Communications

The FCC Is Refusing To Release Emails About Ajit Pai's 'Harlem Shake' Video (vice.com) 6

Posted by BeauHD from the bad-video-ideas dept.
bumblebaetuna writes from a report via Motherboard: On the eve of the net neutrality repeal, just as tensions and public debate over the issue were reaching a fever pitch, someone in the FCC decided it would be a good idea to have chair Ajit Pai ridicule legitimate concerns of internet users with a video featuring an outdated meme and a pizzagate conspiracy theorist. Now, citing the infamous b5 FOIA exemption, the Federal Communications Commission is refusing to release emails related to the planning of the video. The b5 exemption is supposed to protect "inter-agency or intra-agency memorandum or letters which would be privileged in civil litigation," but each agency interprets that meaning differently.
Businesses

Motorola's Modular Smartphone Dream Is Too Young To Die (fastcompany.com) 9

Posted by msmash from the lots-riding-on-it dept.
harrymcc writes: Lots of people have fantasized about modular smartphones, but Motorola introduced one -- the Moto Z -- and actually created an ecosystem of useful add-ons. Now its parent company, Lenovo, has made major cuts at Moto headquarters in Chicago, throwing the future of Moto Mods into doubt. Over at Fast Company, Jared Newman talked to some of the people who have invested energy in this modular platform about why it would be such a shame if Lenovo gave up on the idea.
Microsoft

Microsoft Modifies Open-Source Code, Blows Hole In Windows Defender (theregister.co.uk) 18

Posted by BeauHD from the fork-and-bork dept.
An anonymous reader quotes a report from The Register: A remote-code execution vulnerability in Windows Defender -- a flaw that can be exploited by malicious .rar files to run malware on PCs -- has been traced back to an open-source archiving tool Microsoft adopted for its own use. The bug, CVE-2018-0986, was patched on Tuesday in the latest version of the Microsoft Malware Protection Engine (1.1.14700.5) in Windows Defender, Security Essentials, Exchange Server, Forefront Endpoint Protection, and Intune Endpoint Protection. This update should be installed, or may have been automatically installed already on your device. The vulnerability can be leveraged by an attacker to achieve remote code execution on a victim's machine simply by getting the mark to download -- via a webpage or email or similar -- a specially crafted .rar file while the anti-malware engine's scanning feature is on. In many cases, this analysis set to happen automatically.

When the malware engine scans the malicious archive, it triggers a memory corruption bug that leads to the execution of evil code smuggled within the file with powerful LocalSystem rights, granting total control over the computer. The screwup was discovered and reported to Microsoft by legendary security researcher Halvar Flake, now working for Google. Flake was able to trace the vulnerability back to an older version of unrar, an open-source archiving utility used to unpack .rar archives. Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.
Security

Secret Service Warns of Chip Card Scheme (krebsonsecurity.com) 41

Posted by BeauHD from the heads-up dept.
Brian Krebs reports of a new scheme where new debit cards are intercepted in the mail and the chips on the cards are replaced with chips from old cards. Thieves can then start draining funds from the account as soon as the modified card is activated. The warning comes from the U.S. Secret Service. Krebs on Security reports: The reason the crooks don't just use the debit cards when intercepting them via the mail is that they need the cards to be activated first, and presumably they lack the privileged information needed to do that. So, they change out the chip and send the card on to the legitimate account holder and then wait for it to be activated. The Secret Service memo doesn't specify at what point in the mail process the crooks are intercepting the cards. It could well involve U.S. Postal Service employees (or another delivery service), or perhaps the thieves are somehow gaining access to company mailboxes directly. Either way, this alert shows the extent to which some thieves will go to target high-value customers.
Bitcoin

Coinbase Launches Early-Stage Venture Fund (cnbc.com) 2

Posted by BeauHD from the early-days dept.
Coinbase announced today that it is launching a new incubator fund for early-stage startups. "We're going to invest off our balance sheet into crypto companies," Coinbase President and COO Asiff Hirji told CNBC's "Fast Money" Thursday. "We will invest in companies that are in the space and are aligned with our values." From the report: Profits from the fund will be "de minimis" in the scope of the entire company but the fund is already off to a $15 million start and set to grow, Hirji said. The fund's seed-stage investments, which will begin this week, will help companies and founders in the crypto and blockchain space get off the ground. It's also meant to focus on building relationships within that ecosystem, he said. In order to do that, Coinbase could be investing in its competitors.

"You may also see us invest in companies that ostensibly look competitive with Coinbase," the San Francisco-based company said in a blog post. "We're taking a long term view of the space, and we believe that multiple approaches are healthy and good." Hirji emphasized that Coinbase Ventures is searching for founders, not the next money-making cryptocurrency. "By giving them access to capital we hope that they will grow great businesses," he said. "It's not about investing in the token, it's not about trying to line up tokens that we would put on our exchange."
Australia

UK, Australia Investigating Facebook Amid Cambridge Analytica Data Scandal (go.com) 16

Posted by BeauHD from the cause-and-effect dept.
Both the United Kingdom and Australia said Thursday that they have opened formal investigations into Facebook amid allegations that their citizens' data was improperly shared with Cambridge Analytica. ABC News reports: The Information Commissioner's Office in the U.K. is "looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica. We are also conducting a broader investigation into how social media platforms were used in political campaigning," according to Commissioner Elizabeth Denham. The office will investigate Facebook, along with 29 other organizations that have not been named.

Earlier Thursday, Australia said it had opened a formal investigation into the tech giant amid allegations that Australian users' data was improperly shared with Cambridge Analytica. "Today I have opened a formal investigation into Facebook, following confirmation from Facebook that the information of over 300,000 Australian users may have been acquired and used without authorization," Angelene Falk, Australia's acting information commissioner and acting privacy commissioner, said. According to Falk, Australia will work with international regulatory agencies to investigate whether Facebook violated the country's privacy act. Under Australian law, the commissioner has the power to issue fines of up to $1.6 million to organizations that fail to comply with the act, according to the Australian Broadcasting Corporation. Australia and the U.K. joined the United States and Israel in investigating Facebook's breach of privacy.
Transportation

There's Growing Evidence Tesla's Autopilot Handles Lane Dividers Poorly (arstechnica.com) 114

Posted by BeauHD from the connecting-the-dots dept.
An anonymous reader writes: Within the past week, two Tesla crashes have been reported while Autopilot was engaged, and both involved a Tesla vehicle slamming into a highway divider. One of the crashes resulted in the death of Walter Huang, a Tesla customer with a Model X. The other crash resulted in minor injuries to the driver, thanks largely to a working highway safety barrier in front of the concrete divider. Ars Technica reports on the growing evidence that Tesla's Autopilot handles lane dividers poorly: "The September crash isn't the only evidence that has emerged that Tesla's Autopilot feature doesn't deal well with highway lane dividers. At least two people have uploaded videos to YouTube showing their Tesla vehicles steering toward concrete barriers. One driver grabbed the wheel to prevent a collision, while the other slammed on the brakes. Tesla argues that this issue doesn't necessarily mean that Autopilot is unsafe. 'Autopilot is intended for use only with a fully attentive driver,' a Tesla spokesperson told KGO-TV. Tesla argues that Autopilot can't prevent all accidents but that it makes accidents less likely. There's some data to back this up. A 2017 study by the National Highway Transportation Safety Administration (NHTSA) found that the rate of accidents dropped by 40 percent after the introduction of Autopilot. And Tesla argues that Autopilot-equipped Tesla cars have gone 320 million miles per fatality, much better than the 86 million miles for the average car. These figures don't necessarily settle the debate. That NHTSA figure doesn't break down the severity of crashes -- it's possible that Autopilot prevents relatively minor crashes but is less effective at preventing the most serious crashes. And as some Ars commenters have pointed out, luxury cars generally have fewer fatalities than the average vehicle. So it's possible that Tesla cars' low crash rates have more to do with its wealthy customer base than its Autopilot technology. What we can say, at a minimum, is that there's little evidence that Autopilot makes Tesla drivers less safe. And we can expect Tesla to steadily improve the car's capabilities over time."
Intel

Intel Tells Users to Uninstall Remote Keyboard App Over Unpatched Security Bugs (bleepingcomputer.com) 14

Posted by msmash from the security-woes dept.
Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether. BleepingComputer: The company announced its decision on Tuesday, following the discovery of three security bugs that affect all versions of the Intel Remote Keyboard. This is an Android application that Intel launched in 2015 to allow users to wirelessly control Intel NUC and Intel Compute Stick single-board computers. The bugs, discovered by three different researchers, when exploited, allow a nearby network attacker to inject keystrokes into remote keyboard sessions, and also execute malicious code on the user's Android device.
Bitcoin

Hacker Uses Exploit To Generate Verge Cryptocurrency Out of Thin Air (bleepingcomputer.com) 54

Posted by BeauHD from the turn-water-into-wine dept.
An anonymous reader quotes a report from Bleeping Computer: An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air. The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker's gains. The attack took place yesterday, and initially users thought it was a over "51% attack," an attack where a malicious actor takes control over the more than half of the network nodes, giving himself the power to forge transactions. Nonetheless, users who later looked into the suspicious network activity eventually tracked down what happened, revealing that a mysterious attacker had mined Verge coins at a near impossible speed of 1,560 Verge coins (XVG) per second, the equivalent of $78/s. The malicious mining lasted only three hours, according to the Verge team. According to users who tracked the illegally mined funds on the Verge blockchain said the hacker appears to have made around 15.6 million Verge coins, which is around $780,000.
Operating Systems

Microsoft Will Bring 64-Bit App Support To ARM-Based PCs In May (engadget.com) 48

Posted by BeauHD from the coming-soon dept.
Microsoft's general manager for Windows, Erin Chappie, told Engadget today that an SDK for ARM64 apps will be announced at the upcoming Build developer's conference in May. From the report: With the new SDK, developers would be able to natively recompile their apps to run in 64-bit on ARM-based PCs like the ASUS NovaGo. This opens up app support for the platform, which previously only supported 32-bit apps. The potentially greater app compatibility is welcome, since this was one of the biggest drawbacks of Windows on Snapdragon devices. But whether you'll get the higher performance that you'd typically expect out of 64-bit apps will depend on the Snapdragon 835 CPU that powers the current generation of the PCs in question. Connected PCs ship with Windows 10 S, but Microsoft has been offering free upgrades to Windows 10 Pro through 2019, making the OS more familiar and versatile. The ARM 64 SDK will be available for both Store apps and desktop versions (.exes). Ultimately, it'll be up to developers to decide whether they want to go to the trouble of recompiling their apps for Windows on Snapdragon, but Microsoft at least appears to be making strides in creating as open and useful a platform as possible.
Google

Google Turns To Users To Improve Its AI Chops Outside the US (wired.com) 19

Posted by msmash from the interesting-moves dept.
Google is betting that algorithms that understand images and text will draw business to its cloud services, make augmented reality popular, and prompt us to search using our smartphone cameras. From a report: The search company's machine learning systems work best on material from a few rich parts of the world, like the US. They stumble more frequently on data from less affluent countries -- particularly emerging economies like India that Google is counting on to maintain its growth. "We have a very sparse training data set from parts of the world that are not the United States and Western Europe," says Anurag Batra, a researcher at Google.

When Batra travels to his native Delhi, he says Google's AI systems become less smart. Now, he leads a project trying to change that. "We can understand pasta very well, but if you ask about pesarattu dosa, or anything from Korea or Vietnam, we're not very good," Batra says. To fix the problem, Batra is tapping the brains and phones of some of Google's billions of users. His team built an app called Crowdsource that asks people to perform quick tasks like checking the accuracy of Google's image-recognition and translation algorithms. Starting this week, the Crowdsource app also asks users to take and upload photos of nearby objects.
Science

Humans Produce New Brain Cells Throughout Their Lives, Say Researchers (theguardian.com) 52

Posted by msmash from the unravelling-mysteries dept.
An anonymous reader shares a report: Humans continue to produce new neurons in a part of their brain involved in learning, memory and emotion throughout adulthood, scientists have revealed, countering previous theories that production stopped after adolescence. The findings could help in developing treatments for neurological conditions such as dementia. Many new neurons are produced in the hippocampus in babies, but it has been a matter of hot debate whether this continues into adulthood -- and if so, whether this rate drops with age as seen in mice and nonhuman primates. Although some research had found new neurons in the hippocampus of older humans, a recent study scotched the idea, claiming that new neurons in the hippocampus were at undetectable levels by our late teens.
Businesses

Online Gaming Could Be Stalled by Net Neutrality Repeal, ESA Tells Court (arstechnica.com) 132

Posted by msmash from the fighting-back dept.
A video game industry lobby group is joining the lawsuit that seeks to reinstate net neutrality rules in the US, saying that the net neutrality repeal could harm multiplayer online games that require robust Internet connections. From a report: The Entertainment Software Association (ESA) yesterday filed a motion for leave to intervene so that it can support the case against the Federal Communications Commission. The lawsuit, filed by a mix of Democratic state attorneys general, tech companies such as Mozilla, and consumer advocacy groups, seeks to reverse the FCC's December 2017 vote to eliminate net neutrality rules. The ESA said its members will be harmed by the repeal "because the FCC's Order permits ISPs to take actions that could jeopardize the fast, reliable, and low-latency connections that are critical to the video game industry."
Facebook

Facebook Was in Talks With Top Hospitals Until Last Month To Share Data of Most Vulnerable Patients (cnbc.com) 91

Posted by msmash from the things-Facebook-does dept.
Facebook was in talks with top hospitals and other medical groups as recently as last month about a proposal to share data about the social networks of their most vulnerable patients, CNBC reported on Thursday. From the story: Facebook was intending to match it up with user data it had collected, and help the hospitals figure out which patients might need special care or treatment. The proposal never went past the planning phases and has been put on pause after the Cambridge Analytica data leak scandal raised public concerns over how Facebook and others collect and use detailed information about Facebook users. "This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone's data," a Facebook spokesperson told CNBC. But as recently as last month, the company was talking to several health organizations, including Stanford Medical School and American College of Cardiology, about signing the data-sharing agreement.
Security

Malware Attack on Vendor To Blame for Delta and Sears Data Breach Affecting 'Hundreds of Thousands' of Customers (gizmodo.com) 28

Posted by msmash from the closer-look dept.
Delta Air Lines and Sears Holding on Thursday disclosed a data breach that may have exposed the payment card details of hundreds of thousands of online customers. From a report: The breach originated at a software vendor called [24]7, which provides Sears, Delta, and other businesses with online chat services. Less than 100,000 Sears customers were supposedly impacted, according to Sears. A Delta spokesperson said hundreds of thousands of travelers are potentially exposed. Gizmodo has learned the breach was the result of a malware attack, and that the unauthorized access involved payment card numbers, CVV numbers, and expiration dates, in addition to customers' names and addresses.

In a statement, [24]7 said the breach occurred on September 27th of last year and was contained roughly two weeks later. In a statement, Sears said it was first notified about the breach in mid-March. Credit card companies have been notified, and law enforcement is likewise investigating the incident. "Customers using a Sears-branded credit card were not impacted," Sears said. "In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible."

Slashdot Top Deals