Chrome

Microsoft Chastises Google Over Chrome Security (pcmag.com) 100

An anonymous reader quotes PCMag: In a Wednesday blog post, Redmond examined Google's browser security and took the opportunity to throw some shade at Chrome's security philosophy, while also touting the benefits of its own Edge browser. The post, written by Microsoft security team member Jordan Rabet, noted that Google's Chrome browser uses "sandboxing" and isolation techniques designed to contain any malicious code. Nevertheless, Microsoft still managed to find a security hole in Chrome that could be used to execute malicious code on the browser.

The bug involved a Javascript engine in Chrome. Microsoft notified Google about the problem, which was patched last month. The company even received a $7,500 reward for finding the flaw. However, Microsoft made sure to point out that its own Edge browser was protected from the same kind of security threat. It also criticized Google for the way it handled the patching process. Prior to the patch's official rollout, the source code for the fix was made public on GitHub, a software collaboration site that hosts computer code. That meant attentive hackers could have learned about the vulnerability before the patch was pushed out to customers, Microsoft claimed. "In this specific case, the stable channel of Chrome remained vulnerable for nearly a month," the blog post said. "That is more than enough time for an attacker to exploit it."

In the past Google has also disclosed vulnerabilities found in Microsoft products -- including Edge.
The Courts

Friendlier GPL-Enforcement Permission Proposed By Linux Kernel Developers (kroah.com) 75

The former Executive Director of the Free Software Foundation -- and Slashdot user #41121 -- contacted Slashdot with this announcement. bkuhn -- now president of the Software Freedom Conservancy -- writes: Software Freedom Conservancy, home of the GPL Compliance Project for Linux Developers, publicly applauded today the proposal of the Linux Kernel Enforcement Statement, which adds a per-copyright-holder-opt-in additional permission to the termination provisions of Linux's GPLv2-only license.
It apparently addresses a developer who "made claims based on ambiguities in the GPL-2.0 that no one in our community has ever considered part of compliance," according to a statement from some of the kernel developers who drafted the statement. While the kernel community has always supported enforcement efforts to bring companies into compliance, we have never even considered enforcement for the purpose of extracting monetary gain... [W]e are aware of activity that has resulted in payments of at least a few million Euros. We are also aware that these actions, which have continued for at least four years, have threatened the confidence in our ecosystem. Because of this, and to help clarify what the majority of Linux kernel community members feel is the correct way to enforce our license, the Technical Advisory Board of the Linux Foundation has worked together with lawyers in our community, individual developers, and many companies that participate in the development of, and rely on Linux, to draft a Kernel Enforcement Statement to help address both this specific issue we are facing today, and to help prevent any future issues like this from happening again. It adopts the same termination provisions we are all familiar with from GPL-3.0 as an Additional Permission giving companies confidence that they will have time to come into compliance if a failure is identified.
Bitcoin

Software Developer Creates Personal Cryptocurrency (wired.com) 98

mirandakatz writes: If you want to pick Evan Prodromou's brain -- as many people often do -- you'll have to pay him. And not just a consulting fee: You'll have to pay him in his own personal cryptocurrency, dubbed Evancoin. Currently, 20 days after his Initial Coin Offering, a single Evancoin is worth $45. As Prodromou tells Scott Rosenberg at Backchannel, "I'm not above a stunt! But in this case I'm really serious about exploring how cryptocurrency is changing what we can do with money and how we think about it. Money is this sort of consensual hallucination, and I wanted to experiment around that." The story goes on to explain what, exactly, goes into creating a personal cryptocurrency, and whether Evancoin could becoming a phenomenon that spreads.
Media

Body Camera Giant Wants Police To Collect Your Videos Too (fastcompany.com) 59

tedlistens shares a report from Fast Company: Axon, the police supplier formerly known as Taser and now a leading maker of police body cameras, has also charged into police software with a service that allows police to manage and eventually analyze increasingly large caches of video, like a Dropbox for cops. Now it wants to add the public's video to the mix. An online tool called Citizen, set to launch later this year, will allow police to solicit the public for photos or video in the aftermath of suspected crimes and ingest them into Axon's online data platform. Todd Basche, Axon's executive vice president for worldwide products, said the tool was designed after the company conducted surveys of police customers and the public and found that potentially valuable evidence was not being collected. "They all pointed us to the need to collect evidence that's out there in the community."

[But] systems like Citizen still raise new privacy and policy questions, and could test the limits of already brittle police-community relations. Would Citizen, for instance, also be useful for gathering civilian evidence of incidents of police misconduct or brutality? [And how would ingesting citizen video into online police databases, like Axon's Evidence.com, allow police to mine it later for suspicious activity, in a sort of dragnet fashion?] "It all depends," says one observer, "on how agencies use the tool."

Microsoft

Microsoft's Market Value Hits a Dot-Com Era Milestone: $600 Billion (wsj.com) 96

An anonymous reader shares a report: Microsoft's value is returning to tech-bubble peaks. The software giant closed with a market value of $600 billion Thursday for the first time since January 2000, according to the Journal's Market Data Group. Shares rose 0.4 percent to $77.91, setting a fresh all-time high. For the year, Microsoft shares are up 25% and on track for their best year since 2013, as the firm continues its rebirth as a force in cloud-computing. The firm is the third-largest S&P 500 company in market value, trailing Apple (about $800 billion) and Google's parent company, Alphabet, (about $690 billion). In July, fellow technology and internet stalwarts Facebook and Amazon.com joined the trio as the only U.S.-listed companies valued at more than in the $500 billion. The last time Microsoft was over $600 billion back in 2000, it didn't stay there for long. The tech bubble would peak in March of that year, and the Nasdaq Composite Index wouldn't climb back to the level it reach that year until 2015.
Education

Could VR Field Trips Replace the Real Thing? (theindychannel.com) 96

turkeydance shares a report from RTV6, which cites a new editorial in the journal Science that explores the question, "Could VR field trips replace the real thing?" Virtual field trips have been around for a while, but they used to be pretty boring: some photos, some text -- basically a Wikipedia entry. But they've come a long way. Nearpod and Google Expeditions let students immerse themselves in places they couldn't normally visit, like Antarctica or even Mars. These virtual field trips are safer and easier to organize than real outings, and they might soon be cheaper, too. Douglas McCauley, assistant professor of ecology at the University of California, Santa Barbara, says traditional field trips have already declined under budget constraints, so schools might be tempted to simply make a switch. McCauley says he's excited about the possibilities of VR. Taking students back to prehistoric times or forward to witness the results of climate change could be a powerful teaching tool.
DRM

Denuvo's DRM Now Being Cracked Within Hours of Release (arstechnica.com) 111

Denuvo, an anti-tamper technology and digital rights management scheme, isn't doing a very good job preventing PC games from being copied. According to Ars Technica, Denuvo releases are being publicly cracked within a day of their launch. From the report: This week's release of South Park: The Fractured but Whole is the latest to see its protections broken less than 24 hours after its release, but it's not alone. Middle Earth: Shadow of War was broken within a day last week, and last month saw cracks for Total War: Warhammer 2 and FIFA 18 the very same day as their public release. Then there's The Evil Within 2, which reportedly used Denuvo in prerelease review copies but then launched without that protection last week, effectively ceding the game to immediate potential piracy. Those nearly instant Denuvo cracks follow summer releases like Sonic Mania, Tekken 7, and Prey, all of which saw DRM protection cracked within four to nine days of release. But even that small difference in the "uncracked" protection window can be important for game publishers, who usually see a large proportion of their legitimate sales in those first few days of availability. The presence of an easy-to-find cracked version in that launch window (or lack thereof) could have a significant effect on the initial sales momentum for a big release. If Denuvo can no longer provide even a single full day of protection from cracks, though, that protection is going to look a lot less valuable to publishers.
Businesses

Dodging Russian Spies, Customers Are Ripping Out Kaspersky (thedailybeast.com) 354

From a report: Multiple U.S. security consultants and other industry sources tell The Daily Beast customers are dropping their use of Kaspersky software all together, particularly in the financial sector, likely concerned that Russian spies can rummage through their files. Some security companies are being told to only provide U.S. products. And former Kaspersky employees describe the firm as reeling, with department closures and anticipation that researchers will jump ship soon. "We are under great pressure to only use American products no matter the technical or performance consequences," said a source in a cybersecurity firm which uses Kaspersky's anti-virus engine in its own services. The Daily Beast granted anonymity to some of the industry sources to discuss internal deliberations, as well as the former Kaspersky employees to talk candidly about recent events.
AI

DeepMind's Go-Playing AI Doesn't Need Human Help To Beat Us Anymore (theverge.com) 133

An anonymous reader quotes a report from The Verge: Google's AI subsidiary DeepMind has unveiled the latest version of its Go-playing software, AlphaGo Zero. The new program is a significantly better player than the version that beat the game's world champion earlier this year, but, more importantly, it's also entirely self-taught. DeepMind says this means the company is one step closer to creating general purpose algorithms that can intelligently tackle some of the hardest problems in science, from designing new drugs to more accurately modeling the effects of climate change. The original AlphaGo demonstrated superhuman Go-playing ability, but needed the expertise of human players to get there. Namely, it used a dataset of more than 100,000 Go games as a starting point for its own knowledge. AlphaGo Zero, by comparison, has only been programmed with the basic rules of Go. Everything else it learned from scratch. As described in a paper published in Nature today, Zero developed its Go skills by competing against itself. It started with random moves on the board, but every time it won, Zero updated its own system, and played itself again. And again. Millions of times over. After three days of self-play, Zero was strong enough to defeat the version of itself that beat 18-time world champion Lee Se-dol, winning handily -- 100 games to nil. After 40 days, it had a 90 percent win rate against the most advanced version of the original AlphaGo software. DeepMind says this makes it arguably the strongest Go player in history.
Software

EA Shuts Down Visceral Games, Shifting Development On Its Star Wars Game (kotaku.com) 75

Visceral Games, the studio behind games like Battlefield Hardline and Dead Space, is being shut down by EA. The Star Wars game in development at Visceral will be revamped and moved to a different studio. Kotaku reports: "Our Visceral studio has been developing an action-adventure title set in the Star Wars universe," EA's Patrick Soderlund said in a blog post. "In its current form, it was shaping up to be a story-based, linear adventure game. Throughout the development process, we have been testing the game concept with players, listening to the feedback about what and how they want to play, and closely tracking fundamental shifts in the marketplace. It has become clear that to deliver an experience that players will want to come back to and enjoy for a long time to come, we needed to pivot the design." Soderlund added that Visceral will be "ramping down and closing" and that "we're in the midst of shifting as many of the team as possible to other projects and teams at EA." "Lastly," he said, "while we had originally expected this game to launch late in our fiscal year 2019, we're now looking at a new timeframe that we will announce in the future."
Android

Android Oreo Helps Google's Pixel 2 Smartphones Outperform Other Android Flagships (hothardware.com) 86

MojoKid highlights Hot Hardware's review of Google's new Pixel 2 and Pixel 2 XL smartphones: Google officially launched it's Pixel 2 phones today, taking the wraps off third-party reviews. Designed by Google but manufactured by HTC (Pixel 2) and LG (Pixel 2 XL), the two new handsets also boast Google's latest Android 8.0 operating system, aka Oreo, an exclusive to Google Pixel and certain Nexus devices currently. And in some ways, this is also a big advantage. Though they are based on the same Qualcomm Snapdragon 835 processor as many other Android devices, Google's new Pixel 2s manage to outpace similarly configured smartphones in certain benchmarks by significant margins (Basemark, PCMark and 3DMark). They also boot dramatically faster than any other Android handset on the market, in as little as 10 seconds. Camera performance is also excellent, with both the 5-inch Pixel 2 and 6-inch Pixel 2 XL sporting identical electronics, save for their displays and chassis sizes. Another notable feature built into Android Oreo is Google Now Playing, an always-listening, Shazam-like service (if you enable it) that displays song titles on the lock screen if it picks up on music playing in the room you're in. Processing is done right on the Pixel 2 and it doesn't need network connectivity. Another Pixel 2 Oreo-based trick is Google Lens, a machine vision system that Google notes "can recognize places like landmarks and buildings, artwork that you'd find in a museum, media covers such as books, movies, music albums, and video games..." The Google Pixel 2 and Pixel 2 XL are available now on Verizon or unlocked via the Google Store starting at $649 and $849 respectively for 64GB storage versions, with a $100 up-charge for 128GB variants.
Google

Google Maps Ditches Walking Calorie Counter After Backlash (engadget.com) 363

Following online backlash, Google is removing a planned feature in Maps that shows you how many calories you'd burn when in walking mode. Google's attempt to promote a healthy lifestyle caused a number of people to lambast the feature on Twitter, claiming it would "shame" and even "trigger" those with eating disorders. Engadget reports: Taking note of the negative reaction, Google is now dumping the experiment. It confirmed to Engadget that the update was briefly tested on iOS, and has been abandoned based on user feedback. As The Hill's Taylor Lorenz noted in her tweets, there was no way to turn off the feature. Lorenz also claimed that using pink cupcakes as the unit of measurement was "lowkey aimed at women." Others pointed out that Maps wasn't the appropriate place for the update. After all, there are plenty of fitness and calorie counting apps that keep track of your activity and consumption -- again emphasizing how misplaced the feature was.
Piracy

Netflix, Amazon, Movie Studios Sue Over TickBox Streaming Device (arstechnica.com) 132

Movies studios, Netflix, and Amazon have teamed up to file a lawsuit against a streaming media player called TickBox TV. The device in question runs Kodi on top of Android 6.0, and searches the internet for streams that it can make available to users without actually hosting any of the content itself. An anonymous reader quotes a report from Ars Technica: The complaint (PDF), filed Friday, says the TickBox devices are nothing more than "tool[s] for mass infringement," which operate by grabbing pirated video streams from the Internet. The lawsuit was filed by Amazon and Netflix Studios, along with six big movie studios that make up the Motion Picture Association of America: Universal, Columbia, Disney, Paramount, 20th Century Fox, and Warner Bros.

"What TickBox actually sells is nothing less than illegal access to Plaintiffs' copyrighted content," write the plaintiffs' lawyers. "TickBox TV uses software to link TickBox's customers to infringing content on the Internet. When those customers use TickBox TV as Defendant intends and instructs, they have nearly instantaneous access to multiple sources that stream Plaintiffs' Copyrighted Works without authorization." The device's marketing materials let users know the box is meant to replace paid-for content, with "a wink and a nod," by predicting that prospective customers who currently pay for Amazon Video, Netflix, or Hulu will find that "you no longer need those subscriptions." The lawsuit shows that Amazon and Netflix, two Internet companies that are relatively new to the entertainment business, are more than willing to join together with movie studios to go after businesses that grab their content.

Open Source

Companies Overlook Risks in Open Source Software, Survey Finds (betanews.com) 132

An anonymous reader shares a report: Open source code helps software suppliers to be nimble and build products faster, but a new report reveals hidden software supply chain risks of open source that all software suppliers and IoT manufacturers should know about. The recent Equifax breach for example exploited a vulnerability in a widely used open source web framework, Apache Struts, and the study by software monetization specialist Flexera points out that as much as 50 percent of code in commercial and IoT software products is open source. "We can't lose sight that open source is indeed a clear win. Ready-to-go code gets products out the door faster, which is important given the lightning pace of the software space," says Jeff Luszcz, vice president of product management at Flexera. "However, most software engineers don't track open source use, and most software executives don't realize there's a gap and a security/compliance risk." Flexera surveyed 400 software suppliers, Internet of Things manufacturers and in-house development teams. It finds only 37 percent of respondents to the survey have an open source acquisition or usage policy, while 63 percent say either their companies either don't have a policy, or they don't know if one exists. Worryingly, of the 63 percent who say their companies don't have an open source acquisition or usage policy, 43 percent say they contribute to open source projects. There is an issue over who takes charge of open source software too. No one within their company is responsible for open source compliance, or they don't know who is, according to 39 percent of respondents.
Microsoft

Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 (reuters.com) 47

Citing five former employees, Reuters reported on Tuesday that Microsoft's secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago. From the report: The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident. The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins. The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks. "Bad guys with inside access to that information would literally have a 'skeleton key' for hundreds of millions of computers around the world," said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.
Google

Google Photos Now Recognizes Your Pets (techcrunch.com) 60

Today, Google is introducing an easier way to aggregate your pet photos in its Photos app -- by allowing you to group all your pet's photos in one place, right beside the people Google Photos organized using facial recognition. TechCrunch reports: This is an improvement over typing in "dog," or another generalized term, because the app will now only group together photos of an individual pet together, instead of returning all photos you've captured with a "dog" in them. And like the face grouping feature, you can label the pet by name to more easily pull up their photos in the app, or create albums, movies or photo books using their pictures. In addition, Google Photos lets you type in an animal's breed to search for photos of pets, and it lets you search for photos using the dog and cat emojis. The company also earlier this year introduced a feature that would create a mini-movie starring your pet, but you can opt to make one yourself by manually selecting photos then choosing from a half-dozen tracks to accompany the movie, says Google.
XBox (Games)

Microsoft's Fall Update With Redesigned Xbox Dashboard Is Now Available To All (engadget.com) 38

Microsoft has released the next big "Fall" update for the Xbox One, which focuses on speed and simplicity. Engadget reports: The first "Fluid Design" interface comes with a redesigned Home page, which is all about simplicity and customization. The top-level section has four shortcuts (your current game, two personalized suggestions, and a deal from the Microsoft store) and a horizontal carousel underneath. The biggest change, however, is the new "Content Blocks" that sit below this screen. Scroll down and you'll find a series of large, visual panels dedicated to games and friends. These are completely customizable and act like miniature hubs for your favorite titles and communities. The quick-access Guide has been tweaked for speed, with small, horizontal tabs that you can slide between with the Xbox controller's LB and RB bumpers, D-pad or left thumbstick. If you launch the Guide while you're streaming or part of an active party, you'll also see the corresponding broadcast and party tabs by default. Other Guide tweaks include a new Tournaments section in the Multiplayer tab, which will summarize any official, professional or community tournaments that you've entered. In addition, Microsoft has overhauled the Community tab with a modern, grid-based layout. It's also tweaked the idle and screen dimming features that kick in when you walk away from the console momentarily. Larry Hryb, Xbox Live's Major Nelson and Mike Ybarra, the Platform Engineer, have posted a walkthrough video on YouTube highlighting all the major new changes.
Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 135

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Security

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word (neowin.net) 50

An anonymous reader quotes a report from Neowin: Kaspersky Lab, which has been under fire by the U.S. government as possibly being an agent of the Russian government and spying on U.S. computers, has found a previously unknown bug in Adobe Flash that was apparently exploited by a hacker group on October 10. Adobe issued a patch to fix the bug today. According to Kaspersky, "the exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware." The company worked with Adobe to get a patch ready as quickly as possible, with Adobe releasing it a few hours ago. Users and agencies running the following versions of Adobe Flash will need to update immediately, as the vulnerability has been labeled as critical. The patch updates all versions of Adobe Flash to version 27.0.0.170.

Slashdot Top Deals