Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Printer

Google Cloud Print Is Turning Off Epson Printers (pcmag.com) 44

When Google launched Cloud Print, it removed a lot of the hassle from using a printer. Instead of a printer only printing documents from the PC it was connected to, Cloud Print allowed any device, be it a Windows PC, Mac, Chromebook, smartphone, tablet, etc. to print to any printer either locally or remotely. However, Google Cloud Print has gone awry this week, as reports PCMag, and Epson printer owners are suffering because of it. From the article: A thread appeared on the Chromebook Central Help Forum explaining a problem where an Epson XP-410$185.00 at Amazon printer was turning itself off after 30 seconds. The printer worked without issue for two years, but now it wouldn't stay powered on. At first, this seems like a printer hardware problem, but the printer started working again once it was disconnected from the Internet. However, as soon as Google Print Cloud was enabled, the automatic power down happened again. Later in the support thread an Epson WF-4630 owner reports the same issue, as do XP-215, XP-415, XP-610, WF-545, WF-845, and WF-7610 owners.A change in Google's API for its cloud service triggered the issue, reports ArsTechnica. The change has caused a conflict between Cloud Print and printers' firmware.
Yahoo!

Yahoo Fixes Flaw Allowing an Attacker To Read Any User's Emails (zdnet.com) 19

Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim's email inbox. From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year's Yahoo Mail bug, which similarly let an attacker compromise a user's account. Yahoo filters HTML messages to ensure that malicious code won't make it through into the user's browser, but the researcher found that the filters didn't catch all of the malicious data attributes.
Bug

Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016 (onthewire.io) 67

Trailrunner7 quotes a report from On the Wire: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year, with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it's no surprise that Flash and IE exploits dominated the landscape. Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it's deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future's analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups. "Adobe Flash Player's CVE-2015-7645, number 10 in terms of references to exploit kits, stands out as the vulnerability with the most adoption by exploit kits. Exploit kits adopting the Adobe bug in the past year include Neutrino, Angler, Magnitude, RIG, Nuclear Pack, Spartan, and Hunter," the analysis by Recorded Future says.
Education

Information Overload No Problem For Most Americans: Survey (reuters.com) 73

About 20 percent of American adults feel the burden of information overload, with that figure at least doubling among those from poorer or less educated backgrounds, Pew Research Center said in a new report. Reuters adds: "Generally, Americans appreciate lots of information and access to it," said the report into how U.S. adults cope with information demands. Roughly four in five Americans agree that they are confident about using the internet to keep up with information demands, that a lot of information gives them a feeling of more control over their lives, and that they can easily determine what information is trustworthy. Americans who are 65 or older, have a high school diploma or less and earn less than $30,000 a year are more likely to say they face a glut of information. Eighty-four percent of Americans with online access through three sources -- home broadband, smartphone and tablet computer -- say they like having so much information available. By contrast, 55 percent of those with no online source felt overwhelmed by the amount of possible information.
Movies

Falsely Accused Movie Pirate Deserves $17K Compensation, Court Says (torrentfreak.com) 57

An Oregon District Court has sided with a wrongfully accused man who was sued for allegedly downloading a pirated copy of the Adam Sandler movie "The Cobbler." According to the court's recommendations, reports TorrentFreak, the man is entitled to more than $17,000 in compensation as the result of the filmmakers "overaggressive" and "unreasonable" tactics. From the article: The defendant in question, Thomas Gonzales, operates an adult foster care home where several people had access to the Internet. The filmmakers were aware of this and during a hearing their counsel admitted that any guest could have downloaded the film. [...] "The Court finds that once Plaintiff learned that the alleged infringement was taking place at an adult group care home at which Gonzales did not reside, Plaintiff's continued pursuit of Gonzales for copyright infringement was objectively unreasonable," Judge Beckerman ruled. "The Court shares Gonzales' concern that Plaintiff is motivated, at least in large part, by extracting large settlements from individual consumers prior to any meaningful litigation. "On balance, the Court has concerns about the motivation behind Plaintiff's overaggressive litigation of this case and other cases, and that factor weighs in favor of fee shifting."
Software

Apple Launches Single Sign-On Service To Make Logging Into TV Apps Less Time-Consuming (macrumors.com) 29

Apple has launched Single Sign-on, a service designed to make logging into TV apps much less annoying. It "allows cable subscribers to sign in once with their cable credentials to gain access to all cable-restricted content in iOS and tvOS apps," writes Juli Clover via MacRumors: Single Sign-on is limited to the United States, and according to a support document, is available for the following providers: CenturyLink Prism, DirecTV, Dish, GVTC, GTA, Hawaiian Telecom, Hotwire, MetroCast, and Sling. While Single Sign-on was introduced and tested in the tvOS 10.1 and iOS 10.2 betas, the feature was remotely released today to all iOS 10 and tvOS 10 devices. Using Single Sign-on does not require one of the betas, and is instead immediately available to all iPhone and Apple TV users running iOS 10 or tvOS 10. With Single Sign-on, customers with a supported provider will use the Settings options in iOS or tvOS to sign in with their cable credentials. From then on, when accessing a supported app that requires a cable subscription, the app will ask to use the saved sign-on credentials. Most cable channels and content providers offer individual apps on the Apple TV and iOS devices, but still require cable authentication before users can access content. Prior to Single Sign-on, customers were required to enter their credentials in each individual app, a frustrating and time-consuming process.
Advertising

New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels (bleepingcomputer.com) 198

An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.
Businesses

T-Mobile CFO: Less Regulation, Repeal of Net Neutrality By Trump Would Be 'Positive For My Industry' (tmonews.com) 157

An anonymous reader quotes a report from TmoNews: T-Mobile CFO Braxton Carter spoke at the UBS Global Media and Communications Conference in New York City, and he touched a bit on President-elect Donald Trump and what his election could mean for the mobile industry. Carter expects that a Trump presidency will foster an environment that'll be more positive for wireless. "It's hard to imagine, with the way the election turned out, that we're not going to have an environment, from several aspects, that is not going to be more positive for my industry," the CFO said. He went on to explain that there will likely be less regulation, something that he feels "destroys innovation and value creation." Speaking of innovation, Carter also feels that a reversal of net neutrality and the FCC's Open Internet rules would be good for innovation in the industry, saying that it "would provide opportunity for significant innovation and differentiation" and that it'd enable you to "do some very interesting things."
Databases

YouTube, Facebook, Twitter and Microsoft Will Create 'Hash' Database To Remove Extremist Content (reuters.com) 248

bongey writes: Youtube, Facebook, Twitter and Microsoft are teaming up to create a common database to flag extremist videos and pictures. The database is set to go live in 2017. The system will not automatically remove content. Reuters reports: "The companies will share 'hashes' -- unique digital fingerprints they automatically assign to videos or photos -- of extremist content they have removed from their websites to enable their peers to identify the same content on their platforms. 'We hope this collaboration will lead to greater efficiency as we continue to enforce our policies to help curb the pressing global issue of terrorist content online,' the companies said in a statement on Tuesday. Each company will decide what image and video hashes to add to the database and matching content will not be automatically removed, they said. The database will be up and running in early 2017 and more companies could be brought into the partnership."
Communications

Facebook Begins Asking Users To Rate Articles' Use of 'Misleading Language' (techcrunch.com) 113

Facebook is finally cracking down on the fake news stories that run rampant on its site and many other social media sites across the web. The company is rolling out a new feature in the form of a survey that asks users to rate articles' use of "misleading language." The feedback received will likely help Facebook train its algorithms to better detect misleading headlines. TechCrunch reports: The "Facebook Survey," noticed by Chris Krewson of Philadelphia's Billy Penn, accompanied (for him) a Philadelphia Inquirer article about the firing of a well-known nut vendor for publicly espousing white nationalist views. "To what extent do you think that this link's title uses misleading language?" asks the "survey," which appears directly below the article. Response choices range from "Not at all" to "Completely," though users can also choose to dismiss it or just scroll past. Facebook confirmed to TechCrunch that this is an official effort, though it did not answer several probing questions about how it works, how the data is used and retained, and so on. The company uses surveys somewhat like this to test the general quality of the news feed, and it has used other metrics to attempt to define rules for finding clickbait and fake stories. This appears to be the first direct coupling of those two practices: old parts doing a new job.
Software

Windows 10 'Home Hub' Is Microsoft's Response To Amazon Echo and Google Home (mashable.com) 100

Microsoft's response to the Amazon Echo and Google Home is Home Hub, a software update for Windows 10's Cortana personal assistant that turns any Windows PC into a smart speaker of sorts. Mashable reports: Microsoft's smart digital assistant Cortana can already answer your queries, even if the PC's screen is locked. The Home Hub is tied to Cortana and takes this a few steps further. It would add a special app with features such as calendar appointments, sticky notes and shopping lists. A Home Hub-enabled PC might have a Welcome Screen, a full-screen app that displays all these, like a virtual fridge door. Multiple users (i.e. family members) could use the Home Hub, either by authenticating through Windows Hello or by working in a family-shared account. Cortana would get more powerful on Home Hub; it could, for example, control smart home devices, such as lights and locks. And even though all of this will work on any Windows 10 device -- potentially making the PC the center of your smart home experience -- third-party manufacturers will be able to build devices that work with Home Hub. You can read Windows Central's massive report here. Do note that Home Hub is not official and individual features could change over time. The update is slated for 2017.
Communications

Fake News Prompts Gunman To 'Self-Investigate' Pizza Parlor (arstechnica.com) 771

An anonymous reader quotes a report from Ars Technica: A rifle-wielding North Carolina man was arrested Sunday in Washington, DC for carrying his weapon into a pizzeria that sits at the center of the fake news conspiracy theory known as "Pizzagate," authorities said Monday. DC's Metropolitan Police Department said it had arrested 28-year-old Edgar Maddison Welch on allegations of assault with a dangerous weapon. "During a post arrest interview this evening, the suspect revealed that he came to the establishment to self-investigate 'Pizza Gate' (a fictitious online conspiracy theory," the agency said in a statement. "Pizzagate" concerns a baseless conspiracy theory about a secret pedophile group, the Comet Ping Pong restaurant, and Hillary Clinton's campaign chief, John Podesta. The Pizzagate conspiracy names Comet Ping Pong as the secret headquarters of a non-existent child sex-trafficking ring run by Clinton and members of her inner circle. James Alefantis, the restaurant's owner, said he has received hundreds of death threats. According to Buzzfeed, the Pizzagate theory is believed to have been fostered by a white supremacist's tweets, the 4chan message board, Reddit, Donald Trump supporters, and right-wing blogs. The day before Thanksgiving, Reddit banned a "Pizzagate" conspiracy board from the site because of a policy about posting personal information of others. Alefantis, the pizzeria's owner, told CNN, "What happened today demonstrates that promoting false and reckless conspiracy theories comes with consequences. I hope that those involved in fanning these flames will take a moment to contemplate what happened here today, and stop promoting these falsehoods right away."
Google

Google Preparing 'Invisible ReCAPTCHA' System For No User Interaction (bleepingcomputer.com) 57

An anonymous reader quotes a report from BleepingComputer: Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all. Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology. Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers. The service helped reduce the time needed to fill in forms, and maintained the same high-level of spam detection we've become accustomed from the reCAPTCHA service. The introduction of the new Invisible reCAPTCHA technology is unlikely to make the situation better for Tor users since CloudFlare will likely force them to solve the same puzzle if they come from IPs seen in the past performing suspicious actions. Nevertheless, CloudFlare started working on an alternative.
Network

Millions In US Still Living Life In Internet Slow Lane (arstechnica.com) 208

An anonymous reader quotes a report from Ars Technica: Millions of Americans still have extremely slow Internet speeds, a new Federal Communications Commission report shows. While the FCC defines broadband as download speeds of 25Mbps, about 47.5 million home or business Internet connections provided speeds below that threshold. Out of 102.2 million residential and business Internet connections, 22.4 million offered download speeds less than 10Mbps, with 5.8 million of those offering less than 3Mbps. About 25.1 million connections offered at least 10Mbps but less than 25Mbps. 54.7 million households had speeds of at least 25Mbps, with 15.4 million of those at 100Mbps or higher. These are the advertised speeds, not the actual speeds consumers receive. Some customers will end up with slower speeds than what they pay for. Upload speeds are poor for many Americans as well. While the FCC uses 3Mbps as the upload broadband standard, 16 million households had packages with upload speeds less than 1Mbps. Another 27.2 million connections were between 1Mbps and 3Mbps, 30.1 million connections were between 3Mbps and 6Mbps, while 29 million were at least 6Mbps. The Internet Access Services report released last week contains data as of December 31, 2015. The 11-month gap is typical for these reports, which are based on information collected from Internet service providers. The latest data is nearly a year old, so things might look a bit better now, just as the December 2015 numbers are a little better than previous ones.
Opera

Opera Developer Comes With Address Bar Speculative Prerenderer Feature (opera.com) 58

Earlier this month, Opera announced a new interesting feature with Opera 43 developer that predicts the website you're about to go to. The company explains: There are two ways we can predict what page the user will soon load. When the current page tells us so, and when we can determine from the users actions that they are about to load something. Pages can use the tag, and for instance Google uses that for search results if they are pretty sure of what you will load next. When someone writes in the address bar they are humanly slow. Sometimes it is obvious what they will write after just 1-2 characters but they will just keep writing or arrowing through suggestions for millions or billions of wasted clock cycles. We expect this feature to results in an average of 1 second faster loads from the address bar. The company insists that this feature saves time and energy without compromising the security. What's your thought?
United States

Sysadmin Gets Two Years In Prison For Sabotaging ISP (bleepingcomputer.com) 133

After being let go over a series of "personal issues" with his employer, things got worse for 26-year-old network administrator Dariusz J. Prugar, who will now have to spend two years in prison for hacking the ISP where he'd worked. An anonymous reader writes: Prugar had used his old credentials to log into the ISP's network and "take back" some of the scripts and software he wrote... "Seeking to hide his tracks, Prugar used an automated script that deleted various logs," reports Bleeping Computer. "As a side effect of removing some of these files, the ISP's systems crashed, affecting over 500 businesses and over 5,000 residential customers."

When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.

Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015). Prugar's two-year prison sentence begins December 27.
United Kingdom

For The UK's 'Snoopers' Charter', Politicians Voted Themselves An Exemption (independent.co.uk) 134

The "Snoopers' Charter" passed in the U.K. greatly expands the government's surveillance power. But before they'd enact the new Investigatory Powers Act, Britain's elected officials first voted to make themselves exempt from it. Sort of. An anonymous reader writes: While their internet browsing history will still be swept up, just like everyone else's, no one will ever be able to access it without specific approval from the Prime Minister. And according to The Independent, "That rule applies not only to members of the Westminster parliament but also politicians in the devolved assembly and members of the European Parliament."
The article adds that the exemption was the very first amendment they approved for the legislation. And for a very long time, the only amendment.
The Courts

It Will Soon Be Illegal To Punish US Customers Who Criticize Businesses Online (arstechnica.com) 90

An anonymous reader writes: Congress has passed a law protecting the right of U.S. consumers to post negative online reviews without fear of retaliation from companies. The bipartisan Consumer Review Fairness Act was passed by unanimous consent in the US Senate, a Senate Commerce Committee announcement said. The bill, introduced in 2014, was already approved by the House of Representatives and now awaits President Obama's signature.

The Consumer Review Fairness Act -- full text available here -- voids any provision in a form contract that prohibits or restricts customers from posting reviews about the goods, services, or conduct of the company providing the product or service. It also voids provisions that impose penalties or fees on customers for posting online reviews as well as those that require customers to give up the intellectual property rights related to such reviews.

China

China's New 'Social Credit Score' Law Means Full Access To Customer Data (insurancejournal.com) 83

AnonymousCube shares this quote about China's new 'Social Credit Score' law from an insurance industry magazine: "Companies are also required to give government investigators complete access to their data if there is suspected wrong-doing, and Internet operators must cooperate in any national security or crime-related investigation."

Note that China has an extremely flexible definition of "national security". Additionally computer equipment will need to undergo mandatory certification, that could involve giving up source code, encryption keys, or even proprietary intellectual data, as Microsoft has been doing for some time.

The article suggests businesses like insurers "will likely see the cost of complying with this new action as a disincentive to conducting business in China."
Chrome

Chrome 55 Now Blocks Flash, Uses HTML5 By Default (bleepingcomputer.com) 98

An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year... While some of the initial implementation details of the "HTML5 By Default" plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome.

Google's plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn't supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user's option would be remembered for subsequent visits, but there's also an option in the browser's settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default.

Exceptions will also be made automatically for your more frequently-visited sites -- which, for many users, will include YouTube. And Chrome will continue to ship with Flash -- as well as an option to re-enable Flash on all sites.

Slashdot Top Deals