Compare cell phone plans using Wirefly's innovative plan comparison tool ×
The Internet

Researchers Map Locations of 4,669 Servers In Netflix's Content Delivery Network (ieee.org) 52

Wave723 writes from a report via IEEE Spectrum: For the first time, a team of researchers has mapped the entire content delivery network that brings Netflix to the world, including the number and location of every server that the company uses to distribute its films. They also independently analyzed traffic volumes handled by each of those servers. Their work allows experts to compare Netflix's distribution approach to those of other content-rich companies such as Google, Akamai and Limelight. To do this, IEEE Spectrum reports that the group reverse-engineered Netflix's domain name system for the company's servers, and then created a crawler that used publicly available information to find every possible server name within its network through the common address nflxvideo.net. In doing so, they were able to determine the total number of servers the company uses, where those servers are located, and whether the servers were housed within internet exchange points or with internet service providers, revealing stark differences in Netflix's strategy between countries. One of their most interesting findings was that two Netflix servers appear to be deployed within Verizon's U.S. network, which one researcher speculates could indicate that the companies are pursuing an early pilot or trial.
The Courts

Revived Lawsuit Says Twitter DMs Are Like Handing ISIS a Satellite Phone (theverge.com) 178

An anonymous reader quotes a report from The Verge: A long-standing lawsuit holding Twitter responsible for the rise of ISIS got new life today, as plaintiffs filed a revised version of the complaint (PDF) that was struck down earlier this month. In the new complaint, the plaintiffs argue Twitter's Direct Message service is akin to providing ISIS with physical communications equipment like a radio or a satellite phone. The latest complaint is largely the same as the one filed in January, but a few crucial differences will be at the center of the court's response. The plaintiffs also offer new arguments for why Twitter might be held responsible for the attack. In the dismissal earlier this month (PDF), District Judge William Orrick faulted the plaintiffs for not articulating a case for why providing access to Twitter's services constituted material aid to ISIS. "Apart from the private nature of Direct Messaging, plaintiffs identify no other way in which their Direct Messaging theory seeks to treat Twitter as anything other than a publisher of information provided by another information content provider," the ruling reads. At the same time, the judge found that the privacy of those direct messages "does not remove the transmission of such messages from the scope of publishing activity." The new complaint includes some language that might address that concern, explicitly comparing Twitter to other material communication tools. "Giving ISIS the capability to send and receive Direct Messages in this manner is no different than handing it a satellite phone, walkie-talkies or the use of a mail drop," the new complaint reads, "all of which terrorists use for private communications in order to further their extremist agendas." The Safe Harbor clause has been used in the past to protect service providers from liability for hosting data on their network. However, "Brookings Institute scholar Benjamin Witters argued against protecting Twitter under the Safe Harbor clause, claiming that the current reasoning would also protect companies that actively offer services in support of terrorists."
Chrome

Google Integrates Cast Into Chrome, No Extension Required (venturebeat.com) 41

An anonymous reader writes from a report via VentureBeat: On Monday, Google announced Google Cast is now built right into Chrome, allowing anyone using the company's browser to cast content to supported devices without having to install or configure anything. The Google Cast extension for Chrome, which launched in July 2013, is no longer required for casting. The report adds: "Here's how it works. When you browse websites that are integrated with Cast, Chrome will now show you a Cast icon as long as you're on the same network as a Cast device. With a couple of clicks, you can view the website content on your TV, listen to music on your speakers, and so on. In fact, Google today also integrated Hangouts with Google Cast: Signed-in users on Chrome 52 or higher can now use the 'Cast...' menu item from Chrome to share the contents of a browser tab or their entire desktop into a Hangout." The support document details all the ways you you can use Google Cast with Chrome.
EU

Europe's Net Neutrality Doesn't Ban BitTorrent Throttling (torrentfreak.com) 65

Millions of Europeans will have to do with throttling on BitTorrent. The Body of European Regulators of Electronic Communication (BEREC) published its guidelines for Europe's net neutrality rules on Tuesday in which it hasn't challenged the BitTorrent throttling practices by many ISPs. TorrentFreak reports:Today, BEREC presented its final guidelines on the implementation of Europe's net neutrality rules. Compared to earlier drafts it includes several positive changes for those who value net neutrality. For example, while zero-rating isn't banned outright, internet providers are not allowed to offer a "sub Internet" service, where access to only part of the Internet is offered for 'free.' However, not all traffic is necessarily "neutral." ISPs are still allowed to throttle specific categories for "reasonable" network management purposes.
Communications

Verizon Switches On LTE Advanced In 461 Cities -- Is Your Phone Compatible? (betanews.com) 41

An anonymous reader writes: Today, the carrier announces that its LTE is getting much faster. In 461 cities across the USA, it switches on the speedier 'LTE Advanced' (LTE-A). Best of all, many existing devices are compatible.
The company said in a blog post:"Verizon LTE Advanced uses software that combines multiple channels to speed mobile data over the network more quickly than ever before. The result is 50 percent faster peak speeds in cities nationwide for Verizon customers using one of the 39 LTE Advanced-capable phones and tablets already on Verizon's network -- including top-selling Samsung Galaxy S6 and S7 smartphones, Moto Droids and Apple iPhones. As new devices from Apple, Samsung, LG and other manufacturers are introduced, they will be LTE Advanced-capable right out of the box."
Graphics

Players Seek 'No Man's Sky' Refunds, Sony's Content Director Calls Them Thieves (tweaktown.com) 463

thegarbz writes: As was covered previously on Slashdot the very hyped up game No Man's Sky was released to a lot of negative reviews about game-crashing bugs and poor interface choices. Now that players have had more time to play the game it has become clear that many of the features hyped by developers are not present in the game, and users quickly started describing the game as "boring".

Now, likely due to misleading advertising, Steam has begun allowing refunds for No Man's Sky regardless of playtime, and there are reports of players getting refunds on the Play Station Network as well despite Sony's strict no refund policy.
Besides Sony, Amazon is also issuing refunds, according to game sites. In response, Sony's former Strategic Content Director, Shahid Kamal Ahmad, wrote on Twitter, "If you're getting a refund after playing a game for 50 hours you're a thief." He later added "Here's the good news: Most players are not thieves. Most players are decent, honest people without whose support there could be no industry."

In a follow-up he acknowledged it was fair to consider a few hours lost to game-breaking crashes, adding "Each case should be considered on its own merits and perhaps I shouldn't be so unequivocal."
Communications

Cybercriminals Select Insiders To Attack Telecom Providers (helpnetsecurity.com) 24

An anonymous reader quotes a report from Help Net Security: Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, according to Kaspersky Lab. In addition, these criminals are also recruiting disillusioned employees through underground channels and blackmailing staff using compromising information gathered from open sources...

According to Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify the employees who can enable network mapping and man-in-the-middle attacks.

Facebook

Facebook Says Humans Won't Write Its Trending Topic Descriptions Anymore (recode.net) 76

Following a former Facebook journalist's report that the company's workers routinely suppressed news stories of interest to conservative readers from the social network's Trending Topics section, the company has been in damage control mode. First, the company announced it would tweak its Trending Topics section and revamp how editors find trending stories. Specifically, they will train the human editors who work on Facebook's trending section and abandon several automated tools it used to find and categorize trending news in the past. Most recently, Facebook added political scenarios to its orientation training following the concerns. Now, it appears that Facebook will "end its practice of writing editorial descriptions for topics, replacing them with snippets of text pulled from news stories." Kurt Wagner, writing for Recode: It's been more than three months since Gizmodo first published a story claiming Facebook's human editors were suppressing conservative news content on the site's Trending Topics section. Facebook vehemently denied the report, but has been dealing with the story's aftermath ever since. On Friday, Facebook announced another small but notable change to Trending Topics: Human editors will no longer write the short story descriptions that accompany a trending topic on the site. Instead, Facebook is going to use algorithms to "pull excerpts directly from stories." It is not, however, cutting out humans entirely. In fact, Facebook employees will still select which stories ultimately make it into the trending section. An algorithm will surface popular stories, but Facebook editors will weed out the inappropriate or fake ones. "There are still people involved in this process to ensure that the topics that appear in Trending remain high-quality," the company's blog reads.
Encryption

PSA: PlayStation Network Gets Two-Step Verification (arstechnica.com) 42

Consider this a public service announcement: Sony has (finally) added two-factor authentication to PlayStation Network accounts. If you're a PlayStation user and are reading this right now, you really should go set it up so that someone doesn't try to take over your account and steal your password. Ars Technica details how you can set up the new security features: "Turn on your PS4 and go to Settings -> PlayStation Network Account Management -> Account Information -> Security -> 2-Step Verification. You can also set it up through the web by logging into your PSN account on the web and going through the Security tab under the Account header. From there, on-screen instructions will walk you through the process of using a text message to confirm your mobile device as a secondary layer of security for your PSN account. Two-factor support is not available when logging on to older PlayStation systems, so Sony recommends you generate a 'device setup password' to help protect the PS3, Vita, or PSP." Two-factor authentication comes five years after hackers breached PSN's security and stole 77 million accounts.
Communications

FCC Proposes 5G Cybersecurity Requirements, Asks For Industry Advice (fedscoop.com) 29

Presto Vivace quotes a report from FedScoop: "Cybersecurity issues must be addressed during the design phase for the entire 5G ecosystem, including devices. This will place a premium on collaboration among all stakeholders," said FCC chairman Tom Wheeler during a National Press Club event on June 20. "We continue to prefer an approach that emphasizes that industry develop cybersecurity standards just as we have done in wired networks." The FCC published a request Wednesday for comment on a new set of proposed 5G rules to the Federal Register focused on adding specific "performance requirements" for developers of example internet-connected devices. If a company hopes to secure a license to access higher-frequency 5G spectrum in the future then they will need to adhere to these specific requirements -- in other words, compliance is non-negotiable. Notably, these FCC "performance requirements" now include the submission of a network security plan. The report adds: "A quick review of the FCC's proposed 5G cybersecurity plan shows a six category split, organized by a companies' security approach, coordination efforts, standards and best practices, participation with standards bodies, other security approaches and plans with information sharing organizations. Security plans must be submitted to the commission at least six months before a 5G-ready product enters the market, according to the notice."
Wireless Networking

Italy Quake Rescuers Ask Locals To Unlock Their Wi-Fi (bbc.com) 140

Rescue teams searching for earthquake survivors in central Italy have asked locals to unlock their Wifi passwords. The Italian Red Cross says residents' home networks can assist with communications during the search for survivors, reports BBC. From the report: On Wednesday a 6.2 magnitude earthquake struck central Italy and killed more than 240 people. More than 4,300 rescuers are looking for survivors believed to still be trapped in the rubble. On Twitter, the Italian Red Cross posted a step-by-step guide which explains how local residents can switch off their Wifi network encryption. Similar requests have been made by the National Geological Association and Lazio Region. A security expert has warned that removing encryption from a home Wifi network carries its own risks, but added that those concerns are trivial in the context of the rescue operation.
The Internet

MIT Scientists Develop New Wi-Fi That's 330% Faster (msn.com) 85

An anonymous reader quotes a report from MSN: Scientists at MIT claim to have created a new wireless technology that can triple Wi-Fi data speeds while also doubling the range of the signal. Dubbed MegaMIMO 2.0, the system will shortly enter commercialization and could ease the strain on our increasingly crowded wireless networks. Multiple-input-multiple-output technology, or MIMO, helps networked devices perform better by combining multiple transmitters and receivers that work simultaneously, allowing then to send and receive more than one data signal at the same time. MIT's MegaMIMO 2.0 works by allowing several routers to work in harmony, transmitting data over the same piece of spectrum. MIT claimed that during tests, MegaMIMO 2.0 was able to increase data transfer speed of four laptops connected to the same Wi-Fi network by 330 percent. Paper co-author Rahul said the technology could also be applied to mobile phone networks to solve similar congestion issues. "In today's wireless world, you can't solve spectrum crunch by throwing more transmitters at the problem, because they will all still be interfering with one another," Ezzeldin Hamed, lead author on a paper on the topic, told MIT News. "The answer is to have all those access points work with each other simultaneously to efficiently use the available spectrum."
The Internet

Singapore To Cut Off Public Servants From the Internet (theguardian.com) 59

Singapore is planning to cut off web access for public servants as a defence against potential cyber attack, Reuters reports. The local government's move has already been criticized by many, who say that it marks a retreat for a technologically advanced city-state that has trademarked the term "smart nation". From an article on The Guardian: Some security experts say the policy, due to be in place by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve. It may only raise slightly the defensive walls against cyber attack, they say. Ben Desjardins, director of security solutions at network security firm Radware, called it "one of the more extreme measures I can recall by a large public organisation to combat cyber security risks." Stephen Dane, a Hong Kong-based managing director at networking company Cisco Systems, said it was "a most unusual situation" and Ramki Thurimella, chair of the computer science department at the University of Denver, called it both "unprecedented" and "a little excessive".
Android

Opera Brings Its Free VPN Service To Android (techcrunch.com) 26

Frederic Lardinois, writing for TechCrunch: Earlier this year, Opera launched its free and unlimited VPN service for iOS; today it is bringing the same functionality to Android. Like the iOS version, the Android app is based on Opera's acquisition of SurfEasy in 2015 and allows you to surf safely when you are on a public network. While Opera's marketing mostly focuses on safety, Opera VPN also allows you to appear as if you are in the U.S., Canada, Germany, Singapore and The Netherlands, so it's also a way to route around certain geo-restrictions without having to opt for a paid service. In addition to its VPN features, the service also allows you to block ad trackers. Somewhat ironically, though, the app itself will show you some pretty unintrusive ads. "The Opera VPN app for Android sets itself apart from other VPNs by offering a completely free service; without a data limit, no log-in required, advanced Wi-Fi protection features and no need for a subscription," says Chris Houston, the president of Opera's SurfEasy VPN division, in today's announcement.
AT&T

AT&T Says LTE Can Still Offer Speeds Up To 1 Gbps (dslreports.com) 50

An anonymous reader writes from a report via DSL Reports: ATT CTO Andre Fuetsch said at a telecom conference last week that the company's existing LTE network should be able to reach speeds of 1 Gbps before the standard ultimately gets overshadowed by faster 5G tech. The new 5G technology isn't expected to arrive until 2020 at the earliest, so LTE has a lot of time left as the predominant wireless connectivity. "There's a lot of focus on 5G -- but don't discount LTE," Fuetsch said. "LTE is still here. And LTE will be around for a long time. And LTE has also enormous potential in that, you'll be capable of supporting 1 gigabit speeds as well." 5G will help move past 1 Gbps speeds, while also providing significantly lower latency. "You'll see us sharing more about the trial activity we're doing," said Fuetsch. "Everything that's being [tested] right now is not standard, it's all sort of proprietary. But this is an important process to go through because this is how you learn and how it helps define standards."
IT

Activists Call For General Strike On the Tor Network (vice.com) 127

Reader derekmead writes: Some Tor users are very unhappy with the way the project has been run in recent months, and are calling for a blackout on September 1st. They are asking users to not use Tor, for developers to stop working on Tor, and for those who run parts of the network's infrastructure to shut it down. The disgruntled users feel that Tor can no longer be fully trusted after a brief hiring of an ex-CIA official and the internal sexual misconduct investigation against activist Jacob Appelbaum.
Government

Group Wants To Shut Down Tor For a Day On September 1 (softpedia.com) 229

An anonymous reader writes: An internal group at the Tor Project is calling for a full 24-hour shutdown of the Tor network to protest the way the Tor Project dealt with the Jake Applebaum sexual misconduct accusations, and because of recent rumors it might be letting former government agents in its ranks. Two Tor members, also node operators, have shut down their servers as well, because of the same reason. They explained their motivations here and here.
"The protesters have made 16 demands," according to the article, six related to related to supposed infiltration of Tor by government agents, and 10 regarding the Appelbaum ruling and investigation -- including "asking all Tor employees that participated in this investigation to leave" and "the persons behind the JacobAppelbaum.net and the @JakeMustDie and @VictimsOfJake Twitter accounts to come forward and their identities made public."
Security

Software Exploits Aren't Needed To Hack Most Organizations (darkreading.com) 57

The five most common ways of hacking an organization all involve stolen credentials, "based on data from 75 organizations, 100 penetration tests, and 450 real-world attacks," writes an anonymous Slashdot reader. In fact, 66% of the researchers' successful attacks involved cracking a weak domain user password. From an article on Dark Reading: Playing whack-a-mole with software vulnerabilities should not be top of security pros' priority list because exploiting software doesn't even rank among the top five plays in the attacker's playbook, according to a new report from Praetorian. Organizations would be far better served by improving credential management and network segmentation...

"If we assume that 1 percent [of users] will click on the [malicious] link, what will we do next?" says Joshua Abraham, practice manager at Praetorian. The report suggests specific mitigation tactics organizations should take in response to each one of these attacks -- tactics that may not stop attackers from stealing credentials, but "building in the defenses so it's really not a big deal if they do"... [O]ne stolen password should not give an attacker (or pen tester) the leverage to access an organization's entire computing environment, exfiltrating all documents along the way.

Similar results were reported in Verizon's 2016 Data Breach Investigations Report.
Twitter

Twitter Announces New Blocking and Filtering Features (wired.co.uk) 118

Twitter just began rolling out "new ways to control your experience," promising the two new features "will give you more control over what you see and who you interact with on Twitter." An anonymous Slashdot reader quotes a report from Wired UK: First up, notification settings will allow those using Twitter on the web or on desktop to limit the notifications they receive for @ mentions, RTs, and other interactions to just be from people they follow. The feature can be turned on through the notifications tab. Twitter is also expanding its quality filter -- also accessible through notifications. "When turned on, the filter can improve the quality of Tweets you see by using a variety of signals, such as account origin and behavior," the company's product manager Emil Leong said in a blog post.

In December 2015, the company changed its rules to explicitly ban "hateful conduct" for the first time, while back in February last year, Twitter's then-CEO Dick Costolo admitted the network needed to improve how it handled trolls and abuse. In a leaked memo he said: "I'm frankly ashamed of how poorly we've dealt with this issue during my tenure as CEO. It's absurd. There's no excuse for it. I take full responsibility for not being more aggressive on this front. It's nobody else's fault but mine, and it's embarrassing."

Meanwhile, the Twitter account of Wikipedia co-founder Jimmy Wales was hacked on Saturday.
Encryption

How SSL/TLS Encryption Hides Malware (cso.com.au) 87

Around 65% of the internet's one zettabyte of global traffic uses SSL/TLS encryption -- but Slashdot reader River Tam shares an article recalling last August when 910 million web browsers were potentially exposed to malware hidden in a Yahoo ad that was hidden from firewalls by SSL/TLS encryption: When victims don't have the right protection measures in place, attackers can cipher command and control communications and malicious code to evade intrusion prevention systems and anti-malware inspection systems. In effect, the SSL/TLS encryption serves as a tunnel to hide malware as it can pass through firewalls and into organizations' networks undetected if the right safeguards aren't in place. As SSL/TLS usage grows, the appeal of this threat vector for hackers too increases.

Companies can stop SSL/TLS attacks, however most don't have their existing security features properly enabled to do so. Legacy network security solutions typically don't have the features needed to inspect SSL/TLS-encrypted traffic. The ones that do, often suffer from such extreme performance issues when inspecting traffic, that most companies with legacy solutions abandon SSL/TLS inspection.

Slashdot Top Deals