Long-time Slashdot reader emil writes about how ADUPS, an Android "firmware provisioning" company specializing in both big data collection of Android usage and hostile app installation and/or firmware control, has been found pre-loaded on Barnes and Noble's new $50 tablet: ADUPS was recently responsible for data theft on BLU phones and an unsafe version of the ADUPS agent is pre-loaded on the Barnes and Noble BNTV450. ADUPS' press releases claim that Version 5.5 of their agent is safe, but the BNTV450 is running 5.2. The agent is capable of extracting contacts, listing installed apps, and installing new apps with elevated privilege. Azzedine Benameur, director of research at Kryptowire, claims that "owners can expect zero privacy or control while using it."

Federals agents have accused Brian Brundage, the former owner of Chicago-based electronics recycling company Intercon Solutions and current owner of EnviroGreen Processing, of fraud for failing to properly break down and recycle electronic devices according to federal guidelines. Brundage allegedly shipped Cathode Ray Tubes (CRTs) from old computer and TV monitors, which contained "hazardous amounts of lead," and batteries to overseas landfills for disposal. The leftover electronics that weren't shipped overseas were destroyed inappropriately at his businesses or stored in warehouses, which is forbidden by federal guidelines. Ars Technica reports: According to the indictment (PDF), Brundage also improperly resold many of the electronics he acquired. Between 2009 and 2015, Brundage received shipments of calculators from an unnamed technology company in Texas with instructions to disassemble the calculators and recycle them accordingly. But Brundage apparently resold the calculators to another company based in Tampa, Florida, which purchased and sold used electronics. In exchange for the shipments of calculators, Brundage allegedly had the company in Tampa directly pay some of Brundage's personal expenses. Those expense include between $31,000 and $39,000 per year for a nanny and $26,000 to $42,000 per year for a housekeeper, as well as tens of thousands of dollars for jewelry expenses and payments to an Indiana-based casino. Among the more colorful accusations in the US government's indictment of Brundage: the businessman allegedly went to lengths to fool third-party auditors into giving his companies the certifications necessary to keep doing business as an e-recycler. Brundage allegedly invited unknowing customers on sham tours of Intercon's facility. Once there, he "directed Intercon's warehouse staff to set up a staged disassembly line to make it falsely appear as though Intercon regularly processed e-waste in a manner that was consistent with its public representations." The Chicago Tribune published a feature on Intercon in 2007. In it, Brundage is quoted saying, "We put old products on a disassembly line. We break each item down to raw materials and send them off to be smelted and reused." He added, "nothing that leaves here goes to a landfill."

An anonymous reader quotes a report from The Verge: Today, ATT introduced a new service for automated blocking of fraud or spam calls. Dubbed ATT Call Protect, the system identifies specific numbers believed to be sources of fraud, and will either deliver those calls with a warning or block them outright. Users can whitelist specific numbers, although temporary blocks require downloading a separate Call Protect app. The feature is only available on postpaid iOS and Android devices, and can be activated through the MyATT system. Phone companies have allowed for manual number blocking for years, and third-party apps like Whitepages and Privacystar use larger databases of untrustworthy numbers to preemptively block calls from the outside. But ATT's new system would build in those warnings at the network level, and give operators more comprehensive data when assembling suspected numbers. More broadly, marketing calls are subject to the national Do Not Call registry. Specific instances of fraud can still be reported through carriers or directly to police.

An anonymous reader writes: Swedish hardware hacker Ulf Frisk has created a device that can extract Mac FileVault2 (Apple's disk encryption utility) passwords from a device's memory before macOS boots and anti-DMA protections kick in. The extracted passwords are in cleartext, and they also double as the macOS logon passwords. The attack requires physical access, but it takes less than 30 seconds to carry out. A special device is needed, which runs custom software (available on GitHub), and uses hardware parts that cost around $300. Apple fixed the attack in macOS 10.12.2. The device is similar to what Samy Kamker created with Poison Tap.

New submitter drunkdrone quotes a report from International Business Times: Samsung is reported to be equipping its upcoming Galaxy S8 flagship with all manner of technical marvels in its attempt to erase the Note 7 catastrophe from memory. However, Google may throw a wrench into the works by potentially prohibiting Samsung from imbuing the phone with one of its most compelling features (Warning: source may be paywalled; alternate source) -- its AI personal assistant. Reports have suggested that Samsung planned to load the Galaxy S8 with Viv, a smartphone-based digital assistant similar to Apple's Siri and Google Assistant. Because of an ongoing non-compete pact between Samsung and Google, however, Samsung may be forced to exclude Viv from its upcoming flagship as would challenge Google's digital helper. The report adds: "According to Recode, the restriction forms part of a patent-sharing agreement Samsung signed with Google in 2014. While the pact will allow the two companies to put up a stronger, united front against Apple, it may hinder Samsung's ambitions for independence and its attempts to differentiate itself from the wider Android crowd."

An anonymous reader quotes a report from BleepingComputer: Malicious ads are serving exploit code to infect routers, instead of browsers, in order to insert ads in every site users are visiting. Unlike previous malvertising campaigns that targeted users of old Flash or Internet Explorer versions, this campaign focused on Chrome users, on both desktop and mobile devices. The malicious ads included in this malvertising campaign contain exploit code for 166 router models, which allow attackers to take over the device and insert ads on websites that didn't feature ads, or replace original ads with the attackers' own. Researchers haven't yet managed to determine an exact list of affected router models, but some of the brands targeted by the attackers include Linksys, Netgear, D-Link, Comtrend, Pirelli, and Zyxel. Because the attack is carried out via the user's browser, using strong router passwords or disabling the administration interface is not enough. The only way users can stay safe is if they update their router's firmware to the most recent versions, which most likely includes protection against the vulnerabilities used by this campaign. The "campaign" is called DNSChanger EK and works when attackers buy ads on legitimate websites and insert malicious JavaScript in these ads, "which use a WebRTC request to a Mozilla STUN server to determine the user's local IP address," according to BleepingComputer. "Based on this local IP address, the malicious code can determine if the user is on a local network managed by a small home router, and continue the attack. If this check fails, the attackers just show a random legitimate ad and move on. For the victims the crooks deem valuable, the attack chain continues. These users receive a tainted ad which redirects them to the DNSChanger EK home, where the actual exploitation begins. The next step is for the attackers to send an image file to the user's browser, which contains an AES (encryption algorithm) key embedded inside the photo using the technique of steganography. The malicious ad uses this AES key to decrypt further traffic it receives from the DNSChanger exploit kit. Crooks encrypt their operations to avoid the prying eyes of security researchers."

BrianFagioli quotes a report from BetaNews: When people think of the technology behind video games and movies, they often just focus on the visuals. True, when creating an immersive experience, the video is probably the most important aspect from a technological perspective. With that said, audio quality is very important too. Today, Microsoft announces that both Xbox One And Windows 10 will be getting Dolby Atmos support in future updates. If you aren't familiar, it is a surround sound technology with a focus on immersion. Don't have compatible audio hardware? Don't worry -- the Windows-maker is promising a "virtual" Atmos experience too. Larry Hryb, Xbox Live's Major Nelson said in a statement, "Xbox will be the first game console to feature Dolby Atmos and game developers are excited about using the new capabilities to make their games richer and more engaging. Atmos support for the Blu-ray app on Xbox is already available in Preview and will be released to GA soon -- and we're very excited now to offer Atmos support to games on Xbox One and Windows 10."

MojoKid writes from a report via HotHardware: AMD has just officially unveiled that desktop variants of its Zen processor family will now be branded RYZEN. Zen-based processors will eventually target desktops, servers, and mobiles device, but the first wave of products will be targeted at the performance desktop market, where gamers and VR continue to spur growth. AMD is positioning RYZEN as a high-performance option and though there will be other core configurations as well, AMD has disclosed that one of the high-end options in the initial RYZEN line-up will feature 8 cores (16 threads with SMT) and at minimum a 3.4 GHz base clock, with higher turbo frequencies. That processor will also be outfitted with 20MB of cache -- 4MB of L2 and 16MB of L3 -- and it will be infused with what AMD is calling SenseMI technology. SenseMI is essentially fancy branding for the updated branch predictor, prefetcher, and power and control logic in Zen. AMD's upcoming AM4 platform for RYZEN will be outfitted with all of the features expected of a modern PC enthusiast platform. AM4 motherboards will use DDR4 memory and feature PCIe Gen 3 connectivity, and support for USB 3.1 Gen 2, NVMe, and SATA Express. Performance demos of RYZEN shown to members of the press pit a stock Intel Core i7-6900K (3.2GHz base, 3.7GHz turbo) with Turbo Boost that was enabled on the 6900K, versus RYZEN with boost disabled running at 3.4GHz flat. In the demo, the RYZEN system outpaced the Core i7-6900K by a few seconds.

Microsoft has released its Xbox One streaming app to the Oculus Store today, allowing Xbox One owners to stream games to their Oculus Rift virtual-reality headset via a Windows 10 PC. The Verge reports: The app itself looks just like the Windows 10 version of Xbox streaming, with the ability to select different consoles on a network before streams are launched. Microsoft has also added the ability to open the Xbox One guide and control the orientation of games in the virtual environment. If you're interested in streaming Xbox One games to the Oculus Rift then you'll need a Windows PC to take advantage of the streaming, and games will be streamed directly from a console that's powered on and not in use. The Xbox streaming app is available immediately in the Oculus Store. The streaming app is a far cry from full VR gaming, but the app will let you simulate playing games on a large screen in a virtual environment. "Whether you're taking on Gears of War 4, Forza Horizon 3, or any other Xbox One game, you'll be able to play in three different environments from the start -- each titled 'Citadel,' 'Retreat,' and 'Dome,'" reports Windows Central.

New submitter mikehusky quotes a report from The Register: Washington D.C. think tank the Institute for Critical Infrastructure Technology is calling for regulation on "negligence" in the design of internet-of-things (IoT) devices. If the world wants a bonk-detecting Wi-Fi mattress, it must be a malware-free bonk-detecting Wi-Fi mattress. The report adds: "Researchers James Scott and Drew Spaniel point out in their report Rise of the Machines: The Dyn Attack Was Just a Practice Run [PDF] that IoT represents a threat that is only beginning to be understood. The pair say the risk that regulation could stifle market-making IoT innovation (like the Wi-Fi cheater-detection mattress) is outweighed by the need to stop feeding Shodan. 'Regulation on IoT devices by the United States will influence global trends and economies in the IoT space, because every stakeholder operates in the United States, works directly with United States manufacturers, or relies on the United States economy. Nonetheless, IoT regulation will have a limited impact on reducing IoT DDoS attacks as the United States government only has limited direct influence on IoT manufacturers and because the United States is not even in the top 10 countries from which malicious IoT traffic originates.' State level regulation would be 'disastrous' to markets and consumers alike. The pair offer their report in the wake of the massive Dyn and Mirai distributed denial of service attacks in which internet of poorly-designed devices were enslaved into botnets to hammer critical internet infrastructure, telcos including TalkTalk, routers and other targets."

Bose has launched a new pair of earbuds called Hearphones that augment the sounds of the world around you, letting you select what kinds of outside noises you'd like to listen to. "Hearphones users can also pick which direction those outside noises come from, with what appears to be specific emphasis on helping people hear voices better in crowded places," reports The Verge: A "Bose Hear" app was recently added to the App Store, and offers a little more detail about what Hearphones are capable of. You can turn the "world volume" up or down, and change the direction you're hearing those sounds from. There are preset modes like "television," "focused conversation," "airplane," "doctor's office," or "gym," all of which presumably block out different sounds from different directions while letting in things like speech. A user manual was also recently submitted to the FCC. No pricing or availability can be found anywhere on Bose's website or in the app. Here's some more from that app's description: "Innovative technologies amplify softer sounds, let you turn down the distractions in noisy environments and focus on what you want to hear -- like a conversation across the table. You can also use them as controllable noise cancelling [sic] wireless headphones for your music or calls or just for quiet. Take control of the noise, and hear the world better."

Those who are still clinging on to their Galaxy Note 7, even after Samsung recalled the devices due to faulty batteries in mid-September, may want to seriously reconsider returning them to the Korean company. The Verge has obtained an image of an alert that went out to at least one Note 7 owner on U.S. Cellular today stating that, "As of December 15th, Samsung will modify the software to prevent the Galaxy Note 7 from charging. The phone will no longer work." The Verge reports: It's not clear whether Note 7s will be disabled across the major U.S. carriers as well, but it seems likely that'll be the case. In the past, updates disabling Note 7 features have rolled out across Verizon, ATT, and other carriers within a matter of days. That's probably what'll happen here, as well. By preventing the phone from charging, Samsung takes the final step to making the phone entirely unusable. It's still offering Note 7 owners the ability to fully return the phone or exchange it for another Samsung device. As of November 4th, when Samsung last provided an update, 85 percent of Note 7s sold in the U.S. had been recovered. That still left around 285,000 phones unaccounted for. Completely disabling the phone seems to be Samsung's last-ditch effort to either recover the remaining devices or remove what risk they still pose to consumers.

Trailrunner7 quotes a report from On the Wire: Malware gangs, like sad wedding bands bands, love to play the hits. And one of the hits they keep running back over and over is the Zeus banking Trojan, which has been in use for many years in a number of different forms. Researchers have unearthed a new piece of malware called Floki Bot that is based on the venerable Zeus source code and is being used to infect point-of-sale systems, among other targets. Flashpoint conducted the analysis of Floki Bot with Cisco's Talos research team, and the two organizations said that the author behind the bot maintains a presence on a number of different underground forums, some of which are in Russian or other non-native languages for him. Kremez said that attackers sometimes will participate in foreign language forums as a way to expand their knowledge. Along with its PoS infection capability, Floki Bot also has a feature that allows it to use the Tor network to communicate. "During our analysis of Floki Bot, Talos identified modifications that had been made to the dropper mechanism present in the leaked Zeus source code in an attempt to make Floki Bot more difficult to detect. Talos also observed the introduction of new code that allows Floki Bot to make use of the Tor network. However, this functionality does not appear to be active for the time being," Cisco's Talos team said in its analysis.

Google today announced it will open up Home to third-party developers, allowing all developers to start bringing their applications and services to the Google Assistant. Developers can start building "conversation actions" for the Google Assistant, which "allows developers to create back-and-forth conversations with users through the Assistant," writes Frederic Lardinois via TechCrunch. "Users can simply start these conversations by using a phrase like 'OK Google, talk to Eliza.'" TechCrunch reports: While the Assistant also runs on the Pixel phones and inside the Allo chat app, Google says it plans to bring actions to these other "Assistant surfaces" in the future, but it's unclear when exactly this will happen. To help developers who want to build these new Conversation Actions get started, Google has teamed up with a number of partners, including API.AI, GupShup, DashBot and VoiceLabs, Assist, Notify.IO, Witlingo and Spoken Layer. Google has also allowed a small number of partners to enable their apps on Google Home already. These integrations will roll out as early as next week. Given that users will be able to invoke these new actions with a simple command (and without having to first enable a skill, like on Alexa), Google's platform looks to be a rather accessible and low-friction way for developers to get their voice-enabled services to users. Google will have the final say over which actions will be enabled on Google Home.

An anonymous reader quotes a report from The Verge: T-Mobile just revealed its answer to ATT's NumberSync technology, which lets customers use one phone number across all their connected devices. T-Mobile's version is called Digits and it will launch in a limited, opt-in customer beta beginning today before rolling out to everyone early next year. "You can make and take calls and texts on whatever device is most convenient," the company said in its press release. "Just log in and, bam, your call history, messages and even voicemail are all there. And it's always your same number, so when you call or text from another device, it shows up as you." When it leaves beta, Digits will cost an extra monthly fee, but T-Mobile isn't revealing pricing today. "This is not going to be treated as adding another line to your account," said COO Mike Sievert. "Expect us to be disruptive here." And while its main feature is one number for everything, Digits does offer T-Mobile customers another big perk: multiple numbers on the same device. This will let you swap between personal and work numbers without having to maintain separate lines and accounts. You can also give out an "extra set" of Digits in situations where you might be hesitant to give someone your primary number; this temporary number forwards to your devices like any other call. You can have multiple numbers for whatever purposes you want, based on T-Mobile's promotional video.

A team of former Samsung engineers have developed a smart umbrella, dubbed Opus One, that tells its owner if it's going to rain with the shake of the handle. International Business Times reports: Developed by a team of former Samsung engineers, Opus One smart umbrella works when it is connected to the smartphone via Bluetooth 4.1 through its companion app Jonas. The device gets weather reports every morning from credible sources and sends alert to its owner when its handle is shaken. Red light on the device indicates rain on that particular day, while a green one indicates clear skies. Jonas collects weather data of select cities and sends the information to Opus One smart umbrella, thus helping the owner to know if it's going to rain on a particular day. The device notifies its owner by vibrating if the smartphone connected to the app receives calls, emails or text messages. The smart umbrella also vibrates if its owner leaves behind the smartphone that is connected to it before the user gets too far away. The smartphone too will vibrate and alert its owner if the smart umbrella is left behind. This will help prevent loss of both the products. The umbrella runs on AAA batteries and costs about $105.

Microsoft's response to the Amazon Echo and Google Home is Home Hub, a software update for Windows 10's Cortana personal assistant that turns any Windows PC into a smart speaker of sorts. Mashable reports: Microsoft's smart digital assistant Cortana can already answer your queries, even if the PC's screen is locked. The Home Hub is tied to Cortana and takes this a few steps further. It would add a special app with features such as calendar appointments, sticky notes and shopping lists. A Home Hub-enabled PC might have a Welcome Screen, a full-screen app that displays all these, like a virtual fridge door. Multiple users (i.e. family members) could use the Home Hub, either by authenticating through Windows Hello or by working in a family-shared account. Cortana would get more powerful on Home Hub; it could, for example, control smart home devices, such as lights and locks. And even though all of this will work on any Windows 10 device -- potentially making the PC the center of your smart home experience -- third-party manufacturers will be able to build devices that work with Home Hub. You can read Windows Central's massive report here. Do note that Home Hub is not official and individual features could change over time. The update is slated for 2017.

Engineers with manufacturing technology company Instrumental tore apart a Galaxy Note 7 to try and figure out what may have caused some devices to overheat and explode, causing Samsung to recall and eventually cancel all Galaxy Note 7 devices. In their damning new report, the engineers discovered the root of the problem appears to be that the battery is too tightly packed inside the body of the Note 7. Digital Trends reports: They discovered the battery was so tightly packed inside the Galaxy Note 7's body that any pressure from battery expansion, or stress on the body itself, may squeeze together layers inside the battery that are never supposed to touch -- with explosive results. Batteries swell up under normal use, and we place stress on a phone's body by putting it our pocket and sitting down, or if it's dropped. Tolerances for battery expansion are built into a smartphone during design, and Instrumental notes Samsung used "a super-aggressive manufacturing process to maximize capacity." In other words, the Galaxy Note 7 was designed to be as thin and sleek as possible, while containing the maximum battery capacity for long use, thereby better competing against rival devices such as the iPhone 7 Plus and improving on previous Note models. The report speculates that any pressure placed on the battery in its confined space may have squeezed together positive and negative layers inside the cell itself, which were thinner than usual in the Note 7's battery already, causing them to touch, heat up, and eventually in some cases, catch fire. Delving deeper into the design, the engineers say the space above a battery inside a device needs a "ceiling" that equates to approximately 10 percent of the overall thickness. The Galaxy Note 7 should have had a 0.5mm ceiling; it had none.

New submitter npslider writes: The "USB Killer," a USB stick that fries almost everything that it is plugged into, has been mass produced -- available online for about $50. Ars Technica first wrote about this diabolical device that looks like a fairly humdrum memory stick a year ago. From the report: "The USB Killer is shockingly simple in its operation. As soon as you plug it in, a DC-to-DC converter starts drawing power from the host system and storing electricity in its bank of capacitors (the square-shaped components). When the capacitors reach a potential of -220V, the device dumps all of that electricity into the USB data lines, most likely frying whatever is on the other end. If the host doesn't just roll over and die, the USB stick does the charge-discharge process again and again until it sizzles. Since the USB Killer has gone on sale, it has been used to fry laptops (including an old ThinkPad and a brand new MacBook Pro), an Xbox One, the new Google Pixel phone, and some cars (infotainment units, rather than whole cars... for now). Notably, some devices fare better than others, and there's a range of possible outcomes -- the USB Killer doesn't just nuke everything completely." You can watch a video of EverythingApplePro using the USB Killer to fry a variety of electronic devices. It looks like the only real defense from the USB Killer is physically capping your ports.

A Taiwanese Foxconn manager faces a stiff prison sentence after he stole 5,700 iPhones from his employer, and went to sell them for $1.56 million. The Next Web reports: Foxconn is a tech manufacturing giant. It makes a lot of things, including laptops for HP, phones for Apple, games consoles for Sony, and its workers so depressed it has to install suicide nets. The Taiwanese manager at the center of this crime -- known only by his family name, Tsai -- worked in the testing department at Foxconn's factory in Shenzhen, mainland China. According to Taiwanese prosecutors, Tsai ordered eight of his subordinates to smuggle out thousands of iPhones which were used by the company for testing and quality assurance purposes. These were destined to be scrapped after use. The stolen iPhones (mostly iPhone 5 and iPhone 5s models) made their way to stores in Shenzhen, and went on to make Tsai and his accomplices nearly $1.56 million USD (Tw$50 million). Tsai has since been charged with breach of trust and, if found guilty, he faces a maximum 10-year jail term.