Hackers Are So Fed Up With Twitter Bots They're Hunting Them Down Themselves
technology - Posted On:2018-03-19 10:59:56 Source: slashdot
An anonymous reader writes: Even if Twitter hasn't invested much in anti-bot software, some of its most technically proficient users have. They're writing and refining code that can use Twitter's public application programming interface, or API, as well as Google and other online interfaces, to ferret out fake accounts and bad actors. The effort, at least among the researchers I spoke with, has begun with hunting bots designed to promote pornographic material -- a type of fake account that is particularly easy to spot -- but the plan is to eventually broaden the hunt to other types of bots. The bot-hunting programming and research has been a strictly volunteer, part-time endeavor, but the efforts have collectively identified tens of thousands of fake accounts, underlining just how much low-hanging fruit remains for Twitter to prune. Among the part-time bot-hunters is French security researcher and freelance Android developer Baptiste Robert, who in February of this year noticed that Twitter accounts with profile photos of scantily clad women were liking his tweets or following him on Twitter. Aside from the sexually suggestive images, the bots had similarities. Not only did these Twitter accounts typically include profile photos of adult actresses, but they also had similar bios, followed similar accounts, liked more tweets than they retweeted, had fewer than 1,000 followers, and directed readers to click the link in their bios. Read more of this story at Slashdot.
Microsoft Brings Native HEIF Support to Windows 10
technology - Posted On:2018-03-19 10:14:56 Source: slashdot
An anonymous reader shares a report: Microsoft is bringing support for the new HEIF image format to Windows 10. First popularized by Apple with iOS 11, HEIF is a new image format that uses less storage space while preserving image quality. The new image format is used by default on Apple's iPhone X and other devices running iOS 11. While Microsoft's online services like OneDrive already supported HEIF since the release of iOS 11, Windows 10 didn't natively support the new format as of yet. But with the upcoming Redstone 4 update -- possibly called the Spring Creators Update -- the Microsoft Photos app in Windows 10 will support HEIF by default. Further reading: CNET. Read more of this story at Slashdot.
Mapping Apps Like Waze, Google Maps, and Apple Maps May Make Traffic Conditions Worse in Some Areas, New Research Suggests
technology - Posted On:2018-03-19 03:44:58 Source: slashdot
From an Atlantic story, originally titled "The Perfect Selfishness of Mapping Apps": In the pre-mobile-app days, drivers' selfishness was limited by their knowledge of the road network. In those conditions, both simulation and real-world experience showed that most people stuck to the freeways and arterial roads. Sure, there were always people who knew the crazy, back-road route, but the bulk of people just stuck to the routes that transportation planners had designated as the preferred way to get from A to B. Now, however, a new information layer is destroying the nudging infrastructure that traffic planners built into cities. Commuters armed with mobile mapping apps, route-following Lyft and Uber drivers, and software-optimized truckers can all act with a more perfect selfishness. In some happy universe, this would lead to socially optimal outcomes, too. But a new body of research at the University of California's Institute of Transportation Studies suggests that the reality is far more complicated. In some scenarios, traffic-beating apps might work for an individual, but make congestion worse overall. And autonomous vehicles, touted as an answer to traffic-y streets, could deepen the problem. "This problem has been vastly overlooked," Alexandre Bayen, the director of UC Berkeley's Institute of Transportation Studies, told me. "It is just the beginning of something that is gonna be much worse." Bayen and a team of researchers presented their work earlier this year at the Transportation Research Board's annual meeting and at the Cal Future conference at Berkeley in May 2017. They've also published work examining the negative externalities of high levels of automatic routing. Read more of this story at Slashdot.
When China Hoards Its Hackers Everyone Loses
it - Posted On:2018-03-18 17:15:00 Source: slashdot
An anonymous reader shares a report: For over a decade Pwn2Own -- happening this week -- has brought together security talent from across the globe in a friendly hacking competition that is a cornerstone of research and advancement on par with Black Hat and Def Con. China's hackers routinely win, sweeping the board -- notably, the Tencent and Keen teams. Pwn2Own is good-natured, and all in the name of researchers finding big bugs, nabbing great bounties and drawing attention to security holes and zero-days that need to be fixed. But this year, according to Pwn2Own manager Brian Gorenc, China is no longer allowing its researchers to compete. Prior to the start of Pwn2Own this week, Gorenc told press "There have been regulatory changes in some countries that no longer allow participation in global exploit contests, such as Pwn2Own and Capture the Flag competitions." One thing's for certain: yearly champions Tencent's Keen Labs and Qihoo 360's 360Vulcan team are nowhere to be found and Trend Micro, the conference organizer, has confirmed to Engadget that there are no Chinese competitors in this year's competition. [...] It's a worrying development in the direction of isolationism and away from the benefits of competition in the spirit of improving security for all. It comes at a time when relations between the US and China strain under the weight of Huawei security concerns, which are not at all new, but are certainly coming to a head as American companies sever business ties with the firm. Read more of this story at Slashdot.
Firefox Master Password System Has Been Poorly Secured for the Past 9 Years, Researcher Says
it - Posted On:2018-03-18 16:14:59 Source: slashdot
Catalin Cimpanu, writing for BleepingComputer: For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature. Both Firefox and Thunderbird allow users to set up a "master password" through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client. Experts have lauded the feature because up until that point browsers would store passwords locally in cleartext, leaving them vulnerable to malware or attackers with physical access to a victim's computer. But Wladimir Palant, the author of the AdBlock Plus extension, says the encryption scheme used by the master password feature is weak and can be easily brute-forced. "I looked into the source code," Palant says, "I eventually found the sftkdb_passwordToKey() function that converts a [website] password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and your actual master password." Read more of this story at Slashdot.
Say Goodbye To the Information Age: It's All About Reputation Now
technology - Posted On:2018-03-18 13:15:00 Source: slashdot
An anonymous reader shares an essay on Aeon magazine by Gloria Origgi, an Italian philosopher and a tenured senior researcher at CNRS : We are experiencing a fundamental paradigm shift in our relationship to knowledge. From the 'information age', we are moving towards the 'reputation age', in which information will have value only if it is already filtered, evaluated and commented upon by others. Seen in this light, reputation has become a central pillar of collective intelligence today. It is the gatekeeper to knowledge, and the keys to the gate are held by others. The way in which the authority of knowledge is now constructed makes us reliant on what are the inevitably biased judgments of other people, most of whom we do not know. [...] The paradigm shift from the age of information to the age of reputation must be taken into account when we try to defend ourselves from 'fake news' and other misinformation and disinformation techniques that are proliferating through contemporary societies. What a mature citizen of the digital age should be competent at is not spotting and confirming the veracity of the news. Rather, she should be competent at reconstructing the reputational path of the piece of information in question, evaluating the intentions of those who circulated it, and figuring out the agendas of those authorities that leant it credibility. Read more of this story at Slashdot.
Facebook and Its Executives Are Getting Destroyed After Botching the Handling of a Massive Data Breach
technology - Posted On:2018-03-18 10:14:57 Source: slashdot
The way Facebook has disclosed the abuse of its system by Cambridge Analytica, which has been reported this week, speaks volumes of Facebook's core beliefs. Sample this except from Business Insider: Facebook executives waded into a firestorm of criticism on Saturday, after news reports revealed that a data firm with ties to the Trump campaign harvested private information from millions of Facebook users. Several executives took to Twitter to insist that the data leak was not technically a "breach." But critics were outraged by the response and accused the company of playing semantics and missing the point. Washington Post reporter Hamza Shaban: Facebook insists that the Cambridge Analytica debacle wasn't a data breach, but a "violation" by a third party app that abused user data. This offloading of responsibility says a lot about Facebook's approach to our privacy. Observer reporter Carole Cadwalladr, who broke the news about Cambridge Analytica: Yesterday Facebook threatened to sue us. Today we publish this. Meet the whistleblower blowing the lid off Facebook and Cambridge Analytica. [...] Facebook's chief strategy officer wading in. So, tell us @alexstamos (who expressed his displeasure with the use of "breach" in media reports) why didn't you inform users of this "non-breach" after The Guardian first reported the story in December 2015? Zeynep Tufekci: If your business is building a massive surveillance machinery, the data will eventually be used and misused. Hacked, breached, leaked, pilfered, conned, "targeted", "engaged", "profiled", sold.. There is no informed consent because it's not possible to reasonably inform or consent. [...] Facebook's defense that Cambridge Analytica harvesting of FB user data from millions is not technically a "breach" is a more profound and damning statement of what's wrong with Facebook's business model than a "breach." MIT Professor Dean Eckles: Definitely fascinating that Joseph Chancellor, who contributed to collection and contract-violating retention (?) of Facebook user data, now works for Facebook. Amir Efrati, a reporter at the Information: May seem like a small thing to non-reporters but Facebook loses credibility by issuing a Friday night press release to "front-run" publications that were set to publish negative articles about its platform. If you want us to become more suspicious, mission accomplished. Further reading: Facebook's latest privacy debacle stirs up more regulatory interest from lawmakers (TechCrunch). Read more of this story at Slashdot.
Are Google and Facebook Surveilling Their Own Employees?
technology - Posted On:2018-03-18 06:44:57 Source: slashdot
The Guardian just ran an article titled " 'They'll squash you like a bug': how Silicon Valley keeps a lid on leakers," which begins with the story of an employee confronted by Facebook's secretive "rat-catching" team: They had records of a screenshot he'd taken, links he had clicked or hovered over, and they strongly indicated they had accessed chats between him and the journalist, dating back to before he joined the company. "It's horrifying how much they know," he told the Guardian, on the condition of anonymity... "You get on their bad side and all of a sudden you are face to face with Mark Zuckerberg's secret police"... One European Facebook content moderator signed a contract, seen by the Guardian, which granted the company the right to monitor and record his social media activities, including his personal Facebook account, as well as emails, phone calls and internet use. He also agreed to random personal searches of his belongings including bags, briefcases and car while on company premises. Refusal to allow such searches would be treated as gross misconduct... Some employees switch their phones off or hide them out of fear that their location is being tracked. One current Facebook employee who recently spoke to Wired asked the reporter to turn off his phone so the company would have a harder time tracking if it had been near the phones of anyone from Facebook. Two security researchers confirmed that this would be technically simple for Facebook to do if both people had the Facebook app on their phone and location services switched on. Even if location services aren't switched on, Facebook can infer someone's location from wifi access points. The article cites a 2012 report that Microsoft read a French blogger's Hotmail account to identify a former employee who had leaked trade secrets. And it also reports that tech companies hire external agencies to surveil their employees. "One such firm, Pinkerton, counts Google and Facebook among its clients." Though Facebook and Google both deny this, "Among other services, Pinkerton offers to send investigators to coffee shops or restaurants near a company's campus to eavesdrop on employees' conversations... Al Gidari, consulting director of privacy at the Stanford Center for Internet and Society, says that these tools "are common, widespread, intrusive and legal." Read more of this story at Slashdot.
1 in 3 Michigan Workers Tested Opened A Password-Phishing Email
technology - Posted On:2018-03-17 19:44:59 Source: slashdot
An anonymous reader quotes the AP: Michigan auditors who conducted a fake "phishing" attack on 5,000 randomly selected state employees said Friday that nearly one-third opened the email, a quarter clicked on the link and almost one-fifth entered their user ID and password. The covert operation was done as part of an audit that uncovered weaknesses in the state government's computer network, including that not all workers are required to participate in cybersecurity awareness training... Auditors made 14 findings, including five that are "material" -- the most serious. They range from inadequate management of firewalls to insufficient processes to confirm if only authorized devices are connected to the network. "Unauthorized devices may not meet the state's requirements, increasing the risk of compromise or infection of the network," the audit said. Read more of this story at Slashdot.
Did Cambridge Analytica Harvest 50 Million Facebook Profiles?
technology - Posted On:2018-03-17 18:44:59 Source: slashdot
Slashdot reader umafuckit shared this article from The Guardian: The data analytics firm that worked with Donald Trump's election team and the winning Brexit campaign harvested millions of Facebook profiles of U.S. voters, in one of the tech giant's biggest ever data breaches, and used them to build a powerful software program to predict and influence choices at the ballot box... Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: "We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on." Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals... On Friday, four days after the Observer sought comment for this story, but more than two years after the data breach was first reported, Facebook announced that it was suspending Cambridge Analytica and Kogan from the platform, pending further information over misuse of data. Separately, Facebook's external lawyers warned the Observer on Friday it was making "false and defamatory" allegations, and reserved Facebook's legal position... The evidence Wylie supplied to U.K. and U.S. authorities includes a letter from Facebook's own lawyers sent to him in August 2016, asking him to destroy any data he held that had been collected by GSR, the company set up by Kogan to harvest the profiles... Facebook did not pursue a response when the letter initially went unanswered for weeks because Wylie was travelling, nor did it follow up with forensic checks on his computers or storage, he said. "That to me was the most astonishing thing. They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back." Wylie worked with Aleksandr Kogan, the creator of the "thisisyourdigitallife" app, "who has previously unreported links to a Russian university and took Russian grants for research," according to the article. Kogan "had a licence from Facebook to collect profile data, but it was for research purposes only. So when he hoovered up information for the commercial venture, he was violating the company's terms... "At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential U.S. voters." Read more of this story at Slashdot.
Amazon Is Hiring More Developers For Alexa Than Google Is Hiring For Everything
technology - Posted On:2018-03-16 19:29:59 Source: slashdot
An anonymous reader quotes a report from Gadgets Now: Amazon is hiring 1,147 people just for its Alexa business. To put this number in perspective, it has to be mentioned that this number is higher than what Google is hiring for technical and product roles across its Alphabet group of companies including YouTube and Waymo. According to a report published in Forbes, Amazon is hiring engineers, data scientists, developers, analysts, payment services professionals among others. The Forbes report cites information released by Citi Research in association with Jobs.com. It's clear that Amazon is betting big on the smartphone speaker market if the hiring numbers are to go by. It was the first major company to come with a smart speaker and has almost 70% market share in the U.S. Google has been making in-roads with Google Home devices but still has a lot of catching up to do. The Citi report further mentions that other notable areas where Amazon is hiring are devices, advertising and seller services. Amazon is looking at hiring a total of about 1,700 employees for other divisions. Read more of this story at Slashdot.
Hacker Adrian Lamo Dies At 37
it - Posted On:2018-03-16 16:29:59 Source: slashdot
Adrian Lamo, a well-known hacker known for his involvement in passing information on whistleblower Chelsea Manning and hacking into systems at The New York Times, Microsoft, and Yahoo in the early-2000s, has died at 37. ZDNet reports: His father, Mario, posted a brief tribute to his son in a Facebook group on Friday. "With great sadness and a broken heart I have to let know all of Adrian's friends and acquittances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son," he wrote. The coroner for Sedgwick County, where Lamo lived, confirmed his death, but provided no further details. Circumstances surrounding Lamo's death are not immediately known. A neighbor who found his body said he had been dead for some time. Read more of this story at Slashdot.
Facebook Says It is Sorry For Suggesting Child Sex Videos in Search
technology - Posted On:2018-03-16 16:14:59 Source: slashdot
Facebook issued an apology on Friday after offensive terms appeared in the social network's search predictions late Thursday. From a report: When users typed "videos of" into the search bar, Facebook prompted them to search phrases including "videos of sexuals," "videos of girl sucking dick under water" and, perhaps most disturbingly, "video of little girl giving oral." Shocked users reported the problem on Twitter, posting screenshots of the search terms, which also included multiple suggestions relating to the school shooting in Florida last month. The social network appeared to have fixed the problem by Friday morning. Read more of this story at Slashdot.
Android Is Now as Safe as the Competition, Google Says
it - Posted On:2018-03-16 12:15:11 Source: slashdot
In an interview with CNET, David Kleidermacher, Google's head of security for Android, Google Play and Chrome OS, said Android is now as safe as the competition. From the interview: That's a big claim, considering that Android's main competitor is Apple's iPhone. This bold idea permeates the annual Android Security Report that Google released Thursday. "Android security made a significant leap forward in 2017 and many of our protections now lead the industry," the report says on page one. Echoing the report, Kleidermacher told CNET that Android flaws have become harder for researchers to find and that the software now protects users from malicious software so well the problems that used to leave users exposed to bad actors aren't such a big problem anymore. Read more of this story at Slashdot.
Microsoft Launches Bounty Program For Speculative Execution Side Channel Vulnerabilities
it - Posted On:2018-03-16 07:44:56 Source: slashdot
An anonymous reader shares a report: Microsoft has launched a bug bounty program that will reward anyone who finds the next Meltdown or Spectre vulnerability. Known as speculative execution side channel vulnerabilities, Microsoft is willing to reward anyone who reports bugs that could cause problems like earlier in the year. The rewards on offer range from $5,000 up to $250,000 depending on the severity of the vulnerability, and the bounty program runs until the end of 2018. Microsoft says that it will operate under the principles of coordinated vulnerability disclosure. Read more of this story at Slashdot.
Bali Plans To Switch Off Internet Services For 24 Hours For New Year 'Quiet Reflection'
technology - Posted On:2018-03-15 21:44:59 Source: slashdot
Internet service providers in Bali will be switching off mobile services this weekend for 24 hours to mark the Indonesian island's annual day of silence. "Nyepi, or New Year according to the ancient Balinese calendar, is a sacred day of reflection on the Hindu-majority island," reports The Guardian. "Even the international airport shuts down." From the report: This year authorities have called on telecommunications companies to unplug -- a request Bali says firms have promised to honor. "It was agreed that internet on mobile phones will be cut. All operators have agreed," Nyoman Sujaya, from the Bali communications ministry, told tirto.id. The plan, based on an appeal put forward by Balinese civil and religious groups, was announced following a meeting at the ministry in Jakarta. This is the first time internet services will be shut down in Bali for Nyepi, after the same request was denied last year. However, wifi connection will still be available at hotels and for strategic services such as security, aviation, hospitals and disaster agencies. Phone and SMS services will be operational, but the Indonesian Internet Service Provider Association is reviewing whether wifi at private residences will be temporarily cut. Read more of this story at Slashdot.
Android Wear Needs More Than a New Name To Fight Apple Watch
technology - Posted On:2018-03-15 20:14:58 Source: slashdot
Less than two months before Google I/O, Google has rebranded its Android Wear watch platform to "Wear OS." The recent name change is part of a move to have its watches stand apart from Android, but it could also indicate that Google's smartwatch strategy is about to shift. Google may release a completely new Wear OS focused on the Google Assistant or a Google-branded smartwatch. Scott Stein writes via CNET that Android Wear needs more than a new name to fight the Apple Watch: The Apple Watch took over the top spot in global wearable sales recently, according to IDC, despite the fact that it's only compatible with iPhones. Fitbit just announced the Versa, a promising casual smartwatch that will interface with any iPhone or Android and starts at just $200. The wearable market is growing. But where is Google in that picture? The Fossil Group, maker of many of the Android Wear watch products last year, reported some promising numbers: "In 2017, Fossil Group nearly doubled its wearables business to more than $300 million, including 20 percent of watch sales in Q4," said Greg McKelvey, Fossil's chief strategy and digital officer, as part of Google's Wear OS announcement. So it sounds like Android Wear -- sorry, Wear OS -- is still in the game. But the problem, for me, is that I've never found Android Wear watches to be particularly great. Google relaunched Android Wear over a year ago with new software and added fitness smarts, plus standalone phone functions. But Apple's watch strategy has advanced faster, with better hardware. The Apple Watch S3 can be a phone, now. So can Samsung's Gear S3, which runs on Tizen. Google, meanwhile, stopped adding cellular functions to watches after the lackluster LG Watch Sport last year. Read more of this story at Slashdot.
Linus Torvalds Slams CTS Labs Over AMD Vulnerability Report
it - Posted On:2018-03-15 17:44:59 Source: slashdot
Earlier this week, CTS Labs, a Tel Aviv-based cybersecurity startup claimed it has discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Linus Torvalds, Linux's creator doesn't buy it. ZDNet reports: Torvalds, in a Google+ discussion, wrote: "When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah." Or, as a commenter put it on the same thread, "I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?" CTS Labs claimed in an interview they gave AMD less than a day because they didn't think AMD could fix the problem for "many, many months, or even a year" anyway. Why would they possibly do this? For Torvalds: "It looks more like stock manipulation than a security advisory to me." These are real bugs though. Dan Guido, CEO of Trail of Bits, a security company with a proven track-record, tweeted: "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works." But, Guido also admitted, "Yes, all the flaws require admin [privileges] but all are flaws, not expected functionality." It's that last part that ticks Torvalds off. The Linux creator agrees these are bugs, but all the hype annoys the heck out of him. Are there bugs? Yes. Do they matter in the real world? No. They require a system administrator to be almost criminally negligent to work. To Torvalds, inflammatory security reports are annoying distractions from getting real work done. Read more of this story at Slashdot.
Digg Reader To Shut Down This Month -- Latest RSS Service To Bite the Dust
technology - Posted On:2018-03-15 12:15:00 Source: slashdot
Digg announced this week that it's shutting down Digg Reader, an app which allows users to follow RSS feeds from sites. From a report: Following the closure of Google Reader, RSS fans flocked to the likes of Feedly, The Old Reader, Digg Reader and Inoreader. Now Digg Reader has announced that it is to close, and users are being advised to export their feeds so they can be imported into an alternative service. Users do not have a great deal of time to grab their data and take it elsewhere. The RSS reader is due to close on March 26, meaning there's less than two weeks to go. No reason has been given for the closure, but presumably the venture either didn't prove as popular as expected, or it was rather more costly to run than anticipated. Read more of this story at Slashdot.
Largest US Radio Company iHeartMedia Files For Bankruptcy
technology - Posted On:2018-03-15 12:00:00 Source: slashdot
The largest U.S. radio station owner, iHeartMedia, has filed for Chapter 11 bankruptcy as it "struggles with $20 billion in debt and falling revenue at its 858 radio stations," reports Reuters. The company has reportedly reached an agreement with holders of more than $10 billion of its outstanding debt for a balance sheet restructuring, which will reduce its debt by more than $10 billion. From the report: Cash on hand and cash generated from ongoing operations will be sufficient to fund the business during the bankruptcy process, said iHeartMedia, which owns Z100 in New York and Real 103.5 KISS FM in Chicago. The filing comes after John Malone's Liberty Media Corp proposed on Feb. 26 a deal to buy a 40 percent stake in a restructured iHeartMedia for $1.16 billion, uniting the company with Liberty's Sirius XM Holdings Inc satellite radio service. Clear Channel Outdoor Holdings Inc, a subsidiary of iHeartMedia, and its units did not commence Chapter 11 proceedings. The company had 14,300 employees at the end of 2016, according to its most recent annual report. Read more of this story at Slashdot.