a free software replacement for Skype with real-time voice and video capabilities. But they're now also prioritizing various projects to replace Siri, Google Now, Alexa, and Cortana with a free-software personal assistant, which they view as "crucial to preserving users' control over their technology and data while still giving them the benefits such software has for many."

And other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software.
Firefox

The SHA-1 End Times Have Arrived (threatpost.com) 48

"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...

Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant.
The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare
Security

Pwn2Own 2017 Offers Big Bounties For Linux, Browser, and Apache Exploits (eweek.com) 54

Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:
  • $100,000 for escaping a virtualization hypervisor
  • $80,000 for a Microsoft Edge or Google Chrome exploit
  • $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
  • $50,000 for an Apple Safari exploit
  • $30,000 for a Firefox exploit
  • $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
  • $200,000 for an Apache Web Server exploit

Google

Google Pressured 90,000 Android Developers Over Insecure Apps (pcworld.com) 50

An anonymous reader quotes PCWorld: Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps...

In the early days of the App Security Improvement program, developers only received notifications, but were under no pressure to do anything. That changed in 2015 when Google expanded the types of issues it scanned for and also started enforcing deadlines for fixing many of them... Google added checks for six new vulnerabilities in 2015, all of them with a patching deadline, and 17 in 2016, 12 of which had a time limit for fixes. These issues ranged from security flaws in third-party libraries, development frameworks and advertising SDKs to insecure implementations of Android Java classes and interfaces.

100,000 applications had been patched by April of 2016, but that number tripled over the next nine months, with 90,000 developers fixing flaws in over 275,000 apps.
Businesses

Uber Hires Former Google Search Chief Amit Singhal As SVP of Engineering (techcrunch.com) 26

The former Senior Vice President of Search and employee number 176 at Google has joined the ride-hailing company Uber as SVP of Engineering. TechCrunch is reporting that "Singhal will be heading up the Maps and Marketplace departments at Uber, while also advising CEO Travis Kalanick and Uber VP of Engineering and Otto co-founder Anthony Levandowski on their efforts to build out the company's self-driving technology." From the report: The last time we in tech news circles heard from Singhal, he was saying goodbye after a 15-year career at Google, in a farewell letter that felt a lot like a retirement announcement. Singhal wrote that he was leaving to "see what kind of impact [he could] make philanthropically" and to"spend more time with [his] family," in an effort to "define [his] next fifteen years." Now, a little under a year later, Singhal is back in an executive role -- this time at a much younger company, but still at one of the most influential technology firms in the world. So how did Singhal get from there to here? Well, for starters, Singhal did throw himself into philanthropic pursuits, focusing on the Singhal Foundation established by him and his wife Shipa, which aims to deliver access to high quality education for kids who normally wouldn't be able to attend top schools, and which began with a focus on the city of Jodhpur, in India. Singhal met Travis Kalanick through a mutual friend, which sparked a series of conversations between the search expert and the famous founder about Uber, its goals and its technical challenges. The combination of the scope of both Uber's potential impact, and the extent of the engineering hurdles it faces in achieving its aims were what drew Singhal in; he is, after all, a true engineer at heart, and mountainous technical challenges attract skilled engineers like nothing else. "This company is not only doing things that are amazing, this company also has some of the toughest computer science challenges that I have seen in my career of 25 years," Singhal told me. "Those computer science challenges for a computer science geek are just intriguing -- you give a geek a puzzle, they can't drop it; they need to solve the puzzle. That's how it felt to me."
Android

Galaxy S7 Display Defaults To Full HD After Nougat Update, But You Can Switch Back (androidcentral.com) 21

An anonymous reader writes: Samsung's new display scaling options change the default resolution of the Galaxy S7 and S7 edge. The Nougat update to the Galaxy S7 and S7 edge introduces a new display scaling option that lets you reduce the screen resolution as a way to conserve battery life. With the update, you can now choose between three modes -- WQHD (2560x1440), FHD (1920x1080), and HD (1280x720). While it's a nifty feature to have, the display on the Galaxy S7 and S7 edge is automatically defaulting to Full HD for those that have installed the update. Fortunately, you can easily switch back to the native Quad HD resolution by navigating to Settings -> Display.
Windows

Microsoft Targets Chrome Users With Windows 10 Pop-up Ad (pcmag.com) 171

Google Chrome users on Windows 10 are apparently being treated to a new experience: a pop-up ad. From a PCMag report: If you have Chrome installed and the icon present on the Windows Taskbar, chances are you're going to start seeing a pop-up advert appear suggesting you install Microsoft's Personal Shopping Assistant Chrome extension. Microsoft touts it as "Your smart shopping cart across the web." Opting to install the extension results in Microsoft monitoring which products you've searched for and viewed while using Chrome, and then offering to compare those products to find the best price. There's also alerts when prices change, and the ability to track products across all your devices. Of course, Microsoft will make money if you opt to purchase any products using the Assistant.
Security

Top Security Researchers Ask The Guardian To Retract Its WhatsApp Backdoor Report (technosociology.org) 70

Earlier this month The Guardian reported what it called a "backdoor" in WhatsApp, a Facebook-owned instant messaging app. Some security researchers were quick to call out The Guardian for what they concluded was irresponsible journalism and misleading story. Now, a group of over three dozen security researchers including Matthew Green and Bruce Schneier (as well as some from companies such as Google, Mozilla, Cloudflare, and EFF) have signed a long editorial post, pointing out where The Guardian's report fell short, and also asking the publication to retract the story. From the story: The WhatsApp behavior described is not a backdoor, but a defensible user-interface trade-off. A debate on this trade-off is fine, but calling this a "loophole" or a "backdoor" is not productive or accurate. The threat is remote, quite limited in scope, applicability (requiring a server or phone number compromise) and stealthiness (users who have the setting enabled still see a warning; "even if after the fact). The fact that warnings exist means that such attacks would almost certainly be quickly detected by security-aware users. This limits this method. Telling people to switch away from WhatsApp is very concretely endangering people. Signal is not an option for many people. These concerns are concrete, and my alarm is from observing what's actually been happening since the publication of this story and years of experience in these areas. You never should have reported on such a crucial issue without interviewing a wide range of experts. The vaccine metaphor is apt: you effectively ran a "vaccines can kill you" story without interviewing doctors, and your defense seems to be, "but vaccines do kill people [through extremely rare side effects]."
United States

Google Uses Search To Push Its Products: WSJ (usatoday.com) 62

Ads for Google and related companies were found in the top spot in 91% of 25,000 searches related to items, according to a report on WSJ. For example, a search for "phones" would produce ads for Google Pixel, which the company launched last year. From a report: Similar results were found for searches on "Watches" or "smoke detector," which produced ads for Android smartwatches and Nest devices, respectively. In a statement, Google says their marketing programs are "carefully designed" to not impact outside advertisers. "All our bids are excluded from the auction when determining the price paid by other advertisers, and we have strict rules and processes -- set to tougher levels than our customers -- to govern the use of our own ads products." The auction is a process deciding which ads will appear for users when they type in certain search queries. Strategies such as using relevant keywords give advertisers a better shot at their ad appearing on a search results page.
Microsoft

Microsoft is Bringing Cortana To Android Lock Screen (mspoweruser.com) 94

Microsoft is testing out a new way to access Cortana, its digital assistant, from the Android lock screen, with just a swipe. It's a new feature that's clearly designed to replace Google's own quick access, and to convince Android users to switch to Cortana. According to MSPowerUser, Cortana on the lock screen doesn't replace existing lock screens, so you can still use a custom one or the default experience that ships with your Android device. Cortana is activated simply by swiping left or right on the floating logo. Microsoft is currently testing this new feature, and any Android users can opt-in to trial the new beta features over at the Google Play Store.
Education

College Fires IT Admin, Loses Access To Google Email, Successfully Sues IT Admin For $250K (theregister.co.uk) 276

An anonymous reader quotes a report from The Register: Shortly after the American College of Education (ACE) in Indiana fired IT administrator Triano Williams in April, 2016, it found that it no longer had any employees with admin access to the Google email service used by the school. In a lawsuit [PDF] filed against Williams in July, 2016, the school alleges that it asked Williams to return his work laptop, which was supposed to have the password saved. But when Williams did so in May that year, the complaint says, the computer was returned wiped, with a new operating system, and damaged to the point it could no longer be used. ACE claimed that its students could not access their Google-hosted ACE email accounts or their online coursework. The school appealed to Google, but Google at the time refused to help because the ACE administrator account had been linked to William's personal email address. "By setting up the administrator account under a non-ACE work email address, Mr Williams violated ACE's standard protocol with respect to administrator accounts," the school's complaint states. "ACE was unaware that Mr Williams' administrator account was not linked to his work address until after his employment ended." According to the school's court filing, Williams, through his attorney, said he would help the school reinstate its Google administrator account, provided the school paid $200,000 to settle his dispute over the termination of his employment. That amount is less than half the estimated $500,000 in harm the school says it has suffered due to its inability to access its Google account, according to a letter from William's attorney in Illinois, Calvita J Frederick. Frederick's letter claims that another employee set up the Google account and made Williams an administrator, but not the controlling administrator. It says the school locked itself out of the admin account through too many failed password attempts. Williams, in a counter-suit [PDF] filed last month, claims his termination followed from a pattern of unlawful discrimination by the school in the wake of a change in management. Pointing to the complaint she filed with the court in Illinois, Frederick said Williams wrote a letter [PDF] to a supervisor complaining about the poor race relations at the school and, as a result of that letter, he was told he had to relocate to Indianapolis.

Slashdot Top Deals