Downloads of Popular Apps Were Silently Swapped For Spyware in Turkey: Citizen Lab ( 29

Matthew Braga, reporting for CBC: Since last fall, Turkish internet users attempting to download one of a handful of popular apps may have been the unwitting targets of a wide-reaching computer surveillance campaign. And in Egypt, users across the country have, seemingly at random, had their browsing activity mysteriously redirected to online money-making schemes. Internet filtering equipment sold by technology company Sandvine -- founded in Waterloo, Ont. -- is believed to have played a significant part in both.

That's according to new research from the University of Toronto's Citizen Lab, which has examined misuse of similar equipment from other companies in the past. The researchers say it's likely that Sandvine devices are not only being used to block the websites of news, political and human rights organizations, but are also surreptitiously redirecting users toward spyware and unwanted ads. Using network-filtering devices to sneak spyware onto targets' computers "has long been the stuff of legends" according to the report -- a practice previously documented in leaked NSA documents and spyware company brochures, the researchers say, but never before publicly observed.
Citizen Lab notes that targeted users in Turkey and Syria who attempted to download Windows applications from official vendor websites including Avast Antivirus, CCleaner, Opera, and 7-Zip were silently redirected to malicious versions by way of injected HTTP redirects. It adds: This redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default. Additionally, targeted users in Turkey and Syria who downloaded a wide range of applications from CBS Interactive's (a platform featured by CNET to download software) were instead redirected to versions containing spyware. does not appear to support HTTPS despite purporting to offer "secure download" links.

Windows 10's Next Update Will Be Called 'Spring Creators Update' ( 92

The Verge reports: Microsoft is planning to reuse its "Creators Update" naming for a third Windows 10 update. The software giant has strangely not yet officially named its next Windows 10 update, due next month, but it has been testing a future update that appears to reveal the spring update name. "Windows 10 Spring Creators Update" has been spotted in the latest test builds of the Redstone 5 update expected to be released later this fall. Microsoft first launched Windows 10 Creators Update last spring, followed by the Windows 10 Fall Creators Update in the fall. The new Windows 10 Spring Creators Update naming was originally spotted in Microsoft blog posts last year, but this is the first time it has appeared in the operating system itself.

Windows 10 Is Finally Adding Tabs To File Explorer ( 161

Microsoft has released insider preview build 17618 that includes tabs in File Explorer as part of its Sets feature. Bleeping Computer reports: Windows 10 Sets is an upcoming feature where you can group documents and apps into one tabbed window that are related to the particular task at hand. This feature was released for testing to a small controlled group of insiders in Insider Preview Build 17063 and was subsequently removed after the test. With build 17618, Sets are back and with it come tabs in File Explorer. You can now open different folders in the same File Explorer window with each one having their own tabs. This way one File Explorer window can have a tab for the pictures folder, a tab for the documents folder, and a tab for your documents, which you can easily switch between. If you look closely, though, the Sets feature does more than just allow you to have different tabs for different folders, but also allows you to add applications as a tab in File Explorer. According to Microsoft, in addition to File Explorer, Notepad, Command Prompt, and Powershell are also getting tabbed support.
United States

Trump's Meeting With The Video Game Industry To Talk Gun Violence Could Get Ugly ( 498

Anonymous readers share a report: President Trump is set to pit the video game industry against some of its harshest critics at a White House meeting on Thursday that's designed to explore the link between violent games [Editor's note: the Washington Post article may be paywalled], guns and tragedies such as last month's shooting in Parkland, Fla. Following the attack at Marjory Stoneman High School, which left 17 students dead, Trump has said violent games are "shaping young people's thoughts." The president has proposed that "we have to do something about maybe what they're seeing and how they're seeing it." Trump has invited video game executives like Robert Altman, the CEO of ZeniMax, the parent company for games such as Fallout; Strauss Zelnick, the chief executive of Take Two Interactive, which is known for Grand Theft Auto, and Michael Gallagher, the leader of the Entertainment Software Association, a Washington-focused lobbying organization for the industry.

Three people familiar with the White House's planning, but not authorized to speak on the record, confirmed those invitees. A spokeswoman for the White House declined to share a full list of participants on Wednesday. ESA confirmed its attendance this week, but the others did not respond to questions. Opposite of them are expected to be some of the video-game industry's toughest critics, including Brent Bozell, the founder of the Parents Television Council, and Rep. Vicky Hartzler, a Republican from Missouri, the three people said. After another shooting -- the 2012 massacre at Sandy Hook Elementary School in Newtown, Conn. -- they each called on government to focus its attention on violent media rather than just pursuing new gun restrictions.


Hardcoded Password Found in Cisco Software ( 52

Cisco released 22 security advisories yesterday, including two alerts for critical fixes, one of them for a hardcoded password that can give attackers full control over a vulnerable system. From a report: The hardcoded password issue affects Cisco's Prime Collaboration Provisioning (PCP), a software application that can be used for the remote installation and maintenance of other Cisco voice and video products. Cisco PCP is often installed on Linux servers. Cisco says that an attacker could exploit this vulnerability (CVE-2018-0141) by connecting to the affected system via Secure Shell (SSH) using the hardcoded password. The flaw can be exploited only by local attackers, and it also grants access to a low-privileged user account. In spite of this, Cisco has classified the issue as "critical." Although this vulnerability has a Common Vulnerability Scoring System (CVSS) Base score of 5.9, which is normally assigned a Security Impact Rating (SIR) of Medium, there are extenuating circumstances that allow an attacker to elevate privileges to root. For these reasons, the SIR has been set to Critical.

Most Americans Think AI Will Destroy Other People's Jobs, Not Theirs ( 268

An anonymous reader quotes a report from The Verge: Nearly three-quarters (73 percent) of U.S. adults believe artificial intelligence will "eliminate more jobs than it creates," according to a Gallup survey. But, the same survey found that less than a quarter (23 percent) of people were "worried" or "very worried" automation would affect them personally. Notably, these figures vary depending on education. For respondents with only a four-year college degree or less, 28 percent were worried about AI taking their job; for people with at least a bachelor degree, that figure was 15 percent. These numbers tell a familiar story. They come from a Gallup survey of more than 3,000 individuals on automation and AI. New details were released this week, but they echo the findings of earlier reports. The newly released findings from Gallup's survey also show that by one measure, the use of AI is already widespread in the U.S. Nearly nine out of 10 Americans (85 percent) use at least one of six devices or services that use features of artificial intelligence, says Gallup. Eighty-four percent of people use navigation apps like Waze, and 72 percent use streaming services like Netflix. Forty-seven percent use digital assistants on their smartphones, and 22 percent use them on devices like Amazon's Echo.

California Becomes 18th State To Consider Right To Repair Legislation ( 96

Jason Koebler shares a report from Motherboard: The right to repair battle has come to Silicon Valley's home state: Wednesday, a state assembly member announced that California would become the 18th state in the country to consider legislation that would make it easier to repair your electronics. "The Right to Repair Act will provide consumers with the freedom to have their electronic products and appliances fixed by a repair shop or service provider of their choice, a practice that was taken for granted a generation ago but is now becoming increasingly rare in a world of planned obsolescence," Susan Talamantes Engman, a Democrat from Stockton who introduced the bill, said in a statement. The announcement had been rumored for about a week but became official Wednesday. The bill would require electronics manufacturers to make repair guides and repair parts available to the public and independent repair professionals and would also would make diagnostic software and tools that are available to authorized and first-party repair technicians available to independent companies.

Oculus Rift Headsets Are Offline Following a Software Error ( 111

Polygon reports that Oculus Rift virtual reality headsets around the world are experiencing an outage. The outage appears to be a result of an expired security certificate. "That certificate has expired," said the Oculus support team on its forums, "and we're looking at a few different ways to resolve the issue. We'll update you with the latest info as available. We recommend you wait until we provide an official fix. Thanks for your patience." Polygon reports: One place where users experiencing the issue are gathering is on the Oculus forums. Last night user apexmaster booted up his computer, tried to open the Oculus app and was greeted by an error indicating that the software could not reach the "Oculus Runtime Service." That same error is cropping up on computers all around the world, including several devices here at Polygon. Once it has appeared, there's no way to restart the Oculus app, which renders the Rift headset unusable.

FBI Again Calls For Magical Solution To Break Into Encrypted Phones ( 232

An anonymous reader quotes a report from Ars Technica: FBI Director Christopher Wray again has called for a solution to what the bureau calls the "Going Dark" problem, the idea that the prevalence of default strong encryption on digital devices makes it more difficult for law enforcement to extract data during an investigation. However, in a Wednesday speech at Boston College, Wray again did not outline any specific piece of legislation or technical solution that would provide both strong encryption and allow the government to access encrypted devices when it has a warrant. A key escrow system, with which the FBI or another entity would be able to unlock a device given a certain set of circumstances, is by definition weaker than what cryptographers would traditionally call "strong encryption." There's also the problem of how to compel device and software makers to impose such a system on their customers -- similar efforts were attempted during the Clinton administration, but they failed. A consensus of technical experts has said that what the FBI has asked for is impossible. "I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available," Wray said Wednesday. "But I just don't buy the claim that it's impossible. Let me be clear: the FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe."

Time To Bring Back the Software User Conference ( 43

Holger Mueller, writing for ZDNet (condensed for space): Every tech company has a user conference these days. And is it just me, or are they all starting to feel the exact same? Same announcements, same message, same speakers, same venue. Rinse, repeat. On top of this sameness, irrelevant gimmicks and lack of substance threaten to drag the tech user conference into obsolescence. But all is not lost. Here are a few areas in which tech conferences are going astray, and a few ideas about how to fix them.

It's about the product. Users attend conferences to learn more about a vendor's software. So product needs to get a lot of air time. Yes, services matter too-but it's the product that people have taken time out of their busy schedules to learn about.
Have a motivational speaker who matters.
Demo software. Many attendees are expert users. Vendors need to demonstrate they, too, are experts with their own product. The best way to do this is to demo the product.
Subject expertise beats celebrity. Yes, user conferences are about inspiration, but a celebrity, soap opera star, or a talk show host is not something an enterprise software user can relate to their work and is definitely not why they spend 3-4 days and a few thousand dollars/euros to attend a conference.
Limit the philanthropy. It's great for vendors to give back to a purpose outside of the software. But it should not be 50 percent of a keynote.
Users want to network. Vendors should give users a chance to network. Not just informally, but in a planned way.
Party hard but responsibly.


Microsoft Confirms Windows 10 'S Mode' ( 90

An anonymous reader shares a report: Microsoft head honcho Joe Belfiore confirmed today that Windows 10 S won't be a separate Windows version anymore and that Microsoft will ship an "S Mode" with Windows 10 starting 2019. "Next year 10S will be a "mode" of existing versions, not a distinct version," Belfiore said today on Twitter.

Google Lens Is Coming To All Android Phones Running Google Photos ( 57

Google announced that Google Lens, a machine learning-powered image analyzer, will be rolling out to more Android devices and make an appearance on iOS. "This means users will be able to scan things through the app to receive information, like a dog's breed or a flower type," reports The Verge. Some phones will also be able to access Lens through the Google Assistant too, including flagships from Samsung, Huawei, LG, Motorola, Sony, and HMD / Nokia. "Google says Lens is rolling out in batches, so you might not get the update right away," reports The Verge.

Leaked Apple Email Hints at the Possible End of iTunes: Report ( 145

An anonymous reader shares a report: Apple could kill off iTunes in the near future, a new report suggests. It cites an email that Apple reportedly wrote to people in the music industry recently, announcing the "end of iTunes LPs." The iTunes LP format was first introduced in 2009 and let publishers add interactive artwork, along with assorted iTunes Extras, with their content. The LP format never achieved great popularity. However, the fact that Apple plans to ditch iTunes LPs in 2018 potentially hints at the possibility that Apple may stop selling iTunes music downloads in the near future. The Apple email announcing the change was reportedly sent two weeks ago from an address at "The iTunes Store" and signed by "The Apple Music Team." But its existence has only been highlighted now through a report by the U.K. newspaper The Metro. "Apple will no longer accept new submissions of iTunes LPs after March 2018," the letter notes. "Existing LPs will be deprecated from the store during the remainder of 2018. Customers who have previously purchased an album containing an iTunes LP will still be able to download the additional content using iTunes Match." The news about the possible winding down of iTunes would come as no surprise to many users. Not only has iTunes been outdated for years in terms of its interface and functionality, but Apple clearly aims to move to a streaming model of music selling. Further reading: 'Apple Stole My Music. No, Seriously'; Apple Says It Doesn't Know Why iTunes Users Are Losing Their Music Files; iTunes Turns 13 Today -- Continues To Be 'Awful'.

BlackBerry Files Patent Infringement Lawsuit Against Facebook, WhatsApp and Instagram ( 87

BlackBerry on Tuesday filed patent infringement lawsuit against Facebook, Whatsapp and Instagram in Los Angeles Federal court. In a statement, BlackBerry said: We have a lot of respect for Facebook and the value they've placed on messaging capabilities, some of which were invented by BlackBerry. As a cybersecurity and embedded software leader, BlackBerry's view is that Facebook, Instagram, and WhatsApp could make great partners in our drive toward a securely connected future, and we continue to hold this door open to them. However, we have a strong claim that Facebook has infringed on our intellectual property, and after several years of dialogue, we also have an obligation to our shareholders to pursue appropriate legal remedies.

'Repeatable Sanitization' is a Feature of PCs Now ( 90

HP has announced a trio of slightly-odd products intended for use in hospitals. From a report: The new HP EliteOne 800 G4 23.8 Healthcare Edition All-in-One PC and HP EliteBook 840 G5 Healthcare Edition Notebook are computers intended for use in the healthcare industry. The EliteBook will ship with software called "Easy Clean" that disables the keyboard, touchscreen and keypad "to facilitate cleaning with germicidal wipes while the device is still on." HP said it's scoured the market and thinks it is the only vendor on the planet with a laptop capable of handling "up to 10,000 wipes with germicidal towelettes over a 3-year period." The All-in-One boasts no antibacterial features, but does have both RFID and biometric authentication, handy features in an environment where PCs can't be left unlocked to preserve privacy. That requirement means PCs are logged on to many more times a day than the average machine, making the presence of Windows Hello facial recognition more than a gimmick. Oddly, both come with the disclaimer that they're "not intended for use in diagnosis, cure, treatment or prevention of disease or other medical conditions."

Chrome On Windows Ditches Microsoft's Compiler, Now Uses Clang ( 94

An anonymous reader quotes a report from Ars Technica: Google's Chrome browser is now built using the Clang compiler on Windows. Previously built using the Microsoft C++ compiler, Google is now using the same compiler for Windows, macOS, Linux, and Android, and the switch makes Chrome arguably the first major software project to use Clang on Windows. Chrome on macOS and Linux has long been built using the Clang compiler and the LLVM toolchain. The open-source compiler is the compiler of choice on macOS, making it the natural option there, and it's also a first-class choice for Linux; though the venerable GCC is still the primary compiler choice on Linux, by using Clang instead, Google ensured that it has only one set of compiler quirks and oddities to work with rather than two. But Chrome on Windows has instead used Microsoft's Visual C++ compiler. The Visual C++ compiler is the best-supported, most widely used compiler on Windows and, critically, is the compiler with the best support for Windows' wide range of debugging and diagnostic tools. The Visual Studio debugger is widely loved by the C++ community, and other tools, such as the WinDbg debugger (often used for analyzing crash dumps), are core parts of the Windows developer experience.

MoviePass CEO Proudly Says App Tracks Your Location Before, After Movies ( 166

MoviePass CEO Mitch Lowe told an audience at a Hollywood event last Friday that the app tracks moviegoers' locations before and after each show they watch. "We get an enormous amount of information," Lowe said. "We watch how you drive from home to the movies. We watch where you go afterwards." His talk at the Entertainment Finance Forum was entitled "Data is the New Oil: How will MoviePass Monetize It?" TechCrunch reports: It's no secret that MoviePass is planning on making hay out of the data collected through its service. But what I imagined, and what I think most people imagined, was that it would be interesting next-generation data about ticket sales, movie browsing, A/B testing on promotions in the app and so on. I didn't imagine that the app would be tracking your location before you even left your home, and then follow you while you drive back or head out for a drink afterwards. Did you? It sure isn't in the company's privacy policy, which in relation to location tracking discloses only a "single request" when selecting a theater, which will "only be used as a means to develop, improve, and personalize the service." Which part of development requires them to track you before and after you see the movie? A MoviePass representative said in a statement to TechCrunch: "We are exploring utilizing location-based marketing as a way to help enhance the overall experience by creating more opportunities for our subscribers to enjoy all the various elements of a good movie night. We will not be selling the data that we gather. Rather, we will use it to better inform how to market potential customer benefits including discounts on transportation, coupons for nearby restaurants, and other similar opportunities."

Spotify Is Cracking Down On Users Pirating Premium-Like Service ( 83

People who access Spotify using hacked apps that remove some of the restrictions placed on free accounts are receiving warning emails from the company. Noting that "abnormal activity" has been observed from the user's software, Spotify warns that future breaches could result in suspension or even termination of a user's account. TorrentFreak reports: "We detected abnormal activity on the app you are using so we have disabled it. Don't worry -- your Spotify account is safe," the email from Spotify reads. "To access your Spotify account, simply uninstall any unauthorized or modified version of Spotify and download and install the Spotify app from the official Google Play Store. If you need more help, please see our support article on Reinstalling Spotify." While the email signs off with a note thanking the recipient for being a Spotify user, there is also a warning. "If we detect repeated use of unauthorized apps in violation of our terms, we reserve all rights, including suspending or terminating your account," Spotify writes.

Ubisoft is Using AI To Catch Bugs in Games Before Devs Make Them ( 126

AI has a new task: helping to keep the bugs out of video games. From a report: At the recent Ubisoft Developer Conference in Montreal, the French gaming company unveiled a new AI assistant for its developers. Dubbed Commit Assistant, the goal of the AI system is to catch bugs before they're ever committed into code, saving developers time and reducing the number of flaws that make it into a game before release. "I think like many good ideas, it's like 'how come we didn't think about that before?'," says Yves Jacquier, who heads up La Forge, Ubisoft's R&D division in Montreal. His department partners with local universities including McGill and Concordia to collaborate on research intended to advance the field of artificial intelligence as a whole, not just within the industry.

La Forge fed Commit Assistant with roughly ten years' worth of code from across Ubisoft's software library, allowing it to learn where mistakes have historically been made, reference any corrections that were applied, and predict when a coder may be about to write a similar bug. "It's all about comparing the lines of code we've created in the past, the bugs that were created in them, and the bugs that were corrected, and finding a way to make links [between them] to provide us with a super-AI for programmers," explains Jacquier.


Windows Phone 8.1 Users Are Having Trouble Downloading Apps From the Store ( 64

An anonymous reader shares a report: While Microsoft ended mainstream support for Windows Phone 8.1 more than six months ago, there are some users that still utilize the platform as their daily driver. Although the company's overall mobile initiative isn't faring too well either, most users on older platforms are still there because they prefer it over the competition or weren't offered an upgrade path to Windows 10 Mobile. However, it now appears that Windows Phone 8.1 users are facing some unforeseen problems with the Store - and no, it isn't regarding the dearth of apps. According to reports, people on the platform have been unable to download apps from the Store since yesterday. Hundreds of people over in Windows phone Facebook groups, Reddit, and Microsoft support forums are complaining that they are being hit with error code 80070020 when attempting to download apps from the Store using their Windows Phone 8.1 devices. We have confirmed the presence of the issue on our devices too.

Slashdot Top Deals