Slashdot Mirror

tacarat shares a report from The Next Web with the caption, "Oops": A GitHub with the handle i5xx, believed to be from the village of Tando Bago in Pakistan's southeastern Sindh province, created a GitHub repository called Source-Snapchat. At the time of writing, the repo has been removed by GitHub following a DMCA request from Snap Inc, so we can't take a closer look and see what it contains. That said, there are a few clues to its contents. The repository has a description of "Source Code for SnapChat," and is written in Apple's Objective-C programming language. This strongly suggests that the repo contained part or whole of the company's iOS application, although there's no way we can know for certain. It could just as easily be a minor component to the service, or a separate project from the company.

The most fascinating part of this saga is that the leak doesn't appear to be malicious, but rather comes from a researcher who found something, but wasn't able to communicate his findings to the company. According to several posts on a Twitter account believed to belong to i5xx, the researcher tried to contact SnapChat, but was unsuccessful. "The problem we tried to communicate with you but did not succeed In that we decided [sic] Deploy source code," wrote i5xx. The account also threatened to re-upload the source code. "I will post it again until you reply :)," he said. A Snap spokesperson said in a statement: "An iOS update in May exposed a small amount of our source code and we were able to identify the mistake and rectify it immediately. We discovered that some of this code had been posted online and it has been subsequently removed. This did not compromise our application and had no impact on our community."

According to Motherboard, some researchers appear to be trading the data privately.

An anonymous reader quotes a report from Motherboard: What we do in the next 10-20 years will determine whether our planet remains hospitable to human life or slides down an irreversible path to what scientists in a major new study call "Hothouse Earth" conditions. Hothouse Earth is an apocalyptic nightmare where the global average temperatures is 4 to 5 degrees Celsius higher (with regions like the Arctic averaging 10 degrees C higher) than today, according to the study, "Trajectories of the Earth System in the Anthropocene," published Monday in the Proceedings of the National Academy of Sciences. Sea levels would eventually be 10-60 meters higher as much of the world's ice melts. In these conditions, large parts of the Earth would be uninhabitable. Cutting carbon emissions to limit climate change to 2 degrees C, as proposed in the Paris climate agreement, won't be enough to avoid a "Hothouse Earth," said co-author Johan Rockstrom, executive director of Stockholm Resilience Centre. The reality is that global temperatures aren't driven by human emissions of carbon alone, says Rockstrom -- natural systems such as forests and oceans also play a major role. If global warming reaches 2 degrees C it could trigger a feedback, or "tipping element," in one or more of our natural systems and drive further warming, Rockstrom told Motherboard. To put that into perspective, the recent heat waves and wildfires are being linked to climate change that has raised the global average temperature 1 degree C. The researchers conclude the study on a more uplifting note, saying: "We have the knowledge and ability to act. This is within our control." There are three main areas of action that need to be taken within the next two decades. "The top priority in the coming decade is to aggressively cut carbon emissions and decarbonize our energy systems as quickly as possible," reports Motherboard. "The second priority is to halt deforestation and conversion of nature areas into agricultural production. Forests and other natural areas currently absorb 25 percent of our carbon emissions and this needs to grow." The third action is "to continue to develop technologies to pull carbon from the atmosphere and safely store it for thousands of years." While this last action can be costly, we're starting to see some companies give it a try. A startup called Climeworks recently inaugurated the first system that captures CO2 from the air and converts the emissions into stone, thus ensuring they don't escape back into the atmosphere for the next millions of years.

Jason Koebler writes: Verizon is rolling out a new Virtual Private Network service called Safe Wi-Fi it developed in conjunction with McAfee. According to Verizon, the $4 per month service "protects your privacy and blocks ad tracking, creating a secure Wi-Fi connection anywhere in the world." But the company didn't even write a privacy policy for the product: Verizon's terms of service directs all of its VPN users to the general McAfee privacy policy governing all of its products. That policy, in turn, states that McAfee and Verizon have the right to collect an ocean of data on the end user, including carrier data, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC address, IMEI data, and more. The policy explicitly says that browsing history can be used to help target ads at you.

It sounds like a joke, but the idea actually makes sense: More bugs, not less, could theoretically make a system safer. From a report: Carefully scatter non-exploitable decoy bugs in software, and attackers will waste time and resources on trying to exploit them. The hope is that attackers will get bored, overwhelmed, or run out of time and patience before finding an actual vulnerability. Computer science researchers at NYU suggested this strategy in a study published August 2, and call these fake-vulnerabilities "chaff bugs." Brendan Dolan-Gavitt, assistant professor at NYU Tandon and one of the researcher on this study, told me in an email that they've been working on techniques to automatically put bugs into programs for the past few years as a way to test and evaluate different bug-finding systems. Once they had a way to fill a program with bugs, they started to wonder what else they could do with it. "I also have a lot of friends who write exploits for a living, so I know how much work there is in between finding a bug and coming up with a reliable exploit -- and it occurred to me that this was something we might be able to take advantage of," he said. "People who can write exploits are rare, and their time is expensive, so if you can figure out how to waste it you can potentially have a great deterrent effect." Brendan has previously suggested that adding bugs to experimental software code could help with ultimately winding up with programs that have fewer vulnerabilities.

A study, published Friday in the Journal of Economic Behavior and Organization and funded by the European Research Council, suggests that high speed internet access is causing people to lose up to 25 minutes of sleep per night compared to those without high speed internet. From a report: It's the first study to causally link broadband access to sleep deprivation. The so-called "digitalization of the bedroom," defined by our inability to part with our phones/laptops/televisions before bed, has already been linked to various sleep disorders. [...] As the researchers found, high speed internet access "promotes excessive electronic media use," which has already been shown to have detrimental effects on sleep duration and quality. The effects of high speed internet access were particularly noticeable in younger age demographics.

Earlier this week, Nestle said it was jumping on the blockchain bandwagon, today, Starbucks said it is ready to top that. From a report: The Seattle-based coffee giant is working with Microsoft and a leading global exchange on a new digital platform that will allow consumers to use bitcoin and other cryptocurrencies at Starbucks. Starbucks along with Intercontinental Exchange, Microsoft and BCG, among others, is working to launch a new company called Bakkt that will enable consumers and institutions to buy, sell, store and spend cryptocurrencies on the global network by November. The platform with convert bitcoin and other cryptocoins into U.S. dollars that can be used to buy a Cold Foam Cascara Cold Brew, Matcha Lemonade or anything else at Starbucks. Starbucks has consistently been at the forefront of embracing new technologies. For instance, it added support for mobile payments in 2011. In May, it was estimated that Starbucks' mobile payment solution is more popular than those of Apple and Google.

In a statement, Maria Smith, vice president of partnerships and payments for Starbucks, "As the flagship retailer, Starbucks will play a pivotal role in developing practical, trusted and regulated applications for consumers to convert their digital assets into US dollars for use at Starbucks. As a leader in Mobile Pay to our more than 15 million Starbucks Rewards members, Starbucks is committed to innovation for expanding payment options for our customers."

According to Starbucks spokespeople, Motherboard reports, Starbucks doesn't want bitcoins, but it's willing to help people spend them -- the venture is an exchange that will allow people to convert their cryptocurrency into US dollars, which they can then spend at Starbucks locations.

An anonymous reader writes: Sources who work for some of America's major cellphone carriers tell us how criminals are trying to recruit them to get help hacking victims. Normally, criminals approach them online, offering to pay them in Bitcoin (the equivalent of $100 for example). In exchange, the employee has to log into a company portal and process a so-called SIM swap. From the report: How criminals find the employees in the first place can vary. Some SIM hijackers I spoke to told me they approach them through shared friends in real life, others told me they just comb LinkedIn, Reddit or social media sites. AT&T and Sprint did not respond to requests for comment about whether or not it had any knowledge of insiders helping criminals. A T-Mobile spokesperson said in a statement that the company is "aware of these ongoing and ever-changing attempts to take advantage of consumers across the wireless industry and we'll keep fighting to ensure our customers' safety." A Verizon spokesperson said the company doesn't share details of internal security processes or investigations, but the company "has systems in place that work to detect employee/vendor misconduct."

ted_pikul shares a report from Motherboard: Access to cheap electricity can make or break a cryptocurrency mining operation. The latest move in the quest for bargain-basement power rates: building out local power grids. Canadian company DMG Blockchain is building what it hopes will be a fully-functioning substation in Southern British Columbia, which is electrified by hydro power. Building the substation is costing millions of dollars and required building an access road to haul equipment. "[...] the utility will test everything as a completed substation and make sure that the town doesn't blow up when we flip the switch," Steven Eliscu of DMG Blockchain said.

California authorities say a 20-year-old college student hijacked more than 40 phone numbers to steal $5 million in Bitcoin, including some from cryptocurrency investors at a blockchain conference Consensus. Motherboard, which broke the story citing court documents: This is the first reported case of an alleged hacker who was using SIM swapping (also known as SIM hijacking or Port Out Scam) specifically to target people in the blockchain and cryptocurrency worlds.

Joel Ortiz was arrested at the Los Angeles International Airport on his way to Europe, according to sources close to the investigation, who said Ortiz was flashing a Gucci bag as part of a recent spending spree they believe was financed by the alleged crimes. He is facing 28 charges: 13 counts of identity theft, 13 counts of hacking, and two counts of grand theft, according to the complaint filed against him on the day before his arrest.

An anonymous reader quotes a report from Motherboard: In a scrapyard in Massachusetts, the YouTuber known as Rich Rebuilds runs a pair of jumper cables from a broken down Tesla Model S to a deep cycle battery. "We may hear some clicks," he says, as he prepares to connect the second lead. "We may hear some buzzing. The car may explode. I don't know what's gonna happen." As a self-described "Doctor Frankenstein of Teslas," this is Rich Benoit's modus operandi. On YouTube, he's chronicled his journey to learn how the cars' internal systems work -- and how to repair them after floods, fires and wrecks. In a new Motherboard documentary, Benoit shows us the scrapyards where he scavenges Tesla parts, the basement where he categorizes them, and an auto body shop that lets him use its equipment. He shows us deep under the hood, where he wrestles with the motors, high-powered batteries and tangles of electronics and cables that make Teslas tick. Since his first Tesla restoration -- he's now working on a second -- Rich has become a point-person in the Tesla repair community. He runs a Facebook group for people who want to sell and trade parts and has helped other enthusiasts across the country and as far away as Norway, Germany and South Africa. Tesla told Motherboard that it will inspect salvaged vehicles to assess which repairs are needed, but there would be a fee. The company says customers are free to do whatever they want with their cars, including repair them. However, Massachusetts, because of their "Right to Repair" initiative, is the only state where Tesla owners can register to access repair manuals, service documents, wiring diagrams, and part information. According to Electrek, President Jon McNeil says the automaker is working on opening the program.

An anonymous reader quotes a report from Motherboard: In a scrapyard in Massachusetts, the YouTuber known as Rich Rebuilds runs a pair of jumper cables from a broken down Tesla Model S to a deep cycle battery. "We may hear some clicks," he says, as he prepares to connect the second lead. "We may hear some buzzing. The car may explode. I don't know what's gonna happen." As a self-described "Doctor Frankenstein of Teslas," this is Rich Benoit's modus operandi. On YouTube, he's chronicled his journey to learn how the cars' internal systems work -- and how to repair them after floods, fires and wrecks. In a new Motherboard documentary, Benoit shows us the scrapyards where he scavenges Tesla parts, the basement where he categorizes them, and an auto body shop that lets him use its equipment. He shows us deep under the hood, where he wrestles with the motors, high-powered batteries and tangles of electronics and cables that make Teslas tick. Since his first Tesla restoration -- he's now working on a second -- Rich has become a point-person in the Tesla repair community. He runs a Facebook group for people who want to sell and trade parts and has helped other enthusiasts across the country and as far away as Norway, Germany and South Africa. Tesla told Motherboard that it will inspect salvaged vehicles to assess which repairs are needed, but there would be a fee. The company says customers are free to do whatever they want with their cars, including repair them. However, Massachusetts, because of their "Right to Repair" initiative, is the only state where Tesla owners can register to access repair manuals, service documents, wiring diagrams, and part information. According to Electrek, President Jon McNeil says the automaker is working on opening the program.

An anonymous reader quotes CNET: Massachusetts plans to protect net neutrality by naming and shaming internet service providers that don't adhere to open internet principles. Lawmakers in the state Senate have proposed a bill (S2160) that would create an "internet service provider registry" to track whether broadband and wireless providers adhere to policies that keep the internet open and neutral.
Motherboard reports: In the wake of the FCC's repeal of net neutrality, more than half the states in the union are considering their own, state-level net neutrality rules. Some states are tackling the problem with legislation (California, Oregon, Washington), while others (like Montana) are signing executive orders banning state agencies from doing business with ISPs that behave anti-competitively... when the FCC repealed net neutrality, it included a provision attempting to "pre-empt" (read: ban) states from protecting consumers. As a result, large ISPs have threatened to sue any states that stand up for consumer welfare, and at least one ISP (Charter Spectrum) has tried to use the repeal to wiggle out of state lawsuits for terrible broadband. Charter's efforts on that front have failed, and the the FCC's authority to tell states what to do has been highly contested.

Still, Massachusetts thought it might be a better idea to try and publicly shame ISPs into behaving.

An anonymous reader quotes CNET: Massachusetts plans to protect net neutrality by naming and shaming internet service providers that don't adhere to open internet principles. Lawmakers in the state Senate have proposed a bill (S2160) that would create an "internet service provider registry" to track whether broadband and wireless providers adhere to policies that keep the internet open and neutral.
Motherboard reports: In the wake of the FCC's repeal of net neutrality, more than half the states in the union are considering their own, state-level net neutrality rules. Some states are tackling the problem with legislation (California, Oregon, Washington), while others (like Montana) are signing executive orders banning state agencies from doing business with ISPs that behave anti-competitively... when the FCC repealed net neutrality, it included a provision attempting to "pre-empt" (read: ban) states from protecting consumers. As a result, large ISPs have threatened to sue any states that stand up for consumer welfare, and at least one ISP (Charter Spectrum) has tried to use the repeal to wiggle out of state lawsuits for terrible broadband. Charter's efforts on that front have failed, and the the FCC's authority to tell states what to do has been highly contested.

Still, Massachusetts thought it might be a better idea to try and publicly shame ISPs into behaving.

An anonymous reader quotes a report from Motherboard: On July 25, the Massachusetts Senate approved a Resolution that would create a special commission that would research the feasibility of forcing device manufacturers to treat customers and independent repair shops the same as officially licensed repair outlets. According to the proposed study, that means providing customers and independent repair shops with "repair technical updates, diagnostic software, service access passwords, updates and corrections to firmware, and related documentation." Gay Gordon Byrne, executive director of The Repair Organization, helped push the bill in 2012 and has been working to extend the law to tech companies ever since. "This is just one step in a series of steps that will end Repair Monopolies for technology products. I'm thrilled," Byrne told me in an email about the pending study.

The Resolution to create the study group still needs to pass the Massachusetts House, but the session ends July 31 so right-to-repair watch dogs won't have to wait long to see if it goes forward. The proposed makeup of the study commission shows that the legislature is serious about the issue and also reveals how big tech's repair monopoly is about much more than just being able to open up your iPhone without voiding the warranty. The legislature wants the study commission to include 23 members, including various members of the legislature but also a wealth of experts in various tech fields. They want someone from the Massachusetts Farm Bureau, a medical device manufacturer, an expert on electronic waste recycling, someone who repairs complex medical equipment, an intellectual property lawyer, a cyber security expert, a local farmer, and various other experts and citizens affected or knowledgeable about the right-to-repair.

An anonymous reader quotes a report from VICE News: Twitter is limiting the visibility of prominent Republicans in search results -- a technique known as "shadow banning" -- in what it says is a side effect of its attempts to improve the quality of discourse on the platform. The Republican Party chair Ronna McDaniel, several conservative Republican congressmen, and Donald Trump Jr.'s spokesman no longer appear in the auto-populated drop-down search box on Twitter, VICE News has learned. It's a shift that diminishes their reach on the platform -- and it's the same one being deployed against prominent racists to limit their visibility. The profiles continue to appear when conducting a full search, but not in the more convenient and visible drop-down bar. (The accounts appear to also populate if you already follow the person.)

Democrats are not being "shadow banned" in the same way, according to a VICE News review. McDaniel's counterpart, Democratic Party chair Tom Perez, and liberal members of Congress -- including Reps. Maxine Waters, Joe Kennedy III, Keith Ellison, and Mark Pocan -- all continue to appear in drop-down search results. Not a single member of the 78-person Progressive Caucus faces the same situation in Twitter's search. Presented with screenshots of the searches, a Twitter spokesperson told VICE News: "We are aware that some accounts are not automatically populating in our search box and shipping a change to address this." Asked why only conservative Republicans appear to be affected and not liberal Democrats, the spokesperson wrote: "I'd emphasize that our technology is based on account *behavior* not the content of Tweets."

Over the weekend, Forbes published an article titled "Amazon Should Replace Local Libraries to Save Taxpayers Money," in which the author Panos Mourdoukoutas argued that libraries are no longer important to the community as the result of alternative "third places" like Starbucks, and "no shortage of places to hold community events," as well as streaming services like Netflix and Amazon Prime and the rise of e-books that have "turned physical books into collector's items, effectively eliminating the need for library borrowing services." The article did not bode well with many, including several librarians. Forbes has since taken down the article. From a report: Hundreds of Twitter users took to the platform to share both their anger with the piece and their love for libraries. People seemed to especially take issue with the author picking Amazon --notorious for its horrible treatment of employees, and accusations of ruining the cities it opens warehouses in -- as a potential replacement. Obviously, as the outrage from these users demonstrates, libraries are beloved and important in communities.

Mourdoukoutas's argument that libraries are becoming less useful is patently false, in a way that's fairly obvious. But the notion that libraries aren't worth their value to taxpayers -- one that fails to take into account the financial returns of a library and expenses of buying these items on one's own -- fails to address the vast importance a library has on its community as a physical space open to anyone in the public. Most of the utilities of libraries are quite obvious, like how they're essential to lowering the barrier of entry on activities that may be cost prohibitive. But many of us aren't aware of the impact our libraries have on our own communities, nor the programs they offer.

Owen Williams, writing for Motherboard: The pursuit of thinner, lighter laptops, a trend driven by Apple, coinciding with laptops replacing desktops as our primary devices means we have screwed ourselves out of performance -- and it's not going to get better anytime soon. Thermal throttling is not something that Apple alone suffers from: every laptop out there will face thermal constraints at some point, but whether or not that's perceivable depends on a number of different variables including form factor and cooling capacity. When you're shopping for a laptop, you'll notice that manufacturers like Apple use phrases like "Turbo Boost" and "Up to 4.8 GHz" without really explaining what that means. The 4.8 GHz processor clock speed, which Apple quotes for the 15-inch MacBook Pro, is a 'best case' processor speed that's only achieved in short bursts when your computer requests it, subject to a number of conditions.

If you're playing a game like Fortnite, for example, the game will request your processor provide faster performance, and the processor will attempt to increase its operating frequency gradually to deliver the maximum available performance within the thermal envelope of your machine. That maximum is restricted by both power and thermal limits, which is where we run into issues: laptops tend to get hot because they're thinner, with limited space to dissipate that heat through the use of fans and heatsinks.

An anonymous reader quotes a report from Motherboard: Someone has uploaded what appear to be 11 of Apple's internal repair videos to YouTube. Apple did not immediately respond to a request for comment, but two sources in the repair community familiar with Apple's repair policies told Motherboard these are indeed genuine Apple how-to videos. The videos themselves have an Apple copyright on them, the host references internal Apple documentation and diagnostic tests, and, most importantly, the videos use proprietary Apple disassembly and repair tools that Motherboard has previously confirmed are manufactured by and are exclusive to Apple.

The videos on how to open an iPhone X and replace its battery are particularly interesting, and show that the DIY repair community has gotten extremely good at reverse-engineering Apple's official procedures. The instructor walks the repair tech through the process of opening the case on the iPhone X in a way that closely mirrors the process that sites such as iFixit have been doing for a few years now. The video starts by instructing the tech to remove the screws near the lighting port, then inserting the iPhone X into a device that uses suction cups to pry the screen away from the body while the tech uses a small tool to cut the adhesive along the seams at the edge of the device. Apple's suction cup tool looks like a bulkier version of iFixit's iSclack tool -- a suction cup device that customers can use to disassemble and repair their own device. The video about replacing the iPhone X's battery is remarkably similar to the iFixit video of the same procedure.

Since Venmo's transactions are "public" by default and broadcast on Venmo's API, a Python programmer decided to publicize a few of them, reports the Mercury News: The creator of the bot named "Who's buying drugs on Venmo" under the Twitter handle @venmodrugs says he wanted users to consider their privacy settings before using Venmo. The bot finds Venmo transactions that include words such as heroin, marijuana, cocaine, meth, speed or emojis that denote drugs and tweets the transaction with the names of the sender and receiver and the sender's photo, if there is one... "I wanted to demonstrate how much data Venmo was making publicly available with their open API and their public by default settings and encourage people to consider their privacy settings," Joel Guerra, the creator of the bot, told Motherboard, a technology news outlet run by Vice.
He shut the bot after 24 hours, according to a Medium essay titled "Why I blasted your 'drug' deals on Twitter": I chose drugs, sex and alcohol keywords as the trigger for the bot because because they were funny and shocking. I removed the last names of users because I didn't want to actually contribute to the problem of lack of privacy... I braced myself for backlash but the response was overwhelmingly positive. People understood my point and I had sparked a lot of discussion about online privacy and the need for users to do a better job of understanding the terms of software they were using -- and a lot of discussion about how companies need to do a better job of informing customers how their data was being used...

After about 24 hours of tweeting everyone's drug laden Venmo transactions I shut down the bot (Python script!!) and deleted all the tweets. I had successfully made my point and gotten more attention than I had imagined possible. Thousands of people were reading tweets and articles about the bot and discussing data privacy. I saw no further value in tweeting out anyone's personal transactions anymore. However, all I ever did was format the data and automate a Twitter account -- the data is still readily available.
His closure of the bot drew some interesting reactions on Twitter.

"booooooooo. I was so entertained by this."

"I remember I had a dealer take my phone and set venmo to private lol."

"we're looking to add a Python developer to our team and I think you'd be a good fit."

Facebook has repeatedly referenced to lawmakers a "threshold" that must be reached before the platform decides to ban a particular page for violating the site's policies, but it hasn't discussed its guidelines publicly. Motherboard has obtained internal Facebook documents laying out what this threshold is for multiple types of different content, including some instances of hate speech. From the report: One Facebook moderator training document for hate speech says that for Pages -- Facebook's feature for sections dedicated to, say, a band, organization, public figure, or business -- the Page admin has to receive 5 "strikes" within 90 days for the Page itself to be deleted. Alternatively, Facebook moderators are told to remove a Page if at least 30 percent of the content posted by other people within 90 days violates Facebook's community standards. A similar 30 percent-or-over policy exists for Facebook Groups, according to the document.

In a similar vein, another hate speech document says that a profile should be taken down if there are 5 or more pieces of content from the user which indicate hate propaganda, photos of the user present with another identifiable leader, or other related violations. Although the documents obtained by Motherboard were created recently, Facebook's policies change regularly, so whether these exact parameters remain in force is unclear. Of course this still depends on moderators identifying and labeling posts as violating to reach that threshold. [...] Another document focused on sexual content says moderators should unpublish Pages and Groups under the basis of sexual solicitation if there are over 2 "elements," such as the Page description, title, photo, or pinned post, that include either explicit solicitation of nude imagery, or, if the page is more subtle, includes either a method of contact or a location. This slide again reiterates the over 30 percent and 5 admin posts rules found in the hate speech document.

Kim Zetter, reporting for Motherboard: The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software ... to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees -- including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said. ES&S did not respond on Monday to questions from Motherboard, and it's not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

Lorenzo Franceschi-Bicchierai of Motherboard has a chilling story on how hackers flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victim's weakness? Phone numbers. He writes: First, criminals call a cell phone carrier's tech support number pretending to be their target. They explain to the company's employee that they "lost" their SIM card, requesting their phone number be transferred, or ported, to a new SIM card that the hackers themselves already own. With a bit of social engineering -- perhaps by providing the victim's Social Security Number or home address (which is often available from one of the many data breaches that have happened in the last few years) -- the criminals convince the employee that they really are who they claim to be, at which point the employee ports the phone number to the new SIM card. Game over.

FCC boss Ajit Pai says the agency will finally take steps to shore up the security of the FCC's public comment system after being widely criticized for turning a blind eye to routine fraud and abuse. From a report: If you'll recall, more than 22 million Americans voiced their thoughts on the Trump FCC's attack on net neutrality last fall via the agency's website. The vast majority of comments opposed the move, closely reflecting surveys that show widespread, bipartisan support for the rules. [...] Not a single one of your comments was cited in the FCC's 218 page justification for its decision.

[...] Back in May, Senators Senators Jeff Merkley (D-OR) and Pat Toomey (R-PA) fired off a letter to Pai demanding he actually do something about the abuse of FCC systems. [...] In a response letter this week provided to the Wall Street Journal, Pai says the agency is finally taking steps to address the problem, while acknowledging his own identity was hijacked during the comment process. "It is troubling that some bad actors submitted comments using false names," Mr. Pai said. "Indeed, like you, comments were submitted in my name and my wife's name that reflect viewpoints we do not hold." Pai's letter, which wasn't publicly shared, states that the FCC hopes to eventually "rebuild and re-engineer" the commission's electronic comment system "to institute appropriate safeguards against abusive conduct." It also states that Pai will approach Congress for funding for the overhaul, something Pai likely knows may not actually happen.

An anonymous reader quotes a report from Motherboard: Facebook is being used by oil and gas companies to clamp-down on protest. Three companies are currently seeking injunctions against protesters: British chemical giant INEOS, which has the largest number of shale gas drilling licenses in the UK; and small UK outfits UK Oil and Gas (UKOG), and Europa Oil and Gas. Among the thousands of pages of documents submitted to British courts by these companies are hundreds of Facebook and Twitter posts from anti-fracking protesters and campaign groups, uncovered by Motherboard in partnership with investigative journalists at DeSmog UK. They show how fracking companies are using social media surveillance carried out by a private firm to strengthen their cases in court by discrediting activists using personal information to justify banning their protests.

Included in the evidence supplied by the oil and gas companies to the courts are many personal or seemingly irrelevant campaigner posts. Some are from conversations on Facebook groups dedicated to particular protests or camps, while others have been captured from individuals' own profile pages. For instance, a picture of a mother with her baby at a protest was submitted as part of the Europa Oil and Gas case. Another screenshot of a post in the Europa bundle shows a hand-written note from one of the protesters' mothers accompanying a care package with hand-knitted socks that was sent to an anti-fracking camp. One post included in the UKOG hearing bundle shows two protesters sharing a pint in the sun -- not at a protest camp, nor shared on any of the campaign pages' Facebook groups. A screenshot from INEOS's hearing bundle shows posts from a protester to his own Facebook wall regarding completely unrelated issues such as prescription drugs, and a generic moan about his manager.

An anonymous reader quotes a report from Motherboard: Facebook is being used by oil and gas companies to clamp-down on protest. Three companies are currently seeking injunctions against protesters: British chemical giant INEOS, which has the largest number of shale gas drilling licenses in the UK; and small UK outfits UK Oil and Gas (UKOG), and Europa Oil and Gas. Among the thousands of pages of documents submitted to British courts by these companies are hundreds of Facebook and Twitter posts from anti-fracking protesters and campaign groups, uncovered by Motherboard in partnership with investigative journalists at DeSmog UK. They show how fracking companies are using social media surveillance carried out by a private firm to strengthen their cases in court by discrediting activists using personal information to justify banning their protests.

Included in the evidence supplied by the oil and gas companies to the courts are many personal or seemingly irrelevant campaigner posts. Some are from conversations on Facebook groups dedicated to particular protests or camps, while others have been captured from individuals' own profile pages. For instance, a picture of a mother with her baby at a protest was submitted as part of the Europa Oil and Gas case. Another screenshot of a post in the Europa bundle shows a hand-written note from one of the protesters' mothers accompanying a care package with hand-knitted socks that was sent to an anti-fracking camp. One post included in the UKOG hearing bundle shows two protesters sharing a pint in the sun -- not at a protest camp, nor shared on any of the campaign pages' Facebook groups. A screenshot from INEOS's hearing bundle shows posts from a protester to his own Facebook wall regarding completely unrelated issues such as prescription drugs, and a generic moan about his manager.

An anonymous reader quotes a report from Motherboard: Facebook is being used by oil and gas companies to clamp-down on protest. Three companies are currently seeking injunctions against protesters: British chemical giant INEOS, which has the largest number of shale gas drilling licenses in the UK; and small UK outfits UK Oil and Gas (UKOG), and Europa Oil and Gas. Among the thousands of pages of documents submitted to British courts by these companies are hundreds of Facebook and Twitter posts from anti-fracking protesters and campaign groups, uncovered by Motherboard in partnership with investigative journalists at DeSmog UK. They show how fracking companies are using social media surveillance carried out by a private firm to strengthen their cases in court by discrediting activists using personal information to justify banning their protests.

Included in the evidence supplied by the oil and gas companies to the courts are many personal or seemingly irrelevant campaigner posts. Some are from conversations on Facebook groups dedicated to particular protests or camps, while others have been captured from individuals' own profile pages. For instance, a picture of a mother with her baby at a protest was submitted as part of the Europa Oil and Gas case. Another screenshot of a post in the Europa bundle shows a hand-written note from one of the protesters' mothers accompanying a care package with hand-knitted socks that was sent to an anti-fracking camp. One post included in the UKOG hearing bundle shows two protesters sharing a pint in the sun -- not at a protest camp, nor shared on any of the campaign pages' Facebook groups. A screenshot from INEOS's hearing bundle shows posts from a protester to his own Facebook wall regarding completely unrelated issues such as prescription drugs, and a generic moan about his manager.

An anonymous reader quotes a report from Motherboard: Facebook is being used by oil and gas companies to clamp-down on protest. Three companies are currently seeking injunctions against protesters: British chemical giant INEOS, which has the largest number of shale gas drilling licenses in the UK; and small UK outfits UK Oil and Gas (UKOG), and Europa Oil and Gas. Among the thousands of pages of documents submitted to British courts by these companies are hundreds of Facebook and Twitter posts from anti-fracking protesters and campaign groups, uncovered by Motherboard in partnership with investigative journalists at DeSmog UK. They show how fracking companies are using social media surveillance carried out by a private firm to strengthen their cases in court by discrediting activists using personal information to justify banning their protests.

Included in the evidence supplied by the oil and gas companies to the courts are many personal or seemingly irrelevant campaigner posts. Some are from conversations on Facebook groups dedicated to particular protests or camps, while others have been captured from individuals' own profile pages. For instance, a picture of a mother with her baby at a protest was submitted as part of the Europa Oil and Gas case. Another screenshot of a post in the Europa bundle shows a hand-written note from one of the protesters' mothers accompanying a care package with hand-knitted socks that was sent to an anti-fracking camp. One post included in the UKOG hearing bundle shows two protesters sharing a pint in the sun -- not at a protest camp, nor shared on any of the campaign pages' Facebook groups. A screenshot from INEOS's hearing bundle shows posts from a protester to his own Facebook wall regarding completely unrelated issues such as prescription drugs, and a generic moan about his manager.

An anonymous reader quotes a report from Motherboard: Facebook is being used by oil and gas companies to clamp-down on protest. Three companies are currently seeking injunctions against protesters: British chemical giant INEOS, which has the largest number of shale gas drilling licenses in the UK; and small UK outfits UK Oil and Gas (UKOG), and Europa Oil and Gas. Among the thousands of pages of documents submitted to British courts by these companies are hundreds of Facebook and Twitter posts from anti-fracking protesters and campaign groups, uncovered by Motherboard in partnership with investigative journalists at DeSmog UK. They show how fracking companies are using social media surveillance carried out by a private firm to strengthen their cases in court by discrediting activists using personal information to justify banning their protests.

Included in the evidence supplied by the oil and gas companies to the courts are many personal or seemingly irrelevant campaigner posts. Some are from conversations on Facebook groups dedicated to particular protests or camps, while others have been captured from individuals' own profile pages. For instance, a picture of a mother with her baby at a protest was submitted as part of the Europa Oil and Gas case. Another screenshot of a post in the Europa bundle shows a hand-written note from one of the protesters' mothers accompanying a care package with hand-knitted socks that was sent to an anti-fracking camp. One post included in the UKOG hearing bundle shows two protesters sharing a pint in the sun -- not at a protest camp, nor shared on any of the campaign pages' Facebook groups. A screenshot from INEOS's hearing bundle shows posts from a protester to his own Facebook wall regarding completely unrelated issues such as prescription drugs, and a generic moan about his manager.

An anonymous reader shares a report: On Halloween in 1832, the naturalist Charles Darwin was onboard the HMS Beagle. He marveled at spiders that had landed on the ship after floating across huge ocean distances. "I caught some of the Aeronaut spiders which must have come at least 60 miles," he noted in his diary. "How inexplicable is the cause which induces these small insects, as it now appears in both hemispheres, to undertake their aerial excursions." Small spiders achieve flight by aiming their butts at the sky and releasing tendrils of silk to generate lift.

Darwin thought that electricity might be involved when he noticed that spider silk stands seemed to repel each other with electrostatic force, but many scientists assumed that the arachnids, known as "ballooning" spiders, were simply sailing on the wind like a paraglider. The wind power explanation has thus far been unable to account for observations of spiders rapidly launching into the air, even when winds are low, however. Now, these aerial excursions have been empirically determined to be largely powered by electricity, according to new research published Thursday in Current Biology. Led by Erica Morley, a sensory biophysicist at the University of Bristol, the study settles a longstanding debate about whether wind energy or electrostatic forces are responsible for spider ballooning locomotion.

An anonymous reader quotes a report from Motherboard: Earlier this week, an algorithm made an absurd choice. Google AdSense, Google's advertising program that makes up the bulk of the tech giant's advertising revenue, decided that a web page about a decades-old bill about sexual abuse was "adult content," and wasn't allowed to display ads anymore. The page, which is at least six years old and contains strictly legislative information about a bill called the "Child Sexual Abuse and Pornography Act of 1986" on free legislative research and tracking website GovTrack.us, tripped the AdSense algorithm that decides what pages are allowed to run ads. This single, very dry page being flagged as "adult content" is most likely a minor fluke in the AdSense algorithm, but it's a perfect example of how a tiny tweak in the way a platform uses automation to enforce policies can send a ripple through seemingly-unrelated parts of the internet. The page was flagged by Adsense as "policy non-compliant" on Monday, with Google citing the page's "violations" in a summary of the AdSense adult content policy. Here's what Google told GovTrack: "As stated in our program policies, we may not show Google ads on pages with content that is sexually suggestive or intended to sexually arouse. This includes, but is not limited to: pornographic images, videos, or games; sexually gratifying text, images, audio, or video; pages that provide links for or drive traffic to content that is sexually suggestive or intended to sexually arouse." The GovTrack page contains none of these, yet the page still can't run AdSense.

Joseph Cox, reporting for Motherboard: NSO Group sells some of the most potent, off-the-shelf malware for remotely breaking into smartphones. Some versions allow a law enforcement or intelligence agency to steal essentially all meaningful data from an iPhone with no interaction from the target. Others just require the victim to click one link in a carefully crafted text message, before giving up their contacts, emails, social media messages, GPS location, and much more. NSO only sells its tools to government agencies, but a newly released, explosive indictment alleges that a company employee stole NSO's spyware product, dubbed Pegasus, and tried to sell it to non-authorized parties for $50 million worth of cryptocurrency.

These capabilities "are estimated at hundreds of millions of [US] dollars," a translated version of the indictment reads. Several Israeli outlets were the first to report on and upload the indictment. The news shows a danger often highlighted by critics of the malware industry: that hacking tools or exploits typically reserved for law enforcement or intelligence agencies may fall into other hands. Omri Lavie, the co-founder of NSO, told Motherboard in an online chat "no comment."

Some adult content creators on crowdfunding site Patreon are being suspended due to the suggestive material they produce. The platform said that they are increasing efforts to review content, due to payment processor pressure. Motherboard reports: In late 2017, Patreon expanded its adult content guidelines, to include stricter guidelines for "bestiality, incest, sexual depiction of minors, and suggestive sexual violence." At the time, it resulted in suspensions and bans of many adult content creators whose work Patreon previously permitted, but no longer fell in line with new guidelines. Now, many more adult content creators are reporting that they're experiencing a renewed wave of suspensions on the platform. Patreon's guidelines for adult content state that "all public content on your page be appropriate for all audiences," and "content with mature themes must be marked as a patron-only post." For several of these reports, Patreon warned that "implied nudity" was the reason for the suspension, where it appeared in public areas or publicly-visible patron tiers and banners. "You can't use Patreon to raise funds in order to produce pornographic material such as maintaining a website, funding the production of movies, or providing a private webcam session," the guidelines state.

Some adult content creators on crowdfunding site Patreon are being suspended due to the suggestive material they produce. The platform said that they are increasing efforts to review content, due to payment processor pressure. Motherboard reports: In late 2017, Patreon expanded its adult content guidelines, to include stricter guidelines for "bestiality, incest, sexual depiction of minors, and suggestive sexual violence." At the time, it resulted in suspensions and bans of many adult content creators whose work Patreon previously permitted, but no longer fell in line with new guidelines. Now, many more adult content creators are reporting that they're experiencing a renewed wave of suspensions on the platform. Patreon's guidelines for adult content state that "all public content on your page be appropriate for all audiences," and "content with mature themes must be marked as a patron-only post." For several of these reports, Patreon warned that "implied nudity" was the reason for the suspension, where it appeared in public areas or publicly-visible patron tiers and banners. "You can't use Patreon to raise funds in order to produce pornographic material such as maintaining a website, funding the production of movies, or providing a private webcam session," the guidelines state.

AOL discontinued AIM, its 20-year-old iconic instant messaging service, last December, months after cutting third-party access to it. Now Motherboard reports a a small team of developers has resurrected it with a private server. From the report: The new chat service is called AIM Phoenix, and it works by running the messages through a private Dynamic DNS run by Wildman Productions, a non-profit group of hobbyist programers. This isn't a new AIM client, it literally uses the old software running on a new server, so it looks and feels exactly like AIM. It's simple to set up. First, you download an old version of AIM from the AIM Phoenix website, register for a new username, tweak the settings to reroute through Wildman Productions' server, and then open yourself up the nostalgic glory of Web 2.0. The old versions of AIM are touchy on new machines and I had to play with a few different versions before I got 5.0 working on my Windows 10 machine.

Engineers at the University of Michigan have created the world's smallest computer -- again. From a report: The University held the record for the smallest computer after it created its 2x2x4mm Michigan Micro Mote in 2014. The Micro Mote (or M3) is fully functional and able to retain its programming and data even when it loses power. But after IBM debuted an even tinier "computer" in February, a 1mm x 1mm chip with "several hundred thousand" transistors.

Engineers at the University of Michigan were not about to be one-upped, and quickly created an even smaller computer, so small it could fit on the tip of a grain of rice. However, the engineers quibbled over whether IBM's machine and the new Michigan design could really be called computers, since the data gets wiped as soon as it's turned off. You can find more details on the university's website.

A Portland man appears to have a pill-sized camera stuck in his gut. That man is me... Let me explain.

For the average Joe, the following statement might sound a bit peculiar: I have swallowed a pill-sized camera a number of times. You see, I have Crohn's Disease (CD) in the small intestine -- a 20 foot-long portion of the gastrointestinal tract that runs between the stomach and the large intestine (colon). A "PillCam" is the most non-invasive, detailed method to survey this area as it doesn't require a scope up the rectum or down the esophagus, nor does it require any tissue slicing. It's also one of the safest procedures available -- the retention rate is as low as 1%. Unfortunately, this most recent capsule endoscopy resulted in my admission to the 1% club.

On March 27th, 2018, I swallowed the PillCam that is currently lodged in my small intestine. If you do the math, that's more than 82 days ago (over 12 weeks). After hiking Smith Rock and summiting Black Butte a couple weeks later, I thought for sure the pill would have exited. It didn't, as evident by the follow-up X-ray. It can be difficult to find research on such a what-if scenario that happens to so few, but I did manage to find a Motherboard article telling the story of Scott Willis, a CD patient that had a PillCam lodged in his gut for eight weeks. One of the key differences between him and me is that he had a partial block and endured more symptoms, prompting him to schedule a procedure to get it out quicker. I'm relatively symptom free.

We have tried upping the dose of corticosteroids to reduce inflammation and help the pill pass through the strictured areas, but that didn't seem to work. Most recently, I had two double-balloon enteroscopy procedures done within a week apart. They were able to locate the PillCam during the second procedure, but weren't able to retrieve it without risking the scope itself becoming stuck. The next step is to try again via the esophagus. The potential issue/complication here is the location. As my doctors warned, the PillCam is stuck 15 feet down and the scope is only 20 feet in length. There's little wiggle room if the pill is slightly further down the GI tract than estimated.

I am sharing this story with the Slashdot community for two reasons. First, those entrenched in the world of cyborgs and/or modern-day medical procedures may find this experience particularly interesting. Second, the more people who know about the procedures and complications of Crohn's Disease the better. For those interested, I'll update this post after the next procedure. Have you or someone you know experienced a capsule endoscopy? Please share what you feel comfortable with.

UPDATE 7/11/18: Yesterday, I had the procedure to remove the PillCam via the esophagus and it wasn't successful. The doctor said he tried everything he could to retrieve it but the scope wasn't quite long enough to reach the pill. I'll be talking with a surgeon next week and will update this post when a surgery date is confirmed.

Yesterday, 43-year-old Iowa man Sherman Hopkins Jr. was sentenced to 20 years in prison for attempting to rob a domain name from another man at gunpoint in 2017. As Motherboard reports, "this may be the first time someone has attempted to steal a domain name at gunpoint." From the report: Last June, Hopkins broke into the home of 26 year-old Ethan Deyo in Cedar Rapids, Iowa one afternoon and demanded that Deyo to log on to his computer to transfer the domain name for "doitforstate.com" to another account. According to Deyo's bio on his personal website, he is a web entrepreneur who previously worked for the web hosting service GoDaddy. After seeing Hopkins enter the apartment, Deyo locked himself into his room and Hopkins kicked in the door. Hopkins kicked in the door and "pistol-whipped" Deyo, held a gun to his head and used a stun gun on him during the encounter. While he attempted to wrestle the gun away from Hopkins, Deyo was shot in the leg, but he eventually gained control of the firearm and shot Hopkins multiple times in the chest. It's unclear why Hopkins wanted the domain name or who he was transferring the domain name to.

Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.

That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.

Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.

That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.

An anonymous reader shares a report: Who is Satoshi Nakamoto? Ever since this pseudonymous person or group unleashed Bitcoin on the world in 2008, Nakamoto's real identity has been one of the biggest mysteries in the cryptocurrency world. And based on a response to my recent Freedom of Information Act (FOIA) request, if the CIA knows anything, it's not talking. [...] In 2016, Alexander Muse, a blogger who mostly writes about entrepreneurship, wrote a blog post that claimed the NSA had identified the real identity of Satoshi Nakamoto using stylometry, which uses a person's writing style as a unique fingerprint, and then searched emails collected under the PRISM surveillance program to identify the real Nakamoto. Muse said the identity was not shared with him by his source at the Department of Homeland Security. [...] I figured it couldn't hurt to ask some other three-letter agencies what they know about Nakamoto. [...] I received a terse reply that informed me that "the request has been rejected, with the agency stating that it can neither confirm nor deny the existence of the requested documents."

Windows XP and Vista users have six months to upgrade their operating systems or get the hell off of Steam. From a report: "Steam will officially stop supporting the Windows XP and Windows Vista operating systems," Valve, the company that operates Steam, said in a post to its XP and Vista support community. "This means that after that date the Steam Client will no longer run on those versions of Windows. In order to continue running Steam and any games or other products purchased through Steam, users will need to update to a more recent version of Windows."

An anonymous reader shares a report: For years, hackers could hide malware alongside legitimate Apple code and sneak it past several popular third-party security products for Mac computers, according to new research. This is not a flaw in MacOS but an issue in how third-party security tools implemented Apple's APIs. A researcher from security firm Okta found that several security products for Mac -- including Little Snitch, xFence, and Facebook's OSquery -- could be tricked into believing malware was Apple code, and let it past their defenses. "I can take malicious code and make it look like it's signed by Apple," Josh Pitts, the security researcher at Okta who discovered these bugs, told Motherboard. In a blog post published Tuesday, Pitts explained that the issue lies with how the third-party security tools implemented Apple's code-signing APIs when dealing with Mac's executable files known as Universal or Fat files.

An anonymous reader quotes a report from Motherboard: According to a paywalled survey of 1,000 UK residents by anti-piracy outfit MUSO first spotted by Torrent Freak, 60 percent of those surveyed admitted that they had illegally streamed or downloaded music, film, or TV shows sometime in the past. But the study also showed that 83 percent of those questioned try to find the content they are looking for through above board services before trying anything else. And while the study found that 86 percent of survey takers subscribe to a streaming subscription service like Netflix, that total jumped to 91 percent among those that admit to piracy. The survey found that the top reason that users pirate is the content they were looking for wasn't legally available (34 percent) was too cumbersome or difficult to access (34 percent), or wasn't affordable (35 percent). "The entertainment industry tends to envisage piracy audiences as a criminal element, and writes them off as money lost -- but they are wrong to do so," MUSO executive Paul Briley said of the study's findings. "The reality is that the majority of people who have gone through the effort of finding and accessing such unlicensed content are, first and foremost, fans -- fans who are more often than not trying to get content legally if they can," Briley added.

Joseph Cox, writing for Motherboard: U.S. government researchers believe it is only a matter of time before a cybersecurity breach on an airline occurs, according to government documents obtained by Motherboard. The comment was included in a recent presentation talking about efforts to uncover vulnerabilities in widely used commercial aircraft, building on research in which a Department of Homeland Security (DHS) team successfully remotely hacked a Boeing 737.

The documents, which include internal presentations and risk assessments, indicate researchers working on behalf of the DHS may have already conducted another test against an aircraft. They also show what the US government anticipates would happen after an aircraft hack, and how planes still in use have little or no cybersecurity protections in place.

"Potential of catastrophic disaster is inherently greater in an airborne vehicle," a section of a presentation dated this year from the Pacific Northwest National Laboratory (PNNL), a Department of Energy government research laboratory, reads. Those particular slides are focused on PNNL's findings around aviation cybersecurity. "A matter of time before a cyber security breach on an airline occurs," the document adds.

Joseph Cox, writing for Motherboard: U.S. government researchers believe it is only a matter of time before a cybersecurity breach on an airline occurs, according to government documents obtained by Motherboard. The comment was included in a recent presentation talking about efforts to uncover vulnerabilities in widely used commercial aircraft, building on research in which a Department of Homeland Security (DHS) team successfully remotely hacked a Boeing 737.

The documents, which include internal presentations and risk assessments, indicate researchers working on behalf of the DHS may have already conducted another test against an aircraft. They also show what the US government anticipates would happen after an aircraft hack, and how planes still in use have little or no cybersecurity protections in place.

"Potential of catastrophic disaster is inherently greater in an airborne vehicle," a section of a presentation dated this year from the Pacific Northwest National Laboratory (PNNL), a Department of Energy government research laboratory, reads. Those particular slides are focused on PNNL's findings around aviation cybersecurity. "A matter of time before a cyber security breach on an airline occurs," the document adds.

An anonymous reader quotes a report from Motherboard: Until yesterday, rare Japanese PC game Labyrinthe, developed by Caravan Interactive, was long thought to be lost forever. That is until the almost mythical third game in the already obscure Horror Tour series was found on a 67GB folder of ROMs on a private forum. Other rare games from the folder are expected to become public soon. According to a YouTuber called Saint, who posted a video of him playing the game and a link to download it on Mega, Labyrinthe and as many as 70 other rare or never-before-released Japanese titles have been circulating in a file sharing directory on a private torrent site.

Labyrinthe, alongside other rare titles including Cookie's Bustle, Yellow Brick Road and Link Devicer 2074 were in a folder called "DO NOT UPLOAD." Members of the private forum hesitated to upload Labyrinthe in the fear that the private collector would take down the folder and leave the collection out of reach once again. This hesitation demonstrates the often tense relationship between game preservationists and private collectors. According to a screenshot uploaded by Saint, the private collector threatened to pull the entire folder of content from the directory and stop uploading games altogether if anyone leaked Labyrinthe. In uploading the game to Mega, it's possible the folder will be pulled from the internet. But in doing so, the person advanced the interests of game preservationists worldwide by leaking the this game and others.

Joseph Cox, reporting for Motherboard: Unfortunately for customers of MyHeritage, a genealogy and DNA testing service, a researcher uncovered 92 million account details related to the company sitting on a server, according to an announcement from MyHeritage. The data relates to users who signed up to MyHeritage up to and including October 26, 2017 -- the date of the breach -- the announcement adds. Users of the Israeli-based company can create family trees and search through historical records to try and uncover their ancestry. In January 2017, Israeli media reported the company has some 35 million family trees on its website. In all, the breach impacted 92,283,889 users, according to MyHeritage's disclosure.

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: On Monday, at its Worldwide Developers Conference, Apple teased the upcoming release of the iPhone's operating system, iOS 12. Among its most anticipated features are group FaceTime, Animoji, and a ruler app. But iOS 12's killer feature might be something that's been rumored for a while and wasn't discussed at Apple's event. It's called USB Restricted Mode, and Apple has been including it in some of the iOS beta releases since iOS 11.3.

The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones. "That pretty much kills [GrayShift's product] GrayKey and Cellebrite," Ryan Duff, a security researcher who has studied iPhone and is Director of Cyber Solutions at Point3 Security, told Motherboard in an online chat. "If it actually does what it says and doesn't let ANY type of data connection happen until it's unlocked, then yes. You can't exploit the device if you can't communicate with it."

Earlier today, ticket distribution service Ticketfly shut down after a "cyber incident" compromised its systems. A hacker reportedly defaced the company's website and claimed to have compromised the "backstage" database where festivals, promoters and venues manage their events. Engadget reports: The intrusion might have started through Ticketfly's Wordpress blog -- the hacker claimed to have downloaded and posted this on Ticketfly's site before it was taken down. The firm hasn't said when it expects services to return to normal, and it has yet to gauge the full extent of the breach. It took everything down out of an "abundance of caution," according to a spokesperson. According to Motherboard, the hacker apparently demanded a single bitcoin to divulge the vulnerability that left Ticketfly open to attack. You can view the FAQ page for more information on the incident.

Less than a week ago, if you searched for the California Republican Party on Google, you might have read that the political party's ideologies included conservatism, market liberalism, and nazism. The latter listing has since been removed, and Google is blaming the results on Wikipedia "vandalism." From a report: Vice first reported the inclusion of "Nazism" under ideologies in Google's knowledge panel -- the box that shows up to the right of search results. It's unclear how long the term had been there, but the tech giant removed it after being notified by the publication. "We regret that vandalism on Wikipedia briefly appeared on our search results," Google tweeted on Thursday in response to California congressman and House Majority Leader Kevin McCarthy. "This was not the the result of a manual change by Google. We have systems in place that catch vandalism before it impacts search results, but occasionally errors get through, and that happened here."