By msmash from Slashdot's security-woes department
A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with thousands of new repositories leaking new secrets on a daily basis. From a report: The scan was the object of academic research carried out by a team from the North Carolina State University (NCSU), and the study's results have been shared with GitHub, which acted on the findings to accelerate its work on a new security feature called Token Scanning, currently in beta. The NCSU study is the most comprehensive and in-depth GitHub scan to date and exceeds any previous research of its kind. NCSU academics scanned GitHub accounts for a period of nearly six months, between October 31, 2017, and April 20, 2018, and looked for text strings formatted like API tokens and cryptographic keys.Read Replies (0)
By msmash from Slashdot's closer-look department
Up to 95% of all reported trading in bitcoin is artificially created by unregulated exchanges, according to a new study [PDF], raising fresh doubts about the nascent market following a steep decline in prices over the past year. From a report: Fraudulent trading volume has dogged cryptocurrency trading for years, but the extent of the market manipulation has been difficult to determine. Bitwise Asset Management said its analysis of trading activity at 81 exchanges over four days in March indicates that the actual market for bitcoin is far smaller than previously thought. The San Francisco-based company submitted its research to the U.S. Securities and Exchange Commission with an application to launch a bitcoin-based exchange-traded fund.
The study, made public Thursday, is an attempt to alleviate the agency's longstanding concerns that a bitcoin ETF would leave investors exposed to fraud and market manipulation. Bitwise's fund, if approved, would be based upon the 5% of trading it considers legitimate, said Matthew Hougan, Bitwise's head of global research. That volume comes from 10 regulated exchanges that can verify that their trading data and customers are real. This slice of the market, he said, is well regulated, transparent and efficient. "I hope everyone sees there is a real market for bitcoin," he said.Read Replies (0)
By BeauHD from Slashdot's improper-data-gathering-practices department
An anonymous reader quotes a report from The Guardian: Facebook employees were aware of concerns about "improper data-gathering practices" by Cambridge Analytica months before the Guardian first reported, in December 2015, that the political consultancy had obtained data on millions from an academic. The concerns appeared in a court filing by the attorney general for Washington DC and were subsequently confirmed by Facebook. The new information "could suggest that Facebook has consistently mislead [sic]" British lawmakers "about what it knew and when about Cambridge Analytica," tweeted Damian Collins, the chair of the House of Commons digital culture media and sport select committee (DCMS) in response to the court filing.
In a statement, a company spokesperson said: "Facebook absolutely did not mislead anyone about this timeline." After publication of this article, the spokesperson acknowledged that Facebook employees heard rumors of data scraping by Cambridge Analytica in September 2015. The spokesperson said that this was a "different incident" from Cambridge Analytica's acquisition of a trove of data about as many as 87 million users that has been widely reported on for the past year. "In September 2015 employees heard speculation that Cambridge Analytica was scraping data, something that is unfortunately common for any internet service," the spokesperson said. "In December 2015, we first learned through media reports that Kogan sold data to Cambridge Analytica, and we took action. Those were two different things." The filing raised questions about when Facebook first learned about the misuse of personal data by Cambridge Analytica, the now defunct political consultancy.Read Replies (0)
By BeauHD from Slashdot's you-and-what-army department
Google's Stadio cloud-gaming service may be intercepted by a similar service from Walmart. According to a report from US Gamer, the American retail giant is looking into launching its own cloud gaming service. From the report: Multiple sources familiar with Walmart's plans, who wish to remain anonymous, confirmed to USG that the retail giant is exploring its own platform to enter in the now-competitive video game streaming race. No other details were revealed other than it will be a streaming service for video games, and that Walmart has been speaking with developers and publishers since earlier this year and throughout this year's Game Developers Conference. Walmart's discussions with developers for its streaming service have been secretive, and it's unclear how far along the service is in-development. But our sources are confident that this is a space Walmart is trying to move into.
Though Walmart might sound like a strange company to be jumping into the streaming tech space, the move isn't wholly unexpected. In recent years due to competition from Amazon, Walmart has been increasingly looking into more tech-focused markets beyond its traditional physical retail chain. Over time, Walmart has integrated its physical stores with its large online presence, offering deliveries, app integrations, and in-store pick up services. Walmart also has a technology arm in Silicon Valley called Walmart Labs, which has 6,000 employees and develops tech for Walmart's digital presence. In addition it boasts tools like Cruxlux, which is a search engine designed to reveal the connection between any two people, places, or things. Finally, Walmart has a data center unofficially called Area 71 in Caverna, Missouri which holds over 460 trillion bytes of data. Data centers are a centerpiece of Google's Stadia streaming service and companies like Microsoft, Amazon, and Apple also own powerful data facilities, all of whom are also coincidentally working in streaming technology.Read Replies (0)
By BeauHD from Slashdot's it's-alive department
Since 2016, Microsoft has been working with the University of Washington to develop the first device to automatically encode digital information into DNA and back to bits again. "So far, DNA storage has been carried out by hand in the lab," reports MIT Technology Review. But now Microsoft and researchers at the University of Washington "say they created a machine that converts electronic bits to DNA and back without a person involved." From the report: The gadget, made from about $10,000 in parts, uses glass bottles of chemicals to build DNA strands, and a tiny sequencing machine from Oxford Nanopore to read them out again. According to a publication on March 21 in the journal Nature Scientific Reports, the team was able to store and retrieve just a single word -- "hello" -- or five bytes of data. What's more, the process took 21 hours, mostly because of the slow chemical reactions involved in writing DNA. While the team considered that a success for their prototype, a commercially useful DNA storage system would have to store data millions of times faster.Read Replies (0)
By BeauHD from Slashdot's inaccurate-mess department
An anonymous reader quotes a report from Motherboard: Microsoft this week was the latest to highlight the U.S. government's terrible broadband mapping in a filing with the FCC, first spotted by journalist Wendy Davis. In it, Microsoft accuses the FCC of over-stating actual broadband availability and urges the agency to do better. "The Commission's broadband availability data, which underpins FCC Form 477 and the Commission's annual Section 706 report, appears to overstate the extent to which broadband is actually available throughout the nation," Microsoft said in the filing. "For example, in some areas the Commission's broadband availability data suggests that ISPs have reported significant broadband availability (25 Mbps down/3 Mbps up) while Microsoft's usage data indicates that only a small percentage of consumers actually access the Internet at broadband speeds in those areas," Microsoft said.
Similar criticism has long plagued the agency. The FCC's broadband data is received via the form 477 data collected from ISPs. But ISPs have a vested interest in over-stating broadband availability to obscure the sector's competition problems, and the FCC historically hasn't worked very hard to independently verify whether this data is truly accurate. The FCC's methodology has long been criticized as well. As it currently stands, the agency declares an entire ZIP code as "served" with broadband if just one home in an entire census block has it. In its filing, Microsoft "suggested that the Commission's ongoing effort to more accurately measure broadband could be improved by drawing on the FCC's subscription data, along with other broadband data sets from third-parties such as Microsoft, to complement survey data submitted under the current rules."Read Replies (0)
By BeauHD from Slashdot's sneaky-bastards department
Tesla is suing a former engineer at the company, claiming he copied the source code for its Autopilot technology before joining a Chinese self-driving car startup in January. Reuters reports: The engineer, Guangzhi Cao, copied more than 300,000 files related to Autopilot source code as he prepared to join China's Xiaopeng Motors Technology Company Ltd, the Silicon Valley carmaker said in the lawsuit filed in a California court. Separately, Tesla lawyers on Wednesday filed a lawsuit against four former employees and U.S. self-driving car startup Zoox Inc, alleging the employees stole proprietary information and trade secrets for developing warehousing, logistics and inventory control operations. The Verge reported on the lawsuit filed against Cao: Tesla says that last year, Cao started uploading "complete copies of Tesla's Autopilot-related source code" to his iCloud account. The company claims he ultimately moved more than 300,000 files and directories related to Autopilot. After accepting a job with XPeng at the end of last year, Tesla says Cao deleted 120,000 files off his work computer and disconnected his personal iCloud account, and then "repeatedly logged into Tesla's secure networks" to clear his browser history before his last day with the company. Tesla also claims Cao recruited another Autopilot employee to XPeng in February. Tesla claims that it gives XPeng "unfettered access" to Autopilot: "Absent immediate relief, Tesla believes Cao and his new employer, [XPeng], will continue to have unfettered access to Tesla's marquee technology, the product of more than five years' work and over hundreds of millions of dollars of investment, which they have no legal right to possess," the company's lawyers write.Read Replies (0)
By BeauHD from Slashdot's lost-focus department
chicksdaddy writes: The grandson of Theo Brown, a legendary engineer and inventor for John Deere who patented, among other things, the manure spreader is calling out the company his grandfather served for decades for its opposition to right to repair legislation being considered in Illinois. In an opinion piece published by The Security Ledger entitled "My Grandfather's John Deere would support Our Right to Repair," Willie Cade notes that his grandfather, Theophilus Brown is credited with 158 patents, some 70% of them for Deere & Co., including the manure spreader in 1915. His grandfather used to travel the country to meet with Deere customers and see his creations at work in the field. His hope, Cade said, was to help the company's customers be more efficient and improve their lives with his inventions. In contrast, Cade said the John Deere of the 21st Century engages in a very different kind of business model: imposing needless costs on their customers. An example of this kind of rent seeking is using software locks and other barriers to repair -- such as refusing to sell replacement parts -- in order to force customers to use authorized John Deere technicians to do repairs at considerably higher cost and hassle. "It undermines what my grandfather was all about," he writes. Cade, who founded the Electronics Reuse Conference, is supporting right to repair legislation that is being considered in Illinois and opposed by John Deere and the industry groups it backs. "Farmers who can't repair farm equipment and a wide spectrum of Americans who can't repair their smartphones are pushing back in states across the country."Read Replies (0)
By msmash from Slashdot's shape-of-things-to-come department
The U.S. is likely to see "historic, widespread flooding" through May, according to the National Oceanic and Atmospheric Association's spring outlook. From a report: "This is shaping up to be a potentially unprecedented flood season, with more than 200 million people at risk for flooding in their communities," said Ed Clark, director of NOAA's National Water Center in Tuscaloosa, Alabama. NOAA's outlook calls for nearly two-thirds of the lower 48 states to face an elevated risk of flooding through May, with the potential for major to moderate flooding in 25 states across the Great Plains, Midwest and down through the Mississippi River valley.
"The flooding this year could be worse than what we have seen in previous years ... even worse than the historic floods we saw in 1993 and 2011," said Mary Erickson, deputy director of the National Weather Service. The warning comes amid record flooding triggered by a sudden warm-up and heavy rains earlier this month brought on by the "bomb cyclone." Combined with rapid snowmelt, the factors in recent weeks have put many places in the Great Plains and Midwest underwater.Read Replies (0)
By BeauHD from Slashdot's not-much-else-has-changed department
An anonymous reader quotes a report from Ars Technica: Cable lobbyists don't want to be called cable lobbyists anymore. The nation's top two cable industry lobby groups have both dropped the word "cable" from their names. But the lobby groups' core mission -- the fight against regulation of cable networks -- remains unchanged. The National Cable & Telecommunications Association (NCTA) got things started in 2016 when it renamed itself NCTA-The Internet & Television Association, keeping the initialism but dropping the words it stood for. The group was also known as the National Cable Television Association between 1968 and 2001. The American Cable Association (ACA) is the nation's other major cable lobby. While NCTA represents the biggest companies like Comcast and Charter, the ACA represents small and mid-size cable operators. Today, the ACA announced that it is now called America's Communications Association or "ACA Connects," though the ACA's website still uses the americancable.org domain name.
"The new name reflects a leading position for the association in the fast-growing telecommunications industry, where technology is rapidly changing how information is provided to and used by consumers," the cable lobby said. "It's all about the communications and connections our members provide," said cable lobbyist Matthew Polka, who is CEO of the ACA. The "ACA Connects" moniker "explains what our association and members really do," Polka continued. "We connect, communicate, build relationships and work together with all, and that will never change."Read Replies (0)
By msmash from Slashdot's stranger-things department
The battle between PewDiePie, currently the most subscribed channel on YouTube, and T-Series, an Indian music label, continues to have strange repercussions. In recent months, as T-Series closes in on the gap to beat PewDiePie for the crown of the most subscribers on YouTube, alleged supporters of PewDiePie, in an unusual show of love, have hacked Chromecasts and printers to persuade victims to subscribe to PewDiePie's channel. Now ZDNet reports about a second strain of ransomware that is linked to PewDiePie. From the report: A second one appeared in January, and this was actually a fully functional ransomware strain. Called PewCrypt, this ransomware was coded in Java, and it encrypted users' files in the "proper" way, with a method of recovering files at a later date. The catch --you couldn't buy a decryption key, but instead, victims had to wait until PewDiePie gained over 100 million followers before being allowed to decrypt any of the encrypted files. At the time of writing, PewDiePie had around 90 million fans, meaning any victim would be in for a long wait before they could regain access to any of their files. Making matters worse, if T-Series got to 100 million subscribers before PewDiePie, then PewCrypt would delete the user's encryption key for good, leaving users without a way to recover their data.
While the ransomware was put together as a joke, sadly, it did infect a few users, ZDNet has learned. Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.Read Replies (0)
By msmash from Slashdot's privacy-woes department
HMD Global, the Finnish company that sublicensed the Nokia smartphone brand from Microsoft, is under investigation in Finland for collecting and sending some phone owners' information to a server located in China. From a report: In a statement to Finnish newspaper Helsingin Sanomat, the company blamed the data collection on a coding mistake during which an "activation package" was accidentally included in some phones' firmware. HMD Global said that only a single batch of Nokia 7 Plus devices were impacted and included this package. The data collection was exposed today in an investigation published by Norwegian broadcaster NRK, which learned of it from a user's tip. According to NRK, affected Nokia phones collected user data every time the devices were turned on, unlocked, or the screen was revived from a sleep state. Collected data included the phone's GPS coordinates, network information, phone serial number, and SIM card number.Read Replies (0)
By msmash from Slashdot's closer-look department
US companies are going to keep hiring foreign tech workers, even as the Trump administration makes doing so more difficult. For a number of US companies that means expanding their operations in Canada, where hiring foreign nationals is much easier. From a report: Demand for international workers remained high this year, according to a new Envoy Global survey of more than 400 US hiring professionals, who represent big and small US companies and have all had experience hiring foreign employees. Some 80 percent of employers expect their foreign worker headcount to either increase or stay the same in 2019, according to Envoy, which helps US companies navigate immigration laws. That tracks with US government immigration data, which shows a growing number of applicants for high-skilled tech visas, known as H-1Bs, despite stricter policies toward immigration. H-1B recipients are all backed by US companies that say they are in need of specialized labor that isn't readily available in the US -- which, in practice, includes a lot of tech workers. Major US tech companies, including Google, Facebook, and Amazon, have all been advocating for quicker and more generous high-skilled immigration policies. To do so they've increased lobbying spending on immigration.Read Replies (0)