Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

The Phone Hackers At Cellebrite Have Had Their Firmware Leaked Online ( 4

An anonymous reader quotes a report from Motherboard: Cellebrite, an Israeli company that specializes in digital forensics, has dominated the market in helping law enforcement access mobile phones. But one apparent reseller of the company's products is publicly distributing copies of Cellebrite firmware and software for anyone to download. Although Cellebrite keeps it most sensitive capabilities in-house, the leak may still give researchers, or competitors, a chance to figure out how Cellebrite breaks into and analyzes phones by reverse-engineering the files. The apparent reseller distributing the files is McSira Professional Solutions, which, according to its website, "is pleased to serve police, military and security agencies in the E.U. And [sic] in other parts of the world." McSira is hosting software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED), hardware that investigators can use to bypass the security mechanisms of phones, and then extract data from them. McSira allows anyone to download firmware for the UFED Touch, and a PC version called UFED 4PC. It is also hosting pieces of Cellebrite forensic software, such as the UFED Cloud Analyzer. This allows investigators to further scrutinize seized data. McSira is likely offering downloads so customers can update their hardware to the latest version with as little fuss as possible. But it may be possible for researchers to take those files, reverse-engineer them, and gain insight into how Cellebrite's tools work. That may include what sort of exploits Cellebrite uses to bypass the security mechanisms of mobile phones, and weaknesses in the implementation of consumer phones that could be fixed, according to one researcher who has started to examine the files, but was not authorised by his employer to speak to the press about this issue.

Samsung is Hoping To Rekindle Note Brand Name Next Year ( 57

Samsung is stepping up its brand damage limitation efforts in the wake of the flaming battery disaster of the Galaxy Note 7 smartphone by offering owners of the recalled device in South Korea the ability to upgrade to a Galaxy S8 or Note 8 device next year if they trade in their Note 7 for a Galaxy S7 now. TechCrunch adds:The offer implies Samsung is not in fact intending to retire the Note brand name for good, despite it now being associated with smoldering batteries and exploding smartphones. A cause for the battery overheating problem, which affected some replacement Note 7 devices as well as a number of original devices, has yet to be conclusively identified by the company. Users in its home country who opt for the upgrade program will only need to pay half the price of a Galaxy S7 in order to exchange to an S8 or Note 8 next year -- so they're being offered next year's flagship Samsung phablet at around half price. The company is presumably hoping brand loyalty to the Note can begin at home, although it's possible it might extent the offer to other markets.

Wi-Fi Alliance Begins Certification Process For Short-Range Wireless Standard WiGig (802.11ad) ( 50

The stars have finally aligned for WiGig, an ultra-fast, short-range wireless network. The Wi-Fi Alliance has launched a certification process for WiGig products, which it claims, can go as fast as 8Gbps. The technology was first announced in 2009, and it is based on IEEE 802.11ad standard that is supported by many new products. CNET adds:That speed is good enough to replace network cables today. And tomorrow, WiGig should be good for beaming high-resolution video from your phone to your 4K TV or linking a lightweight virtual-reality headset to its control computer. VR and its cousin, augmented reality, work better when you don't have a thick cable tethering your head to a PC. New speed is especially helpful when conventional wireless networks clog up. We're all streaming video at higher resolutions, hooking up new devices like cars and security cameras to the network, and getting phones for our kids. Another complication: Phones using newer mobile data networks can barge in on the same radio airwaves that Wi-Fi uses. Saturation of regular Wi-Fi radio channels "will create a demand for new spectrum to carry this traffic," said Yaron Kahana, manager of Intel's WiGig product line. "In three years we expect WiGig to be highly utilized for data transfer." WiGig and Wi-Fi both use unlicensed radio spectrum available without government permission -- 2.4 gigahertz and 5GHz in the case of Wi-Fi. Unlicensed spectrum is great, but airwaves are already often crowded. WiGig, though, uses the 60GHz band that's unlicensed but not so busy. You will want to check for WiGig sticker in the next gear you purchase.

Satya Nadella: 'We Clearly Missed the Mobile Phone' ( 180

At the Wall Street Journal's WSJD Live conference, Microsoft CEO Satya Nadella admitted that Microsoft has largely failed in making a dent in the mobile hardware business. Nadella, who took over the command of Microsoft from Steve Ballmer in February 2014, however added that the company is now focused on doing well in new categories and also building new categories. He said:We clearly missed the mobile phone, there's no question. Our goal now is to make sure we grow new categories. We have devices which are phones today but the place where we are focused on, given where the market is, is what is the unique thing that our phone can do. We have a phone that in fact can replace your PC, the same way we have a tablet that can replace your laptop. Those are the categories that we want to go create. If anything, the lesson learned for us, was thinking of PC as the hub for all things for all time to come. It was perhaps one for the bigger mistakes we made.

Rowhammer Attack Can Now Root Android Devices ( 88

An anonymous reader writes from a report via Softpedia: Researchers have discovered a method to use the Rowhammer RAM attack for rooting Android devices. For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack. The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable. The research team says the Drammer attack has far more wide-reaching implications than just Android, being able to exploit any device running on ARM chips. In the past, researchers have tested the Rowhammer attack against DDR3 and DDR4 memory cards, weaponized it via JavaScript, took over PCs via Microsoft Edge, and hijacked Linux virtual machines. There's an app to test if your phone is vulnerable to this attack. "Rowhammer is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access," according to Wikipedia. "This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times."

Harvard Researchers Print World's First Heart-On-A-Chip ( 19

Harvard University researchers have successfully 3D printed the first heart-on-a-chip with integrated sensors that are capable of measuring the beating of the heart. Gizmodo reports: The printed organ is made of synthetic material designed to mimic the structure and function of native tissue. It is not designed to replace failing human organs, but it can be used for scientific studies, something that is expected to rapidly increase research on new medicine. The medical breakthrough may also allow scientists to rapidly design organs-on-chips to match specific disease properties or even a patient's cells. Organs-on-chips, also known by the more technical name microphysiological systems, replicate the structure and function of living human organs. Each is made of a translucent, flexible polymer that lets scientists replicate biological environments of living organs. The chips are also clear so that the scientists can see an inner-working into how the organs work. A large part of the breakthrough was actually developing six different printable inks capable of integrating sensors within the tissue being printed. In one continuous printing process, the team 3D printed materials into a heart-on-a-chip with integrated sensors. The sensors were capable of measuring the beating of the heart. The new study has been published today in Nature Materials.

Consumer Reports Ranks Tesla Model X Near Bottom For Reliability ( 117

Last year, Consumer Reports withdrew its recommendation for the Tesla Model S after investigating its reliability. Today, the nonprofit organization released its 2016 Car Reliability Survey and found that, while the Tesla Model S has become more reliable, the Tesla Model X has proved to be unreliable overall. CNNMoney reports: CEO Elon Musk admitted that he wished he hadn't put so much new, complex technology on [the Model X] all at once when he unveiled the model last year. Apparently, he was right to worry. The Model X's complicated "falcon wing" doors have been a big trouble spot, said Jake Fisher, head of Consumer Reports' car testing unit. Even the front doors, which have electric motors that let them open on their own, have been a headache for customers, he added. As a result, Tesla ranks among the "Less Reliable" brands on Consumer Reports' list. The SUV's dependability is rated as "Much worse than average." Still, overall owner satisfaction with the vehicle is rated as "Excellent." For a long time, "dependability problems" have tended to be relatively trivial, said Fisher, as the industry has perfected the major mechanical aspects of the cars. In recent years, the problems have stemmed from the more high-tech additions to the newest cars, like the computer screens that work with phone, navigation and entertainment features, said Fisher. But now, with tougher fuel economy rules pushing more complex transmission technologies, dependability issues are once again starting to involve fundamental mechanical components. New eight- and nine-speed transmissions as well as dual-clutch and continuously variable transmissions have been suffering problems at a higher-than-average rate, Fisher said. It's been years since new car buyers would have to worry about things that could actually render their vehicle undrivable. But those concerns are coming back, Fisher said. As for the Model S, Consumer Reports says "Tesla's Model S has improved to average reliability, which now makes the electric car one of our recommended models."

No One Is Buying Smartwatches Anymore ( 310

An anonymous reader shares a Gizmodo report: Remember how smartwatches were supposed to be the next big thing? About that... The market intelligence firm IDC reported on Monday that smartwatch shipments are down 51.6 percent year-over-year for the third quarter of 2016. This is bad news for all smartwatch vendors (except maybe Garmin), but it's especially bad for Apple, which saw shipments drop 71.6 percent, according to the IDC report Apple is still the overall smartwatch market leader, with an estimated 41.3-percent of the market, but IDC estimates it shipped only 1.1 million Apple Watches in Q3 2016, compared with 3.9 million in 2015. To a degree, that's to be expected, since the new Apple Watch Series 2 came out at the tail-end of the quarter. But the news is still a blow, when you consider how huge the Apple Watch hype was just 18 months ago.

Seth's Blog: Hardware is Sexy, But It's Software that Matters ( 77

American author and entrepreneur Seth Godin argues that though hardware is nice and dandy, it is the software that matters. And not just software that runs on a computer, "but the metaphorical idea of rules and algorithms designed to solve problems and connect people," he writes. Godin has used the piece to note how Apple has increasingly grown focused on hardware, and as a result, it's not putting much effort to fixing its software. He writes, "Automator, a buggy piece of software with no support, and because it's free, no competitors. Keynote, a presentation program that hasn't been improved in years. iOS 10, which replaces useful with pretty. iTunes, which is now years behind useful tools like Roon. No significant steps forward in word processing, spreadsheets, video editing, file sharing, internet tools, conferencing, etc. Apple contributed mightily to a software revolution a decade ago, but they've stopped. Think about how many leaps forward Slack, Dropbox, Zapier and others have made in popular software over the last few decades. But it requires a significant commitment to keep it moving forward. It means upending the status quo and creating something new." From the article: Software can change faster than hardware, which means that in changing markets, bet on software. It's tempting to treat the user interface as a piece of fashion, some bling, a sort of jewelry. It's not. It's the way your user controls the tool you build. Change it when it stops working, not when you're bored with it. Every time you change the interface, you better have a really good reason.John Gruber disagrees. He writes: Software, in general, is much better than it used to be. Unlike 1995, we don't lose data due to bugs very often. (For me personally, I can't even remember the last time I lost data.) But our hardware is so much better than our software, the contrast is jarring. An iPhone is a nearly perfect object. Sleek, attractive, simple. The hardware is completely knowable -- there are only five buttons, each of them easily understood. iOS, however, is effectively infinite. The deeper our software gets, the less we know and understand it. It's unsettling.

Apple Releases iOS 10.1 With New Portrait Mode For iPhone 7 Plus ( 48

Apple has released iOS 10.1 to the public today for all iOS 10 users, and with it comes several new features, a long list of bug fixes, and various other under-the-hood improvements. One of the biggest new features introduced is a new "Portrait" mode, which uses the dual cameras in the iPhone 7 Plus to create shallow depth of field portrait photos with plenty of background bokeh. MacRumors reports: To achieve the blurred look, the image signal processor in the device uses the wide-angle camera to create a depth map while the telephoto captures an image, dissecting the different layers of the photo to decide what to blur with an artful "bokeh" effect. It works on people, pets, and objects, but it does require good lighting to achieve the proper results. The update also [...] brings Transit directions to Japan for the first time. There have been some tweets to the Messages app. It's now possible to play Bubble and Screen effects in Messages with Reduce Motion enabled, something that wasn't previously possible. There's also a new option to replay Bubble and Screen effects. It's important to the note that the "Portrait" mode is still in beta, and will not work flawlessly. Mac Rumors has a full list of the changes made to iOS 10.1 embedded in their report, which you can view here.

Slashdot Asks: How Can We Prevent Packet-Flooding DDOS Attacks? ( 336

Just last month Brian Krebs wrote "What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale," warning that countless ISPs still weren't implementing the BCP38 security standard, which was released "more than a dozen years ago" to filter spoofed traffic. That's one possible solution, but Slashdot reader dgallard suggests the PEIP and Fair Service proposals by Don Cohen: PEIP (Path Enhanced IP) extends the IP protocol to enable determining the router path of packets sent to a target host. Currently, there is no information to indicate which routers a packet traversed on its way to a destination (DDOS target), enabling use of forged source IP addresses to attack the target via packet flooding... Rather than attempting to prevent attack packets, instead PEIP provides a way to rate-limit all packets based on their router path to a destination.
I've also heard people suggest "just unplug everything," but on Friday the Wall Street Journal's Christopher Mim suggested another point of leverage, tweeting "We need laws that allow civil and/or criminal penalties for companies that sell systems this insecure." Is the best solution technical or legislative -- and does it involve hardware or software? Leave your best thoughts in the comments. How can we prevent packet-flooding DDOS attacks?

US Police Consider Flying Drones Armed With Stun Guns ( 157

Slashdot reader Presto Vivace tipped us off to news reports that U.S. police officials are considering the use of flying drones to taser their suspects. From Digital Trends: Talks have recently taken place between police officials and Taser International, a company that makes stun guns and body cameras for use by law enforcement, the Wall Street Journal reported on Thursday. While no decision has yet been made on whether to strap stun guns to remotely controlled quadcopters, Taser spokesman Steve Tuttle said his team were discussing the idea with officials as part of broader talks about "various future concepts."

Tuttle told the Journal that such technology could be deployed in "high-risk scenarios such as terrorist barricades" to incapacitate the suspect rather than kill them outright... However, critics are likely to fear that such a plan would ultimately lead to the police loading up drones with guns and other weapons. Portland police department's Pete Simpson told the Journal that while a Taser drone could be useful in some circumstances, getting the public "to accept an unmanned vehicle that's got some sort of weapon on it might be a hurdle to overcome."

The article points out that there's already a police force in India with flying drones equipped with pepper spray.

Researchers Predict Next-Gen Batteries Will Last 10 Times Longer ( 167

Lithium-metal electrodes could increase the storage capacity of batteries 10-fold, predict researchers at the University of Michigan, allowing electric cars to drive from New York to Denver without recharging. Using a $100 piece of technology, the team is now peeking inside charging batteries to study the formation of "dendrites," which consume liquid electrolytes and reduce capacity. Slashdot reader Eloking quotes New Atlas: Battery cells are normally tested through cycles of charge and discharge, testing the capacity and flow potential of the cells before being dissected. Dasgupta and his team...added a window to a lithium cell so that they could film the dendrites forming and deforming during charge and discharge cycles.
In a video interview they're reporting that dendrites can actually help a battery if they form a small, even "carpet" inside of the battery which "can keep more lithium in play." According to the article, "The future of lithium-ion batteries is limited, says University of Michigan researcher Neil Dasgupta, because the chemistry cannot be pushed much further than it already has. Next-generation lithium cells will likely use lithium air and lithium sulfur chemistries."

VeraCrypt Security Audit Reveals Many Flaws, Some Already Patched ( 72

Orome1 quotes Help Net Security: VeraCrypt, the free, open source disk encryption software based on TrueCrypt, has been audited by experts from cybersecurity company Quarkslab. The researchers found 8 critical, 3 medium, and 15 low-severity vulnerabilities, and some of them have already been addressed in version 1.19 of the software, which was released on the same day as the audit report [which has mitigations for the still-unpatched vulnerabilities].
Anyone want to share their experiences with VeraCrypt? Two Quarkslab engineers spent more than a month on the audit, which was funded (and requested) by the non-profit Open Source Technology Improvement Fund "to evaluate the security of the features brought by VeraCrypt since the publication of the audit results on TrueCrypt 7.1a conducted by the Open Crypto Audit Project." Their report concludes that VeraCrypt's security "is improving which is a good thing for people who want to use a disk encryption software," adding that its main developer "was very positive along the audit, answering all questions, raising issues, discussing findings constructively..."

Will Tesla Install Home Solar Panels To Charge Cars? ( 81

Earlier this week, Tesla signed a non-binding agreement to buy solar cells from a new Panasonic factory in Buffalo, New York -- but it's part of a much bigger maneuver. An anonymous Slashdot reader writes: "If all goes to plan, Tesla will be supplying customers with the solar panels that generate electricity that could then be used to charge the battery in their Tesla car or the battery in the Tesla Powerwall home energy storage system," reports the Christian Science Monitor. The Wall Street Journal reports that Musk's SolarCity "will sell, finance and install the panels."

But the Buffalo News suggests the deal is really "aimed squarely at skeptical shareholders" who may be leary of a proposed merger between Tesla and SolarCity," which one analyst calculates will require nearly $6 billion in extra capital. Panasonic could help shoulder the costs of the Buffalo factory, while also putting a more experienced manufacturer in charge of producing high-efficiency solar modules.

The Stack reports some shareholders have actually filed a lawsuit against the merger.

Slashdot Top Deals