By BeauHD from Slashdot's potato-quality department
Customers who paid $99.99 to watch the Conor McGregor-Floyd Mayweather fight are suing Showtime due to the quality of their stream and buffering issues. From a report via Hollywood Reporter: Portland, Ore., boxing fan Zack Bartel paid to stream the fight in high-definition through the Showtime app but says all he saw was "grainy video, error screens, buffer events, and stalls." Bartel is suing Showtime for unlawful trade practices and unjust enrichment, alleging the network rushed its pay-per-view streaming service to the market without securing the bandwidth necessary to support the scores of cable-cutting fans. The complaint, which is largely composed of screenshots and tweets, is seeking for each member of the class actual damages or $200 in statutory damages, whichever is greater. The proposed class includes Oregon consumers who viewed Showtime's app advertisement on iTunes and paid $99.99 to stream the fight, but were unable to view the fight live on the app "in HD at 1080p resolution and at 60 frames per second, and who experienced ongoing grainy video, error screens, buffer events, and stalls instead." Showtime senior vp sports communications director, Chris DeBlasio, says: "We have received a very limited number of complaints and will issue a full refund for any customer who purchased the event directly from Showtime and were unable to receive the telecast." DeBlasio recommends users contact their cable or satellite provider if they experienced any issues.Read Replies (0)
By BeauHD from Slashdot's cease-and-desist department
An anonymous reader quotes a report from Krebs On Security: A half dozen technology and security companies -- some of them competitors -- issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle "WireX," an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks. Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more challenging to defend against and thus require broader industry cooperation to defeat. News of WireX's emergence first surfaced August 2, 2017, when a modest collection of hacked Android devices was first spotted conducting some fairly small online attacks. Less than two weeks later, however, the number of infected Android devices enslaved by WireX had ballooned to the tens of thousands. Experts tracking the attacks soon zeroed in on the malware that powers WireX: Approximately 300 different mobile apps scattered across Google's Play store that were mimicking seemingly innocuous programs, including video players, ringtones or simple tools such as file managers.
Experts involved in the takedown say it's not clear exactly how many Android devices may have been infected with WireX, in part because only a fraction of the overall infected systems were able to attack a target at any given time. Devices that were powered off would not attack, but those that were turned on with the device's screen locked could still carry on attacks in the background, they found. The identical press release that Akamai and other firms involved in the WireX takedown agreed to publish says the botnet infected a minimum of 70,000 Android systems, but Seaman says that figure is conservative.Read Replies (0)
By BeauHD from Slashdot's welcome-to-the-family department
An anonymous reader quotes a report from Ars Technica: President Donald Trump has selected Andrei Iancu, the managing partner of a major Los Angeles law firm, to be the next head of the U.S. Patent and Trademark Office. Iancu has been a partner at Irell & Manella since 2004 and was an associate at the firm for five years earlier. His most notable work in the tech sector is likely his representation of TiVo Corp. in its long-running patent battles with companies like EchoStar, Motorola, Microsoft, Verizon, and Cisco. TiVo ultimately succeeded in compelling those defendants to pay up for its pioneering DVR patents, and payments to TiVo ultimately totaled more than $1.6 billion, according to Iancu's biography page. Iancu also had a hand in Immersion Corp.'s $82 million jury verdict against Sony Computer Entertainment, in which a jury found that Immersion's patent claims on tactile feedback technology were valid and infringed. Those big wins aside, most of Iancu's work has been on the defense side. He's represented eBay in a case against Acacia Research Corp., a large, publicly traded non-practicing entity, and he worked for Hewlett-Packard when it defended against Xerox patent claims. He's also worked in the medical device area, enforcing patents for St. Jude Medical on vascular closure devices.Read Replies (0)
By msmash from Slashdot's privacy-woes department
An anonymous reader writes: A list of thousands of fully working Telnet credentials has been sitting online on Pastebin since June 11, credentials that can be used by botnet herders to increase the size of their DDoS cannons. The list includes an IP address, device username, and a password, and is mainly made up of default device credentials in the form of "admin:admin", "root:root", and other formats. There are 33,138 entries on the list, which recently became viral on Twitter after several high-profile security experts retweeted a link to it. During the past week, a security researcher has been working to find affected devices and notify owners or their ISPs. Following his work, only 2,174 devices still allow an attacker to log on via its Telnet port, and 1,775 of the published credentials still work. "There are devices on the list of which I never heard of," the researcher said, "and that makes the identification process much slower."Read Replies (0)
By msmash from Slashdot's unstoppable department
An anonymous reader shares a report: Nearly 3 million viewers are estimated to have watched the fight this weekend via online streams, according to Irdeto, a digital security firm. Though many of these were slick, traditional streaming websites, there was also a new surge in social streams. Between Periscope, Instagram live, Facebook live, YouTube, Twitch, and smaller platforms like Kodi, Irdeto identified 239 streams of the fight over the weekend. And with the option to have private, share-with-just-your-friends streams (like private Facebook Live feeds), it's likely there are many more streams of the fight that were running than Irdeto wasn't able to track. Social media livestreaming has exploded in recent years, creating a whole new avenue for illegal sharing. In 2015, when Mayweather squared off against Manny Pacquiao in another much-anticipated fight, Periscope was only two months' old. Facebook and Instagram's live feed functions were still a year away. Now, they're as ubiquitous as the platforms that host them. Plus, with every smartphone now equipped with a high definition camera, most homes connected to high-speed internet, and the ease of streamable services on already-familiar social media sites, it's no wonder there was such a torrent of pirated feeds.Read Replies (0)
By msmash from Slashdot's tech-to-rescue department
An anonymous reader shares a report: The early diners are dawdling, so your 7:30 p.m. reservation looks more like 8. While you wait, the last order of the duck you wanted passes by. Tonight, you'll be eating something else -- without a second bottle of wine, because you can't find your server in the busy dining room. This is not your favorite night out. The right data could have fixed it, according to the tech wizards who are determined to jolt the restaurant industry out of its current slump. Information culled and crunched from a wide array of sources can identify customers who like to linger, based on data about their dining histories, so the manager can anticipate your wait, buy you a drink and make the delay less painful. It can track the restaurant's duck sales by day, week and season, and flag you as a regular who likes duck. It can identify a server whose customers have spent a less-than-average amount on alcohol, to see if he needs to sharpen his second-round skills. So Big Data is staging an intervention. Both start-ups and established companies are scrambling to deliver up-to-the-minute data on sales, customers, staff performance or competitors by merging the information that restaurants already have with all sorts of data from outside sources: social media, tracking apps, reservation systems, review sites, even weather reports.Read Replies (0)
By msmash from Slashdot's privacy-woes department
An anonymous reader shares a report: Sarahah, a new app that lets people sign up to receive anonymized, candid messages, has been surging in popularity; somewhere north of 18 million people are estimated to have downloaded it from Apple and Google's online stores, making it the No. 3 most downloaded free software title for iPhones and iPads. Sarahah bills itself as a way to "receive honest feedback" from friends and employees. But the app is collecting more than just feedback messages. When launched for the first time, it immediately harvests and uploads all phone numbers and email addresses in your address book. Although Sarahah does in some cases ask for permission to access contacts, it does not disclose that it uploads such data, nor does it seem to make any functional use of the information. Zachary Julian, a senior security analyst at Bishop Fox, discovered Sarahah is uploading of private information when he installed the app on his Android phone, a Galaxy S5 running Android 5.1.1. The phone was outfitted with monitoring software, known as Burp Suite, which intercepts internet traffic entering and leaving the device, allowing the owner to see what data is sent to remote servers. When Julian launched Sarahah on the device, Burp Suite caught the app in the act of uploading his private data.Read Replies (0)
By msmash from Slashdot's technical-problems department
Thousands of ATMs and electronic card payment machines in Indonesia went offline over the weekend, and it might take two more weeks before full service is restored, after an outage from a satellite belonging to state-controlled telecom giant PT Telekomunikasi Indonesia (Telkom). From a report: Around 15,000 ground sites across Indonesia were affected by the problem on the 'Telkom-1' satellite, whose service is used by government agencies, banks, broadcasters and other corporations, Telkom's president director Alex Sinaga told reporters on Monday. A shift in the direction of the satelliteâ(TM)s antenna, which was first detected last Friday, had disrupted connectivity. Bank Central Asia (BCA), Indonesia's largest bank by market value, had around 5,700 of its ATMs affected by the outage, or 30 percent of the total operated by the bank, BCA chief executive Jahja Setiaatmadja told reporters. The Internet connection in some remote BCA branches were also affected, he said.Read Replies (0)
By msmash from Slashdot's next-up department
Kara Swisher, reporting for Recode: The board of Uber has voted and wants Expedia Dara Khosrowshahi to be its next CEO. But here is a shocking twist for those who have had to endure this awful, messy and convoluted process: He has not been officially offered the job as of 15 minutes ago, said sources. Still, most expect him to take it and he appears to be the one person dueling factions of the board can agree on. Unknown until now, Khosrowshahi was the third candidate -- after Hewlett Packard Enterprise CEO Meg Whitman and former General Electric CEO Jeff Immelt. Khosrowshahi is considered the "truce" choice for the board, which has been riven by ugly infighting between ousted CEO Travis Kalanick and one of its major investors, Benchmark. Benchmark had backed Whitman, while Kalanick had backed Immelt. Sources said that going into this morning, after Immelt withdrew his name from contention when it was clear he would not win the job, Whitman had the upper hand in the race for the job. But she also wanted a number of things -- including less involvement by ousted Uber CEO Travis Kalanick and more board control -- that became too problematic for the directors, said sources.Read Replies (0)
By EditorDavid from Slashdot's fraudulent-funding department
An anonymous reader quote BuzzFeed:
The vast majority of money raised to pay for the legal defense of beloved British cybersecurity researcher Marcus Hutchins was donated with stolen or fake credit card numbers, and all donations, including legitimate ones, will be returned, the manager of the defense fund says. Lawyer Tor Ekeland, who managed the fund, said at least $150,000 of the money collected came from fraudulent sources, and that the prevalence of fraudulent donations effectively voided the entire fundraiser. He said he'd been able to identify only about $4,900 in legitimate donations, but that he couldn't be certain even of those. "I don't want to take the risk, so I just refunded everything," he said.
Two days later, Hutchins posted the following on Twitter. "When sellouts are talking shit about the 'infosec community' remember that someone I'd never met flew to Vegas to pay $30K cash for my bail."
Hutchins is facing up to 40 years in prison, and at first was only allowed to leave his residence for four hours each week. Thursday a judge lifted some restrictions so that Hutchins is now allowed to travel to Milwaukee, where his employer is located. According to Bloomberg, government prosecutors complain Hutchins now "has too much freedom while awaiting trial and may skip the country."
Clickthrough for a list of the evidence government prosecutors submitted to the court this week.Read Replies (0)