By BeauHD from Slashdot's can-you-keep-a-secret department
An anonymous reader quotes a report from The Intercept about Google's secretive plans to build a censor version of its search engine for China: The objective, code-named Dragonfly, was to build a search engine for China that would censor broad categories of information about human rights, democracy, and peaceful protest. Yonatan Zunger, then a 14-year veteran of Google and one of the leading engineers at the company, was among a small group who had been asked to work on Dragonfly. He was present at some of the early meetings and said he pointed out to executives managing the project that Chinese people could be at risk of interrogation or detention if they were found to have used Google to seek out information banned by the government.
Scott Beaumont, Google's head of operations in China and one of the key architects of Dragonfly, did not view Zunger's concerns as significant enough to merit a change of course, according to four people who worked on the project. Beaumont and other executives then shut out members of the company's security and privacy team from key meetings about the search engine, the four people said, and tried to sideline a privacy review of the plan that sought to address potential human rights abuses. Google's leadership considered Dragonfly so sensitive that they would often communicate only verbally about it and would not take written notes during high-level meetings to reduce the paper trail, two sources said. Only a few hundred of Google's 88,000 workforce were briefed about the censorship plan. Some engineers and other staff who were informed about the project were told that they risked losing their jobs if they dared to discuss it with colleagues who were themselves not working on Dragonfly.Read Replies (0)
By BeauHD from Slashdot's downward-spiral department
The Centers for Disease Control and Prevention (CDC) on Thursday released data that shows life expectancy fell by one-tenth of a year, to 78.6 years (Warning: source paywalled; alternative source), pushed down by the sharpest annual increase in suicide in nearly a decade and a continued rise in deaths from opioid drugs. "Influenza, pneumonia and diabetes also factored into last year's increase," The Wall Street Journal adds. From the report: Economists and public-health experts consider life expectancy to be an important measure of a nation's prosperity. The 2017 data paint a dark picture of health and well-being in the U.S., reflecting the effects of addiction and despair, particularly among young and middle-aged adults, as well as diseases plaguing an aging population and people with lower access to health care. The U.S. has lost three-tenths of a year in life expectancy since 2014, a stunning reversal for a developed nation, and lags far behind other wealthy nations. Life expectancy is 84.1 years in Japan and 83.7 years in Switzerland, first and second in the most-recent ranking by the Organization for Economic Cooperation and Development. The U.S. ranks 29th.
White men and women fared the worst, along with black men, all of whom experienced increases in death rates. Death rates rose in particular for adults ages 25 to 44, and suicide rates are highest among people in the nation's most rural areas. On the other hand, deaths declined for black and Hispanic women, and remained the same for Hispanic men. As drug and suicide mortality has risen, deaths from heart disease, the nation's leading killer, went down only slightly, failing to offset the increases in mortality from other causes and prolonging another worrisome trend.Read Replies (0)
By BeauHD from Slashdot's cough-it-up department
An anonymous reader quotes a report from The Hill: A group of Democratic lawmakers sent a letter to Amazon CEO Jeff Bezos on Thursday saying that the company's previous explanations to Congress about its Rekognition software were inadequate. Democratic lawmakers expressed concern about the potential threat the technology poses to civil liberties in the hands of police. "Facial recognition technology may one day serve as a useful tool for law enforcement officials working to protect the American public and keep us safe," the letter reads. "However, at this time, we have serious concerns that this type of product has significant accuracy issues, places disproportionate burdens on communities of color, and could stifle Americans' willingness to exercise their First Amendment rights in public." In the letter on Thursday, the Democratic members requested that Amazon provide them with results from accuracy tests of the Rekognition software. They also asked again for information on their government clients and if they audited law enforcement's use of facial recognition to ensure that its not being employed in violation of civil rights law. "Customer trust, privacy, and security are our top priorities at AWS," Michael Punke, Amazon's vice president for global public policy, wrote in response. "We have long been committed to working with federal and state legislatures to modernize outdated laws to enhance the privacy and security of our customers by preventing law enforcement from accessing data without a warrant."Read Replies (0)
By BeauHD from Slashdot's changing-taste-buds department
American business journalist Joe Nocera writes in a Bloomberg article about "how badly things have deteriorated for the U.S. car makers," after the recent news that both General Motors and Ford will soon be exiting the sedan market in the country. Slashdot reader gollum123 shares the report: Much of the analysis about Ford and GM's exit from the sedan market stressed that sedan sales have lost ground in recent years "as consumers have gravitated toward pickup trucks and sport-utility vehicles," as the New York Times put it. If you look at the historical sales figures of the top Japanese sedans, you'll see a small decline in recent years, but nothing like the big drop-off in sales that have hammered the American companies. So in addition to the overall decline in sedan sales, there is a second, largely overlooked, dynamic taking place: Americans have only stopped buying American sedans, not Japanese sedans. The American car companies now say they are going to count on profits from trucks and SUVs while moving toward autonomous and all-electric vehicles. They had better hope that transition takes place quickly.
I couldn't help noticing that while the top three selling vehicles in the U.S. are, indeed, American-made trucks, No. 4 on the list is Nissan's top SUV, the Rogue, the sales of which have gone from 18,000 in 2007 to 403,000 last year. No. 5 is a Toyota SUV, the Rav4 (407,000 in 2017). No. 6 is the Honda CR-V (378,000). And the leading American SUV? It's the Chevy Equinox. Last year, Chevrolet sold 290,000 of them -- 100,000 fewer than the Toyota Camry.Read Replies (0)
By BeauHD from Slashdot's straight-out-of-a-sci-fi-novel department
An anonymous reader quotes a report from Ars Technica: Microsoft has won a $480 million contract to develop an augmented reality system for use in combat and military training for the U.S. Army. Called Integrated Visual Augmentation System (IVAS), formerly Heads Up Display (HUD) 3.0, the goal of the project is to develop a headset that gives soldiers -- both in training and in combat -- an increase in "Lethality, Mobility, and Situational Awareness." The ambitions for the project are high. Authorities want to develop a system with a goggle or visor form factor -- nothing mounted on a helmet -- with an integrated 3D display, digital cameras, ballistic laser, and hearing protection. The system should provide remote viewing of weapon sights to enable low risk, rapid target acquisition, perform automated or assisted target acquisition, integrate both thermal and night vision cameras, track soldier vitals such as heart and breathing rates, and detect concussions. Over the course of IVAS's development, the military will order an initial run of 2,550 prototypes, with follow-on production possibly in excess of 100,000 devices.Read Replies (0)
By msmash from Slashdot's PSA department
A reminder that Internet Archive's Wayback Machine, which many people assume keeps a permanent trail and origin of web-content, has little feasible choice but to comply with DMCA takedown notices. As a result of which, a portion of the archive of things people submit to the website continues to quietly fade away. Gizmodo: Over the last few years, there has been a change in how the Wayback Machine is viewed, one inspired by the general political mood. What had long been a useful tool when you came across broken links online is now, more than ever before, seen as an arbiter of the truth and a bulwark against erasing history. That archive sites are trusted to show the digital trail and origin of content is not just a must-use tool for journalists, but effective for just about anyone trying to track down vanishing web pages. With that in mind, that the Internet Archive doesn't really fight takedown requests becomes a problem. That's not the only recourse: When a site admin elects to block the Wayback crawler using a robots.txt file, the crawling doesn't just stop. Instead, the Wayback Machine's entire history of a given site is removed from public view.
< article continued at Slashdot's PSA department
>Read Replies (0)
By msmash from Slashdot's watch-out department
A cyber-criminal group known as ScamClub has hijacked over 300 million browser sessions over 48 hours to redirect users to adult and gift card scams, a cyber-security firm revealed this week. From a report: The traffic hijacking has taken place via a tactic known as malvertising, which consists of placing malicious code inside online ads. In this particular case, the code used by the ScamClub group hijacked a user's browsing session from a legitimate site, where the ad was showing, and redirected victims through a long chain of temporary websites, a redirection chain that eventually ended up on a website pushing an adult-themed site or a gift card scam.
These types of malvertising campaigns have been going on for years, but this particular campaign stood out due to its massive scale, experts from cyber-security firm Confiant told ZDNet today. "On November 12 we've seen a huge spike in our telemetry," Jerome Dang, Confiant co-founder and CTO, told ZDNet in an email. Dangu says his company worked to investigate the huge malvertising spike and discovered ScamClub activity going back to August this year.Read Replies (0)
By msmash from Slashdot's shape-of-things-to-come department
Journalist Brad Sams is releasing a book chronicling the company's Surface brand: Beneath a Surface. VentureBeat writes: While you'll want to read all 26 chapters to get the juicy details, the last one includes Microsoft's hardware roadmap for 2019, and even a part of 2020 -- spanning various Surface products and even a little Xbox. Here's a quick rundown of Microsoft's current Surface lineup plans:
Spring 2019: A new type of Surface-branded ambient computing device designed to address "some of the common frustrations of using a smartphone," but that isn't itself a smartphone.
Q4 2019: Surface Pro refresh with USB-C (finally), smaller bezels, rounded corners, and new color options.
Q4 2019: AMD-based Surface Laptop -- Microsoft is exploring using the Picasso architecture.
Late 2019: Microsoft's foldable tablet Andromeda could be larger than earlier small form factor prototypes for a pocketable device with dual screens and LTE connectivity.
Q1 2020: Surface Book update that might include new hinge designs (high-end performance parts may delay availability).
2020: A Surface monitor, and the modular design debuted for Surface Hub 2 could make its way to Surface Studio. The idea is to bring simple upgrades to all-in-one PCs, rather than having to replace the whole computer. GeekWire adds: A pair of new lower-cost devices Xbox One S devices could come next year. Sams reports that one of the models may be all digital, without a disc drive.Read Replies (0)
By msmash from Slashdot's inside-uber department
During an all-hands meeting at Uber earlier this week, CEO Dara Khosrowshahi and the head of the self-driving car unit, Eric Meyhofer, were questioned by employees over the culture at the self-driving unit. An anonymous reader writes: They asked about allegations of infighting and dysfunction in the unit prior to a tragic accident that killed a pedestrian, based on Business Insider's newly published investigation. (The investigation found that engineers were pressured to "tune" the self-driving car for a smoother ride in preparation of a big year-end demonstration of their progress, but that meant not allowing the car to respond to everything it saw, real or not.) What followed was a strange couple of minutes in which the executives told odd stories and quoted wrong statistics leading up to Khosrowshahi admitting, several times, "we have screwed up."
[...] Khosrowshahi showed his support of his senior leader by saying some negative things about Business Insider. And then he said, "we did screw up" and that "we are radically changing how we develop, how we test, etcetera. So we've gone through changes. We have screwed up." Sources tell Business Insider that Khosrowshahi had not been paying much attention to the self-driving car unit in his first year because he was so busy fighting fires with Uber's main business, but that this is changing now. On Tuesday, Khosrowshahi indicated as much saying, "A year forward from all the controversy that we saw last year, we are better, stronger. And I think ATG is going through that same journey," he said.Read Replies (0)
By msmash from Slashdot's security-woes department
More than 45,000 Internet routers have been compromised by a newly discovered campaign that's designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers say. From a report:
The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don't reveal precisely what happens to the connected devices once they're exposed, Akamai said the ports --which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed -- provide a strong hint of the attackers' intentions.
The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play -- often abbreviated as UPnP -- to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets.Read Replies (0)
By msmash from Slashdot's closer-look department
Criminal hackers continue to exploit a feature in Autodesk's widely used AutoCAD program in an attempt to steal valuable computer-assisted designs for bridges, factory buildings, and other projects, researchers say. From a report: The attacks arrive in spear-phishing emails and in some cases postal packages that contain design documents and plans. Included in the same directory are camouflaged files formatted in AutoLISP, an AutoCAD-specific dialect of the LISP programming language. When targets open the design document, they may inadvertently cause the AutoLISP file to be executed. While modern versions of AutoCAD by default display a warning that a potentially unsafe script will run, the warnings can be disregarded or suppressed altogether. To make the files less conspicuous, the attackers have set their properties to be hidden in Windows and their contents to be encrypted.
The attacks aren't new. Similar ones occurred as long ago as 2005, before AutoCAD provided the same set of robust defenses against targeted malware it does now. The attacks continued to go strong in 2009. A specific campaign recently spotted by security firm Forcepoint was active as recently as this year and has been active since at least 2014, an indication that malware targeting blueprints isn't going away any time soon. [...] Forcepoint said it has tracked more than 200 data sets and about 40 unique malicious modules, including one that purported to include a design for Hong Kongâ(TM)s Zhuhai-Macau Bridge.Read Replies (0)
By msmash from Slashdot's state-of-things department
Erik Wemple, writing for The Washington Post: According to informed sources, Bloomberg has continued reporting the blockbuster story that it broke on Oct. 4, including a very recent round of inquiries from a Bloomberg News/Bloomberg Businessweek investigative reporter. In emails to employees at Apple, Bloomberg's Ben Elgin has requested "discreet" input on the alleged hack. "My colleagues' story from last month (Super Micro) has sparked a lot of pushback," Elgin wrote on Nov. 19 to one Apple employee. "I've been asked to join the research effort here to do more digging on this ... and I would value hearing your thoughts (whatever they may be) and guidance, as I get my bearings."
One person who spoke with Elgin told the Erik Wemple Blog that the Bloomberg reporter made clear that he wasn't part of the reporting team that produced "The Big Hack." The goal of this effort, Elgin told the potential source, was to get to "ground truth"; if Elgin heard from 10 or so sources that "The Big Hack" was itself a piece of hackery, he would send that message up his chain of command. The potential source told Elgin that the denials of "The Big Hack" were "100 percent right."
According to the potential source, Elgin also asked about the possibility that Peter Ziatek, senior director of information security at Apple, had written a report regarding a hardware hack affecting Apple. In an interview with the Erik Wemple Blog, Ziatek says that he'd never written that report, nor is he aware of such a document. Following the publication of Bloomberg's story, Apple conducted what it calls a "secondary" investigation surrounding its awareness of events along the lines of what was alleged in "The Big Hack." That investigation included a full pat-down of Ziatek's own electronic communications. It found nothing to corroborate the claims in the Bloomberg story, according to Ziatek.Read Replies (0)
By msmash from Slashdot's closer-look department
Millennials, long presumed to have less interest in the nonstop consumption of goods that underpins the American economy, might not be that different after all, a new study from the Federal Reserve says. From a report: Their spending habits are a lot like the generations that came before them, they just have less money at this point in their lives, the Fed study found. The group born between 1981 and 1997 has fallen behind because many of them came of age during the financial crisis. "We find little evidence that millennial households have tastes and preference for consumption that are lower than those of earlier generations, once the effects of age, income, and a wide range of demographic characteristics are taken into account," wrote authors Christopher Kurz, Geng Li and Daniel J. Vine.
Their findings [PDF] are grounded in an analysis of spending, income, debt, net worth, and demographic factors among different generations. The conclusion that millennials aren't all that different also holds for the researchers' more granular examination of expenditures on cars, food, and housing. "It primarily is the differences in average age and then differences in average income that explain a large and important portion of the consumption wedge between millennials and other cohorts," they conclude. So much for the young folks favoring "experiences" over tangible goods.Read Replies (0)
By msmash from Slashdot's catch-me-if-you-can department
In India, a hub for tech support centers, a rise in scams forced Microsoft and the police to take action. From a report: You know the messages. They pop up on your computer screen with ominous warnings like, "Your computer has been infected with a virus. Call our toll-free number immediately for help." Often they look like alerts from Microsoft, Apple or Symantec. Sometimes the warning comes in a phone call. Most people ignore these entreaties, which are invariably scams. But one in five recipients actually talks to the fake tech-support centers, and 6 percent ultimately pay the operators to "fix" the nonexistent problem, according to recent consumer surveys by Microsoft.
Law enforcement authorities, working with Microsoft, have now traced many of these boiler rooms to New Delhi, India's capital and a hub of the global call-center industry. On Tuesday and Wednesday, police from two Delhi suburbs raided 16 fake tech-support centers and arrested about three dozen people. Last month, the Delhi authorities arrested 24 people in similar raids on 10 call centers. In Gautam Budh Nagar, one of the suburbs, 50 police officers swept into eight centers on Tuesday night. Ajay Pal Sharma, the senior superintendent of police there, said the scammers had extracted money from thousands of victims, most of whom were American or Canadian.Read Replies (0)
By msmash from Slashdot's sneaky department
Unwanted gifts arrive after friends click on promotions tucked into wish lists. From a report: Kima Nieves recently received two Aveeno bath-time sets and a box of Huggies diapers through her baby registry on Amazon. The only problem? The new mother didn't ask for the products, or even want them. Instead, Johnson & Johnson and Kimberly-Clark each paid Amazon.com hefty sums to place those sponsored products onto Ms. Nieves's and other consumers' baby registries. The ads look identical to the rest of the listed products in the registry, except for a small gray "Sponsored" tag. Unsuspecting friends and family clicked on the ads and purchased the items, assuming Ms. Nieves had chosen them. "Very sneaky," said the 28-year-old health-care analyst from Fredericksburg, Va. "That's friends' and family's money going somewhere we didn't approve of."
Amazon in recent years has charged into advertising, building the third-largest digital ad business in the U.S. after Alphabet's Google and Facebook, according to eMarketer. Its ad revenue is on pace to double this year, to $5.8 billion, eMarketer estimates. As Amazon has monetized more space on its website, shoppers are increasingly encountering sponsored ads. Amazon is "starting to see how far they can push things," said Harry Brignull, a U.K.-based consultant who specializes in spotting web-design tactics that get people to click on something. Amazon's sponsored ads have appeared in its baby registries for more than a year. Responding to a Wall Street Journal inquiry about the ads, an Amazon spokeswoman declined to comment on criticism that the ads are deceptive, but said the retailer is now phasing out the sponsored listings. "We're constantly experimenting with new ways to improve the shopping experiences for customers," she said.Read Replies (0)