Twitter Bug Exposed Some Android Users' Protected Tweets For Years
it - Posted On:2019-01-17 18:44:59 Source: slashdot
Twitter disclosed on its Help Center page today that some Android users had their private tweets revealed for years due to a security flaw. "The issue caused the Twitter for Android app to disable the 'Protect your Tweets' setting for some Android users who made changes to their account settings, such as changing the email address associated with their account, between November 3rd, 2014 and January 14th, 2019," reports The Verge. From the report: Though the company says the issue was fixed earlier this week and that iOS or web users weren't affected, it doesn't yet know how many Android accounts were affected. Twitter says it's reached out to affected users and turned the setting back on for them, but it still recommends that users review their privacy settings to make sure it reflects their desired preferences. Read more of this story at Slashdot.
Verizon Blames School Text Provider In Dispute Over 'Spam' Fee
it - Posted On:2019-01-17 17:59:59 Source: slashdot
Last week, Ars Technica reported that Verizon's new "spam" fee for texts sent from teachers to students might stop working on the network because of a dispute over texting fees that Verizon demanded from Remind, the company that operates the service. Now, it appears that Verizon "has backed down from its original position slightly, and ongoing negotiations could allow the free texting service to continue," reports Ars. From the report: As we reported Monday, the dispute involves Verizon and Remind, which makes a communication service used by teachers and youth sports coaches. Verizon is charging an additional fee, saying the money will be used to fund spam-blocking services. The fee would increase Remind's costs for sending texts to Verizon users from a few hundred thousand dollars to several million dollars per year, Remind said. Remind said it would absorb the cost in order to continue providing the paid version of its service. But most of Remind's 30 million users rely on the free version of the service, and Remind said it could no longer provide free text message notifications over Verizon's network unless the fee is reversed. Verizon issued an announcement today, titled "App provider Remind threatens to eliminate a free texting service for K-12 education organizations (which will cost it nothing)." The title reflects a new offer Verizon said it made on Tuesday, which would reverse the fee for K-12 users of the free Remind service. "Verizon will not charge Remind fees as long as they don't begin charging K-12 schools, educators, parents and students using its free text message service," Verizon said. "Despite this offer, made Tuesday, Remind has not changed its position that it will stop sending free texts to Verizon customers who use the service regarding school closures, classroom activities and other critical information." The report goes on to note that simply limiting the offer to K-12 users means the fee "would still be charged for preschools, day-care centers, and youth sports coaches who use the free Remind service." Read more of this story at Slashdot.
Google Just Spent $40 Million For Fossil's Secret Smartwatch Tech
technology - Posted On:2019-01-17 16:45:00 Source: slashdot
Google and watchmaker Fossil Group today announced an agreement for the search giant to acquire some of Fossil's smartwatch technology and members of the research and development division responsible for creating it. From a report: The deal is worth roughly $40 million, and under the current terms Fossil will transfer a "portion" of its R&D team, the portion directly responsible for the intellectual property being sold, over to Google. As a result, Google will now have a dedicated team with hardware experience working internally on its WearOS software platform and potentially on new smartwatch designs as well. Read more of this story at Slashdot.
Some Android GPS Apps Are Just Showing Ads on Top of Google Maps
technology - Posted On:2019-01-17 15:29:59 Source: slashdot
A security researcher with antivirus maker ESET has discovered a collection of 19 Android apps that pose as GPS applications but which don't do anything but show ads on top of the legitimate Google Maps service. From a report: "They attract potential users with fake screenshots stolen from legitimate Navigation apps," said Lukas Stefanko, the ESET researcher who found them, who pointed out the 19 apps have been downloaded more than 50 million times. The apps "pretend to be full featured navigation apps, but all they can do is to create useless layer between User and Google Maps app," the researcher said. Stefanko says that the apps don't have any actual "navigation technology" and they only "misuse Google Maps." Read more of this story at Slashdot.
North Korean Hackers Infiltrate Chile's ATM Network After Skype Job Interview
technology - Posted On:2019-01-17 12:00:01 Source: slashdot
A Skype call and a gullible employee was all it took for North Korean hackers to infiltrate the computer network of Redbanc, the company that interconnects the ATM infrastructure of all Chilean banks. From a report: Prime suspects behind the hack are a hacker group known as Lazarus Group (or Hidden Cobra), known to have associations to the Pyongyang regime, is one of the most active and dangerous hacking groups around, and known to have targeted banks, financial institutions, and cryptocurrency exchanges in the past years. Lazarus' most recent attack took place at the end of December last year but only came to the public's attention after Chilean Senator Felipe Harboe called out Redbanc on Twitter last week for not disclosing its security breach. The company, which has direct lines into the networks of all Chilean banks, formally admitted to the hack a day later in a message posted on its website, but that announcement didn't include any details about the intrusion. However, a day after Redbanc's admission, an investigation conducted by Chilean tech news site trendTIC revealed that the financial firm was the victim of a serious cyber-attack, and not something that could be easily dismissed. According to reporters, the source of the hack was identified as a LinkedIn ad for a developer position at another company to which one of the Redbanc employees applied. Read more of this story at Slashdot.
Google Play Starts Manually Whitelisting SMS, Phone Apps
technology - Posted On:2019-01-16 17:15:00 Source: slashdot
An anonymous reader quotes a report from Ars Technica: Google is implementing major new Play Store rules for how Android's "SMS" and "Call Log" permissions are used. New Play Store rules will only allow certain types of apps to request phone call logs and SMS permissions, and any apps that don't fit into Google's predetermined use cases will be removed from the Play Store. The policy was first announced in October, and the policy kicks in and the ban hammer starts falling on non-compliant apps this week. Google says the decision to police these permissions was made to protect user privacy. SMS and phone permissions can give an app access to a user's contacts and everyone they've ever called, in addition to allowing the app to contact premium phone numbers that can charge money directly to the user's cellular bill. Despite the power of these permissions, a surprising number of apps ask for SMS or phone access because they have other, more benign use cases. So to clean up the Play Store, Google's current plan seems to be to (1) build more limited, replacement APIs for these benign use cases that don't offer access to so much user data and (2) kick everyone off the Play Store who is still using the wide-ranging SMS and phone permissions for these more limited use cases. Google provides a help page that helps explain the new rules and offer workarounds for some use cases. Read more of this story at Slashdot.
Microsoft is Separating Cortana From Search in Windows 10
technology - Posted On:2019-01-16 14:45:00 Source: slashdot
Microsoft is making some big changes to Cortana in Windows 10. The company intends to decouple search and Cortana in the Windows 10 taskbar, allowing voice queries to be handled separately to typing in a search box to find documents and files. From a report: This change will be implemented in the next major Windows 10 update, currently scheduled for April. Windows 10 will direct you towards an built-in search experience for text queries, while Cortana will exist for voice queries instead of them both bundled together. "This will enable each experience to innovate independently to best serve their target audiences and use cases," explains Dona Sarkar, Microsoft's Windows Insider chief. "This change is one of several we've made throughout this release to improve your experience in this space, including updating the search landing page design, enhancing your search results, and integrating Microsoft To-Do with Cortana." Read more of this story at Slashdot.
Google's Transition To 64-Bit Apps Begins in August, 32-Bit Support To End in 2021
technology - Posted On:2019-01-16 13:59:59 Source: slashdot
In a bid to deliver better software experience on devices powered by 64-bit processors in the coming years, Google aims to shift Android towards a 64-bit app ecosystem. From a report: The company has now shed more light on the transition and has announced that developers will have to submit a 64-bit version of their Android apps starting August this year. This move will eventually culminate in a universal implementation of the 64-bit app policy that will be enforced in 2021, after which, Google will no longer host 32-bit apps on the Play Store accessed on a device based on 64-bit hardware. Google announced the move towards 64-bit apps in 2017, claiming that apps with 64-bit code offer significantly better performance. However, the search giant did not provide any details regarding the exceptions to the new rule or when the Play Store will cease to serve 32-bit apps. Google has now revealed that starting August 1 this year, developers must submit 64-bit versions of all new apps and app updates, alongside the old 32-bit versions prior to their publishing from the Play Store. Read more of this story at Slashdot.
Most Facebook Users Don't Know That it Records a List of Their Interests, New Study Finds
technology - Posted On:2019-01-16 12:30:00 Source: slashdot
Seventy-four percent of Facebook users are unaware that Facebook records a list of their interests for ad-targeting purposes, according to a new study from the Pew Institute. From a report: Participants in the study were first pointed to Facebook's ad preferences page, which lists out a person's interests. Nearly 60 percent of participants admitted that Facebook's lists of interests were very or somewhat accurate to their actual interests, and 51 percent said they were uncomfortable with Facebook creating the list. Read more of this story at Slashdot.
Finland's Ambitious Plan To Teach Anyone the Basics of AI
technology - Posted On:2019-01-16 12:00:00 Source: slashdot
In the era of AI superpowers, Finland is no match for the US and China. So the Scandinavian country is taking a different tack. From a report: It has embarked on an ambitious challenge to teach the basics of AI to 1% of its population, or 55,000 people. Once it reaches that goal, it plans to go further, increasing the share of the population with AI know-how. The scheme is all part of a greater effort to establish Finland as a leader in applying and using the technology. Citizens take an online course that is specifically designed for non-technology experts with no programming experience. The government is now rolling it out nationally. As of mid-December, more than 10,500 people, including at least 4,000 outside of Finland's borders, had graduated from the course. More than 250 companies have also pledged to train part or all of their workforce. Read more of this story at Slashdot.
WhatsApp Now Has More Monthly Active Users Than Facebook App
technology - Posted On:2019-01-16 10:29:56 Source: slashdot
Facebook's $19 billion bet on WhatsApp in 2014, when the messaging app had 450 million active users, is beginning to pay off. From a report: In recent months, WhatsApp has surpassed Facebook's own marquee app in popularity, according to industry estimates. In September of last year, WhatsApp for the first time had more monthly active users worldwide on Android and iPhone platforms than the Facebook app, research firm App Annie said today in its annual State of Mobile report. App Annie did not share specific figures but told VentureBeat that WhatsApp has maintained its lead over the Facebook app since September. Read more of this story at Slashdot.
Insect Collapse: 'We Are Destroying Our Life Support Systems'
it - Posted On:2019-01-16 00:44:58 Source: slashdot
An anonymous reader quotes a report from The Guardian: Scientist Brad Lister returned to Puerto Rican rainforest after 35 years to find 98% of ground insects had vanished. His return to the Luquillo rainforest in Puerto Rico after 35 years was to reveal an appalling discovery. The insect population that once provided plentiful food for birds throughout the mountainous national park had collapsed. On the ground, 98% had gone. Up in the leafy canopy, 80% had vanished. The most likely culprit by far is global warming. "It was just astonishing," Lister said. "Before, both the sticky ground plates and canopy plates would be covered with insects. You'd be there for hours picking them off the plates at night. But now the plates would come down after 12 hours in the tropical forest with a couple of lonely insects trapped or none at all." "We are essentially destroying the very life support systems that allow us to sustain our existence on the planet, along with all the other life on the planet," Lister said. "It is just horrifying to watch us decimate the natural world like this." Lister calls these impacts a "bottom-up trophic cascade", in which the knock-on effects of the insect collapse surge up through the food chain. "I don't think most people have a systems view of the natural world," he said. "But it's all connected and when the invertebrates are declining the entire food web is going to suffer and degrade. It is a system-wide effect." To understand the global scale of an insect collapse that has so far only been glimpsed, Lister says, there is an urgent need for much more research in many more habitats. "More data, that is my mantra," he said. Read more of this story at Slashdot.
Facebook's '10 Year Challenge' Meme Could Train Facial Recognition Algorithms On Age Progression, Age Recognition
technology - Posted On:2019-01-15 22:44:58 Source: slashdot
If you've spent any time on social media lately, you've probably noticed a trend where users are posting their then-and-now profile pictures, mostly from 10 years ago and this year. While this "10 Year Challenge" appears harmless, founder of KO Insights and the author of Tech Humanist, Kate O'Neill, says all this data "could be mined to train facial recognition algorithms on age progression and age recognition." She adds: "It's worth considering the depth and breadth of the personal data we share without reservations." From the report: Imagine that you wanted to train a facial recognition algorithm on age-related characteristics, and, more specifically, on age progression (e.g. how people are likely to look as they get older). Ideally, you'd want a broad and rigorous data set with lots of people's pictures. It would help if you knew they were taken a fixed number of years apart -- say, 10 years. Sure, you could mine Facebook for profile pictures and look at posting dates or EXIF data. But that whole set of profile pictures could end up generating a lot of useless noise. People don't reliably upload pictures in chronological order, and it's not uncommon for users to post pictures of something other than themselves as a profile picture. A quick glance through my Facebook friends' profile pictures shows a friend's dog who just died, several cartoons, word images, abstract patterns, and more. In other words, it would help if you had a clean, simple, helpfully-labeled set of then-and-now photos. What's more, for the profile pictures on Facebook, the photo posting date wouldn't necessarily match the date that the picture was taken. [...] Through the Facebook meme, most people have been helpfully adding that context back in (e.g. "me in 2008, and me in 2018"), as well as further info, in many cases, about where and how the pic was taken (e.g. "2008 at University of Whatever, taken by Joe; 2018 visiting New City for this year's such-and-such event"). In other words, thanks to this meme, there's now a very large data set of carefully curated photos of people from roughly 10 years ago and now. In closing, Kate says it's not necessarily bad that someone could use your Facebook photos to train a facial recognition algorithm -- it's inevitable. "Still, the broader takeaway here is that we need to approach our interactions with technology mindful of the data we generate and how it can be used at scale." Read more of this story at Slashdot.
Pwn2Own Contest Will Pay $900,000 For Hacks That Exploit Tesla's Model 3
it - Posted On:2019-01-15 21:14:59 Source: slashdot
The Model 3 will be entered into Pwn2Own this year, the first time a car has been included in the annual high-profile hacking contest. The prize for the winning security researchers: a Model 3. TechCrunch reports: Pwn2Own, which is in its 12th year and run by Trend Micro's Zero Day Initiative, is known as one of the industry's toughest hacking contests. ZDI has awarded more than $4 million over the lifetime of the program. Pwn2Own's spring vulnerability research competition, Pwn2Own Vancouver, will be held March 20 to 22 and will feature five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category. The targets, chosen by ZDI, include software products from Apple, Google, Microsoft, Mozilla, Oracle and VMware. And, of course, Tesla . Pwn2Own is run in conjunction with the CanSec West conference. There will be "more than $900,000 worth of prizes available for attacks that subvert a variety of [the Model 3's] onboard systems," reports Ars Technica. "The biggest prize will be $250,000 for hacks that execute code on the car's getaway, autopilot, or VCSEC." "A gateway is the central hub that interconnects the car's powertrain, chassis, and other components and processes the data they send. The autopilot is a driver assistant feature that helps control lane changing, parking, and other driving functions. Short for Vehicle Controller Secondary, VCSEC is responsible for security functions, including the alarm." Read more of this story at Slashdot.
Apple Maps Gooses DuckDuckGo In Search Privacy Partnership
technology - Posted On:2019-01-15 20:29:59 Source: slashdot
Search engine DuckDuckGo now displays location information from Apple Maps in its search results. "DuckDuckGo now uses Apple Maps both for small maps in location-related search results and for larger, interactive search results that appear in a separate maps tab," reports CNET. "That replaces a combination including MapBox, OpenStreetMap and homegrown technology." From the report: The top reason DuckDuckGo argues you should try it is that it doesn't keep any personal information on you and what you searched for, unlike search leader Google. That dovetails nicely with Apple's sustained push to improve online privacy. But maintaining your privacy can be tough when you're looking for location-related information. DuckDuckGo says it's struck a balance, though. It doesn't send personally identifiable information such as your computer's Internet Protocol network address, to Apple or other third parties, DuckDuckGo said. "For local searches, where your approximate location information is sent by your browser to us, we discard it immediately after use," the company added. Read more of this story at Slashdot.
Project Alias Hacks Amazon Echo and Google Home To Protect Your Privacy
it - Posted On:2019-01-15 18:29:59 Source: slashdot
fahrbot-bot writes: The gadget, called Alias, is an always-listening speaker, designed to fit on top of an Amazon Echo or Google Home, where it looks like a mass of melted candle wax. It's composed of a 3D-printed top layer, a mic array, a Raspberry Pi, and two speakers. It only connects to the internet during the initial setup process. Alias stays "off the grid" while you're using it, preventing your conversations from leaving the device. When the Alias hears its own (customizable) wake word, it'll stop broadcasting white noise and wake up Alexa or Google Assistant so you can use them as normal. Read more of this story at Slashdot.
DerbyCon Will Hold Its Last InfoSec Conference in September This Year
technology - Posted On:2019-01-14 23:59:58 Source: slashdot
DerbyCon 9.0, the upcoming edition of the popular InfoSec conference in September, will be its last. From an official announcement: When we first started DerbyCon, our goal was to create a conference where we could all come together to collaborate and share as a community, but most importantly as a profession. DerbyCon 1.0 was a huge gamble for us both personally and financially, but we believed in what we were doing, and it worked. For those that don't know the history of DerbyCon, it started off inside of a pizza shop as an idea between a few friends. Our goal was to create an affordable conference that shared a lot of what we had experienced in our early days in security. The ideas of collaboration, community, and the betterment of the industry and the safety of technology were at the forefront. At the end of DerbyCon 1.0, we realized that the conference was a huge success and our dream became a reality. [...] What we have had to deal with on the back-end the past few years is more than just running a conference and sharing with friends. The conference scene in general changed drastically and small pocket groups focus on outrage and disruption where there is no right answer (regardless of how you respond, it's wrong), instead of coming together, or making the industry better. There is a small, yet vocal group of people creating negativity, polarization, and disruption, with the primary intent of self-promotion to advance a career, for personal gain, or for more social media followers. Individuals that would have us be judge, jury, and executioner for people they have had issues with outside of the conference that has nothing to do with the conference itself. Instead of working hard in research, being a positive force in the industry, or sharing their own unique experiences (which makes us better as a whole), they tear others down in order to promote themselves. This isn't just about DerbyCon, it is present at other conferences as well and it's getting worse each year. We've spoken with a number of conference organizers, and each year it becomes substantially more difficult to host a conference where people can come together in large group settings. It's not just conferences either. This behavior is happening all over the place on social media, in our industry, targeting people trying to do good. As a community, we add fuel to fire, attack others, and give them a platform in one massive toxic environment. We do this all in fear of repercussions from upsetting others. Until this pattern changes, it will continue to get worse. Read more of this story at Slashdot.
Slashdot Asks: How Do You Manage Your Inbox?
technology - Posted On:2019-01-14 22:44:58 Source: slashdot
Being one of the oldest forms of electronic messaging, users have come up with all sorts of different approaches to managing emails. Some people follow the "Inbox Zero" method of filing and deleting emails religiously, while others embrace the "Inbox Infinity" method of letting email messages pile up, replying to what they can and ignoring the rest. Taylor Lorenz, a staff writer at The Atlantic, suggests users embrace the latter for 2019. Lulu Garcia-Nevarro writes via NPR: In a recent piece in The Atlantic, tech writer Taylor Lorenz argues, in 2019, you should lose the zero and embrace the Zen. Let all those emails flooding your inbox wash over you. Respond to what you can, and ignore the rest. Key to inbox infinity -- telling close contacts and family that your email replies might be slow in coming -- if at all -- as well as alternative ways to reach you. It's that easy. Or maybe not, depending on how email-dependent your boss, your colleagues and your best friend, your mom and your husband are. As for me, I've apparently been embracing inbox infinity for years without knowing it. And let me tell you, it feels great. Don't expect a reply anytime soon. How do you manage your inbox? Would you say you follow one of these two principles, or do you have an in-between method that works for you? Read more of this story at Slashdot.
VW Investing $800 Million In Tennessee Factory To Make Next-Gen Electric Vehicles
technology - Posted On:2019-01-14 20:44:59 Source: slashdot
Volkswagen will spend $800 million to expand a U.S. factory that will produce the automaker's next generation of electric vehicles. "The factory in Chattanooga, Tenn. will be the company's North American base for manufacturing electric vehicles," reports TechCrunch. "The expansion is expected to create 1,000 jobs at the plant." From the report: VW's Chattanooga expansion is just a piece of the automaker's broader plan to move away from diesel in the wake of the emissions cheating scandal that erupted in 2015. Globally, VW Group plans to commit almost $50 billion through 2023 toward the development and production of electric vehicles and digital services. The Volkswagen brand (so not including its Audi or Porsche brands) alone has forecasted selling 150,000 EVs by 2020 worldwide, increasing that number to 1 million by 2025. The Tennessee factory (along with the other new facilities) will produce EVs using Volkswagen's modular electric toolkit chassis, or MEB, introduced by the company in 2016. The MEB is a flexible modular system -- really a matrix of common parts -- for producing electric vehicles that VW says make it more efficient and cost-effective. Electric vehicle production at the Tennessee site will begin in 2022. However, Volkswagen of America says it will offer the first EV based on the MEB platform to customers in 2020.This EV will be a series-production version of the I.D. CROZZ SUV concept that was first shown at the North American International Auto Show last year. This vehicle will have the interior space of a midsize SUV in the footprint of a compact SUV. Volkswagen of America will also offer a multi-purpose EV based off the I.D. BUZZ concept. This EV will be a series-production version of the I.D. CROZZ SUV concept that was first shown at the North American International Auto Show last year. This vehicle will have the interior space of a midsize SUV in the footprint of a compact SUV. Volkswagen of America will also offer a multi-purpose EV based off the I.D. BUZZ concept. Read more of this story at Slashdot.
Hack Allows Escape of Play-With-Docker Containers
it - Posted On:2019-01-14 18:44:59 Source: slashdot
secwatcher quotes a report from Threatpost: Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the proof-of-concept attack. "The team was able to escape the container and run code remotely right on the host, which has obvious security implications," wrote researchers in a technical write-up posted Monday. Play-with-Docker is an open source free in-browser online playground designed to help developers learn how to use containers. While Play-with-Docker has the support of Docker, it was not created by nor is it maintained by the firm. The environment approximates having the Alpine Linux Virtual Machine in browser, allowing users to build and run Docker containers in various configurations. The vulnerability was reported to the developers of the platform on November 6. On January 7, the bug was patched. As for how many instances of Play-with-Docker may have been affected, "CyberArk estimated there were as many as 200 instances of containers running on the platform it analyzed," reports Threatpost. "It also estimates the domain receives 100,000 monthly site visitors." Read more of this story at Slashdot.