bsharma writes from an article on the New York Times: WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge's wiretap order. [As recently as this past week, officials said,] the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp's encryption. (WhatsApp uses Signal software developed by Open Whisper Systems.) "WhatsApp cannot provide information we do not have," the company said this month when Brazilian police arrested a Facebook executive after the company failed to turn over information about a customer who was the subject of a drug trafficking investigation. "The F.B.I. and the Justice Department are just choosing the exact circumstance to pick the fight that looks the best for them," said Peter Eckersley, the chief computer scientist at the Electronic Frontier Foundation, a nonprofit group that focuses on digital rights. "They're waiting for the case that makes the demand look reasonable."

An anonymous reader writes: Bitcoin exchange portal Bitstamp is warning users of a Google Chrome extension that steals their Bitcoin when making a transfer. According to Bitstamp, this extension contains malicious code that is redirecting payments to its own Bitcoin address. Bitcoin web app developer Devon Weller confirmed Bitstamp's findings, saying that the extension was secretly replacing Bitcoin QR codes with its own. The extension's name is BitcoinWisdom Ads Remover and is still available on the Google Chrome Web Store. In July 2015, many users reported having similar issues with the same extension.

An anonymous reader writes from an article published on TorrentFreak: [A] criminal complaint details the FBI's suspicions that 25-year-old Preston McWaters had conveyed "false or misleading information regarding an explosive device." The FBI started digging and in February 2016 two search warrants against Twitter and Facebook required them to turn over information on several accounts. Both did and the criminal complaint makes it clear that the FBI believes that McWaters was behind the accounts and the threats. With McWaters apparently leaving incriminating evidence all over the place (including CCTV at Walmart where he allegedly purchased a pre-paid Tracfone after arriving in his own car), the FBI turned to IP address evidence available elsewhere. "During the course of the investigation, subpoenas and search warrants have been directed to various companies in an attempt to identify the internet protocol (IP) address from where the email messages are being sent," the complaint reads. "All the responses from [email provider] 1&1, Facebook, Twitter, and Tracfone have been traced by IP address back to a company named London Trust Media [doing business as] PrivateInternetAccess.com. A subpoena was sent to London Trust Media and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States," the FBI's complain reads. "However, London Trust did provide that they accept payment for their services through credit card with a vendor company of Stripe and/or Amazon. They also accept forms of payment online through PayPal, Bitpay, Bit Coin, Cash You, Ripple, Ok Pay, and Pay Garden."

While McWaters is yet to be found guilty, it's a sad fact that some people will use anonymizing services such as VPNs, pre-paid phones and anonymous email providers to harass others. And thankfully, as this case shows, they'll need to hide a lot more than their IP address to get away with that level of crime.

jones_supa writes: The hotel in which Matthew Garrett was staying at, had decided that light switches are unfashionable and replaced them with a series of Android tablets. In his tour to the system, one was quickly met with a glitch message "UK_bathroom isn't responding." Anyway, two of the tablets had convenient-looking ethernet cables plugged into the wall, so MacGyver began hacking. He managed to borrow a couple of USB ethernet adapters, set up a transparent bridge and then stick his laptop between the tablet and the wall. Tcpdump showed traffic, and Wireshark revealed that it was Modbus over TCP. Modbus is a pretty trivial protocol, and does not implement authentication. The Pymodbus tool could be used to control lights, turn the TV on/off, and even close and open the curtains. Then he noticed something. His room number was 714. The IP address he was communicating with was 172.16.207.14. They wouldn't, would they? Indeed, he could access the control systems on every floor and query other rooms to figure out whether the lights were on or not, which strongly implies that he could control them as well.

An anonymous reader writes: Many users have confirmed in the comment section of a popular reddit post that "Windows 7 computers are being reported as automatically starting the Windows 10 upgrade without permission." It's no secret that Microsoft wants users to upgrade to their new OS. Earlier in the year, Windows 10 was set as a 'recommended update' so when you install new security or bug patches, the new OS is selected by default as well. Terry Myerson, head of the OS group at Microsoft, warned users about the possibility of the OS automatically installing. "Depending upon your Windows Update settings, this may cause the upgrade process to automatically initiate on your device. Before the upgrade changes the OS of your device, you will be clearly prompted to choose whether or not to continue," he said. Whether or not the recent outcry is caused from users forgetting to deselect the Windows 10 upgrade in the update list or Microsoft updating Windows 7 PCs without users' permission, the good news is that you have 30 days to downgrade to the previous version of the OS.

JoeyRox writes: President Obama said Friday that smartphones -- like the iPhone the FBI is trying to force Apple to help it hack -- can't be allowed to be "black boxes," inaccessible to the government. He believes technology companies should work with the government on encryption rather than leaving the issue for Congress to decide. He went on to say, "If your argument is strong encryption no matter what, and we can and should create black boxes, that I think does not strike the kind of balance we have lived with for 200, 300 years, and it's fetishizing our phones above every other value." Obama's appearance on Friday at the event known as SXSW, the first by a sitting president, comes as the FBI tries to force Apple to help investigators access an iPhone used by one of the assailants in December's deadly San Bernardino, California, terror attack. "The question we now have to ask is, if technologically it is possible to make an impenetrable device or system, where the encryption is so strong there's no key, there's no door at all, then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot?" Obama said. "If in fact you can't crack that at all, government can't get in, then everybody's walking around with a Swiss bank account in their pocket." He said compromise is possible and the technology industry must help design it.

An anonymous reader writes: Hewlett Packard Enterprise has announced its HPE Haven OnDemand machine learning service to bring Big Data analytics to mainstream developers. "HPE Haven OnDemand democratizes Big Data by bringing the power of machine learning, traditionally reserved for high-end, highly trained data scientists, to the mainstream developer community," said exec Colin Mahony. "Now, anyone can leverage our easy to use cloud-based service to harness the rich variety of data available today to build applications that produce new insights, differentiate businesses, delight customers and deliver competitive advantage." The platform, which is hosted on Microsoft's Azure platform, features more than 60 advanced ML APIs and services to help developers build data-driven applications including mobile, enterprise, consumer, desktop and Internet of Things projects. The APIs provide capabilities such as "prediction, face-detection, speech-to-text, and knowledge graph analysis for a wide range of data formats, including text, audio, image, social, web and video," the company said.

An anonymous reader writes: The official Apple Events page has been updated in advance of the newly announced media event. Invitations were sent out earlier Thursday inviting members of the press to "let us loop you in." The event will be streamed using Apple's HTTP Live Streaming technology and will require an iPhone, iPad or iPod Touch running iOS 7.0 or later. The company is expected to announce a new, smaller iPhone SE, that will be the same size as the iPhone 5 but with improved specs like a A9 processor and 8-megapixel rear camera. In addition, Apple is expected to announce a new, smaller iPad Pro. It is rumored to feature a 9.7" display and a Smart Connector to support Smart Keyboard -- it may even be compatible with the Apple Pencil. We can expect some kind of update for the Apple Watch, most likely new Apple Watch bands. A black version of the Milanese Loop may be in the works to match the Space Black Apple Watch. Of course, Apple will talk encryption as the event is scheduled one day before the next hearing between Apple and the FBI on March 22. Apple may surprise us with new MacBooks or OS X updates but we will most likely have to wait until Apple's developer conference in June.

An anonymous reader writes: The way you move your mouse is unique, like fingerprints, and can be used by dark forces to track you on supposedly anonymous and secure networks like Tor, according to a Barcelona researcher. Because the Tor Project has failed to address a ten-month-old issue regarding "time measurement via JavaScript," there are a series of user fingerprinting techniques that are quite accurate at identifying users based on their mouse movements, scrolling speed, and how their browser and hardware reacts to certain JavaScript code. If a user visits a "fingerprinting" website via Tor and then via a normal browser, an attacker can have a general idea about their identity and can even pinpoint them to real IPs. The data that is usually logged in fingerprinting schemes is not 100% reliable or accurate for that matter, but it provides a starting point for future investigations.

An anonymous reader writes: A U.S. judge has just admitted the existence of the NSA's infamous PRISM program by name, apparently the first time any federal judge has done so. PRISM has been an open secret since June 2013, when documents leaked by former NSA contractor Edward Snowden were first made public. An ominous NSA PowerPoint training slide claimed that PRISM allowed "collection [of user data] directly from the servers" of major American tech companies like Yahoo, Google, and Apple, though those tech companies immediately and fiercely protested that no, to their knowledge, they didn't give the NSA such access. It's since been generally accepted that the NSA wasn't physically accessing those companies' servers with PRISM, but instead creating a streamlined legal process to compel those companies, via orders processed in the secret Foreign Intelligence Surveillance Court, to turn over users' data. Since the program's disclosure, most government reports and redacted FISA court orders have referred to PRISM by the legal authority the NSA claims authorizes it, Section 702 of the Foreign Intelligence Surveillance Act. But that's confusing, because 702 also authorizes what's called Upstream collection, which gives the NSA access to raw internet data -- not the same thing as PRISM, which is more specifically targeted.

Zothecula writes: Drones are being utilized in everything from parcel delivery to search and rescue, but their limited flight times are restricting their ability to travel great distances or stay for extended periods of time in the field. Simply adding more batteries, however, affects flight characteristics and reduces the load the drone can carry. To help solve this problem, researchers at the Pohang University of Science and Technology (Postech) have created a miniature fuel cell they claim not only provides enough energy to keep a drone in the sky for over an hour, but may well find applications in powering everything from smartphones to cars in the not-too-distant future. Developed by Professor Gyeong Man Choi and his Ph.D. student Kun Joong Kim at Postech, the new solid oxide fuel cell is claimed by the researchers to be the first to use porous stainless steel in combination with thin-film electrolyte, all brought together using a technique known as tape casting-lamination-cofiring. Allied with electrodes of low heat capacity, this amalgamation not only results in increased performance, but also in higher long-term durability. The Postech device generates power by converting hydrogen (in this case, "Wet" H2 gas comprising 97 percent H2 and 3 percent H2O mixture) supplied as fuel gas to the anode to create electricity. It does this through the use of a solid oxide material acting as the electrolyte that allows the conduction of negative oxygen ions from the cathode to the anode. These ions diffuse through the solid oxide electrolyte to the anode where they oxidize the fuel. This reaction produces electrons, which then flow through an external circuit to provide power.

An anonymous reader writes: Apple software engineering VP Craig Federighi recently dispelled one of the more long-standing myths about iPhone battery life. In short, if you spend a few minutes every day double clicking the iPhone home button and manually closing up applications in an effort to maintain battery life, you're wasting your time. The reality is that the applications you see upon opening up the multitasking pane are actually nothing more than static images intended to represent a list of your most recently used applications. Apple support documents have indicated, "generally, there's no need to force an app to close unless it's unresponsive." Apple support docs further explain: "After you switch to a different app, some apps run for a short period of time before they're set to a suspended state. Apps that are in a suspended state aren't actively in use, open, or taking up system resources."

itwbennett writes: Cisco Systems has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices that are distributed by some ISPs to their customers, and said in an advisory that customers should contact their service providers to ensure they have the patches. The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication. And the Web-based administration interfaces of the Cisco DPC3941 Wireless Residential Gateway with Digital Voice and Cisco DPC3939B Wireless Residential Voice Gateway are affected by a vulnerability that could lead to information disclosure. In addition, the Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA is affected by a separate vulnerability, also triggered by malicious HTTP requests, that could lead to a denial-of-service condition.

An anonymous reader writes: Jack McCauley was among Oculus' founding members and played a seminal role in the development of the Rift DK1 and DK2 VR headsets as the company's VP of Engineering. After departing from the VR firm sometime around the 2014 acquisition by Facebook, McCauley has continued his interest in VR, most recently demonstrating a laser tracking system that makes use of MEMS technology to actively track targets. He says the system's strengths are long range and low cost compared to camera-based tracking solutions, which Oculus currently uses.

judgecorp writes: Google has elected to open up some of its data center designs, which it has -- until now -- kept to itself. Google has joined the Open Compute Project, which was set up by Facebook to share low-cost, no-frills data center hardware specifications. Google will donate a specification for a rack that it designed for its own data centers. Google's first contribution will be "a new rack specification that includes 48V power distribution and a new form factor to allow OCP racks to fit into our data centers," the company said. "We kicked off the development of 48V rack power distribution in 2010, as we found it was at least 30 percent more energy-efficient and more cost-effective in supporting these higher-performance systems." The company said it hopes to help others "adopt this next generation power architecture, and realize the same power efficiency and cost benefits as Google." Google hasn't submitted a proposed specification to the OCP yet, but the company is working with Facebook to get that done.

An anonymous reader writes: Edward Snowden, the whistleblower whose NSA revelations sparked a debate on mass surveillance, has waded into the arguments over the FBI's attempt to force Apple to help it unlock the iPhone 5C of one of the San Bernardino shooters. The FBI says that only Apple can deactivate certain passcode protections on the iPhone, which will allow law enforcement to guess the passcode by using brute-force. Talking via video link from Moscow to the Common Cause Blueprint for a Great Democracy conference, Snowden said: "The FBI says Apple has the 'exclusive technical means' to unlock the phone. Respectfully, that's bullshit." Snowden then went on to tweet his support for an American Civil Liberties Union report saying that the FBI's claims in the case are fraudulent. Apple's clash with the FBI comes to a head in California this month when the two will meet in federal court to debate whether the smartphone manufacturer should be required to weaken security settings on the iPhone of the shooter.

Google is releasing Android N Preview to developers today. The early release is meant to collect feedback sooner than usual, and even includes a new way to download the update. Instead of installing a drive image, you can participate in an Android Beta Program that installs pre-release versions over the air (as long as you have a relatively recent Nexus device or the Pixel C). The biggest attraction, by far, is a new multi-window mode, which lets you use split-screen modes on phones and tablets, and even specify minimum allowable dimensions. There's even a picture-in-picture video mode, too, so you can keep watching YouTube while you message your friends. Other improvements in the preview include direct reply notifications that let you reply to a message right from an alert, iOS-style. Also, Android N optionally bundles notifications from the same app so that they don't clutter your view. Marshmallow's Doze feature has been improved to save battery life whenever the screen turns off, and coders can take advantage of Java 8 features. Google is also working to reduce the memory needs of Android via Project Svelte, allowing the Android OS to run smoothly on lower specced devices.

prisoninmate writes: OwnCloud Server 9.0 is without any doubt the biggest release of the world's leading file sharing and sync solution, which is used by over 8 million users around the globe. It promises to bring the collaboration and federation features to new levels thanks to the addition of new, innovative tools, as well as to improve the software's scalability. One of ownCloud 9.0's new features is code signing, which promises to offer users with a safer home for all their data by verifying the integrity of their ownCloud installations during upgrades or when installing apps, which also need to follow the new code signing specifications. The community edition of ownCloud Server 9.0 is available for download right now via Softpedia as a source package that you can deploy on your Linux kernal-based server, or straight from the project's website as binary packages for various GNU/Linux operating systems. OwnCloud Server 9.0 Enterprise Edition will be released in April 2016.

An anonymous reader writes: Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody. The tool is called DCEPT (Domain Controller Enticing Password Tripwire). It consists of: The DCEPT Generation Server, which creates unique honeytoken credentials for Active Directory (AD), the Windows component used by network administrators to manage accounts, processes, and permissions on devices within their domain. The DCEPT Agent, which introduces them daily into the memory of each endpoint on the network. The DCEPT Sniffer, which looks for Kerberos pre-authentication packets destined for the AD domain controller that match the honeytoken username. If it detects one, it alerts the network administrator and points towards the compromised workstation. DCEPT has been open sourced and is available on GitHub, along with instructions for deployment.

HughPickens.com writes: The Independent reports that smartwatches that allow students to cheat on exams are being openly sold on Amazon. An advert for one such watch, called a "New 2016 Student 8GB cheating watch," is offered on Amazon for $51.68. "This watch is specifically designed for cheating on exams with a special programmed software. It is perfect for covertly viewing exam notes directly on your wrist, by storing text and pictures in the 8GB memory storage. It supports various file formats, such as: TXT, MP3, JPG, GIF, WAV, WMV, AVI, etc. It has an emergency button, so when you press it — the watch's screen display changes from text to a regular clock, and blocks all other buttons." The watch has garnered good reviews. "this is amazing. it helps me cheat on my test and it is smart and i never got caught," writes one reviewer. Joe Sidders, the deputy head at Monkton Combe senior school, in Bath, told BBC News that such devices were making exams a "nightmare to administer". "I expect the hidden market for these sorts of devices is significant, and this offering on Amazon is just the tip of the iceberg." A spokesman for Amazon said the company did not want to comment on the sale of the cheating watches. But professors are striking back. "My microbiology professor does a watch check every time we have a test," says Abigail Lauze. "If it's not an old school analog it has to come off and go in the cell phone bin."