Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×
Google

Google Facing Fine of Up To $1.4 Billion In India Over Rigged Search Results 152

An anonymous reader writes: The Competition Commission of India has opened an investigation into Google to decide whether the company unfairly prioritized search results to its own services. Google could face a fine of up to $1.4 billion — 10% of its net income in 2014. A number of other internet companies, including Facebook and FlipKart, responded to queries from the CCI by confirming that Google does this. "The CCI's report accuses Google of displaying its own content and services more prominently in search results than other sources that have higher hit rates. It also states that sponsored links shown in search results are dependent on the amount of advertising funds Google receives from its clients. Ecommerce portal Flipkart noted that it found search results to have a direct correlation with the amount of money it spent on advertising with Google." The company has faced similar antitrust concerns in the EU and the U.S
Security

Abusing Symbolic Links Like It's 1999 53

An anonymous reader writes with this snippet from James Forshaw's recent post at Google's Project Zero, which begins For the past couple of years I've been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I've used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create files or registry keys to escape the restrictive execution context. Symbolic links in themselves are not vulnerabilities, instead they're useful primitives for exploiting different classes of vulnerabilities such as resource planting or time-of-check time-of-use. Click through that link to see examples of this abuse in action, but also information about how the underlying risks have been (or can be) mitigated.
Google

Google May Try To Recruit You For a Job Based On Your Search Queries 182

HughPickens.com writes: If Google sees that you're searching for specific programming terms, they may ask you to apply for a job as Max Rossett writes that three months ago while working on a project, he Googled "python lambda function list comprehension." The familiar blue links appeared on the search page, and he started to look for the most relevant one. But then something unusual happened. The search results split and folded back to reveal a box that said "You're speaking our language. Up for a challenge?" Clicking on the link took Rossett to a page called "foo.bar" that outlined a programming challenge and gave instructions on how to submit his solution. "I had 48 hours to solve it, and the timer was ticking," writes Rossett. "I had the option to code in Python or Java. I set to work and solved the first problem in a couple hours. Each time I submitted a solution, foo.bar tested my code against five hidden test cases."

After solving another five problems the page gave Rossett the option to submit his contact information and much to his surprise, a recruiter emailed him a couple days later asking for a copy of his resume. Three months after the mysterious invitation appeared, Rossett started at Google. Apparently Google has been using this recruiting tactic for some time.
Cellphones

Former Apple CEO Creates an iPhone Competitor 134

An anonymous reader links to Fast Company's profile of Obi Worldphone, one-time Apple CEO John Sculley's venture into smartphones. The company's first two products (both reasonably spec'd, moderately priced Android phones) are expected to launch in October. And though the phones are obviously running a different operating system than Apple's, Sculley says that Obi is a similarly design-obsessed company: "The hardest part of the design was not coming up with cool-looking designs," Sculley says. "It was sweating the details over in the Chinese factories, who just were not accustomed to having this quality of finish, all of these little details that make a beautiful design. We had teams over in China, working for months on the floor every day. We intend to continue that process and have budgeted accordingly." Obi is also trying to set itself apart from the low-price pack by cutting deals for premium parts. "Instead of going directly to the Chinese factories, we went to the key component vendors, because we know that ecosystem and have the relationships," Sculley says. "We went to Sony. It’s struggling and losing money on its smartphone business, but they make the best camera modules in the world."
Portables

Yet Another Compromising Preinstalled "Glitch" In Lenovo Laptops 89

New submitter execthis writes: Japanese broadcaster NHK is reporting that yet another privacy/security-compromising "glitch" has been found to exist in preinstalled software on Lenovo laptops. The article states that the glitch was found in Spring and that in late July Lenovo began releasing a program to uninstall the difficult-to-remove software. The article does not specify, but it could be referring to a BIOS utility called Lenovo Service Engine (LSE) for which Lenovo has released a security advisory with links to removal tools for various models.
Graphics

NVIDIA Launches $159 Mainstream Maxwell-Based GeForce GTX 950 85

MojoKid writes: NVIDIA is launching a new mainstream graphics card today, the GeForce GTX 950, based on the company's GM206 GPU. The GM206 debuted on the GeForce GTX 960, which launched a few months back. As the new card's name suggests though, the GM206 used on the GeForce GTX 950 isn't quite as powerful as the one used on the GTX 960. The company is targeting this card at MOBA (massive online battle arena) players, who don't necessarily need the most powerful GPUs on the market, but want smooth, consistent framerates at resolutions of 1080p or below. It's being positioned as a significant, yet affordable, upgrade over cards like the GeForce GTX 650 Ti, that are a couple of generations old. NVIDIA's reference specifications for the GeForce GTX 950 call for a base clock of 1024MHz and a Boost clock of 1188MHz. The GPU is packing 768 CUDA cores, 48 texture units, and 32 ROPs. The 2GB of video memory on GeForce GTX 950 cards is clocked at a 6.6GHz (effective GDDR5 data rate) and the memory links to the GPU via a 128-bit interface. At those clocks, the GeForce GTX 950 offers up a peak textured fillrate of 49.2 GTexels/s and 105.6 GB/s of memory bandwidth. At a $159 starting MSRP, in the benchmarks, the GeForce GTX 950 offers solid entry level or midrange performance at 1080p resolutions. It's a bit faster than AMD's Radeon R9 270X but comes in just behind a Radeon R9 285.
Censorship

Now Google Must Censor Search Results About "Right To Be Forgotten" Removals 179

Mark Wilson writes, drolly, that the so-called right to be forgotten "has proved somewhat controversial," and expands on that with a new twist in a post at Beta News: While some see the requirement for Google to remove search results that link to pages that contain information about people that is 'inadequate, irrelevant or no longer relevant' as a win for privacy, other see it as a form of censorship. To fight back, there have been a number of sites that have started to list the stories Google is forced to stop linking to. In the latest twist, Google has now been ordered to remove links to contemporary news reports about the stories that were previously removed from search results. All clear? Thought not... The Information Commissioner's Office has ordered Google to remove from search results links to nine stories about other search result links removed under the Right to Be Forgotten rules.
Networking

Bruce Schneier On Cisco ROMMON Firmware Exploit: "This Is Serious" 57

When Bruce Schneier says of a security problem "This is serious," it makes sense to pay attention to it. And that's how he refers to a recently disclosed Cisco vulnerability alert about "an evolution in attacks against Cisco IOS Classic platforms. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image." Schneier links to Ars Technica's short description of the attack, which notes The significance of the advisory isn't that the initial firmware can be replaced. As indicated, that's a standard feature not only with Cisco gear but just about any computing device. What's important is that attackers are somehow managing to obtain the administrative credentials required to make unauthorized changes that take control of the networking gear.
The Internet

Former Russian Troll Wins Lawsuit Against Propaganda "Factory" 49

An anonymous reader writes: Lyudmila Savchuk, a former Russian internet "troll" has been awarded one rouble ($0.01) in damages after she sued her ex-employer claiming it was a propaganda "factory". A Russian court ordered the secretive agency to pay her symbolic damages. Savchuk claims that she and her co-workers at Internet Research were paid to flood websites with pro-Putin commentary. The BBC reports: "Ms Savchuk said she was happy with the result because she had succeeded in exposing the work of Russia's internet 'trolls'. Russian media quoted a spokesman for Internet Research denying the accusations. The Kremlin says it has no links to Internet Research's operations. Since leaving the agency, Ms Savchuk has been organizing a public movement against online trolling."
Math

How Weather Modeling Gets Better 43

Dr_Ish writes: Bob Henson over at Weather Underground has posted a fascinating discussion of the recent improvements made to the major weather models that are used to forecast hurricanes and the like. The post also included interesting links that explain more about the models. Quoting: "The latest version of the ECMWF model, introduced in May, has significant changes to model physics and the ways in which observations are brought into and used within the model. The overall improvements include better portrayal of clouds and precipitation, including a more accurate depiction of intense rainfall. The main effect of the model upgrade for tropical cyclones is slightly lower central pressure. During the first 3 days of a forecast, the ECMWF has tended to have a slight weak bias on tropical cyclones; the new version is closer to the mark."
Firefox

How to Quash Firefox's Silent Requests 294

An anonymous reader writes: Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS, no JavaScript, no prefetch required. Try it for yourself. Disable CSS and JavaScript and fire up iftop or Windows Resource Monitor, hover over some links and watch the fun begin. There once was a time when you hovered over a link to check the 'real link' before you clicked on it. Well no more. Just looking at it makes a 'silent request.' This behavior is the result of the Mozilla speculative connect API . Here is a bug referencing the API when hovering over a thumbnail on the new tab page. And another bug requesting there be an option to turn it off. Strangely enough the latter bug is still labeled WONTFIX even though the solution is in the comments (setting network.http.speculative-parallel-limit to 0).

Firefox's own How to stop Firefox from making automatic connections also mentions setting network.http.speculative-parallel-limit to 0 to to stop predictive connections when a user "hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar" but no mention regarding hovering over a normal link. Good thing setting network.http.speculative-parallel-limit to 0 does appear to disable speculative connect on normal links too. One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different.
Classic Games (Games)

Interviews: Game Designer Steve Jackson Answers Your Questions 38

A while ago you had the chance to ask Steve Jackson, founder and editor-in-chief of Steve Jackson Games, about the numerous games he's created, his efforts to digitize those games, and what to do when the Secret Service shows up at your office. Below you will find his answers to your questions.
Privacy

Finnish Politician Suggests Embedding Chips In Citizens To Protect the Welfare State 312

New submitter janit writes that social benefits to Finnish citizens living outside of Finland have in recent days been the cause of controversy, and links to an article which suggests just how much of a controversy: A politician from the True Finns Party, Pasi Mäenranta, is also worried about the abuse of the benefits. He published a post on Facebook, where he suggests that all Finnish citizens leaving the country be embedded with an identification chip. Sounds like a parallel system might be a popular idea with some U.S. presidential candidates, too.
Security

The Internet of Compromised Things 62

An anonymous reader writes: Jeff Atwood has a post about a security threat that's becoming more prevalent every day: spreading malware through a compromised router. "Router malware is the ultimate man-in-the-middle attack. For all meaningful traffic sent through a compromised router that isn't HTTPS encrypted, it is 100% game over." He links to a thorough technical analysis of how even HTTPS encrypted traffic can be subverted. Atwood provides a list of suggestions for keeping your router safe that probably won't be any surprise to people reading this site, and he further recommends only browsing on an unknown router if encryption is available. What I'm curious about are the long-term implications — is there a way forward to re-establish trust in our router infrastructure? What can the open source community do to speed this along?
The Internet

The Web We Have To Save 114

An anonymous reader writes: Hossein Derakhshan endured a six-year prison term in Iran for doing something most of us would take for granted: running a blog. He has a unique perspective — he was heavily involved in internet culture, becoming known as Iran's "blogfather," before suddenly being completely shut off from the online world in 2008. Seven months ago, he was released. When he got settled, he took up his old work of blogging, but was surprised by how much the web has changed in just a few years. Now he decries our reliance on monolithic social streams that prioritize image and meme sharing over the thing that makes the web the web: links.

"The hyperlink represented the open, interconnected spirit of the world wide web—a vision that started with its inventor, Tim Berners-Lee. The hyperlink was a way to abandon centralization—all the links, lines and hierarchies—and replace them with something more distributed, a system of nodes and networks. Blogs gave form to that spirit of decentralization: They were windows into lives you'd rarely know much about; bridges that connected different lives to each other and thereby changed them. ... Since I got out of jail, though, I've realized how much the hyperlink has been devalued, almost made obsolete."
Android

OnePlus Announces OnePlus 2 'Flagship Killer' Android Phone With OxygenOS 154

MojoKid writes: The OnePlus 2 was officially unveiled [Monday] evening and it has been announced that the smartphone will start at an competitively low $329, unlocked and contract free. The entry level price nets you a 5.5" 1080p display, a cooler-running 1.8GHz Qualcomm Snapdragon 810 v2.1 SoC paired with 3GB of RAM, 16GB of internal storage, a 13MP rear camera (with OIS, laser focusing and two-tone flash), 5MP selfie camera, and dual nano SIM slots. If you don't mind handing over an extra $60, you'll receive 4GB of RAM to back the processor and 64GB of internal storage. Besides beefing up the internal specs, OnePlus has also paid some attention to the exterior of the device, giving it a nice aluminum frame and a textured backplate. There are a number of optional materials that you can choose from including wood and Kevlar. Reader dkatana links to InformationWeek's coverage, which puts a bit more emphasis on what the phone doesn't come with: NFC. Apparently, people just don't use it as much as anticipated.
Privacy

ProxyGambit Replaces Defunct ProxyHam 26

msm1267 writes: Hardware hacker Samy Kamkar has picked up where anonymity device ProxyHam left off. After a DEF CON talk on ProxyHam was mysteriously called off, Kamkar went to work on developing ProxyGambit, a similar device that allows a user to access the Internet without revealing their physical location.

A description on Kamkar's site says ProxyGambit fractures traffic from the Internet through long distance radio links or reverse-tunneled GSM bridges that connect and exit the Internet through wireless networks far from the user's physical location. ProxyHam did not put as much distance between the user and device as ProxyGambit, and routed its signal over Wi-Fi and radio connections. Kamkar said his approach makes it several times more difficult to determine where the original traffic is coming from.
Google

Google Accidentally Reveals Data On 'Right To Be Forgotten' Requests 51

Colin Castro points out an article from The Guardian, who noticed that Google's recent transparency report contained more data than intended. When perusing the source code, they found data about who was making requests for Google to take down links under the "right to be forgotten" law. The data they found covers 75% of all requests made so far. Less than 5% of nearly 220,000 individual requests made to Google to selectively remove links to online information concern criminals, politicians and high-profile public figures, the Guardian has learned, with more than 95% of requests coming from everyday members of the public. ... Of 218,320 requests to remove links between 29 May 2014 and 23 March 2015, 101,461 (46%) have been successfully delisted on individual name searches. Of these, 99,569 involve "private or personal information." Only 1,892 requests – less than 1% of the overall total – were successful for the four remaining issue types identified within Google’s source code: "serious crime" (728 requests), "public figure" (454), "political" (534) or "child protection" (176) – presumably because they concern victims, incidental witnesses, spent convictions, or the private lives of public persons.
Businesses

Siemens Sends Do-Not-Fly Order For Pipistrel's All-Electric Channel Crossing 107

An anonymous reader links to Flyer's coverage of a squabble that seems to feature the aircraft giant Airbus aiming bad sportsmanship in the form of corporate pull against much smaller light aircraft maker Pipistrel, thereby "squashing the ambitions of light aircraft maker Pipistrel to be the first to fly an electric aircraft across the English Channel." Though Pipistrel acquired the flight permissions it anticipated needing in connection with its announced ambition to cross the channel, they've been grounded by allegedly underhanded means: Siemens, which supplies the electric motor used in the craft which was to make the journey, contacted Pipistrel to prohibit over-water flight with that motor (partly German). U.S. Pipistrel dealer Michael Coates believes he knows why (as quoted by Flyer): "Airbus managed to flex their muscle with Siemens who are supplying motors to Pipistrel and have the Pipistrel motor agreement immediately terminated," he said. "The Airbus E-Fan project does not use Siemens motors but it does have Siemens stickers over the side of their aircraft.
Firefox

Firefox 39 Released, Bringing Security Improvements and Social Sharing 172

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.