Slashdot Mirror

An anonymous reader quotes a report from Motherboard: The U.S. government does not have any evidence that WikiLeaks founder Julian Assange succeeded in cracking a password for whistleblower Chelsea Manning, according to a newly unsealed affidavit written by an FBI agent. Last week, Assange was escorted out of the Ecuadorian embassy in London, and arrested for breaching bail in connection to allegations of sexual misconduct in Sweden. The day of Assange's arrest, the U.S. government unsealed an indictment against Assange with a hacking conspiracy charge. The Department of Justice accused WikiLeaks' founder of agreeing to help Manning crack a password that would have helped the former military analyst get into a classified computer system under a username that did not belong to her, making it harder for investigators to trace the eventual leak.

On Monday, the U.S. District Court for the Eastern District of Virginia unsealed the affidavit, which is dated December 21, 2017. The document contains more details on the interactions between Assange and Manning. And, most significantly, contains the admission that the U.S. government -- as of December of 2017 -- had no idea whether Assange actually cracked the password. Until now, we knew that the U.S. was aware that Assange attempted to crack a password for Manning once, but didn't know if it had more evidence of further attempts or whether it thought Assange was successful. "Investigators have not recovered a response by Manning to Assange's question, and there is no other evidence as to what Assange did, if anything, with respect to the password," FBI agent Megan Brown said in the affidavit. According to lawyers, the simple offer to help can be considered part of a conspiracy to violate the Computer Fraud and Abuse Act.

"For purposes of a conspiracy charge, it is not necessary for the action to be successful. All that is needed is an overt action in furtherance of the conspiracy, namely Assange's efforts to crack the password for Manning," Bradley, a lawyer at the Mark Zaid P.C law firm in Washington, DC, told Motherboard via email. "That he failed is irrelevant."

eatmorekix writes: On Saturday, Microsoft confirmed that some users of the company's email service had been targeted by hackers. A hacker or group of hackers had first broken into a customer support account for Microsoft, and then used that to gain access to information related to customers' email accounts such as the subject lines of their emails and who they've communicated with. But the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft's statement, as well as screenshots provided to Motherboard. Microsoft confirmed to Motherboard that hackers gained access to the content of some customers' emails.

An anonymous reader quotes Motherboard: In response to Amazon packages being stolen from people's doorsteps, police departments around the country have set up sting operations that use fake packages bugged with GPS trackers to find and arrest people who steal packages. Internal emails and documents obtained by Motherboard via a public records request show how Amazon and one police department partnered to set up one of these operations.

The documents obtained by Motherboard -- which include an operations plan and internal emails between Amazon and the Hayward, California Police Department -- show that Amazon's "national package theft team" made several calls to the Hayward Police Department and sent the department packages, tape, and stickers that allowed the department to set up a "porch pirate" operation in November and December of 2018... Several other cities around the country -- including Aurora, Colorado; Albuquerque, New Mexico; Jersey City, New Jersey; and Hayward, California -- have also conducted porch pirate sting operations aided by Amazon. Jersey City, New Jersey -- like Hayward, California -- put GPS-tracking devices inside the dummy packages. Aurora and Albuquerque, meanwhile, used doorbell cameras from Ring -- which is owned by Amazon -- to capture video footage and surveil for theft.

An anonymous reader quotes Vice: On Wednesday, the Illinois State Senate passed the Keep Internet Devices Safe Act, a bill that would ban manufacturers of devices that can record audio from doing so remotely without disclosing it to the customer. But after lobbying from trade associations that represent the interests of Google, Amazon -- makers of the microphone-enabled Google Home and Alexa smart speakers, respectively -- and Microsoft, among other companies, the interests of big tech won out... In its current, neutered form, the bill provides exclusive authority to the Attorney General to enforce the Act, which means regular citizens won't be able to bring forward a case regarding tech giants recording them in their homes.
Ars Technica notes the move comes after Amazon admitted thousands of their employees listen to Alexa recordings -- "something not mentioned in Echo's terms of service or FAQ pages."

Vice points out that sometimes those recordings are shared "even after users opt out of having their data used in the program."

An anonymous reader quotes a report from Motherboard: Tens of thousands of perfectly usable iPhones are scrapped each year by electronics recyclers because of the iPhone's "activation lock," according to a new analysis paper published Thursday. Earlier this year, we published a lengthy feature about the iPhone's activation lock (also called iCloud lock informally), an anti-theft feature that prevents new accounts from logging into iOS without the original user's iCloud password. This means that stolen phones can't be used by the person who stole it without the original owner's iCloud password (this lock can also be remotely enabled using Find My iPhone.) The feature makes the iPhone a less valuable theft target, but it has had unintended consequences, as well. iCloud lock has led to the proliferation of an underground community of hackers who use phishing and other techniques to steal iCloud passwords from the original owner and unlock phones. It's also impacted the iPhone repair, refurbishing, and recycling industry, because phones that are legitimately obtained often still have iCloud enabled, making that phone useless except for parts.

Between 2015 and 2018, the Wireless Alliance, the recycling company in question, collected roughly 6 million cell phones in donation boxes it set up around the country. Of those, 333,519 of them were iPhones deemed by the company to be "reusable." And of those, 33,000 of them were iCloud locked and had to be stripped for parts and scrap metal. Last year, a quarter of all reusable iPhones it collected were activation locked. Allison Conwell, a coauthor of the CoPIRG report, told me in a phone call that the Wireless Alliance's findings show that many people donate their devices intending for them to be reused, but they're scrapped instead. In her paper, Conwell suggests that Apple should work with certified recyclers to unlock phones that have been legitimately donated (a survey of random devices conducted by the Wireless Alliance found that more than 90 percent of them had not been reported lost or stolen.) The paper suggests that Apple could either unlock phones that have not been reported lost or stolen for 30 days, or affirmatively ask users whether they had donated their previous phone and unlock it that way.

An anonymous reader quotes a report from Motherboard: Tens of thousands of perfectly usable iPhones are scrapped each year by electronics recyclers because of the iPhone's "activation lock," according to a new analysis paper published Thursday. Earlier this year, we published a lengthy feature about the iPhone's activation lock (also called iCloud lock informally), an anti-theft feature that prevents new accounts from logging into iOS without the original user's iCloud password. This means that stolen phones can't be used by the person who stole it without the original owner's iCloud password (this lock can also be remotely enabled using Find My iPhone.) The feature makes the iPhone a less valuable theft target, but it has had unintended consequences, as well. iCloud lock has led to the proliferation of an underground community of hackers who use phishing and other techniques to steal iCloud passwords from the original owner and unlock phones. It's also impacted the iPhone repair, refurbishing, and recycling industry, because phones that are legitimately obtained often still have iCloud enabled, making that phone useless except for parts.

Between 2015 and 2018, the Wireless Alliance, the recycling company in question, collected roughly 6 million cell phones in donation boxes it set up around the country. Of those, 333,519 of them were iPhones deemed by the company to be "reusable." And of those, 33,000 of them were iCloud locked and had to be stripped for parts and scrap metal. Last year, a quarter of all reusable iPhones it collected were activation locked. Allison Conwell, a coauthor of the CoPIRG report, told me in a phone call that the Wireless Alliance's findings show that many people donate their devices intending for them to be reused, but they're scrapped instead. In her paper, Conwell suggests that Apple should work with certified recyclers to unlock phones that have been legitimately donated (a survey of random devices conducted by the Wireless Alliance found that more than 90 percent of them had not been reported lost or stolen.) The paper suggests that Apple could either unlock phones that have not been reported lost or stolen for 30 days, or affirmatively ask users whether they had donated their previous phone and unlock it that way.

An anonymous reader shares a report: In 2015, WIRED published a list of the 'dark web drug lords who got away.' That list included the Dread Pirate Roberts 2 (DPR2), the creator of the second Silk Road site, which launched almost immediately after the FBI ended the first with the famous arrest of founder Ross Ulbricht. Under DPR2, Silk Road 2 went on to rake in hundreds of thousands of dollars a day. The FBI shut that one down too and arrested its remaining administrator. By that time, DPR2 had already passed ownership of the site on and, publicly, it looked like he had evaded prosecution.

But today, a court in Liverpool, England, sentenced Thomas White, a technologist and privacy activist, for crimes committed in part while running Silk Road 2 under the DPR2 persona, among other crimes committed under another persona. White pleaded guilty to drug trafficking, money laundering, as well as making indecent images of children, and was sentenced to a total of 5 years and 4 months in prison. White's arrest took place in November 2014, but the case has remained largely under-wraps because of the UK's strict court reporting rules, which prohibit journalists from covering cases before their conclusion. This is to stop suspects facing "trial by media," and in order to let cases run their course.

An anonymous reader shares a report: In 2015, WIRED published a list of the 'dark web drug lords who got away.' That list included the Dread Pirate Roberts 2 (DPR2), the creator of the second Silk Road site, which launched almost immediately after the FBI ended the first with the famous arrest of founder Ross Ulbricht. Under DPR2, Silk Road 2 went on to rake in hundreds of thousands of dollars a day. The FBI shut that one down too and arrested its remaining administrator. By that time, DPR2 had already passed ownership of the site on and, publicly, it looked like he had evaded prosecution.

But today, a court in Liverpool, England, sentenced Thomas White, a technologist and privacy activist, for crimes committed in part while running Silk Road 2 under the DPR2 persona, among other crimes committed under another persona. White pleaded guilty to drug trafficking, money laundering, as well as making indecent images of children, and was sentenced to a total of 5 years and 4 months in prison. White's arrest took place in November 2014, but the case has remained largely under-wraps because of the UK's strict court reporting rules, which prohibit journalists from covering cases before their conclusion. This is to stop suspects facing "trial by media," and in order to let cases run their course.

An anonymous reader quotes a report from Motherboard: On Wednesday, an international team of scientists published the first image of a black hole ever. It looked like a SpaghettiO, and yet the image was an incredible scientific achievement that gave humanity a glimpse of one of the universe's most destructive forces and confirmed long-held theories -- namely, that black holes exist. Storing the raw data for the image was a feat itself -- tiny portions of data spread across five petabytes stored on multiple hard drives, the equivalent of 5,000 years worth of MP3s. Katie Bouman, a computer scientist and assistant professor at the California Institute of Technology, led the development of the algorithm that imaged the black hole. An image of her posing with some of the data drives went viral as observers praised her success.

The massive amounts of data were essential to creating the image of the black hole. Bouman and other scientists coordinated radio telescopes all over the Earth, each pointed at the black hole and gathering data at different times. The data scientists then pieced this information together and used an algorithm to fill in the blanks and generate a likely image of the black hole. The five petabytes of data took up such a massive amount of digital and physical space it couldn't be sent over the internet. Instead, the hard drives were flown to processing centers in Germany and Boston where the data was assembled. On Reddit's /r/datahoarder subreddit, a community dedicated to spreading the passion of hoarding vast amounts of data, the drives were bigger news than the scientific achievement itself.

U.S. Senators Mark R. Warner (D-VA) and Deb Fischer (R-NE) have introduced a bill to ban online social media companies from tricking consumers into giving away the rights to their data. The Deceptive Experiences To Online Users Reduction (DETOUR) Act would ban companies "from manipulating adults into signing away their data, or manipulating children into staying on a platform compulsively," reports Motherboard. "The bill also requires platforms to ensure informed consent from users before green-lighting academic studies." From the report: The DETOUR Act would make it illegal to "design, modify, or manipulate a user interface" in order to obscure, subvert, or impair a user's ability to decide how their data is used. The interface refers to the "style, layout, and text" of a privacy policy. The rigor of default privacy regulations would also be subject to regulation under the DETOUR Act. The DETOUR Act would also ban features that encourage "compulsive usage" for children under 13 years old. This would directly target platforms like YouTube, which has auto-play for both its regular site and for its child-specific YouTube Kids app. A representative for Common Sense Media told Motherboard in a phone call that the organization provided feedback and input to the authors of the bill.

The law would also apply to "behavioral or psychological experiments or studies," such as the ones used by Cambridge Analytica in order to sort users by personality type. Per the bill, any such studies have to get informed consent first, and experimenters would need to make routine disclosures to participants and to the public every 90 days. If enacted, the DETOUR Act would require tech companies to make their own Independent Review Boards, which would be responsible for making sure they comply with the law. The act would also give the FTC one year to make infrastructure to would review tech companies and enforce violations of the law.

Security researchers have found a new kind of government malware that was hiding in plain sight within apps on Android's Play Store. And they appear to have uncovered a case of lawful intercept gone wrong. An anonymous reader writes: This new case once again highlights the limits of Google's filters that are intended to prevent malware from slipping onto the Play Store. In this case, more than 20 malicious apps went unnoticed by Google over the course of roughly two years. Motherboard has also learned of a new kind of Android malware on the Google Play store that was sold to the Italian government by a company that sells surveillance cameras but was not known to produce malware until now. Experts told Motherboard the operation may have ensnared innocent victims as the spyware appears to have been faulty and poorly targeted. Legal and law enforcement experts told Motherboard the spyware could be illegal. The spyware apps were discovered and studied in a joint investigation by researchers from Security Without Borders, a non-profit that often investigates threats against dissidents and human rights defenders, and Motherboard. The researchers published a detailed, technical report of their findings on Friday.

Modern Labor promises to teach you to code in five months and help find you a job when you graduate -- but you're on the hook for the next two years. From a report: Most coding bootcamps almost sound like get-rich-quick schemes: Devote a few months to learning a new skill from home, and walk into a job that could pay you $70,000 a year to start. For the most immersive programs, you'll need to put your life on hold while you learn full-time. Usually, students pay for those coding bootcamps upfront while they take time off their jobs to learn.

Startup coding bootcamp Modern Labor pays people $2,000 a month for five months while they learn to code, following a curriculum remotely from wherever they live for at least 30 hours every week (working out to roughly minimum wage). After graduation, if they land a job that pays at least $40,000, Modern Labor takes 15 percent of their salary for the next two years. For example, if they find a job that pays $80,000, they'll pay Modern Labor $24,000 over two years. [...] Modern Labor's business model is an example of an "income sharing agreement," a scheme that's on-trend for Wall Street and Silicon Valley entrepreneurs looking to disrupt education.

A leaked internal document outlines a program that looks almost exactly like the requirements of right to repair legislation that has been proposed in 20 states. From a report: As Apple continues to fight legislation that would make it easier for consumers to repair their iPhones, MacBooks, and other electronics, the company appears to be able to implement many of the requirements of the legislation, according to an internal presentation obtained by Motherboard. According to the presentation, titled "Apple Genuine Parts Repair" and dated April 2018, the company has begun to give some repair companies access to Apple diagnostic software, a wide variety of genuine Apple repair parts, repair training, and notably places no restrictions on the types of repairs that independent companies are allowed to do. The presentation notes that repair companies can "keep doing what you're doing, with ... Apple genuine parts, reliable parts supply, and Apple process and training."

This is, broadly speaking, what right to repair activists have been asking state legislators to require companies to offer for years. "This looks to me like a framework for complying with right to repair legislation," Kyle Wiens, CEO of iFixit and a prominent member of the right to repair movement, told me on the phone. "Right now, they are only offering it to a few megachains, but it seems clear to me that it would be totally possible to comply with right to repair."

Massachusetts Senator and Democratic Presidential hopeful Elizabeth Warren has become the highest profile politician to support right to repair legislation in the United States. From a report: On Wednesday, Warren outlined a sweeping plan to support family farms and diminish the power of corporate agriculture. At the top of the list, she supports a national right-to-repair law for tractors and other agricultural equipment. That means she supports the simple idea that people who own a tractor should be able to repair it without permission from John Deere or any other manufacturer. "Farmers should be able to repair their own equipment or choose between multiple repair shops," Warren said in a Medium post outlining her proposal. "That's why I strongly support a national right-to-repair law that empowers farmers to repair their equipment without going to an authorized agent." For now, Warren's proposal would apply only to farm equipment, not consumer electronics.

[...] Farmers operating John Deere tractors have been fighting against John Deere's repair monopoly for years. Device manufacturers don't want people repairing their own stuff and they've taken pains to make it difficult to do so. Newer John Deere equipment comes loaded with software and firmware that make it impossible for farmers to fix their own equipment. Instead, they have to call an authorized dealer and wait for them to show up -- a fix that's too slow and too costly for a farmer. "The national right-to-repair law should require manufacturers of farm equipment to make diagnostic tools, manuals, and other repair-related resources available to any individual or business, not just their own dealerships and authorized agents," Warren said. "This will not only allow individuals to fix their own equipment -- reducing delays -- but it will also create competition among dealers and independent repair shops, bringing down prices overall." Further reading: Grandson of Legendary John Deere Inventor Calls Out Company On Right To Repair.

Facebook will begin banning posts, photos and other content that reference white nationalism and white separatism, revising its rules in response to criticism that a loophole had allowed racism to thrive on its platform. From a report: Previously, Facebook only had prohibited users from sharing messages that glorified white supremacy -- a rhetorical discrepancy, in the eyes of civil rights advocates, who argued that white nationalism, supremacy and separatism are indistinguishable and that the policy undermined the tech giant's stepped-up efforts to combat hate speech online. Facebook now agrees with that analysis, [Editor's note: the link may be paywalled; alternative source] according to people who've been briefed on the decision. The new policy also applies to Instagram. The rise and spread of white nationalism on Facebook were thrown into sharp relief in the wake of the deadly neo-Nazi rally in Charlottesville, Virginia, in 2017, when self-avowed white nationalists used the social networking site as an organizing tool.

An anonymous reader quotes a report from Motherboard: Last month, Democrats introduced a simple three page bill that would do one thing: restore FCC net neutrality rules and the agency's authority over ISPs, both stripped away by a hugely-controversial decision by the agency in late 2017. Tuesday morning, the Save the Internet Act passed through a key House committee vote and markup session -- despite some last-minute efforts by big telecom to weaken the bill.

"Net neutrality is coming back with a vengeance," said Evan Greer, deputy director of consumer group Fight for the Future said in a statement. "Politicians are slowly learning that they can't get away with shilling for big telecom anymore," Greer said. "We're harnessing the power of the Internet to save it, and any lawmaker who stands in our way will soon face the wrath of their constituents, who overwhelmingly want lawmakers to restore these basic protections." Greer told Motherboard that several last minute amendments were introduced by lawmakers during the markup period in an attempt to water down the bill, but all were pulled in the wake of widespread public interest in the hearing. "It seems like the GOP retreated a bit given after the huge swell of public support," said Greer, who told Motherboard that 300,000 people watched the organization's livestream of the markup process. That attention "really emboldened the Democrats and shored up the ones that were wobbling," Greer said.

ASUS is believed to have pushed malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company's server and used it to push the malware to machines. From a report: Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world's largest computer makers, was used to unwittingly to install a malicious backdoor on thousands of its customers' computers last year after attackers compromised a server for the company's live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says. ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.

The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines. Kaspersky Lab said it uncovered the attack in January after adding a new supply-chain detection technology to its scanning tool to catch anomalous code fragments hidden in legitimate code or catch code that is hijacking normal operations on a machine. The company plans to release a full technical paper and presentation about the ASUS attack, which it has dubbed ShadowHammer, next month at its Security Analyst Summit in Singapore.

eatmorekix quotes Vice: It only took around ten seconds. On Wednesday, I created a fresh Instagram account, and followed 'Beware the Needle', a user with 34,000 followers which posts a steady stream of anti-vaccination content. I also followed the user's "backup" account mentioned in its bio, the creator clearly aware that Instagram may soon ban them. Instagram's "Suggested for You" feature then recommended I follow other accounts, including "Vaccines are Genocide" and "Vaccine Truth." I followed the latter, and checked which accounts Instagram now thought would be a good fit for me: another 24 accounts that were either explicitly against vaccinations in their profile description, or that posted anti-vaccine content.

They included pseudo-scientists claiming that vaccines cause autism; accounts with tens of thousands of followers promising the "truth" around vaccinations through memes and images of misleading statistics, as well as individual mothers spouting the perceived, but false, dangers of vaccinating children against measles, polio, and other diseases.
"Instagram told Motherboard it will be looking at different ways to minimize these sorts of recommendations," the article reports, but "did not give a more specific timeframe for this change...."

"For the moment, however, Instagram remains a hot bed of easy to discover misinformation on vaccinations."

An anonymous reader quotes a report from Motherboard: Microsoft this week was the latest to highlight the U.S. government's terrible broadband mapping in a filing with the FCC, first spotted by journalist Wendy Davis. In it, Microsoft accuses the FCC of over-stating actual broadband availability and urges the agency to do better. "The Commission's broadband availability data, which underpins FCC Form 477 and the Commission's annual Section 706 report, appears to overstate the extent to which broadband is actually available throughout the nation," Microsoft said in the filing. "For example, in some areas the Commission's broadband availability data suggests that ISPs have reported significant broadband availability (25 Mbps down/3 Mbps up) while Microsoft's usage data indicates that only a small percentage of consumers actually access the Internet at broadband speeds in those areas," Microsoft said.

Similar criticism has long plagued the agency. The FCC's broadband data is received via the form 477 data collected from ISPs. But ISPs have a vested interest in over-stating broadband availability to obscure the sector's competition problems, and the FCC historically hasn't worked very hard to independently verify whether this data is truly accurate. The FCC's methodology has long been criticized as well. As it currently stands, the agency declares an entire ZIP code as "served" with broadband if just one home in an entire census block has it. In its filing, Microsoft "suggested that the Commission's ongoing effort to more accurately measure broadband could be improved by drawing on the FCC's subscription data, along with other broadband data sets from third-parties such as Microsoft, to complement survey data submitted under the current rules."

Services like Google's Stadia seem convenient, but they could completely change the past and future of video games, writes Rich Whitehouse, a video game preservationist and veteran programmer in the video game industry. From the story: For most of today's games, modding isn't an especially friendly process. There are some exceptions, but for the most part, people like me are digging into these games and reverse engineering data formats in order to create tools which allow users to mod the games. Once that data starts only existing on a server somewhere, we can no longer see it, and we can no longer change it. I expect some publishers/developers to respond to this by explicitly supporting modifications in their games, but ultimately, this will come with limitations and, most likely, censorship. As such, this represents an end of an era, where we're free to dig into these games and make whatever we want out of them. As someone who got their start in game development through modding, I think this sucks. It is also arguably not a healthy direction for the video game industry to head in. Dota 2, Counter-Strike, and other massively popular games that generate millions of dollars annually, all got their start as user-modifications of existing video games from big publishers. Will we still get the new Counter-Strike if users can't mod their games?

[...] The bigger problem here, as I see it, is analysis and preservation. There is so much more history to a video game than the playable end result conveys. When the data and code driving a game exists only on a remote server, we can't look at it, and we can't learn from it. Reverse engineering a game gives us tons of insight into its development, from lost and hidden features to actual development decisions. Indeed, even with optimizing compilers and well-defined dependency trees which help to cull unused data out of retail builds, many of the popular major releases of today have plenty waiting to be discovered and documented. We're already living in a world where the story of a game's development remains largely hidden from the public, and the bits that trickle out through presentations and conferences are well-filtered, and often omit important information merely because it might not be well-received, might make the developer look bad, etc. This ultimately offers up a deeply flawed, relatively sparse historical record.

Apple recently updated the upgrade options for the iMac Pro, and getting the very best will cost you. A baseline model will cost you just under $5,000, and maxing out the hardware to absurd heights runs a whopping $15,927. An anonymous reader writes: The most expensive possible upgrade is a $5,200 charge for upgrading the RAM from 32GB to a startling 256GB. Other addons include an additional $700 for a 16GB Radeon video card and $2,400 for a 2.3 Ghz Intel processor with 18 cores. Almost $16,000 is a lot of money for a computer, especially one so overpowered that there are very few reasonable applications of its hardware. Most people will never need more than 16GB of RAM to play video games, and 32-64GB will take care of most video editing and 3D modeling tasks. With 256GB of RAM, you could run advanced AI processes or lease computing power to other people.

The world's largest scientific publisher, Elsevier, left a server open to the public internet, exposing user email addresses and passwords. "The impacted users include people from universities and educational institutions from across the world," reports Motherboard. "It's not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials." From the report: "Most users are .edu [educational institute] accounts, either students or teachers," Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. "They could be using the same password for their emails, iCloud, etc." Motherboard verified the data exposure by asking Hussein to reset his own password to a specific phrase provided by Motherboard before hand. A few minutes later, the plain text password appeared on the exposed server. Elsevier secured the server after Motherboard approached the company for comment. Hussein also provided Elsevier with details of the security issue.

An Elsevier spokesperson told Motherboard in an emailed statement that "The issue has been remedied. We are still investigating how this happened, but it appears that a server was misconfigured due to human error. We have no indication that any data on the server has been misused. As a precautionary measure, we will also be informing our data protection authority, providing notice to individuals and taking appropriate steps to reset accounts."

Reader samleecole writes: Recently I was looking around at the state of modern image editors and discovered something really disappointing. The issue? Well, even with the rise of modern Photoshop alternatives such as Affinity Photo and Pixelmator, these image editors are not designed to handle animated GIFs. Which means that, despite the fact that I'd certainly love to see what life is like outside of the world of Adobe, it looks like I'm stuck in that ecosystem for a little while longer. Don't get me wrong: Adobe's software is great, if a bit expensive. But I do think that its business model highlights just how consolidated its power actually is -- and it's not talked about nearly enough in the creative space.

[...] Adobe is too powerful and can ignore things it doesn't want to do -- whether in the form of cutting prices or ignoring usability concerns -- in part because it carries itself like it's the only game in town. Here's a case in point that matters a lot to me, actually: Apple has supported a native fullscreen mode in Mac OS since 10.7, better known as Lion. It's a fundamental feature, and helps keep windows well-sorted on laptops in particular. It works pretty well in every major Mac application -- except Adobe's. Worse, if you drag a picture from a web browser into Photoshop, the window moves and doesn't stay in the middle of the screen, creating a constant frustration that could be remedied if, again, Adobe bothered to support the native fullscreen mode that has come in Mac OS for the past seven and a half years.

Reader samleecole writes: Recently I was looking around at the state of modern image editors and discovered something really disappointing. The issue? Well, even with the rise of modern Photoshop alternatives such as Affinity Photo and Pixelmator, these image editors are not designed to handle animated GIFs. Which means that, despite the fact that I'd certainly love to see what life is like outside of the world of Adobe, it looks like I'm stuck in that ecosystem for a little while longer. Don't get me wrong: Adobe's software is great, if a bit expensive. But I do think that its business model highlights just how consolidated its power actually is -- and it's not talked about nearly enough in the creative space.

[...] Adobe is too powerful and can ignore things it doesn't want to do -- whether in the form of cutting prices or ignoring usability concerns -- in part because it carries itself like it's the only game in town. Here's a case in point that matters a lot to me, actually: Apple has supported a native fullscreen mode in Mac OS since 10.7, better known as Lion. It's a fundamental feature, and helps keep windows well-sorted on laptops in particular. It works pretty well in every major Mac application -- except Adobe's. Worse, if you drag a picture from a web browser into Photoshop, the window moves and doesn't stay in the middle of the screen, creating a constant frustration that could be remedied if, again, Adobe bothered to support the native fullscreen mode that has come in Mac OS for the past seven and a half years.

An anonymous reader quotes a report from Motherboard: How to fund ethical journalism in the Facebook era is the multi-billion dollar question of the hour, and a technology-focused consumer group by the name of Free Press believes it has a solution. The group has unveiled a new proposal that suggests taxing all online targeted advertising, then using that money to fund the nation's struggling news empires, big and small. The program would apply a 2 percent tax on companies generating more than $200 million in annual targeted-ad revenues, then use that money to create a "Public Interest Media Endowment." The $2 billion collected annually would then be managed by the government itself, or an outside, existing institution such as the Corporation for Public Broadcasting. Such a tax would most obviously apply to both social media giants, but also the giant telecom monopolies increasingly trying to elbow their way into the online ad space. This endowment, in turn, would help fund local journalism, investigative reporting, media literacy, noncommercial social networks, civic-technology projects, and "news and information for underserved communities," suggests the group. "The problem for journalism is that Facebook and Google control nearly 70 percent of this marketplace," Free Press Director Tim Karr told Motherboard via email. "And neither are news organizations. In fact, only one of the top ten digital advertisers in the U.S. (Verizon Media Group/Oath) is in the news business (HuffPost, Techcrunch), and then only partially so."

A new report out of the University of Cambridge studied the experiences of a total of 2,700 primary and secondary students in the UK and Italy and found that primary and secondary school girls had higher levels of both math anxiety and general anxiety than boys. "The study also focuses on how parents and teachers shape math performance and attitudes, perhaps without even realizing it," adds Motherboard. "In the same way that anxious parents can shape their children's anxiety, math-anxious mentors can shape how kids view their own math anxiety." From the report: The new study builds on previous research by highlighting the importance of teachers and parents' own math anxieties impacting students. Most students that the researchers talked to said that their anxiousness started when the math topics became more challenging, and they felt like they couldn't do them. Another reason the students' said they were struggling was because multiple teachers were teaching them math, and it became confusing across teaching styles. "Importantly -- and surprisingly -- this new research suggests that the majority of students experiencing maths anxiety have normal to high maths ability," Josh Hillman, Director of Education at the Nuffield Foundation, said in a press release.

Several of the excerpts of the interviews conducted by researchers with math-anxious kids are heartbreaking: Many described feelings that they knew the answers but panicked, or tried to battle through initial confusion. One child, around 9 or 10 years old, said: "Once, I think it was the first day and he picked on me, and I just kind of burst into tears because everybody was staring at me and I didn't know the answer. Well I probably knew it but I hadn't thought it through." Another described doing a fractions test: "It means like enormously [nervous], and enormously means like massively... I felt very unwell and I was really scared and because my table's in the corner, I kind of just like tried to not be in the lesson."

An anonymous reader quotes a report from Motherboard: Now, for Pi Day (March 14), music software programmer Canton Becker has crafted a million-hour song based on Pi that unfolds generatively on a virtual tape deck. Titled "Shepard's Pi," the song combines two of Becker's favorite infinities: Pi, and an auditory illusion called a Shepard tone, which he describes as an "unsettling sonic illusion of a pitch that climbs or descends forever, never reaching a top or a bottom." Found at PiSongs.com, users can tune into "Shepard's Pi" in real time with a custom virtual tape deck. The track itself evolves moment to moment, but the synthesized and sampled tones will be familiar to anyone who has ever listened to the electronic music of Kraftwerk, Tangerine Dream, Aphex Twin, and Global Communication. Far from being a mere gimmick, it is a highly evocative and transporting piece of electronic music, alternately ambient, glitchy, and interestingly rhythmic. The 58,999 GB MP3 file needed to be distributed via a webpage or app, so Becker "started hacking away at the basic algorithm in the programming languages PHP and Javascript," reports Motherboard. "In between coding marathons, Becker composed and recorded the loops and samples that would form the basis of the song. He experimented with sounds that would work well together regardless of being stacked one upon the other."

"When users hit 'play' on the virtual tape deck, the algorithm actually 'performs' the piece," the report says. "This way, the 114-year song can fit in just one gigabyte of space, which is mostly comprised of the digits of Pi. The virtual tape deck was also a solution to a built-in quirk of browsers such as Chrome, Safari, and Firefox -- users must click on a webpage to trigger a sound." From start to finish, the song lasts 999,999 hours, "a limitation imposed by only considering the first one billion digits of Pi."

samleecole writes: For years security professionals and election integrity activists have been pushing voting machine vendors to build more secure and verifiable election systems, so voters and candidates can be assured election outcomes haven't been manipulated. Now they might finally get this thanks to a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.

The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from special secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters don't have to blindly trust that the machines and election officials delivered correct results.

eatmorekix shares a report from Motherboard: Glocom, a front company for the government of North Korea that sells sanctioned equipment, isn't giving up. In 2017, before YouTube quietly removed Glocom's channel, the company was advertising missile navigation and other military products on the video platform. But Glocom has returned. It setup a new channel, and also had a presence on Twitter, until Motherboard flagged Glocom's accounts to social media companies. The news not only signals the perseverance of parts of the North Korean's money-making enterprises, but also a slice of the content moderation issues that tech platforms constantly face. Glocom "is using them as platforms to market sanctions violating products," Shea Cotton, research associate at the James Martin Center for Nonproliferation Studies, and who has a particular focus on North Korea, told Motherboard in an email. A United Nations report says that Glocom is run by North Korean intelligence agents, even though it pitches itself as a Malaysian company.

Cotton said "this company continues to operate openly. Most DPRK [Democratic Peoples' Republic of Korea] fronts, when exposed, usually fold or at the very least shut down and move their operations to another country and re-open under a new name. This one hasn't done that. We've seen them try to create this spin off brand called 'FACOM' and sell a few of their products under it but as you've seen their main brand is still thriving apparently."

Cells from a woolly mammoth that died more than 28,000 years ago have been partially reactivated inside of mouse egg cells, according to a study published Monday in Scientific Reports. "The achievement shows that biological activity can be induced in the cells of long-dead creatures, but that does not mean that scientists will be resurrecting extinct animals like mammoths any time soon," reports Motherboard. From the report: A team led by Kazuo Yamagata, a biologist at Kindai University in Japan, extracted cells from the remains of "Yuka," a young female mammoth discovered in 2010 on the coast of the Dmitry Laptev Strait in the Russian Far East. Yuka was entombed in permafrost, a frozen ground layer that can often keep the skin, fur, brains, and other softer tissues of dead animals intact. Because Yuka is in particularly great condition, Yamagata's team was able to extract 88 nucleus-like structures from her preserved muscle tissues. The mammoth cells were implanted into mouse oocytes, which are ovarian cells involved in embryonic development. The researchers also implanted elephant cells into mouse eggs to provide a control sample.

Once the cell nuclei were incubated, they seemed to reawaken -- but only slightly. The cells did not divide, but completed some steps that precede cell division. For instance, the mammoth nuclei performed a process called "spindle assembly," which ensures that chromosomes are correctly attached to microscopic spindle structures before a parent cell breaks into two daughter cells. The fact that Yuka's cells were able to spring back into partial action is both an exciting and challenging development for scientists interested in cloning extinct animals. On one hand, some degree of cellular reactivation is clearly possible. But Yuka is also an exceptionally pristine specimen, and even her cells were not able to complete cell division -- a major hurdle that scientists must clear to accomplish de-extinction.

Cells from a woolly mammoth that died more than 28,000 years ago have been partially reactivated inside of mouse egg cells, according to a study published Monday in Scientific Reports. "The achievement shows that biological activity can be induced in the cells of long-dead creatures, but that does not mean that scientists will be resurrecting extinct animals like mammoths any time soon," reports Motherboard. From the report: A team led by Kazuo Yamagata, a biologist at Kindai University in Japan, extracted cells from the remains of "Yuka," a young female mammoth discovered in 2010 on the coast of the Dmitry Laptev Strait in the Russian Far East. Yuka was entombed in permafrost, a frozen ground layer that can often keep the skin, fur, brains, and other softer tissues of dead animals intact. Because Yuka is in particularly great condition, Yamagata's team was able to extract 88 nucleus-like structures from her preserved muscle tissues. The mammoth cells were implanted into mouse oocytes, which are ovarian cells involved in embryonic development. The researchers also implanted elephant cells into mouse eggs to provide a control sample.

Once the cell nuclei were incubated, they seemed to reawaken -- but only slightly. The cells did not divide, but completed some steps that precede cell division. For instance, the mammoth nuclei performed a process called "spindle assembly," which ensures that chromosomes are correctly attached to microscopic spindle structures before a parent cell breaks into two daughter cells. The fact that Yuka's cells were able to spring back into partial action is both an exciting and challenging development for scientists interested in cloning extinct animals. On one hand, some degree of cellular reactivation is clearly possible. But Yuka is also an exceptionally pristine specimen, and even her cells were not able to complete cell division -- a major hurdle that scientists must clear to accomplish de-extinction.

An international group of researchers who have been examining the source code for an internet voting system that Switzerland plans to roll out this year have found a critical flaw in the code that would allow someone to alter votes without detection. New submitter eatmorekix shares a report: The cryptographic backdoor exists in a part of the system that is supposed to verify that all of the ballots and votes counted in an election are the same ones that voters cast. But the flaw could allow someone to swap out all of the legitimate ballots and replace them with fraudulent ones, all without detection. "The vulnerability is astonishing," said Matthew Green, who teaches cryptography at Johns Hopkins University and did not do the research but read the researchers' report. "In normal elections, there is no single person who could undetectably defraud the entire election. But in this system they built, there is a party who could do that."

The researchers provided their findings last week to Swiss Post, the country's national postal service, which developed the system with the Barcelona-based company Scytl. Swiss Post said in a statement the researchers provided Motherboard and that the Swiss Post plans to publish online on Tuesday, that the researchers were correct in their findings and that it had asked Scytl to fix the issue. It also downplayed the vulnerability, however, saying that to exploit it, an attacker would need control over Swiss Postâ(TM)s secured IT infrastructure "as well as help from several insiders with specialist knowledge of Swiss Post or the cantons."

Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple to bypass Apple's protections and security features to uncover iPhone vulnerabilities and other sensitive info, Motherboard reported Wednesday, citing two dozen security researchers, current and former Apple employees, rare phone collectors, and members of the iPhone jailbreaking community. From the report: These rare iPhones have many security features disabled, allowing researchers to probe them much more easily than the iPhones you can buy at a store. Since the Black Hat talk, dev-fused iPhones have become a tool that security researchers around the world use to find previously unknown iPhone vulnerabilities (known as zero days), Motherboard has learned. Dev-fused iPhones were never intended to escape Apple's production pipeline have made their way to the gray market, where smugglers and middlemen sell them for thousands of dollars to hackers and security researchers. Using the information gleaned from probing a dev-fused device, researchers can sometimes parlay what they've learned into developing a hack for the normal iPhones hundreds of millions of people own.

Slashdot reader and Motherboard writer dmoberhaus was the final participant in the world's first brain imaging study on salvinorin A, the psychoactive chemical in salvia divinorum. He wrote about what it's like to participate in a psychedelic drug trial, and why he volunteered to smoke the world's least favorite hallucinogen for science. Here's an excerpt from his report: I was first introduced to salvia when I was a freshman in high school, and by the time I graduated I had smoked it about a dozen times. In retrospect, I would not describe a single one of those experiences as "pleasant," "enjoyable," or "fun." The last time I used salvia was almost a decade ago, and during that trip I became convinced that I had been irreversibly transformed into a suspension bridge. Good times. Despite a history of bad experiences with the substance, I volunteered for the Johns Hopkins salvinorin A study out of a suspicion that salvia probably had more to offer than what I experienced in high school. As a teen, each of my salvia experiences was under less than ideal conditions -- usually at a party or in a park after curfew. These sorts of situations lend themselves to paranoia and anxiety, which don't mix well with a strong dissociative hallucinogen. I figured if the settings were changed to a relaxed environment where I was surrounded by medical professionals, perhaps the nature of the trip would as well.
[...]
For the first salvia session I laid on the couch and donned an eye mask while [Manoj Doss, a postdoctoral researcher who specializes in memory] sat at the far end of the room with the smoking apparatus. The simple device consisted of a small glass bulb with a plastic hose connected to the top and was described to me as an "FDA-approved crack pipe." Along the bottom of the bulb was a barely noticeable residue of a white crystalline substance, which I was informed was one dose of 99.9% pure salvinorin A. I was given one end of the hose and instructed to begin a 45-second long inhale as Doss vaporized the salvinorin A with a butane torch. At the same time, Clifton began to play a new age soundtrack through speakers and came to put his hand on my leg to ground me during the trip. When the 45 seconds were up, I exhaled and felt the effects of the salvia almost immediately.

The first thing I noticed was the feeling of my body dissolving. Shortly after I began feeling the physical effects, the hallucinations began. I felt as though my head had split in two and a patterned stream began flowing from both sides of my face. This stream was a "harlequin pattern" of large brown and white diamonds that flowed away from me and began to form the "boundary" of an infinite three-dimensional space. These diamonds continued to tessellate to an infinite point and I felt as though I were suspended above this expanse, hanging like a figure head hangs off the bow of a ship. Throughout the trip, I remember being overcome by the profound beauty of the scene I was witnessing. If I tried to focus, I could remember that in base reality I was in a room in Johns Hopkins, but that didn't alleviate the feeling of being in an entirely separate reality, as though I were sitting in a container that cordoned me off from the 'normal' world. In summary, Oberhaus said "the experience was quite pleasant." He added: "I only had a brief moment of panic when it seemed like one of the notes in the new age soundtrack had been held for far too long. I began to worry that time was dilating and that I might be trapped in this space for eternity. When the music progressed to the next note, however, the panic quickly subsided and time resumed its normal cadence."

Oberhaus then took a higher dose the following day in an MRI machine. While the first dose of salvia in the machine didn't produce anything special, likely because it was a placebo, a very low dose, or that he had made some error during inhalation, the second dose in the machine resulted in a slightly less intense trip than the very first dose. "The reason, I think, was that the loud and persistent sounds of the MRI machine kept me tethered to the outside world and I was unable to fully immerse myself in the world that the salvia was generating," writes Oberhaus. "Still, I would describe it as a pleasant and visually striking experience."

An anonymous reader writes: A security researcher has uncovered a ring of malicious GitHub accounts promoting over 300 backdoored Windows, Mac, and Linux applications and software libraries. The malicious apps contained code to gain boot persistence on infected systems and later download other malicious code -- which appeared to be a "sneaker bot," a piece of malware that would add infected systems to a botnet that would later participate in online auctions for limited edition sneakers.

All the GitHub accounts that were hosting these files -- backdoored versions of legitimate apps -- have now been taken down. One account, in particular, registered in the name of Andrew Dunkins, hosted 305 backdoored ELF binaries. Another 73 apps were hosted across 88 other accounts.

An anonymous reader quotes a report from Motherboard: Using two-factor authentication, a security mechanism that requires a second step to login into an account other than the password, is widely considered an essential measure to protect yourself online. Yet, only a small percentage of people use this feature, mostly because it can be burdensome and it's rarely required by default, leaving users with the responsibility to turn it on. Now, Facebook may have given people yet another reason not to bother. Last week, Emojipedia founder Jeremy Burge warned in a viral Twitter thread that anyone could look him up on Facebook using his phone number, which he provided to the social network in order to enable two-factor authentication. What's worse, it looks like there's no way to completely remove your phone number that Facebook has collected. If you check your privacy settings, under "Who can look you up using the phone number you provided?" there are only three options: Everyone, Friends of friends, and Friends. "Everyone" is the default.

Even if you remove your phone number from the two-factor authentication settings page, nothing changes in the privacy settings, indicating Facebook still has your phone number. This screw-up, intentional or not, could discourage adoption of two-factor authentication, leaving people at risk of getting hacked. Facebook's decision to use phone numbers that were given to it for a specific security purpose for reasons other than security are a betrayal, and is training people more broadly that turning over more personal information to an internet company for security features could backfire. "Phone number is such a private, important security link," Zeynep Tufecki, a professor at the University of North Carolina, Chapel Hill, who has worked with dissidents and human rights activists, wrote on Twitter. "But Facebook will even let you be targeted for ads through phone numbers INCLUDING THOSE PROVIDED *ONLY* FOR SECOND FACTOR AUTHENTICATION. Messing with 2FA is the anti-vaccination misinformation of security."

An anonymous reader quotes a report from Motherboard: Police, social services, and health workers in Canada are using shared databases to track the behavior of vulnerable people -- including minors and people experiencing homelessness -- with little oversight and often without consent. Documents obtained by Motherboard from Ontario's Ministry of Community Safety and Correctional Services (MCSCS) through an access to information request show that at least two provinces -- Ontario and Saskatchewan -- maintain a "Risk-driven Tracking Database" that is used to amass highly sensitive information about people's lives. Information in the database includes whether a person uses drugs, has been the victim of an assault, or lives in a "negative neighborhood."

The Risk-driven Tracking Database (RTD) is part of a collaborative approach to policing called the Hub model that partners cops, school staff, social workers, health care workers, and the provincial government. Information about people believed to be "at risk" of becoming criminals or victims of harm is shared between civilian agencies and police and is added to the database when a person is being evaluated for a rapid intervention intended to lower their risk levels. Interventions can range from a door knock and a chat to forced hospitalization or arrest. Data from the RTD is analyzed to identify trends -- for example, a spike in drug use in a particular area -- with the goal of producing planning data to deploy resources effectively, and create "community profiles" that could accelerate interventions under the Hub model, according to a 2015 Public Safety Canada report. Saskatchewan and Ontario officials say the data in the database is "de-identified" by removing details such as people's names and birthdates, but experts Motherboard spoke to say that scrubbing data so it may never be used to identify an individual is difficult if not impossible.

An anonymous reader quotes a report from Motherboard: Study after study continues to show that the best approach to tackling internet piracy is to provide these would-be customers with high quality, low cost alternatives. That idea was again supported by a new study this week out of New Zealand first spotted by TorrentFreak. The study, paid for by telecom operator Vocus Group, surveyed a thousand New Zealanders last December, and found that while half of those polled say they've pirated content at some point in their lives, those numbers have dropped as legal streaming alternatives have flourished.

The study found that 11 percent of New Zealand consumers still obtain copyrighted content via illegal streams, and 10 percent download infringing content via BitTorrent or other platforms. But it also found that users are increasingly likely to obtain that same content via over the air antennas (75 percent) or legitimate streaming services like Netflix (55 percent). "In short, the reason people are moving away from piracy is that it's simply more hassle than it's worth," says Vocus Group NZ executive Taryn Hamilton said in a statement. "The research confirms something many internet pundits have long instinctively believed to be true: piracy isn't driven by law-breakers, it's driven by people who can't easily or affordably get the content they want," she said.

An anonymous reader shares a report: Last week, cryptocurrency industry giant Coinbase sparked outrage when it announced that it had purchased a small startup called Neutrino. Normally, such an acquisition wouldn't make many waves, but Neutrino isn't your average startup. The company was founded by three former employees of Hacking Team, a controversial Italian surveillance vendor that was caught several times selling spyware to governments with dubious human rights records, such as Ethiopia, Saudi Arabia, and Sudan. Neutrino develops technology for law enforcement and financial institutions to investigate and track transactions on the blockchain, the shared public ledger that tracks the movement of tokens in the ecosystem. Coinbase is one of the largest platforms for buying and selling cryptocurrencies in the world, so it sees a lot of transactions on its exchange.

The company claims to be able to monitor and track not just Bitcoin -- a relatively straightforward endeavor -- but also supposedly privacy-oriented (and harder to track) coins such as Monero. In 2017, the company was able to conclude that the North Korean hackers behind the destructive ransomware WannaCry cashed out their Bitcoin and turned it into Monero. [...] In a statement to Motherboard, a Coinbase spokesperson said that the company "does not condone nor will it defend the actions of Hacking Team." "We are aware that Neutrino's co-founders previously worked at Hacking Team, which we reviewed as part of our security, technical, and hiring diligence," the spokesperson said. But Neutrino's technology was just too important for Coinbase to pass on, the spokesperson explained.

An anonymous reader shares a report: Last week, cryptocurrency industry giant Coinbase sparked outrage when it announced that it had purchased a small startup called Neutrino. Normally, such an acquisition wouldn't make many waves, but Neutrino isn't your average startup. The company was founded by three former employees of Hacking Team, a controversial Italian surveillance vendor that was caught several times selling spyware to governments with dubious human rights records, such as Ethiopia, Saudi Arabia, and Sudan. Neutrino develops technology for law enforcement and financial institutions to investigate and track transactions on the blockchain, the shared public ledger that tracks the movement of tokens in the ecosystem. Coinbase is one of the largest platforms for buying and selling cryptocurrencies in the world, so it sees a lot of transactions on its exchange.

The company claims to be able to monitor and track not just Bitcoin -- a relatively straightforward endeavor -- but also supposedly privacy-oriented (and harder to track) coins such as Monero. In 2017, the company was able to conclude that the North Korean hackers behind the destructive ransomware WannaCry cashed out their Bitcoin and turned it into Monero. [...] In a statement to Motherboard, a Coinbase spokesperson said that the company "does not condone nor will it defend the actions of Hacking Team." "We are aware that Neutrino's co-founders previously worked at Hacking Team, which we reviewed as part of our security, technical, and hiring diligence," the spokesperson said. But Neutrino's technology was just too important for Coinbase to pass on, the spokesperson explained.

A new privacy survey from IBM's Institute for Business Value found that 81% of consumers say they've become more concerned about how companies use their data, while 87% think companies should be more heavily regulated on personal data management. Three-quarters of the people felt like they were less likely to trust companies with data and 89% said companies should be clearer about how their products use data. Given these findings, you'd think people would take actions in response to companies losing or misusing their data -- but they're not. Fortune reports: 71% said that they were willing to give up privacy to get access to what technology can offer. Only 45% have updated their privacy settings on products in response and 16% walked away from a company because of data misuse. It's already been clear that one reasons for big data leaks is because there is little financial risk to companies, as Motherboard reported. This new data suggests that companies have even less to worry about, as most people are willing to keep doing business with them.

Earlier this week, the FCC proclaimed that broadband connectivity saw unprecedented growth last year thanks to the agency's policies like killing net neutrality. But, as Motherboard points out, that's not entirely true. The lion's share of improvements highlighted by the agency "are courtesy of DOCSIS 3.1 cable upgrades, most of which began before Pai even took office and have nothing to do with FCC policy," the report says. "Others are likely courtesy of build-out conditions affixed to AT&T's merger with DirecTV, again the result of policies enacted before Pai was appointed head of the current FCC." Also, last year's FCC report, which showcased data up to late 2016, "showed equal and in some instances faster growth in rural broadband deployment -- despite Pai having not been appointed yet." From the report: The broadband industry's biggest issue remains a lack of competition. That lack of competition results in Americans paying some of the highest prices for broadband in the developed world, something the agency routinely fails to mention and does so again here. [...] Still, Pai was quick to take a victory lap in the agency release. "For the past two years, closing the digital divide has been the FCC's top priority," Pai said in a press release. "We've been tackling this problem by removing barriers to infrastructure investment, promoting competition, and providing efficient, effective support for rural broadband expansion through our Connect America Fund. This report shows that our approach is working." One of those supposed "barriers to broadband investment" were the former FCC's net neutrality rules designed to keep natural monopolies like Comcast from behaving anti-competitively.

"Overall, capital expenditures by broadband providers increased in 2017, reversing declines that occurred in both 2015 and 2016," the FCC claimed, again hinting that the repeal of net neutrality directly impacted CAPEX and broadband investment. A problem with that claim: the FCC's latest report only includes data up to June 2018, the same month net neutrality was formally repealed. As such the data couldn't possibly support the idea that the elimination of net neutrality was responsible for this otherwise modest growth. Another problem: that claim isn't supported by ISP earnings reports or the public statements of numerous telecom CEOs, who say net neutrality didn't meaningfully impact their investment decisions one way or another. Telecom experts tell Motherboard that's largely because such decisions are driven by a universe of other factors, including the level of competition (or lack thereof) in many markets.

An anonymous reader quotes a report from Motherboard: Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system's design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what's going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.

"Most of the system is split across hundreds of different files, each configured at various levels," Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England's GCHQ intelligence agency, told Motherboard. "I'm used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding." She said the system uses cryptographic solutions that are fairly new to the field and that have to be implemented in very specific ways to make the system auditable, but the design the programmers chose thwarts this. "It is simply not the standard we would expect," she told Motherboard. [...] It isn't just outside attackers that are a concern; the system raises the possibility for an insider to intentionally misconfigure the system to make it easier to manipulate, while maintaining plausible deniability that the misconfiguration was unintentional. "Someone could wire the thing in the wrong place and suddenly the system is compromised," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "And when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make." "You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly," Lewis told Motherboard. But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said.

The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl. "Scytl claims the system uses end-to-end encryption that only the Swiss Electoral Board would be able to decrypt," reports Motherboard. "But there are reasons to be concerned about such claims."

Canada is the newest frontier in the fight for the "right to repair" after an Ontario politician introduced a bill on Thursday that would ensure individuals and independent professionals can repair brand-name computers and phones cheaply and easily. From a report: Manufacturers make it incredibly difficult to repair our broken devices ourselves. Instead of taking a smashed phone to a local repair professional for an affordable fix, a complex matrix of trade secrets and government intervention often means consumers have to make a pricey trip to the Genius Bar or buy a new device entirely. This is bad for your wallet, but also bad for the planet.

Ontario Liberal Party MPP Michael Coteau ran into this issue head-first after his daughter dropped his Samsung smartphone. An official repair job from the manufacturer was more expensive than just getting a new phone from his carrier, he told me over the phone. "It's a shame," Coteau said, "because the Samsung S8 was very good for me. Everything was perfect. I would've kept using it. But now I've replaced it." On Thursday, Coteau introduced a private member's bill in provincial parliament that, if passed, would be the first "right to repair" law for electronic devices in North America. More than a dozen US states are currently considering similar bills, but nothing is on the books yet in the US or in Canada.

Why do zebras have stripes? From a report: Evolutionary biologists have proposed many possible theories, such as camouflage or vision aids for recognizing individual zebras. But in recent years, pest control has emerged as the leading explanation for zebra stripes. Researchers led by Tim Caro, an evolutionary ecologist at UC Davis, set out to test this idea in the field. The results, published Wednesday in PLOS ONE, reveal that stripes are a powerful deterrent to horse flies, a common nuisance that suck blood and bite flesh. The experiment managed to find the most delightful way to help explain these uniquely patterned coats -- by getting horses to cosplay as zebras.

An excerpt from a report, which looks at the complicated business of funding open source software development: On the surface, the open source software community has never been better. Companies and governments are adopting open source software at rates that would've been unfathomable 20 years ago, and a whole new generation of programmers are cutting their teeth on developing software in plain sight and making it freely available for anyone to use. Go a little deeper, however, and the cracks start to show. The ascendancy of open source has placed a mounting burden on the maintainers of popular software, who now handle more bug reports, feature requests, code reviews, and code commits than ever before.

At the same time, open source developers must also deal with an influx of corporate users who are unfamiliar with community norms when it comes to producing and consuming open source software. This leads to developer burnout and a growing feeling of resentment toward the companies that rely on free labor to produce software that is folded into products and sold back to consumers for huge profits. From this perspective, Heartbleed wasn't an isolated example of developer burnout and lack of funding, but an outgrowth of a systemic disease that had been festering in the open source software community for years. Identifying the symptoms and causes of this disease was the easy part; finding a cure is more difficult. Further reading: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

An anonymous reader quotes a report from Motherboard: Last week, Motherboard published an investigation which revealed that law enforcement agencies around the country are using PredPol -- a predictive policing software that once cited the controversial, unproven "broken windows" policing theory as a part of its best practices. Our report showed that local police in Kansas, Washington, South Carolina, California, Georgia, Utah, and Michigan are using or have used the software. In a 2014 presentation to police departments obtained by Motherboard, the company says that the software is "based on nearly seven years of detailed academic research into the causes of crime pattern formation the mathematics looks complicated -- and it is complicated for normal mortal humans -- but the behaviors upon which the math is based are very understandable."

The company says those behaviors are "repeat victimization" of an address, "near-repeat victimization" (the proximity of other addresses to previously reported crimes), and "local search" (criminals are likely to commit crimes near their homes or near other crimes they've committed, PredPol says.) But academics Motherboard spoke to say that the mathematical theory that is used to power PredPol is flawed, and that its algorithm -- at least as pitched to police -- is far too simplistic to actually predict crime. Kristian Lum, who co-wrote a 2016 paper that tested the algorithmic mechanisms of PredPol with real crime data, told Motherboard in a phone call that although PredPol is powered by complicated-looking mathematical formulas, its actual function can be summarized as a moving average -- or an average of subsets within a data set. "The academic foundation for PredPol's software takes a statistical modeling method used to predict earthquakes and apply it to crime," reports Motherboard. "Much like how earthquakes are likely to appear in similar places, the papers argue, crimes are also likely to occur in similar places. Suresh Venkatasubramanian, a professor of computing at the University of Utah and a member of the board of directors for ACLU Utah, told Motherboard that earthquake data and crime data are, naturally, collected in different ways."

"I would say in our mind, the key difference is that in earthquake models, you have seismographs everywhere -- wherever an earthquake happens, you'll find it," Venkatasubramanian said. "The crux of the issue really is that to what extent are you able to get data about what you're observing that is not also totally on the model itself." "If you build predictive policing, you are essentially sending police to certain neighborhoods based on what what they told you -- but that also means you're not sending police to other neighborhoods because the system didn't tell you to go there," Venkatasubramanian said. "If you assume that the data collection for your system is generated by police whom you sent to certain neighborhoods, then essentially your model is controlling the next round of data you get."

An anonymous reader quotes a report from Motherboard: Last week, Motherboard published an investigation which revealed that law enforcement agencies around the country are using PredPol -- a predictive policing software that once cited the controversial, unproven "broken windows" policing theory as a part of its best practices. Our report showed that local police in Kansas, Washington, South Carolina, California, Georgia, Utah, and Michigan are using or have used the software. In a 2014 presentation to police departments obtained by Motherboard, the company says that the software is "based on nearly seven years of detailed academic research into the causes of crime pattern formation the mathematics looks complicated -- and it is complicated for normal mortal humans -- but the behaviors upon which the math is based are very understandable."

The company says those behaviors are "repeat victimization" of an address, "near-repeat victimization" (the proximity of other addresses to previously reported crimes), and "local search" (criminals are likely to commit crimes near their homes or near other crimes they've committed, PredPol says.) But academics Motherboard spoke to say that the mathematical theory that is used to power PredPol is flawed, and that its algorithm -- at least as pitched to police -- is far too simplistic to actually predict crime. Kristian Lum, who co-wrote a 2016 paper that tested the algorithmic mechanisms of PredPol with real crime data, told Motherboard in a phone call that although PredPol is powered by complicated-looking mathematical formulas, its actual function can be summarized as a moving average -- or an average of subsets within a data set. "The academic foundation for PredPol's software takes a statistical modeling method used to predict earthquakes and apply it to crime," reports Motherboard. "Much like how earthquakes are likely to appear in similar places, the papers argue, crimes are also likely to occur in similar places. Suresh Venkatasubramanian, a professor of computing at the University of Utah and a member of the board of directors for ACLU Utah, told Motherboard that earthquake data and crime data are, naturally, collected in different ways."

"I would say in our mind, the key difference is that in earthquake models, you have seismographs everywhere -- wherever an earthquake happens, you'll find it," Venkatasubramanian said. "The crux of the issue really is that to what extent are you able to get data about what you're observing that is not also totally on the model itself." "If you build predictive policing, you are essentially sending police to certain neighborhoods based on what what they told you -- but that also means you're not sending police to other neighborhoods because the system didn't tell you to go there," Venkatasubramanian said. "If you assume that the data collection for your system is generated by police whom you sent to certain neighborhoods, then essentially your model is controlling the next round of data you get."

Hackers allegedly working for the embattled Venezuelan government tried to trick activists into giving away their passwords to popular services such as Gmail, Facebook, Twitter, and others, according to security researchers. From a report: Last week, the Venezuelan opposition leader Juan Guaido called for citizens to volunteer with the goal of helping international humanitarian organizations deliver aid into the country. President Nicolas Maduro is refusing to accept aid and has erected blocks across a border bridge with Colombia with the military's help. The volunteer efforts were organized around the website voluntariosxvenezuela.com. A week later, on February 11 someone registered an almost identical domain, voluntariosvenezuela[.]com. And on Wednesday, users in Venezuela who were trying to visit the original and official VoluntariosxVenezuela website were redirected to the newer one, according to security firm Kaspersky Lab, as well as Venezuelan users on Twitter.

An anonymous reader quotes a report from Motherboard: Allstate, one of the largest insurance companies in the United States, just made a curious purchase. Through its subsidiary SquareTrade, the insurance giant bought iCracked, one of the largest independent smartphone repair companies in the country. The acquisition means that Allstate has become one of the most powerful proponents of right to repair legislation in the United States. According to Gay Gordon-Byrne, executive director of Repair.org, which is pushing for the legislation, the company has already loaned a lobbyist to the effort in New Hampshire.

This is potentially big news for the right to repair movement, which is trying to get laws passed in 15 states this year that would make it easier for independent repair professionals to get repair tools and parts for consumer electronics. Thus far, it's been largely a grassroots effort from organizations like Repair.org and iFixit. Companies such as Apple, John Deere, Facebook, Microsoft, and trade organizations that represent huge tech companies have used their considerable political power to lobby against these bills. But Allstate's purchase of iCracked is a potential gamechanger. iCracked is a giant chain that does a lot of third party repairs. A change in the laws would benefit it, and now Allstate, as much as the average consumer. "iCracked has been a major supporter of right to repair, and we really appreciate their valuable contribution to the fight for freedom," Kyle Wiens, CEO of iFixit, told Motherboard in an email. "I'm optimistic that this partnership will elevate the visibility of the work that we're doing together."

"SquareTrade continues to work with manufacturers as well as the independent repair community," Jason Siciliano, VP and Global Creative Director of SquareTrade told me in an email. "As this issue evolves, we will maintain good relationships and continue to listen to the key players on all sides of the debate and will work towards sensible solutions whether they are led by the industry or regulators."