Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Android

Multiple Vulnerabilities In AirDroid Opens At Least 10 Million Android Users To MITM Attacks, Hijackings (androidpolice.com) 28

AirDroid is a popular Android application that allows users to send and receive text messages and transfer files and see notifications from their computer. Zimperium, a mobile security company, recently released details of several major security vulnerabilities in the application, allowing attackers on the same network to access user information and execute code on a user's device. Since there are between 10 and 50 million installations of the app, many users may be imperiled by AirDroid. Android Police reports: The security issues are mainly due to AirDroid using the same HTTP request to authorize the device and send usage statistics. The request is encrypted, but uses a hardcoded key in the AirDroid application (so essentially, everyone using AirDroid has the same key). Attackers on the same network an intercept the authentication request (commonly known as a Man-in-the-middle attack) using the key extracted from any AirDroid APK to retrieve private account information. This includes the email address and password associated with the AirDroid account. Attackers using a transparent proxy can intercept the network request AirDroid sends to check for add-on updates, and inject any APK they want. AirDroid would then notify the user of an add-on update, then download the malicious APK and ask the user to accept the installation. Zimperium notified AirDroid of these security flaws on May 24, and a few days later, AirDroid acknowledged the problem. Zimperium continued to follow up until AirDroid informed them of the upcoming 4.0 release, which was made available last month. Zimperium later discovered that version 4.0 still had all these same issues, and finally went public with the security vulnerabilities today.
Transportation

Apple Will Use Drones To Improve the Quality of Apple Maps (bloomberg.com) 43

An anonymous reader quotes a report from Bloomberg: Apple plans to use drones and new indoor navigation features to improve its Maps service and catch longtime leader Google (Warning: source may be paywalled; alternate link), according to people familiar with the matter. The Cupertino, California-based company is assembling a team of robotics and data-collection experts that will use drones to capture and update map information faster than its existing fleet of camera-and-sensor ladened minivans, one of the people said. Apple wants to fly drones around to do things like examine street signs, track changes to roads and monitor if areas are under construction, the person said. The data collected would be sent to Apple teams that rapidly update the Maps app to provide fresh information to users, the person added. Apple is also developing new features for Maps, including views inside buildings and improvements to car navigation, another person familiar with the efforts said. Apple filed for an exemption on Sept. 21, 2015, from the Federal Aviation Administration to fly drones for commercial purposes, according to documents obtained by Bloomberg News. At that time, exemptions were required to commercially operate drones. In a response dated March 22, 2016, the FAA granted Apple approval to "operate an unmanned aircraft system to conduct data collection, photography, and videography," according to one of the documents. Apple's application told the FAA that it would use a range of drones sold by companies such as SZ DJI Technology Co. and Aibotix GmbH to collect the data. Apple has hired at least one person from Amazon's Prime Air division to help run the drone team, one of the people said.
Earth

Earthquake-Sensing Mobile App 'MyShake' Detects Over 200 Earthquakes Large and Small (techcrunch.com) 25

Back in February, researchers at UC Berkeley released an app called MyShake that detects strong earthquakes seconds before the damaging seismic waves arrive. Several months have passed since its release and app has already detected over 200 earthquakes in more than ten countries. TechCrunch reports: The app has received nearly 200,000 downloads, though only a fraction of those are active at any given time; it waits for the phone to sit idle so it can get good readings. Nevertheless, over the first six months the network of sensors has proven quite effective. "We found that MyShake could detect large earthquakes, but also small ones, which we never thought would be possible," one of the app's creators, Qingkai Kong, told New Scientist. A paper describing the early results was published in Geophysical Research Letters -- the abstract gives a general idea of the app's success: "On a typical day about 8000 phones provide acceleration waveform data to the MyShake archive. The on-phone app can detect and trigger on P waves and is capable of recording magnitude 2.5 and larger events. The largest number of waveforms from a single earthquake to date comes from the M5.2 Borrego Springs earthquake in Southern California, for which MyShake collected 103 useful three-component waveforms. The network continues to grow with new downloads from the Google Play store everyday and expands rapidly when public interest in earthquakes peaks such as during an earthquake sequence." You can download the app for Android here.
Businesses

Cyanogen Inc and CyanogenMod Creator Steve Kondik Part Ways (ndtv.com) 67

bulled writes: In the middle of a press release discussing the move of employees from Seattle to California, Cyanogen Inc notes that it has parted ways with Steve Kondik. It is unclear what this means for the future of CyanogenMod. NDTV reports: "Kondik took to the official CyanogenMod developer Google+ community recently where he voiced what he thought were the reasons behind Cyanogen's plight and blamed Kirt McMaster, Cyanogen's Co-Founder. 'I've been pretty quiet about the stuff that's been going on but I'm at least ready to tell the short version and hopefully get some input on what to do next because CM is very much affected,' wrote Kondik in a private Google+ community first reported by Android Police. According to Kondik's version, Cyanogen's turmoil is way far from being over. He claimed that Cyanogen had seen success thanks to the efforts by the community and the company. Though, this also changed how the company worked. Explaining how it all started to come down, Kondik wrote, 'Unfortunately once we started to see success, my co-founder apparently became unhappy with running the business and not owning the vision. This is when the 'bullet to the head' and other misguided media nonsense started, and the bad business deals were signed. Being second in command, all I could do was try and stop it, do damage control, and hope every day that something new didn't happen. The worst of it happened internally and it became a generally shitty place to work because of all the conflict. I think the backlash from those initial missteps convinced him that what we had needed to be destroyed. By the time I was able to stop it, I was outgunned and outnumbered by a team on the same mission.' Kondik also seemingly confirmed a report from July which claimed Cyanogen may pivot to apps. He further wrote, 'Eventually I tried to salvage it with a pivot that would have brought us closer to something that would have worked, but the new guys had other plans. With plenty of cash in the bank, the new guys tore the place down and will go and do whatever they are going to do. It's probably for the best and I wish them luck, but what I was trying to do, is over.'"
Android

Motorola Has No Plans For a New Smartwatch (theverge.com) 36

An anonymous reader quotes a report from The Verge: Lenovo Moto today confirmed that it will not be releasing a new smartwatch for the launch of Android Wear 2.0, due early next year. The company had earlier said it would not be releasing a new smartwatch in 2016, but it is now saying that it doesn't plan to put out a new device timed to the arrival of Google's newest wearable platform, either. Shakil Barkat, head of global product development at Moto, said the company doesn't "see enough pull in the market to put [a new smartwatch] out at this time," though it may revisit the market in the future should technologies for the wrist improve. "Wearables do not have broad enough appeal for us to continue to build on it year after year," Barkat said, and indicated that smartwatches and other wearable devices will not be in Moto's annual device roadmap. Whether or not Moto does jump back into the smartwatch market is still up in the air, but Barkat is leaving the possibility open. "We believe the wrist still has value and there will be a point where they provide value to consumers more than they do today," Barkat said. But it doesn't appear that we'll be getting a new Moto 360 or other smartwatch any time in the near future. Google announced back in September that it would be delaying the launch of Android Wear 2.0 from this fall to next year. LG and Huawei have also confirmed that they would not be releasing new smartwatches until at least next year.
Mozilla

Mozilla Puts New Money To Use Fighting For 'Internet Health' (cnet.com) 103

Stephen Shankland, writing for CNET: Mozilla is marshaling public support for political positions, like backing net neutrality, defending encryption and keeping government surveillance from getting out of hand, says Denelle Dixon-Thayer, Mozilla's chief legal and business officer. The organization is funding the efforts with revenue from Firefox searches, which has jumped since 2014 when it switched from a global deal with Google to a set of regional deals. Mozilla brought in $421 million in revenue last year largely through partnerships with Yahoo in the US, Yandex in Russia and Baidu in China, according to tax documents released alongside Mozilla's 2015 annual report on Thursday. Pushing policy work brings new challenges well beyond traditional Mozilla work competing against Google's Chrome browser and Microsoft's Internet Explorer. They include squaring off against the incoming administration of Donald Trump.
Google

Google's New Public NTP Servers Provide Smeared Time (googleblog.com) 173

Google says it has built support for the leap second into the time servers that regulate all Google services. An anonymous reader shares a blogpost by Google:No commonly used operating system is able to handle a minute with 61 seconds, and trying to special-case the leap second has caused many problems in the past. Instead of adding a single extra second to the end of the day, we'll run the clocks 0.0014% slower across the ten hours before and ten hours after the leap second, and "smear" the extra second across these twenty hours. For timekeeping purposes, December 31 will seem like any other day. All Google services, including all APIs, will be synchronized on smeared time, as described above. You'll also get smeared time for virtual machines on Compute Engine if you follow our recommended settings. You can use non-Google NTP servers if you don't want your instances to use the leap smear, but don't mix smearing and non-smearing time servers.
Earth

Google Earth's Timelapses Offer a 32-Year Look At Earth's Changing Surface (pcmag.com) 85

Google has partnered with TIME to release an improved version of Google Earth Timelapse that provides animated satellite imagery covering the past 32 years, from 1984 to 2016. In 2013, Google and TIME launched Timelapse with a time-lapse from 1984 to 2012. However, this time around the project uses the higher-resolution maps introduced back in June to provide a look that's more detailed and more seamless than in the past. ZDNet reports: The 10-second snapshots of Earth from space over 32 years captures urban sprawl, deforestation and reforestation, receding glaciers, and major engineering feats, such as the Oresund Bridge connecting Denmark to Sweden, or the spread of the Alberta Tar Sands in Canada. Google Earth engine program manager, Chris Herwig says it created the new "annual mosaics" by stitching together 33 images of the Earth, each representing one year. Each image contains 3.95 trillion pixels, cherry-picked from an original set of three quadrillion pixels. "Using Google Earth Engine, we sifted through about three quadrillion pixels, that's three followed by 15 zeroes, from more than 5,000,000 satellite images," Herwig said. "We took the best of all those pixels to create 33 images of the entire planet, one for each year. We then encoded these new 3.95-terapixel global images into just over 25,000,000 overlapping multi-resolution video tiles, made interactively explorable by Carnegie Mellon CREATE Lab's Time Machine library, a technology for creating and viewing zoomable and pannable time-lapses over space and time." The satellite images come from the NASA Goddard Space Flight Center and US Geological Survey. Since 2015, they also contain some data from the European Space Agency's Copernicus Program and its Sentinel-2A satellite.
Privacy

Uber Wants To Track Your Location Even When You're Not Using the App, Here's Why (businessinsider.com) 130

With the most recent update to Uber's ride-hailing app, the company has begun requesting users if they are willing to share their location data with Uber app even while the app is not in use. The company says it plans to use the data gained to improve user experience -- including offering improved pick-up times and locations. From an article on Business Insider: In August the company moved away from using Google Maps for its service and began using its own mapping technology. Google's lack of accuracy in many non-Western countries led to increased friction between consumers and drivers. This means the company needs to boost the amount of location data it has. Location data could also be used to provide new channels of revenue for the digital platform. This could include serving ads of local businesses or recommending nearby places of interest to users. Mobile marketing, which relies on accurate location data is a rapidly growing industry and could serve as a revenue windfall for Uber in the years ahead as it faces increasing competition. In fact, revenue from location-targeted mobile ads is expected to grow at an annualized rate of almost 34% between 2014 and 2019, surpassing $18 billion, according to a forecast from BIA/Kelsey.
Android

More Than 1 Million Android Devices Rooted By Gooligan Malware (onthewire.io) 42

Reader Trailrunner7 writes: A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world, giving the attackers full access to victims' Google accounts in the process. The malware campaign, known as Gooligan, is a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that's not the main concern for victims. The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users' Google credentials.Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.
Google

Google Successfully Uses Machine Learning To Detect Diabetic Retinopathy (betanews.com) 30

BrianFagioli writes from a report via BetaNews: Diabetic eye disease is caused by retinopathy. Affected diabetics can have small tears inside the eye, causing bleeding. Over time, they can lose vision, and ultimately, they can go blind. Luckily, Google has been trying to use machine learning to detect diabetic retinopathy. Guess what? The search giant has seen much success. Not only are the computers able to detect the disease at the same level as ophthalmologists, but Google is actually slightly better! "A few years ago, a Google research team began studying whether machine learning could be used to screen for diabetic retinopathy (DR). Today, in the Journal of the American Medical Association, we've published our results: a deep learning algorithm capable of interpreting signs of DR in retinal photographs, potentially helping doctors screen more patients, especially in underserved communities with limited resources," says Lily Peng, MD Ph.D., Product Manger at Google. She goes on to say "our algorithm performs on par with the ophthalmologists, achieving both high sensitivity and specificity. [...] For example, on the validation set described in Figure 2, the algorithm has a F-score of 0.95, which is slightly better than the median. F-score of the 8 ophthalmologists we consulted (measured at 0.91)."
Microsoft

Microsoft Brings Collaborative Editing To PowerPoint On Desktop (venturebeat.com) 38

Microsoft today said that it has enhanced certain versions of its PowerPoint presentation-building program with real-time collaborative editing. VentureBeat adds: This feature came to Word on desktop last year. And before that it was available through Office Online. Microsoft said last year that real-time coauthoring would come to all of its desktop apps, and now Microsoft is executing on that commitment. Just like in Google Docs, Sheets, and Slides, this feature lets you "see what others are typing as it happens on a given slide," Microsoft Office corporate vice president Kirk Koenigsbauer wrote in a blog post. The feature is live now in PowerPoint on Windows for people who subscribe to Office 365 and belong to the Office Insider program. In addition, it's now available to everyone in PowerPoint Mobile on Windows tablets, Koenigsbauer wrote.
Desktops (Apple)

It's Not Just You, iCloud Calendar Spam is On the Rise (techcrunch.com) 28

New submitter petersike writes: If you're using iCloud to sync your calendar across your devices, chances are you just received a bunch of spammy invites over the last few days. Many users are reporting fake events about Black Friday 'deals' coming from Chinese users. If you're looking for cheap Ray-Ban or Louis Vuitton knockoffs, you might find these invites useful. Otherwise, you might be wondering: why is this a thing? If you use your calendar for work, you already rely on calendar invites to invite other people to meetings and events. All major calendar backends support this feature -- Google Calendar, Microsoft Exchange and Apple's iCloud. And it's quite a convenient feature as you only need to enter an email address to send these invitations. You don't need to be in the same company or even in your recipient's address book. But it's also yet another inbox -- and like every inbox out there, it can get abused.
Google

Morgan Stanley: Pixel Phone Will Generate Google Almost $4 Billion In Revenue Next Year (9to5google.com) 66

An anonymous reader quotes a report from 9to5Google: With initial Pixel pre-orders exceeding expectations and promising activation numbers from Verizon, Google is on track to sell three million phones with revenues of $2 billion in 2016. The Morgan Stanley estimate comes as the Pixel reportedly captured 10% of the premium smartphone market in India. Unsurprisingly, the 128GB Pixel XL has the largest gross profit margin at 25%, while the cheapest 32GB Pixel is at 22%. Morgan Stanley also estimates that, compared to the iPhone, the Pixel will be half as profitable. Morgan Stanley expects Google to sell 5-6 million Pixel and Pixel XL devices in 2017 to the tune of $3.8 billion in revenue. Google is also expected to make money from increased usage of services like Android Pay and mobile search. Google's big gains were possibly due in part to Samsung's Note 7 debacle, with the company's marketshare falling to 23%. Apple captured the number one position at 66%. Additionally, Google benefitted from running a number of promotions, including cashback and exchange programs. The company also heavily advertised in newspapers, with billboards, and for the first time displays in large retail stores.
Google

Google Asked to Remove a Billion 'Pirate' Search Results in a Year (torrentfreak.com) 68

Copyright holders asked Google to remove more than 1,000,000,000 allegedly infringing links from its search engine over the past twelve months, TorrentFreak reports. According to stats provided in Google's Transparency Report for the past one year, Google was asked to remove over one billion links -- or 1,007,741,143 links. From the article: More than 90 percent of the links, 908,237,861 were in fact removed. The rest of the reported links were rejected because they were invalid, not infringing, or duplicates of earlier requests. In total, Google has now processed just over two billion allegedly infringing URLs from 945,000 different domains. That the second billion took only a year, compared to several years for the first, shows how rapidly the volume of takedown requests is expanding. At the current rate, another billion will be added by the end of next summer. Most requests, over 50 million, were sent in for the website 4shared.com. However, according to the site's operators many of the reported URLs point to the same files, inflating the actual volume of infringing content.
Microsoft

Newest Skype For Linux Enables SMS Text Messages From The Desktop (betanews.com) 175

BrianFagioli writes: Microsoft has delivered an incredible feature to Linux-based desktop operating systems by way of the latest Alpha version of its Skype client... The newly-released Skype for Linux 1.13 allows users to send SMS test messages from the operating system! True, web-based solutions such as Google Voice have long allowed the sending of text messages, but needing to use a web browser can be a chore. There is convenience and elegance in using the Skype for Linux client.
Google

Online Pranksters Mock Trump's $149 Christmas Ornament, Rename Trump Tower on Google Maps (yahoo.com) 524

An anonymous reader quotes a Digital Trends story about a suspicious malfunction on Google Maps: At some point yesterday, Donald Trump's Fifth Avenue home was given a rather unceremonious rechristening, and a search for "Trump Tower" revealed a pin for "Dump Tower" instead. It was rather tricky to find for some, and required zooming in on the building itself at just the right angle (which is perhaps how the culprit got away with the stunt in the first place). At a separate angle, someone else (or perhaps the same person) transliterated the skyscraper's name in Russian Cyrillic, perhaps meant to be a jab at Trump's alleged ties to President Vladimir Putin and company... While the team [at Google Maps] managed to put out this first fire, another quickly arose to take its place (as is often the case on the internet), and later in the day on Saturday, Trump International Hotel and Tower in Columbus Circle was renamed Dump International Hotel and Tower. Meanwhile, another anonymous reader writes: Earlier this week Donald Trump emailed his supporters selling a $149 collectible "Make America Great Again" Christmas ornament finished with 14k gold, to raise money for both his campaign and the Republican party. But Yahoo News reports that it's now getting some suspicious negative (and politically-charged) reviews on its page on Amazon. ("One Star. "It tried to put my nativity figures into an internment camp.") And another reviewer even wrote a satirical story about how their family decided on the ornament for the tree. "During our family meeting we overwhelmingly chose the other ornament but somehow we still ended up with this one. We're not sure what happened."
The Media

Crowdsourced Volunteers Search For Solutions To Fake News (wired.co.uk) 270

Upworthy co-founder Eli Pariser is leading a group of online volunteers hunting for ways to respond to the spread of fake news. An anonymous reader quotes Wired UK: Inside a Google Doc, volunteers are gathering ideas and approaches to get a grip on the untruthful news stories. It is part analysis, part brainstorming, with those involved being encouraged to read widely around the topic before contributing. "This is a massive endeavour but well worth it," they say...

At present, the group is coming up with a list of potential solutions and approaches. Possible methods the group is looking at include: more human editors, fingerprinting viral stories then training algorithms on confirmed fakes, domain checking, the blockchain, a reliability algorithm, sentiment analysis, a Wikipedia for news sources, and more.

The article also suggests this effort may one day spawn fake news-fighting tech startups.
The Internet

Delete Yourself From Many Internet Sites By Pressing This Button (thenextweb.com) 46

Two Swedish developers have created a site offering a way to wipe your entire existence off the internet in a few clicks. schwit1 quotes The Next Web: When logging into the website with a Google account it scans for apps and services you've created an account for, and creates a list of them with easy delete links. Every account it finds gets paired with an easy delete link pointing to the unsubscribe page for that service. In a few clicks you're freed from it, and depending on how long you need to work through the entire list, you can be account-less within the hour.
I'm a little uncomfortable giving a stranger's web site access to my personal information - even if it is for the purpose of deleting it altogether. But the original submission ends with an interesting question. "Can we get this for government databases too?"
The Media

False Porn-on-CNN Report Shows How Quickly Fake News Spreads (usatoday.com) 158

Slashdot reader xtsigs writes: "No, despite what you read, CNN did not run porn for 30 minutes Thursday, as was reported by Fox News, the New York Post, Variety and other news organizations, several of which later corrected their stories," reports USA Today. The story goes on to explain how the story started (a single tweet), how it was quickly picked up by media outlets (without verifying if CNN actually did, in truth, broadcast porn), how it was then retracted by some outlets (but not others).

Other outlets jumped on the story of the story while, as of early Saturday morning some sites are still running the original story claiming CNN did, in fact, broadcast 30 minutes of porn.

Slashdot Top Deals