By msmash from Slashdot's privacy-woes department
Researchers at UpGuard, a cybersecurity firm, found troves of Facebook user information hiding in plain sight, inadvertently posted publicly on Amazon.com's cloud computing servers. From a report: The discovery shows that a year after the Cambridge Analytica scandal exposed how unsecure and widely disseminated Facebook users' information is online, companies that control that information at every step still haven't done enough to seal up private data, Bloomberg News reports. In one instance, Mexico City-based media company Cultura Colectiva openly stored 540 million records on Facebook users, including identification numbers, comments, reactions and account names. That database was closed on Wednesday after Bloomberg alerted Facebook to the problem and Facebook contacted Amazon. Facebook shares pared their gains after the Bloomberg News report. UpGuard adds: The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers. As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.Read Replies (0)
By msmash from Slashdot's topsy-turvy-world department
An anonymous reader shares a report: Just two weeks after admitting it stored hundreds of millions of its users' own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network. Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. "To continue using Facebook, you'll need to confirm your email," the message demands. "Since you signed up with [email address], you can do that automatically ..." A form below the message asked for the users' "email password."
"That's beyond sketchy," security consultant Jake Williams told the Daily Beast. "They should not be taking your password or handling your password in the background. If that's what's required to sign up with Facebook, you're better off not being on Facebook." In a statement emailed to the Daily Beast after this story published, Facebook reiterated its claim it doesn't store the email passwords. But the company also announced it will end the practice altogether. "We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook wrote. It's not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email." Those options are presented to users who click on the words "Need help?" in one corner of the page.Read Replies (0)
By BeauHD from Slashdot's gotta-do-what-ya-gotta-do department
An anonymous reader quotes a report from ZDNet: A German security researcher has printed the word "PWNED!" on the tracking maps of hundreds of GPS watches after the watch vendor ignored vulnerability reports for more than a year, leaving thousands of GPS-tracking watches --some of which are used by children and the elderly-- open to attackers. Speaking at the Troopers 2019 security conference that was held in Heidelberg, Germany, at the end of March, security researcher Christopher Bleckmann-Dreher presented a series of vulnerabilities impacting over 20 models of GPS watches manufactured by Austrian company Vidimensio. The watch models all share a common backend API, which works as an intermediary and storage point between the GPS watches and associated mobile apps.
Back in December 2017, Dreher discovered flaws in the mechanism through which the GPS watches communicate with this backend API server. [...] Dreher's new warning comes as the number vulnerable Vidimensio GPS watches grew ten times since December 2017, despite the warning from German authorities to destroy and stop using children smartwatches with intrusive tracking and eavesdropping capabilities. According to the researcher, the number has grown from around 700 to 7,000, of which 3,000 have been active in the past month. To raise awareness to these still-unpatched devices, Dreher told ZDNet that he has now turned to an unconventional strategy. The researcher has been using one of the security flaws he discovered to insert fake GPS coordinates in people's location history. The researcher designed these fake GPS coordinates to look like the word "PWNED!" when displayed on the location history section map --displayed inside the mobile apps and the watches' web dashboard.Read Replies (0)
By BeauHD from Slashdot's space-junk department
When India blew apart one of its satellites orbiting Earth last week, it created hundreds of pieces of orbital debris, and some of those pieces are large enough and high enough to pose a potential threat to the International Space Station, NASA says. "That is a terrible, terrible thing to create an event that sends debris in an apogee that goes above the International Space Station," NASA Administrator Jim Bridenstine said, referring to the debris' highest point in orbit. "And that kind of activity is not compatible with the future of human space flight that we need to see happen." NPR reports: In calculating the Indian test's potential impact last week, he said NASA determined that the risk of small debris hitting the space station was increased by 44 percent over a period of 10 days. "It's unacceptable, and NASA needs to be very clear about what its impact to us is," Bridenstine said, discussing space debris and India's anti-satellite test at a town hall event Monday.
As he spoke about the heightened risk, the NASA administrator also emphasized that both the space station and the astronauts aboard it are safe. The station can be maneuvered out of harm's way if needed, he added. But another danger, he said, is that "when one country does it, then other countries feel like they have to do it, as well." "The good thing is, it's low enough in Earth orbit that over time, this will all dissipate," Bridenstine said on Monday. Those pieces are expected to burn up as they re-enter Earth's atmosphere. India's intercept of its own satellite created 400 pieces of orbital debris, Bridenstine said. "What we are tracking right now -- objects big enough to track, we're talking about 10 centimeters [4 inches] or bigger -- about 60 pieces have been tracked," he said. "Of those 60, we know that 24 of them are going above the apogee of the International Space Station."Read Replies (0)
By BeauHD from Slashdot's antitrust-concerns department
The Justice Department has warned the Academy of Motion Picture Arts and Sciences that its potential rule changes limiting the eligibility of Netflix and other streaming services for the Oscars could raise antitrust concerns and violate competition law. From the report: According to a letter obtained by Variety, the chief of the DOJ's Antitrust Division, Makan Delrahim, wrote to AMPAS CEO Dawn Hudson on March 21 to express concerns that new rules would be written "in a way that tends to suppress competition." "In the event that the Academy -- an association that includes multiple competitors in its membership -- establishes certain eligibility requirements for the Oscars that eliminate competition without procompetitive justification, such conduct may raise antitrust concerns," Delrahim wrote. The letter came in response to reports that Steven Spielberg, an Academy board member, was planning to push for rules changes to Oscars eligibility, restricting movies that debut on Netflix and other streaming services around the same time that they show in theaters. Netflix made a big splash at the Oscars this year, as the movie "Roma" won best director, best foreign language film and best cinematography.
< article continued at Slashdot's antitrust-concerns department
>Read Replies (0)
By BeauHD from Slashdot's new-and-shiny department
The updated fifth-generation iPad mini has been torn apart by iFixit, revealing an "amalgamation of components and designs from other iPads -- the internals of a previous iPad mini, the camera system of an iPad Pro, and the exterior design of an iPad Air," reports Ars Technica. From the report: iFixit has published its teardown of the new, fifth-generation iPad mini -- the first update to Apple's smaller-sized tablet since 2015. The iFixit team -- which sells gear for repairing and servicing gadgets and uses these teardown series to promote said gearâ"noted that the iPad mini looks on the outside like a smaller version of the new iPad Air. But on the inside, it's an updated iPad mini 4, the team wrote.
On opening the tablet up, iFixit discovered a 19.32Wh battery -- the same capacity as the previous-generation iPad mini. But there are some notable changes. The front-facing camera module has been updated to a 7-megapixel Æ'/2.2, like the 10.5-inch iPad Pro. That's a marked improvement over the iPad mini 4. There's also Apple's A12 Bionic system-on-a-chip (the same found in the iPhone XS, XS Max, and XR) with 3GB of LPDDR4X DRAM. The updated microphone array has been moved near the selfie cam, and new ambient light sensors support the True Tone feature, which adjusts the white balance of the display based on ambient light conditions for user comfort. The repair site gave the 2019 iPad mini a score of two out of 10 for repairability. "The only positive cited was that a single Phillips screwdriver can deal with all the screws in the device," Ars reports. "However, replacing the battery is 'unnecessarily difficult,' there's adhesive everywhere, and removing the home button (no small feat) is required in order to replace the screen."Read Replies (0)
By BeauHD from Slashdot's cease-and-desist department
The High Court of Paris has ordered several of the largest French ISPs to block access to the pirate libraries LibGen and Sci-Hub. "The decision is a setback for the sites that have come under increasing pressure, but Sci-Hub founder Alexandra Elbakyan believes that determined researchers are smart enough to find an alternative route to her site," reports TorrentFreak. From the report: Following a complaint from academic publishers Elsevier and Springer Nature, Internet providers Bouygues, Free, Orange, and SFR have been ordered (PDF) to block access to Sci-Hub and LibGen sites for the year to come. In its decision, picked up by Next INpact, the French court ruled that the two sites "clearly claim to be pirate platforms rejecting the principle of copyright and bypassing publishers' subscription access portals."
The court order targets a total of 57 domain names, including various mirror sites. The academic publishers had asked the court for a more flexible blocklist, which they could update whenever new domains would become available, but this was denied. If the publishers want to expand the blocklist, they will have to go back to court. This ensures that there remains judicial oversight over local website blockades. Also, a request for a specific IP-address block was denied. The court sided with the ISPs, who argued that they should have the freedom to choose their own blocking method, including DNS blocking. That does mean, however, that the ISPs will also have to bear the costs. "The blockade will have some effect, though not very profound," says Sci-Hub founder Alexandra Elbakya. "The people who are using Sci-Hub because they need access to research can still unblock it using VPN, TOR and etc."Read Replies (0)
By BeauHD from Slashdot's cause-and-effect department
An anonymous reader quotes a report from The Verge: Google said today that it would require its extended, non-employee workforce in the United States receive comprehensive health care coverage, a $15 minimum wage, and 12 weeks of parental leave. The move follows protests from employees and other workers at Google who have pushed the company to offer more benefits. Google relies on a massive staff of temporary, vendor, and contract workers, many of whom are supplied by third parties and aren't offered the same benefits as full Google employees. The disparity has led to calls for better conditions for the workers. Today, The Guardian reported that more than 900 employees have signed a letter supporting temporary workers whose contracts for work on Google Assistant were shortened.
In a statement announcing the changes, Google said it would require companies that provide temporary and vendor staff to offer health care benefits, including mental health, pediatric, oral, and dental services, as well as a minimum of eight paid days of sick leave. Workforce providers will also be required to pay workers at least $15 per hour and offer $5,000 per year in tuition reimbursement. The wage requirements will go into effect at the end of the year, Google said, and the health care requirements will start before 2022. The Tech Workers Coalition, which has organized tech industry workers, criticized that timeline. "Changes announced today apply to no one working right now -- but workers can't wait years to pay rent, see doctors and care for their families," the organization said in a tweet.Read Replies (0)
By msmash from Slashdot's for-kids department
Lego Education, the education-focused arm of the veteran Denmark company, is making its biggest product debut in three years, unveiling Spike Prime, a new kit that aims to mix the company's familiar bricks with motors, sensors and introductory coding lessons. The company is targeting kids aged between 11 to 14. From a report: Lego Mindstorms have been around for years. The Mindstorms EV3 robotics kit remains a staple of many learning centers and robotics classrooms. Lego's newest kit looks more like Lego Boost, a programmable kit that aimed to win over families in 2017 and was compatible with regular Lego bricks. It's compatible with Lego Boost, Lego Technic sets and classic Lego pieces, but not with Lego's previous Mindstorms accessories. Lego Mindstorms EV3 is remaining alongside Lego Spike Prime in Lego Education's lineup, and looks like it's aiming more at the high school crowd, while Lego Spike Prime could bridge to that higher-end projects.
The Spike Prime set is created specifically for grades six to eight. It uses an app that uses visual Scratch programming and aims to adopt the Python programming language by the end of the year, according to Lego Education executives. The robots made by Spike Prime look cute, and Lego Boost-like, but not necessarily as complicated as some Mindstorm kits. The central processing hub that drives the Lego Spike Prime robotics creations has six input and output ports, and connects with sensors including an RGB color and light sensor, a force-sensitive touch sensor, and an ultrasonic distance sensor for measurement and navigation.Read Replies (0)
By msmash from Slashdot's everything-is-awesome department
The spectre of superintelligent machines doing us harm is not just science fiction, technologists say -- so how can we ensure AI remains 'friendly' to its makers? From a story: Jaan Tallinn (co-founder of Skype) warns that any approach to AI safety will be hard to get right. If an AI is sufficiently smart, it might have a better understanding of the constraints than its creators do. Imagine, he said, "waking up in a prison built by a bunch of blind five-year-olds." That is what it might be like for a super-intelligent AI that is confined by humans. The theorist Eliezer Yudkowsky, who has written hundreds of essays on superintelligence, found evidence this might be true when, starting in 2002, he conducted chat sessions in which he played the role of an AI enclosed in a box, while a rotation of other people played the gatekeeper tasked with keeping the AI in. Three out of five times, Yudkowsky -- a mere mortal -- says he convinced the gatekeeper to release him. His experiments have not discouraged researchers from trying to design a better box, however.
The researchers that Tallinn funds are pursuing a broad variety of strategies, from the practical to the seemingly far-fetched. Some theorise about boxing AI, either physically, by building an actual structure to contain it, or by programming in limits to what it can do. Others are trying to teach AI to adhere to human values. A few are working on a last-ditch off-switch. One researcher who is delving into all three is mathematician and philosopher Stuart Armstrong at Oxford University's Future of Humanity Institute, which Tallinn calls "the most interesting place in the universe." (Tallinn has given FHI more than $310,000.) Armstrong is one of the few researchers in the world who focuses full-time on AI safety. When I asked him what it might look like to succeed at AI safety, he said: "Have you seen the Lego movie? Everything is awesome."Read Replies (0)