Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

43 Million Weebly and 22 Million Foursquare Accounts Stolen ( 6

LeakedSource is reporting that the web design platform Weebly was hacked in February, affecting more than 43 million accounts. They have also reported a smaller hack involving 22.5 million Foursquare accounts, which were compromised in December 2013. TechCrunch: "We do not believe that any customer website has been improperly accessed," Weebly said in the notice to users. The company also said that it does not store credit card information, making fraudulent charges unlikely. LeakedSource said it received the Weebly database from an anonymous source and notified Weebly of the breach. In addition to the customer notification emails, LeakedSource claims that password resets are being issued -- but, if you're a Weebly user and you don't receive a password reset, you probably want to change your password anyway. Meanwhile, LeakedSource also identified data from Foursquare, claiming that 22.5 million accounts were compromised in December 2013. The social media company disputes the findings, claiming that email addresses were simply cross-referenced with publicly available data from Foursquare. The data includes emails, usernames and Facebook and Twitter IDs, which could have been scraped from Foursquare's API or search.

Amid Major Internet Outages, Affected Websites Have Lessons To Learn ( 53

Earlier today, Dyn, an internet infrastructure company, was hit by several DDoS attacks, which interestingly affected several popular websites including The New York Times, Reddit, Spotify, and Twitter that were directly or indirectly using Dyn's services. The attack is mostly visible across the US eastern seaboard with rest of the world noticing a few things broken here and there. Dyn says it's currently investigating a second round of DDoS attacks, though the severity of the outage is understandably less now. In the meantime, the Homeland Security said that it is aware of the attack and is investigating "all potential causes." Much of who is behind these attacks is unknown for now, and it is unlikely that we will know all the details until at least a few days. The attacks however have revealed how unprepared many websites are when their primary DNS provider goes down. ZDNet adds: The elephant in the room is that this probably shouldn't have happened. At very least there's a lot to learn already about the frailty of the internet DNS system, and the lack of failsafes and backups for websites and tech companies that rely on outsourced DNS service providers. "It's also a reminder of one risk of relying on multi-tenant service providers, be they DNS, or a variety of many other managed cloud service providers," said Steve Grobman, chief technology officer at Intel Security. Grobman warned that because this attack worked, it can be exploited again. "Given how much of our connected world must increasingly rely upon such cloud service providers, we should expect more such disruptions," he said. "We must place a premium of service providers that can present backup, failover, and enhance security capabilities allowing them to sustain and deflect such attacks." And that's key, because even though Dyn is under attack, it's the sites and services that rely on its infrastructure who should rethink their own "in case of emergency" failsafes. It may only be the east coast affected but lost traffic means lost revenue. Carl Levine, senior technical evangelist for NS1, another major managed DNS provider, said that the size and scale of recent attacks "has far exceeded what the industry thought was the upper end of the spectrum." "Large companies need to constantly upgrade their flood defenses. Some approaches that worked just a few years ago are now basically useless," said Kevin Curran, senior member with IEEE.We also recommend reading security reporter Brian Krebs's take on this.

Schiaparelli Mars Lander May Have Exploded On Impact, European Agency Says ( 60

Instead of drifting gently onto Mars' surface, the Schiaparelli Mars lander hit the planet hard -- and possibly exploded, the European Space Agency said today. NPR adds: The NASA images, taken on Oct. 20, show two recent changes to the landscape on Mars' surface -- one dark blotch, and one white speck -- which are being interpreted as Schiaparelli's parachute and its crash site. With the warning that analysis is still ongoing, here are the details the ESA is sharing Friday: "Estimates are that Schiaparelli dropped from a height of between 2 and 4 kilometers, therefore impacting at a considerable speed, greater than 300 km/h [186 mph]. The relatively large size of the feature would then arise from disturbed surface material. It is also possible that the lander exploded on impact, as its thruster propellant tanks were likely still full." That sequence of events followed the lander's largely trouble-free approach to the Martian surface, a trip that was being widely watched on Wednesday, when the craft lost contact with the ESA and its Mars mothership, the Trace Gas Orbiter, just before its touchdown.

Most 'Genuine' Apple Chargers and Cables Sold on Amazon Are Fake, Apple Says ( 125

Apple says it bought Apple chargers and cables labeled as genuine on and found that nearly 90 percent of them to be counterfeit. The revelation comes in a federal lawsuit the company filed against a New Jersey company over what Apple says are fake products that were sold on Amazon. Engadget reports: When Apple got in touch with Amazon about the issue, the website told the former that it got most of its chargers from Mobile Star LLC. The iPhone-maker stressed that since counterfeit cables and chargers don't go through consumer safety testing and could be poorly designed, they're prone to overheating and catching fire. They might even electrocute users. Tim Cook and co. are now asking the court to issue an injunction against the defendant. They also want the court to order the seizure and destruction of all the fake chargers in addition to asking for damage

Stephen Hawking: AI Will Be Either the Best or the Worst Thing To Humanity ( 116

At the opening of the new Leverhulme Centre for the Future of Intelligence (LCFI) at Cambridge University, Stephen Hawking offered his insight into the positive and negative implications of creating a true AI. He said, via BetaNews:We spend a great deal of time studying history, which, let's face it, is mostly the history of stupidity. So it's a welcome change that people are studying instead the future of intelligence. The potential benefits of creating intelligence are huge... With the tools of this new technological revolution, we will be able to undo some of the damage done to the natural world by the last one -- industrialization. And surely we will aim to fully eradicate disease and poverty. Every aspect of our lives will be transformed. In short, success in creating AI, could be the biggest event in the history of our civilization. But it could also be the last, unless we learn how to avoid the risks. Alongside the benefits, AI will also bring dangers, like powerful autonomous weapons, or new ways for the few to oppress the many. It will bring great disruption to our economy. AI will be either the best, or the worst thing ever to happen to humanity. We do not yet know which.
The Internet

Several Sites Including Twitter, GitHub, Spotify, PayPal, NYTimes Suffering Outage -- Dyn DNS Under DDoS Attack [Update] ( 227

Several popular websites and services are down right now for many users. The affected sites include Twitter, SoundCloud, Spotify, and PayPal among others. The cause appears to be a sweeping outage of DNS provider Dyn -- which in turn is under DDoS attack, according to an official blog post. From a TechCrunch report:Other sites experiencing issues include Box, Boston Globe, New York Times, Github, Airbnb, Reddit, Freshbooks, Heroku and Vox Media properties. Users accessing these sites might have more or less success depending on where they're located, as some European and Asian users seem not to be encountering these issues. Last month, Bruce Schneier warned that someone was learning how to take down the internet. Update: 10/21 14:41 GMT by M : Dyn says that it has resolved the issue and sites should function normally. Update: 10/21 17:04 GMT by M : Department of Homeland Security says it is aware of the first DDoS attack on Dyn today and "investigating all potential causes." Dyn says it is still under DDoS attack. News outlet The Next Web says it is also facing issues. Any website that uses Dyn's service -- directly or indirectly -- is facing the issue. Motherboard has more details. Update: 10/21 17:57 GMT by M : It seems even PlayStation Network is also hit. EA Sports Games said it is aware of the issues in live-play. Dyn says it is facing a second round of DDoS attacks.

Update: 10/21 18:45 GMT by M : U.S. government probing whether east coast internet attack was a 'criminal act' - official.

Editor's note: the story is being updated as we learn more. The front page was updated to move this story up. Are you also facing issues? Share your experience in the comments section below.
United Kingdom

UK Government Proposes Minimum 10Mbps Broadband For Poor ( 58

An anonymous reader writes: The UK's Local Government Association (LGA) is proposing a social tariff to ensure that minimum broadband access of at least 10 Mbps is available to all UK citizens at an affordable price. Last November, Parliament announced that it would begin work on a Universal Service Obligation (USO), which would grant all citizens the right to request broadband service with a minimum 10Mbps. At the time, Prime Minister David Cameron said, "Access to the Internet shouldn't be a luxury; it should be a right -- absolutely fundamental to life in 21st century Britain." Research by Ofcom in 2014 showed "marked relationships between socio-economic deprivation and [poor] broadband availability in cities". Similar results have been found in rural areas, which means that the demand for increasing broadband service to a minimum level may be high among people with lower incomes.

'Most Serious' Linux Privilege-Escalation Bug Ever Is Under Active Exploit ( 76

Reader operator_error shares an ArsTechnica report: A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time." The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."


Macs End Up Costing 3 Times Less Than Windows PCs Because of Fewer Tech Support Expense, Says IBM's IT Guy ( 335

An anonymous reader shares a report on Yahoo (edited): Last year, Fletcher Previn became a cult figure of sorts in the world of enterprise IT. As IBM's VP of Workplace as a Service, Previn is the guy responsible for turning IBM (the company that invented the PC) into an Apple Mac house. Previn gave a great presentation at last year's Jamf tech conference where he said Macs were less expensive to support than Windows. Only 5% of IBM's Mac employees needed help desk support versus 40% of PC users. At that time, some 30,000 IBM employees were using Macs. Today 90,000 of them are, he said. And IBM ultimately plans to distribute 150,000 to 200,000 Macs to workers, meaning about half of IBM's approximately 370,000 employees will have Macs. Previn's team is responsible for all the company's PCs, not just the Macs. All told IBM's IT department supports about 604,000 laptops between employees and its 100,000+ contractors. Most of them are Windows machines -- 442,000 -- while 90,000 are Macs and 72,000 are Linux PCs. IBM is adding about 1,300 Macs a week, Previn said.
Social Networks

Steve Ballmer Says Microsoft Tried To Buy Facebook For $24 Billion ( 63

Former Microsoft CEO Steve Ballmer told CNBC on Friday that his company tried to buy Facebook when it was "itsy-bitsy" for $24 billion. BusinessInsider adds: Facebook fielded a lot of offers in its early days. When CNBC on Friday asked Ballmer how much Microsoft offered back then, he said, "Oh I think $24 billion when the company was itsy-bitsy and he said no. And I respect that." Zuckerberg clearly made the right choice. He currently has a net worth of $57 billion and Facebook's market cap is $374 billion.

Microsoft Shares Hit All-Time High As Company Strengthens Its Cloud Grip ( 38

Marco della Cava, reporting for USA Today: Microsoft shares surged 5% in early trading Friday, and passed a high set in 1999, helped by enthusiasm for progress in its cloud business. The stock was at up at $60.11, breezing past the $58.72 mark set in December 1999. Friday's rally follows Microsoft's latest quarterly report, out late Thursday, that beat analyst expectations for adjusted sales and profit and showcased a doubling of growth in its Azure cloud business, while reflecting continued strain from consumers' pivot away from PCs and traditional software purchases.Microsoft reported its Q1 2017 earnings yesterday, noting a revenue of $20.5 billion, which was higher than Wall Street's expectations. Company's Intellgent Cloud revenue was up 8 percent, whereas Azure revenue observed 116 percent growth year-on-year.

HackerOne CEO: Every Computer System is Subject To Vulnerabilities ( 46

An anonymous reader writes: Every computer system in the world is vulnerable to hackers and criminals, according to Marten Mickos, CEO of HackerOne. That's nothing new with major data breaches at Yahoo and the federal government. But not to worry, teams of ethical hackers could be an answer to the growing cybersecurity concerns. "There are far more ethical hackers, white hat hackers, in the world than criminals," Mickos told CNBC's "Squawk Alley" on Thursday. "So when you just invite the good guys to help you, you will always be safe. It's like a neighborhood watch. You're asking the good guys around you to help you see what's wrong with your system and help you fix it." Mickos has assembled 70,000 white hat hackers in his venture-backed company HackerOne. He explains the intent of white hat hackers is to hack for good and not for exploitation.

'Adding a Phone Number To Your Google Account Can Make it Less Secure' ( 98

You may think that adding a backup phone number to your account will make it prone to hack, but that is not always the case. Vijay Pandurangan, EIR at Benchmark (and formerly with Eng Site Lead at Twitter) argues that your phone number is likely the weakest link for many attackers (at least when they are trying to hack your Google account). He has shared the story of his friend who had his Google account compromised. The friend in this case, let's call him Bob, had a very strong password, a completely independent recovery email, hard-to-guess security questions, and he never logged in from unknown devices. Though Bob didn't have multi-factor authentication enabled, he did add a backup phone number. On October 1, when Bob attempted to check his email, he discovered that he was logged out of his Gmail account. When he tried to login, he was told that his password was changed less than an hour ago. He tried calling Verizon, and discovered that his phone service was no longer active, and that the attacker had switched his service to an iPhone 4. "Verizon later conceded that they had transferred his account despite having neither requested nor being given the 4-digit PIN they had on record." The attacker reset Bob's password and changed the recover email, password, name on the account, and enabled two-factor authentication. He got his account back, thanks to support staff and colleagues at Google, but the story illustrates how telco are the weakest link. From the article: Using a few old Google accounts, I experimented with Google's account recovery options and discovered that if a Google account does not have a backup phone number associated with it, Google requires you to have access to the recovery email account OR know the security questions in order to take over an account. However, if a backup phone number is on the account, Google allows you to type in a code from an SMS to the device in lieu of any other information. There you have it: adding a phone number reduces the security of your account to the lowest of: your recovery email account, your security questions, your phone service, and (presumably) Google's last-ditch customer service in case all other options fail. There are myriad examples of telcos improperly turning over their users' accounts: everything from phone hacking incidents in the UK to more recent examples. Simply put, telcos can be quite bad at securing your privacy and they should not be trusted. Interestingly, it appears that if two-factor-auth via SMS is enabled, Google will not allow your password to be reset unless you can also answer a security question in addition to having access to a phone number.

AT&T Considers Buying Time Warner ( 57

In what would likely be one of the largest telecommunications takeovers in American history, Bloomberg is reporting that ATT has discussed the idea of a possible merger or other partnership with Time Warner Inc (may be paywalled; alternate source). Bloomberg reports: The talks, which at this stage are informal, have focused on building relations between the companies rather than establishing the terms of a specific transaction, the people said, asking not to be identified as the deliberations are private. Neither side has yet hired a financial adviser, the people said. Acquiring Time Warner would give ATT, one of the biggest providers of pay-TV and of wireless and home internet service in the U.S., a collection of popular programming to offer to subscribers, from HBO to NBA basketball to the Cartoon Network. ATT CEO Randall Stephenson has been looking to add more content and original programming as part of his plan to transform the Dallas-based telecommunications company into a media and entertainment giant. Time Warner Chief Executive Officer Jeff Bewkes is a willing seller if he gets an offer he thinks is fair, said one of the people. Bewkes and his board rejected an $85-a-share approach in 2014 from Rupert Murdoch's 21st Century Fox Inc., which valued Time Warner at more than $75 billion. Last year, ATT paid $48.5 billion to acquire satellite-TV provider DirecTV, its biggest deal in at least 10 years, according to data compiled by Bloomberg. ATT has been developing an internet-based version of the pay-TV service, called DirecTV now.

Facebook Bans Animated Breast Cancer Awareness Video Showing Circle-Shaped Breasts ( 87

Last month, Facebook deleted a historic Vietnam war photo of a naked girl fleeing a napalm attack, claiming it violated Facebook's restrictions on nudity. Now it appears that the company has removed a video on breast cancer awareness posted in Sweden after deeming the images offensive, the Swedish Cancer Society said on Thursday. The Guardian reports: The video, displaying animated figures of women with circle-shaped breasts, was aimed at explaining to women how to check for suspicious lumps. Sweden's Cancerfonden said it had tried in vain to contact Facebook, and had decided to appeal against the decision to remove the video. "We find it incomprehensible and strange how one can perceive medical information as offensive," Cancerfoden communications director Lena Biornstad told Agence France-Presse. "This is information that saves lives, which is important for us," she said. "This prevents us from doing so." The Guardian went on to report in a separate article that the the Swedish Cancer Society decided to make the round breasts square to evade Facebook's censorship of female anatomy. The group issued an open letter to Facebook featuring the pair of pair of breasts constructed of pink squares as opposed to pink circles. Facebook did apologize for banning the video, saying in a statement to the Guardian: "We're very sorry, our team processes millions of advertising images each week, and in some instances we incorrectly prohibit ads. This image does not violate our ad policies. We apologize for the error and have let the advertiser know we are approving their ads."

Slashdot Top Deals