By msmash from Slashdot's security-woes department
An anonymous reader shares a report: When hackers breached companies like Dropbox and LinkedIn in recent years -- stealing 71 and 117 million passwords, respectively -- they at least had the decency to exploit those stolen credentials in secret, or sell them for thousands of dollars on the dark web. Now, it seems, someone has cobbled together those breached databases and many more into a gargantuan, unprecedented collection of 2.2 billion unique usernames and associated passwords, and is freely distributing them on hacker forums and torrents, throwing out the private data of a significant fraction of humanity like last year's phone book.
Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a set of cobbled-together breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2-5, which amounts to 845 gigabytes of stolen data and 25 billion records in all. After accounting for duplicates, analysts at the Hasso Plattner Institute in Potsdam, Germany, found that the total haul represents close to three times the Collection #1 batch.Read Replies (0)
By BeauHD from Slashdot's another-day-another-leak department
An anonymous reader quotes a report from TechCrunch: India's largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions. The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500. But the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers' information.
The passwordless database allowed us to see all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions. The database also contained the customer's partial bank account number. Some would say when a check had been cashed, and many of the bank's sent messages included a link to download SBI's YONO app for internet banking. The bank sent out close to three million text messages on Monday alone. The database also had daily archives of millions of text messages each, going back to December, allowing anyone with access a detailed view into millions of customers' finances. SBI claims more than 500 million customers across the globe with 740 million accounts.Read Replies (0)
By BeauHD from Slashdot's record-profits department
Despite Facebook's recent scandals, such as the site's biggest data breach, the social media company managed to beat Wall Street's estimates in its Q4 earnings. "Facebook hit 2.32 billion monthly users, up 2.2 percent from 2.27 billion last quarter, speeding up its growth rate," reports TechCrunch. "Facebook climbed to 1.52 billion daily active users from 1.49 billion last quarter for a 2 percent growth rate that dwarfed last quarter's 1.36 percent." From the report: Facebook earned $16.91 billion off all those users with a $2.38 GAAP earnings per share. Those numbers handily beat Wall Street's expectations of $16.39 billion in revenue and $2.18 GAAP earnings per share, plus 2.32 billion monthly and 1.51 billion daily active users. Facebook's daily to monthly user ratio, or stickiness, held firm at 66 percent where it's stayed for years, showing those still on Facebook aren't using it much less. Facebook shares had closed today at $150.42 but shot up over 9 percent following the record revenue and profit announcements to hover around $162. A big 30 percent year-over-year boost in average revenue per user in North America fueled those gains. Yet that's still way down from $186 where it was a year ago and a peak of $217 in July.
Facebook's monthly active user plateaued in North America but roared up in Europe. That was shored up by a reversal of last quarter's decline in Rest Of World average revenue per user, which fell 4.7% in Q3 but bounced back with 16.5 percent growth in Q4. Facebook raked in $6.8 billion in profit this quarter as it slowed down hiring and only grew headcount 5 percent from 33,606 to 35,587. It seems Facebook has gotten to a comfortable place with its security staff-up in the wake of election interference, fake news, and content moderation troubles. Its revenue is up 30 percent year-over-year while profits grew 61 percent, which is pretty remarkable for a 15-year old technology company.Read Replies (0)
By BeauHD from Slashdot's no-take-backsies department
An anonymous reader quotes a report from The New York Times: Foxconn, the giant Taiwan-based company that announced plans for a $10 billion display-making factory in Wisconsin, now says it is rethinking the project's focus because of "new realities" in the global marketplace (Warning source may be paywalled; alternative source). The company said Wednesday that it remained committed to creating as many as 13,000 jobs in Wisconsin, and continued to "actively consider opportunities" involving flat-screen technology. But it said it was also "examining ways for Wisconsin's knowledge workers to promote research and development." "The global market environment that existed when the project was first announced has changed," Foxconn said in a statement. "As our plans are driven by those of our customers, this has necessitated the adjustment of plans for all projects, including Wisconsin." But the company said its presence in Wisconsin remained a priority, and said it was "broadening the base of our investment" there. The statement followed a Reuters report quoting Louis Woo, a special assistant to Foxconn's chairman, Terry Gou, as saying that the costs of manufacturing screens for televisions and other consumer products are too high in the United States. "In terms of TV, we have no place in the U.S.," Mr. Woo told Reuters. "We can't compete." Some Wisconsin Republicans blamed the company's change in plans on the election of Gov. Tony Evers, a Democrat, to succeed Mr. Walker, a Republican, in November. In a joint statement, Assembly Speaker Robin Vos and the Senate majority leader, Scott Fitzgerald, said it was "not surprising Foxconn would rethink building a manufacturing plant in Wisconsin under the Evers administration." The lawmakers added: "The company is reacting to the wave of economic uncertainty that the new governor has brought with his administration."Read Replies (0)
By BeauHD from Slashdot's kids-safety department
secwatcher shares a report from Threatpost: A gamut of kids' GPS-tracking watches are exposing sensitive data involving 35,000 children -- including their location, in real time. Researchers from Pen Test Partners specifically took a look at the Gator portfolio of watches from TechSixtyFour. The Gator line had been in the spotlight in 2017 for having a raft of vulnerabilities, called out by the Norwegian Consumers Council in its WatchOut research. "A year on, we decided to have a look at the Gator watch again to see how their security had improved," said Vangelis Stykas, in a Tuesday posting. "Guess what: a train wreck. Anyone could access the entire database, including real-time child location, name, parents' details etc. Not just Gator watches either -- the same back end covered multiple brands and tens of thousands of watches." "At issue was an easy-to-exploit, severe privilege-escalation vulnerability: The system failed to validate that the user had the appropriate permission to take admin control," reports Threatpost. "An attacker with access to the watch's credentials simply needed to change the user level parameter in the backend to an admin designation, which would provide access to all account information and all watch information."Read Replies (0)
By BeauHD from Slashdot's first-of-its-kind department
Samsung has started mass producing what it says is the industry's first one terabyte embedded Universal Flash Storage (eUFS) technology for smartphones. "It will give the company's mobile devices PC-like storage without the need for large-capacity microSD cards," Engadget reports. "It'll be incredibly useful if you use your phone to take tons of photos and HD videos -- Samsung says it's enough to store 260 10-minute videos in 4K UHD." From the report: "The 1TB eUFS is expected to play a critical role in bringing a more notebook-like user experience to the next generation of mobile devices," said Cheol Choi, EVP of Memory Sales & Marketing at Samsung Electronics. As ZDNet notes, Samsung's upcoming flagship devices, such as the S10, will most likely come with a 1TB option thanks to its new eUFS technology. After all, Samsung started mass producing its 512GB storage technology back in December 2017 and then debuted it with its new phones early on in the following year.
In addition to offering massive storage, the new eUFS was also designed to be faster than typical SSDs, microSDs and previous revisions of the technology. It has a 1,000-megabyte-per-second sequential read speed, twice that of the usual SSD and faster than its 512GB predecessor. Despite all those, Samsung says it'll come in the same package size as its 512GB flash memory, so it won't have to make its big phones even bigger.Read Replies (0)
By BeauHD from Slashdot's piracy-enabling-services department
The entertainment industry has shut down Dragon Media Inc.'s "Dragon Box" device, which connects to TVs and lets users watch video without a cable TV or streaming service subscription. According to Ars Technica, the company has "agreed to shut down the Dragon Box services and pay $14.5 million in damages to plaintiffs from the entertainment industry." From the report: Dragon Media was sued in January 2018 by Netflix, Amazon, Columbia Pictures, Disney, Paramount Pictures, Twentieth Century Fox, Universal, and Warner Bros. Dragon Media's lawyer initially predicted that the lawsuit would backfire on the entertainment industry, but the Dragon Box maker must have decided it had little chance of winning at trial. The plaintiffs and defendant filed a proposed settlement Monday at U.S. District Court for the Central District of California.
The settlement requires Dragon Media to "cease all operation of the Dragon Box system" and related services within five days. Under the settlement, "[j]udgment shall be entered against Defendants and in favor of Plaintiffs on Plaintiffs' claims of copyright infringement, and damages shall be awarded to Plaintiffs in the amount of U.S. $14,500,000," the document says. Dragon Media, Dragon Media owner Paul Christoforo, and reseller Jeff Williams "[s]hall be further enjoined from operating any website, system, software, or service that is substantially similar to the Dragon Box service," the settlement says. The settlement also prohibits the defendants from making its source code or other technology available to others.Read Replies (0)
By BeauHD from Slashdot's closing-down-shop department
An anonymous reader quotes a report from Android Police: Google announced its plans to sunset its Google+ social media network for consumers on a sour note in October. The platform, which has a small but dedicated user-base, decided to shut down following Google's acknowledgement of a data exposure that affected up to 500,000 Google+ profiles. Shortly after, in December, the shutdown timeline was expedited due to another, larger bug that had the potential to reveal private user information and impacted approximately 52.5 million users. Now, the company has detailed its shutdown timeline for the consumer version of Google+ -- and it's not wasting any time.
The shutdown timeline is as follows:
- As early as February 4th, you will no longer be able to create new Google+ profiles, pages, communities, or events.
- The Google+ feature for website comments will be removed by Blogger by February 4th and other sites by March 7th. All Google+ comments on all sites will be deleted starting April 2nd.
- Google+ sign-in buttons will stop working in the coming weeks, but in some cases will be replaced by a Google sign-in button.
- Google+ Community owners and moderators who are downloading data from their Community will gain additional data for download starting early March 2019. That includes author, body, and photos for every community post in a public community.
-On April 2nd, all Google+ accounts and pages will be shut down and Google will begin deleting content from consumer Google+ accounts. Photos and videos from Google+ in users' Album Archive and Google+ pages will also be deleted. Photos and videos backed up in Google Photos will not be deleted.Read Replies (0)
By BeauHD from Slashdot's abuse-the-system department
Scammers are reportedly using YouTube's "three strike" system for extortion. "After filing two false claims against [YouTuber ObbyRaidz], scammers contacted him demanding cash to avoid a third -- and the termination of his channel," reports TorrentFreak. From the report: The YouTuber, who concentrates on Minecraft-related videos, reports that he's received two bogus strikes on his account. While this is nothing new, it appears the strikes were deliberately malicious with longer-term plan to extort money from him. "I have been striked twice and basically extorted," ObbyRaidz revealed this morning. "If I don't pay this dude he's going to strike a third one of my videos down."
The alleged scammer contacted ObbyRaidz, who lives in Texas, via Twitter. He or she warned the YouTuber that unless he paid a sum via PayPal or bitcoin, another complaint and therefore a third strike would be added to his account. "Hi Obby, We striked you," the message from "VengefulFlame" begins. "Our request is $150 PayPal or $75 btc (Bitcoin). You may send the money via goods/services if you do not think we will cancel or hold up our end of the deal. "Once we receive our payment, we will cancel both strikes on your channel. Again -- you are free to charge back if we don't but we assure you we will." The YouTuber was then granted "a very short amount of time" to make his decision whether to pay the amount or potentially lose his channel. The YouTuber goes on to say that YouTube has not provided any assistance resolving this problem. "It's very unfortunate and YouTube has not done very much for me. I can't get in contact with them. One of the appeals got denied," he explains.Read Replies (0)
By msmash from Slashdot's up-next department
Apple plans to launch iPhones with a more-powerful 3-D camera as soon as next year, stepping up the company's push into augmented reality, Bloomberg reported Wednesday. From the report: The rear-facing, longer-range 3-D camera is designed to scan the environment to create three-dimensional reconstructions of the real world. It will work up to about 15 feet from the device, the people said. Apple's new system uses a laser scanner, rather than the existing dot-projection technology which doesn't work as well over longer distances, according to the people, who asked not to be identified discussing unreleased features. That's just one of many new features -- including a third, more advanced camera, enhanced photo-capture tools and a more powerful chip -- that Apple plans to include in coming generations of iPhones, the people said.
[...] For 2019, Apple plans successors to the iPhone XS and iPhone XS Max -- code-named D42 and D43 -- and an update to the iPhone XR, said the people. The larger of the new high-end iPhones will have three cameras on the back, and other handsets could eventually come with the upgraded system, too, the people said. [...] Apple's next operating system update, iOS 13, will include a dark mode option for easier nighttime viewing and improvements to CarPlay, the company's in-vehicle software.Read Replies (0)
By msmash from Slashdot's browser-updates department
Following Mozilla's footsteps, Google has released Chrome 72 for Windows, Mac, and Linux. From a report: The release includes code injection blocking and new developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often must make an effort to stay on top of everything available -- as well as what has been deprecated or removed -- most notably, Chrome 72 removes support for Chromecast setup on a computer. To set up a Chromecast, you'll now need to use a mobile device.
As this isn't a major release, there aren't many new features to cover. Chrome 72 for Windows, however, blocks code injections, reducing crashes caused by third-party software. The initiative to block code injections in Chrome started last year, with warnings letting users know that Chrome was fighting back. Those warnings are now gone, and Chrome blocks code injections full stop.Read Replies (0)