Government

Canadian Government Teams With Facebook To Protect Election Integrity (vice.com) 48

An anonymous reader quotes Motherboard: There are nearly as many Canadians who use Facebook daily as there are people in this country who are registered to vote -- which is why the federal government is working with Facebook to protect its next federal election... Facebook is now facing perhaps its biggest test as it looks to curb foreign electoral interference and the rampant disinformation on its platform, both of which undermine the nature of democracy. Facebook Canada's election integrity project includes a partnership with a local digital news media literacy organization MediaSmarts, as well as a "cyberhygiene guide" that highlights particular vulnerabilities such as phishing and page-admin authentication. Facebook also has a crisis email line to help politicians and parties with hacking concerns... Kevin Chan, Facebook Canada's head of public policy, said the social media company is working on preventing bad actors from interfering with the democratic process. "At Facebook we take our responsibilities seriously," Chan said. "We don't want anyone to use our tools to undermine democracy."
At the launch of "the Canadian Election Integrity Initiative," Canada's Minister of Democratic Institutions argued that social media sites "must begin to view themselves as actors in shaping the democratic discourse."

The article points out Facebook "has promised to hire thousands of workers globally to help review flagged and suspicious content, as well as use machine learning to identify suspicious patterns of behavior on its platform."
Botnet

2 Million IoT Devices Enslaved By Fast-Growing BotNet (bleepingcomputer.com) 65

An anonymous reader writes: Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper, researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, routers, network-attached storage (NAS) devices, network video recorders (NVRs), and digital video recorders (DVRs), primarily from vendors such as Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link, and Synology.

The botnet reuses some Mirai source code, but it's unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet's author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there.

Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that "This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."
Media

Body Camera Giant Wants Police To Collect Your Videos Too (fastcompany.com) 58

tedlistens shares a report from Fast Company: Axon, the police supplier formerly known as Taser and now a leading maker of police body cameras, has also charged into police software with a service that allows police to manage and eventually analyze increasingly large caches of video, like a Dropbox for cops. Now it wants to add the public's video to the mix. An online tool called Citizen, set to launch later this year, will allow police to solicit the public for photos or video in the aftermath of suspected crimes and ingest them into Axon's online data platform. Todd Basche, Axon's executive vice president for worldwide products, said the tool was designed after the company conducted surveys of police customers and the public and found that potentially valuable evidence was not being collected. "They all pointed us to the need to collect evidence that's out there in the community."

[But] systems like Citizen still raise new privacy and policy questions, and could test the limits of already brittle police-community relations. Would Citizen, for instance, also be useful for gathering civilian evidence of incidents of police misconduct or brutality? [And how would ingesting citizen video into online police databases, like Axon's Evidence.com, allow police to mine it later for suspicious activity, in a sort of dragnet fashion?] "It all depends," says one observer, "on how agencies use the tool."

Security

Student Expelled After Using Hardware Keylogger to Hack School, Change Grades (bleepingcomputer.com) 134

Catalin Cimpanu, writing for BleepingComputer: Kansas University (KU) officials have expelled a student for installing a hardware keylogger and using the data acquired from the device to hack into the school's grading system and chang his grades. KU did not release the student's name to the public, but they said the keystroke logging device had been installed on one of the computers in its lecture halls. The student used data collected from the device to change F grades into A grades. Professors said the incident would not have been noticed if the student didn't get greedy about modifications. The hardware device the student used was a run-of-the-mill hardware keylogger that anyone can buy on Amazon or eBay for prices as low as $20. Speaking to local media, various KU professors said they hope not to see any copycats in the near future.
Facebook

Facebook Security Chief Says Its Corporate Network Is Run 'Like a College Campus' (zdnet.com) 83

An anonymous reader quotes a report from ZDNet: Facebook's security chief has told employees that the social media giant needs to improve its internal security practices to be more akin to a defense contractor, according to a leaked recording obtained by ZDNet. Alex Stamos made the comments to employees at a late-July internal meeting where he argued that the company had not done enough to respond to the growing threats that the company faces, citing both technical challenges and cultural issues at the company. "The threats that we are facing have increased significantly and the quality of the adversaries that we are facing," he said. "Both technically and from a cultural perspective I don't feel like we have caught up with our responsibility. The way that I explain to [management] is that we have the threat profile of a Northrop Grumman or a Raytheon or another defense contractor, but we run our corporate network, for example, like a college campus, almost," he said.
Chrome

Chrome 62 Released With OpenType Variable Fonts, HTTP Warnings In Incognito Mode (bleepingcomputer.com) 79

An anonymous reader writes: Earlier today, Google released version 62 of its Chrome browser that comes with quite a few new features but also fixes for 35 security issues. The most interesting new features are support for OpenType variable fonts, the Network Quality Estimator API, the ability to capture and stream DOM elements, and HTTP warnings for the browser's Normal and Incognito mode. The most interesting of the new features is variable fonts. Until now, web developers had to load multiple font families whenever they wanted variations on a font family. For example, if a developer was using the Open Sans font family on a site, if he wanted a font variation such as Regular, Bold, Black, Normal, Condensed, Expanded, Highlight, Slab, Heavy, Dashed, or another, he'd have to load a different font file for each. OpenType variable fonts allow font makers to merge all these font family variations in one file that developers can use on their site and control via CSS. This results in fewer files loaded on a website, saving bandwidth and improving page load times. Two other features that will interest mostly developers are the Network Quality Estimator and the Media Capture from DOM Elements APIs. As the name hints, the first grants developers access to network speed and performance metrics, information that some websites may use to adapt video streams, audio quality, or deliver low-fi versions of their sites. Developers can use the second API -- the Media Capture from DOM Elements -- to record videos of how page sections behave during interaction and stream the content over WebRTC. This latter API could be useful for developers debugging a page, but also support teams that want to see what's happening on the user's side.
Android

Android Oreo Helps Google's Pixel 2 Smartphones Outperform Other Android Flagships (hothardware.com) 86

MojoKid highlights Hot Hardware's review of Google's new Pixel 2 and Pixel 2 XL smartphones: Google officially launched it's Pixel 2 phones today, taking the wraps off third-party reviews. Designed by Google but manufactured by HTC (Pixel 2) and LG (Pixel 2 XL), the two new handsets also boast Google's latest Android 8.0 operating system, aka Oreo, an exclusive to Google Pixel and certain Nexus devices currently. And in some ways, this is also a big advantage. Though they are based on the same Qualcomm Snapdragon 835 processor as many other Android devices, Google's new Pixel 2s manage to outpace similarly configured smartphones in certain benchmarks by significant margins (Basemark, PCMark and 3DMark). They also boot dramatically faster than any other Android handset on the market, in as little as 10 seconds. Camera performance is also excellent, with both the 5-inch Pixel 2 and 6-inch Pixel 2 XL sporting identical electronics, save for their displays and chassis sizes. Another notable feature built into Android Oreo is Google Now Playing, an always-listening, Shazam-like service (if you enable it) that displays song titles on the lock screen if it picks up on music playing in the room you're in. Processing is done right on the Pixel 2 and it doesn't need network connectivity. Another Pixel 2 Oreo-based trick is Google Lens, a machine vision system that Google notes "can recognize places like landmarks and buildings, artwork that you'd find in a museum, media covers such as books, movies, music albums, and video games..." The Google Pixel 2 and Pixel 2 XL are available now on Verizon or unlocked via the Google Store starting at $649 and $849 respectively for 64GB storage versions, with a $100 up-charge for 128GB variants.
Piracy

Netflix, Amazon, Movie Studios Sue Over TickBox Streaming Device (arstechnica.com) 131

Movies studios, Netflix, and Amazon have teamed up to file a lawsuit against a streaming media player called TickBox TV. The device in question runs Kodi on top of Android 6.0, and searches the internet for streams that it can make available to users without actually hosting any of the content itself. An anonymous reader quotes a report from Ars Technica: The complaint (PDF), filed Friday, says the TickBox devices are nothing more than "tool[s] for mass infringement," which operate by grabbing pirated video streams from the Internet. The lawsuit was filed by Amazon and Netflix Studios, along with six big movie studios that make up the Motion Picture Association of America: Universal, Columbia, Disney, Paramount, 20th Century Fox, and Warner Bros.

"What TickBox actually sells is nothing less than illegal access to Plaintiffs' copyrighted content," write the plaintiffs' lawyers. "TickBox TV uses software to link TickBox's customers to infringing content on the Internet. When those customers use TickBox TV as Defendant intends and instructs, they have nearly instantaneous access to multiple sources that stream Plaintiffs' Copyrighted Works without authorization." The device's marketing materials let users know the box is meant to replace paid-for content, with "a wink and a nod," by predicting that prospective customers who currently pay for Amazon Video, Netflix, or Hulu will find that "you no longer need those subscriptions." The lawsuit shows that Amazon and Netflix, two Internet companies that are relatively new to the entertainment business, are more than willing to join together with movie studios to go after businesses that grab their content.

United States

Smartphones Are Killing Americans, But Nobody's Counting (bloomberg.com) 412

An anonymous reader shares a Bloomberg report: Over the past two years, after decades of declining deaths on the road, U.S. traffic fatalities surged by 14.4 percent. In 2016 alone, more than 100 people died every day in or near vehicles in America, the first time the country has passed that grim toll in a decade. Regulators, meanwhile, still have no good idea why crash-related deaths are spiking: People are driving longer distances but not tremendously so; total miles were up just 2.2 percent last year. Collectively, we seemed to be speeding and drinking a little more, but not much more than usual. Together, experts say these upticks don't explain the surge in road deaths. There are however three big clues, and they don't rest along the highway. One, as you may have guessed, is the substantial increase in smartphone use by U.S. drivers as they drive. From 2014 to 2016, the share of Americans who owned an iPhone, Android phone, or something comparable rose from 75 percent to 81 percent. The second is the changing way in which Americans use their phones while they drive. These days, we're pretty much done talking. Texting, Twitter, Facebook, and Instagram are the order of the day -- all activities that require far more attention than simply holding a gadget to your ear or responding to a disembodied voice. By 2015, almost 70 percent of Americans were using their phones to share photos and follow news events via social media. In just two additional years, that figure has jumped to 80 percent.
Government

Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software? (slashdot.org) 308

First, here's the opinion of two former NSA cybersecurity analysts (via Consumer Reports): "It's a big deal," says Blake Darche, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. "For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn't recommend running Kaspersky." By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server. "One of the things people don't realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting," says Chris O'Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria.
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."

And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."

Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?
Bitcoin

Julian Assage Taunts US Government For Forcing Wikileaks To Invest In Bitcoin (facebook.com) 195

Saturday's tweet from Julian Assange says it all: "My deepest thanks to the US government, Senator McCain and Senator Lieberman for pushing Visa, MasterCard, PayPal, AmEx, Moneybookers, et al, into erecting an illegal banking blockade against @WikiLeaks starting in 2010. It caused us to invest in Bitcoin -- with > 50000% return."
Assange's tweet was accompanied by a graph showing the massive spike in the price of bitcoin -- though most of that growth occurred in the last year.
Chrome

Microsoft Edge Beats Chrome and Firefox in Malware-Blocking Tests (computerworld.com) 126

An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.

Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%.

The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers. But in the real world, Edge runs on just 5% of all personal computers, while Firefox runs on 13% and Chrome on 60%.
Communications

Russia Reportedly Used Pokemon Go In an Effort To Inflame Racial Tensions (theverge.com) 211

An anonymous reader quotes a report from The Verge: Russia's far-ranging campaign to promote dissension in the United States reportedly included an effort to weaponize Pokemon Go. CNN reported that in July 2016, a Tumblr page linked to Russia's now-notorious Internet Research Agency promoted a contest encouraging people sympathetic to the Black Lives Matter movement to play the game near famous sites of police brutality. Players were told to change their characters' names to the victims of those incidents -- an apparent effort to inflame racial tensions. The Tumblr page was linked to Do Not Shoot Us, a multi-platform campaign designed to mimic aspects of Black Lives Matter. (As CNN notes, the name plays on "hands up, don't shoot," one of the movement's slogans.) Do Not Shoot Us included a website, donotshoot.us, along with related pages on Facebook, Instagram, Twitter, and YouTube. The Facebook page was one of 470 pages that were removed after the company determined that it was linked to Russian groups attempting to interfere in US politics.
Software

PornHub Uses Computer Vision To ID Actors, Acts In Its Videos (techcrunch.com) 135

Baron_Yam shares a report from TechCrunch, which details PornHub's use of machine learning to ID actors and acts in its videos: The computer vision system can identify specific actors in scenes and even identifies various positions and attributes. While it is obviously very difficult to describe the feature set for a family audience, the system can identify individual performers in real time -- in the demo here it recognizes one performer even from the side -- and it can also identify sex acts. Facial detection is nothing new, even for mobile devices, but this system goes one step further by categorizing videos and images based on various attributes. This means you'll be able find favorites by name or characteristics, a feat that once require prodigious amounts of data entry.

"So far we've used the model on about 500k featured videos which includes user submitted and we plan to scan the whole library in the beginning of 2018," said Price. "Very shortly, the technology will also be used to detect various sex positions / categories and be able to properly tag them as well."

Television

Hulu Lowers Prices After Netflix Raises Theirs (variety.com) 108

Coincidentally, as Netflix raised their prices last week, Hulu decided to lower theirs. The streaming service is now offering a plan, which includes commercials, for $5.99 per month for the first year -- a short-term promotion aimed at luring new subs with the kickoff of the fall television and Hulu's expanded TV library lineup. Variety reports: Hulu's special offer for the limited-commercials plan is available through Jan. 9, 2018, only to new or returning Hulu subs. After one year, the regular $7.99 monthly price will kick in. Hulu offers a commercial-free option for $12 per month, and a live TV service (which includes access to original series like Emmy-winning "The Handmaid's Tale" and on-demand titles) for $40 monthly. A Hulu rep said the company's new promo is intended to draft off the fall 2017 TV season. As it looks for another original series on the order of "Handmaid's Tale" -- so far its only breakout hit -- Hulu has inked deals to bring thousands of current and older TV shows to the platform to armor-up in its battle with rivals Netflix and Amazon Prime.
Media

Windows 10 Update Removes Windows Media Player (betanews.com) 255

Recently made available Windows 10 update KB4046355 for the Fall Creators Update disables Windows Media Player from the operating system. BetaNews reports: While it could be argued that Windows Media Player is no longer an essential addition to Windows -- there are plenty of quality third-party alternatives, such as VLC Media Player, not to mention the Films & TV app in Windows 10 itself -- many users still rely on it. The feature's removal came to light when users installed KB4046355 on devices running Windows 10 version 1709 -- the Fall Creators Update. This update, referred to as FeatureOnDemandMediaPlayer, removes Windows Media Player from the OS, although it doesn't kill access to it entirely. If you want the media player back you can install it via the Add a Feature setting. Open Settings, go to Apps > Apps & Features, and click on Manage optional features.
China

Chinese State Media Report Bloated Battery in Apple's iPhone 8 (reuters.com) 36

A fresh case of Apple's new iPhone popping open due to a swollen battery has been reported in state media in China, the world's biggest smartphone market where the U.S. firm is seeking to revive faltering sales. From a report: The incident comes as Apple investigates similar cases reported in Taiwan and Japan of batteries in its latest iPhone 8 Plus becoming bloated, causing the device's casing to open. On its website on Thursday, China's state-backed ThePaper.cn cited an iPhone buyer surnamed Liu as saying his newly purchased iPhone 8 Plus arrived cracked open on Oct. 5. There was no sign of scorching or an explosion. Liu told ThePaper he bought the handset through online marketplace of JD.com. He said he did not charge the new device and returned it to the seller. The fresh reports comes on the heels of another story last week where Apple claimed that it was looking into a similar matter.
China

Beijing Startup Offers Engineers $1M Salary Plus Options in Battle For Talent (financialpost.com) 119

An anonymous reader shares a Financial Post report: Beijing ByteDance Technology is the brainchild of entrepreneur Zhang Yiming. The company is best known for a mobile app called Jinri Toutiao, or Today's Headlines, which aggregates news and videos from hundreds of media outlets. In five years, the app has become one of the most popular news services anywhere, with 120 million daily users. Toutiao is on pace to pull in about US$2.5 billion in revenue this year, largely from advertising. It was just valued at more than US$20 billion, according to a person familiar with the matter, roughly the same as Elon Musk's SpaceX. In China, the Beijing company is controversial because of its recruiting. ByteDance hires top performers from such giants as Baidu and Tencent Holdings, sometimes raising salaries 50 per cent and tossing in stock options. "Our philosophy is to pay the top of the market to get the best," says the slight 34-year-old in an interview at the company's headquarters, his first with foreign media. "The company that wants to achieve the most, you need the best talent." Top performers can make US$1 million in salary and bonus a year, plus options, according to people familiar with its hiring. Total compensation can exceed US$3 million.
Government

Russian Hackers Exploited Kaspersky Antivirus To Steal NSA Data on US Cyber Defense: WSJ (wsj.com) 223

An NSA contractor brought home highly classified documents that detailed how the U.S. penetrates foreign computer networks and defends against cyberattacks. The contractor used Kaspersky antivirus on his home computer, which hackers working for the Russian government exploited to steal the documents, the WSJ reported on Thursday (the link could be paywalled; alternative source), citing multiple people with knowledge of the matter. From the report: The hackers appear to have targeted the contractor after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said. The theft, which hasn't been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S. The incident occurred in 2015 but wasn't discovered until spring of last year, said the people familiar with the matter. Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said. Ahead of the publication of WSJ report, Kaspersky founder Eugene Kaspersky tweeted, "New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats."
Advertising

Facebook Fought Rules That Could Have Exposed Fake Russian Ads (bloomberg.com) 193

According to Bloomberg, Facebook has for years fought to avoid being transparent about who's behind election-related ads online. "Since 2011, Facebook has asked the Federal Election Commission for blanket exemptions from political advertising disclosure rules -- transparency that could have helped it avoid the current crisis over Russia ad spending ahead of the 2016 U.S. election," reports Bloomberg. From the report: Communications law requires traditional media like TV and radio to track and disclose political ad buyers. The rule doesn't apply online, an exemption that's helped Facebook's self-serve advertising business generate hundreds of millions of dollars in political campaign spots. When the company was smaller, the issue was debated in some policy corners of Washington. Now that the social network is such a powerful political tool, with more than 2 billion users, the topic is at the center of a debate about the future of American democracy. Back in 2011, Facebook argued for the exemption for the same reasons as internet search giant Google: its ads are too small and have a character limit, leaving no room for language saying who paid for a campaign, according to documents on the FEC's website. Some FEC commissioners agreed, while others argued that Facebook could provide a clickable web link to get more information about the ad.

Facebook wouldn't budge. It warned that FEC proposals for more political ad disclosure could hinder free speech in a 2011 opinion written by Marc Elias, a high-powered Democratic lawyer who later became general counsel for Hillary Clinton's 2016 campaign. Colin Stretch, a top Facebook lawyer, said the agency "should not stand in the way of innovation," and warned that such rules would quickly become obsolete. When it came time for the FEC to decide in June 2011, the agency's six commissioners split on a 3-3 vote. Facebook didn't get its exemption, so an advertiser using its platform was still subject to a 2006 ruling by the FEC requiring disclosure. But the company allowed ads to run without those disclaimers, leaving it up to ad buyers to comply.

Slashdot Top Deals