Operating Systems

OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users (bleepingcomputer.com) 164

An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Software

Symantec CEO: Source Code Reviews Pose Unacceptable Risk (reuters.com) 172

In an exclusive report from Reuters, Symantec's CEO says it is no longer allowing governments to review the source code of its software because of fears the agreements would compromise the security of its products. From the report: Tech companies have been under increasing pressure to allow the Russian government to examine source code, the closely guarded inner workings of software, in exchange for approvals to sell products in Russia. Symantec's decision highlights a growing tension for U.S. technology companies that must weigh their role as protectors of U.S. cybersecurity as they pursue business with some of Washington's adversaries, including Russia and China, according to security experts. While Symantec once allowed the reviews, Clark said that he now sees the security threats as too great. At a time of increased nation-state hacking, Symantec concluded the risk of losing customer confidence by allowing reviews was not worth the business the company could win, he said.
Security

Equifax Increases Number of Britons Affected By Data Breach To 700,000 (telegraph.co.uk) 58

phalse phace writes: You know those 400,000 Britons that were exposed in Equifax's data breach? Well, it turns out the number is actually closer to 700,000. The Telegraph reports: "Equifax has just admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised. The company originally estimated that the number of people affected in the UK was 'fewer than 400,000.' But on Tuesday night it emerged that cyber criminals had targeted 15.2 million records in the UK. It said 693,665 people could have had their data exposed, including email addresses, passwords, driving license numbers, phone numbers. The stolen data included partial credit card details of less than 15,000 customers."
Cellphones

Security, Privacy Focused Librem 5 Linux Smartphone Successfully Crowdfunded (softpedia.com) 82

prisoninmate shares a report from Softpedia: Believe it or not, Purism's Librem 5 security and privacy-focused smartphone has been successfully crowdfunded a few hours ago when it reached and even passed its goal of $1.5 million, with 13 days left. Librem 5 wants to be an open source and truly free mobile phone designed with security and privacy in mind, powered by a GNU/Linux operating system based on Debian GNU/Linux and running only Open Source software apps on top of a popular desktop environment like KDE Plasma Mobile or GNOME Shell. Featuring a 5-inch screen, Librem 5 is compatible with 2G, 3G, 4G, GSM, UMTS, and LTE mobile networks. Under the hood, it uses an i.MX 6 or i.MX 8 processor with separate baseband modem to offer you the protection you need in today's communication challenges, where you're being monitored by lots of government agencies.
Transportation

Dutch Government Confirms Plan To Ban New Petrol, Diesel Cars By 2030 (electrek.co) 348

An anonymous reader quotes a report from Electrek: Today, the new Dutch government presented its detailed plan for the coming years and it includes making all new cars emission-free by 2030 -- virtually banning petrol- and diesel-powered cars in favor of battery-powered vehicles. The four coalition parties have been negotiating their plans since the election in March and now after over 200 days, they have finally released the plan they agreed upon. NL Times posted all the main points of the plan and in "transportation," it includes: By 2030 all cars in the Netherlands must be emission free. While some local publications are reporting "all cars," we are told that it would be for "all new cars" as it is the case for the countries with similar bans under consideration. The potential for the ban has been under consideration in the country since last year. The year 2025, like in Norway, has been mentioned, but they apparently decided for the less ambitious goal of 2030.
Privacy

Amazon Is Reportedly Building a Doorbell That Lets Drivers Into Your House (cnbc.com) 203

According to CNBC, Amazon is working with Phrame, a maker of smart license plates that allow items to be delivered to a car's trunk, to build a smart doorbell that would give delivery drivers one-time access to a person's home to drop off items. From the report: Phrame's product fits around a license plate and contains a secure box that holds the keys to the car. Users unlock the box with their smartphone, and can grant access to others -- such as delivery drivers -- remotely. The new initiatives are part of Amazon's effort to go beyond convenience and fix problems associated with unattended delivery. As more consumers shop online and have their packages shipped to their homes, valuable items are often left unattended for hours. Web retailers are dealing with products getting damaged by bad weather as well as the rise of so-called porch pirates, who steal items from doorsteps. Amazon also has an incentive to reduce the number of lost packages, as they can be costly.
KDE

KDE Plasma 5.11 Released (kde.org) 62

jrepin writes: KDE publishes this autumn's Plasma feature release, KDE Plasma 5.11. Plasma 5.11 desktop environment brings a redesigned settings app, improved notifications, a more powerful task manager. Plasma 5.11 is the first release to contain the new "Vault," a system to allow the user to encrypt and open sets of documents in a secure and user-friendly way, making Plasma an excellent choice for people dealing with private and confidential information.
IBM

How Does Microsoft Avoid Being the Next IBM? (arstechnica.com) 223

An anonymous reader quotes a report from Ars Technica: For fans of the platform, the official confirmation that Windows on phones isn't under active development any longer -- security bugs will be fixed, but new features and new hardware aren't on the cards -- isn't a big surprise. This is merely a sad acknowledgement of what we already knew. Last week, Microsoft also announced that it was getting out of the music business, signaling another small retreat from the consumer space. It's tempting to shrug and dismiss each of these instances, pointing to Microsoft's continued enterprise strength as evidence that the company's position remains strong. And certainly, sticking to the enterprise space is a thing that Microsoft could do. Become the next IBM: a stable, dull, multibillion dollar business. But IBM probably doesn't want to be IBM right now -- it has had five straight years of falling revenue amid declining relevance of its legacy businesses -- and Microsoft probably shouldn't want to be the next IBM, either. Today, Microsoft is facing similar pressures -- Windows, though still critical, isn't as essential to people's lives as it was a decade ago -- and risks a similar fate. Dropping consumer ambitions and retreating to the enterprise is a mistake. Microsoft's failure in smartphones is bad for Windows, and it's bad for Microsoft's position in the enterprise as a whole.
Government

North Korean Hackers Stole U.S.-South Korean Military Plans, Lawmaker Says (nytimes.com) 110

North Korean hackers stole a vast cache of data, including classified wartime contingency plans jointly drawn by the United States and South Korea, when they breached the computer network of the South Korean military last year, a South Korean lawmaker said Tuesday (alternative source). From a report: One of the plans included the South Korean military's plan to remove the North Korean leader, Kim Jong-un, referred to as a "decapitation" plan, should war break out on the Korean Peninsula, the lawmaker, Rhee Cheol-hee, told reporters. Mr. Rhee, a member of the governing Democratic Party who serves on the defense committee of the National Assembly, said he only recently learned of the scale of the North Korean hacking attack, which was first discovered in September last year. It was not known whether any of the military's top secrets were leaked, although Mr. Rhee said that nearly 300 lower-classification confidential documents were stolen. The military has not yet identified nearly 80 percent of the 235 gigabytes of leaked data, he said.
Movies

It's Illegal to Pirate Films in Iran, Unless You're the Government (vice.com) 35

An anonymous reader shares a report: While legal "pirating" exists in Iran, six administrators of the Iranian pirate movie site TinyMoviez have been arrested by Iranian authorities. This was a website the Iranian national broadcaster had used to download and nationally air movies in the past. The exact date of the arrests are unknown, but Tehran's Prosecutor General announced the arrests on September 26, 2017. The website is still online, but users haven't been able to download content from it since September 19, 2017. Now TinyMoviez administrators are finding themselves on the wrong side of Iran's odd and often pirating friendly copyright laws. Iran's copyright law is a quagmire when it comes to understanding what rights exists for creators of an original piece of work, and what rights exist for those wanting to re-distribute original works, such as movies. Meanwhile, Article 8 gives the government broad powers to reproduce work that is not its own. This means that the government is exempt from Article 23, which criminalizes the theft of another's work.
Science

'Sooty Birds' Reveal Hidden US Air Pollution (bbc.com) 80

Soot trapped in the feathers of songbirds over the past 100 years is causing scientists to revise their records of air pollution. From a report: US researchers measured the black carbon found on 1,300 larks, woodpeckers and sparrows over the past century. They've produced the most complete picture to date of historic air quality over industrial parts of the US. The study also boosts our understanding of historic climate change. [...] This new study takes an unusual approach to working out the scale of soot coming from this part of the US over the last 100 years. The scientists trawled through natural history collections in museums in the region and measured evidence of black carbon, trapped in the feathers and wings of songbirds as they flew through the smoky air. The researchers were able to accurately estimate the amount of soot on each bird by photographing them and measuring the amount of light reflected off them. "We went into natural history collections and saw that birds from 100 years ago that were soiled, they were covered in soot," co-author Shane DuBay, from the Field Museum and the University of Chicago, told BBC News. "We saw that birds from the present were cleaner and we knew that at some point through time the birds cleaned up -- when we did our first pass of analysis using reflectance we were like wow, we have some incredible precision." Their analysis of over 1,000 birds shows that black carbon levels peaked in the first decade of the 1900s and that the air at the turn of the century was worse than previously thought.
Communications

T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number (vice.com) 62

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Until last week, a bug on a T-Mobile website let hackers access personal data such as email address, a customer's T-Mobile account number, and the phone's IMSI, a standardized unique number that identifies subscribers. On Friday, a day after Motherboard asked T-Mobile about the issue, the company fixed the bug. The flaw, which was discovered by security researcher Karan Saini, allowed malicious hackers who knew -- or guessed -- your phone number to obtain data that could've been used for social engineering attacks, or perhaps even to hijack victim's numbers. "T-Mobile has 76 million customers, and an attacker could have run a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users," Saini, who is the founder of startup Secure7, told Motherboard in an online chat. "That would effectively be classified as a very critical data breach, making every T-Mobile cell phone owner a victim," he added.
Facebook

Virtual Zuck Fails To Connect (bbc.com) 141

Rory Cellan-Jones, writing for BBC: It must have seemed like a good idea. As a taster for a big announcement about Oculus VR on Wednesday, send Mark Zuckerberg on a little virtual reality trip, including a stop in Puerto Rico. But the reviews are in -- and they are not good. The sight of Mr Zuckerberg using VR to survey the devastation of an island still struggling to recover from Hurricane Maria may have been meant to convey Facebook's empathy with the victims. The fact that he was there in the form of a cartoon seemed to many the perfect visual metaphor for the gulf in understanding between Silicon Valley and the real world. Sure, he was talking about all the activities which his company had initiated to help the island, from helping people tell their families they were ok using Safety Check to sending Facebook employees to help restore connectivity. But cartoon Zuck showing us a 360 degree view of a flooded street before zipping back to a virtual California just seemed a little, well, crass. Is Facebook really concerned about the plight of Puerto Rico, or is it merely a handy backdrop to promote Oculus, whose sales have so far proved disappointing?
Microsoft

Microsoft May Have Price Increases in Store For Windows 10 Pro Workstation, Win 10 Downgrade Customers (zdnet.com) 210

Mary Jo Foley, reporting for ZDNet: Microsoft soon will be adding a new edition of Windows 10 to its lineup. That edition, Windows 10 Pro for Workstations, may include more than just a new name and feature set. It also may come with a change to the way Microsoft licenses and prices Windows 10 for its PC maker partners -- who potentially could pass on these changes to end-user customers. I've heard from a couple of customers recently who've been contacted by different OEMs about the coming changes. One said that Microsoft will begin licensing the Windows 10 Desktop operating system by processor family, and all PCs sold with Intel Xeon workstation processors will be affected by this change. One customer said he was told there could be a price increase of roughly $70 per operating system for use on systems with processors with four or fewer cores. For machines with Xeon processors with more than four cores, there could be a price increase of roughly $230 per operating system, I was told. Windows 10 Pro for Workstations is going to be available around the time Windows 10 Fall Creators Update starts rolling out, which is October 17.
Transportation

Nvidia Introduces a Computer For Level 5 Autonomous Cars (engadget.com) 175

From a report: At the center of many of the semi-autonomous cars currently on the road is NVIDIA hardware. Once automakers realized that GPUs could power their latest features, the chipmaker, best known for the graphics cards that make your games look outstanding, became the darling of the car world. But while automakers are still dropping level 2 and sometimes level 3 vehicles into the market, NVIDIA's first AI computer, the NVIDIA Drive PX Pegasus, is apparently capable of level 5 autonomy. That means no pedals, no steering wheel, no need for anyone to ever take control. The new computer delivers 320 trillion operations per second, 10 times more than its predecessor. Before you start squirreling away cash for your own self-driving car, though, NVIDIA's senior director of automotive, Danny Shapiro, notes that it's likely going to be robotaxis that drive us around. In fact, the company said that over 25 of its partners are already working on fully autonomous taxis. The goal with this smaller, more powerful computer is to remove the huge computer arrays that sit in the prototype vehicles of OEMs, startups and any other company that's trying to crack the autonomous car nut.
Sci-Fi

Why Is 'Blade Runner' the Title of 'Blade Runner'? (vulture.com) 221

Why is Blade Runner called Blade Runner? Though the viewer is told in the opening text of Ridley Scott's 1982 original that "special Blade Runner units" hunt renegade replicants -- and though the term "Blade Runner" is applied to Harrison Ford's Rick Deckard a few times in the film -- we're never given an explanation of where the proper noun comes from. The novel upon which Blade Runner was based, Philip K. Dick's Do Androids Dream of Electric Sheep?, offers no clues either.
Google

Google Paid $7.2 Billion Last Year To Partners, Including Apple, To Prominently Showcase Its Search Engine and Apps on Smartphones (bloomberg.com) 57

A reader shares a Bloomberg report: There's a $19 billion black box inside Google. That's the yearly amount Google pays to companies that help generate its advertising sales, from the websites lined with Google-served ads to Apple and others that plant Google's search box or apps in prominent spots. Investors are obsessed with this money, called traffic acquisition costs, and they're particularly worried about the growing slice of those payments going to Apple and Google's Android allies. That chunk of fees now amounts to 11 percent of revenue for Google's internet properties. The figure was 7 percent in 2012. These Google traffic fees are the result of contractual arrangements parent company Alphabet makes to ensure its dominance. The company pays Apple to make Google the built-in option for web searches on Apple's Safari browsers for Mac computers, iPhones and other places. Google also pays companies that make Android smartphones and the phone companies that sell those phones to make sure its search box is front and center and to ensure its apps such as YouTube and Chrome are included in smartphones. In the last year, Google has paid these partners $7.2 billion, more than three times the comparable cost in 2012.
Bitcoin

Russian Central Bank To Ban Websites Offering Crypto-currencies (reuters.com) 45

An anonymous reader shares a report: Russia will block access to websites of exchanges that offer crypto-currencies such as Bitcoin, Russian Central Bank First Deputy Governor Sergei Shvetsov said on Tuesday. He called them "dubious." Russian financial authorities initially treated any sort of money issued by non-state approved institutions as illegal, saying they could be used to launder money. Later the authorities accepted the globally booming market of crypto-currencies but want to either control the turnover or to limit access to the market "We cannot stand apart. We cannot give direct and easy access to such dubious instruments for retail (investors)," Shvetsov said, referring to households.
Security

Security Researcher Finds a Fundamental Flaw in iOS (krausefx.com) 162

Felix Krause writes: Do you want a user's Apple ID password to get access to their Apple account or to try the same email/password combination on different web services? Just ask your users politely, they'll probably just hand over their credentials, as they're trained to do so. This is just a proof of concept, phishing attacks are illegal! Don't use this in any of your apps. The goal of this blog post is to close the loophole that has been there for many years, and hasn't been addressed yet. For moral reasons, I decided not to include the actual source code of the popup, however it was shockingly easy to replicate the system dialog.
Science

'Staying Longer At Home' Was Key To Stone Age Technology Change 60,000 Years Ago (phys.org) 74

A new study by scientists at the University of the Witwatersrand suggests that at about 58,000 years ago, Stone Age humans began to settle down, staying in one area for longer periods. The research also provides a potential answer to a long-held mystery: why older, Howiesons Poort complex technological tradition in South Africa, suddenly disappear at that time. Phys.Org reports: The Howiesons Poort at Sibudu contains many finely-worked, crescent-shaped stone tools fashioned from long, thin blades made on dolerite, hornfels and, to a lesser extent, quartz. These "segments," as they are called, were hafted to shafts or handles at a variety of angles using compound adhesives that sometimes included red ochre (an iron oxide). A diverse bone tool kit in the Howiesons Poort includes what may be the world's oldest bone arrowhead. Certainly a variety of hunting techniques was used perhaps including the first use of snares for the capture of small creatures. The animal remains brought to Sibudu reflect this diversity for there are bones from large plains game like zebra, tiny blue duiker, and even pigeons and small carnivores. Soft, clayey ochre pieces were collected in the Howiesons Poort perhaps at a considerable distance From Sibudu. Clayey ochre is useful for applying as paint. The beautiful Howiesons Poort industry with its long, thin blades is replaced at 58,000 years ago by a simple technology that could be rapidly produced. Coarse rocks like quartzite and sandstone became popular. These could be collected close to Sibudu. Post-Howiesons Poort tools were part of an unstandardized toolkit with triangular or irregularly-shaped flakes. Tiny scaled pieces were also produced using a bipolar technique (in the simplest terms this involves smashing a small piece of rock with a hammerstone). The study has been published in the journal PlosOne.
Microsoft

PSA: Microsoft Is Using Cortana To Read Your Private Skype Conversations (betanews.com) 180

BrianFagioli shares a report from BetaNews: With Cortana's in-context assistance, it's easier to keep your conversations going by having Cortana suggest useful information based on your chat, like restaurant options or movie reviews. And if you're in a time crunch? Cortana also suggests smart replies, allowing you to respond to any message quickly and easily -- without typing a thing," says The Skype Team. The team further says, "Cortana can also help you organize your day -- no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled. So, whether you're talking about weekend plans or an important work appointment, nothing will slip through the cracks."

So, here's the deal, folks. In order for this magical "in-context" technology to work, Cortana is constantly reading your private conversations. If you use Skype on mobile to discuss private matters with your friends or family, Cortana is constantly analyzing what you type. Talking about secret business plans with a colleague? Yup, Microsoft's assistant is reading those too. Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions. With that said, there is the potential for abuse. Microsoft could use Cortana's analysis to spy on you for things like advertising or worse, and that stinks. Is it really worth the risk to have smart replies and suggested calendar entries? I don't know about you, but I'd rather not have my Skype conversations read by Microsoft.

Japan

Tokyo Preparing For Floods 'Beyond Anything We've Seen' (tampabay.com) 98

In the face of an era of extreme weather brought on by climate change, global cities are working to improve their defenses. The New York Times reports (Warning: may be paywalled; alternative source) of Tokyo's $2 billion underground anti-flood system that consists of tunnels that divert water away from the region's most vulnerable floodplains. The city is "preparing for flooding beyond anything we've seen," says Kuniharu Abe, head of the underground site. From the report: But even in Tokyo, the onset of more frequent and intense storms has forced officials to question whether the region's protections are strong enough, a concern that has become more urgent as the city prepares to host the 2020 Olympic Games. Across Japan, rainfall measuring more than 2 inches an hour has increased 30 percent over the past three decades, the Japan Meteorological Agency estimates. The frequency of rainfall of more than 3 inches an hour has jumped 70 percent. The agency attributes the increase of these intense rains to global warming, heralding a new era in a country that is among the world's wettest, with a language that has dozens of words for rain. [...]

Experts have also questioned the wisdom of erecting more concrete defenses in a country that has dammed most of its major river systems and fortified entire shorelines with breakwaters and concrete blocks. Some of these protections, they say, only encourage development in regions that could still be vulnerable to future flooding. In eastern Saitama, where the Kasukabe facility has done the most to reduce floods, local industry has flourished; the region has successfully attracted several large e-commerce distribution centers and a new shopping mall. Still, the Kasukabe operation remains a critical part of Tokyo's defenses, say officials at Japan's Land Ministry, which runs the site. Five vertical, underground cisterns, almost 250 feet deep, take in stormwater from four rivers north of Tokyo. A series of tunnels connect the cisterns to a vast tank, larger than a soccer field, with ceilings held up by 60-foot pillars that give the space a temple-like feel. From that tank, industrial pumps discharge the floodwater at a controlled pace into the Edo river, a larger river system that flushes the water into Tokyo Bay.

Slashdot Top Deals