By msmash from
Slashdot's giving-back department:
Facebook wants to be a better corporate citizen, which is perhaps why on Friday it announced a partnership with local community organizations near its headquarters in which it will initially commit $20 million towards making affordable housing, job training, and legal services available to more people in the area. From a report on Fortune: A few groups have signed up to participate, including Youth United for Community Action, Faith in Action Bay Area, Community Legal Services in East Palo Alto, Comite de Vecinos del Lado Oeste -- East Palo Alto, along with the local governments of East Palo Alto and Menlo Park. Here's how that first round of funding will be spread out: This new coalition will allocate $18.5 million into a fund called the Catalyst Housing Fund. The goal is to find ways to accelerate and grow the production of affordable housing in the community. Additionally, $250,000 will be given to Rebuilding Together Peninsula which seeks to assist low-income residents with the upkeep of their homes. $625,000 has been assigned to promote science, technology, engineering, and mathematics in schools, something Silicon Valley has been actively encouraging for years.
Read Replies (0)
By msmash from
Slashdot's shape-of-things department:
New research from Carnegie Mellon University shows that online piracy is not the only worry for TV distributors. Based on Downton Abbey streaming and sales data provided by PBS, as reported by TorrentFreak, the researchers find that free legal streams can significantly reduce download sales. However, that doesn't necessarily mean that free streaming options should be banned. From the report: The researchers were able to estimate the impact in a natural experiment, since PBS was required to pull the free streams for all episodes at the same time. This means that some were streamable for more than a month, while others only for a week, or two. In addition, they had sales data for several seasons, allowing them to make an alternative comparison between years, where the streaming windows varied. In both cases, they show that free streaming cannibalizes download sales. "Our analysis in our primary specification indicates that availability in the free streaming window reduces EST sales by 8.4%. Using an alternative specification we find that free availability reduces EST sales by 9.9%," they write. The negative effect is not unexpected. However, it doesn't mean that it is wrong to offer free streaming in the long run, as there are several positive side-effects. That's where the puzzle starts to get complicated.
Read Replies (0)
By msmash from
Slashdot's taking-a-stand department:
Canonical isn't pleased with cloud providers who are publishing broken, insecure images of Ubuntu despite being notified several times. In a blogpost, Mark Shuttleworth, the founder of Ubuntu, and the Executive Chairman and VP, Product Strategy at Canonical, made the situation public for all to see. An excerpt from the blog post: We are currently in dispute with a European cloud provider which has breached its contract and is publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly. The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways (the internet is full of fun examples). We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that. We have spent many months of back and forth in which we unsuccessfully tried to establish the same operational framework on this cloud that already exists on tens of clouds around the world. We have on multiple occasions been promised it will be rectified to no avail. We are now ready to take legal steps to remove these images. We will seek to avoid affecting existing running users, but we must act to prevent future users from being misled. We do not make this move lightly, but have come to the view that the value of Ubuntu to its users rests on these commitments to security, quality and updates.
Read Replies (0)
By msmash from
Slashdot's outage-report department:
More than 100,000 people in the UK have had their internet access cut after a string of service providers were hit by what is believed to be a coordinated cyber-attack, taking the number affected in Europe up to about a million. From a report on The Guardian, shared by reader JoshTops: TalkTalk, one of Britain's biggest service providers, the Post Office and the Hull-based KCom were all affected by the malware known as the Mirai worm, which is spread via compromised computers. The Post Office said 100,000 customers had experienced problems since the attack began on Sunday and KCom put its figure at about 10,000 customers since Saturday. Earlier this week, Germany's Deutsche Telekom said up to 900,000 of its customers had lost their internet connection as part of the same incident.
Read Replies (0)
By msmash from
Slashdot's new-discoveries department:
Scientists have updated the periodic table to add four new elements, namely: Nihonium, Moscovium, Tennessine and Oganesson. The super-heavy elements discovered by scientists from Japan, Russia, and America, complete the seventh row of the table. Their inclusion also marks the first additions since 2011. From an article on University Herald: Now that the new elements have their names, the seventh row of the periodic table is now complete. The approval was done by the International Union of Pure and Applied Chemistry (IUPAC). The elements were confirmed back in January. They were assigned temporary names and symbols: ununtrium (Uut), ununpentium (Uup), ununseptium (Uus), and ununoctium (Uuo). It was noted that the teams of Russian, American and Japanese researchers behind the discoveries were given the task of naming the elements that they uncovered. They submitted their proposals in June.
Read Replies (0)
By BeauHD from
Slashdot's man-in-the-middle department:
AirDroid is a popular Android application that allows users to send and receive text messages and transfer files and see notifications from their computer. Zimperium, a mobile security company, recently released details of several major security vulnerabilities in the application, allowing attackers on the same network to access user information and execute code on a user's device. Since there are between 10 and 50 million installations of the app, many users may be imperiled by AirDroid. Android Police reports: The security issues are mainly due to AirDroid using the same HTTP request to authorize the device and send usage statistics. The request is encrypted, but uses a hardcoded key in the AirDroid application (so essentially, everyone using AirDroid has the same key). Attackers on the same network an intercept the authentication request (commonly known as a Man-in-the-middle attack) using the key extracted from any AirDroid APK to retrieve private account information. This includes the email address and password associated with the AirDroid account. Attackers using a transparent proxy can intercept the network request AirDroid sends to check for add-on updates, and inject any APK they want. AirDroid would then notify the user of an add-on update, then download the malicious APK and ask the user to accept the installation. Zimperium notified AirDroid of these security flaws on May 24, and a few days later, AirDroid acknowledged the problem. Zimperium continued to follow up until AirDroid informed them of the upcoming 4.0 release, which was made available last month. Zimperium later discovered that version 4.0 still had all these same issues, and finally went public with the security vulnerabilities today.
Read Replies (0)
By BeauHD from
Slashdot's things-oppressive-regimes-do department:
An anonymous reader quotes a report from Quartz: A new study from The Citizen Lab, a research group at the University of Toronto, reveals that censorship on WeChat occurs primarily in group chats rather than one-on-one chats between two people, and often in such a way where the sender of a text isn't even aware a piece of text has been scrubbed. The discoveries illuminates how China's government attempts to keep its citizens blind to the scope of its censorship regime. The researchers set out find the extent to which certain keywords got scrubbed from conversations between two or more users in WeChat. To do this, in June 2016 the team posed as a Chinese WeChat user and sent out 26,821 keywords containing terms that had been censored on other apps, including Tom-Skype (a made-for-China version of Skype) and YY (a live broadcast app). A corresponding Canadian user in the two-way chat would then report back to say whether or not the message had been received. The report states that out of the entire sample, only one term -- Falun Gong -- had been scrubbed. When they ran an identical test in August, even that text mysteriously passed without censorship. Yet when they tested group chats, they found multiple cases in which certain keywords triggered a removal. Specifically, while sensitive terms used in isolation were unlikely to trigger censorship (say "June 4th," a reference to the Tiananmen Square protests, brutally put down on June 4, 1989), it took effect when they were used in a full sentence or with other keywords. The researchers also discovered that when WeChat censored a message, the sender received no notice informing him that his text had not reached the intended recipient. The study also notes that "WeChat only censors content for users who bind their account to a mainland Chinese phone number when they first register to use the app." The censorship is still applied even if Chinese residents move to different countries or change phone numbers.
Read Replies (0)
By BeauHD from
Slashdot's largest-ever department:
plover writes: Investigators from the U.S. Department of Justice, the FBI, Eurojust, Europol, and other global partners announced the takedown of a massive botnet named "Avalanche," estimated to have involved as many as 500,000 infected computers worldwide on a daily basis. A Europol release says: "The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, five individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. In addition, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800,000 domains seized, sinkholed or blocked." Sean Gallagher writes via Ars Technica: "The domains seized have been 'sinkholed' to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world. The Justice Department's Office for the Western Federal District of Pennsylvania and the FBI's Pittsburgh office led the U.S. portion of the takedown. 'The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network,' the FBI and DOJ said in their joint statement. In 2010, an Anti-Phishing Working Group report called out Avalanche as 'the world's most prolific phishing gang,' noting that the Avalanche botnet was responsible for two-thirds of all phishing attacks recorded in the second half of 2009 (84,250 out of 126,697). 'During that time, it targeted more than 40 major financial institutions, online services, and job search providers,' APWG reported. In December of 2009, the network used 959 distinct domains for its phishing campaigns. Avalanche also actively spread the Zeus financial fraud botnet at the time."
Read Replies (0)
By BeauHD from
Slashdot's wrong-click department:
According to French media, a court in the department of Ardeche on Tuesday sentenced a 32-year-old man in France to two years in prison for repeatedly visiting pro-ISIS websites -- even though there was no indication he planned to stage a terrorist attack. Police raided his house and found the man's browsing history. They also found pro-ISIS images and execution videos on his phone, personal computer, and a USB stick, an ISIS flag wallpaper on his computer, and a computer password that was "13novembrehaha," referencing the Paris terrorist attacks that left 130 people dead. Slashdot reader future guy shares with us an excerpt from The Verge's report: In court, the man argued that he visited the sites out of curiosity. "I wanted to tell the difference between real Islam and the false Islam, now I understand," he said, according to FranceBleu. But the man reportedly admitted to not reading other news sites or international press, and family members told the court that his behavior had recently changed. He became irritated when discussing religion, they said, and began sporting a long beard with harem pants. A representative from the Ardeche court confirmed to The Verge that there was no indication that the man had any plans to launch an attack. In addition to the two-year prison sentence, he will have to pay a 30,000 euros (roughly $32,000) fine.
Read Replies (0)
By BeauHD from
Slashdot's work-in-progress department:
An anonymous reader quotes a report from Bloomberg: Apple plans to use drones and new indoor navigation features to improve its Maps service and catch longtime leader Google (Warning: source may be paywalled; alternate link), according to people familiar with the matter. The Cupertino, California-based company is assembling a team of robotics and data-collection experts that will use drones to capture and update map information faster than its existing fleet of camera-and-sensor ladened minivans, one of the people said. Apple wants to fly drones around to do things like examine street signs, track changes to roads and monitor if areas are under construction, the person said. The data collected would be sent to Apple teams that rapidly update the Maps app to provide fresh information to users, the person added. Apple is also developing new features for Maps, including views inside buildings and improvements to car navigation, another person familiar with the efforts said. Apple filed for an exemption on Sept. 21, 2015, from the Federal Aviation Administration to fly drones for commercial purposes, according to documents obtained by Bloomberg News. At that time, exemptions were required to commercially operate drones. In a response dated March 22, 2016, the FAA granted Apple approval to "operate an unmanned aircraft system to conduct data collection, photography, and videography," according to one of the documents. Apple's application told the FAA that it would use a range of drones sold by companies such as SZ DJI Technology Co. and Aibotix GmbH to collect the data. Apple has hired at least one person from Amazon's Prime Air division to help run the drone team, one of the people said.
Read Replies (0)