Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

WikiLeaks To Its Supporters: 'Stop Taking Down the US Internet, You Proved Your Point' ( 1

MojoKid writes: The Internet took a turn for the worst this morning, when large parts of the DNS network were brought down by a massive distributed denial of service attack (DDoS) targeting DNS provider Dyn. If you couldn't access Amazon, Twitter, and a host of other large sites and online services earlier today, this was why. Now, if a couple of additional tweets are to be believed, it appears supporters of WikiLeaks are responsible for this large scale DDoS attack on Dynamic Network Services Inc's Dyn DNS service. WikiLeaks is alleging that a group of its supporters launched today's DDoS attack in retaliation for the Obama administration using its influence to push the Ecuadorian government to limit Assange's internet access. Another earlier tweet reassures supporters that Mr. Assange is still alive, which -- along with a photo of heavily armed police posted this morning -- implies that he may have been (or may still be) in danger, and directly asks said supporters to stop the attack. WikiLeaks published this tweet a little after 5PM: "Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point." It was followed by: "The Obama administration should not have attempted to misuse its instruments of state to stop criticism of its ruling party candidate."

AI Platform Assesses Trump's and Clinton's Emotional Intelligence ( 25

FastCompany got an exclusive look at how Hillary Clinton and Donald Trump stacked up in terms of their emotional intelligence when analyzed by HireVue's artificial intelligence platform. The platform analyzes "video, audio, and language patterns to determine emotional intelligence and sentiment." The company also partnered with Affectiva for facial analysis "to measure the candidate's emotional engagement correlated down to the micro-expressions level." FastCompany reports the findings: Trump versus Clinton across all three debates. Here we see the range of emotions both candidates showed during all three debates. Clinton seemed to dominate the top-right area, which represented both "joy" and facial expressions like smiles and smirks. Conversely, Trump had a stronghold on the "sadness," "disgust," and "fear" quadrants, along with both "negative sentiment" and "negative valence." The third debate. Looking more closely at just this week's debate, negativity prevailed. Both candidates exhibited disgust during the 90-minute spectacle. Trump, however, seemed to dominate the strongest emotions with heightened scores for "fear," "contempt," and "negative sentiment." Clinton, according to the data, presented the only positive emotional elements, which included some "joy" and "smiles." Clinton's performance. Clinton's range of emotions and reactions seemed pretty consistent throughout all three debates, although she exhibited the most positive emotions during the second. What's more, according to the graph, she was most negative during this week's debate. Trump's performance. Similar to Clinton, Trump's range of emotions seemed relatively consistent throughout the three debates. The third one, however, was when he emoted the most negatively. He smirked a lot during this event, too. "Negative sentiment," "contempt," and "anger" were persistent throughout all three conversations.

Mirai and Bashlight Join Forces Against DNS Provider Dyn ( 16

A second wave of attacks has hit dynamic domain name service provider Dyn, affecting a larger number of providers. As researchers and government officials race to figure out what is causing the outages, new details are emerging. Dan Drew, chief security officer at Level 3 Communications, says the attack is at least in part being mounted from a "botnet" of Internet-of-Things (IoT) devices. "We're seeing attacks coming from a number of different locations," Drew said. "An Internet of Things botnet called Mirai that we identified is also involved in the attack." Ars Technica reports: The botnet, made up of devices like home WiFi routers and internet protocol video cameras, is sending massive numbers of requests to Dyn's DNS service. Those requests look legitimate, so it's difficult for Dyn's systems to screen them out from normal domain name lookup requests. Earlier this month, the code for the Mirai botnet was released publicly. It may have been used in the massive DDoS attack against security reporter Brian Krebs. Mirai and another IoT botnet called Bashlight exploit a common vulnerability in BusyBox, a pared-down version of the Linux operating system used in embedded devices. Mirai and Bashlight have recently been responsible for attacks of massive scale, including the attacks on Krebs, which at one point reached a traffic volume of 620 gigabits per second. Matthew Prince, co-founder and CEO of the content delivery and DDoS protection service provider CloudFlare, said that the attack being used against Dyn is an increasingly common one. The attacks append random strings of text to the front of domain names, making them appear like new, legitimate requests for the addresses of systems with a domain. Caching the results to speed up responses is impossible. Prince told Ars: "They're tough attacks to stop because they often get channeled through recursive providers. They're not cacheable because of the random prefix. We started seeing random prefix attacks like these three years ago, and they remain a very common attack. If IoT devices are being used, that would explain the size and scale [and how the attack] would affect: someone the size of Dyn."

Governor Cuomo Bans Airbnb From Listing Short-Term Rentals In New York ( 56

An anonymous reader quotes a report from New York Post: Gov. Cuomo on Friday bowed to pressure from the hotel industry and signed into law one of the nation's toughest restrictions on Airbnb -- including hefty fines of up to $7,500 for people who rent out space in their apartments. Backers of the punitive measure -- which applies to rentals of less than 30 days when the owner or tenant is not preset -- say many property owners use Airbnb and similar sites to offer residential apartments as short-term rentals to visitors, hurting the hotel business while taking residential units off the Big Apple's high-priced housing market. Enforcement, however, will be a huge challenge, as thousands of short-term apartment rentals are listed in the city despite a 2010 law that prohibits rentals of less than 30 days when the owner or tenant is not present. Violators could be turned in by neighbors or landlords opposed to the practice, or the state could monitor the site to look for potential violations. But beyond that how the law would be enforced was not immediately clear. The new law won't apply to rentals in single-family homes, row houses or apartment spare rooms if the resident is present. But will apply to co-ops and condos. Airbnb mounted a last-ditch effort to kill the measure, proposing alternative regulations that the company argued would address concerns about short-term rentals without big fines. Tenants who violate current state law and list their apartments for rentals of less than 30 days would face fines of $1,000 for the first offense, $5,000 for the second and $7,500 for a third. An investigation of Airbnb rentals from 2010 to 2014 by the state attorney general's office found that 72 percent of the units in New York City were illegal, with commercial operators constituting 6 percent of the hosts and supplying 36 percent of the rentals. As of August, Airbnb had 45,000 city listings and another 13,000 across the state.

Facebook Employees Tried To Remove Trump Posts As Hate Speech ( 108

An anonymous reader quotes a report from USA Today: Facebook employees pushed to remove some of Republican presidential candidate Donald Trump's Facebook posts -- such as one proposing the ban of Muslims from entering the U.S. -- from the service as hate speech that violated the giant social network's policies, the Wall Street Journal reported Friday. The decision not to remove the Trump posts was made by Facebook CEO Mark Zuckerberg, the newspaper reported. Employees complained that Facebook was changing the rules for Trump and some who review content on Facebook threatened to quit. "When we review reports of content that may violate our policies, we take context into consideration. That context can include the value of political discourse," Facebook said in an emailed statement. "Many people are voicing opinions about this particular content and it has become an important part of the conversation around who the next U.S. president will be. For those reasons, we are carefully reviewing each report and surrounding context relating to this content on a case by case basis." Senior members of Facebook's policy team posted more details on its policy on Friday: "In the weeks ahead, we're going to begin allowing more items that people find newsworthy, significant, or important to the public interest -- even if they might otherwise violate our standards."

Prosecutors Say NSA Contractor Could Flee To Foreign Power ( 29

An anonymous reader quotes a report from ABC News: The NSA contractor accused of stealing a gargantuan amount of sensitive and classified data from the U.S. government was studying Russian before he was arrested and would be a "prime target" for foreign spies should he be released on bail, prosecutors argued ahead of a court hearing for Harold Martin, III, today. The government said it is "readily apparent to every foreign counterintelligence professional and nongovernmental actor that the Defendant has access to highly classified information, whether in his head, in still-hidden physical locations, or stored in cyberspace -- and he has demonstrated absolutely no interest in protecting it. This makes the Defendant a prime target, and his release would seriously endanger the safety of the country and potentially even the Defendant himself." Prosecutors noted that Martin purportedly communicated online "with others in languages other than English, including in Russian" and that he had downloaded information on the Russian language just a couple months before he was arrested in August. Martin's attorneys, however, said in their own court filing Thursday that there is still no evidence he "intended to betray his country" and argued that he was not a flight risk. All the talk of foreign spies and potential getaway plans, the defense said, were "fantastical scenarios." Martin's defense team said in part: "The government concocts fantastical scenarios in which Mr. Martin -- who, by the government's own admission, does not possess a valid passport -- would attempt to flee the country. Mr. Martin's wife is here in Maryland. His home is here in Maryland. He hash served this country honorably as a lieutenant in the United States Navy, and he has devoted his entire career to serving his country. There is no evidence he intended to betray his country. The government simply does not meet its burden of showing that no conditions of release would reasonably assure Mr. Martin's future appearance in court. For these reasons, and additional reasons to be discussed at the detention hearing, Mr. Martin should be released on conditions pending trial."

UPDATE 10/21/16: Slashdot reader chromaexursion writes: "Harold Martin was denied bail. The judge agreed the the prosecution in his decision."

43 Million Weebly and 22 Million Foursquare Accounts Stolen ( 12

LeakedSource is reporting that the web design platform Weebly was hacked in February, affecting more than 43 million accounts. They have also reported a smaller hack involving 22.5 million Foursquare accounts, which were compromised in December 2013. TechCrunch: "We do not believe that any customer website has been improperly accessed," Weebly said in the notice to users. The company also said that it does not store credit card information, making fraudulent charges unlikely. LeakedSource said it received the Weebly database from an anonymous source and notified Weebly of the breach. In addition to the customer notification emails, LeakedSource claims that password resets are being issued -- but, if you're a Weebly user and you don't receive a password reset, you probably want to change your password anyway. Meanwhile, LeakedSource also identified data from Foursquare, claiming that 22.5 million accounts were compromised in December 2013. The social media company disputes the findings, claiming that email addresses were simply cross-referenced with publicly available data from Foursquare. The data includes emails, usernames and Facebook and Twitter IDs, which could have been scraped from Foursquare's API or search.

Amid Major Internet Outages, Affected Websites Have Lessons To Learn ( 91

Earlier today, Dyn, an internet infrastructure company, was hit by several DDoS attacks, which interestingly affected several popular websites including The New York Times, Reddit, Spotify, and Twitter that were directly or indirectly using Dyn's services. The attack is mostly visible across the US eastern seaboard with rest of the world noticing a few things broken here and there. Dyn says it's currently investigating a second round of DDoS attacks, though the severity of the outage is understandably less now. In the meantime, the Homeland Security said that it is aware of the attack and is investigating "all potential causes." Much of who is behind these attacks is unknown for now, and it is unlikely that we will know all the details until at least a few days. The attacks however have revealed how unprepared many websites are when their primary DNS provider goes down. ZDNet adds: The elephant in the room is that this probably shouldn't have happened. At very least there's a lot to learn already about the frailty of the internet DNS system, and the lack of failsafes and backups for websites and tech companies that rely on outsourced DNS service providers. "It's also a reminder of one risk of relying on multi-tenant service providers, be they DNS, or a variety of many other managed cloud service providers," said Steve Grobman, chief technology officer at Intel Security. Grobman warned that because this attack worked, it can be exploited again. "Given how much of our connected world must increasingly rely upon such cloud service providers, we should expect more such disruptions," he said. "We must place a premium of service providers that can present backup, failover, and enhance security capabilities allowing them to sustain and deflect such attacks." And that's key, because even though Dyn is under attack, it's the sites and services that rely on its infrastructure who should rethink their own "in case of emergency" failsafes. It may only be the east coast affected but lost traffic means lost revenue. Carl Levine, senior technical evangelist for NS1, another major managed DNS provider, said that the size and scale of recent attacks "has far exceeded what the industry thought was the upper end of the spectrum." "Large companies need to constantly upgrade their flood defenses. Some approaches that worked just a few years ago are now basically useless," said Kevin Curran, senior member with IEEE.We also recommend reading security reporter Brian Krebs's take on this.

Schiaparelli Mars Lander May Have Exploded On Impact, European Agency Says ( 88

Instead of drifting gently onto Mars' surface, the Schiaparelli Mars lander hit the planet hard -- and possibly exploded, the European Space Agency said today. NPR adds: The NASA images, taken on Oct. 20, show two recent changes to the landscape on Mars' surface -- one dark blotch, and one white speck -- which are being interpreted as Schiaparelli's parachute and its crash site. With the warning that analysis is still ongoing, here are the details the ESA is sharing Friday: "Estimates are that Schiaparelli dropped from a height of between 2 and 4 kilometers, therefore impacting at a considerable speed, greater than 300 km/h [186 mph]. The relatively large size of the feature would then arise from disturbed surface material. It is also possible that the lander exploded on impact, as its thruster propellant tanks were likely still full." That sequence of events followed the lander's largely trouble-free approach to the Martian surface, a trip that was being widely watched on Wednesday, when the craft lost contact with the ESA and its Mars mothership, the Trace Gas Orbiter, just before its touchdown.

Most 'Genuine' Apple Chargers and Cables Sold on Amazon Are Fake, Apple Says ( 159

Apple says it bought Apple chargers and cables labeled as genuine on and found that nearly 90 percent of them to be counterfeit. The revelation comes in a federal lawsuit the company filed against a New Jersey company over what Apple says are fake products that were sold on Amazon. Engadget reports: When Apple got in touch with Amazon about the issue, the website told the former that it got most of its chargers from Mobile Star LLC. The iPhone-maker stressed that since counterfeit cables and chargers don't go through consumer safety testing and could be poorly designed, they're prone to overheating and catching fire. They might even electrocute users. Tim Cook and co. are now asking the court to issue an injunction against the defendant. They also want the court to order the seizure and destruction of all the fake chargers in addition to asking for damage

Stephen Hawking: AI Will Be Either the Best or the Worst Thing To Humanity ( 162

At the opening of the new Leverhulme Centre for the Future of Intelligence (LCFI) at Cambridge University, Stephen Hawking offered his insight into the positive and negative implications of creating a true AI. He said, via BetaNews:We spend a great deal of time studying history, which, let's face it, is mostly the history of stupidity. So it's a welcome change that people are studying instead the future of intelligence. The potential benefits of creating intelligence are huge... With the tools of this new technological revolution, we will be able to undo some of the damage done to the natural world by the last one -- industrialization. And surely we will aim to fully eradicate disease and poverty. Every aspect of our lives will be transformed. In short, success in creating AI, could be the biggest event in the history of our civilization. But it could also be the last, unless we learn how to avoid the risks. Alongside the benefits, AI will also bring dangers, like powerful autonomous weapons, or new ways for the few to oppress the many. It will bring great disruption to our economy. AI will be either the best, or the worst thing ever to happen to humanity. We do not yet know which.
The Internet

Several Sites Including Twitter, GitHub, Spotify, PayPal, NYTimes Suffering Outage -- Dyn DNS Under DDoS Attack [Update] ( 243

Several popular websites and services are down right now for many users. The affected sites include Twitter, SoundCloud, Spotify, and PayPal among others. The cause appears to be a sweeping outage of DNS provider Dyn -- which in turn is under DDoS attack, according to an official blog post. From a TechCrunch report:Other sites experiencing issues include Box, Boston Globe, New York Times, Github, Airbnb, Reddit, Freshbooks, Heroku and Vox Media properties. Users accessing these sites might have more or less success depending on where they're located, as some European and Asian users seem not to be encountering these issues. Last month, Bruce Schneier warned that someone was learning how to take down the internet. Update: 10/21 14:41 GMT by M : Dyn says that it has resolved the issue and sites should function normally. Update: 10/21 17:04 GMT by M : Department of Homeland Security says it is aware of the first DDoS attack on Dyn today and "investigating all potential causes." Dyn says it is still under DDoS attack. News outlet The Next Web says it is also facing issues. Any website that uses Dyn's service -- directly or indirectly -- is facing the issue. Motherboard has more details. Update: 10/21 17:57 GMT by M : It seems even PlayStation Network is also hit. EA Sports Games said it is aware of the issues in live-play. Dyn says it is facing a second round of DDoS attacks.

Update: 10/21 18:45 GMT by M : U.S. government probing whether east coast internet attack was a 'criminal act' - official.

Editor's note: the story is being updated as we learn more. The front page was updated to move this story up. Are you also facing issues? Share your experience in the comments section below.
United Kingdom

UK Government Proposes Minimum 10Mbps Broadband For Poor ( 69

An anonymous reader writes: The UK's Local Government Association (LGA) is proposing a social tariff to ensure that minimum broadband access of at least 10 Mbps is available to all UK citizens at an affordable price. Last November, Parliament announced that it would begin work on a Universal Service Obligation (USO), which would grant all citizens the right to request broadband service with a minimum 10Mbps. At the time, Prime Minister David Cameron said, "Access to the Internet shouldn't be a luxury; it should be a right -- absolutely fundamental to life in 21st century Britain." Research by Ofcom in 2014 showed "marked relationships between socio-economic deprivation and [poor] broadband availability in cities". Similar results have been found in rural areas, which means that the demand for increasing broadband service to a minimum level may be high among people with lower incomes.

'Most Serious' Linux Privilege-Escalation Bug Ever Is Under Active Exploit ( 87

Reader operator_error shares an ArsTechnica report: A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time." The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."


Macs End Up Costing 3 Times Less Than Windows PCs Because of Fewer Tech Support Expense, Says IBM's IT Guy ( 392

An anonymous reader shares a report on Yahoo (edited): Last year, Fletcher Previn became a cult figure of sorts in the world of enterprise IT. As IBM's VP of Workplace as a Service, Previn is the guy responsible for turning IBM (the company that invented the PC) into an Apple Mac house. Previn gave a great presentation at last year's Jamf tech conference where he said Macs were less expensive to support than Windows. Only 5% of IBM's Mac employees needed help desk support versus 40% of PC users. At that time, some 30,000 IBM employees were using Macs. Today 90,000 of them are, he said. And IBM ultimately plans to distribute 150,000 to 200,000 Macs to workers, meaning about half of IBM's approximately 370,000 employees will have Macs. Previn's team is responsible for all the company's PCs, not just the Macs. All told IBM's IT department supports about 604,000 laptops between employees and its 100,000+ contractors. Most of them are Windows machines -- 442,000 -- while 90,000 are Macs and 72,000 are Linux PCs. IBM is adding about 1,300 Macs a week, Previn said.

Slashdot Top Deals