sign in sign up
<<
Home , GNOME Builder

Announcement

17 articles, 2016-08-29 12:00 1 GNOME Builder 3.22 Enters Beta with Many Improvements, New Search & Replace GNOME Builder 3.21.90 is now available for public testing (1.00/1) 2016-08-28 23:45 2KB news.softpedia.com 2 Website of Sri Lanka's President Defaced by Local Hacktivists Hackers seem to be teenagers based on the defacement message 2016-08-29 02:30 1KB news.softpedia.com 3 It looks like Microsoft won't be making its summer deadline for the new Outlook.com Some users are reporting that they are seeing an error message when attempting to share their calendar which says that the upgrade to the new Outlook.com should be finished by early 2017. 2016-08-29 01:40 2KB feedproxy.google.com 4 Hacker Pleads Guilty For "Sextortion" of over a Dozen of Female Victims Hacker under arrest since mid-March 2016 2016-08-29 01:15 2KB news.softpedia.com 5 'Subway Reads' gives NYC straphangers free e-book shorts and excerpts Have you ever been on an NYC subway? If not, let me tell you -- it is often horrible. Air conditioning can be broken, leading to high temperatures. Even worse, some people bring their food below ground, resulting in a stinky train car... 2016-08-28 23:53 3KB feeds.betanews.com 6 Shad0wS3C Leaks Data from Paraguay's Government Hackers breach Paraguay's Secretary of National Emergency 2016-08-28 23:45 2KB news.softpedia.com 7 Universal Package Supports Local Path References for Sources Flatpak 0.6.9 better handles recursive Git submodules 2016-08-28 23:20 2KB news.softpedia.com 8 -Based Q4OS 1.6 "Orion" Linux Distro Launches with Trinity Desktop 14.0.3 The Bourbon Start Menu and taskbar have been polished 2016-08-28 22:28 2KB news.softpedia.com

9 Ghost Squad Takes Down Websites of Israel's Prime Minister, Bank of Israel Hacktivism group uses DoS flaw to take down both websites 2016-08-28 22:25 2KB news.softpedia.com 10 0.11.2 Email Client Improves Showing of Right-To-Left (RTL) Messages Also adds a bunch of fixes and updated translations 2016-08-28 22:18 2KB news.softpedia.com 11 Linux Kernel 3.10.103 LTS Has Lots of MIPS Improvements, Updated Radeon Drivers All users of the Linux 3.10 kernel branch must update 2016-08-28 21:40 2KB news.softpedia.com 12 Now you can tell Alexa to find your phone Lost your phone? We probably all have at one time or another and it borders between annoying and scary depending where you've been. If you didn't leave home then it's there somewhere. If you did then it can be a full panic. Lost... 2016-08-28 21:29 1KB feeds.betanews.com 13 ConnochaetOS 14.2 Officially Released Based on Slackware 14.2 and Salix Linux It contains only free/libre software programs 2016-08-28 21:20 2KB news.softpedia.com 14 Second FreeBSD 11.0 Release Candidate Restores Support for 'nat global' in IPFW FreeBSD 11.0 RC2 disables L2 caching for UDP over IPv6 2016-08-28 21:15 2KB linux.softpedia.com 15 VirusTotal Adds Support for CrowdStrike and Invincea Scanners First next-gen machine learning scanners added to VirusTotal 2016-08-28 21:15 2KB news.softpedia.com 16 New W3C Proximity Sensor API Can Be Used for User Fingerprinting New W3C API brings new fears regarding user privacy 2016-08-28 21:10 3KB news.softpedia.com

17 Nutanix acquires two startups amid IPO delay SAN FRANCISCO, Aug 28- High-tech computing company Nutanix has acquired two startups to enhance its data and storage services, as the firm continues to grow its business despite a protracted delay in its initial public offering. San Jose, California- based Nutanix said on... 2016-08-28 21:00 3KB www.cnbc.com Articles

17 articles, 2016-08-29 12:00

1 GNOME Builder 3.22 Enters Beta with Many Vim Improvements, New Search & Replace (1.00/1) A first Beta of GNOME Builder 3.22 was published, and, as usual, we've managed to get our hand on the internal changelog to tell you all about the new features and improvements that will be included in the final release of the software designed for GTK+ and GNOME application developers. Release highlights of GNOME Builder 3.22 Beta (technical version number is 3.21.90) include a brand new Search & Replace functionality, multiple improvements for the Vim text editor, a new build icon, a new Color Picker plugin, as well as various project templates enhancements. Also added in this first Beta milestone of GNOME Builder 3.22 is a new build bar that promises to give developers an overview of many tools they use to create their apps, including but not limited to the VCS ( System) branch, build config, and various important build messages. Other than that, there's a brand new system profiler tool based on the Sysprof project, support for configuring various version control systems, such as Git or Mercurial, an updated Autotools plugin that now lets you extract multiple build targets, and a revamped greeter that gives newcomers quick access to the template wizard, Git clone, and File Chooser. Last but not least, GNOME Builder 3.22 Beta renames the "ide" command to "-builder-cli", revamps the perspectives, and removes the sidebar. The sources are available for download right now via our website if you want to take it for a test drive, but please try to keep in mind that this is a pre-release version, not suitable for production use. 2016-08-28 23:45 Marius Nestor

2 2 Website of Sri Lanka's President Defaced by Local Hacktivists A group that calls itself The Sri Lankan Youth took credit for the defacement, local newspaper The Sunday Times reports. The hackers asked the government to reconsider moving the GCE A/L exams from April, back to August because it will interfere with Hindu holidays. Following the second defacement, the President's website, which runs on top of WordPress, was taken down for a few hours while officials worked to boost its security. The presidency also reported the crime to the Criminal Investigation Department (CID), who started an official investigation. The Sri Lanka Computer Emergency Readiness Team (SLCERT) is also helping. Below is a translation of the message left on the President's website, courtesy of HackerCG. 2016-08-29 02:30 Catalin Cimpanu

3 It looks like Microsoft won't be making its summer deadline for the new Outlook.com Back in February, Microsoft proudly exclaimed that the new Outlook.com was out of beta and should roll out to all users soon. Six months later, you don't have to look very far to find those that don't have it yet. As it turns out, it looks like it's going to be longer than expected. Users attempting to share their calendar are seeing an error message telling them that Microsoft is now expecting to roll out the upgrade in the first half of 2017. The latest status update that we got from the company was in mid-July, when it said that everyone would be on the new Outlook.com "by end of summer at the latest". With just over three weeks left of the season, it seems clear that the firm will not meet its goals. There are also any number of reasons that the error message may exist. It could be an old message from when Microsoft had a different timeline; also, it could only refer to the issue keeping users from sharing their calendars. The company announced the new Outlook.com experience back in May 2015 , saying that it would be more like Outlook itself. This would add new features like , search suggestions and refiners, themes, and more. When we attempted to share a calendar through Outlook.com, we did not experience the error; nevertheless, we've reached out to Microsoft for clarification. If there is indeed a new timeline for the new Outlook.com (which seems very likely), we'll keep you informed. Have you received the new Outlook.com yet? Let us know in the comments! Source: Mary Jo Foley 2016-08-29 01:40 Rich Woods

4 Hacker Pleads Guilty For "Sextortion" of over a Dozen of Female Victims According to investigators, Vallee, between 2011 and March 2016, hacked the online accounts of his victims, including emails, Facebook and Instagram profiles. Using aliases like Seth Williams and James McRow, Vallee engaged in anonymous communications with his victims, threating to release data he found, unless victims would provide sexually explicit images of them or their friends, in a tactic known as sextortion. According to a signed plea agreement, Vallee said he often took over his victim's social media accounts, locking the owners out. In cases where the victim did not respond to his threats, he defaced the accounts with compromising content. In a particular case, after obtaining sexually explicit images from a victim, in order to get more photos, Vallee created a clone Facebook profile for the victim and uploaded the previously obtained photos. The hacker then issued friend requests for the victim, her friends, and family members. Investigators said Vallee used spoofing and anonymizing text messaging services to contact and extort victims. Some of the victims complained to the Belmont Police Department, who called in the US Secret Service to investigate the threats. Authorities tracked down Vallee and filed initial charges. He was re- arrested on March 16, 2016, and remained behind bars, after authorities filed new charges as the investigation went forward. Prosecutors indicted him on 13 counts of making interstate threats, one count of computer hacking to steal information, eight counts of computer hacking to extort, eight counts of aggravated identity theft and one count of cyberstalking. Authorities scheduled Vallee's sentencing hearing for December 1, 2016. 2016-08-29 01:15 Catalin Cimpanu

5 'Subway Reads' gives NYC straphangers free e- book shorts and excerpts Have you ever been on an NYC subway? If not, let me tell you -- it is often horrible. Air conditioning can be broken, leading to high temperatures. Even worse, some people bring their food below ground, resulting in a stinky train car -- yuck! Don't even get me started on the performers -- people will sing or do acrobatics and then demand money. Heck, just last week a woman released live crickets on the subway! Luckily, the NYC subway experience is getting better thanks to one thing -- Wi-Fi. Today, Andrew M. Cuomo, Governor of New York announces a new promotion, called "Subway Reads", which leverages that connectivity. This initiative will help straphangers get some relief from the other nonsense by enabling them to bury themselves in a free Penguin Random House e-book short or excerpt. "As part of 'Subway Reads', Penguin Random House created a special platform to offer subway customers free access to five full length e-shorts, including High Heat, a Jack Reacher novella by Lee Child; F. Scott Fitzgerald's classic short story, The Diamond As Big As The Ritz; 3 Truths and A Lie, a short story by Lisa Gardner; The Murders in the Rue Morgue by Edgar Allan Poe; and At the Reunion Buffet by Alexander McCall Smith", says the New York State Government. In addition to the e-shorts, subway riders can also enjoy book excerpts. This is ideal, as subway ride times aren't very long -- a full length book is not possible between stops. With that said, readers can then easily purchase the full version if the excerpt sucks them in. Yes, this can help Penguin Random House get sales, but who can argue with a promotion that gets people reading books rather than play games on their smartphone? It is win/win. But how do you know that your selection can be read in the amount of time you will be on the subway? New York State explains, "in order to optimize the reading experience for commuters, Penguin Random House also has created a special feature for the book excerpts called 'read time' that enables customers to sort the short stories and samples by the amount of time it would take the average reader to complete them. A commuter who expects to spend half an hour on the train could, for example, click '30 minutes' on the Penguin Random House page, and be given a list of stories or samples that would take that long to read". If you are an NYC subway rider that wants to try this out, you can check it out here. Which free selection will you read first? Tell me in the comments. Photo Credit: littleny / Shutterstock 2016-08-28 23:53 By Brian

6 Shad0wS3C Leaks Data from Paraguay's Government The data, which Softpedia has received a copy for the purpose of reporting the incident, appears to be a dump from a PostgreSQL database. Softpedia was alerted to the incident by Gh0s7, Shad0wS3C's leader and founder. Softpedia received the data last week and during this time, the sen.gov.py was operational at all times. Softpedia has reached out to Paraguay's Secretary of National Emergency in an attempt to inform them of the leak so that the institution can investigate and plug any server holes. We have not received an answer in time for the article's publication. A quick analysis of the leaked data reveals information about material stocks, billing data, activity logs, but also user records from SNE employees. SNE employee personally identifiable information (PII) includes details such as names, phone numbers, emails, addresses, salary information, and more. Basically, all the contact details and roles for each employee, in the case of national emergencies. The dumped data also contained details on 412 website user accounts, complete with hashed passwords (keys). Shad0wS3c , who formed at the start of July, had the following to say regarding the reasons behind leaking the data to the public. The SNE data dump is actually Shad0wS3c's second hack. Before this, the group leaked the EJBCA database of EveryWare, a Swiss-based Certificate Authority (CAs). EJBCA is a free software package that CAs use to manage public key infrastructure (PKI). Softpedia received a copy of the data as well but did not run a story because it could not verify if the leaked data contained active VPN keys, as Shad0wS3c had claimed. Below is a screenshot of the dumped data. A link to the leaked SNE and EveryWare databases are still currently available on Twitter. 2016-08-28 23:45 Catalin Cimpanu

7 Flatpak Universal Linux Package Supports Local Path References for Git Sources Flatpak 0.6.9 is now the latest version, and it promises to add many great enhancements, among which we can mention the ability to pass partial references every time a terminal command takes a runtime or application name, as well as a brand new command called build-commit-from. Application developers who want to package their apps and distribute it in the Flatpak format, can use the above-mentioned command for creating new commits based on the contents of an existing commit, which can be from another local repository or a remote one. Also new in the Flatpak 0.6.9 release is the implementation of the $XDG_RUNTIME_DIR/app/$APPID path for automatic generation of the application directory, as well as various performance improvements to the internal update process, especially for the "no updates" scenarios. Linux application developers who have already adopted the Flatpak universal binary format for distributing their apps should also find multiple build improvements, such as support for local path references for Git sources, better handling of recursive Git submodules, and the ability to handle symbolic icons for the rename-icon. Moreover, a "--stop-at=$module" argument is now available for doing partial builds, along with a new "--sandbox" command-line flag for forbidding the build from exiting the sandbox when specific build arguments (build-args) are used. An issue with the.pyc mtime rewriting was fixed as well. Last but not least, Flatpak 0.6.9 updates the build-export functionality to no longer output validation errors, but instead print a warning. The new Flatpak version should make its way into the main software repositories of your favorite GNU/Linux distribution very soon, and you can also download the sources from its GitHub page. 2016-08-28 23:20 Marius Nestor

8 Debian-Based Q4OS 1.6 "Orion" Linux Distro Launches with Trinity Desktop 14.0.3 The biggest new feature of the Q4OS 1.6 "Orion" release is the latest Trinity Desktop Environment (TDE) 14.0.3 desktop environment, an open source project that tries to keep the spirit of the old-school KDE 3.5 desktop interface alive. Q4OS was used the most recent TDE version, so Q4OS 1.6 is here to update it. "The significant Q4OS 1.6 'Orion' release receives the most recent Trinity R14.0.3 stable version. Trinity R14.0.3 is the third maintenance release of the R14 series, it is intended to promptly bring bug fixes to users, while preserving overall stability," said the Q4OS developers in the release announcement . And now for the other new features and improvements implemented in the Q4OS 1.6 "Orion" , which those who are using a previous release of the Debian-based GNU/Linux distribution will get via the official channels in the coming days. Make sure that you always keep your Q4OS operating system up to date with the latest patches. Q4OS 1.6 comes with a slightly improved graphical desktop interface, as the development team managed to further polish both the newly introduced Bourbon Start Menu and the taskbar. For example, the size of the application icons will now resize proportionally to the system panel. Additionally, the Native Desktop Profiler in-house built tool has been updated with a new, optimized 'software to install' list, which should come in handy to newcomers to this Trinity/Debian-based OS. The latest Live ISO images of the Q4OS 1.6 "Orion" operating system are now available for download via our website for 64- and 32-bit PCs. 2016-08-28 22:28 Marius Nestor

9 Ghost Squad Takes Down Websites of Israel's Prime Minister, Bank of Israel The attacks, which took place over the weekend, hit the Bank of Israel portal first, and then the official page of Israel Prime Minister's Office. For these attacks, the group didn't resort to DDoS (Distributed Denial of Service) but used a DoS (Denial of Service) vulnerability in the underlying web servers to take down the websites. S1ege, GSH's leader, told Softpedia that the Bank of Israel website came back online after six hours when the bank's IT staff moved the site to new servers. At the time of writing, 72 hours after the attack, the Prime Minister's website is still offline, sporting an error message. Asked why the group attacked these two targets all of a sudden, S1ege told Softpedia the following: “ We are attacking Israel for the ongoing atrocities they are committing on the Palestinian people. They just recently bombed Gaza again. The genocide needs to end. They are expanding an empire into land/ground that they do not own, over a book. There is a perpetual silence in the mainstream media. We hope our attacks will bring more awareness to this subject and bring more protests to this issue. ” S1ege also told Softpedia about plans for future attacks, which the group will execute in the following days. “ Yes we have some attacks planned for Israel. We, in [the] past, leaked IDF [Israel Defense Force]'s database. We plan to do similar attacks in the future if there is no word of the ongoing genocide in Israel. The United States mainstream media works as stenographers for the U. S. government and speaks nothing of this its corruption at it's finest. We will not stand idly by and let it continue. We also plan to attack the Syrian government. ” GSH was also the driving force behind #OpIcarus , another month-long campaign of DDoS attacks against banks and financial institutions across the world, a campaign which put their name on the map of today's most active hacktivism groups. Below are two Facebook posts that S1ege shared with Softpedia regarding their recent attacks. 2016-08-28 22:25 Catalin Cimpanu

10 Geary 0.11.2 Email Client Improves Showing of Right-To-Left (RTL) Messages Geary 0.11.2 is now the latest stable release of the email client used by default in the elementary OS distro, and available in the software repositories of numerous other GNU/Linux operating systems, a maintenance update that promises to improve the display of RTL (Right-to-Left) emails and fix lots of other annoying bugs. According to the internal changelog, Geary 0.11.2 is here to improve support for displaying Right-to-Left (RTL) email messages when the direction isn't set as RTL, as well as to update the composer to display Right-to-Left emails as RTL, and to no longer add double spaces after automatic completion of the email address. Various encoding problems with non-ASCII, Latin-1 and UTF-8 email headers reported by users have been resolved in Geary 0.11.2, along with fixes for various crashes that will improve archiving or delete of certain emails, better support the tiscali.it and poste.it Dovecot email servers, and address window size settings. Being mainly a bugfix release, Geary 0.11.2 also makes the maximized state keep its settings, improves the notification functionality, no longer relies on the icon of the text editor for the Draft folder, adds better support for non-Latin text in emails, and addresses various other critical warnings and errors reported since Geary 0.11.1. Last but not least, Geary 0.11.2 is here to update multiple language translations, in particular the Hungarian, Indonesian, Finnish, Czech, Portuguese, Serbian, Serbian Latin, Polish, Slovenian, Hindi, and Japanese ones. The Geary 0.11.2 sources are available for download right now via our website, but you should check the software repositories of your distribution for the updated version in the coming days. 2016-08-28 22:18 Marius Nestor

11 Linux Kernel 3.10.103 LTS Has Lots of MIPS Improvements, Updated Radeon Drivers For some reason, the Linux 3.10 kernel branch is still getting updates, and this new version promises to add quite some improvements and updated drivers, as, according to the appended shortlog and the diff from the Linux kernel 3.10.102 LTS build, a total of 161 files have been changed, with 1800 insertions and 1293 deletions. "The updated 3.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.10.y http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux- 3.10.y," says Willy Tarreau. "The tree can be browsed on the git web interface: http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/? h=linux-3.10.y. " For those of you who are wondering what's new in the Linux kernel 3.10.103 LTS, we would like to tell you that this update brings many improvements to the MIPS, PowerPC (PPC), x86, ARM, ARC, and s390 hardware architectures, as well as various enhancements and fixes to the EXT4, CIFS, NFS, NILFS2, UBIFS, XFS, FUSE, and eCryptfs filesystems. There are also lots of updated drivers, in particular for Radeon, InfiniBand, SCSI, USB, Virtio, Xen, MTD, MMC, MD, iiO, HID, GPIO, ATA, Crypto, and networking (mostly Ethernet and Wireless) devices, as well as an updated networking stack with IPv6, IPv4, Netfilter, Netlabel, Ceph, Bluetooth, IrDA, mac80211, SCTP, SunRPC, and RFKill fixes. The sound stack was updated as well with some new audio drivers. If you're using a GNU/Linux operating system powered by a kernel from the Linux 3.10 kernel series, we recommend that you update it as soon as possible to version 3.10.103. Check your OS' repositories for the updated build in the coming days and apply it immediately. In the meantime, OS vendors and power users can download the Linux kernel 3.10.103 LTS sources right now from kernel.org or via our website and compile it. 2016-08-28 21:40 Marius Nestor

12 Now you can tell Alexa to find your phone Lost your phone? We probably all have at one time or another and it borders between annoying and scary depending where you've been. If you didn't leave home then it's there somewhere. If you did then it can be a full panic. Now Amazon would like help via its Echo device. You're likely familiar with that by now, thanks to a TV ad campaign a while back, but it continues to do different things thanks to constant updates. The latest is the ability to locate your lost phone, providing it's within earshot of your location and that your ringer is turned on. The Alexa app is now touting its tie-in with TrackR, an app designed to find lost items. There's some minor setup work involved with this, but it's nothing too complicated. First, you will need to enable the skill on the Echo. To do this simply say "Alexa, enable find my phone skill". Next, you'll need to install the TrackR app on your phone. Finally, link it to your Alexa and test it out. Say "Alexa, ask TrackR to find my phone". If all goes well, then your phone should begin ringing. This obviously is not handy if you aren't home or close to the Amazon Echo then this becomes a non-workable solution, but phones are mostly lost in the home so it would be handy most of the time. 2016-08-28 21:29 By Alan

13 ConnochaetOS 14.2 Officially Released Based on Slackware 14.2 and Salix Linux Based on the Slackware 14.2 and Salix 14.2 GNU/Linux distributions, ConnochaetOS 14.2 is powered by a de-blobbed GNU/Linux-libre 4.4.19 kernel and includes only 100% free/libre open-source software projects, such as the IceWM 1.3.12 window manager, and Iceweasel 45.3.0 web browser. "As always it contains only free/libre software as defined by the Free Software Foundation (FSF). We are now using our own deblobbed Linux kernel, named "kernel-free" based on the de-blobbing mechanism done by Debian GNU/Linux," says Henry Jensen in the release announcement. If you don't see your favorite applications in the ConnochaetOS 14.2 release, don't panic. They are, most certainly, available in the main software repositories of the GNU/Linux-libre operating system. For example, you'll find there the latest versions of the Icedove email and news client, as well as the LibreOffice 5.1.4 office suite. Qt5-based web browsers like Otter Browser and QupZilla are also present there, along with the current release of the Iceape Internet suite (a libre version of Mozilla's SeaMonkey project). And if you don't find your favorite apps, you are free to drop a request to the developers of ConnochaetOS. ConnochaetOS 14.2 is now available for download via our website as a single, bootable ISO image that should run on 64- and 32-bit computers without any issues. More information about the ConnochaetOS distribution are available in our review and the project' s homepage , which contains many interesting documentation to help you get started with this 100% free Slackware-based OS. 2016-08-28 21:20 Marius Nestor

14 Second FreeBSD 11.0 Release Candidate Restores Support for 'nat global' in IPFW The development of FreeBSD 11.0 continues at a fast pace, and it looks like some improvements have been made since last week's first Release Candidate build , such as the re- implementation of support for 'nat global' in IPFW, FreeBSD's IPv6 and IPv4 stateful firewall. The list of changes continues with improved detection of network bridges that aren't HotPlug capable, additional fixes to the LLVM/ compiler support, more build enhancements, as well as disablement of L2 caching for the User Datagram Protocol (UDP) over IPv6 protocol. Last but not least, FreeBSD 11.0 Release Candidate 2 is here to address a hang issue in vtnet, FreeBSD's VirtIO Ethernet driver, that might have occurred when the max_virtqueue_pairs setting was set to VTNET_MAX_QUEUE_PAIR. Of course, several other minor bugs reported by users since RC1 were fixed as well. If you plan on taking this second Release Candidate build of the upcoming FreeBSD 11.0 operating system for a test drive, we inform you that the ISO images are now available to download for 64-bit (amd64), 32-bit (i386), ARMv6, ARM64 (AArch64), PowerPC (PPC), PPC64 (PowerPC 64-bit), and SPARC64 hardware architectures. However, please try to keep in mind that this is a pre-release version of the OS, which means that it isn't suitable to be used in production environments. The development cycle of FreeBSD 11.0 will continue with a third and most likely the last RC build. The final release of FreeBSD 11.0 should be out on September 9, 2016. 2016-08-28 21:15 Marius Nestor

15 VirusTotal Adds Support for CrowdStrike and Invincea Scanners Both are part of the new wave of next-gen anti- malware products that rely on machine learning algorithms to analyze behavior and network activity in order to detect anomalies and flag malware. The news is of great importance if we take a look at how a Google announcement from May has changed the antivirus market in the last three months. On May 4 , Google published new API access rules on the VirusTotal blog. Google kicked out all security companies that were using VirusTotal's API to scan suspicious files and present the results to their clients, as they would be a real antivirus. Google limited access to the full VirusTotal API only for companies that had a product listed in its scanning service. This meant that many next-gen anti- malware products which used machine learning algorithms were left out in the cold because they used VirusTotal to confirm their findings. Vendors of classic signature-based products welcomed the move. Most of them had complained to Google about next-gen anti-malware products who pilfered their work, integrated the VirusTotal API as part of their products, but then engaged in aggressive marketing campaigns against old antivirus vendors, trying to discredit their credibility. You can see the irony for yourself and why Google felt the need to make this move. Google didn't close the door on next-gen anti-malware products for good. The company said that any vendor can integrate its product in VirusTotal, and be granted access to the full API if they provided data back to the community, and join the Anti-Malware Testing Standards Organization (AMTSO). On Thursday , CrowdStrike's became the first next-gen anti-malware vendor to join AMTSO, and its Falcon (ML) product became the first to join VirusTotal's rank. A day later , Invincea announced it was joining AMTSO and VirusTotal as well. The company's product is called X and was started using US DARPA funding. 2016-08-28 21:15 Catalin Cimpanu

16 New W3C Proximity Sensor API Can Be Used for User Fingerprinting As mobile devices evolved, so did their technical capabilities. Nowadays, when you lift your phone to your ear, the screen usually goes dark because the device uses the camera to tell if you've put it next to your ear. Rear and back cameras, movement sensors, accelerometers, and many other high-tech sensors can let a smartphone, tablet, or Internet of Things device know where you are in the room, or where are other objects like walls, doors, etc.. Because most of these sensors provide API interfaces, the W3C has begun work on a generic JavaScript-based API that will let websites query your device, and tell it how far are nearby objects. The W3C describes this new feature as below: “ The proximity level is reported as the distance (in centimeter) from the sensor to the closest visible surface. ” Lukasz Olejnik, security & privacy technology engineer for the French Institute for Research in Computer Science and Automation (INRIA), and a W3C "Invited Expert" claims that this new API might pose a threat to user privacy in the future. Olejnik claims that threat actors can use (malicious) code embedded on a website to leak information about the phone's user and his behavior. He says that this data could be used to fingerprint users, a technique in which advertisers might also be very interested in using. An attacker could use the W3C Proximity Sensor API to gather information about how the user interacts with the device, the frequency at which he interacts with it, interaction patterns, or mechanics for holding the device in different positions, close to his head, or the distance from his face. The problem, he says , comes from the fact that the new Proximity Sensor API allows two query modes. One that uses "near" and "far" distance indicators, and one that uses verbose data, in centimeters (cm). Olejnik says that there's no need for the second. "Is there a need to provide a verbose proximity readout at all? " he writes on his blog. "For example, is providing readouts of proximity (distance) value up to 150 cm necessary? " Besides limiting access to verbose data, the INRIA researcher also recommends that the Proximity Sensor API should also be subject to user permissions. The device must ask the user for this data, and they should be able to review what websites accessed this API and how often. Olejnik's criticism, which is dated August 8, has been taken into account. The latest version of the W3C Permission Sensor API features support for browser permissions, according to a draft dated August 26. The verbose distance results have been kept. Work on the W3C Proximity Sensor API is still ongoing. 2016-08-28 21:10 Catalin Cimpanu

17 Nutanix acquires two startups amid IPO delay SAN FRANCISCO, Aug 28 (Reuters) - High-tech computing company Nutanix has acquired two startups to enhance its data and storage services, as the firm continues to grow its business despite a protracted delay in its initial public offering. San Jose, California-based Nutanix said on Sunday it bought PernixData, a software company that facilitates data storage, and Calm.io, a development and automation startup, both also located in California. Nutanix declined to disclose the price of the acquisition. Adding the new technologies will enable Nutanix to improve the speed of its cloud computing platform and enhance or create new software products, the company said. The chief executives of both acquired companies said their company culture and technology were complementary with Nutanix's. "One thing that keeps both these companies going is innovation," PernixData CEO and Co-founder Poojan Kumar said on a call with reporters. The deal is a move to grow Nutanix's business while remaining in the private market, despite the company filing for an IPO in December. At the time, the company estimated raising $200 million in the deal, but has not yet priced shares. Investors expected Nutanix - valued at $2 billion after its last financing round - to be among the first companies out in January, but a volatile market battered public technology stocks and put the IPO market into a deep freeze. The market remains challenging, with just 59 deals pricing this year, down 55 percent from the same time last year, according to Renaissance Capital, a manager of IPO-focused funds. Technology IPOs have been particularly difficult, as buyers are reluctant about valuations. There were no technology IPOs this year until April, and there have been only seven since. Some experts say the acquisitions will further kick out Nutanix's IPO, as the companies will need time to integrate their employees and technology. "Larger transactions ... push out IPOs as integration and other aspects of a deal can create one more thing for investors to and management teams to articulate," said Kapil Venkatachalam, principal at Technology Crossover Ventures, who was not part of the Nutanix deal. "The acquisitions of Calm.io and PernixData are completely independent of any IPO process and have no impact on any plans," a Nutanix spokesman said. Nutanix posted revenue of $114.7 million for the three-month period ending in April, a 12 percent jump over the previous quarter and its strongest quarterly revenue to date. The company, however, is not profitable. (Reporting by Heather Somerville; Editing by Andrea Ricci) 2016-08-28 21:00 Heather Somerville

Total 17 articles. Created at 2016-08-29 12:00