By manishs from
Slashdot's security-woes department:
Earlier this week, security researchers at Checkpoint reported about vulnerabilities in Facebook Chat and Messenger that, if exploited, could allow anyone to essentially take control of any message sent by Chat or Messenger. Now a developer named Inti De Ceukelaire is pointing out another flaw in how Facebook deals with URLs. The Verge reports: Through the right API call, De Ceukelaire was able to summon links shared by specific users in private messages. The links were collected by the Facebook crawler, where De Ceukelaire discovered they were easily accessible to anyone running a Facebook app. Those links could be anything from a popular news story to directions to an abortion clinic. As long as they're shared in private messages, they're logged in Facebook's database, and accessible to API calls. It would be hard to exploit that bug at scale for a few different reasons. De Ceukelaire was only able to make the API call because he's registered as a Facebook developer, and if he started pulling those links en masse, Facebook would quickly catch on and pull his credentials. Still, the bug points to a number of lingering problems with the conflicting way web services treat URLs, and how those conflicts can put private information into public view.
Read Replies (0)
By manishs from
Slashdot's curious-case-of-Yahoo department:
It's been a while since Yahoo has been up for sale, but the interested companies are still struggling to figure out what parts of Yahoo are worth purchasing. "Being for sale is what Yahoo does for a living now," Kara Swisher reports. "This is a pretty basic deal with everyone trying to figure out the risk and reward here of taking over a clearly failing business," said one bidder quoted in the report. "Everyone has different criteria for what matters." Yahoo essentially has three things to offer, which come with their own set of problems. From the report: (1) Its core business that includes search, advertising and media assets, all of which are in decline and getting worse.(2) Its patent portfolio that the company thinks is worth as much as $3 billion, but others peg at $1 billion. (3) Its real estate, which the company is pegging at about $1 billion, while others put it at a much lower value.It's also being reported that Yahoo CEO Marissa Mayer will have to leave the company, regardless of whether it gets acquired or not. Some of the potential buyers include Verizon, which according to the report, isn't interested in getting Yahoo's patents. It is offering $3B to $3.5B all-cash. Several private equity firms, who are interested in getting hold of Yahoo-owned patents and real estate, are offering Yahoo a sum of $5 billion or more. "This deal is not one in which everyone's really enthusiastic, since there is a giant question of how quickly the business is deteriorating," said another bidder. "If you win, you might lose and vice versa."
Read Replies (0)
By manishs from
Slashdot's house-of-cards department:
Gawker has filed for Chapter 11 bankruptcy. The move comes after the media house was ordered to pay up $140M to Hulk Hogan for publishing his sex tape. Gawker, which is known for its irreverent voice, is currently facing multiple lawsuits, backed by billionaire Peter Thiel, one of the people that Gawker has extensively reported on. USA Today reports: In its filing with the U.S. Bankruptcy Court for the Southern District of New York, Gawker is seeking to reorganize under the bankruptcy protection and there's no indication, as of yet, that it will cease publication. Gawker listed estimated assets of $50 million to $100 million and liabilities of $100 million to $500 million. [...] Thiel's funding triggered concerns about the possibility of First Amendment rights being quashed by wealthy individuals' funding of third-party legal claims against media organizations.According to a separate report, Ziff Davis is interested in purchasing Gawker and various properties that it owns. Gawker media also runs Gizmodo, LifeHacker, and Deadspin among other popular publications.
Read Replies (0)
By manishs from
Slashdot's struggle-is-real department:
Joe Mullin, reporting for Ars Technica: Google successfully made its case to a jury last month that its use of Java APIs in Android was "fair use," and the verdict rejected Oracle's claim that the mobile system infringed its copyrights. After Google argued its case, though, Oracle filed a motion arguing that the judge should decide as a matter of law that fair use didn't cover it. In the wake of the jury's pro-Google verdict, Oracle's motion was its last hope of a trial victory. It didn't happen; US District Judge William Alsup shot down the motion on Wednesday. The same order also denied Google's motion making similar arguments, filed at the close of trial but before the jury's verdict. Alsup's stinging order [PDF], which rejects Oracle's argument [PDF] on every front, hardly comes as a surprise. But the document provides the first insights as to what Oracle might bring up in an appeal proceeding, which the company has said it will pursue. In the order, Alsup defends how he ran the trial. The evidence and instructions presented to the jury were a mix of mandates from the appeals court, which overruled Alsup on the key issue of API copyrightability, and modifications urged by both sides' lawyers.
Read Replies (0)
By BeauHD from
Slashdot's always-listening department:
An anonymous reader quotes a report from Networkworld: When Apple released the iPhone 6s, it included a great new Siri feature which enables users to activate the intelligent assistant via voice. Dubbed 'Hey Siri,' the feature is particularly convenient because the iPhone 6s' M9 motion co-processor is 'always listening' and thereby lets users use 'Hey Siri' even when the device isn't connected to a power source. Recently, Stacey Gleeson of Australia used the 'Hey Siri' feature to successfully call an ambulance while she was tending to her daughter Giana who had stopped breathing. "I picked her up and sat down with her on the floor," Gleeson said in an interview. "And as I checked her airways, I looked over and remembered my phone." Thinking quick on her feet, Gleeson said, "Hey Siri, call the ambulance." Fortunately, Gleeson managed to resuscitate her daughter while the ambulance was in route. And while it's impossible to know for sure, it's entirely possible that the time Gleeson saved by not having to call an ambulance manually helped save her daughter's life. "Saving me the trouble of having to physically dial emergency services was a godsend," Gleeson said.
Read Replies (0)
By BeauHD from
Slashdot's safety-vs-freedom department:
Rick Zeman writes: Creepy British startup Score Assured has brought the power of "big data" to plumb new depths. In order to rent from landlords who use their services, potential renters are "...required to grant it full access to your Facebook, LinkedIn, Twitter and/or Instagram profiles. From there, Tenant Assured scrapes your site activity, including entire conversation threads and private messages; runs it through natural language processing and other analytic software; and finally, spits out a report that catalogs everything from your personality to your 'financial stress level.'" This "stress level" is a deep dive to (allegedly) determine whether the potential renter will pay their bills using vague indicators like "online retail social logins and frequency of social logins used for leisure activities." To make it worse, the company turns over to the landlords' indicators that the landlords aren't legally allowed to consider (age, race, pregnancy status), counting on the landlords to "do the right thing." As if this isn't abusive enough, the candidates are not allowed to see nor challenge their report, unlike with credit reports. Landlords first, employers next...and then? As the co-founder says, "People will give up their privacy to get something they want" and, evidently, that includes a place to live and a job. In late May, an apartment building in Salt Lake City told tenants living in the complex to "like" its Facebook page or they will be in breach of their lease.
Read Replies (0)
By BeauHD from
Slashdot's green-light department:
An anonymous reader quotes a report from PCWorld: A U.S. agency has lined up broad support for its plan to end the government's oversight of the Internet's domain name system, despite opposition from some Republicans in Congress. The U.S. National Telecommunications and Information Administration (NTIA) on Thursday released statements of support for a plan to end its oversight of the Internet Corporation for Assigned Names and Numbers (ICANN). Among supporters of a plan, developed by the ICANN community, to transition ICANN's domain name coordination functions to a multistakeholder governance model are Amazon.com, Google, Cisco Systems, Microsoft, Facebook, Hewlett Packard Enterprise, the U.S. Chamber of Commerce, and the Computer and Communications Industry Association. NTIA on Thursday announced it had reviewed the community proposal and found it meets the agency's criteria for allowing the ICANN privatization plan to move forward. The community plan maintains the openness of the Internet and maintains the security and stability of the DNS, said NTIA Administrator Lawrence Strickling. It does not replace NTIA's oversight with another government organization, he said, although that's been a fear of some critics of the NTIA plan. On Wednesday, Ted Cruz proposed a bill, the Protecting Internet Freedom Act, that would prohibit the U.S. government from relinquishing its role with respect to overseeing the web's domain name system (DNS), unless explicitly authorized by Congress.
Read Replies (0)
By BeauHD from
Slashdot's ready-to-Tango department:
MojoKid quotes a report from HotHardware: Google has been teasing its Project Tango augmented reality (AR) platform for years but no OEMs have stepped up to the plate to deliver Tango-enabled hardware until now. Lenovo just came out with its PHAB2 Pro 6.4-inch phablet smartphone which packs a full-fledged AR experience. The PHAB2 Pro will be the first commercially available Lenovo smartphone in the U.S. and it leverages Tango AR technology in three ways. The smartphone's "eye" uses motion-tracking to determine its location in 3D. Area learning can also feed location information to the phone, and depth perception allows the phone to analyze the world around it. The PHAB2 Pro is also huge with a 6.4" QHD display covered in 2.5D curved glass. Powering the PHAB2 Pro is a Snapdragon 652 processor with 4GB of RAM, a generous 64GB of storage and a microSD slot. There's also a 16MP rear camera, 8MP front camera and a 4050 mAh battery. Lenovo's Motorola Mobility division also announced the Moto Z and Moto Z Force, which are next generation Android flagships. The Moto Z is the standard model and measures just 5.2mm thick and comes with a 5.5" QHD AMOLED display, a Snapdragon 820 processor with 4GB of RAM and up to 64GB of storage. Its 13MP rear camera features optical image stabilization and laser autofocus, while its 5MP front camera with wide-angle lens takes care of selfies. Then there's the new Moto Z Force, which ups the ante with a 3500 mAh battery, a 21MP rear camera and a shatterproof screen. But what truly makes the Moto Z and Moto Z Force stand out are Moto Mods. These are modular accessories that attach to the back of the smartphones via four magnets and a 16-pin connector. It's much more elegant than what LG has employed with the G5 (which requires you to remove the bottom of the smartphone). Instead, Moto Z users can simply attach an accessory, like the JBL SoundBoost Mod which brings high-end sound, with a quick snap.
Read Replies (0)
By BeauHD from
Slashdot's shrouded-in-secrecy department:
An anonymous reader writes: Inventor of the World Wide Web Sir Tim Berners-Lee said in an interview with The New York Times that the internet has become the "world's largest surveillance network. [...] It controls what people see. It creates mechanisms for how people interact. It's been great, but spying, blocking sites, repurposing people's content, taking you to the wrong websites completely undermines the spirit of helping people create," he said. Berners-Lee thinks large corporations and governments are to blame. "The problem is the dominance of one search engine, one big social network, one Twitter for microblogging." At the Decentralized Web Summit, Berners-Lee met with a group of internet activists to discuss ways of "re-decentralizing" the internet, and giving individuals more control while ensuring more privacy and security. "The temptation to grab control of the internet by the government or by a company is always going to be there," he said. "They will wait until we're sleeping, because if you're a government or a company and you can control something, you'll want it. You want to control your citizens or exploit customers. The temptation is huge. Yes, we can have things enshrined in law, but even then it won't necessarily stop people."
Read Replies (0)
By BeauHD from
Slashdot's safety-investigators department:
schwit1 quotes a report from Daily Kanban: For several months now, reports have circulated in comment sections and forum threads about a possible defect in Tesla's vehicles that may cause suspension control arms to break. Many of those reports appeared to come from a single, highly-motivated and potentially unreliable source, a fact which led many to dismiss them as crankery. But as more reports of suspension failure in Teslas have come in, Daily Kanban has investigated the matter and can now report on this deeply troubling issue. Our investigation began in earnest upon reading a thread titled "Suspension Problem on Model S" in the Tesla Motors Club forum. The original poster (OP) in that thread described the suspension in his 2013 Model S (with 70,000 miles) failing at relatively low speed, saying the "left front hub assembly separated from the upper control arm." Images of the broken suspension components showed high levels of rust in the steel ball joint and the OP reported being told by Tesla service center employees that the "ball joint bolt was loose and caused the wear," which was "not normal." Because his Tesla was out of warranty, the repair was reportedly sent to Tesla management for consideration. According to a subsequent post by the OP, Tesla management refused to repair the broken suspension under warranty despite the "not normal" levels of wear reported by the service techs. Then, just days later, the OP reported that Tesla had offered to pay 50% of the $3,100 repair bill in exchange for his signature on a "Goodwill Agreement" which he subsequently posted here (a scan of the stock agreement can be found here). That agreement included the following passage: "The Goodwill is being provided to you without any admission of liability or wrongdoing or acceptance of any facts by Tesla, and shall not be treated as or considered evidence of Tesla's liability with respect to any claim or incidents. You agree to keep confidential our provision of the Goodwill, the terms of this agreement and the incidents or claims leading or related to our provision of the Goodwill. In accepting the Goodwill, you hereby release and discharge Tesla and related persons or entities from any and all claims or damages arising out of or in any way connected with any claims or incidents leading or related to our provision of the Goodwill. You further agree that you will not commence, participate or voluntarily aid in any action at law or in equity or any legal proceeding against Tesla or related persons or entities based upon facts related to the claims or incidents leading to or related to this Goodwill." [Emphasis added] This offer, to repair a defective part in exchange for a non-disclosure agreement, is unheard of in the auto industry. More troublingly, it represents a potential assault by Tesla Motors on the right of vehicle owners to report defects to the National Highway Traffic Safety Administration's complaint database, the auto safety regulators sole means of discovering defects independent of the automakers they regulate. Reuters also reports today that U.S. auto safety investigators are reviewing reports of suspension problems in Tesla Motors Inc's Model S cars.
Read Replies (0)