Slashdot Mirror

An anonymous reader writes: This month Twitter is closing down the JSON endpoint API which thousands of third-party software and plugin developers have depended upon for years. The alternative Rest API offers data which is aggregated or limited in other ways, whilst the full-featured share data offered by Gnip (purchased last year by Twitter) can cost developers thousands per month to access — in one case up to £20,000 a month. The general objective seems to be to either drive users back to the core Twitter interface where they can be monetized via the social network's advertising, or to regain lost advertising by converting open source data — currently utilized a lot in scientific research — into premium information, offering the possibility for well-funded organizations to gain reputations as Twitter barometers without ever needing to expose the expensive, accurate share figures. The company also announced today that co-founder Jack Dorsey would be the new CEO.

An anonymous reader writes with The Stack's report that: The London Private Hire Car Association (LPHCA) has engaged a major firm of lawyers to present its case against Uber in the UK capital, citing lack of continuous insurance checks, Uber's tax avoidance practices and even 'loitering' Uber drivers as reasons to impose regulations which would eliminate Uber's competitive advantage in London. A lot of Londoners like to have that competition around, though.

An anonymous reader writes: Users of Microsoft Office on the Mac are reporting widespread instabilities and conflicts after upgrading to the latest version of the Apple desktop operating system, El Capitan. The first indications that El Capitan and Office 2016 were not working well together came in a now epic thread at Microsoft Community. Many users have surmised that new restrictions in file permissions in El Capitan caused the problems initially, though nearly all agree that Office's Outlook email client is the critical point of failure in the current round of application crashes and loss of functionality.

An anonymous reader writes: A new report suggests that continuing cuts to the Environmental Protection Agency's budget contributed to Volkswagen being able to cheat on its emissions tests. When the test scripts were developed the department — which can still only conduct 'spot tests' on 20% of all qualifying vehicles — was forced to concentrate on heavy machinery and truck manufacturers, which at the time had a far higher incidence of attempting to cheat on vehicle standards tests. Discounting inflation the EPA's 2015 budget is on a par with its 2002 budget (PDF), and has been cut by 21% since 2010.

An anonymous reader writes: An amendment to the UK Consumer Rights Act regarding digital-only purchases seems to give British videogamers redress towards publishing houses which deliver buggy code or inveigle consumers to pre-order games based on trailers or betas that demonstrate features, characters or quality not delivered in the RTM release. But the legislation is so loosely worded as to be an invitation to litigation and interpretation, and does not address mis-delivery issues for consumer models such as cloud subscriptions.

An anonymous reader writes: Chinese smartphone maker Xiaomi is under investigation for using superlative messaging on its website, according to a leaked document from the Beijing Ministry of Industry and Commerce. A new Chinese law states that adjectives used to promote products must not mislead consumers. The Xiaomi investigation [Chinese] follows claims made by rival Cong that the company used phrases such as 'the best' and 'the most advanced', in its online campaigns and therefore violated the country's advertising law. (The law against suprelatives doesn't seem to apply to communications by the government, about the government.)

An anonymous reader writes: South Korea's Resident Registration Number (RRN) has been proven 'vulnerable to almost any adversary' by the 'Queen of re-identification', Harvard Professor Latanya Sweeney, who previously proved that 87 percent of all Americans could be uniquely identified using just their ZIP code, birthdate, and sex. Sweeney was able to decrypt personal information from the RRN numbers of 23,163 deceased Koreans with 100% success by two different methods of attack, and notes that the South Korean system is based on one currently in use in the U.S.

An anonymous reader writes: According to the Wall Street Journal (paywalled) a loophole in the 1970 Clean Air Act could make it impossible for U.S. prosecutors to subject Volkswagen to criminal charges over its use of standards-dodging 'defeat devices' in its emissions-testing software. Prosecutors are now reported to be considering alternative methods, including (considerably lesser) charges that Volkswagen lied to regulation authorities.

An anonymous reader writes: A Spanish researcher claims to have uncovered a vulnerability in the security procedures of Google's AdSense program which would allow a third party to manipulate clicks on Google's syndicated ad service by 'de-cloaking' the obfuscated advertiser URLs that Google AdSense placements provide as links. He has also provided downloadable PHP files to show the exploit in action.

An anonymous reader writes: Data center provider Switch is planning to build a huge facility in Reno, Nevada, which it claims will be the largest data center campus in the world once completed. Switch has said that the SuperNap Reno campus will cost $3bn when fully built. The project will include seven data center buildings of the same size, totaling 6.49mn sq. ft.

An anonymous reader writes: Computer scientists at a group of UK universities are developing a system to detect malicious code in shortened URLs on Twitter. The intelligent system will be stress-tested during the European Football Championships next summer, on the basis that attackers typically disguise links to malicious servers in a tweet about an exciting part of an event to take advantage of the hype.

An anonymous reader writes: A team of scientists at the Kaliningrad-based Immanuel Kant Baltic Federal University has unveiled a small cockroach robot which will be tasked with hunting out victims trapped under debris. The robot measures 10cm in length, and can move at up to 30cm/second. The device is fitted with light sensors, as well as contact and non-contact probes which allows it to move around without bumping into any obstacles. “We had to develop many things from scratch. For example, there’s a company in Austria that produces gearing for legs, but a unit for one robot would have cost us nearly $9,000 while our entire budget is $22,500,” said Danil Borchevkin, the university’s lead engineer.

An anonymous reader writes: An advisory from CERT warns that all web-browsers, including the latest versions of Chrome, Firefox, Safari and Opera, have 'implementation weaknesses' which facilitate attacks on secure (HTTPS) sites via the use of cookies, and that implementing HSTS will not secure the vulnerability until browsers stop accepting cookies from sub-domains of the target domain. This attack is possible because although cookies can be specified as being HTTPS-specific, there is no mechanism to determine where they were set in the first place. Without this chain of custody, attackers can 'invent' cookies during man-in-the-middle (MITM) attacks in order to gain access to confidential session data.

An anonymous reader writes: Facebook has launched its 360-degree video feature, with an eye to virtual reality and next year's release of the Oculus Rift. Among the showcase videos is a specially rendered 'fly-through' of a scene from new Star Wars movie 'The Force Awakens', allowing the viewer to pan laterally and horizontally as the movie progresses. This kind of immersive video was made possible with Apple's QuickTime VR in the 1990s, but was hampered by the same technological bottlenecks of the period as VRML.

An anonymous reader writes: Imgur has been compromised by attackers looking for an opportunity to direct large volumes of traffic to 4chan. A Reddit thread explains that "when an Imgur image is loaded from /r/4chan [...] imgur loads a bunch of images from 8chan, which causes a DDoS to those sites." Meaning that if a user clicks an Imgur link on /r/4chan, it automatically makes around "500 requests" for one image from imageboard 4chan.org/8chan.

An anonymous reader writes: When personal information ends up in the analytical whirlpool of big data, it almost inevitably becomes orphaned from any permissions framework that the discloser granted for its original use; machine learning systems, commercial and otherwise, end up deriving properties and models from the data until the replication, duplication and derivation of that data can never hoped to be controlled or 'called back' by the originator. But researchers now propose a revision which can be imposed upon existing machine-learning frameworks, interposing a 'summation' layer between user data and the learning system, effectively tokenising the information without anonymising it, and providing an auditable path whereby withdrawal of the user information would ripple through all iterations of systems which have utilized it — genuine 'cancellation' of data.

Patrick O'Neill writes: Although Bitcoin was never designed to be anonymous, many of its users have used it as if it were. Now, two prominent Chinese researchers are proposing a system that encrypts all new Bitcoin transactions layer by layer to beat network analysis that can unmask Bitcoin users. The new research is inspired by the Tor anonymity network. The researchers' paper is at arXiv. (Also covered by The Stack.)

An anonymous reader writes: A new Facebook scam is quickly spreading across the social network which plays on the announcement of the highly-anticipated 'Dislike' button. A new scamming campaign is now exploiting impatient Facebook users anxiously awaiting the dislike button addition, by tricking them into believing that they can click on a link to gain early access to the feature. Once the unsuspecting victim selects a link, they are led to a malicious website, which enables access to their private Facebook accounts and allows the hackers to share further scam links on their behalf.

An anonymous reader writes with a report from The Stack that researchers have discovered a crucial security problem in the latest version of iOS 9: it breaks VPN connections to corporate servers. According to the linked piece, "The flaw was first detected in the iOS 9 beta, and has not been fixed in the released version. Neither has the bug been removed in the current iOS 9.1 beta." The workaround might not be what you want to hear, either, if you've happily upgraded to the latest version: it's to downgrade to iOS 8.4.1.

An anonymous reader writes with a link to The Stack's look at study that examines the human capacity to detect (or to overlook) manipulation in images. About 400 volunteers looked at images which had been digitally altered by erasing elements, by replicating parts the image, or by pasting in elements from other images. Less than 58 percent of the alterations were detected, even though the volunteers knew that's what they were to look for. The article says "While its conclusion – that we are not very good at identifying doctored photos – is predictable, it's the type of 'fakes' that deceive us which are most interesting." Spoiler: Erasure is much harder to spot than image splicing.

An anonymous reader writes: Microsoft CEO Satya Nadella was a little embarrassed at a Salesforce conference today when he tested the company's personal virtual assistant during a presentation. Slightly fluffing the question 'Show me my most at-risk opportunities', Nadella was dismayed to find Cortana offering him a Bing page with the search term 'Show me to buy milk at this opportunity'. Two further efforts to discover the exposure of his shares failed to achieve their aim, and eventually the CEO of Microsoft gave up. The fact that he stumbled over his first attempt at the question seemed to floor Cortana, which uses the 'Einstein' AI engine, and which has been more praised for its accurate speech recognition than its ability to understand what an array of interpreted words actually mean.

An anonymous reader writes: Hidden among the customary disclaimers about how the website intends to use the information it holds about you, ancestry.com states that it reserves the right to leverage the genotyping tests of users (who have contributed their DNA to AncestryDNA research) in order to serve back 'relevant' advertising via the site. Critics of the clause believe that the site's promise to delete a user's genome on request is devalued both by the possibility of data breaches and by the fact that data brokers and other third parties are both unlikely to honor (or even know about) removal requests, and are likely to improve at leveraging genetic information in the future.

An anonymous reader writes: AT&T have offered a $250,000 reward to anyone providing information leading to the arrest and conviction of what appears to be a serial disruptor of fiber-optic connections in California. The latest incident has taken place in Livermore in the San Francisco Bay Area, where an individual thought by the FBI to possess expert knowledge and specialist tools severed a critical AT&T cable, gaining access to the enclosure via a manhole. The attack precedes 11 previous ones in California in the preceding twelve months.

An anonymous reader writes: A new chess AI utilizes a neural network to approach the millions of possible moves in the game without just throwing compute cycles at the problem the way that most chess engines have done since Von Neumann. 'Giraffe' returns to the practical problems which defeated chess researchers who tried to create less 'systematic' opponents in the mid-1990s, and came up against the (still present) issues of latency and branch resolution in search. Invented by an MSc student at Imperial College London, Giraffe taught itself chess and reached FIDE International Master level on a modern mainstream PC within three days.

An anonymous reader writes: Chinese researchers claim to be able to deduce a person's emotional state using accelerometer data from mobile devices attached to the wrist and ankle. The study recorded baseline data and then comparitive data after showing either disturbing or amusing videos to test subjects. The paper envisages the ultimate development of smartphone and wearable apps capable of providing systematic long-term and short-term data on someone's state of being, based mostly on the movement of the ankle whilst walking. They posit the usefulness of the information in medical applications, but do not address possible unsuitable uses, such as for the purposes of employment assessment or insurance premiums.

An anonymous reader writes: Leading network security company FireEye, which has customers in government and the Fortune 500 list, has caused a controversy at a London security conference today after its legal attempts to stop a keynote speech detailing the repair of major security loopholes in its customer-facing systems this year. Reported among these now-fixed vulnerabilities were the running of a significant number of FireEye's Apache-based security servers as 'root' — meaning that any attacker able to compromise the servers would have had absolute power over all its operations and commercial connections.

An anonymous reader writes: Uber's third attempt to overturn a California court ruling stating that its drivers are employees and not contractors has ended in failure, with the appeal dismissed by the California Employment Development Department (EDD). The California Labor Commission ruled in June on the matter, and in a later appeal one judge effectively decided that the difference between 'firing' a driver and deactivating their account is purely semantic.

An anonymous reader writes: Researchers in Japan have established an almost 75% correlation between Google Trends data on keyword surges and equivalent Wikipedia page views. Since Google provides aggregate web-trends data with little granularity, the 'early ripples' of web interest are far harder to detect via its APIs than by a system that gathers information from Wikipedia's publicy accessible page views data.

An anonymous reader writes with a link to The Stack's report that researchers at security firm zScaler have spotted a clever new variety of Android-based ransomware, which takes advantage of phones' built-in cameras to add a personal touch; it activates the camera to take a snapshot of the user, which is then incorporated into its blackmail note. "The crudely-planned app features an extraordinarily demanding privacy/functionality swap at install, and proceeds to demand a $500 'FBI fine' via PayPal, rather than any of the cryptocurrencies which most ransomware authors currently favour."

An anonymous reader writes: A new alternative to rival other 3D metal printing techniques is being developed by a team of manufacturing researchers at the Southern Methodist University. Led by Professor Radovan Kovacevic, the group have presented a technique called Laser-Based Direct Metal Deposition (LBDMD) which builds on traditional FDM and laser technology to create high-quality metal objects as parts for a range of fabrication uses. The technology uses multi-axial positioning robotics which eliminates the need for a support structure and human intervention.

An anonymous reader writes: The Cupertino-based global device giant is falling behind in the race to create 'predictive' services for smartphones because its privacy policies are too protective of the end-user. Data retention policies on user-centric information gathered into its Siri 'personal assistant' product is a reasonably generous six months, whilst information retained from the user's exploration of Apple Maps expires after only 15 minutes. As a consequence Apple's smartphones attempt to crunch a great deal of user-data locally rather than in the cloud.

An anonymous reader writes: Researchers at Facebook AI Research (FAIR) have published a paper contending that image recognition research is now advanced enough to consider the problem of occlusion, wherein the objects AI must identify are either partially cropped or partially hidden. Their solution is the predictably labor-expensive route of human annotation of existing image-set databases, in this case 'finishing off' occluded objects with vector outlines and assigning them a z-order. This article looks at the practical and even philosophical problems of getting IR algorithms to 'guess' objects usefully, and asks whether practical IR research might not be currently limited both by the use of over-specific image datasets and — in the field of neural networks — by problems of theory and limited 'local' processing power in critical real-time situations.

An anonymous reader writes: Dell's Joe Stewart chronicles the tale of the YouTube channel that came under attack in the form of an avalanche of 'dislikes' for any videos that touched upon a certain company or even which examined themes around the company's product without mentioning it. The number of dislikes was so disproportionate to the casual number of viewers for the channel, and so concentrated as to constitute a particular type of net-attack — one that appeared to originate in Vietnam. Stewart eschews the notion of a "cottage industry" of Vietnamese YouTube "dislikers" in favor of the fact that any network exploits are eminently reproducible in a country which has only five ISPs among nearly ninety million people — and a widely distributed vulnerable router.

An anonymous reader writes: A team of researchers at the University of South Alabama is investigating potential breaches of medical devices used in training, taking the mannequin iStan as its prime target in its scenario-based research. Identifying the network security solution and network protocol as the vulnerable components, the team was able to carry out brute force attacks against the router PIN, and denial of service (DDoS) attacks, using open source tools such as BackTrack.

An anonymous reader writes with news from The Stack that makes it a little harder to scoff at malware on phones as being largely the fruit of dodgy sideloaded software, game cracks, et cetera. They report that even phones marketed as brand new, from well-known brands like Lenovo and Xiaomi, have been tampered with and "infected prior to sale with intelligent malware disguised in popular apps such as Facebook." (To U.S. buyers, those makers may be slightly obscure as cellphone vendors; the scheme this article addresses involves handsets sold by vendors in Europe and Asia, involving more than 20 different handset types.)

An anonymous reader writes with a report at The Stack that "New York City cabs have begun testing a new app-based taxi system in an attempt to win back customers lost to Uber and Lyft." The app is called Arro, and is being trialled in about 7,000 New York cabs. It sticks with metered prices, rather than the demand-based price increases that Uber institutes for times of peak demand. With so many cabs on the road already, the makers boast that Arro will outpace Uber soon. At least based on my limited experience with each, real competition with Uber or Lyft would require some seminars on good customer service.

An anonymous reader writes: Verizon have released an after-market system called Hum that can bring 'smart' features to 150 million existing cars of various vintages going as far back as 1999. The system consists of an on-board diagnostic (OBD) reader plugged into the vehicle's OBD port and a Bluetooth-enabled device clipped to the visor. It's the presence of the ODB port that limits the maximum age of the car to 1996. Hum comes with an app, and enables features such as automatic accident reporting, roadside assistance services and the tracking of stolen cars. The service will cost $14.99 per month via subscription.

An anonymous reader writes with a story that Virgin Media "announced this month its plans to roll out a free public WiFi network this autumn, using subscribers' personal routers and existing infrastructure to distribute the service across UK cities." And while regular customers' routers are to be the basis of the new network, the publicly viewable overlay would operate over "a completely separate connection," and the company claims subscribers' performance will not be hindered. Why, then, would customers bother to pay? For one thing, because the free version is slow: 0.5Mbps, vs. 10Mbps for Virgin's customers.

An anonymous reader writes: A vulnerability in Apple's iOS sandbox, which could affect personal information as well as configuration settings, has been discovered by Appthority's Enterprise Mobility Threat Team. It affects all mobile device management (MDM) clients, and any mobile applications distributed by an MDM that use the "Managed App Configuration" setting for private data. An attacker could potentially create a rogue app, perhaps masquerading as a productivity tool to increase the chances of it getting installed, and then distribute the attack by means of the iTunes store or "spear fishing" email attacks.

An anonymous reader writes: The Crown Commercial Service (CCS) has signed a deal with Oracle that should allow it to cut down on spending and licensing costs with the software provider. The three-year partnership will see the two collaborate to deliver services to public sector bodies including the National Health Service. A few weeks ago the government announced it would be cutting back on its use of Oracle software, but the new deal instead extends the existing agreement. CCS CEO Sally Collier explained: "The enhanced MoU will deliver savings across government and allow easier and more effective procurement of Oracle products and services. It lays the foundation of a more collaborative relationship between government and Oracle."

An anonymous reader writes: Lightning struck a Google data center in Belgium four times in rapid succession last week, permanently erasing a small amount of users' data from the cloud. The affected disks were part of Google Computer Engine (GCE), a utility that lets people run virtual computers in the cloud on Google's servers. Despite the uncontrollable nature of the incident, Google has accepted full responsibility for the blackout and promises to upgrade its data center storage hardware, increasing its resilience against power outages.

The Stack reports that local police have raided Uber's Hong Kong office, "after several officers posed as Uber customers and arrested drivers on Tuesday morning in an attempt to put an end to illegal taxi services. Five drivers who had offered their services across the taxi-hailing app were arrested on suspicion of illegally carrying passengers and driving without third-party insurance. The men are being held for further investigation." Are local police quite this concerned in your city with car-sharing dispatch services?

An anonymous reader writes: A new flaw has been discovered in the latest version of OS X which allows hackers to install malware and adware onto a Mac without the need for any system passwords, researchers say. The serious zero-day vulnerability was first identified last week and results from a modified error-logging feature in OS X Yosemite which hackers are able to exploit to create files with root privileges. The flaw is currently found in the 'fully patched' OS X 10.10.4, but is not in the newest 10.11 El Capitan beta – suggesting that Apple developers were aware of the issue and are testing a fix.

An anonymous reader writes: At the SoftBank World conference in Tokyo, SoftBank CEO Masayoshi Son has made a case for robots to be developed so as to form empathic and emotional relationships with people. "I'm sure that most people would rather have the warm-hearted person as a friendSomeday robots will be more intelligent than human beings, and [such robots] must also be pure, nice, and compassionate toward people," SoftBank's Aldebaran tech group will make its empathic "Pepper" robot available for companies to rent in Japan from October at a rate of $442 per month.

An anonymous reader writes: An industry insider has told Business Insider of his conviction that ad-serving companies deliberately prolong the 'auctioning' process for ad spots when a web-page loads. They do this to maximize revenue by allowing automated 'late-comers' to participate beyond the 100ms limit placed on the decision-making process. The unnamed source, a principal engineer at a global news company (whose identity and credentials were confirmed by Business Insider), concluded with the comment: "My entire team of devs and testers mostly used Adblock when developing sites, just because it was so painful otherwise." Publishers use 'daisy-chaining' to solicit bids from the most profitable placement providers down to the 'B-list' placements, and the longer the process is run, the more likely that the web-page will be shown with profitable advertising in place.

An anonymous reader writes: A video posted on YouTube showing a drone firing a gun in a wooded area has caused some controversy today. The short video shows a four-rotored custom drone with a special rig containing a handgun. The handgun proceeds to fire four shots, handling the recoil better than might be expected. The user who posted the video also submitted it to Reddit, where a commenter noted that the apparent use of a solenoid trigger would class the device as an automatic weapon under ATF rules.

An anonymous reader writes: The FBI has taken a major role in the shutting down of at least two popular piracy-torrent sites in Romania, according to a report from Romania's High Court of Cassation and Justice. The popular torrenting domains serialepenet.ro and fisierulmeu.ro are now offline after a series of raids on individuals and companies, including a hosting company in Bucharest thought to have some involvement with the pirate operation.

An anonymous reader writes: Following Trend Micro's disclosure of Russian hacking group Pawn Storm's 7-year campaign against military-industrial targets in and related to the United States, the security company has today announced that one of the IP addresses it owns has been 'designated' by the hackers as a C&C server for their spear-phishing scenario. The intent of the DNS record redirection, according to the company, is likely to be to convince others that it has been hacked (which it hasn't), or else to push one of its IP addresses into administrative blacklists.

An anonymous reader writes: A consultant claims that Oracle has adopted the widespread use of 'breach notices' this year to force existing enterprise customers to adopt its newly-bolstered range of cloud services, or else be told to stop using all Oracle software within thirty days. Speaking to Business Insider, the unnamed source described the tactic as a 'nuclear option' which is now practically the default when the need to add services or users to an existing contract triggers an 'audit' by Oracle. An ex-Oracle contract negotiator who now works in the ever-expanding business niche of 'Oracle contract negotiation' commented 'Internally, the water cooler gossip there is that they've never seen this kind of aggression before. Oracle has really dialed it up. Customers are buying cloud services to make the Oracle issue go away, not because they have any intention of using cloud services.'

An anonymous reader writes: Swiss Post has beat Amazon, Alibaba and other researchers into drone-based delivery by launching practical drops using a Matternet four-rotored drone this month. However the company says that five years of testing and negotiation with regulators lie ahead before it will be able to offer a commercial drone-based delivery service. Like Google's Project Wing, the Matternet drone in question is mooted as a potential lifeline in post-disaster situations, but from a business point of view the release notes its potential for 'express delivery of goods' — a further indicator that the future of postal drone delivery may be an exclusive and expensive one.