By msmash from Slashdot's closer-look department
The federal and local governments have long relied on private companies for defense and law enforcement technologies, from Lockheed Martin jetfighters to Booz Allen Hamilton data analysis. But increasingly, the government is expanding beyond the usual defense contractors to the company that also provides free shipping and online TV. From a report: "The ... thing that was shocking for me was to understand just how the federal authorizations are allowing Amazon to have such a monopoly over the storage of government information," says Jacinta Gonzalez, field organizer for immigrant advocacy group Mijente. Along with the National Immigration Project and the Immigrant Defense Project, Mijente funded a new report entitled, "Who's Behind ICE?: The Tech and Data Companies Fueling Deportations." Its findings are based on documents such as contracts, memoranda, and corporate financial reports --which are publicly available but take a lot of digging to decipher. While Amazon plays the leading role, the report also details the involvement of companies including Peter Thiel's Palantir, NEC, and Thomson Reuters in storing, transferring, and analyzing data on both undocumented residents and U.S. citizens. The U.S. government is moving its databases from federal facilities to cloud providers, especially Amazon Web Services (AWS), raising concerns about accountability.Read Replies (0)
By BeauHD from Slashdot's behind-the-scenes department
U.S. researchers from FireEye have linked a Russian research lab to a cyberattack on a Saudi petrochemical plant. The malware strain called Triton -- or Trisis -- "was designed to either shut down a production process or allow SIS-controlled machinery to work in an unsafe state," reports ZDNet, citing technical reports from FireEye, Dragos, and Symantec. From the report: The group behind the malware, which FireEye has been tracking under the codename of TEMP.Veles, nearly succeeded last year, when it almost caused an explosion at a Saudi petrochemical plant owned by Tasnee, a privately owned Saudi company, according to a New York Times report. The malware's origins were a mystery when FireEye first discovered Triton in 2017 and remained a mystery even after the New York Times report in March 2018.
But in a report published today, FireEye says that following further research into incidents where the Triton malware was deployed, it can now assess with "high confidence" that the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), a government-owned technical research institution located in Moscow, was involved in these attacks. FireEye's report does not link the Triton malware itself to CNIIHM, but the secondary malware strains used by TEMP.Veles and deployed during the incidents where Triton was deployed. Clues in these secondary malware strains used to aid the deployment of the main Triton payloads contained enough artifacts that allowed researchers to identify their source.Read Replies (0)
By BeauHD from Slashdot's out-in-the-open department
Security researchers at UpGuard discovered that a Washington-based ISP called Pocket iNet left 73 gigabytes of essential operational data publicly exposed in a misconfigured Amazon S3 storage bucket for months. "Said bucket, named 'pinapp2,' contained the 'keys to the kingdom,' according to the security firm, including internal network diagramming, network hardware configuration photos, details and inventory lists -- as well as lists of plain text passwords and AWS secret keys for Pocket iNet employees," reports Motherboard. From the report: Upguard says the firm contacted Pocket iNet on October 11 of this year, the same day the exposed bucket was discovered, but the ISP took an additional week before the data was adequately secured. "Seven days passed before Pocket iNet finally secured the exposure," noted the firm. "Due to the severity of this exposure, UpGuard expended significant effort during those seven days, repeatedly contacting Pocket iNet and relevant regulators, including using contact information found within the exposed dataset."
According to UpGuard, the list of plain text passwords was particularly problematic, given it provided root admin access to the ISP's firewalls, core routers and switches, servers, and wireless access points. "Documents containing long lists of administrative passwords may be convenient for operations, but they create single points of total risk, where the compromise of one document can have severe and extensive effects throughout the entire business," noted UpGuard. "If such documents must exist, they should be strongly encrypted and stored in a known secure location," said the firm. "Unfortunately, a single folder of PocketiNet's network operation historical data (non-customer) was publicly accessible to Amazon administrative users," the ISP said in a statement to Motherboard. "It has since been secured."Read Replies (0)
By BeauHD from Slashdot's DRM-for-chargers department
An anonymous reader quotes a report from Ars Technica: Google's Pixel 3 smartphone is shipping out to the masses, and people hoping to take advantage of the new Qi wireless charging capabilities have run into a big surprise. For some unexplained reason, Google is locking out third-party Qi chargers from reaching the highest charging speeds on the Pixel 3. Third-party chargers are capped to a pokey 5W charging speed. If you want 10 watts of wireless charging, Google hopes you will invest in its outrageously priced Pixel Stand, which is $79.
Android Police reports that a reader purchased an Anker wireless charger for their Pixel 3, and, after noticing the slow charging speed, this person contacted the company. Anker confirmed that something screwy was going on with Google's charging support, saying "Pixel sets a limitation for third-party charging accessories and we are afraid that even our fast wireless charger can only provide 5W for these 2x devices." Normally we would chalk this up to some kind of bug, but apparently Google told Android Police that this was on purpose. The site doesn't have a direct quote, but it writes that, after reaching out to Google PR, it was "told that the Pixel 3 would charge at 10W on the Pixel Stand [and that] due to a 'secure handshake' being established that third-party chargers would indeed be limited to 5W." In an update, Google said the reason has to do with the "proprietary wireless charging technology" it has via its Pixel Stand and other select wireless chargers. The Pixel 3 only supports 5W Qi charging; "Google's 10W proprietary wireless charging technology" is what will allow the phone to charge at faster speeds.
< article continued at Slashdot's DRM-for-chargers department
>Read Replies (0)
By BeauHD from Slashdot's tightly-regulated department
An anonymous reader quotes a report from TechCrunch: A few weeks after Circle announced the launch of USD Coin (or USDC for short), Coinbase also announced that customers can now buy, sell, send and receive USDC on Coinbase. A USDC is a token that is worth exactly 1 USD. Its value is going to stay stable against USD -- hence the name stablecoin for this type of coins. Unlike traditional cryptocurrencies, you can be sure that the value of your USDC wallet isn't going to fluctuate like crazy. It opens up new possibilities and use cases.
While Coinbase lets you hold USD in your Coinbase account, this isn't safe. If somebody hacks into your account, you could end up with an empty wallet. That's why you should always try to control the keys of your wallet and transfer your coins to a safer wallet, such as a Ledger wallet or at least a software solution like MyEtherWallet. But if you want to short cryptocurrencies without sending your USD back to your bank account, you can now convert your tokens to USDC. This way, it'll be easier to buy cryptocurrencies again in the future. And maybe you can avoid paying taxes by hiding your tokens from taxation authorities USDC is an ERC-20 token that leverages the Ethereum blockchain and ecosystem. In an effort to regulate USDC, Circle, Coinbase and others have created the CENTRE consortium to define the policies around stablecoins. "For instance, if you want to handle stablecoins on your exchange, you need to send regular audited reports that prove that you have as many USD sitting on a bank account as issued tokens," reports TechCrunch.Read Replies (0)
By msmash from Slashdot's call-it department
Several iCloud services are experiencing problems this afternoon, users reported. While Apple PR has not issued a statement yet, the status page of Apple services reflect the issues, too. Citing people and the status page, news outlet MacRumors reports that Cloud Drive, iCloudMail, iCloud Keychain, iCloud Contacts, iCloud Calendar, Mail Drop, Find My iPhone, and more services are performing "slower than normal" for some users.Read Replies (0)
By msmash from Slashdot's shape-of-things-to-come department
The Defense Advanced Research Projects Agency (DARPA), a division of the U.S. Department of Defense responsible for the development of emerging technologies, is one of the birthplaces of machine learning, a kind of artificial intelligence (AI) that mimics the behavior of neurons in the brain. Dr. Brian Pierce, director of DARPA's Innovation Office, spoke about the agency's recent efforts at a VentureBeat summit. From the report: One area of study is so-called "common sense" AI -- AI that can draw on environmental cues and an understanding of the world to reason like a human. Concretely, DARPA's Machine Common Sense Program seeks to design computational models that mimic core domains of cognition: objects (intuitive physics), places (spatial navigation), and agents (intentional actors). "You could develop a classifier that could identify a number of objects in an image, but if you ask a question, you're not going to get an answer," Pierce said. "We'd like to get away from having an enormous amount of data to train neural networks [and] get away with using fewer labels [to] train models." The agency's also pursuing explainable AI (XAI), a field which aims to develop next-generation machine learning techniques that explain a given system's rationale. "[It] helps you to understand the bounds of the system, which can better inform the human user," Pierce said.Read Replies (0)
By msmash from Slashdot's unprecedented-reach department
A peer-reviewed study [PDF] of almost one million Android apps has revealed how data from smartphones are harvested and shared, with nearly 90 percent of apps set up to transfer information back to Google. From a report: Researchers at Oxford university analysed approximately a third of the apps available in Google's Play Store in 2017 and found that the median app could transfer data to 10 third parties, with one in five apps able to share data with more than 20. This year has seen unprecedented scrutiny over how websites use the data they collect from their users, but little attention has so far been paid to the sprawling and fast-growing world of smartphone apps. Reuben Binns, the computer scientist who led the project, said that because most apps have now moved to a "freemium" model, where they make revenues from advertising rather than sales, data sharing has spiralled out of control. Users, regulators and sometimes even the app developers and advertisers are unaware of the extent to which data flow from smartphones to digital advertising groups, data brokers and intermediaries that buy, sell and blend information, he said. "This industry was growing already on the webâ...âwhen smartphones came along, that was a new opportunity," he said. "It feels like this legitimate business model has gone completely out of control and created a kind of chaotic industry that is not understood by the people who are most affected by it."Read Replies (0)
By msmash from Slashdot's various-perspectives department
Like many people, Alex Stamos, former Facebook chief security officer, thinks tech platforms like Facebook and Google have too much power. But he doesn't agree with the calls to break them up. And he argues that the very people who say Facebook and Google are too powerful are giving them more power by insisting they do more to control hate speech and propaganda. From a report: "That's a dangerous path," he warns. If democratic countries make tech firms impose limits on free speech, so will autocratic ones. Before long, the technology will enable "machine-speed, real-time moderation of everything we say online." In attempting to rein in Big Tech, we risk creating Big Brother. So what's the solution? I spoke to Stamos at his Stanford office to find out. Technology Review: So is the disinformation/propaganda problem mostly solved? Stamos: In a free society, you will never eliminate that problem. I think the most important thing [in the US] is the advertising transparency. With or without any foreign interference, the parties, the campaigns, the PACs [political action committees] here in the US are divvying up the electorate into tiny little buckets, and that is a bad thing. Transparency is a good start. The next step we need is federal legislation to put a limit on ad targeting. There are thousands of companies in the internet advertising ecosystem. Facebook, Google, and Twitter are the only ones that have done anything, because they have gotten the most press coverage and the most pressure from politicians. So without legislation we're just going to push all of the attackers into the long tail of advertising, to companies that don't have dedicated teams looking for Russian disinformation groups. Technology Review: Facebook has been criticized over Russian political interference both in the US and in other countries, the genocide in Myanmar, and a lot of other things. Do you feel Facebook has fully grasped the extent of its influence and its responsibility? Stamos: I think the company certainly understands its impact. The hard part is solving it. Ninety percent of Facebook users live outside the United States. Well over half live in either non-free countries or democracies without protection for speech. One of the problems is coming up with solutions in these countries that don't immediately go to a very dark place [i.e., censorship]. Another is figuring out what issues to put engineering resources behind. No matter how big a company is, there are only a certain number of problems you [can tackle]. One of the problems that companies have had is that they're in a firefighting mode where they jump from emergency to emergency. So as they staff up that gets better, but we also need a more informed external discussion about the things we want the companies to focus on -- what are the problems that absolutely have to be solved, and what aren't. You mentioned a bunch of a problems that are actually very different, but people blur them all together. Technology Review: How do you regulate in a world in which tech is advancing so fast while regulation moves so slowly? How should a society set sensible limits on what tech companies do? Stamos: But right now, society is not asking for limits on what they do. It's asking that tech companies do more. And I think that's a dangerous path. In all of the problems you mentioned -- Russian disinformation, Myanmar -- what you're telling these companies is, "We want you to have more power to control what other people say and do." That's very dangerous, especially with the rise of machine learning. Five or ten years from now, there could be machine-learning systems that understand human languages as well as humans. We could end up with machine-speed, real-time moderation of everything we say online. So the powers we grant the tech companies right now are the powers those machines are going to have in five years.Read Replies (0)
By msmash from Slashdot's catch-me-if-you-can department
A new investigation uncovers a sophisticated ad fraud scheme involving more than 125 Android apps and websites, some of which were targeted at kids. From a report: Last April, Steven Schoen received an email from someone named Natalie Andrea who said she worked for a company called We Purchase Apps. She wanted to buy his Android app, Emoji Switcher. But right away, something seemed off. "I did a little bit of digging because I was a little sketched out because I couldn't really find even that the company existed," Schoen told BuzzFeed News. The We Purchase Apps website listed a location in New York, but the address appeared to be a residence. "And their phone number was British. It was just all over the place," Schoen said. It was all a bit weird, but nothing indicated he was about to see his app end up in the hands of an organization responsible for potentially hundreds of millions of dollars in ad fraud, and which has funneled money to a cabal of shell companies and people scattered across Israel, Serbia, Germany, Bulgaria, Malta, and elsewhere. Schoen had a Skype call with Andrea and her colleague, who said his name was Zac Ezra, but whose full name is Tzachi Ezrati. They agreed on a price and to pay Schoen up front in bitcoin. "I would say it was more than I had expected," Schoen said of the price. That helped convince him to sell. A similar scenario played out for five other app developers who told BuzzFeed News they sold their apps to We Purchase Apps or directly to Ezrati. (Ezrati told BuzzFeed News he was only hired to buy apps and had no idea what happened to them after they were acquired.) The Google Play store pages for these apps were soon changed to list four different companies as their developers, with addresses in Bulgaria, Cyprus, and Russia, giving the appearance that the apps now had different owners. But an investigation by BuzzFeed News reveals that these seemingly separate apps and companies are today part of a massive, sophisticated digital advertising fraud scheme involving more than 125 Android apps and websites connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere. More than a dozen of the affected apps are targeted at kids or teens, and a person involved in the scheme estimates it has stolen hundreds of millions of dollars from brands whose ads were shown to bots instead of actual humans. (A full list of the apps, the websites, and their associated companies connected to the scheme can be found in this spreadsheet.) One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app's human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News' request. This means a significant portion of the millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application. By copying actual user behavior in the apps, the fraudsters were able to generate fake traffic that bypassed major fraud detection systems. Response from Google.Read Replies (0)
By msmash from Slashdot's closer-look department
An anonymous reader shares a report: As the gig economy grows, the ratio of contract workers to regular employees in corporate America is shifting. Google, Facebook, Amazon, Uber and other Silicon Valley tech titans now employ thousands of contract workers to do a host of functions -- anything from sales and writing code to managing teams and testing products. This year at Google, contract workers outnumbered direct employees for the first time in the company's 20-year history. It's not only in Silicon Valley. The trend is on the rise as public companies look for ways to trim HR costs or hire in-demand skills in a tight labor market. The U.S. jobless rate dropped to 3.7 percent in September, the lowest since 1969, down from 3.9 percent in August, according to the Bureau of Labor Statistics. Some 57.3 million Americans, or 36 percent of the workforce, are now freelancing, according to a 2017 report by Upwork. In San Mateo and Santa Clara counties alone, there are an estimated 39,000 workers who are contracted to tech companies, according to one estimate by University of California Santa Cruz researchers. Spokespersons at Facebook and Alphabet declined to disclose the number of contract workers they employ. A spokesperson at Alphabet cited two main reasons for hiring contract or temporary workers. One reason is when the company doesn't have or want to build out expertise in a particular area such as doctors, food service, customer support or shuttle bus drivers. Another reason is a need for temporary workers when there is a sudden spike in workload or to cover for an employee who is on leave.Read Replies (0)
By msmash from Slashdot's how-about-that department
As Apple continues to fight independent repair, Motorola has partnered with iFixit and pledged to support the right to repair movement. From a report: It is excellent news that Motorola has decided to make it as easy as possible for you to repair your phone. The company announced that it would begin selling replacement parts for all of its recent phones to customers, and it has partnered with iFixit to sell repair kits for phones like the Moto X, Z, G4, G5, and Droid Turbo 2. The kits come with tools, genuine Motorola-branded replacement parts, and instructions on how to fix your device. iFixit is currently selling replacement batteries, screens, and digitizer assemblies. "Motorola is setting an example for major manufacturers to embrace a more open attitude towards repair," iFixit wrote in a blog post announcing the partnership. "For fixers like us, this partnership is representative of a broader movement in support of our Right to Repair. It's proof that OEM manufacturers and independent repair can co-exist. Big business and social responsibility, and innovation and sustainability, don't need to be mutually exclusive."Read Replies (0)
By msmash from Slashdot's for-further-communications department
AmiMoJo writes: Richard Stallman has announced the GNU Kind Communication Guidelines, an effort "to start guiding people towards kinder communication." The Guidelines differ from a Code of Conduct in that it's trying to be proactive about kindness around free software development over being rules with possible actions when breaking them. These new GNU communication guidelines can be found at GNU.org along with Stallman's commentary. From the guidelines: A code of conduct states rules, with punishments for anyone that violates them. It is the heavy-handed way of teaching people to behave differently, and since it only comes into action when people do something against the rules, it doesn't try to teach people to do better than what the rules require. To be sure, the appointed maintainer(s) of a GNU package can, if necessary, tell a contributor to go away; but we do not want to need to have recourse to that. The idea of the GNU Kind Communication Guidelines is to start guiding
people towards kinder communication at a point well before one would even think of saying, "You are breaking the rules." The way we do this, rather than ordering people to be kind or else, is try to help people learn to make their communication more kind. I hope that kind communication guidelines will provide a kinder and less strict way of leading a project's discussions to be calmer, more welcoming to all participants of good will, and more effective.Read Replies (0)
By msmash from Slashdot's marching-forward department
Mozilla today launched Firefox 63 for Windows, Mac, Linux, and Android. The release brings Enhanced Tracking Protection, performance improvements on Windows and macOS, search shortcuts, and Picture-In-Picture on Android. From a report: Firefox 63 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. According to Mozilla, Firefox has about 300 million active users. In other words, it's a major platform that web developers must consider. Firefox 63 for desktop brings support for Enhanced Tracking Protection. [...] Firefox 63's Enhanced Tracking Protection blocks cookies and storage access from third-party trackers, which Mozilla says targets the problem of cross-site tracking without breaking sites and impacting revenue streams like the original Tracking Protection. It does this by preventing known trackers from setting third-party cookies -- the primary method of tracking across sites -- but still gives you the option to block all known trackers (under Firefox Options/Preferences). [...] Search shortcuts essentially pins sites like Google and Amazon on the new tab page. When you click or tap them, you're redirected to Firefox's awesome bar, which automatically fills the corresponding keyword (@google or @amazon in this case) for the search engine. This way, you can type your query, hit enter, and get your search results without having to first load the Google or Amazon homepage. [...] The only major new feature for this Firefox for Android release is a picture-in-picture mode (Android Oreo and up). This means that if you're watching a video in full-screen, when you switch away from Firefox it will move the video into a small floating window, which you can tap to return to the full video player.Read Replies (0)
By BeauHD from Slashdot's tours-of-duty department
"According to CNET, TechCrunch and others, the Trump administration reportedly wants tech giants to make it easy for workers to take leaves of absence to help the government modernize," writes Slashdot reader kimanaw. From a report: White House officials on Monday planned to meet with tech giants including Google, Microsoft, Amazon and IBM, to discuss ways to make it easier for employees to take leaves of absence to help with government projects, according to The Washington Post. The administration reportedly hopes tech industry workers will be able to help modernize state and federal agencies and tackle challenges such as upgrading the veterans' health care system. Attracting tech talent may prove difficult for the Trump administration, which hasn't always seen eye to eye with Silicon Valley on issues such as the president's ban on travel from predominantly Muslim countries. However, White House officials believe tech workers are willing to "put politics aside." "This event on Monday is not just about our efforts, it's about our successor, and their successor after that," said one unnamed official, according to the Post. The White House didn't respond to a request for comment.Read Replies (0)