Google

Google Photos Now Recognizes Your Pets (techcrunch.com) 35

Today, Google is introducing an easier way to aggregate your pet photos in its Photos app -- by allowing you to group all your pet's photos in one place, right beside the people Google Photos organized using facial recognition. TechCrunch reports: This is an improvement over typing in "dog," or another generalized term, because the app will now only group together photos of an individual pet together, instead of returning all photos you've captured with a "dog" in them. And like the face grouping feature, you can label the pet by name to more easily pull up their photos in the app, or create albums, movies or photo books using their pictures. In addition, Google Photos lets you type in an animal's breed to search for photos of pets, and it lets you search for photos using the dog and cat emojis. The company also earlier this year introduced a feature that would create a mini-movie starring your pet, but you can opt to make one yourself by manually selecting photos then choosing from a half-dozen tracks to accompany the movie, says Google.
XBox (Games)

Microsoft's Fall Update With Redesigned Xbox Dashboard Is Now Available To All (engadget.com) 23

Microsoft has released the next big "Fall" update for the Xbox One, which focuses on speed and simplicity. Engadget reports: The first "Fluid Design" interface comes with a redesigned Home page, which is all about simplicity and customization. The top-level section has four shortcuts (your current game, two personalized suggestions, and a deal from the Microsoft store) and a horizontal carousel underneath. The biggest change, however, is the new "Content Blocks" that sit below this screen. Scroll down and you'll find a series of large, visual panels dedicated to games and friends. These are completely customizable and act like miniature hubs for your favorite titles and communities. The quick-access Guide has been tweaked for speed, with small, horizontal tabs that you can slide between with the Xbox controller's LB and RB bumpers, D-pad or left thumbstick. If you launch the Guide while you're streaming or part of an active party, you'll also see the corresponding broadcast and party tabs by default. Other Guide tweaks include a new Tournaments section in the Multiplayer tab, which will summarize any official, professional or community tournaments that you've entered. In addition, Microsoft has overhauled the Community tab with a modern, grid-based layout. It's also tweaked the idle and screen dimming features that kick in when you walk away from the console momentarily. Larry Hryb, Xbox Live's Major Nelson and Mike Ybarra, the Platform Engineer, have posted a walkthrough video on YouTube highlighting all the major new changes.
Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 70

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Security

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word (neowin.net) 40

An anonymous reader quotes a report from Neowin: Kaspersky Lab, which has been under fire by the U.S. government as possibly being an agent of the Russian government and spying on U.S. computers, has found a previously unknown bug in Adobe Flash that was apparently exploited by a hacker group on October 10. Adobe issued a patch to fix the bug today. According to Kaspersky, "the exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware." The company worked with Adobe to get a patch ready as quickly as possible, with Adobe releasing it a few hours ago. Users and agencies running the following versions of Adobe Flash will need to update immediately, as the vulnerability has been labeled as critical. The patch updates all versions of Adobe Flash to version 27.0.0.170.
Google

Google Chrome for Windows Gets Basic Antivirus Features (betanews.com) 53

Google is rolling out a trio of important changes to Chrome for Windows users. From a report: At the heart of these changes is Chrome Cleanup. This feature detects unwanted software that might be bundled with downloads, and provides help with removing it. Google's Philippe Rivard explains that Chrome now has built-in hijack detection which should be able to detect when user settings are changes without consent. This is a setting that has already rolled out to users, and Google says that millions of users have already been protected against unwanted setting changes such as having their search engine altered. But it's the Chrome Cleanup tool that Google is particularly keen to highlight. A redesigned interface makes it easier to use and to see what unwanted software has been detected and singled out for removal.
Security

Millions of High-Security Crypto Keys Crippled by Newly Discovered Flaw (arstechnica.com) 51

Slovak and Czech researchers have found a vulnerability that leaves government and corporate encryption cards vulnerable to hackers to impersonate key owners, inject malicious code into digitally signed software, and decrypt sensitive data, reports ArsTechnica. From the report: The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.
Government

Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software? (slashdot.org) 295

First, here's the opinion of two former NSA cybersecurity analysts (via Consumer Reports): "It's a big deal," says Blake Darche, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. "For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn't recommend running Kaspersky." By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server. "One of the things people don't realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting," says Chris O'Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria.
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."

And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."

Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?
Windows

Munich Plans New Vote on Dumping Linux For Windows 10 (techrepublic.com) 387

An anonymous reader quotes TechRepublic: The city of Munich has suggested it will cost too much to carry on using Linux alongside Windows, despite having spent millions of euros switching PCs to open-source software... "Today, with a Linux client-centric environment, we are often confronted with major difficulties and additional costs when it comes to acquiring and operating professional application software," the city council told the German Federation of Taxpayers. Running Linux will ultimately prove unsustainable, suggests the council, due to the need to also keep a minority of Windows machines to run line-of-business software incompatible with Linux. "In the long term, this situation means that the operation of the non-uniform client landscape can no longer be made cost-efficient"... Since completing the multi-year move to LiMux, a custom-version of the Linux-based OS Ubuntu, the city always kept a smaller number of Windows machines to run incompatible software. As of last year it had about 4,163 Windows-based PCs, compared to about 20,000 Linux-based PCs.

The assessment is at odds with a wide-ranging review of the city's IT systems by Accenture last year, which found that most of the problems stem not from the use of open-source software, but from inefficiencies in how Munich co-ordinates the efforts of IT teams scattered throughout different departments. Dr. Florian Roth, leader of the Green Party at Munich City Council, said the review had also not recommended a wholesale shift to Windows. "The Accenture report suggested to run both systems because the complete 'rollback' to Windows and MS Office would mean a waste of experience, technology, work and money," he said... The city's administration is investigating how long it would take and how much it would cost to build a Windows 10 client for use by the city's employees. Once this work is complete, the council will vote again in November on whether this Windows client should replace LiMux across the authority from 2021.

A taxpayer's federation post urged "Penguin, adieu!" -- while also admitting that returning to Windows "will devour further tax money in the millions," according to TechRepublic.

"The federation's post also makes no mention of the licensing and other savings achieved by switching to LiMux, estimated to stand at about €10m."
Transportation

Dubai Police Get Hoverbikes (mashable.com) 118

An anonymous reader quotes Mashable: The Dubai police, which already has luxury patrol cars, self-driving pursuit drones, and a robot officer, just announced it will soon have officers buzzing around on hoverbikes, which look like an early version of the speeder bikes used by the scout troopers on Endor in Return of the Jedi. The force (see what I did there?) unveiled its new Hoversurf Scorpion craft at the Gitex Technology Week conference, according to UAE English language publication Gulf News. The police force will use the hoverbike for emergency response scenarios, giving officers the ability to zoom over congested traffic conditions by taking to the air... The Scorpion can also fly autonomously for almost four miles at a time for other emergencies.
The fully-electric hoverbike stays aloft for about 25 minutes per charge at a top speed around 43 mph.

Gulf News also reported that Dubai police "unveiled robotic vehicles which will be equipped with biometric software to scan for wanted criminals and undesirable elements."
Bitcoin

Ransomware Sales On the Dark Web Spike 2,502% In 2017 (carbonblack.com) 23

Slashdot reader rmurph04 writes: Ransomware is a $6.2 million industry, based on sales generated from a network of more than 6,300 Dark Web marketplaces that sell over 45,000 products, according to a report released Wednesday by cybersecurity firm Carbon Black.
While the authors of the software are earning six-figure incomes, ransom payments totalled $1 billion in 2016, according to FBI estimates -- up from just $24 million in 2015. Carbon Black, which was founded by former U.S. government "offensive security hackers," argues that ransomware's growth has been aided by "the emergence of Bitcoin for ransom payment, and the anonymity network, Tor, to mask illicit activities.. Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to 'follow the money.'"
Input Devices

What Will Replace Computer Keyboards? (xconomy.com) 299

jeffengel writes:Computer keyboards will be phased out over the next 20 years, and we should think carefully about what replaces them as the dominant mode of communicating with machines, argues Android co-founder Rich Miner. Virtual reality technology and brain-computer links -- whose advocates include Elon Musk -- could lead to a "dystopian" future where people live their lives inside of goggles, or they jack directly into computers and become completely "de-personalized," Miner worries.

He takes a more "humanistic" view of the future of human-machine interfaces, one that frees us to be more expressive and requires computers to communicate on our level, not the other way around. That means software that can understand our speech, facial expressions, gestures, and handwriting. These technologies already exist, but have a lot of room for improvement.

One example he gives is holding up your hand to pause a video.
Open Source

How Open Source Software Helps The Federal Reserve Bank of New York (hpe.com) 24

Long-time Slashdot reader Esther Schindler quotes Hewlett Packard Enterprise: When you handle trillions of dollars a year in transactions and manage the largest known vault of gold in the world, security and efficiency are top priorities. Open source reusable software components are key to the New York Fed's successful operation, explains Colin Wynd, vice president and head of the bank's Common Service Organization... The nearly 2,000 developers across the Federal Reserve System used to have a disparate set of developer tools. Now, they benefit from a standard toolset and architecture, which also places limits on which applications the bank will consider using. "We don't want a third-party application that isn't compatible with our common architecture," said Wynd.

One less obvious advantage to open source adoption is in career satisfaction and advancement. It gives developers opportunities to work on more interesting applications, said Wynd. Developers can now take on projects or switch jobs more easily across Federal Reserve banks because the New York Fed uses a lot of common open source components and a standard tool set, meaning retraining is minimal if needed at all."

Providing training in-house also creates a more consistent use of best practices. "Our biggest headache is to prove to groups that an application is secure, because we have to defend against nation state attacks."
Communications

Russia Reportedly Used Pokemon Go In an Effort To Inflame Racial Tensions (theverge.com) 209

An anonymous reader quotes a report from The Verge: Russia's far-ranging campaign to promote dissension in the United States reportedly included an effort to weaponize Pokemon Go. CNN reported that in July 2016, a Tumblr page linked to Russia's now-notorious Internet Research Agency promoted a contest encouraging people sympathetic to the Black Lives Matter movement to play the game near famous sites of police brutality. Players were told to change their characters' names to the victims of those incidents -- an apparent effort to inflame racial tensions. The Tumblr page was linked to Do Not Shoot Us, a multi-platform campaign designed to mimic aspects of Black Lives Matter. (As CNN notes, the name plays on "hands up, don't shoot," one of the movement's slogans.) Do Not Shoot Us included a website, donotshoot.us, along with related pages on Facebook, Instagram, Twitter, and YouTube. The Facebook page was one of 470 pages that were removed after the company determined that it was linked to Russian groups attempting to interfere in US politics.
IOS

Latest iOS Update Shows Apple Can Use Software To Break Phones Repaired By Independent Shops (vice.com) 126

The latest version of iOS fixes several bugs, including one that caused a loss of touch functionality on a small subset of phones that had been repaired with certain third-party screens and had been updated to iOS 11. "Addresses an issue where touch input was unresponsive on some iPhone 6S displays because they were not serviced with genuine Apple parts," the update reads. "Note: Non-genuine replacement displays may have compromised visual quality and may fail to work correctly. Apple-certified screen repairs are performed by trusted experts who use genuine Apple parts. See support.apple.com for more information." Jason Koebler writes via Motherboard: "This is a reminder that Apple seems to have the ability to push out software updates that can kill hardware and replacement parts it did not sell iPhone customers itself, and that it can fix those same issues remotely." From the report: So let's consider what actually happened here. iPhones that had been repaired and were in perfect working order suddenly stopped working after Apple updated its software. Apple was then able to fix the problem remotely. Apple then put out a warning blaming the parts that were used to do the repair. Poof -- phone doesn't work. Poof -- phone works again. In this case, not all phones that used third party parts were affected, and there's no reason to think that, in this case, Apple broke these particular phones on purpose. But there is currently nothing stopping the company from using software to control unauthorized repair: For instance, you cannot replace the home button on an iPhone 7 without Apple's proprietary "Horizon Machine" that re-syncs a new home button with the repaired phone. This software update is concerning because it not only undermines the reputation of independent repair among Apple customers, but because it shows that phones that don't use "genuine" parts could potentially one day be bricked remotely.
Bitcoin

Over 500 Million PCs Are Secretly Mining Cryptocurrency, Researchers Reveal (newsweek.com) 77

Ad blocking firm AdGuard has found that over 500 million people are inadvertently mining cryptocurrencies through their computers after visiting websites that are running background mining software. The company found 220 popular websites with an aggregated audience of half a billion people use so-called crypto-mining scripts when a user opens their main page. Newsweek reports: The mining tool works by hijacking a computer's central processing unit (CPU), commonly referred to as "the brains" of a computer. Using part of a computer's CPU to mine bitcoin effects the machine's overall performance and will slow it down by using up processing power. The researchers found that bitcoin browser mining is mostly found on websites "with a shady reputation" due to the trouble such sites have with earning revenue through advertising. However, in the future it could become a legitimate and ethical way of making money if the website requests the permission of the visitor first.

"220 sites may not seem like a lot," the researchers wrote in a blogpost detailing their discovery. "But CoinHive was launched less than one month ago on September 14. The growth has been extremely rapid: from nearly zero to .22 percent of Alexa's top 100,000 websites. "This analysis well illustrates the whole web, so it's safe to say that one of every forty websites currently mines cryptocurrency (namely Monero) in the browsers their users employ."

Businesses

Samsung Electronics CEO Resigns Over 'Unprecedented Crisis' (bbc.com) 16

According to BBC, Samsung Electronics chief executive Kwon Oh-hyun has resigned, saying the company is in an "unprecedented crisis." It's the latest management upheaval at the firm after the heir of the entire Samsung Group was imprisoned for corruption in August. From the report: Mr Kwon is one of three co-chief executives of Samsung Electronics. His resignation comes on the same day the firm forecast record quarterly profits, citing higher memory chip prices. Mr Kwon said he had been thinking about his departure "for quite some time" and could "no longer put it off." "As we are confronted with unprecedented crisis inside out, I believe that time has now come for the company [to] start anew, with a new spirit and young leadership to better respond to challenges arising from the rapidly changing IT industry," he said in a statement. He will remain on the board of Samsung Electronics until March 2018.
Education

Steve Wozniak Announces Tech Education Platform 'Woz U' (techcrunch.com) 23

An anonymous reader quotes a report from TechCrunch: Steve Wozniak, the Apple co-founder who changed the world alongside Steve Jobs, has today announced the launch of Woz U. According to the release, Woz U will start as an online learning platform focused on both students and companies that will eventually hire those students. Woz U is based out of Arizona, and hopes to launch physical locations for learning in more than 30 cities across the globe. At launch, the curriculum will center around computer support specialists and software developers, with courses on data science, mobile applications and cybersecurity coming in the future. Alongside the education platform, Woz U will also offer platforms for tech companies to recruit, train and retain their workforce through on-site customized programs and subscription-based curricula. There also will be a platform for K-12 students, which will be distributed to school districts, that will offer STEAM programs to identify talent and nudge those individuals into a tech-based career. And if that weren't enough, Woz U will eventually introduce an accelerator program "to identify and develop elite tech talent." Woz U also has an app on the App Store that will help people understand which field of tech they're best suited for, so they can set up their curriculum accordingly. Pricing has yet to be announced.
Iphone

Apple To Ditch Touch ID Altogether For All of Next Year's iPhones (macrumors.com) 131

Earlier this week, a report said that Apple is planning to equip next year's iPad Pro with the hardware necessary for Face ID. Now, according to KGI Securities analyst Ming-Chi Kuo, it appears the company is taking that one step further with its 2018 iPhones. All of the iPhones Apple plans to produce next year will reportedly abandon the Touch ID fingerprint sensor in favor of facial recognition. Mac Rumors reports: According to Kuo, Apple will embrace Face ID as its authentication method for a competitive advantage over Android smartphones. Kuo has previously said that it could take years for Android smartphone manufacturers to produce technology that can match the TrueDepth camera and the Face ID feature coming in the iPhone X. Face ID, says Kuo, will continue to be a major selling point of the new iPhone models in 2018, with Apple planning to capitalize on its lead in 3D sensing design and production. Kuo's prediction suggests that all upcoming 2018 iPhones will feature a full-screen design with minimal bezels like the iPhone X, meaning no additional models with the iPhone 8/iPhone 8 Plus design would be produced. That would spell the end of the line for Touch ID in the iPhone, which has been available as a biometric authentication option since 2013.
Privacy

Dutch Privacy Regulator Says Windows 10 Breaks the Law (arstechnica.com) 62

An anonymous reader quotes a report from Ars Technica: The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA). As such, the regulator says that the operating system is breaking the law. To comply with the law, the DPA says that Microsoft needs to get valid user consent: this means the company must be clearer about what data is collected and how that data is processed. The regulator also complains that the Windows 10 Creators Update doesn't always respect previously chosen settings about data collection. In the Creators Update, Microsoft introduced new, clearer wording about the data collection -- though this language still wasn't explicit about what was collected and why -- and it forced everyone to re-assert their privacy choices through a new settings page. In some situations, though, that page defaulted to the standard Windows options rather than defaulting to the settings previously chosen. In the Creators Update, Microsoft also explicitly enumerated all the data collected in Windows 10's "Basic" telemetry setting. However, the company has not done so for the "Full" option, and the Full option remains the default. The DPA's complaint doesn't call for Microsoft to offer a complete opt out of the telemetry and data collection, instead focusing on ensuring that Windows 10 users know what the operating system and Microsoft are doing with their data. The regulator says that Microsoft wants to "end all violations," but if the software company fails to do so, it faces sanctions.
Businesses

Woz Wants To Retrain You For a Career in Tech (cnet.com) 65

Steve Wozniak wants you to work in tech, and he's going to help you do it. From a report: The Apple co-founder is launching Woz U, a digital institute aimed at helping folks not only figure out what type of tech job they might be best at, but train for it. "People often are afraid to choose a technology-based career because they think they can't do it. I know they can, and I want to show them how," Wozniak said in a statement Friday. Woz U starts off as online programs, but there are plans to build campuses in 30 cities around the world. Those cities will be announced within the next 60 days, Shelly Murphy, corporate relations for Woz U told CNET. In a press statement, Wozniak said Woz U will start as an online learning platform focused on both students and companies that will eventually hire those students. Woz U is based out of Arizona, and hopes to launch physical locations for learning in more than 30 cities across the globe. At launch, the curriculum will center around computer support specialists and software developers, with courses on data science, mobile applications and cybersecurity coming in the future.

Slashdot Top Deals