PewCrypt Ransomware Locks Users' Files and Won't Offer a Decryption Key Until - and Unless - PewDiePie's YouTube Channel Beats T-Series To Hit 100M Subscribers
it - Posted On:2019-03-21 16:14:59 Source: slashdot
The battle between PewDiePie, currently the most subscribed channel on YouTube, and T-Series, an Indian music label, continues to have strange repercussions. In recent months, as T-Series closes in on the gap to beat PewDiePie for the crown of the most subscribers on YouTube, alleged supporters of PewDiePie, in an unusual show of love, have hacked Chromecasts and printers to persuade victims to subscribe to PewDiePie's channel. Now ZDNet reports about a second strain of ransomware that is linked to PewDiePie. From the report: A second one appeared in January, and this was actually a fully functional ransomware strain. Called PewCrypt, this ransomware was coded in Java, and it encrypted users' files in the "proper" way, with a method of recovering files at a later date. The catch --you couldn't buy a decryption key, but instead, victims had to wait until PewDiePie gained over 100 million followers before being allowed to decrypt any of the encrypted files. At the time of writing, PewDiePie had around 90 million fans, meaning any victim would be in for a long wait before they could regain access to any of their files. Making matters worse, if T-Series got to 100 million subscribers before PewDiePie, then PewCrypt would delete the user's encryption key for good, leaving users without a way to recover their data. Read more of this story at Slashdot.
Microsoft Ships Antivirus For macOS as Windows Defender Becomes Microsoft Defender
it - Posted On:2019-03-21 13:30:00 Source: slashdot
Microsoft is bringing its Windows Defender anti-malware application to macOS -- and more platforms in the future -- as it expands the reach of its Defender Advanced Threat Protection (ATP) platform. From a report: To reflect the new cross-platform nature, the suite is also being renamed to Microsoft Defender ATP, with the individual clients being labelled "for Mac" or "for Windows." macOS malware is still something of a rarity, but it's not completely unheard of. Ransomware for the platform was found in 2016, and in-the-wild outbreaks of other malicious software continue to be found. Apple has integrated some malware protection into macOS, but we've heard from developers on the platform that Mac users aren't always very good at keeping their systems on the latest point release. Further reading: Microsoft launches previews of Windows Virtual Desktop and Defender ATP for Mac. Read more of this story at Slashdot.
Google Will Implement a Microsoft-Style Browser Picker For EU Android Devices
technology - Posted On:2019-03-20 21:14:59 Source: slashdot
Back in 2009, the EU's European Commission said Microsoft was harming competition by bundling its browser -- Internet Explorer -- with Windows. Eventually Microsoft and the European Commission settled on the "browser ballot," a screen that would pop up and give users a choice of browsers. Almost 10 years later, the tech industry is going through this again, this time with Google and the EU. After receiving "feedback" from the European Commission, Google announced last night that it would offer Android users in the EU a choice of browsers and search engines. Ars Technica reports: In July, the European Commission found Google had violated the EU's antitrust rules by bundling Google Chrome and Google Search with Android, punishing manufacturers that shipped Android forks, and paying manufacturers for exclusively pre-installing Google Search. Google was fined a whopping $5.05 billion (which it is appealing) and then the concessions started. Google said its bundling of Search and Chrome funded the development and free distribution of Android, so any manufacturer looking to ship Android with unbundled Google apps would now be charged a fee. Reports later pegged this amount as up to $40 per handset. We don't have many details on exactly how Google's new search and browser picker will work; there's just a single paragraph in the company's blog post. Google says it will "do more to ensure that Android phone owners know about the wide choice of browsers and search engines available to download to their phones. This will involve asking users of existing and new Android devices in Europe which browser and search apps they would like to use." Read more of this story at Slashdot.
Volvo To Add In-Car Sensors To Prevent Drunk Driving
technology - Posted On:2019-03-20 20:29:58 Source: slashdot
Volvo is installing cameras and sensors in its cars from the early 2020s, monitoring drivers for signs of being drunk or distracted and intervening to prevent accidents. These new safety features come a couple weeks after the automaker announced it will limit the top speed to 112mph on all its new cars from 2020 to help reduce the number of accidents. Reuters reports: Head of R&D Henrik Green said cameras will be installed on all Volvo models built on its SPA2 platform for larger cars, starting from the XC90 SUV in the early part of the next decade, before being added to smaller cars built on its CMA platform. Volvo said intervention if the driver is found to be drunk, tired or distracted by checking a mobile phone - among the biggest factors in accidents - could involve limiting the car's speed, alerting the Volvo on Call assistance service, or slowing down and parking the car. CEO Hakan Samuelsson said that while the strategies meant Volvo might lose some customers keen on high speeds, it also opened opportunities to win parents who wanted to buy the safest car to carry their children. "It would be easy to say that people can do whatever they like but we feel we have a responsibility to do this. Maybe people will see us as 'Big Brother,' but if we save some lives then it's worth it," he told journalists. Volvo also said it would introduce Care Key on cars from 2021, allowing buyers to set speed limits, and that it was talking to insurers to offer better terms for users of these safety features. Read more of this story at Slashdot.
Google Bans VPN Ads in China
technology - Posted On:2019-03-20 14:00:00 Source: slashdot
Google has banned ads for virtual private network (VPN) products targeting Chinese users, ZDNet reported on Wednesday. From a report: The company cited "local legal restrictions" as the cause of the VPN ad ban. "It is currently Google Ads policy to disallow promoting VPN services in China, due to local legal restrictions," Google said in an email today. The email was received and shared with ZDNet by VPNMentor, a website offering advice, tips, and reviews of VPN products. The company said Google prevented its employees from placing Google search ads for the Chinese version of its site. Read more of this story at Slashdot.
NVIDIA's Latest AI Software Turns Rough Doodles Into Realistic Landscapes
technology - Posted On:2019-03-20 09:14:56 Source: slashdot
An anonymous reader quotes a report from The Verge: AI is going to be huge for artists, and the latest demonstration comes from Nvidia, which has built prototype software that turns doodles into realistic landscapes. Using a type of AI model known as a generative adversarial network (GAN), the software gives users what Nvidia is calling a "smart paint brush." This means someone can make a very basic outline of a scene (drawing, say, a tree on a hill) before filling in their rough sketch with natural textures like grass, clouds, forests, or rocks. The results are not quite photorealistic, but they're impressive all the same. The software generates AI landscapes instantly, and it's surprisingly intuitive. For example, when a user draws a tree and then a pool of water underneath it, the model adds the tree's reflection to the pool. Nvidia didn't say if it has any plans to turn the software into an actual product, but it suggests that tools like this could help "everyone from architects and urban planners to landscape designers and game developers" in the future. The company has published a video showing off the imagery it handles particularly well. Read more of this story at Slashdot.
Google Fined Nearly $1.7 Billion For Ad Practices That Violated European Antitrust Laws
technology - Posted On:2019-03-20 07:59:56 Source: slashdot
European regulators on Wednesday slapped Google with a roughly $1.7 billion fine on charges that its advertising practices violated local antitrust laws, marking the third time in as many years that the region's watchdogs have penalized the U.S. tech giant for harming competition and consumers. The Washington Post: Margrethe Vestager, the European Union's top competition commissioner, announced the punishment at a news conference, accusing Google of engaging in "illegal practices" in a bid to "cement its dominant market position" in the search and advertising markets. The new penalty adds to Google's costly headaches in Europe, where Vestager now has fined the tech giant more than $9 billion in total for a series of antitrust violations. Her actions stand in stark contrast to the United States, where regulators -- facing a flood of complaints that big tech companies have become too big and powerful -- have not brought a single antitrust case against Google or any of its peers in recent years, reflecting a widening transatlantic schism over Silicon Valley and its business practices. Read more of this story at Slashdot.
Opera Adds Free and Unlimited VPN Service To Its Android Browser
technology - Posted On:2019-03-20 04:44:58 Source: slashdot
Opera has added a free VPN service to its Android browser. The Norwegian browser maker, which went public last year, also addressed concerns about potential hidden costs of using its free VPN offering. From a report: As users become more cautious about their privacy, many have explored using VPN services. According to a GlobalWebIndex estimate, more than 650 million people worldwide use such tools to mask their identity online and fend off web trackers. Opera has long recognized this need; in 2016, it launched Opera VPN, a standalone VPN app for iOS and Android. A few months later, it baked that feature into its desktop browser. Last year, however, the company discontinued Opera VPN. Now, Opera is integrating the VPN service into its Android browser. Opera 51 for Android enables users to establish a private connection between their mobile device and a remote VPN server using 256-bit encryption. Users can pick a server of their choice from a range of locations. Unlike several other VPN apps, Opera's offering does not require an account to use the service. Read more of this story at Slashdot.
California Reintroduces 'Right To Repair' Bill After Previous Effort Failed
technology - Posted On:2019-03-19 23:44:58 Source: slashdot
An anonymous reader quotes a report from Apple Insider: California State Assembly member Susan Talamantes Eggman on Monday announced the introduction of Assembly Bill 1163, which will require manufacturers like Apple to "make service literature and equipment or parts available to product owners and to regulated, independent repair shops." "For nearly 30 years California has required that manufacturers provide access to replacement parts and service materials for electronics and appliances to authorized repairers in the state. In that time, manufacturers have captured the market, controlling where and when we repair our property, and inflating the electronic waste stream," Eggman said. "The Right to Repair will provide consumers with the freedom to have their electronic products and appliances fixed by a repair shop or service provider of their choice, creating a competitive market that will be cheaper for consumers and reduce the number of devices thrown in the trash." The bill, officially filed as legislation relating to electronic waste, is Eggman's second try at right to repair legislation. Her first attempt, 2018's Bill 2110, was introduced last March and subsequently died in assembly that November. Like the pending Bill 1163, last year's tendered legislation was crafted as a play to reduce e-waste. Eggman's announcement includes a word-for-word reproduction of an explainer included in 2018's press release for the now-dead Bill 2110. In it the lawmaker argues that customers who are unable to pay for manufacturer repairs are forced to replace broken equipment like smartphones, TVs and home appliances. Beyond financial benefits, Eggman also says that the repair and reuse of electronics is more efficient than purchasing a new device, noting that such measures can "stimulate local economies instead of unsustainable overseas factories." Read more of this story at Slashdot.
Crytek Shows 4K 30 FPS Ray Tracing On Non-RTX AMD and NVIDIA GPUs
technology - Posted On:2019-03-19 20:59:59 Source: slashdot
dryriver writes: Crytek has published a video showing an ordinary AMD Vega 56 GPU -- which has no raytracing specific circuitry and only costs around $450 -- real-time ray tracing a complex 3D city environment at 4K 30 FPS. Crytek says that the technology demo runs fine on most normal NVIDIA and AMD gaming GPUs. As if this wasn't impressive already, the software real-time ray tracing technology is still in development and not even final. The framerates achieved may thus go up further, raising the question of precisely what the benefits of owning a super-expensive NVIDIA RTX 20xx series GPU are. Nvidia has claimed over and over again that without its amazing new RTX cores and AI denoiser, GPUs will choke on real-time ray tracing tasks in games. Crytek appears to have proven already that with some intelligently written code, bog ordinary GPU cores can handle real-time ray tracing just fine -- no RTX cores, AI denoiser or anything else NVIDIA touts as necessary. Read more of this story at Slashdot.
Facebook To Overhaul Ad Targeting To Prevent Discrimination
technology - Posted On:2019-03-19 17:44:59 Source: slashdot
Facebook will overhaul its ad-targeting systems to prevent discrimination in housing, credit and employment ads as part of a legal settlement. From a report: For the social network, that's one major legal problem down, several to go, including government investigations in the U.S. and Europe over its data and privacy practices. The changes to Facebook's advertising methods -- which generate most of the company's enormous profits -- are unprecedented. The social network says it will no longer allow housing, employment or credit ads that target people by age, gender or zip code. Facebook will also limit other targeting options so these ads don't exclude people on the basis of race, ethnicity and other legally protected categories in the U.S., including national origin and sexual orientation. The social media company is also paying about $5 million to cover plaintiffs' legal fees and other costs. Facebook and the plaintiffs -- a group including the American Civil Liberties Union, the National Fair Housing Alliance and others -- called the settlement "historic." It took 18 months to hammer out. The company still faces an administrative complaint filed by U.S. Department of Housing and Urban Development in August over the housing ads issue. A critic writes, "Funny how Facebook spent years quietly defending these ad targeting systems, got sued, settled, and now Sandberg calls them 'discriminatory' and cheers the 'historic' settlement." Read more of this story at Slashdot.
Google Debuts Video Games Streaming Service Stadia
technology - Posted On:2019-03-19 13:45:00 Source: slashdot
Google today launched its Stadia cloud gaming service at the Game Developers Conference (GDC) in San Francisco. From a report: Stadia is not a dedicated console or set-top box. The platform will be accessible on a variety of platforms: browsers, computers, TVs, and mobile devices. In an onstage demonstration of Stadia, Google showed someone playing a game on a Chromebook, then playing it on a phone, then immediately playing it on PC -- a low-end PC, no less --, picking up where the game left off in real time. Stadia will be powered by Google's worldwide data centers, which live in more than 200 countries and territories, streamed over hundreds of millions of miles of fiber optic cable, Google CEO Sundar Pichai said. Phil Harrison, previously at PlayStation and Xbox, now at Google, said the company will give developers access to its data centers to bring games to Stadia. Harrison said that players will be able to access and play Stadia games, like Assassin's Creed Odyssey, within seconds. Harrison showed a YouTube video of Odyssey featuring a "Play" button that would offer near-instant access to the game. Pichai announced the new platform at the Game Developers Conference, saying that Google want to build a gaming platform for everyone, and break down barriers to access for high-end games. Users will be able to move from YouTube directly into gameplay without any downloads. Google says this can be done in as little as 5 seconds. At launch, Stadia will stream games at 4k resolution, but Google claimed in the future it will be able to stream at a video quality of 8k. Read more of this story at Slashdot.
Trello Limits Teams on Free Tier To 10 Boards, Rolls Out Enterprise Automations and Admin Controls
technology - Posted On:2019-03-19 13:00:00 Source: slashdot
In this week's episode of which popular service will reduce its offerings to the non-paying users, Trello said it will have a go. From a report: Trello, a Kanban-inspired project management app organized around the idea of boards containing cards with attachments, to-do items, and comments, is getting a few much-needed improvements. Today, the Trello team announced that Trello Enterprise, a corporate-class subscription tier launched in 2015, will gain 13 new features this week, including improved admin controls, a new visibility setting, and compliance certifications. It's the largest product update in Trello Enterprise's history, the Atlassian subsidiary says, but it's a tad bittersweet -- a new restriction will be imposed on teams that use the free version of Trello. Moving forward, they'll be limited to a maximum of 10 open boards at any given time. (Enterprise and Trello Business Class users get unlimited boards, and existing free teams will be able to add up to 10 additional boards until May 1, 2019.) Last week, it was Dropbox that introduced some limits to its non-paying users. Read more of this story at Slashdot.
Norsk Hydro, One of the World's Largest Aluminum Producers, Switches To Manual Operations After Ransomware Infection
technology - Posted On:2019-03-19 12:30:00 Source: slashdot
Norsk Hydro, one of the world's largest aluminum producers, said today it has "became victim of an extensive cyber-attack" that has crippled some of its infrastructure and forced it to switch to manual operations in some smelting locations. From a report: The cyber-attack was later identified as an infection with the LockerGoga ransomware strain, the company said during a press conference. News of the cyber-attack broke earlier this morning in a message the company sent to investors and stock exchanges. "Hydro became victim of an extensive cyber-attack in the early hours of Tuesday (CET), impacting operations in several of the company's business areas," the company said. "IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible." Read more of this story at Slashdot.
Hacked Tornado Sirens Taken Offline In Two Texas Cities Ahead of Major Storm
it - Posted On:2019-03-19 09:14:56 Source: slashdot
An anonymous reader quotes a report from ZDNet: A hacker set off the tornado emergency sirens in the middle of the night last week across two North Texas towns. Following the unauthorized intrusion, city authorities had to shut down their emergency warning system a day before major storms and potential tornados were set to hit the area. The false alarm caused quite the panic in the two towns, as locals were already on the edge of their seats regarding incoming storms. The city had run tests of the tornado alarm sirens a week before, but the tests were set during the middle of the day and had long concluded. The two hacked systems were taken offline the next morning, and remained offline ever since. Bad weather, including storms and potential tornadoes, was announced for all last week in the North Texas area. A severe thunderstorm hit the two cities the following night, on March 13. Thunderstorms are known to produce brief tornadoes, but luck had it that no tornado formed and hit the towns that day. Tornadoes are frequent in Texas, as the state is located in Tornado Alley, and tornado season, a period of the year between March and May when most tornadoes happen, had officially begun. Nevertheless, a tornado didn't form on March 13, and, luckily, the sirens weren't needed. Read more of this story at Slashdot.
Google Seeking To Promote Rivals To Stave Off EU Antitrust Action
technology - Posted On:2019-03-18 21:44:58 Source: slashdot
Google is trying to boost price comparison rivals such as Kelkoo in an effort to appease European Union antitrust regulators and ward off fresh fines following a $2.7 billion penalty nearly two years ago. "The European Commission said Alphabet unit Google had used its search engine market power to unfairly promote its own comparison shopping service," reports Reuters. From the report: The company subsequently offered to allow price-comparison rivals to bid for advertising space at the top of a search page, giving them the chance to compete on equal terms. But competitors said the measure failed to create a level playing field. Earlier this month, Google introduced a new link on its search results which aims to drive more traffic to price comparison rivals. British competitor Kelkoo said on its blog that it was one of several companies selected to try out the new link which will initially be available in Germany, France and the Netherlands. EU antitrust enforcers could levy fines up to 5 percent of Google's average daily worldwide turnover if it fails to comply with the 2017 order. Read more of this story at Slashdot.
New Mirai Malware Variant Targets Signage TVs and Presentation Systems
it - Posted On:2019-03-18 19:44:59 Source: slashdot
An anonymous reader quotes a report from ZDNet: Security researchers have spotted a new variant of the Mirai IoT malware in the wild targeting two new classes of devices -- smart signage TVs and wireless presentation systems. This new strain is being used by a new IoT botnet that security researchers from Palo Alto Networks have spotted earlier this year. The botnet's author(s) appears to have invested quite a lot of their time in upgrading older versions of the Mirai malware with new exploits. Palo Alto Networks researchers say this new Mirai botnet uses 27 exploits, 11 of which are new to Mirai altogether, to break into smart IoT devices and networking equipment. Furthermore, the botnet operator has also expanded Mirai's built-in list of default credentials, that the malware is using to break into devices that use default passwords. Four new username and password combos have been added to Mirai's considerable list of default creds, researchers said in a report published earlier today. The purpose and modus operandi of this new Mirai botnet are the same as all the previous botnets. Infected devices scan the internet for other IoT devices with exposed Telnet ports and use the default credentials (from their internal lists) to break in and take over these new devices. The infected bots also scan the internet for specific device types and then attempt to use one of the 27 exploits to take over unpatched systems. The new Mirai botnet is specifically targeting LG Supersign signage TVs and WePresent WiPG-1000 wireless presentation systems. Read more of this story at Slashdot.
Education and Science Giant Elsevier Left Users' Passwords Exposed Online
it - Posted On:2019-03-18 19:14:59 Source: slashdot
The world's largest scientific publisher, Elsevier, left a server open to the public internet, exposing user email addresses and passwords. "The impacted users include people from universities and educational institutions from across the world," reports Motherboard. "It's not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials." From the report: "Most users are .edu [educational institute] accounts, either students or teachers," Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. "They could be using the same password for their emails, iCloud, etc." Motherboard verified the data exposure by asking Hussein to reset his own password to a specific phrase provided by Motherboard before hand. A few minutes later, the plain text password appeared on the exposed server. Elsevier secured the server after Motherboard approached the company for comment. Hussein also provided Elsevier with details of the security issue. An Elsevier spokesperson told Motherboard in an emailed statement that "The issue has been remedied. We are still investigating how this happened, but it appears that a server was misconfigured due to human error. We have no indication that any data on the server has been misused. As a precautionary measure, we will also be informing our data protection authority, providing notice to individuals and taking appropriate steps to reset accounts." Read more of this story at Slashdot.
Google, Microsoft Work Together For a Year To Figure Out New Type of Windows Flaw
technology - Posted On:2019-03-18 17:44:59 Source: slashdot
Google researcher James Forshaw discovered a new class of vulnerability in Windows before any bug had actually been exploited. The involved parts of the flaw "showed that there were all the basic elements to create a significant elevation of privilege attack, enabling any user program to open any file on the system, regardless of whether the user should have permission to do so," reports Ars Technica. Thankfully, Microsoft said that the flaw was never actually exposed in any public versions of Windows, but said that it will ensure future releases of Windows will not feature this class of elevation of privilege. Peter Bright explains in detail how the flaw works. Here's an excerpt from his report: The basic rule is simple enough: when a request to open a file is being made from user mode, the system should check that the user running the application that's trying to open the file has permission to access the file. The system does this by examining the file's access control list (ACL) and comparing it to the user's user ID and group memberships. However, if the request is being made from kernel mode, the permissions checks should be skipped. That's because the kernel in general needs free and unfettered access to every file. As well as this security check, there's a second distinction made: calls from user mode require strict parameter validation to ensure that any memory addresses being passed in to the function represent user memory rather than kernel memory. Calls from kernel mode don't need that same strict validation, since they're allowed to use kernel memory addresses. Accordingly, the kernel API used for opening files in NT's I/O Manager component looks to see if the caller is calling from user mode or kernel mode. Then the API passes this information on to the next layer of the system: the Object Manager, which examines the file name and figures out whether it corresponds to a local filesystem, a network filesystem, or somewhere else. The Object manager then calls back in to the I/O Manager, directing the file-open request to the specific driver that can handle it. Throughout this, the indication of the original source of the request -- kernel or user mode -- is preserved and passed around. If the call comes from user mode, each component should perform strict validation of parameters and a full access check; if it comes from kernel mode, these should be skipped. Unfortunately, this basic rule isn't enough to handle every situation. For various reasons, Windows allows exceptions to the basic user-mode/kernel-mode split. Both kinds of exceptions are allowed: kernel code can force drivers to perform a permissions check even if the attempt to open the file originated from kernel mode, and contrarily, kernel code can tell drivers to skip the parameter check even if the attempt to open the file appeared to originate from user mode. This behavior is controlled through additional parameters passed among the various kernel functions and into filesystem drivers: there's the basic user-or-kernel mode parameter, along with a flag to force the permissions check and another flag to skip the parameter validation... Read more of this story at Slashdot.
Is Adobe's Creative Cloud Too Powerful for Its Own Good?
technology - Posted On:2019-03-18 15:15:00 Source: slashdot
Reader samleecole writes: Recently I was looking around at the state of modern image editors and discovered something really disappointing. The issue? Well, even with the rise of modern Photoshop alternatives such as Affinity Photo and Pixelmator, these image editors are not designed to handle animated GIFs. Which means that, despite the fact that I'd certainly love to see what life is like outside of the world of Adobe, it looks like I'm stuck in that ecosystem for a little while longer. Don't get me wrong: Adobe's software is great, if a bit expensive. But I do think that its business model highlights just how consolidated its power actually is -- and it's not talked about nearly enough in the creative space. [...] Adobe is too powerful and can ignore things it doesn't want to do -- whether in the form of cutting prices or ignoring usability concerns -- in part because it carries itself like it's the only game in town. Here's a case in point that matters a lot to me, actually: Apple has supported a native fullscreen mode in Mac OS since 10.7, better known as Lion. It's a fundamental feature, and helps keep windows well-sorted on laptops in particular. It works pretty well in every major Mac application -- except Adobe's. Worse, if you drag a picture from a web browser into Photoshop, the window moves and doesn't stay in the middle of the screen, creating a constant frustration that could be remedied if, again, Adobe bothered to support the native fullscreen mode that has come in Mac OS for the past seven and a half years. Read more of this story at Slashdot.