Businesses

Paradise Papers Expose Canadian Scalper's Multimillion-Dollar StubHub Scheme (www.cbc.ca) 146

An anonymous reader quotes a report from CBC.ca: When Adele fans went online to buy tickets to the pop superstar's world tour last year, they had no idea what exactly they were up against. An army of tech-savvy resellers that included a little-known Canadian superscalper named Julien Lavallee managed to vacuum up thousands of tickets in a matter of minutes in one of the quickest tour sellouts in history. The many fans who were shut out would have to pay scalpers like Lavallee a steep premium if they still wanted to see their favorite singer. An investigation by CBC/Radio-Canada and the Toronto Star, based in part on documents found in the Paradise Papers, rips the lid off Lavallee's multimillion-dollar operation based out of Quebec and reveals how ticket website StubHub not only enables but rewards industrial-scale scalpers who gouge fans around the world.

Lavallee's name appears over and over in the records, alongside the names of his wife, his father and other friends and family. The records show them somehow buying tickets from different locations around the world at the same time, placing orders from cities like Chicago, Los Angeles, London and Montreal. Lavallee, who got his start in his early 20s reselling hockey and concert tickets while living at home with his parents, now runs an international ticket harvesting operation. Financial records detail $7.9 million in gross sales in 2014 alone. [T]he CBC/Star investigation also discovered a password-protected portal exclusively for StubHub's top sellers who prove they can move more than $50,000 worth of tickets a year. The company offers them special software to upload and manage huge inventories of tickets.
StubHub said in a statement: "StubHub agrees that the use of bots to procure tickets is unfair and anti-consumer. StubHub has always supported anti-bots legislation and encourages policy-makers to look comprehensively at the host of factors that impact a fan's ability to fairly access, buy, resell, or even give away tickets in a competitive ticket market."
Robotics

Ford Pilots a New Exoskeleton To Lessen Worker Fatigue (futurism.com) 48

Ford is partnering with California-based exoskeleton maker Ekso Bionics to trial a non-powered upper body exoskeletal tool called EksoVest in two of the carmaker's U.S. plants. The goal is to lessen the fatigue factory workers experience in Ford's car manufacturing plants. Futurism reports: Designed to fit workers from five feet to six feet four inches tall, the EksoVest adds some 3 to 6 kilograms (5 to 15 pounds) of adjustable lift assistance to each arm. This exoskeleton is also comfortable enough to wear while providing free arm movement thanks to its lightweight construction. "Collaboratively working with Ford enabled us to test and refine early prototypes of the EksoVest based on insights directly from their production line workers," Ekso Bionics co-founder and CTO Russ Angold said in a Ford press release. "The end result is a wearable tool that reduces the strain on a worker's body, reducing the likelihood of injury, and helping them feel better at the end of the day -- increasing both productivity and morale." The U.S. trial, made possible with the help of the United Automobile Workers, has already demonstrated the wonders that the exoskeleton can offer in reducing fatigue from high-frequency tasks. As such, Ford plans to expand their EksoVest pilot program to other regions, which include Europe and South America.
Bug

Sex Toy Company Admits To Recording Users' Remote Sex Sessions, Calls It a 'Minor Bug' (theverge.com) 81

According to Reddit user jolioshmolio, Hong Kong-based sex toy company Lovense's remote control vibrator app (Lovense Remote) recorded a use session without their knowledge. "An audio file lasting six minutes was stored in the app's local folder," reports The Verge. "The user says he or she gave the app access to the mic and camera but only to use with the in-app chat function and to send voice clips on command -- not constant recording when in use." The app's behavior appears to be widespread as several others confirmed it too. From the report: A user claiming to represent Lovense responded and called this recording a "minor bug" that only affects Android users. Lovense also says no information or data was sent to the company's servers, and that this audio file exists only temporarily. An update issued today should fix the bug. This isn't Lovense's first security flub. Earlier this year, a butt plug made by the company -- the Hush -- was also found to be hackable. In the butt plug's case, the vulnerability had to do with Bluetooth, as opposed to the company spying on users.
Iphone

Some iPhone X Displays Plagued By Mysterious 'Green Line of Death' (thenextweb.com) 76

Some iPhone X owners are reporting a random green line appearing on their displays. According to The Next Web, "the defect has already started to take on the endearing 'Green Line of Death' moniker." From the report: Several users across Apple forums and social media have reported the error -- I've counted over a dozen accounts, and MacRumors mentions it's read "at least 25" such reports. Oddly, the issue doesn't appear to affect users immediately, only showing up after some time with regular usage. In some cases it alternates with a purple line, for variety. It generally appears towards the right or left sides of the display, and sometimes it simply disappears altogether. Weird. Either way, it appears to be a hardware defect affecting a small number of users, and Apple appears to be replacing affected units. Mac Rumors first reported the issue.
Facebook

This Time, Facebook Is Sharing Its Employees' Data (fastcompany.com) 45

tedlistens writes from a report via Fast Company: "Facebook routinely shares the sensitive income and employment data of its U.S.-based employees with the Work Number database, owned by Equifax Workforce Solutions," reports Fast Company. "Every week, Facebook provides an electronic data feed of its employees' hourly work and wage information to Equifax Workforce Solutions, formerly known as TALX, a St. Louis-based unit of Equifax, Inc. The Work Number database is managed separately from the Equifax credit bureau database that suffered a breach exposing the data of more than 143 million Americans, but it contains another cache of extensive personal information about Facebook's employees, including their date of birth, social security number, job title, salary, pay raises or decreases, tenure, number of hours worked per week, wages by pay period, healthcare insurance coverage, dental care insurance coverage, and unemployment claim records."

Surprisingly, Facebook is among friends. Every payroll period, Amazon, Microsoft, and Oracle provide an electronic feed of their employees' hourly work and wage information to Equifax. So do Wal-Mart, Twitter, AT&T, Harvard Law School, and the Commonwealth of Pennsylvania. Even Edward Snowden's former employer, the sometimes secretive N.S.A. contractor Booz Allen Hamilton, sends salary and other personal data about its employees to the Equifax Work Number database. It now contains over 296 million employment records for employees at all wage levels, from CEOs to interns. The database helps streamline various processes for employers and even federal government agencies, says Equifax. But databases like the Work Number also come with considerable risks. As consumer journalist Bob Sullivan puts it, Equifax, "with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans' personal information ever created." On October 8, a month after Equifax announced its giant data breach, security expert Brian Krebs uncovered a gaping hole in the separate Work Number online consumer application portal, which allowed anyone to view a person's salary and employment history "using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax."

China

China Says Foreign Firms Won't Be Forced To Turn Over Technology (vice.com) 40

An anonymous reader quotes a report from Bloomberg: A top Communist Party official said Friday that China won't force foreign companies to turn over technology secrets to gain market access, signaling attention to a key sticking point with U.S. President Donald Trump as he prepared to leave Beijing. The statement by Chinese Vice Premier Wang Yang, the Communist Party's No. 4 official, was made in an article published in the People's Daily newspaper under his byline. While other Chinese officials have made similar pledges in the past about foreign technology, Wang's statement stands out for the seniority of the person making it and its timing. In his article, Wang also pledged to improve the foreign investment environment and treat all companies equally. China will also increase access to its services and manufacturing sectors, wrote Wang, who was last month promoted to the country's top-decision making body, the Politburo Standing Committee.
Businesses

EA Buys Out a Game Studio After Shutting Another One Down 3 Weeks Ago (arstechnica.com) 57

EA has acquired the video game studio Respawn Entertainment. "The studio, co-founded by former Infinity Ward chiefs and Call of Duty co-creators in the wake of their departure from Activision, has been bought out in a deal whose total value could reach $455 million," reports Ars Technica. "The news by itself may seem odd, considering that EA shut down one of its other wholly owned studios, Visceral Games, only three weeks ago." From the report: A report from Kotaku sheds light on why EA made the move: as a response to another game publisher, Korea's Nexon, making a formal bid to buy Respawn outright. Nexon currently publishes a mobile spinoff of Respawn's Titanfall shooter series. Kotaku, citing sources close to the matter, claims that Nexon had bid to buy the company outright. EA exercised its contractual right to match the offer, Kotaku says, and it ultimately outbid Nexon. Among other things, the buyout preserves Respawn's continued work on an upcoming EA game set in the Star Wars universe; EA currently enjoys an exclusive license to making Star Wars-related video games, and any takeover by another company would have to resolve whether or how such a project would continue in production. Respawn's Star Wars project still does not have a title, a release date, or revealed gameplay footage. Respawn announced its work on an additional, unnamed VR game at Oculus Connect 4 last month; the EA statement says that project will continue apace, as well.
Bitcoin

Bitcoin Drops Over $1,000 In Value Over 48 Hours (reuters.com) 107

sqorbit writes: Bitcoin dropped below $7,000 after hitting an all-time high. After the so-called "fork" was suspended, Bitcoin reached a peak of $7,888 around 1800 GMT on Wednesday before dropping down below $7,000. Some investors appear to be selling in order to buy "Bitcoin Cash" which was a split on August 1st. Bitcoin Cash reached $850.
Encryption

Following Equifax Breach, CEO Doesn't Know If Data Is Encrypted (techtarget.com) 104

An anonymous reader quotes a report from TechTarget: Equifax alerted the public in September 2017 to a massive data breach that exposed the personal and financial information -- including names, birthdays, credit card numbers and Social Security numbers -- of approximately 145 million customers in the United States to hackers. Following the Equifax breach, the former CEO Richard Smith and the current interim CEO Paulino do Rego Barros Jr. were called to testify before the Committee on Commerce, Science, and Transportation this week for a hearing titled "Protecting Consumers in the Era of Major Data Breaches." During the hearing, Sen. Cory Gardner (R-Colo.) questioned Smith and Barros about Equifax's use of -- or lack of -- encryption for customer data at rest. Smith confirmed that the company was not encrypting data at the time of the Equifax breach, and Gardner questioned whether or not that was intentional. "Was the fact that [customer] data remained unencrypted at rest the result of an oversight, or was that a decision that was made to manage that data unencrypted at rest?" Gardner asked Smith. Smith pointed out that encryption at rest is just one method of security, but eventually confirmed that a decision was made to leave customer data unencrypted at rest. "So, a decision was made to leave it unencrypted at rest?" Gardner pushed. "Correct," Smith responded.

Gardner moved on to Barros and asked whether he has implemented encryption for data at rest since he took over the position on Sept. 26. Barros began to answer by saying that Equifax has done a "top-down review" of its security, but Gardner interrupted, saying it was a yes or no question. Barros stumbled again and said it was being reviewed as part of the response process and Gardner pushed again. "Yes or no, does the data remain unencrypted at rest?" "I don't know at this stage," Barros responded. "Senator, if I may. It's my understanding that the entire environment [in] which this criminal attack occurred is much different; it's a more modern environment with multiple layers of security that did not exist before. Encryption is only one of those layers of security," Smith said.

Businesses

Here Comes the World's Biggest Shopping Spree -- Again (bloomberg.com) 38

A reader shares a report: On Nov. 11, China celebrates Singles Day, a holiday dedicated to the nation's unattached. It's also the world's largest shopping festival -- and a bonanza for internet giant Alibaba Group. Up to 500 million consumers will visit sites run by the company searching for discounts on items including Bordeaux wine, UGG boots, SUVs, and high-end Japanese toilets. Citigroup estimates that Alibaba's sales during this year's event could reach 158 billion yuan ($23.8 billion). For Alibaba, Singles Day will also be a demonstration of how far its cloud business has come in eight years. At the peak of activity, Alibaba's servers may be tasked with processing 175,000 transactions a second from its own sites. "It's the day when the largest amount of computing power is needed in China," says He Yunfei, a senior product manager for Alibaba Cloud. [...] Alibaba dominates the Chinese cloud -- in part because local regulators won't issue data center operating licenses to foreign companies, curtailing the China ambitions of Amazon.com and Microsoft, the No. 1 and No. 2 cloud providers globally.
Security

Man Who Sent GIF of Laughing Mouse To Employer After DDoS Attack Is Now Arrested (bleepingcomputer.com) 75

An anonymous reader writes: The FBI has arrested and charged a man for launching DDoS attacks against a wide range of targets, including his former employer, a Minnesota-based PoS repair shop. The man, who bought access to a VPN but didn't use it all the time, was caught after registering email accounts and sending taunting emails to victims, including his former employer. The taunting emails also included a GIF image of a laughing mouse, which eventually tied the man to the DDoS attacks as well. The guy also uploaded the image on Facebook in a post that asked people to join in DDoS attacks on banks as part of Anonymous' Operation Icarus. The suspect also created the fake email accounts using the name of another former colleague, trying to pin suspicions on him. The FBI was not only able to track the man's real IP address, but they also tied him to attacks without a doubt because he used a DDoS-for-hire service that was hacked and its database was shared with the FBI.
Programming

Programming Language Go Turns 8 (golang.org) 67

On this day, eight years ago, a group of programmers at Google released Go, a brand-new open-source programming language that they hoped would solve some of the problems they faced with Java, C++ and other programming languages. In the past eight years, Go has gotten a tremendous traction, with Go helping drive several services running inside Google. The company, on its part, has added a handful of features to Go, including a revamped garbage collector in 2015, and support for various ARM processors. From a blog post: Go has been embraced by developers all over the world with approximately one million users worldwide. In the freshly published 2017 Octoverse by GitHub, Go has become the #9 most popular language, surpassing C. Go is the fastest growing language on GitHub in 2017 in the top 10 with 52% growth over the previous year. In growth, Go swapped places with Javascript, which fell to the second spot with 44%. In Stack Overflow's 2017 developer survey, Go was the only language that was both on the top 5 most loved and top 5 most wanted languages. People who use Go, love it, and the people who aren't using Go, want to be. [...] Since Go was first open sourced we have had 10 releases of the language, libraries and tooling with more than 1680 contributors making over 50,000 commits to the project's 34 repositories; More than double the number of contributors and nearly double the number of commits from only two years ago. This year we announced that we have begun planning Go 2, our first major revision of the language and tooling.
Space

Exit Interview: Scott Kelly (atlasobscura.com) 62

An excerpt from a new interview of Scott Kelly, now a retired astronaut, who spent 11 months and three days at the International Space Station in one stretch: Q: What does space smell like?
It smells different to different people. Some people say it smells sweet. To me it smells like burnt metal, like if you took a blowtorch to some steel or something.

Q: When you're up there on the ISS, arguably you're the most expensive human being on the planet except the president. The amount of resources being spent to keep you alive are enormous. Did that weigh on you at all?
Never even thought about that. No. Never considered it. I appreciated the effort that people went through to make sure you're safe, and are taken care of and supported while you're there, but I never considered the cost of it.

Question: Did it feel like, 'Man, I gotta work all the time'?
I think some people feel that way. I kind of felt that way on my [first, six-month ISS mission]. But having flown for six months, and then a few years later flying for a year, I realized I couldn't do that. So I definitely had to pace myself throughout the course of the year.

Q: Did you lose anything in the station?
All kinds of stuff! One of the last things I remember losing was this fancy, 3-D printed cover for some experiment. It was for the camera and I turn around and the thing's gone, and they didn't have a spare. I've got to see if they've found that thing yet. Oh, yeah. We lost a bag of screws and washers one time.

Question: When you're on the U.S. side of the ISS and the Russians are on their side, how much interaction is there, day-to-day?
They work predominantly in the Russian segment and have their meals there, so during waking hours, they're generally on their side, we're generally on our side. You interact, you go down there, you chat with them, you come back, you might perform some kind of experiments, they might do a little thing in our space station, but it's what we refer to as "segmented ops."

Question: Does it feel like you're all in it together?
Yes! Absolutely. We actually do some things to help each other that we don't even share with the ground because then it creates like bureaucratic ... issues for them to deal with. I've been asked to help fix some of their hardware, their treadmill one time. We help each other getting trash off the space station without telling the folks in Houston.

Businesses

Uber Drivers Have Rights on Wages and Time Off, UK Panel Rules (apnews.com) 125

Uber suffered a blow on Friday to its operations in its biggest market outside the United States when a British panel ruled in London rejected the company's argument that its drivers were self employed. The decision, which affirmed a ruling made last year, means that Uber will have to ensure its drivers in Britain are paid a minimum wage and entitled to time off, casting doubt on a common hiring model in the so-called gig economy that relies on workers who do not have a formal contract as permanent employees. From a report: Judge Jennifer Eady rejected Uber's argument that the men were independent contractors, because the drivers had no opportunity to make their own agreements with passengers and the company required them to accept 80 percent of trip requests when they were on duty. The tribunal, Eady wrote in her decision, found "the drivers were integrated into the Uber business of providing transportation services." The ride-hailing service said it has never required drivers in the U.K. to accept 80 percent of the trips offered to them and that drivers make well above the minimum wage. Employment lawyers expect the case to be heard by higher courts as early as next year.
Japan

The Booming Japanese Rent-a-Friend Business (theatlantic.com) 275

An anonymous reader shares a report on The Atlantic which talks about a growing business in Japan wherein you can pay an actor to impersonate your relative, spouse, coworker, or any kind of acquaintance. The reporter has interviewed Ishii Yuichi, CEO of a Family Romance, a company that rents such actors. Yuichi believes that Family Romance, and other companies that provide a similar service can help people cope with unbearable absences or perceived deficiencies in their lives. In an increasingly isolated and entitled society, the chief executive officer predicts the exponential growth of his business and others like it, as a la carte human interaction becomes the new norm. An exchange between Yuichi and the reporter, from the story: Morin: When was your first success?
Yuichi: I played a father for a 12-year-old with a single mother. The girl was bullied because she didn't have a dad, so the mother rented me. I've acted as the girl's father ever since. I am the only real father that she knows.
Morin: And this is ongoing?
Yuichi: Yes, I've been seeing her for eight years. She just graduated high school.
Morin: Does she understand that you're not her real father?
Yuichi: No, the mother hasn't told her.
Morin: How do you think she would feel if she discovered the truth?
Yuichi: I think she would be shocked. If the client never reveals the truth, I must continue the role indefinitely. If the daughter gets married, I have to act as a father in that wedding, and then I have to be the grandfather. So, I always ask every client, "Are you prepared to sustain this lie?" It's the most significant problem our company has.

IBM

IBM Raises the Bar with a 50-Qubit Quantum Computer (technologyreview.com) 69

IBM said on Friday it has created a prototype 50 qubit quantum computer as it further increases the pressure on Google in the battle to commercialize quantum computing technology. The company is also making a 20-qubit system available through its cloud computing platform, it said. From a report: The announcement does not mean quantum computing is ready for common use. The system IBM has developed is still extremely finicky and challenging to use, as are those being built by others. In both the 50- and the 20-qubit systems, the quantum state is preserved for 90 microseconds -- a record for the industry, but still an extremely short period of time. Nonetheless, 50 qubits is a significant landmark in progress toward practical quantum computers. Other systems built so far have had limited capabilities and could perform only calculations that could also be done on a conventional supercomputer. A 50-qubit machine can do things that are extremely difficult to simulate without quantum technology. Whereas normal computers store information as either a 1 or a 0, quantum computers exploit two phenomena -- entanglement and superposition -- to process information differently.
Spam

Security Firm Creates Chatbot To Respond To Scam Emails On Your Behalf (theverge.com) 70

An anonymous reader shares a report: Chatbots. They're usually a waste of your time, so why not have them waste someone else's instead? Better yet: why not have them waste an email scammer's time. That's the premise behind Re:scam , an email chatbot operated by New Zealand cybersecurity firm Netsafe. Next time you get a dodgy email in your inbox, says Netsafe, forward it on to me@rescam.org, and a proxy email address will start replying to the scammer for you, doing its very utmost to waste their time.
IT

After Outrage, Logitech Gives Free Upgrade To Owners of Soon To Be Obsolete Device (gizmodo.com) 105

It looks like Logitech didn't anticipate the barrage of criticism it received after announcing this week that it would be intentionally bricking its Harmony Link hub next March. The company is now reversing course. Its Harmony Link will still die next summer, but if you own one, the company is happy to give you a free upgrade to the more recent Harmony Hub model. From a report: Originally, Logitech planned to only offer Harmony Link owners with active warranties free upgrades to its new Harmony Hub devices. But for people out of warranty -- possibly the majority of Harmony Link users, as the devices were last sold in 2015 -- they would just get a one-time, 35 percent discount on a new $100 Harmony Hub. However, after customer outrage, Logitech revised it plans and announced that the company will give every Harmony Link owner a new Hub for free. Additionally, users who had already used the coupon to purchase a new Hub will also be able to contact Logitech in order to obtain a refund for the difference in price. However, Logitech is still not planning to extend support for the Harmony Link. The company says, "We made the business decision to end the support and services of the Harmony Link when the encryption certificate expires in the spring of 2018 -- we would be acting irresponsibly by continuing the service knowing its potential/future vulnerability."
Security

How AV Can Open You To Attacks That Otherwise Wouldn't Be Possible (arstechnica.com) 34

Antivirus suites expose a user's system to attacks that otherwise wouldn't be possible, a security researcher reported on Friday. From a report: On Friday, a researcher documented a vulnerability he had found in about a dozen name-brand AV programs that allows attackers who already have a toehold on a targeted computer to gain complete system control. AVGater, as the researcher is calling the vulnerability, works by relocating malware already put into an AV quarantine folder to a location of the attacker's choosing. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory such as C:\Windows or C:\Program Files, which normally would be off limits to the attacker. Six of the affected AV programs have patched the vulnerablity after it was privately reported. The remaining brands have yet to fix it, said Florian Bogner, a Vienna, Austria-based security researcher who gets paid to hack businesses so he can help them identify weaknesses in their networks. Bogner said he developed a series of AVGater exploits during several assignments that called for him to penetrate deep inside customer networks. Using malicious phishing e-mails, he was able to infect employee PCs, but he still faced a significant challenge. Because company administrators set up the PCs to run with limited system privileges, Bogner's malware was unable to access the password database -- known as the Security Account Manager -- that stored credentials he needed to pivot onto the corporate network.
Google

Alphabet's Project Loon Delivers Internet To 100,000 People In Puerto Rico (engadget.com) 34

Google announced that its Project Loon internet balloons have delivered internet service to over 100,000 Puerto Ricans who were knocked offline by Hurricane Maria. Engadget reports: It's not a total success, which isn't to be expected after Puerto Ricans' communications infrastructure suffered so much damage. But the team was able to work with AT&T and T-Mobile to get "communication and internet activities like sending text messages and accessing information online for some people with LTE enabled phones," head of Project Loon Alastair Westgarth wrote in a blog post. The team launched their balloons from Nevada and used machine learning algorithms to direct them over Puerto Rico, where they've been relaying internet from working ground networks over to users in unconnected areas. In the post, Westgarth noted that Project Loon has never fired up internet from scratch this rapidly, and will improve their ability to keep balloons in place (and deliver sustained connectivity) as they become familiar with the air currents.
Sci-Fi

Star Trek: Discovery Will Return On January 7th, 2018 (theverge.com) 278

CBS announced that Star Trek: Discovery will return for the second half of the split season on Sunday, November 12th. There will be roughly a two month gap between the last episode of the first half of the split season, which aires on Sunday, November 12th, and the first episode of the second half of the split season. The Verge reports: When the network announced the series's September release date, it revealed that the first season would be split into two "chapters." The second chapter begins with the show's 10th episode, "Despite Yourself." Chapter 2 will contain the season's remaining six episodes, and will run through February 11th. According to CBS, the show will apparently find the crew of the USS Discovery in "unfamiliar territory," and they'll have to get creative about ways to return home. In this week's episode, the crew came face-to-face with the Klingon Empire over the planet Pahvo, after the planet's native species summoned them, hoping to resolve their conflict. After that, it'll be a longer wait for the show to return: CBS recently announced that it renewed Star Trek: Discovery for a second season, but that announcement didn't come with further details about a second season release date, or the number of episodes or chapters planned for season 2.

Slashdot Top Deals