By BeauHD from Slashdot's lost-and-found department
Researchers have discovered an advanced piece of Linux malware that has escaped detection bypasses antivirus products and appears to be actively used in targeted attacks. Ars Technica reports: HiddenWasp, as the malware has been dubbed, is a fully developed suite of malware that includes a trojan, rootkit, and initial deployment script, researchers at security firm Intezer reported on Wednesday. At the time Intezer's post went live, the VirusTotal malware service indicated Hidden Wasp wasn't detected by any of the 59 antivirus engines it tracks, although some have now begun to flag it. Time stamps in one of the 10 files Intezer analyzed indicated it was created last month. The command and control server that infected computers report to remained operational at the time this article was being prepared.
Some of the evidence analyzed -- including code showing that the computers it infects are already compromised by the same attackers -- indicated that HiddenWasp is likely a later stage of malware that gets served to targets of interest who have already been infected by an earlier stage. It's not clear how many computers have been infected or how any earlier related stages get installed. With the ability to download and execute code, upload files, and perform a variety of other commands, the purpose of the malware appears to be to remotely control the computers it infects. That's different from most Linux malware, which exists to perform denial of service attacks or mine cryptocurrencies. Some of the code appears to be borrowed from Mirai, while other code has similarities to other established projects or malware including the Azazel rootkit, the ChinaZ Elknot implant, and the recently discovered Linux variant of Winnti, a family of malware that previously had been seen targeting only Windows.Read Replies (0)
By BeauHD from Slashdot's sneaky-bastards department
An anonymous reader quotes a report from Fast Company: JPMorgan Chase is quietly re-introducing a heavy-handed legal maneuver. Today, its Slate credit card customers received an email that the bank was updating its account terms. In the message was a lot of legalese about certain tweaks, and it included one big addition: forced arbitration. According to Chase, the new agreement includes a new section entitled "Binding Arbitration." The section goes as follows: "This arbitration agreement provides that all disputes between you and Chase must be resolved by BINDING ARBITRATION whenever you or we choose to submit or refer a dispute to arbitration. By accepting this arbitration agreement you GIVE UP YOUR RIGHT TO GO TO COURT (except for matters that may be taken to a small claims court). Arbitration will proceed on an INDIVIDUAL BASIS, so class actions and similar proceedings will NOT be available to you."
Chase adds that people can opt out of this clause, but they must do so by August 7, 2019, by mailing the bank a letter via snail mail. This is a reversal for the financial establishment. In 2009, Chase dropped a binding arbitration agreement from its credit card terms of service. This was in direct response to a class action lawsuit levied against Chase, Capital One, Bank of America, Citigroup, Discover, and HSBC, which accused them of illegally conspiring to force cardholders to go to arbitration for disputes instead of the courts. Some 10 years later, Chase now wants to employ the sneaky tactic once again. This agreement means that its Slate cardholders are unable to go to court against the bank, except for small claims. Most importantly, it means that cardholders cannot come together and levy a class action suit against the bank.Read Replies (0)
By BeauHD from Slashdot's new-and-shiny department
Motorola's $500 Moto Z4 is finally official, bringing an updated design with a near-notchless 6.4-inch OLED display, headphone jack, and support for the company's Moto Mods. Other specs include a Qualcomm Snapdragon 675 processor, 4GB of RAM with 128GB of storage (expandable via microSD to 2TB) and Android 9.0 Pie, with Motorola promising an update to Q in the future. CNET reports: To improve photography Motorola has added what it calls "Quad Pixel technology," which uses pixel-binning to allow for 48-megapixel shots with the rear lens, following a trend of other recent higher-end midrange phones including OnePlus' 7 Pro. Around front is a 25-megapixel shooter which takes advantage of the same "Quad Pixel" tech. Motorola says both sensors should offer improved details and colors as well as better low-light performance. The company has even added its own rival to the Pixel 3's Night Sight called Night Vision.
In some brief hands-on time with the phone, the phone feels more premium than the rival cheaper Pixel 3a, which starts at $399. Videos looked sharp on the OLED display and the Night Vision did a solid job of enhancing images taken in a dark room. Whether the Z4 can rival the Pixel 3A's camera or if its cheaper price can top the value of $669 OnePlus 7 Pro's performance remains to be seen. An optical fingerprint sensor is built into the display, similar to the technology used on OnePlus' 6T and 7 Pro. As with the OnePlus phones, setup was seamless and unlocking was responsive during our brief use of the phone. Wireless charging isn't present nor is IP-rated water resistance (Motorola says the phone can withstand spills and rain). The phone will be available from Verizon on June 13, and will support the carrier's 5G network via the 5G Moto Mod (sold separately).Read Replies (0)
By BeauHD from Slashdot's rest-in-peace department
An anonymous reader quotes a report from The Verge: Microsoft has spent years pushing developers to create special apps for the company's Universal Windows Platform (UWP), and today, it's putting the final nail in the UWP coffin. Microsoft is finally allowing game developers to bring full native Win32 games to the Microsoft Store, meaning the many games that developers publish on popular stores like Steam don't have to be rebuilt for UWP.
This is a big shift for Microsoft's Windows app store, particularly because games are one of the most popular forms of apps that are downloaded from app stores. Previously, developers were forced to publish games for Windows 10 through the Universal Windows Platform, which simply doesn't have the same level of customization that game developers have come to expect from Windows over the years. The writing has been on the wall for UWP for months now. Microsoft recently revealed its effort to switch the company's Edge browser to Chromium and away from UWP to make it available on Windows 7, Windows 8, and macOS. Microsoft's Joe Belfiore admitted in an interview with The Verge earlier this month that UWP was a "headwind" for Edge. "It's not that UWP is bad, but UWP is not a 35-year-old mature platform that a ridiculously huge amount of apps have been written to," Belfiore said at the time. Microsoft even recently put its touch-friendly UWP versions of Office on hold, preferring to focus on the web, iOS, Android, and its desktop apps instead. Office was always the centerpiece for UWP and a good example of how to build a more demanding app on Microsoft's new platform. Microsoft is finally listening to app and game developers and not trying to force UWP on them anymore. "Ultimately, this is good news for both developers and Windows users," the report concludes. "We might now start to see more games in the Microsoft Store that work how PC gamers expect them to and hopefully more apps."Read Replies (0)
By msmash from Slashdot's whatever-it-takes department
An anonymous reader shares a report: Microsoft's original grand plan for Windows 10 was an operating system that was always up-to-date. Updates were intended to be mandatory, and while you could delay them a bit, you couldn't opt out of them entirely. And the software giant was committed to rolling out two major feature updates a year. Fast forward to now, and things are very different. You can delay, or avoid, most updates, including feature updates -- assuming you're even offered them in the first place.
AdDuplex monitors the state of adoption for the various Windows 10 versions, and its latest figures, for May, show the October 2018 Update (1809) is still only on 31.3 percent of systems (up from 29.3 percent in April), and the May 2019 Update (1903) is currently to be found on just 1.4 percent of devices.Read Replies (0)
By msmash from Slashdot's closer-look department
From a report: Recently, a musician signed to a major indie label told me they were owed up to $40,000 in song royalties they would never be able to collect. It wasn't that they had missed out on payments for a single song -- it was that they had missed out on payments for 70 songs, going back at least six years. The problem, they said, was metadata. In the music world, metadata most commonly refers to the song credits you see on services like Spotify or Apple Music, but it also includes all the underlying information tied to a released song or album, including titles, songwriter and producer names, the publisher(s), the record label, and more. That information needs to be synchronized across all kinds of industry databases to make sure that when you play a song, the right people are identified and paid. And often, they aren't.
Metadata sounds like one of the smallest, most boring things in music. But as it turns out, it's one of the most important, complex, and broken, leaving many musicians unable to get paid for their work. "Every second that goes by and it's not fixed, I'm dripping pennies," said the musician. Entering the correct information about a song sounds like it should be easy enough, but metadata problems have plagued the music industry for decades. Not only are there no standards for how music metadata is collected or displayed, there's no need to verify the accuracy of a song's metadata before it gets released, and there's no one place where music metadata is stored. Instead, fractions of that data is kept in hundreds of different places across the world. As a result, the problem is way bigger than a name being misspelled when you click a song's credits on Spotify. Missing, bad, or inconsistent song metadata is a crisis that has left, by some estimations, billions on the table that never gets paid to the artists who earned that money.Read Replies (0)
By msmash from Slashdot's end-of-road department
Four years after 3D Touch debuted on the iPhone 6s, the pressure-sensitive feature appears to be on the chopping block. From a report: Last week, in a research note shared with MacRumors, a team of Barclays analysts "confirmed" that 3D Touch "will be eliminated" in all 2019 iPhones, as they predicted back in August 2018. The analysts gathered this information from Apple suppliers following a trip to Asia earlier this month. This isn't the first time we've heard this rumor. The Wall Street Journal said the same thing back in January. Apple already replaced 3D Touch with Haptic Touch on the iPhone XR in order to achieve a nearly edge-to-edge LCD on the device, and it is likely the feature will be expanded to all 2019 iPhones. Haptic Touch is simply a marketing name for a long press combined with haptic feedback from the Taptic Engine. Apple commentator John Gruber adds: 3D Touch is a great idea but Apple never rolled it out well, and it was never discoverable. I wouldn't be surprised if most people with 3D Touch-enabled iPhones have no idea it exists. In and of itself, the lack of discoverability isn't necessarily a problem. That's how power user features often work. Right-clicking on the Mac, for example, is in the same boat. What 3D Touch never got right is that power-user shortcuts should be just thatâ-- shortcuts for tasks with more obvious ways to do them. Now imagine if right-clicking only worked on certain high-end Macs, but didn't work on others. That's what happened with 3D Touch.
I think it should have always been a shortcut for a long-press, pure and simple. Just a faster way to long-press. But because 3D Touch is not just a shortcut for a long-press, but is not available on any iPad nor many iPhones, developers could never count on it, so they never really did anything with it. It doesn't get used much because there's not much you can do with it.Read Replies (0)
By msmash from Slashdot's closer-look department
An anonymous reader shares a report: Princeton University and the US's largest public pension plan are among a number of stateside organizations funding technology behind the Chinese government's unprecedented surveillance of some 11 million people of Muslim ethnic minorities. Since 2017, Chinese authorities have detained more than a million Uighur Muslims and other ethnic minorities in political reeducation camps in the country's northwest region of Xinjiang, identifying them, in part, with facial recognition software created by two companies: SenseTime, based in Hong Kong, and Beijing's Megvii. A BuzzFeed News investigation has found that US universities, private foundations, and retirement funds entrusted their money to investors that, in turn, plowed hundreds of millions of dollars into these two startups over the last three years. Using that capital, SenseTime and Megvii have grown into billion-dollar industry leaders, partnering with government agencies and other private companies to develop tools for the Communist Party's social control of its citizens.
Also among the diverse group of institutions helping to finance China's surveillance state: the Alaska Retirement Management Board, the Massachusetts Institute of Technology, and the Rockefeller Foundation all of which are "limited partners" in private equity funds that invested in SenseTime or Megvii. And even as congressional leaders, such as Sen. Marco Rubio of Florida, have championed a bill to condemn human rights abuses in Xinjiang, their own states' public employee pension funds are invested in companies building out the Chinese government's system for tracking Uighurs.Read Replies (0)
By msmash from Slashdot's closer-look department
From a report: A replica of the Palace of Versailles, medieval turrets, and spires rise across Huawei's new campus in southern China, a monument to the telecom giant's growing fortune -- and the benefits of state aid. The fairytale-like facilities rest on land that was sold by the local government at cut-rate prices to woo and bolster a strategic, high-tech company like Huawei. It is the kind of government largesse that has fanned US frustrations at China's industrial policies -- subsidies are a sticking point in protracted trade talks between the world's top two economies.
Huawei has become a major flashpoint in the trade war, with President Donald Trump taking steps to block the company's dealings with US companies, threatening its global ambitions. With the dispute shining a spotlight on China's technological shortcomings, the subsidies are a window into the kind of measures Beijing may step up as trade negotiations founder. Huawei's annual reports and public records show that it has received hundreds of millions of dollars in grants, heavily subsidised land to build facilities and apartments for loyal employees, bonuses to top engineers, and massive state loans to international customers to fund purchases of Huawei products. [...] Over the past 10 years, Huawei has received 11 billion yuan ($1.6 billion) in grants, according to its annual reports.Read Replies (0)
By BeauHD from Slashdot's always-listening department
schwit1 shares a report from ScienceAlert: A newly revealed patent application filed by Amazon is raising privacy concerns over an envisaged upgrade to the company's smart speaker systems. This change would mean that, by default, the devices end up listening to and recording everything you say in their presence. Rather than only record what is said after the wakeword is spoken, the system described in the patent application would effectively continuously record all speech, then look for instances of commands issued by a person.
In the patent application, the authors explain that your Echo device would only ever record between 10-30 seconds of audio at a time, before wiping it from the local memory buffer, and recording a new 10-30 seconds of audio over it (again and again). In each of these 10-30 second recordings, the device would continuously scan looking for commands involving the wakeword, and if it didn't find any, they'd get deleted forever -- in theory, at least. But because of the potential privacy implications of having a device that records you all the time, it's understandable that some people might not be thrilled about what this patent application represents, especially since Amazon has a mixed track record with Alexa recording things it wasn't ever supposed to.Read Replies (0)
By BeauHD from Slashdot's transformation-of-daily-life department
"The astronomical growth of food delivery apps in China is flooding the country with takeout containers, utensils and bags," writes Raymond Zhong and Carolyn Zhang for The New York Times. "And the country's patchy recycling system isn't keeping up. The vast majority of this plastic ends up discarded, buried or burned with the rest of the trash, researchers and recyclers say." From the report: Scientists estimate that the online takeout business in China was responsible for 1.6 million tons of packaging waste in 2017, a ninefold jump from two years before. That includes 1.2 million tons of plastic containers, 175,000 tons of disposable chopsticks, 164,000 tons of plastic bags and 44,000 tons of plastic spoons. Put together, it is more than the amount of residential and commercial trash of all kinds disposed of each year by the city of Philadelphia. The total for 2018 grew to an estimated two million tons.
Recyclers manage to return some of China's plastic trash into usable form to feed the nation's factories. The country recycles around a quarter of its plastic, government statistics show, compared with less than 10 percent in the United States. But in China, takeout boxes do not end up recycled, by and large. They must be washed first. They weigh so little that scavengers must gather a huge number to amass enough to sell to recyclers. "Half a day's work for just a few pennies. It isn't worth it," said Ren Yong, 40, a garbage collector at a downtown Shanghai office building. He said he threw takeout containers out. Many people in urban China are using the delivery apps because "delivery is so cheap, and the apps offer such generous discounts, that it is now possible to believe that ordering a single cup of coffee for delivery is a sane, reasonable thing to do," the report adds.Read Replies (0)