Privacy

Let's Encrypt Hits New Milestone: Over 100,000,000 Certificates Issued (letsencrypt.org) 1

Josh Aas, the executive director of Internet Security Research Group (ISRG) writing for Let's Encrypt: Let's Encrypt, a free, automated, and open certificate authority has reached a milestone: we've now issued more than 100,000,000 certificates. This number reflects at least a few things: First, it illustrates the strong demand for our services. We'd like to thank all of the sysadmins, web developers, and everyone else managing servers for prioritizing protecting your visitors with HTTPS. Second, it illustrates our ability to scale. I'm incredibly proud of the work our engineering teams have done to make this volume of issuance possible. I'm also very grateful to our operational partners, including IdenTrust, Akamai, and Sumo Logic. Third, it illustrates the power of automated certificate management. If getting and managing certificates from Let's Encrypt always required manual steps there is simply no way we'd be able to serve as many sites as we do. The total number of certificates we've issued is an interesting number, but it doesn't reflect much about tangible progress towards our primary goal: a 100% HTTPS Web.
Security

Hacks Raise Fear Over NSA's Hold on Cyberweapons (nytimes.com) 27

Nicole Perlroth, and David Sanger, writing for The New York Times: Twice in the past month, National Security Agency cyberweapons stolen from its arsenal have been turned against two very different partners of the United States -- Britain and Ukraine. The N.S.A. has kept quiet, not acknowledging its role in developing the weapons (alternative source). White House officials have deflected many questions, and responded to others by arguing that the focus should be on the attackers themselves, not the manufacturer of their weapons. But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands. On Wednesday, the calls for the agency to address its role in the latest attacks grew louder, as victims and technology companies cried foul. Representative Ted Lieu, a California Democrat and a former Air Force officer who serves on the House Judiciary and Foreign Affairs Committees, urged the N.S.A. to help stop the attacks and to stop hoarding knowledge of the computer vulnerabilities upon which these weapons rely.
Businesses

The iPhone Turns 10 (economist.com) 109

"Every once in awhile a revolutionary product comes along that changes everything," said co-founder and former Apple CEO Steve Jobs, as he kickstarted the iPhone keynote. Ten years ago, thousands of people around the world listened to him in a mock turtleneck talk about a phone. They liked it so much that they decided to wait outside Apple stores for hours on end to buy one. Little did anyone know the phone -- called the iPhone -- would go on to revolutionize, in the truest sense of the word, the smartphone industry as we know it.

From an Economist article: No product in recent history has changed people's lives more. Without the iPhone, ride-hailing, photo-sharing, instant messaging and other essentials of modern life would be less widespread. Shorn of cumulative sales of 1.2bn devices and revenues of $1trn, Apple would not hold the crown of the world's largest listed company. Thousands of software developers would be poorer, too: the apps they have written for the smartphone make them more than $20bn annually. Here's how some journalists saw the original iPhone. David Pogue, writing for the New York Times: But even in version 1.0, the iPhone is still the most sophisticated, outlook-changing piece of electronics to come along in years. It does so many things so well, and so pleasurably, that you tend to forgive its foibles. Walt Mossberg, writing for the Wall Street Journal: Expectations for the iPhone have been so high that it can't possibly meet them all. It isn't for the average person who just wants a cheap, small phone for calling and texting. But, despite its network limitations, the iPhone is a whole new experience and a pleasure to use. John Gruber's first impressions of the iPhone: The iPhone is 95 percent amazing, 5 percent maddening. I'm just blown away by how nice it is -- very thoughtful UI design and outstanding engineering. It is very fun. Jason Snell, writing for Macworld: To put it more simply: The iPhone is the real deal. It's a product that has already changed the way people look at the devices they carry in their pockets and purses. After only a few days with mine, the prospect of carrying a cellphone with me wherever I go no longer fills me with begrudging acceptance, but actual excitement. Recode has some charts that show how the iPhone has grown over the years. Here's the primer: 1. The iPhone put the internet in everyone's pocket.
2. The iPhone transformed photography from a hobby to a part of everyday life.
3. The iPhone App Store changed the way software was created and distributed.
4. iPhone apps changed everything, even how people work.
5. The iPhone made Apple the world's most valuable company.
Apple commentator Horace Dediu writing for Asymco: The iPhone is the best selling product ever, making Apple perhaps the best business ever. Because of the iPhone, Apple has managed to survive to a relatively old age. Not only did it build a device base well over 1 billion it engendered loyalty and satisfaction described only by superlatives. To summarize I can offer two numbers:
1. 1,162,796,000 iPhones sold (to end of March 2017).
2. $742,912,000,000 in revenues. $1 trillion will be reached in less than 18 months.
In closing, security researcher Mikko Hypponen tweeted, "iPhone is 10 years old today. After 10 years, not a single serious malware case. It's not just luck; we need to congratulate Apple on this."
Security

WikiLeaks Dump Reveals CIA Malware For Tracking Windows Devices Via WiFi Networks (bleepingcomputer.com) 55

WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool's 42-page manual, the tool's name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports: Step 1: CIA operative configures ELSA implant (malware) based on a target's environment. This is done using a tool called the "PATCHER wizard," which generates the ELSA payload, a simple DLL file.
Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim's PC.
Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network.
Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information.
Step 5: The CIA operative connects to the target's computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools.
Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy.

Education

How Silicon Valley Pushed Coding Into American Classrooms 95

theodp writes: Noting that Apple CEO Tim Cook's advice for President Trump at last week's White House gathering of the Tech Titans was that "coding should be a requirement in every public school," the New York Times examines How Silicon Valley Pushed Coding Into American Classrooms (Warning: source may be paywalled). "The Apple chief's education mandate was just the latest tech company push for coding courses in schools," writes Natasha Singer. "But even without Mr. Trump's support, Silicon Valley is already advancing that agenda -- thanks largely to the marketing prowess of Code.org, an industry-backed nonprofit group." Singer continues: "In a few short years, Code.org has raised more than $60 million from Microsoft, Facebook, Google and Salesforce, along with individual tech executives and foundations. It has helped to persuade two dozen states to change their education policies and laws, Mr. Hadi Partovi, co-founder of Code.org, said, while creating free introductory coding lessons, called Hour of Code, which more than 100 million students worldwide have tried. Along the way, Code.org has emerged as a new prototype for Silicon Valley education reform: a social-media-savvy entity that pushes for education policy changes, develops curriculums, offers online coding lessons and trains teachers -- touching nearly every facet of the education supply chain. The rise of Code.org coincides with a larger tech-industry push to remake American primary and secondary schools with computers and learning apps, a market estimated to reach $21 billion by 2020." Singer also mentions Apple's work to spread computer science in schools. The company launched a free app last year called Swift Playgrounds to teach basic coding in Swift, as well as a yearlong curriculum for high schools and community colleges to teach app design in Swift.
Medicine

Research Finds 1 In 3 American Cats and Dogs Are Overweight (arstechnica.com) 106

After surveying 2.5 million dogs and 500,000 cats in the U.S. last year, a group of researchers found that about one in three were overweight or obese. "Looking over data from the last decade, the researchers say the new figures reveal a 169-percent increase in hefty felines and a 158-percent increase in chunky canines," reports Ars Technica. From the report: All the data is from researchers at Banfield, which runs a chain of veterinary hospitals across 42 states. The researchers surveyed animals that checked into one of Banfield's 975 locations, putting them through a five-point physical and visual exam. Animals were considered overweight if their ribs were not clearly visible or easily felt and if their waists were also hard to see. Pets were dubbed obese if their ribs couldn't be felt at all and they had no visible waist. As in humans, being overweight makes pets more prone to chronic health conditions. Also similar to humans, doctors blame pets' weight problems on overfeeding and lack of exercise. Other contributing factors include genetics and health issues such as arthritis, which can make play painful. Last, some pet owners may not be able to spot weight issues in their pets -- particularly because so many more dogs and cats are now overweight, making chubby pets the new norm. Dog breeds with the highest prevalence of obesity are Labrador Retrievers, Cairn Terriers, and Cocker Spaniels, the researchers report. For cats, the fattest breeds are Manx and Maine Coons.
Earth

Mayors of 7,400 Cities Vow To Meet Obama's Climate Commitments (theguardian.com) 208

An anonymous reader quotes a report from The Guardian: Mayors of more than 7,400 cities across the world have vowed that Donald Trump's decision to withdraw from the Paris accord will spur greater local efforts to combat climate change. At the first meeting of a "global covenant of mayors," city leaders from across the US, Europe and elsewhere pledged to work together to keep to the commitments made by Barack Obama two years ago. Cities will devise a standard measurement of emission reductions to help them monitor their progress. They will also share ideas for delivering carbon-free transport and housing. Kassim Reed, the mayor of Atlanta, told reporters he had travelled to Europe to "send a signal" that US states and cities would execute the policies Obama committed to, whether the current White House occupants agreed or not. Reed, whose administration has promised that the city of Atlanta will use 100% renewable energy by 2035, said 75% of the US population and GDP lay in urban areas, where local leaders were committed to fighting climate change. "We have the ability to still achieve between 35% and 45% CO2 emission reductions without the involvement of the national government and it is why I chose to be here at this time to send a signal to 7,400 cities around the world that now should be a time of optimism, passion and action," he said.
Security

London Metropolitan Police's 18,000 Windows XP PCs Is a Disaster Waiting To Happen (mspoweruser.com) 191

According to MSPoweruser, the London Metropolitan Police are still using around 18,000 PCs powered by Windows XP, an operating system Microsoft stopped supporting in 2014. What's more is that the police force is upgrading its PCs from Windows XP to Windows 8.1, instead of Windows 10. Only 8 PCs at the police force are reportedly powered by the "most secure version of Windows right now." From the report: From the looks of things, the London Metropolitan Police will continue to upgrade their systems to Windows 8.1 at the moment. Windows 8.1 is still being supported by Microsoft, although the mainstream support for the OS is set to end on the 9 January 2018. Microsoft will offer extended support for the OS until 2023, which means Windows 8.1 is still a much more secure alternative for the Metropolitan Police than Windows XP. Windows 10 still would have been the best option in terms of security, however. Microsoft is releasing security updates for the OS every month, and the new advanced security features like Windows Defender Advanced Threat Protection makes PCs running Windows a whole lot more secure. The spokesman of the 0Conservative London Assembly said in a statement: "The Met is working towards upgrading its software, but in its current state it's like a fish swimming in a pool of sharks. It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications."
Beer

Researchers Create New Probiotic Beer That Boosts Immunity (upi.com) 73

randomErr writes: A new patent has been filed for a innovative brewing technique that incorporates a live strain of good bacteria into the brewing process. Researchers at NUS (National University of Singapore) have created a probiotic sour beer that may boost immunity and improve gut health. The bacteria Lactobacillus paracasei L26 is capable of neutralizing toxins and viruses and regulating the immune system. Chan Mei Zhi Alcine, of the Food Science and Technology Program at NUS said, "While good bacteria are often present in food that have been fermented, there are currently no beers in the market that contain probiotics. Developing sufficient counts of live probiotics in beer is a challenging feat as beers contain hop acids that prevent the growth and survival of probiotics. As a believer of achieving a healthy diet through consuming probiotics, this is a natural choice for me when I picked a topic for my final-year project."
Books

O'Reilly No Longer Selling Individual Books, Videos Online 66

dovf writes: Just got an email from O'Reilly Media that as of today, they are no longer selling individual books or videos online -- rather, they are encouraging people to sign up for Safari. They are continuing to publish books and videos, "and you'll still be able to buy them at Amazon and other retailers." They also make it clear that we will not lose access to already-purchased content, updates to such content, etc. More details can be found in the FAQ. No mention, though, of whether the content sold at these other retailers will remain DRM-free... From the FAQ: "You can buy all of the books (ebooks and print) at shop.oreilly.com from Amazon and other digital and bricks-and-mortar retailers. We're no longer selling individual books and videos via shop.oreilly.com -- but we are definitely continuing to publish books and videos on the topics you need to know. And of course, every O'Reilly book and video (including O'Reilly conference sessions) is available instantly on Safari." The only mention of "DRM" in the FAQ is in regard to what happens to the digital content you have in your account at members.oreilly.com. According to O'Reilly, "Your DRM-free ebooks and videos are safe and sound, and you'll continue to have free lifetime access to download them anytime, anywhere."
Government

US Imposes Stricter Security Screenings At Foreign Airports, But Won't Expand Laptop Ban Yet (theverge.com) 59

An anonymous reader quotes a report from The Verge: The United States will require foreign airports to implement stricter security practices and screenings for any passengers headed to the U.S. John Kelly, the U.S. secretary of Homeland Security, announced today that the new measures were being put in place. Though he didn't go into specifics, Kelly said the new requirements would include further screenings of electronics, more thorough vetting of passengers, and measures meant to stop "insider attacks." The U.S. is also encouraging the use of more bomb-detecting dogs, "advanced checkpoint screening technology," and the addition of "preclearance" locations, which station U.S. customs officers overseas, allowing them to screen passengers before boarding instead of after they land. One thing Kelly didn't announce was an expansion of the tablet and laptop ban, which is currently in effect on flights from 10 airports in the Middle East and North Africa. If airports don't comply with the new screening rules, Kelly said, they may be subject to additional electronics bans. But for the time being, it sounds like the ban will be kept to those 10 locations. According to Reuters, airlines have 21 days to comply with the new rules for explosives screenings and four months to comply with everything else.
The Courts

Equal Rights Center Sues Uber For Denying Equal Access To People Who Use Wheelchairs (techcrunch.com) 170

The Equal Rights Center is suing Uber, alleging that the company has chosen not to include wheelchair-accessible cars as an option in its standard UberX fleet of vehicles, and excludes people who use wheelchairs in Washington, D.C. According to the lawsuit, Uber is in violation of Title 3 of the Americans with Disabilities Act and the D.C. Human Rights Act. TechCrunch reports: After conducting its own investigation of Uber's services for people in wheelchairs, the ERC found that passengers had to wait an average of eight times longer for an accessible car to arrive. They also had to pay twice as much in fares, according to the ERC's study. Ultimately, the ERC wants Uber to integrate wheelchair accessible cars into its UberX fleet so that people who use wheelchairs don't have to wait longer and pay more to use the car service. Uber said in a statement provided to TechCrunch: "We take this issue seriously and are committed to continued work with the District, our partners, and stakeholders toward expanding transportation options and freedom of movement for all residents throughout the region."
Businesses

Samsung Plans To Open $380 Million Home Appliance Plant In US, Creating Almost 1,000 Jobs (cnbc.com) 57

Samsung Electronics has agreed to open a $380 million home appliance manufacturing plant in Newberry County, South Carolina. The new plant is expected to generate 954 local jobs by 2020. CNBC reports: The South Korean firm said this year it was in talks to build a home appliances plant in the United States amid worries about protectionist policies under U.S. President Donald Trump put pressure on global companies to generate jobs in the country. "With this investment, Samsung is reaffirming its commitment to expanding its U.S. operations and deepening our connection to the American consumers, engineers and innovators," Samsung Electronics America President and CEO Tim Baxter said.
Facebook

Facebook's Secret Censorship Rules Protect White Men From Hate Speech But Not Black Children (propublica.org) 277

Sidney Fussell from Gizmodo summarizes a report from ProPublica, which brings to light dozens of training documents used by Facebook to train moderators on hate speech: As the trove of slides and quizzes reveals, Facebook uses a warped, one-sided reasoning to balance policing hate speech against users' freedom of expression on the platform. This is perhaps best summarized by the above image from one of its training slideshows, wherein Facebook instructs moderators to protect "White Men," but not "Female Drivers" or "Black Children." Facebook only blocks inflammatory remarks if they're used against members of a "protected class." But Facebook itself decides who makes up a protected class, with lots of clear opportunities for moderation to be applied arbitrarily at best and against minoritized people critiquing those in power (particularly white men) at worst -- as Facebook has been routinely accused of. According to the leaked documents, here are the group identifiers Facebook protects: Sex, Religious affiliation, National origin, Gender identity, Race, Ethnicity, Sexual Orientation, Serious disability or disease. And here are those Facebook won't protect: Social class, continental origin, appearance, age, occupation, political ideology, religions, countries. Subsets of groups -- female drivers, Jewish professors, gay liberals -- aren't protected either, as ProPublica explains: White men are considered a group because both traits are protected, while female drivers and black children, like radicalized Muslims, are subsets, because one of their characteristics is not protected.
Security

The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise (theverge.com) 154

Further research and investigation into Petya ransomware -- which has affected computers in over 60 countries -- suggest three interesting things: 1. Ukraine was the epicentre of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine. 2. The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all. 3. Petya was either "incredibly buggy, or irreversibly destructive on purpose." An anonymous reader shares a report: Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program's decryption failure in a post today, Comae's Matthieu Suiche concluded a nation state attack was the only plausible explanation. "Pretending to be a ransomware while being in fact a nation state attack," Suiche wrote, "is in our opinion a very subtle way from the attacker to control the narrative of the attack." Another prominent infosec figure put it more bluntly: "There's no fucking way this was criminals." There's already mounting evidence that Petya's focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.

Slashdot Top Deals