By BeauHD from Slashdot's brush-under-the-rug department
According to Bloomberg, hackers stole the personal data of 57 million customers and drivers from Uber. The massive breach was reportedly concealed by the company for more than a year. From the report: Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers were accessed as well, including some 600,000 U.S. driver's license numbers. No Social Security numbers, credit card details, trip location info or other data were taken, Uber said. At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers. Here's how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.Read Replies (0)
By msmash from Slashdot's a-day-late-and-a-dollar-short department
Apple unveiled the HomePod, its first smart speaker to take on market-leading Amazon's Echo lineup of speakers, in June this year. Despite being three years late to the party, the HomePod has largely been pitched more as a speaker that sounds great instead of a device that sounds great but more importantly can also help you with daily chores. On top of this, Apple said last week it was delaying the shipment of HomePod from December this year to "early 2018." So why does a company, the market valuation of which is quickly reaching a trillion dollar, so behind its competitors? Bloomberg reports on Tuesday: Apple audio engineers had been working on an early version of the HomePod speaker for about two years in 2014 when they were blindsided by the Echo, a smart speaker from Amazon with a voice-activated assistant named Alexa. The Apple engineers jokingly accused one another of leaking details of their project to Amazon, then bought Echos so they could take them apart and see how they were put together. They quickly deemed the Echo's sound quality inferior and got back to work building a better speaker. More than two years passed. In that time Amazon's Echo became a hit with consumers impressed by Alexa's ability to answer questions, order pizzas and turn lights on and off. Meanwhile, Apple dithered over its own speaker, according to people familiar with the situation. The project was cancelled and revived several times, they said, and the device went through multiple permutations (at one point it stood 3 feet tall) as executives struggled to figure out how it would fit into the home and Apple's ecosystem of products and services. In the end, the company plowed ahead, figuring that creating a speaker would give customers another reason to stay loyal. Yet despite having all the ingredients for a serious competitor to the Echo -- including Siri and the App Store -- Apple never saw the HomePod as anything more than an accessory, like the AirPods earphones.Read Replies (0)
By msmash from Slashdot's breaking-news department
FCC on Tuesday said it plans to dismantle landmark regulations that ensure equal access to the internet, clearing the way for companies to charge more and block access to some websites. From a report on the New York Times: The proposal, put forward by the F.C.C. chairman, Ajit Pai, is a sweeping repeal of rules put in place by the Obama administration that prohibited high-speed internet service providers from blocking or slowing down the delivery of websites, or charging extra fees for the best quality of streaming and other internet services for their subscribers. The clear winners from the move would be telecom giants like AT&T and Comcast that have lobbied for years against regulations of broadband and will now have more control over the online experiences of American consumers. The losers could be internet sites that will have to answer to telecom firms to get their content in front of consumers. And consumers may see their bills increase for the best quality of internet service. Note from the editor: the aforementioned link could be paywalled; consider the alternative sources: NPR, ArsTechnica, Associated Press, BBC, Axios, Reuters, TechCrunch, and Slate.
FTC Commissioner Terrell McSweeny criticized the move. She said, "So many things wrong here, like even if FCC does this FTC still won't have jurisdiction. But even if we did, most discriminatory conduct by ISPs will be perfectly legal. This won't hurt tech titans with deep pockets. They can afford to pay all the trolls under the bridge. But the entrepreneurs and innovators who truly make the Internet great won't be so lucky. It will be harder for them to compete. The FCC is upending the Internet as we know it, not saving it." This is what the internet looks like when there is no net neutrality. Earlier today, news outlet Motherboard suggested we should build our own internet if we want to safeguard the essence of open internet.Read Replies (0)
By msmash from Slashdot's tracing-back department
Anonymous readers share a report: The Department of Justice on Tuesday charged an Iranian national with allegedly hacking into HBO, dumping a selection stolen files, and attempting to extort the company by ransoming a treasure trove of the company's content. This summer, hackers released a bevy of internal HBO files, included scripts for Game of Thrones and full, unaired episodes of other shows. Behzad Mesri, aka "Skote Vahshat," at one point worked for the Iranian military to break into military and nuclear systems, as well as Israeli infrastructure, according to the newly released complaint. Under his Vahshat pseudonym, Mesri also defaced hundreds of websites in the U.S. and around the world, the complaint adds. Mesri started his hacking campaign in around May 2017, according to the complaint, probing HBO's systems and employees for weaknesses. Mesri managed to compromise multiple HBO employee accounts as well as other authorized users; from here, he allegedly stole confidential and proprietary information. These included unaired episodes of Ballers, Barry, Room 104, Curb Your Enthusiasm, and The Deuce, as well as scripts for Game of Thrones. Indeed, the hacker behind the HBO breach publicly dumped much of this material online this summer.Read Replies (0)
By msmash from Slashdot's how-the-iPhone-got-made department
Apple's main supplier in Asia has been employing high-school students working illegal overtime to assemble the iPhone X in an effort to catch up with demand after facing production delays, the Financial Times reported on Tuesday, citing several teenagers involved. From a report: A group of 3,000 students from the Zhengzhou Urban Rail Transit School were sent to work at the local facility run by Taiwan-based Hon Hai Precision Industry, known as Foxconn, as part of a three-month stint that was billed as "work experience," and required to graduate, the Financial Times reported. Six of the students told the FT they routinely worked 11-hour days assembling Apple's flagship smartphone, which constitutes illegal overtime for student interns under Chinese law. Apple said an audit did find instances of student interns working overtime, adding that they were employed voluntarily, were compensated and provided benefits, but that they shouldn't have been allowed to work overtime.Read Replies (0)
By msmash from Slashdot's justice-league department
In light of reports that FCC plans to announce a full repeal of net neutrality protections later this week, Jason Koebler, editor-in-chief of Motherboard, suggests that it is time we cut our reliance on big telecom monopolies. He writes: Net neutrality as a principle of the federal government will soon be dead, but the protections are wildly popular among the American people and are integral to the internet as we know it. Rather than putting such a core tenet of the internet in the hands of politicians, whose whims and interests change with their donors, net neutrality must be protected by a populist revolution in the ownership of internet infrastructure and networks. In short, we must end our reliance on big telecom monopolies and build decentralized, affordable, locally owned internet infrastructure. The great news is this is currently possible in most parts of the United States. There has never been a better time to start your own internet service provider, leverage the publicly available fiber backbone, or build political support for new, local-government owned networks. For the last several months, Motherboard has been chronicling the myriad ways communities passed over by big telecom have built their own internet networks or have partnered with small ISPs who have committed to protecting net neutrality to bring affordable high speed internet to towns and cities across the country.Read Replies (0)
By msmash from Slashdot's OMG department
Google has been collecting Android phones' locations even when location services are turned off, and even when there is no carrier SIM card installed on the device, an investigation has found. Keith Collins, reporting for Quartz: Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers -- even when location services are disabled -- and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy. Quartz observed the data collection occur and contacted Google, which confirmed the practice. The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.Read Replies (0)
By BeauHD from Slashdot's pull-the-reins department
wyattstorch516 writes: The Trump administration is tightening the scrutiny on the H-1B visa program (Warning: paywalled; alternative source). Changes would undo actions by the Obama administration. There are two big regulatory changes looming that would undo actions by the Obama administration. "The first change allowed spouses of H-1B workers the right to work. That regulation is being challenged in court and the Trump administration is expected to eliminate the provision rather than defend it," reports WSJ. "The second change affects the Optional Practical Training program, which allows foreign graduates from U.S. colleges in science and technology an extra two years of work authorization, giving them time to win an H-1B visa. The Trump administration could kill that benefit or reduce the two-year window, according to people familiar with the discussions." The Journal highlights a "series of more modest changes that have added scrutiny to visa processing":
- "USCIS directed last month that adjudicators no longer pay 'deference' to past determinations for renewal applications. This means an applicant's past approval won't carry any weight if he or she applies for a renewal.
- The agency is conducting more applicant interviews, which critics say slows the system. The agency spokesman says this process will ramp up over several years and is needed to detect fraud and make accurate decisions.
- In the spring, the agency suspended premium processing, which allowed for fast-track consideration to those who paid an extra fee. This option wasn't resumed until October, meaning many workers who qualified for a coveted H-1B visa had to wait months for a decision.
< article continued at Slashdot's pull-the-reins department
>Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
In a blog post, Google's Product Manager, Chris Kleban, announced that the company is cutting the price of using Nvidia's Tesla GPUs through its Compute Engine by up to 36 percent. The older K80 GPUs will now cost $0.45 per hour while the more powerful P100 machines will cost $1.46 per minute (all with per-second billing). TechCrunch reports: The company is also dropping the prices for preemptible local SSDs by almost 40 percent. "Preemptible local SSDs" refers to local SSDs attached to Google's preemptible VMs. You can't attach GPUs to preemptible instances, though, so this is a nice little bonus announcement -- but it isn't going to directly benefit GPU users. As for the new GPU pricing, it's clear that Google is aiming this feature at developers who want to run their own machine learning workloads on its cloud, though there also are a number of other applications -- including physical simulations and molecular modeling -- that greatly benefit from the hundreds of cores that are now available on these GPUs. The P100, which is officially still in beta on the Google Cloud Platform, features 3594 cores, for example. Developers can attach up to four P100 and eight K80 dies to each instance. Like regular VMs, GPU users will also receive sustained-use discounts, though most users probably don't keep their GPUs running for a full month.Read Replies (0)
By BeauHD from Slashdot's session-replay-scripts department
An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn't new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled "No Boundaries," three researchers from Princeton's Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world's most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers' findings. If you accidentally paste something into a form that was copied to your clipboard, it's also recorded. These scripts, or bits of code that websites run, are called "session replay" scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don't just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don't run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can't "reasonably be expected to be kept anonymous," according to the researchers.Read Replies (0)
By BeauHD from Slashdot's new-energy-storage department
UCLA researchers have designed a device that can use solar energy to inexpensively and efficiently create and store energy, which could be used to power electronic devices, and to create hydrogen fuel for eco-friendly cars. Phys.Org reports: The device could make hydrogen cars affordable for many more consumers because it produces hydrogen using nickel, iron and cobalt -- elements that are much more abundant and less expensive than the platinum and other precious metals that are currently used to produce hydrogen fuel. Traditional hydrogen fuel cells and supercapacitors have two electrodes: one positive and one negative. The device developed at UCLA has a third electrode that acts as both a supercapacitor, which stores energy, and as a device for splitting water into hydrogen and oxygen, a process called water electrolysis. All three electrodes connect to a single solar cell that serves as the device's power source, and the electrical energy harvested by the solar cell can be stored in one of two ways: electrochemically in the supercapacitor or chemically as hydrogen. The device also is a step forward because it produces hydrogen fuel in an environmentally friendly way. Currently, about 95 percent of hydrogen production worldwide comes from converting fossil fuels such as natural gas into hydrogen -- a process that releases large quantities of carbon dioxide into the air, said Maher El-Kady, a UCLA postdoctoral researcher and a co-author of the research. The technology is described in the journal Energy Storage Materials.Read Replies (0)