Security

A 15-Year-Old Hacked the Secure Ledger Crypto Wallet (techcrunch.com) 68

An anonymous reader quotes a report from TechCrunch: A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped. The holes, which Rashid described on his blog, allowed for both a "supply chain attack" -- meaning a hack that could compromise the device before it was shipped to the customer -- and another attack that could allow a hacker to steal private keys after the device was initialized. The Ledger team described the vulnerabilities dangerous but avoidable. For the "supply chain attack," they wrote: "by having physical access to the device before generation of the seed, an attacker could fool the device by injecting his seed instead of generating a new one. The most likely scenario would be a scam operation from a shady reseller." "If you bought your device from a different channel, if this is a second hand device, or if you are unsure, then you could be victim of an elaborate scam. However, as no demonstration of the attack in the real has been shown, it is very unlikely. In both cases, a successful firmware update is the proof that your device has never been compromised," wrote the team.

Further, the post-purchase hack "can be achieved only by having physical access to the device, knowing your PIN code and installing a rogue unsigned application. This rogue app could break isolation between apps and access sensitive data managed by specific apps such as GPG, U2F or Neo." Ledger CEO Eric Larcheveque claimed that there were no reports of the vulnerability effecting any active devices. "No one was compromised that we know of," he said. "We have no knowledge that any device was affected." Rashid, for his part, was disappointed with the speed Ledger responded to his claims.

Twitter

Twitter CEO Says Bitcoin Will Be the World's 'Single Currency' In 10 Years (theverge.com) 256

In a recent interview with The Times, Twitter and Square CEO Jack Dorsey said he believes that bitcoin will become the world's single currency within 10 years. "The world ultimately will have a single currency, the internet will have a single currency," said Dorsey. "I personally believe that it will be bitcoin." Dorsey went on to say that the transition would happen "probably over ten years, but it could go faster." The Verge reports: That Dorsey is a fan of bitcoin isn't too surprising, though. In addition to serving as the CEO of Twitter, Dorsey is also the CEO of Square, which recently added the option to buy and sell Bitcoin directly from the Square Cash app. The company also released an illustrated children's story touting the benefits of the digital currency. As for Dorsey himself, he's gone on the record in an interview with The Verge's own Lauren Goode about the benefits of bitcoin as a currency, describing it as the "next big unlock" for the world of finance. (Dorsey owns an unspecified amount of the cryptocurrency.)
Google

Google Is Buying Innovative Camera Startup Lytro For $40 Million (techcrunch.com) 36

According to TechCrunch, Google is acquiring Lytro, the imaging startup that began as a ground-breaking camera company for consumers before pivoting to use its depth-data, light-field technology in VR. From the report: One source described the deal as an "asset sale" with Lytro going for no more than $40 million. Another source said the price was even lower: $25 million and that it was shopped around -- to Facebook, according to one source; and possibly to Apple, according to another. A separate person told us that not all employees are coming over with the company's technology: some have already received severance and parted ways with the company, and others have simply left. Assets would presumably also include Lytro's 59 patents related to light-field and other digital imaging technology. The sale would be far from a big win for Lytro and its backers. The startup has raised just over $200 million in funding and was valued at around $360 million after its last round in 2017, according to data from PitchBook. Its long list of investors include Andreessen Horowitz, Foxconn, GSV, Greylock, NEA, Qualcomm Ventures and many more. Rick Osterloh, SVP of hardware at Google, sits on Lytro's board. A pricetag of $40 million is not quite the exit that was envisioned for the company when it first launched its camera concept, and in the words of investor Ben Horowitz, "blew my brains to bits."
Bitcoin

Russia Secretly Helped Venezuela Launch a Cryptocurrency To Evade US Sanctions (time.com) 109

According to an exclusive report by Time, Russia helped Venezuelan officials create the world's first state-backed cryptocurrency to skirt U.S. sanctions. The cryptocurrency was launched in late February and was banned by the Trump administration earlier this week. From the report: The new cryptocurrency, a form of digital cash that is supposedly linked to the value of Venezuela's oil reserves, was launched on Feb. 20 during a ceremony in the presidential palace in Caracas. Nicolas Maduro, the socialist leader of Venezuela, declared that it would serve as a kind of "kryptonite" against the power of the U.S government, which he sarcastically referred to as "Superman." Sitting in the front row at that ceremony were two of Maduro's Russian advisers, Denis Druzhkov and Fyodor Bogorodsky, whom the President thanked for aiding his fight against American "imperialism." Both men have ties to major Russian banks and billionaires close to the Kremlin. But they were not the most senior Russians involved. According to an executive at a Russian state bank who deals with cryptocurrencies, senior advisers to the Kremlin have overseen the effort in Venezuela, and President Vladimir Putin signed off on it last year. "People close to Putin, they told him this is how to avoid the sanctions," says the executive, who spoke to TIME on condition of anonymity. "This is how the whole thing started."
Media

Police Release First Video From Inside the Uber Self-Driving Car That Killed a Pedestrian (recode.net) 698

An anonymous reader quotes a report from Recode: Three days after an Uber self-driving vehicle fatally crashed into a pedestrian in Tempe, Ariz., police have released video footage of what the vehicle saw with its cameras moments before running the woman over, and what happened inside the vehicle, where an operator was at the wheel. The video footage does not conclusively show who is at fault. However, it seems to confirm initial reports from the Tempe police that Herzberg appeared suddenly. It also showed the vehicle operator behind the wheel intermittently looking down while the car was driving itself.
Businesses

Ask Slashdot: Were Developments In Technology More Exciting 30 Years Ago? 231

dryriver writes: We live in a time where mainstream media, websites, blogs, social media accounts, your barely computer literate next door neighbor and so forth frequently rave about the "innovation" that is happening everywhere. But as someone who experienced developments in technology back in the 1980s and 1990s, in computing in particular, I cannot shake the feeling that, somehow, the "deep nerds" who were innovating back then did it better and with more heartfelt passion than I can feel today. Of course, tech from 30 years ago seems a bit primitive compared to today -- computer gear is faster and sleeker nowadays. But it seems that the core techniques and core concepts used in much of what is called "innovation" today were invented for the first time one-after-the-other back then, and going back as far as the 1950s maybe. I get the impression that much of what makes billions in profits today and wows everyone is mere improvements on what was actually invented and trail blazed for the first time, 2, 3, 4, 5 or more decades ago. Is there much genuine "inventing" and "innovating" going on today, or are tech companies essentially repackaging the R&D and knowhow that was brought into the world decades ago by long-forgotten deep nerds into sleeker, sexier 21st century tech gadgets? Is Alexa, Siri, the Xbox, Oculus Rift or iPhone truly what could be considered "amazing technology," or should we have bigger and badder tech and innovation in the year 2018?
Youtube

YouTube Bans Firearms Demo Videos, Entering the Gun Control Debate (bloomberg.com) 667

YouTube has quietly introduced tighter restrictions on videos involving weapons, becoming the latest battleground in the U.S. gun-control debate. "YouTube will ban videos that promote or link to websites selling firearms and accessories, including bump stocks, which allow a semi-automatic rifle to fire faster," reports Bloomberg. "Additionally, YouTube said it will prohibit videos with instructions on how to assemble firearms." From the report: "We routinely make updates and adjustments to our enforcement guidelines across all of our policies," a YouTube spokeswoman said in a statement. "While we've long prohibited the sale of firearms, we recently notified creators of updates we will be making around content promoting the sale or manufacture of firearms and their accessories." The National Shooting Sports Foundation, a gun industry lobbying group, called YouTube's new policy "worrisome." "We suspect it will be interpreted to block much more content than the stated goal of firearms and certain accessory sales," the foundation said in a statement. "We see the real potential for the blocking of educational content that serves instructional, skill-building and even safety purposes. Much like Facebook, YouTube now acts as a virtual public square. The exercise of what amounts to censorship, then, can legitimately be viewed as the stifling of commercial free speech."

The new YouTube policies will be enforced starting in April, but at least two video bloggers have already been affected. Spike's Tactical, a firearms company, said in a post on Facebook that it was suspended from YouTube due to "repeated or severe violations" of the video platform's guidelines.

AT&T

AT&T Suffers Another Blow In Court Over Throttling of 'Unlimited' Data (arstechnica.com) 40

An anonymous reader quotes a report from Ars Technica: A federal judge has revived a lawsuit that angry customers filed against AT&T over the company's throttling of unlimited mobile data plans. The decision comes two years after the same judge decided that customers could only have their complaints heard individually in arbitration instead of in a class-action lawsuit. The 2016 ruling in AT&T's favor was affirmed by a federal appeals court. But the customers subsequently filed a motion to reconsider the arbitration decision, saying that an April 2017 decision by the California Supreme Court "constitutes a change in law occurring after the Courts arbitration order," Judge Edward Chen of U.S. District Court for the Northern District of California said in the new ruling issued last week. The state Supreme Court "held that an arbitration agreement that waives the right to seek the statutory remedy of public injunctive relief in any forum is contrary to California public policy and therefore unenforceable," Chen wrote.

AT&T argued that the court shouldn't consider the new argument, saying that plaintiffs raised it too late. The plaintiffs could have made the same argument before the April 2017 Supreme Court ruling, since the ruling was based on California laws that "were enacted decades ago," according to AT&T. Chen was not persuaded, noting that "there had been no favorable court rulings" the plaintiffs could have cited earlier in the case. "The Court also finds that Plaintiffs acted with reasonable diligence once there was a ruling favorable to them," Chen wrote. As a result, the plaintiffs can now proceed with their case in U.S. District Court against AT&T. However, AT&T will appeal Chen's latest decision, presumably in the U.S. Court of Appeals for the Ninth Circuit.

Earth

Water Shortages Could Affect 5 Billion People By 2050, UNESCO Warns (theguardian.com) 106

About 3.6 billion people are estimated to be living in areas with a potential for water scarcity for at least one month per year, and this number could rise to as many as 5.7 billion people by 2050, according to a report published by UNESCO [PDF]. From a report: The comprehensive annual study warns of conflict and civilisational threats unless actions are taken to reduce the stress on rivers, lakes, aquifers, wetlands and reservoirs. The World Water Development Report -- released in drought-hit BrasÃlia -- says positive change is possible, particularly in the key agricultural sector, but only if there is a move towards nature-based solutions that rely more on soil and trees than steel and concrete.

"For too long, the world has turned first to human-built, or 'grey', infrastructure to improve water management. In doing so, it has often brushed aside traditional and indigenous knowledge that embraces greener approaches," says Gilbert Houngbo, the chair of UN Water, in the preface of the 100-page assessment. "In the face of accelerated consumption, increasing environmental degradation and the multi-faceted impacts of climate change, we clearly need new ways of manage competing demands on our freshwater resources."

Government

Senate Passes Controversial Online Sex Trafficking Bill (thehill.com) 169

The Senate today gave final approval to a bill aimed at cracking down on online sex trafficking, sending the measure to the White House where President Trump is expected to sign it into law. From a report: The legislation, called the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA), but also referred to as SESTA, would cut into the broad protections websites have from legal liability for content posted by their users. Those protections are codified in Section 230 of the Communications Decency Act from 1996, a law that many internet companies see as vital to protecting their platforms and that SESTA would amend to create an exception for sex trafficking.

Sen. Ron Wyden (D-Ore.), the most outspoken critic of SESTA and one of the authors of the 1996 law, said that making exceptions to Section 230 will lead to small internet companies having to face an onslaught of frivolous lawsuits.
EFF expressed its disappointment, saying, "Today is a dark day for the Internet. Congress just passed the Internet censorship bill SESTA/FOSTA. SESTA/FOSTA will silence online speech by forcing Internet platforms to censor their users. As lobbyists and members of Congress applaud themselves for enacting a law ostensibly tackling the problem of trafficking, let's be clear: Congress just made trafficking victims less safe, not more. Sex trafficking experts have tried again and again to explain to Congress how SESTA/FOSTA will put trafficking victims in danger. Sex workers have spoken out too, explaining how online platforms have literally saved their lives. Why didn't Congress consult with the people their bill would most directly affect? [...] When platforms choose to err on the side of censorship, marginalized voices are censored disproportionately. SESTA/FOSTA will make the Internet a less inclusive place, something that hurts all of us. This might just be the beginning. Some of these groups behind SESTA / FOSTA seem to see the bill as a mere stepping stone to banning pornography from the Internet."
Facebook

Mark Zuckerberg Addresses the Cambridge Analytica Scandal, Says Facebook 'Made Mistakes' in Protecting Data (buzzfeed.com) 127

Facebook CEO Mark Zuckerberg on Wednesday commented on the massive, deepening data harvesting scandal his company has been embroiled in since last Friday. From a report: "We have a responsibility to protect your data, and if we can't then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again," he said. The scandal -- involving the illicit collection of data from 50 million Facebook users, and its later use by Trump campaign analytics vendor Cambridge Analytica -- has helped chop off nearly $50 billion in value from Facebook's market cap since last Friday, led to calls from US lawmakers for Zuckerberg testify before congress, and raised eyebrows at the U.S. Federal Trade Commission, which is now probing the company. Speaking of things Facebook plans to do to ensure that this mess doesn't repeat itself, Zuckerberg added, "First, we will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity. We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused here as well.

"Second, we will restrict developers' data access even further to prevent other kinds of abuse. For example, we will remove developers' access to your data if you haven't used their app in 3 months. We will reduce the data you give an app when you sign in -- to only your name, profile photo, and email address. We'll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we'll have more changes to share in the next few days."

There is no explicit apology in Zuckerberg's comment today.
Businesses

People Were Asked To Name Women Tech Leaders. They Said 'Alexa' and 'Siri' (fastcompany.com) 330

An anonymous reader shares a report: The tech industry has a persistent problem with gender inequality, particularly in its leadership ranks, and a new study from LivePerson underscores just how depressingly persistent it truly is. When the company asked a representative sample of 1,000 American consumers whether they could name a famous woman leader in tech, 91.7% of respondents drew a complete blank, while only 8.3% said they could. But wait, it gets worse: Of those 8.3% who said they could name a famous woman tech leader, only 4% actually could -- and a quarter of those respondents named "Siri" or "Alexa." Now, granted, this represents only about 10 people in the survey group, but that's 10 people for whom the most famous woman in tech is a virtual assistant.
Robotics

Robots Are Trying To Pick Strawberries. So Far, They're Not Very Good At It (npr.org) 131

Robots have taken over many of America's factories. They can explore the depths of the ocean, and other planets. They can play ping-pong. But can they pick a strawberry? From a report: "You kind of learn, when you get into this -- it's really hard to match what humans can do," says Bob Pitzer, an expert on robots and co-founder of a company called Harvest CROO Robotics. (CROO is an acronym. It stands for Computerized Robotic Optimized Obtainer.) Any 4-year old can pick a strawberry, but machines, for all their artificial intelligence, can't seem to figure it out. Pitzer says the hardest thing for them is just finding the fruit. The berries hide behind leaves in unpredictable places. "You know, I used to work in the semiconductor industry. I was a development engineer for Intel, and it was a lot easier to make semiconductor chips," he says with a laugh.
Facebook

Mozilla Launches a Petition Asking Facebook To Do More For User Privacy (betanews.com) 52

An anonymous reader shares a report: After it was revealed that the personal data of 50 million Facebook users was shared without consent, Mozilla is calling on the social network to ensure that user privacy is protected by default, particularly when it comes to apps.

Ashley Boyd, Mozilla's vice president of advocacy, says that billions of Facebook users are unknowingly at risk of having their data passed on to third parties. He says: "If you play games, read news or take quizzes on Facebook, chances are you are doing those activities through third-party apps and not through Facebook itself. The default permissions that Facebook gives to those third parties currently include data from your education and work, current city and posts on your timeline."

Books

Ask Slashdot: I Want To Get Into Comic Books, But Where Do I Start? 212

An anonymous reader writes: Hi fellow readers. I don't recall reading many comic books as a kid (mostly because I could not afford them), but of late, I have been considering giving that a shot. I wanted to ask if you had any tips to share. Do I start with paperback editions, or do I jump directly into digital? Also, could you recommend a few good sci-fic comic book series? Thanks in advance!
Facebook

Facebook is Building a Real Community in California To Test Whether People Love Tech Companies Enough To Live in Them (nytimes.com) 181

In Menlo Park, Calif., Facebook is building a real community and testing the proposition: Do people love tech companies so much they will live inside them? From a report: Willow Village will be wedged between the Menlo Park neighborhood of Belle Haven and the city of East Palo Alto, both heavily Hispanic communities that are among Silicon Valley's poorest. Facebook is planning 1,500 apartments, and has agreed with Menlo Park to offer 225 of them at below-market rates. The most likely tenants of the full-price units are Facebook employees, who already receive a five-figure bonus if they live near the office.

The community will have eight acres of parks, plazas and bike-pedestrian paths open to the public. Facebook wants to revitalize the railway running alongside the property and will finish next year a pedestrian bridge over the expressway. The bridge will provide access to the trail that rings San Francisco Bay, a boon for birders and bikers. Mr. Tenanes, Facebook's vice president for real estate, contemplates the audacity of building a city.

Microsoft

Microsoft Says Windows 10 Spring Creators Update Will Install in 30 Minutes (bleepingcomputer.com) 173

An anonymous reader shares a report: Microsoft has announced that the upcoming Windows 10 major feature upgrade -- dubbed the Spring Creators Update -- will take around 30 minutes to install, unlike previous variants that took between one and two hours to complete. This boost in installation time is attributed to work engineers have done on the "Feature Update" process -- the name Microsoft uses to refer to its bi-annual major OS updates. Microsoft says that this Feature Update process actually consists of two separate phases -- the "online" and "offline" stages. During the "online" phase, the user's computer downloads the necessary update files and executes various operations in the OS' background without affecting the device's battery life or system performance.
Music

YouTube Will 'Frustrate' Some Users With Ads So They Pay for Music (bloomberg.com) 191

YouTube will increase the number of ads that some users see between music videos, part of a strategy to convince more of its billion-plus viewers to pay for a forthcoming subscription music service from the Google-owned video site. Bloomberg: People who treat YouTube like a music service, those passively listening for long periods of time, will encounter more ads, according to Lyor Cohen, the company's global head of music. "You're not going to be happy after you are jamming 'Stairway to Heaven' and you get an ad right after that," Cohen said in an interview at the South by Southwest music festival. Cohen is trying to prove that YouTube is committed to making people pay for music and silence the "noise" about his company's purported harm to the recording industry. The labels companies have long criticized YouTube for hosting videos that violate copyrights, and not paying artists and record companies enough.
Government

Kaspersky Lab Plans Swiss Data Center To Combat Spying Allegations, Report Says (reuters.com) 47

An anonymous reader shares a report: Moscow-based Kaspersky Lab plans to open a data center in Switzerland to address Western government concerns that Russia exploits its anti-virus software to spy on customers, according to internal documents seen by Reuters. Kaspersky is setting up the center in response to actions in the United States, Britain and Lithuania last year to stop using the company's products, according to the documents, which were confirmed by a person with direct knowledge of the matter. The action is the latest effort by Kaspersky, a global leader in anti-virus software, to parry accusations by the U.S. government and others that the company spies on customers at the behest of Russian intelligence.
AMD

AMD Says Patches Coming Soon For Chip Vulnerabilities (securityweek.com) 84

wiredmikey writes: After investigating recent claims from a security firm that its processors are affected by more than a dozen serious vulnerabilities, chipmaker Advanced Micro Devices (AMD) says patches are coming to address several security flaws in its chips. In its first public update after the surprise disclosure of the vulnerabilities by Israeli-based security firm CTS Labs, AMD said the issues are associated with the firmware managing the embedded security control processor in some of its products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.

AMD said that patches will be released through BIOS updates to address the flaws, which have been dubbed MASTERKEY, RYZENFALL, FALLOUT and CHIMERA. The company said that no performance impact is expected for any of the forthcoming mitigations.

Facebook

WhatsApp Co-Founder Tells Everyone To Delete Facebook, Further Fueling the #DeleteFacebook Movement (theverge.com) 307

"In 2014, Facebook bought WhatsApp for $16 billion, making its co-founders -- Jan Koum and Brian Acton -- very wealthy men," reports The Verge. "Koum continues to lead the company, but Acton quit earlier this year to start his own foundation." Today, Acton told his followers on Twitter to delete Facebook. From the report: "It is time," Acton wrote, adding the hashtag #deletefacebook. Acton, who is worth $6.5 billion, did not immediately respond to a request for comment. Nor did Facebook and WhatsApp. It was unclear whether Acton's feelings about Facebook extend to his own app. But last month, Acton invested $50 million into Signal, an independent alternative to WhatsApp. The tweet came after a bruising five-day period for Facebook that has seen regulators swarm and its stock price plunge following concerns over data privacy in the wake of revelations about Cambridge Analytica's misuse of user data. Acton isn't the only one taking to Twitter to announce their breakup with Facebook. The #DeleteFacebook movement is gaining steam following the New York Times' report about how the data of 50 million users had been unknowingly leaked and purchased to aid President Trump's successful 2016 bid for the presidency. For many users, the news "highlighted the danger of Facebook housing the personal information of billions of users," reports SFGate. "And even before the Cambridge Analytica news, Facebook has been grappling with its waning popularity in the U.S. The company lost 1 million domestic users last quarter -- its first quarterly drop in daily users."
Education

Chinese Companies Are Buying Up Cash-Strapped US Colleges (bloomberg.com) 206

An anonymous reader quotes a report from Bloomberg: Chinese companies are taking advantage of America's financially strapped higher-education system to buy schools, and the latest deal for a classical music conservatory in Princeton, New Jersey, is striking chords of dissonance on campus. Beijing Kaiwen Education Technology Co. agreed in February to pay $40 million for Westminster Choir College, an affiliate of Rider University that trains students for careers as singers, conductors and music teachers. The announcement came just weeks after the government-controlled Chinese company changed its name from Jiangsu Zhongtai Bridge Steel Structure Co. The pending purchase rankles some Westminster faculty and alumni, who question what a longtime maker of steel spans knows about running an elite school whose choirs sang with maestros Leonard Bernstein, Arturo Toscanini and Seiji Ozawa. Alumni are among those suing in New York federal court to block the sale, saying it violates Westminster's 1991 merger agreement with Rider and will trigger the choir college's demise.
Space

SpaceX Indicates It Will Manufacture the BFR Rocket In Los Angeles (arstechnica.com) 95

A new document from the Port of Los Angeles indicates that the company is moving ahead with plans to build a "state-of-the-art" industrial manufacturing facility near Long Beach, about 20 miles south of its headquarters. It's possible that the facility may be used to manufacture the company's Big Falcon Rocket, or BFR vehicle, which is expected to measure 106 meters tall and nine meters wide. The Long Beach location makes sense since the BFR will be so large that it needs to be built near water where it can be transported. Ars Technica reports: The company seeks to use an 18-acre site at Berth 240 in the port "for the construction and operation of a facility to manufacture large commercial transportation vessels." Operations at the site would include "research and development of transportation vessels and would likely include general manufacturing procedures such as welding, composite curing, cleaning, painting, and assembly operations." Completed vessels would need to be transported by water due to their size, the document states, as a means to explain why the company needs a facility immediately adjacent to the water. The document also noted that the 10-year lease, with up to two 10-year renewals, would "accommodate recovery operations undertaken by Space Exploration Technologies to bring to shore vehicles returning from space that are retrieved by an autonomous drone ship offshore." This would be for first-stage recoveries of the Falcon 9 rocket and probably payload fairings as well.

Slashdot Top Deals