Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Emirati Man Gets 3-Month Prison Sentence Over Instagram Insult (go.com)
An anonymous reader quotes a report from ABC News: A state-owned newspaper in the United Arab Emirates is reporting that an Emirati man has received a three-month prison sentence and a fine after being convicted of insulting his brother on Instagram. The Arabic-language newspaper Al Etihad reported on Thursday that the man's brother became upset after finding his photo on his brother's Instagram account with an expletive as the caption. The newspaper says the unidentified defendant also must pay a 250,000-dirham ($68,000) fine under the sentence from the Khor Fakkan Court of Misdemeanors. The newspaper says the defendant planned to appeal. In other insult-related stories, we asked Slashdotters back in April, "What are some insults no developer wants to hear?" Some of the standout responses include: "Wow this is microsoft quality!" and "It compiled cleanly, so he shipped it." -
Obesity Is Three Times As Deadly For Men Than Women, Says Study (telegraph.co.uk)
An anonymous reader writes from a report via The Telegraph: Researchers at Oxford, Cambridge and Harvard universities found in the biggest ever study into weight and death that obesity is three times more deadly for men than women, and that being slightly overweight raises the risk of dying early. Telegraph reports: "Obese people can expect to lose three years of life while the average overweight person will die 12 months sooner than they would have if they were a healthy size. Usually fewer than one in five men will die before the age of 70, but that jumps to nearly one in three for the moderately obese, and eight in 10 for the morbidly obese. In contrast around one in 10 women can expect to die early, with obesity raising the risk to one in seven. While obesity raises the risk of early death by just three per cent for women, it is 10 per cent for men, more than three times as much. Around 61 per cent of adults are currently overweight or obese and the average weight of Britons has been steadily increasingly since the 1970s. In 1975 the average Briton had a BMI of 23, which is considered a healthy weight. But today that has risen to 27, with the average person now overweight. It means that since the 1970s, every person in Briton has roughly gained more than three pounds (1.5kg) per decade. Ten types of cancer are linked to excess weight which can also lead to Type 2 diabetes, heart disease, stroke, respiratory disease and a range of other health problems. Researchers compiled data from 10.6 million people who took part in 239 studies between 1970 and 2015, in 32 different countries. The study found an increased risk of premature death for people who were underweight, as well as for people classed as overweight." According to a study published in the Lancet in April, obese people now outnumber the underweight population for perhaps the first time in history. -
CleanSpace CO Sensor Runs On Freevolt RF Harvesting
mspohr writes: A few years ago, a Kickstarter was set up to develop a locator tag powered by free radio frequency (RF) energy harvested from the environment. This was called a scam here on Slashdot and was shut down before it was funded on Kickstarter. However, it now appears that the concept is not as far-fetched as some predicted. A UK company CleanSpace has developed a carbon monoxide (CO) sensor which is powered by free RF. A review of the product has been posted on YouTube. It uses Freevolt technology to keep a battery charged and the CO sensor running. Since they have several thousand of these devices collecting data, they do appear to work and it seems to be in the 'not a scam' department. -
145 Tech Leaders Say 'Trump Would Be A Disaster For Innovation' (cnn.com)
An anonymous reader writes from a report via CNN: "We have listened to Donald Trump over the past year and we have concluded: Trump would be a disaster for innovation," wrote 145 technology leaders in an open letter Medium post published Thursday. Some of the leaders are from tech giants like Google, Facebook and Apple, others from small startups, venture capital firms, nonprofits and universities. "We believe in an inclusive country that fosters opportunity, creativity and a level playing field. Donald Trump does not," reads the letter, which was signed by well-known names like Apple cofounder Steve Wozniak, Slack CEO Stewart Butterfield, IAC's Barry Diller, Reddit's Alexis Ohanian and Wikipedia's Jimmy Wales. "His reckless disregard for our legal and political institutions threatens to upend what attracts companies to start and scale in America. He risks distorting markets, reducing exports, and slowing job creation," reads the letter, published by chief marketing officer at Color Genomics and former VP at Twitter Katie Jacobs Stanton. Moreover, Trump has shown "poor judgment and ignorance about how technology works," they wrote, citing his proposal to "shut down" parts of the Internet and the fact that he has revoked reporters' press credentials. "We stand against Donald Trump's divisive candidacy," the letter concludes. "We embrace an optimistic vision for a more inclusive country, where American innovation continues to fuel opportunity, prosperity and leadership." Meanwhile, Jon Swartz writes from USA Today that "If there was any lingering doubt as to tech's favored presidential candidate, Hillary Clinton put an end to that Tuesday with a tech plan that reads like a Silicon Valley wish list." -
Consumer Reports Calls For Tesla To Disable Autopilot (consumerreports.org)
Reader parallel_prankster writes: Consumer Reports is calling on Tesla to disable its "Autopilot" feature that enables hands-free operation. Citing the recent fatal accident involving a car with Autopilot engaged, Consumer Reports labels the feature as "Too Much Autonomy Too Soon." In an extensive article posted at the top of its website Thursday morning, Consumer Reports said Tesla should "disable hands-free operation until its system can be made safer." "By marketing their feature as 'Autopilot,' Tesla gives consumers a false sense of security," said Laura MacCleery, vice president of consumer policy and mobilization for Consumer Reports, in the article. "In the long run, advanced active safety technologies in vehicles could make our roads safer. But today, we're deeply concerned that consumers are being sold a pile of promises about unproven technology. 'Autopilot' can't actually drive the car, yet it allows consumers to have their hands off the steering wheel for minutes at a time. Tesla should disable automatic steering in its cars until it updates the program to verify that the driver's hands are on the wheel."
Tesla says it will continue development of Autopilot, insisting that drivers supported by Autopilot "remain safer than those operating without assistance." -
Valve Denounces Third-Party Gambling Sites, But Won't Block Them (arstechnica.com)
Valve is finally addressing the last week's Counter-Strike gambling scandal. The game maker and Steam operator says that it does not directly profit from these gambling sites' actions. In a statement, Valve's Erik Johnson said the following: We have no business relationships with any of these sites. We have never received any revenue from them. And Steam does not have a system for turning in-game items into real world currency. Johnson added that gambling sites work by creating and maintaining their own Steam accounts, which are used to conduct virtual item trading. He adds:Using the OpenID API and making the same web calls as Steam users to run a gambling business is not allowed by our API nor our user agreements.Steam's user agreement includes a passage that forbids "exploiting the Content and Services or any of its parts for any commercial purpose, except as expressly permitted elsewhere in this Agreement." The company won't block these websites, but says it will begin cracking down on them -- by sending them cease and desist notices. -
Valve Denounces Third-Party Gambling Sites, But Won't Block Them (arstechnica.com)
Valve is finally addressing the last week's Counter-Strike gambling scandal. The game maker and Steam operator says that it does not directly profit from these gambling sites' actions. In a statement, Valve's Erik Johnson said the following: We have no business relationships with any of these sites. We have never received any revenue from them. And Steam does not have a system for turning in-game items into real world currency. Johnson added that gambling sites work by creating and maintaining their own Steam accounts, which are used to conduct virtual item trading. He adds:Using the OpenID API and making the same web calls as Steam users to run a gambling business is not allowed by our API nor our user agreements.Steam's user agreement includes a passage that forbids "exploiting the Content and Services or any of its parts for any commercial purpose, except as expressly permitted elsewhere in this Agreement." The company won't block these websites, but says it will begin cracking down on them -- by sending them cease and desist notices. -
Nintendo Is Launching a New, Tiny NES For $60 With 30 Games (engadget.com)
Nintendo, which has been in the news a lot lately thanks to Pokemon Go, has announced a new console. It's called the Nintendo Classic Mini, and it will ship pre-loaded with 30 games. The upcoming Nintendo Classic Mini will be priced at $60, and an extra NES controller will set you back by $10. The controller can be attached to a Wii remote for use and the Virtual Console on the Wii or Wii U. The console, which comes with an HDMI and USB cable (for power) will ship on November 11. Engadget reports about the titles: The full list includes Balloon Fight, Bubble Bobble, Castlevania, Castlevania II: Simon's Quest, Donkey Kong, Donkey Kong Jr., Double Dragon II: The Revenge, Dr. Mario, Excitebike, Final Fantasy, Galaga, Ghosts' N Ghoblins, Gradius, Ice Climber, Kid Icarus, Kirby's Adventure, Mario Bros., Mega Man 2, Metroid, Ninja Gaiden, Pac-Man, Punch-Out!! Featuring Mr. Dream, StarTropics, SUPER C, Super Mario Bros., Super Mario Bros. 2, Super Mario Bros. 3, Tecmo Bowl, The Legend of Zelda and Zelda II: The Adventure of Link.HotHardware has more details. -
Tor Project Installs New Board of Directors After Jacob Appelbaum Controversy (theverge.com)
An anonymous reader writes: The Tor Project announced today that is has elected an entirely new board of directors as part of a larger shake-up after accusations of misconduct by former employee Jacob Appelbaum. Appelbaum left the company in June after the nonprofit organization said it had received multiple accusations against him. The seven board members that are leaving the organization said in a statement today that it is their "duty to ensure that the Tor Project has the best possible leadership." The New York Times reports that the board agreed to step down following the controversy surrounding Appelbaum. Some of the board members who will be leaving include Tor Project co-founders Roger Dingledine and Nick Mathewson, who will continue to work on the organization's technical research and development team, according to the statement. They will be replaced with several prominent cryptographers and scholars, including University of Pennsylvania professor Matt Blaze, Electronic Frontier Foundation Executive Director Cindy Cohn, and security technologist Bruce Schneier. Meanwhile, researchers at MIT have been working on a new anonymity network that they say is more secure than Tor. -
Tor Project Installs New Board of Directors After Jacob Appelbaum Controversy (theverge.com)
An anonymous reader writes: The Tor Project announced today that is has elected an entirely new board of directors as part of a larger shake-up after accusations of misconduct by former employee Jacob Appelbaum. Appelbaum left the company in June after the nonprofit organization said it had received multiple accusations against him. The seven board members that are leaving the organization said in a statement today that it is their "duty to ensure that the Tor Project has the best possible leadership." The New York Times reports that the board agreed to step down following the controversy surrounding Appelbaum. Some of the board members who will be leaving include Tor Project co-founders Roger Dingledine and Nick Mathewson, who will continue to work on the organization's technical research and development team, according to the statement. They will be replaced with several prominent cryptographers and scholars, including University of Pennsylvania professor Matt Blaze, Electronic Frontier Foundation Executive Director Cindy Cohn, and security technologist Bruce Schneier. Meanwhile, researchers at MIT have been working on a new anonymity network that they say is more secure than Tor. -
Ex-Google Engineer Launches Blockchain-Based System For Banks (reuters.com)
An anonymous reader quotes a report from Reuters: A former Google engineer, whose speech recognition software is used in more than a billion Android smartphones, has launched a company that uses blockchain technology to build a new operating system for banks. Paul Taylor, a Cambridge University academic with an expertise in artificial intelligence, speech synthesis and machine learning, started working on the system, called Vault OS, two years ago in a basement in London's Shoreditch district, known for being a tech start-up hub. The technology, which underpins the digital currency bitcoin, creates a shared database in which participants can trace every transaction ever made. The ledger is tamper-proof and transparent, meaning that transactions can be processed without the need for third-party verification. The system also negates the need for costly in-house data centers, as it uses cloud-based systems, which banks can use on a "pay-as-you-go" basis, which means that there is no single point of failure. Taylor said major high-street banks were spending around a billion pounds ($1.3 billion) a year on computer technology, much of which he said was being used for propping up the current "legacy" systems rather than on any innovative technology. The start-up has been working with about ten banks, Taylor said, at least one of which would be starting a trial using the new system in August. He expects the system to be up-and-running within about a year. In banking-related news, a Congressional report shows that China's spies hacked into computers at the Federal Deposit Insurance Corporation (FDIC) from 2010 until 2013 and American government officials tried to cover it up. -
Microsoft: Only Microsoft Edge Will Play Netflix Content At 1080p On Your PC (pcworld.com)
An anonymous reader writes from a report via PCWorld: Microsoft made the bold claim on Wednesday that its Edge browser was the only browser of the big four browsers -- Chrome, Firefox, and Opera -- to play Netflix content at a 1080p resolution. PCWorld tested the four browsers and found this claim to be valid. The other three browsers capped out at a 720p resolution. Microsoft has been trying to boost Edge's reputation. Microsoft recently claimed that its Edge browser is more power-efficient than Chrome. (Opera later denied those claims.) This is the latest bold claim to come from Microsoft in regard to its Edge browser. Microsoft has even publicized a Netflix support document to show that Netflix streams at 1080p on Internet Explorer and Edge, and 720p on the other browsers. PCWorld used the "secret Netflix menus" that were first unearthed by Reddit users (Ctrl+Alt+Shift+D) to display the resolution and bitrate and confirm that Microsoft's claims are true. "In a blog post, Microsoft claimed Microsoft Edge was built to take advantage of platform features in Windows 10, including the PlayReady Content Protection and the media engine's Protected Media Path," reports PCWorld. "The company said it is working with the Open Media Alliance to develop next-generation media formats, codecs, and other technologies for UltraHD video, and with chipset companies to develop Enhanced Content Protection that moves the protected media path into peripheral hardware for an even higher level of security, and one that could be used to protect 4K media." -
Microsoft: Only Microsoft Edge Will Play Netflix Content At 1080p On Your PC (pcworld.com)
An anonymous reader writes from a report via PCWorld: Microsoft made the bold claim on Wednesday that its Edge browser was the only browser of the big four browsers -- Chrome, Firefox, and Opera -- to play Netflix content at a 1080p resolution. PCWorld tested the four browsers and found this claim to be valid. The other three browsers capped out at a 720p resolution. Microsoft has been trying to boost Edge's reputation. Microsoft recently claimed that its Edge browser is more power-efficient than Chrome. (Opera later denied those claims.) This is the latest bold claim to come from Microsoft in regard to its Edge browser. Microsoft has even publicized a Netflix support document to show that Netflix streams at 1080p on Internet Explorer and Edge, and 720p on the other browsers. PCWorld used the "secret Netflix menus" that were first unearthed by Reddit users (Ctrl+Alt+Shift+D) to display the resolution and bitrate and confirm that Microsoft's claims are true. "In a blog post, Microsoft claimed Microsoft Edge was built to take advantage of platform features in Windows 10, including the PlayReady Content Protection and the media engine's Protected Media Path," reports PCWorld. "The company said it is working with the Open Media Alliance to develop next-generation media formats, codecs, and other technologies for UltraHD video, and with chipset companies to develop Enhanced Content Protection that moves the protected media path into peripheral hardware for an even higher level of security, and one that could be used to protect 4K media." -
Parents Upset After Their Boy Was 'Knocked Down and Run Over' By A Security Robot (abc7news.com)
An anonymous reader writes from a report via KGO-TV: PSA: Beware of dangerous security robots at the Stanford Shopping Center! After a young boy was "knocked down and run over" by one of the Stanford Shopping Center security robots, the boy's parents want to help prevent others from getting hurt. KGO-TV reports: "They said the machine is dangerous and fear another child will get hurt. Stanford Shopping Center's security robot stands 5' tall and weighs 300 pounds. It amuses shoppers of all ages, but last Thursday, 16-month-old Harwin Cheng had a frightening collision with the robot. 'The robot hit my son's head and he fell down facing down on the floor and the robot did not stop and it kept moving forward,' Harwin's mom Tiffany Teng said. Harwin's parents say the robot ran over his right foot, causing it to swell, but luckily the child didn't suffer any broken bones. Harwin also got a scrape on his leg from the incident." Teng said, "He was crying like crazy and he never cries. He seldom cries." They are concerned as to why the robot didn't detect Harwin. "Garage doors nowadays, we're just in a day in age where everything has some sort of a sensor," shopper Ashle Gerrard said. "Maybe they have to work out the sensors more. Maybe it stopped detecting or it could be buggy or something," shopper Ankur Sharma said. The parents said a security guard told them another child was hurt from the same robot just days before. They're hoping their story will help other parents be more careful the next time they're at the Stanford Shopping Center. The robots are designed by Knightscope and come equipped with self-navigation, infra-red cameras and microphones that can detect breaking glass to support security services. -
Pokemon Go Becomes Biggest Mobile Game In US History (techcrunch.com)
An anonymous reader writes: Pokemon Go is now the biggest mobile game of all time in the U.S. Not only has it surpassed Twitter's daily users, but it is seeing people spend more time in its app than in Facebook. An earlier report from SimilarWeb says Pokemon Go has surpassed Tinder in terms of installations -- the app surpassed Tinder on July 7th. Today, the tracking firm says Pokemon Go has managed to surpass Twitter in terms of daily active users on Monday. It says almost 6% of the entire U.S. Android population is engaging with the app on a daily basis. A new report from SurveyMonkey intelligence indicated that Pokemon Go has claimed the title "biggest mobile game in U.S. history." The game saw just under 21 million daily active users in the U.S. on Monday. It's reportedly closing in on Snapchat on Android, and could surpass Google Maps on Android as well. According to app store intelligence firm SensorTower, the average iPhone user on iOS spent 33 minutes catching Pokemon, which is more than any other apps it analyzed, including Facebook, Snapchat, Twitter, Instagram, and Slither.io. The app with the second-most average usage at 22 minutes, 8 seconds, was Facebook. SurveyMonkey did note that Pokemon Go still falls short of other games when it comes to time spent in games. Game of War sees nearly 2 hours of total daily usage for the average user, while Candy Crush Saga sees daily usage of about 43 minutes. In just two days, Pokemon Go brought Nintendo's market value to $7.5 billion. It's worth noting that it remains to be seen whether or not the game will continue to break records or turn into a ghost town like Nintendo's first mobile game, Miitomo. -
Google Gets Land For Its Futuristic Headquarters, Thanks To LinkedIn Deal (arstechnica.com)
An anonymous reader writes from a report via Ars Technica: Silicon Valley Business Journal reports that Google and LinkedIn have worked out a deal that will allow the two neighbors to swap a few million square feet of real estate. The deal will help give Google enough room to build its futuristic "canopy" campus. Ars Technica reports: "Google will receive all of LinkedIn's existing Mountain View territory, which consists of LinkedIn's 370,000-square-feet headquarters and almost eight acres of land LinkedIn had planned on turning into office space. LinkedIn will move a few miles across town into four office buildings currently owned by Google that come out to about 750,000 square feet of office space. LinkedIn instantly gets to double its office space while avoiding a costly 'five- to six-year' construction project, and Google gets the space and building rights it needs to build its crazy indoor/outdoor spiderweb canopy utopia. Google owns a huge chunk of land in Mountain View with many office buildings, but the buildings have all been hand-me-downs. In February 2015, Google announced plans to renovate its campus with an ambitious design featuring a large membrane covering configurable activity space. To expand, both LinkedIn and Google needed to compete for Mountain View's 2.2 million square feet of available commercial square footage. The city, fearing it would become an all-Google town, awarded the majority of the construction rights -- 1.4 million square feet -- to LinkedIn, leaving Google with nowhere to build its new headquarters. With the real estate swap, those construction rights go to Google, so the company now has all the space it asked for." Last month, Microsoft announced plans to acquired LinkedIn for $26.2 billion. -
Microsoft Finally Releases New Skype App For Linux (skype.com)
Four months after Linux users complained about issues with Skype app -- an update in March apparently broke the instant message and video calling app -- Microsoft announced a few minutes ago the launch of the Alpha version of a new Skype app for Linux, a move that "reaffirms the company's commitment to the Linux community." The blog post adds that there will be a two-hour Q&A session todat at 7AM PDT between Linux users and engineering team to welcome the new app. The alpha version uses the "latest, fastest and most responsive Skype UI." The company also says that users on Skype for Linux 4.3.37 will no longer be able to use the app to make or receive any calls -- so you really need to use this new app. In the blog post, Microsoft also adds that anyone with a Chromebook and Chrome for Linux can now visit web.skype.com to make one-to-one and group voice calls on top of text messaging feature. It is also an alpha version of Skype -- and is built on top of WebRTC standard. -
Microsoft Finally Releases New Skype App For Linux (skype.com)
Four months after Linux users complained about issues with Skype app -- an update in March apparently broke the instant message and video calling app -- Microsoft announced a few minutes ago the launch of the Alpha version of a new Skype app for Linux, a move that "reaffirms the company's commitment to the Linux community." The blog post adds that there will be a two-hour Q&A session todat at 7AM PDT between Linux users and engineering team to welcome the new app. The alpha version uses the "latest, fastest and most responsive Skype UI." The company also says that users on Skype for Linux 4.3.37 will no longer be able to use the app to make or receive any calls -- so you really need to use this new app. In the blog post, Microsoft also adds that anyone with a Chromebook and Chrome for Linux can now visit web.skype.com to make one-to-one and group voice calls on top of text messaging feature. It is also an alpha version of Skype -- and is built on top of WebRTC standard. -
YouTube Says Content Owners Made $1B Last Year -- So Music Labels Should Stop Complaining (recode.net)
Peter Kafka, reporting for Recode: Here's the latest salvo in the back and forth between YouTube and the music industry: A report from Google that says its video site's copyright software has allowed content owners to generate $1 billion in the last year or so. Or, in other words: Hey, music guys! Stop moaning about money -- we're making plenty of it for you. Google's formal message comes via "How Google Fights Piracy," a 62-page mega-pamphlet it is releasing today. Google adds that its Content ID tool, which lets copyright owners "claim" their videos that users upload to YouTube so that ad money can be made off it, has garnered $2 billion since 2007. This is Google's response to a growing concern from the music industry that YouTube doesn't pay well, its Content ID isn't a solution, and that the video platform is built on stolen material. -
US Judge Throws Out Cell Phone 'Stingray' Evidence For The First Time (reuters.com)
An anonymous reader quotes a report from Reuters: For the first time, a federal judge has suppressed evidence obtained without a warrant by U.S. law enforcement using a stingray, a surveillance device that can trick suspects' cell phones into revealing their locations. U.S. District Judge William Pauley in Manhattan on Tuesday ruled that defendant Raymond Lambis' rights were violated when the U.S. Drug Enforcement Administration used such a device without a warrant to find his Washington Heights apartment. Stingrays, also known as "cell site simulators," mimic cell phone towers in order to force cell phones in the area to transmit "pings" back to the devices, enabling law enforcement to track a suspect's phone and pinpoint its location. The DEA had used a stingray to identify Lambis' apartment as the most likely location of a cell phone identified during a drug-trafficking probe. Pauley said doing so constituted an unreasonable search. The ruling marked the first time a federal judge had suppressed evidence obtained using a stingray, according to the American Civil Liberties Union, which like other privacy advocacy groups has criticized law enforcement's use of such devices. "Absent a search warrant, the government may not turn a citizen's cell phone into a tracking device," Pauley wrote. FBI Special Agent Daniel Alfin suggests in a report via Motherboard that decrypting encrypted data fundamentally alters it, therefore contaminating it as forensic evidence. -
NASA's Juno Spacecraft Sends First Images From Jupiter (sciencedaily.com)
An anonymous reader writes: After its patriotic arrival at Jupiter on July 4th, the Juno spacecraft has sent its first images of the planet back to earth via the JunoCam. The visible-light camera aboard Juno was first turned on roughly six days ago after Juno placed itself into orbit. "This scene from JunoCam indicates it survived its first pass through Jupiter's extreme radiation environment without any degradation and is ready to take on Jupiter," said Scott Bolton, principal investigator from the Southwest Research Institute in San Antonio. "We can't wait to see the first view of Jupiter's poles." The color image, which was obtained on July 10th when the spacecraft was 2.7 million miles from Jupiter, shows atmospheric features on Jupiter, including the famous Great Red Spot, and three of the massive planet's four largest moons -- Io, Europa and Ganymede. "JunoCam will continue to take images as we go around in this first orbit," said Candy Hansen, Juno co-investigator from the Planetary Science Institute, Tucson, Arizona. "The first high-resolution images of the planet will be taken on August 27 when Juno makes its next close pass to Jupiter." -
Mozilla Will Ship Its First Rust Component In Firefox 48 (softpedia.com)
An anonymous reader quotes a report from Softpedia: Mozilla announced today plans to ship its first ever Rust code with the production releases of Firefox. The first ever Rust components will arrive in Firefox 48, scheduled for release on August 2, 2016. After teasing Rust features last year, the Mozilla Foundation announced today that Firefox 48 would contain a new media stack component that's entirely coded in Rust. The first Firefox component to feature Rust code was not chosen at random because media components often execute malicious code when parsing multimedia files. "This makes a memory-safe programming language like Rust a compelling addition to Mozilla's tool-chest for protecting against potentially malicious media content on the Web," says Dave Herman, Director of Strategy at Mozilla Research. During tests of this Rust-based media component in Firefox's unstable builds, Mozilla says that after one billion uses they have yet to see a crash or issue in the Rust media component. Last month, Mozilla released the first versions of Servo, a minimal browser created in Rust code alone. At around the same time, Microsoft open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues. -
Mozilla Will Ship Its First Rust Component In Firefox 48 (softpedia.com)
An anonymous reader quotes a report from Softpedia: Mozilla announced today plans to ship its first ever Rust code with the production releases of Firefox. The first ever Rust components will arrive in Firefox 48, scheduled for release on August 2, 2016. After teasing Rust features last year, the Mozilla Foundation announced today that Firefox 48 would contain a new media stack component that's entirely coded in Rust. The first Firefox component to feature Rust code was not chosen at random because media components often execute malicious code when parsing multimedia files. "This makes a memory-safe programming language like Rust a compelling addition to Mozilla's tool-chest for protecting against potentially malicious media content on the Web," says Dave Herman, Director of Strategy at Mozilla Research. During tests of this Rust-based media component in Firefox's unstable builds, Mozilla says that after one billion uses they have yet to see a crash or issue in the Rust media component. Last month, Mozilla released the first versions of Servo, a minimal browser created in Rust code alone. At around the same time, Microsoft open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues. -
VPN Provider Removes Russian Presence After Servers Seized (thestack.com)
An anonymous reader quotes a report from The Stack: VPN provider Private Internet Access has pulled out of Russia in the wake of new internet surveillance legislation in the country. The company claims that some of its Russian servers were seized by the government as punishment for not complying with the rules, which ask providers to log and hold all Russian internet traffic and session data for up to a year. Upon learning of the federal action, the company immediately removed its Russian availability and announced that it would no longer be operating in the region. "We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process," wrote Private Internet Access in a blog post. The company advises users to update their desktop clients. They also noted that its manual configurations now support the "strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096." Putin has given Federal Security Agents two weeks to produce "encryption keys" for the internet. -
Vulnerability Exploitable Via Printer Protocols Affects All Windows Versions (softpedia.com)
An anonymous reader writes from a report via Softpedia: "Microsoft patched today a critical security vulnerability in the Print Spooler service that allows attackers to take over devices," reports Softpedia. "The vulnerability affects all Windows versions ever released. [Security firm Vectra discovered the vulnerability (CVE-2016-3238), which Microsoft fixed in MS16-087.] At its core, the issue resides in how Windows handles printer driver installations and how end users connect to printers. By default, in corporate networks, network admins allow printers to deliver the necessary drivers to workstations connected to the network. These drivers are silently installed without any user interaction and run under the SYSTEM user, with all the available privileges." An attacker can hack printers and replace these files with his own. The vulnerability is exploitable from both the local network, but also from the internet, thanks to protocols like Internet Printing Protocol or the webPointNPrint. The exploit can be delivered via ads or JavaScript code inside a compromised website. The vulnerability is actually an OS design issue and affects all Windows versions ever released. Microsoft also announced today plans to make its recently renamed Windows 10 Enterprise product available as a subscription for $7 per user per month, or $84 per year. -
FBI Has Collected 430,000 Iris Scans In 'Pilot Program' (theverge.com)
An anonymous reader writes from a report via The Verge: The Verge has obtained documents that reveal the San Bernardino Sheriff's Department has been collecting iris data from at least 200,000 arrestees over the last two and a half years. The department was collecting an average of 189 iris scans each day in the early months of 2016. The activity is part of a larger pilot program organized by the Federal Bureau of Investigation. "Since its launch in 2013, the program has stockpiled iris scans from 434,000 arrestees, an FBI spokesperson confirmed," reports The Verge. Through information-sharing agreements with various other agencies across the country, the new national biometric database stretches the traditional boundaries of a pilot program, and just barely stays out of reach of privacy mandates. The Verge reports: "A 2013 memo signed by representatives from the FBI and California Department of Justice summarizes responsibilities. At that time, according to the memo, the FBI had more than 30,000 images but did not have a way to search through them. The length of the California program was to be kept at one year, and reassessed after, but the documents show the partnership has been renewed every year since. The FBI would not comment on numbers from any particular source. However, 'operations reports' obtained by The Verge through the California Public Records Act requests the catalogue of the program's progress and suggest the state has been a major asset in the construction of the database. A document dated February of this year lists more than a quarter of a million 'enrollments' in the database from the California Department of Justice. In both 2014 and 2015, according to the document, more than 100,000 records were added to the system. Those scans are sent to the FBI by the California Justice Department, which in turn receives them from three counties: Los Angeles, San Bernardino, and Riverside. Despite its relatively small population, the documents show San Bernardino County made more than 190,000 enrollments alone since 2014, far outpacing Los Angeles and Riverside counties." The pilot program has no privacy impact assessment "because the pilot was conducted with very limited participation for a limited period of time in order to evaluate iris technology," an FBI representative told The Verge. The vast majority of the 430,000 enrollments were added after that determination was made. The bureau is reportedly in the process of creating a privacy impact assessment but there's no word as to when that will be complete. In June, the Government Accountability Office published a report that says the FBI has access to hundreds of millions of photos. -
How Technology Disrupted the Truth (theguardian.com)
A day after the Brexit, former UK Independence Party (UKIP) leader Nigel Farage admitted he had misled the public on a key issue. He admitted that UK's alleged 350M Euro weekly contribution to the EU would not be directed to the National Health Service, and that this commitment was never made official. Journalists worldwide tweeted photos of the campaign ads -- posted in conspicuous places like the sides of buses -- debunking the lie. This incident illustrates the need for more political fact-checking as a public service, to enable the voters to make more informed and rational decisions about matters affecting their daily lives. Fact-checking is supposed to be a part of the normal journalistic process. When gathering information, a journalist should verify its accuracy. The work is then vetted by an editor, a person with more professional experience who may correct or further amend some of the information. A long-form article on The Guardian today underscores the challenges publications worldwide are facing today -- most of them don't have the luxury to afford a fact-checker (let alone a team of fact-checkers), and the advent of social media and forums and our reliance (plenty of people get their news on social media now) have made it increasingly difficult to vet the accuracy of anything that is being published. From The Guardian article:When a fact begins to resemble whatever you feel is true, it becomes very difficult for anyone to tell the difference between facts that are true and "facts" that are not.Global Voices' adds:But the need for fact-checking hasn't gone away. As new technologies have spawned new forms of media which lend themselves to the spread of various kinds of disinformation, this need has in fact grown. Much of the information that's spread online, even by news outlets, is not checked, as outlets simply copy-past -- or in some instances, plagiarize -- "click-worthy" content generated by others. Politicians, especially populists prone to manipulative tactics, have embraced this new media environment by making alliances with tabloid tycoons or by becoming media owners themselves. The other issue is that many people do not care about the source of the information, and it has become increasingly hard to tell whether a news article you saw on your Facebook is credible or not. This, coupled with how social networking websites game the news feed to show you what you are likely to find interesting as opposed to giving you news from trustworthy sources, has made things even worse. As you may remember, Facebook recently noted that it is making changes to algorithms to show you updates from friends instead of news articles from publications you like. The Guardian adds:Algorithms such as the one that powers Facebook's news feed are designed to give us more of what they think we want -- which means that the version of the world we encounter every day in our own personal stream has been invisibly curated to reinforce our pre-existing beliefs. [...] In the news feed on your phone, all stories look the same -- whether they come from a credible source or not. And, increasingly, otherwise-credible sources are also publishing false, misleading, or deliberately outrageous stories. -
How Technology Disrupted the Truth (theguardian.com)
A day after the Brexit, former UK Independence Party (UKIP) leader Nigel Farage admitted he had misled the public on a key issue. He admitted that UK's alleged 350M Euro weekly contribution to the EU would not be directed to the National Health Service, and that this commitment was never made official. Journalists worldwide tweeted photos of the campaign ads -- posted in conspicuous places like the sides of buses -- debunking the lie. This incident illustrates the need for more political fact-checking as a public service, to enable the voters to make more informed and rational decisions about matters affecting their daily lives. Fact-checking is supposed to be a part of the normal journalistic process. When gathering information, a journalist should verify its accuracy. The work is then vetted by an editor, a person with more professional experience who may correct or further amend some of the information. A long-form article on The Guardian today underscores the challenges publications worldwide are facing today -- most of them don't have the luxury to afford a fact-checker (let alone a team of fact-checkers), and the advent of social media and forums and our reliance (plenty of people get their news on social media now) have made it increasingly difficult to vet the accuracy of anything that is being published. From The Guardian article:When a fact begins to resemble whatever you feel is true, it becomes very difficult for anyone to tell the difference between facts that are true and "facts" that are not.Global Voices' adds:But the need for fact-checking hasn't gone away. As new technologies have spawned new forms of media which lend themselves to the spread of various kinds of disinformation, this need has in fact grown. Much of the information that's spread online, even by news outlets, is not checked, as outlets simply copy-past -- or in some instances, plagiarize -- "click-worthy" content generated by others. Politicians, especially populists prone to manipulative tactics, have embraced this new media environment by making alliances with tabloid tycoons or by becoming media owners themselves. The other issue is that many people do not care about the source of the information, and it has become increasingly hard to tell whether a news article you saw on your Facebook is credible or not. This, coupled with how social networking websites game the news feed to show you what you are likely to find interesting as opposed to giving you news from trustworthy sources, has made things even worse. As you may remember, Facebook recently noted that it is making changes to algorithms to show you updates from friends instead of news articles from publications you like. The Guardian adds:Algorithms such as the one that powers Facebook's news feed are designed to give us more of what they think we want -- which means that the version of the world we encounter every day in our own personal stream has been invisibly curated to reinforce our pre-existing beliefs. [...] In the news feed on your phone, all stories look the same -- whether they come from a credible source or not. And, increasingly, otherwise-credible sources are also publishing false, misleading, or deliberately outrageous stories. -
XDedic, Underground Market For Hacked Servers, Resurfaces On Tor Domain (threatpost.com)
Reader msm1267 writes: The defunct xDedic marketplace has resurfaced again, this time on a Tor network domain. The marketplace provides a platform for buying and selling of hacked servers. Its original open web domain, xdedic[,]biz, had disappeared shortly after a June 15 Kaspersky Lab report on its activities. The original market had upwards of 70,000 hacked servers for sale from more than 400 unique sellers. It's unknown how much inventory is being peddled on the new site, which was uncovered by researchers at Digital Shadows, who found a post on a Russian and French criminal forum pointing to a Tor domain as the new home of xDedic. The new site has the same look and feel as the old one, but Digital Shadows said accounts had not been transferred, and that there is now a $50 USD enrollment fee to join the new market. -
XDedic, Underground Market For Hacked Servers, Resurfaces On Tor Domain (threatpost.com)
Reader msm1267 writes: The defunct xDedic marketplace has resurfaced again, this time on a Tor network domain. The marketplace provides a platform for buying and selling of hacked servers. Its original open web domain, xdedic[,]biz, had disappeared shortly after a June 15 Kaspersky Lab report on its activities. The original market had upwards of 70,000 hacked servers for sale from more than 400 unique sellers. It's unknown how much inventory is being peddled on the new site, which was uncovered by researchers at Digital Shadows, who found a post on a Russian and French criminal forum pointing to a Tor domain as the new home of xDedic. The new site has the same look and feel as the old one, but Digital Shadows said accounts had not been transferred, and that there is now a $50 USD enrollment fee to join the new market. -
Pokemon Go Was Never Able To Read Your Email (gizmodo.com)
Last week a security researcher noted that Pokemon Go's iOS app -- for whatever reason -- was gleaning complete hold of one's Google account. But is that really the case? Gizmodo contacted Adam Reeve, the security researcher in question (who also happens to be a former senior engineering manager at Tumblr) to get more details on his claims, upon which Reeve, now Principal Architect at Red Owl Analytics, said he wasn't "100 percent sure" his blog was true. From the report: Cybersecurity expert and CEO of Trail of Bits Dan Guido has also cast serious doubt on Reeve's claim, saying Google tech support told him "full account access" does not mean a third party can read or send or send email, access your files or anything else Reeve claimed. It means Niantic can only read biographical information like email address and phone number.In a statement, Google tech support said:In this case, we checked that the Full account access permission refers to most of the My account settings. Specific actions such as sending emails, modifying folders, etc, require explicit permissions to that service (the permission will say "Has access to Gmail")Niantic, the company behind Pokemon Go app also assures that its app doesn't access anyone's email. Moreover, it is working with Google to ensure that only a user's profile data is accessed by the app. In a statement to Gizmodo, the company said:We recently discovered that the Pokemon GO account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokemon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokemon GO or Niantic. Google will soon reduce Pokemon GO's permission to only the basic profile data that Pokemon GO needs, and users do not need to take any actions themselves.Perhaps people should be more careful about the accusations they make. -
Third Tesla Crashes Amid Report of SEC Investigation (usatoday.com)
An anonymous reader writes: Tesla hasn't had the best month so far as not one, not two, but a total of three crashes have been reported with the car's Autopilot self-driving system engaged at the time -- two of which resulted in fatalities. In addition, The Wall Street Journal is reporting today that the Securities and Exchange Commission is investigating whether Tesla violated securities law by failing to disclose more quickly a fatal accident in Florida in May involving a Tesla Model S that was in self-driving mode. The SEC didn't comment on the report, and Tesla issued a statement saying it has "not received any communication from the SEC regarding this issue." As for the Autopilot crash that was reported today, the driver said he activated Autopilot mode at the beginning of his trip. Tesla is looking into the crash and has yet to confirm whether or not Autopilot was a factor. Tesla CEO Elon Musk teased a "Top Secret Tesla Masterplan, Part 2" via Twitter that he is "Hoping to publish later this week." -
Third Tesla Crashes Amid Report of SEC Investigation (usatoday.com)
An anonymous reader writes: Tesla hasn't had the best month so far as not one, not two, but a total of three crashes have been reported with the car's Autopilot self-driving system engaged at the time -- two of which resulted in fatalities. In addition, The Wall Street Journal is reporting today that the Securities and Exchange Commission is investigating whether Tesla violated securities law by failing to disclose more quickly a fatal accident in Florida in May involving a Tesla Model S that was in self-driving mode. The SEC didn't comment on the report, and Tesla issued a statement saying it has "not received any communication from the SEC regarding this issue." As for the Autopilot crash that was reported today, the driver said he activated Autopilot mode at the beginning of his trip. Tesla is looking into the crash and has yet to confirm whether or not Autopilot was a factor. Tesla CEO Elon Musk teased a "Top Secret Tesla Masterplan, Part 2" via Twitter that he is "Hoping to publish later this week." -
MIT Says Their Anonymity Network Is More Secure Than Tor (pcmag.com)
An anonymous reader writes from a report via PC Magazine: Following the recent vulnerabilities in Tor, researchers at MIT's Computer Science and Artificial Intelligence Laboratory and the Ecole Polytechnique Federale de Lausanne have been working on a new anonymity network that they say is more secure than Tor. While the researchers are planning to present their new system, dubbed Riffle, at the Privacy Enhancing Technologies Symposium later this month, they did say the system uses existing cryptographic techniques, but in new ways. A series of servers are what make up Riffle, each of which "permutes the order in which it receives messages before passing them on to the next," according to a news release. "For instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order -- say C, B, A. The second server would permute them before sending them to the third, and so on." Nobody would know which was which by the time they exited the last server. Both Tor and MIT's anonymity network use onion encryption. Riffle uses a technique called verifiable shuffle in addition to onion encryption to thwart tampering and prevent adversaries from infiltrating servers with their own code. Last but not least, it uses authentication encryption to verify the authenticity of an encrypted message. The researchers say their system provides strong security while using bandwidth much more efficiently than similar solutions. -
Netflix Is The Least-Cancelled of All Major Streaming Services, Says Study (exstreamist.com)
An anonymous reader writes from a report via Exstreamist: A recent survey from IBM suggests that nearly 70% of streaming service subscribers never canceled their subscriptions. One of the more likely reasons subscribers cancel is because their credit cards expire and they never get around to updating the information in each service. The other most likely reasons subscribers cancel is because of advertisements (27%), which was above price (25%). Netflix is the least likely to get cancelled of the major services, according to the survey. Hulu and Amazon had a larger number of total cancellations. In terms of numbers, 40% of consumers have stated they have cancelled either Hulu or Amazon, with only 30% having cancelled Netflix. Shortly behind advertisements and price, 20% of users said a lack in quality or quantity of content would likely make them cancel their service. More towards the bottom, 17% said technical issues that hinder a smooth viewing experience would cause them to cancel. Roughly 73% of subscribers would download Netflix content, according to one survey. Another survey suggests that a majority of Netflix subscribers would rather cancel their subscription than see advertisements. -
Netflix Is The Least-Cancelled of All Major Streaming Services, Says Study (exstreamist.com)
An anonymous reader writes from a report via Exstreamist: A recent survey from IBM suggests that nearly 70% of streaming service subscribers never canceled their subscriptions. One of the more likely reasons subscribers cancel is because their credit cards expire and they never get around to updating the information in each service. The other most likely reasons subscribers cancel is because of advertisements (27%), which was above price (25%). Netflix is the least likely to get cancelled of the major services, according to the survey. Hulu and Amazon had a larger number of total cancellations. In terms of numbers, 40% of consumers have stated they have cancelled either Hulu or Amazon, with only 30% having cancelled Netflix. Shortly behind advertisements and price, 20% of users said a lack in quality or quantity of content would likely make them cancel their service. More towards the bottom, 17% said technical issues that hinder a smooth viewing experience would cause them to cancel. Roughly 73% of subscribers would download Netflix content, according to one survey. Another survey suggests that a majority of Netflix subscribers would rather cancel their subscription than see advertisements. -
Tech Workers Think Silicon Valley and Startups Are Losing Their Luster (qz.com)
An anonymous reader shares a Quartz report: The job site Indeed.com found Silicon Valley's hold on tech workers is slipping as opportunities, and the cost of living, changes the equation for living and working in one of the priciest places in the country. "There is more opportunity for tech professionals in more places than ever before," wrote Terence Chiu, vice president of Indeed Prime by email, citing cities such as Austin, Boston, Seattle, and New York City. "Obviously the San Francisco Bay remains the largest tech hub [but] what has made it so attractive has also made it expensive." Indeed's most recent survey of professional tech workers found more than 66% of tech workers say living and working in Silicon Valley is either "not that important" or "not at all important" for a career in technology. Just 12% consider it "very important." Opinions were split on generational lines. About half of millennial tech workers say it's important (26.5%) or very important (19%), but the number declined to 10.2% among the Boomer generation. "Seasoned talent is often searching for opportunity elsewhere," stated the report. New employees may see the high cost of living as an acceptable tradeoff for building up a reputation and experience in the Bay Area, but that seems to fade over time.Recently, Google co-founder Sergey Brin advised people to not come to Silicon Valley to start a business for the very same reasons. -
Ask Slashdot: How Often Do You Switch Programming Languages?
An anonymous Slashdot reader writes: I always see a lot of different opinions about programming languages, but how much choice do you really get to have over which language to use? If you want to develop for Android, then you're probably using Java...and if you're developing for iOS, then you've probably been using Swift or Objective-C. Even when looking for a job, all your most recent job experience is usually tied up in whatever language your current employer insisted on using. (Unless people are routinely getting hired to work on projects in an entirely different language than the one that they're using now...)
Maybe the question I really want to ask is how often do you really get to choose your programming languages... Does it happen when you're swayed by the available development environment or intrigued by the community's stellar reputation, or that buzz of excitement that keeps building up around one particular language? Or are programming languages just something that you eventually just fall into by default?
Leave your answers in the comments. How often do you switch programming languages? -
Pokemon Go Leads to Reckless Driving, Injuries, and A Corpse (chicagotribune.com)
Since its release Wednesday night, Pokemon Go has already gone on to become the top-grossing game in the three countries where it's available, and Forbes contributor Tero Kuittinen calls it "the first example of an AR product becoming a national obsession." An anonymous Slashdot reader writes: Some fans are now tweeting about playing the game while driving, and the Chicago Tribune quotes one user who says "Pokemon Go put me in the ER last night... Not even 30 minutes after the release...I slipped and fell down a ditch." In Australia the game has been leading some players to their local police station, and a woman in Wyoming reports that the game actually led her to a dead body floating in a river. And at least one Pokemon Go screenshot has gone viral. It shows a man capturing a Pokemon while his wife gives birth.
The app's popularity has created lagging servers and forced Niantic to delay its international roll-out, meaning "Those who have already downloaded the game in the U.S., Australia and New Zealand can still play it, while those in the U.K., the Netherlands and other countries will have to wait." Meanwhile, Motherboard warns that a malicious sideloaded version of Pokemon Go is being distributed that actually installs a backdoor on Android devices, and also reports that some players are already spoofing their GPS coordinates in order to catch Pokemon without leaving their house. -
UK Proposes Mandatory Age Verification For Porn Sites (mirror.co.uk)
A proposed bill read in the House of Commons, "suggests that by next year websites will require visitors to prove they are of legal age before entering..." reports the Mirror. Britain's prime minister "says none of Britain's top 10 porn sites -- which account for 52% of all views -- have a 'robust' process to verify users' age," citing figures that 10% of the site's viewers are below the age of 18. The Independent adds that "the issue has alarmed privacy campaigners, since it could mean having to register a credit card with a porn website." U.K. lawyer Neil Brown contacted Slashdot with more on the age-verification requirement: Sites which failed to do so could face fines of up to 250,000 pounds or 5% of annual turnover. Their URLs could also be given to ISPs and payment processing providers, to consider voluntary blocking/service suspension, although no mandatory blocking regime is planned currently.
This is the same bill that proposes jail terms up to 10 years for those found guilty of copyright infringement. According to the article, one 2013 study found that 7% of the world's porn was hosted in the UK, with 60% in America and 26% in the Netherlands. -
Oracle Asks Judge To Throw Out Java/Google Verdict...Again (siliconvalley.com)
Just when you thought the six-year, $9 billion lawsuit was over, an anonymous reader quotes this report from the Bay Area Newsgroup: Oracle has asked a judge -- again -- to throw out the verdict that found Google rightfully helped itself to Oracle programming code to create the Android operating system... A judge already rejected a bid in May by Oracle to get the verdict thrown out. But the software and cloud company hasn't given up. On July 6, Oracle filed a motion in San Francisco U.S. District Court again asking the same judge, William Alsup, to toss the verdict.
The company cited case law suggesting use is not legal if the user "exclusively acquires conspicuous financial rewards'' from its use of the copyrighted material. Google, said Oracle, has earned more than $42 billion from Android. "Google's financial rewards are as 'conspicuous' as they come, and unprecedented in the case law," Oracle's filing said. Oracle wants the judge to adhere to the narrower and more traditional applications of fair use, "for example, when it is 'criticism, comment, news reporting, teaching ... scholarship, or research.'" -
Yahoo and Twitter CEOs Have Their Twitter Accounts Compromised
The man who sent Twitter's very first public tweet now also becomes the first Twitter CEO to have his own Twitter account compromised. An anonymous reader quotes a report from Digital Trends about this weekend's wave of high-profile attacks: At 2:50 a.m. ET, a tweet reading, "Hey, its OurMine, we are testing your security" and linking to the group's website was briefly posted, and while it was soon deleted, identical tweets continued to appear... The group has previously taken over other social media accounts, including Google's Sundar Pichai's Quora account, and Mark Zuckerberg's Instagram, LinkedIn, Pinterest, and Twitter accounts...
Dorsey also wasn't the only tech heavy hitter whose Twitter account was breached during that 24-hour period. Yahoo CEO Marissa Mayer and venture capitalist Vinod Khosla also saw breaches to their accounts, both of which were attributed to OurMine.
The Tweets may have come from Vine, according to Digital Trends, "which suggests that Dorsey was either using an old or shared password on the video network, or had otherwise connected his account to a compromised service...it's certainly alarming that a man who ostensibly is more aware than most of security protocols (especially on Twitter) fell victim to such an attack..." -
Yahoo and Twitter CEOs Have Their Twitter Accounts Compromised
The man who sent Twitter's very first public tweet now also becomes the first Twitter CEO to have his own Twitter account compromised. An anonymous reader quotes a report from Digital Trends about this weekend's wave of high-profile attacks: At 2:50 a.m. ET, a tweet reading, "Hey, its OurMine, we are testing your security" and linking to the group's website was briefly posted, and while it was soon deleted, identical tweets continued to appear... The group has previously taken over other social media accounts, including Google's Sundar Pichai's Quora account, and Mark Zuckerberg's Instagram, LinkedIn, Pinterest, and Twitter accounts...
Dorsey also wasn't the only tech heavy hitter whose Twitter account was breached during that 24-hour period. Yahoo CEO Marissa Mayer and venture capitalist Vinod Khosla also saw breaches to their accounts, both of which were attributed to OurMine.
The Tweets may have come from Vine, according to Digital Trends, "which suggests that Dorsey was either using an old or shared password on the video network, or had otherwise connected his account to a compromised service...it's certainly alarming that a man who ostensibly is more aware than most of security protocols (especially on Twitter) fell victim to such an attack..." -
Ashley Madison Admits It Lured Customers With 70,000 Fake 'Fembots' (arstechnica.com)
America's Federal Trade Commission is now investigating the "infidelity hookup site" Ashley Madison. In a possibly-related development, an anonymous reader writes: Ashley Madison's new executive team "admits that it used fembots to lure men into paying to join the site," reports Arts Technica. More than 75% of the site's customers were convinced to join by an army of 70,000 fembot accounts, "created in dozens of languages by data entry workers...told to populate these accounts with fake information and real photos posted by women who had shut down their accounts on Ashley Madison or other properties owned by Ashley Madison's parent company, Avid Life Media... In reality, that lady was a few lines of PHP... In internal company e-mails, executives discussed openly that only about five percent of the site's members were real females."
The company only abandoned the practice in 2015, and CNN also reports that for years, if the site's male customers complained, Ashley Madison "threatened to send paperwork to users' homes if they disputed their bills -- potentially revealing cheaters to their spouses," while one user complained that the site also automatically signed up customers for recurring billing. "We are not threatening you. We are laying the facts to you..." one e-mail read, while another warned that "We do fight all charge backs." -
Researchers Discover Over 100 Tor Nodes Designed To Spy On Hidden Services (schneier.com)
An anonymous reader writes from a report via Schneier on Security: Two researchers have discovered over 100 Tor nodes that are spying on hidden services. Cory Doctorow from Boing Boing reports: "These nodes -- ordinary nodes, not exit nodes -- sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against the server-software running on them, seeking to compromise and take them over. The researchers used 'honeypot' .onion servers to find the spying computers: these honeypots were .onion sites that the researchers set up in their own lab and then connected to repeatedly over the Tor network, thus seeding many Tor nodes with the information of the honions' existence. They didn't advertise the honions' existence in any other way and there was nothing of interest at these sites, and so when the sites logged new connections, the researchers could infer that they were being contacted by a system that had spied on one of their Tor network circuits. No one knows who is running the spying nodes: they could be run by criminals, governments, private suppliers of 'infowar' weapons to governments, independent researchers, or other scholars (though scholarly research would not normally include attempts to hack the servers once they were discovered)." The Tor project is aware of the attack and is working to redesign its system to try and block it. Security firm Bitdefender has issued an alert about a malicious app called EasyDoc that hands over control of Macs to criminals via Tor. -
YouTube Looking To Launch Online TV Service Next Year With ESPN, ABC, and CBS (theverge.com)
An anonymous reader writes: Bloomberg reported in May that YouTube is working on a paid subscription service called Unplugged that would offer customers a selection of TV channels streamed via the internet. Now, The Information (Warning: source may be paywalled) is reporting that deals are starting to come together, and ESPN, ABC, and CBS are "firmly expected" to be available through the service. Other major broadcasters are expected to try and get involved with the service, but the report notes that YouTube may purposely choose to pass on smaller networks, like HGTV, to try and market YouTube videos instead. The question remains to be answered as to how YouTube plans to make anyone interested in its service. ESPN, ABC, and CBS are already offered through other online TV services, like Sling TV. CBS has its own standalone subscription service, and ESPN will soon have its own as well. Also, The Information notes that YouTube Red -- YouTube's existing subscription service -- isn't doing so well. Although, it's worth noting that service is completely different than what Unplugged is rumored to feature. -
Apple Devices Held For Ransom, Rumors Claim 40M iCloud Accounts Hacked; Apple-Related Forums Compromised (csoonline.com)
Steve Ragan, reporting for CSOOnline: Since February, a number of Apple users have reported locked devices displaying ransom demands written in Russian. Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts. Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple." The message goes on to state that the alleged breach was conducted by a Russian actor, and vector "seems to be via iCloud to the 'locate device' feature, and is then locking the device and asking for money."In a separate report, the publication reports that three websites owned by Penton Technology -- MacForums.com, HotScripts.com, and WebHostingTalk.com -- have been compromised and their databases are now being sold on the Darknet. While nothing is confirmed, there is a possibility that some of the rumored 40M compromised Apple ID credentials may have come from these forums, or from LinkedIn's recent hack. -
The Great Tablet Gold Rush Is Over (mashable.com)
Earlier this month, Dell announced that it will no longer sell Android tablets. The company added that slate tablet market is "over-saturated" and is "experiencing declining demand from consumers." The company says it will focus more on 2-in-1 -- otherwise known as hybrid laptops -- devices moving forward. Dell is right. According to IDC, tablet sales have fallen greatly in the last few years. Mashable goes on to say that the "great tablet gold rush is over." From an article: Pretty much every major tablet maker's growth fell year-over-year. Apple's iPad and Samsung's Galaxy Tabs, the two most popular brands of tablets, were down 18.8% and 28.1%, respectively. [...] In the beginning, the pitch was: The tablet is the future of computing. It'll replace your phone and your laptop. Then it became: A small tablet will replace your smartphone. Today, the pitch: It's good enough to replace your laptop. But only for some people, and only if you're willing to get by with a mobile OS. Long story short: Tablets are a complete mess right now. We can't seem to decide if we want them to replace all of our devices or only a few of them. -
Oracle Says It Is 'Committed' To Java EE 8 -- Amid Claims It Quietly Axed Future Development (theregister.co.uk)
Media reports, citing anonymous Oracle engineers, noted earlier this week that development of Java EE (Enterprise Edition) projects at Oracle had been "practically ceased" since last fall. This led many to wonder about the future of Java. Well, it's all cosy, says Oracle. The software firm assures that it is "committed" to Java. The Register reports: The Redwood City titan said it will present fresh plans for the future of Java EE 8 at its JavaOne conference in San Francisco in September. Version eight is due to be released in the first half of 2017. However, over the past six months, it appeared Oracle had pretty much ceased development of the enterprise edition -- a crucial component in hundreds of thousands of business applications -- and instead quietly focused its engineers on other products and projects. Oracle spokesman Mike Moeller tonight sought to allay those fears, and said a plan for the future of Java EE is brewing. "Oracle is committed to Java and has a very well defined proposal for the next version of the Java EE specification -- Java EE 8 -- that will support developers as they seek to build new applications that are designed using micro-services on large-scale distributed computing and container-based environments on the Cloud," said Moeller. -
Facebook Messenger To Get End-To-End Encryption
Reader wiredmikey writes: Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient. Facebook shared technical details about its implementation of the security in a technical white paper (PDF). Facebook earlier this year began implementing this end-to-end encryption on its WhatsApp messaging service.ZDNet's Zack Whittaker, however, warns about a catch in Facebook's effort. He writes: But already the company has faced some criticism for not encrypting messages by default, instead making the service opt-in, like Apple's iMessage, or even Facebook's other chat app, WhatsApp, which recently switched on default end-to-end encryption earlier this year. Cryptographer and Johns Hopkins professor Matthew Green, who reviewed an early version of the system, said in a tweet that though you "have to turn on encryption per thread," he added that providing encryption to almost a billion people makes it hard to "put that genie back in the bottle."