Security

Suspicious Event Hijacks Amazon Traffic For 2 hours, Steals Cryptocurrency (arstechnica.com) 56

Amazon lost control of some of its widely used cloud services for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that allowed them to redirect traffic to rogue destinations, according to media reports. ArsTechnica: The attackers appeared to use one server masquerading as cryptocurrency website MyEtherWallet.com to steal digital coins from unwitting end users. They may have targeted other customers of Amazon's Route 53 service as well. The incident, which started around 6am California time, hijacked roughly 1,300 IP addresses, Oracle-owned Internet Intelligence said on Twitter. The malicious redirection was caused by fraudulent routes that were announced by Columbus, Ohio-based eNet, a large Internet service provider that is referred to as autonomous system 10297. Once in place, the eNet announcement caused some of its peers to send traffic over the same unauthorized routes. [...] Tuesday's event may also have ties to Russia, because MyEtherWallet traffic was redirected to a server in that country, security researcher Kevin Beaumont said in a blog post. The redirection came by rerouting domain name system traffic and using a server hosted by Chicago-based Equinix to perform a man-in-the-middle attack. MyEtherWallet officials said the hijacking was used to send end users to a phishing site. Participants in this cryptocurrency forum appear to discuss the scam site. Further reading: Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000 (BleepingComputer).
AI

AI Will Wipe Out Half the Banking Jobs In a Decade, Experts Say 111

Experts in the industry say that current advances in artificial intelligence and automation could replace as many as half the nation's financial services workers over the next decade, though it will take a big investment to make that happen. The Mercury News reports: "Unless banks deal with the performance issues that AI will cause for ultra-large databases, they will not be able to take the money gained by eliminating positions and spend it on the new services and products they will need in order to stay competitive," James D'Arezzo, CEO of Glendale-based Condusiv Technologies, said. Intensive hardware upgrades are often cited as an answer to the problem, but D'Arezzo said that's prohibitively expensive.

Speaking to an audience last year in Frankfurt, Germany, Deutsche Bank CEO John Cryan predicted a "bonfire" of industry jobs as automation moves forward. "In our bank we have people doing work like robots," he said. "Tomorrow we will have robots behaving like people. It doesn't matter if we as a bank will participate in these changes or not, it is going to happen." Increased processing power, cloud storage and other developments are making many tasks possible that once were considered too complex for automation, according to Cryan. D'Arezzo, whose company works to improve existing software performance, said the financial industry is being swamped by "a tsunami of data," including new compliance requirements for customer privacy and constantly changing bank regulations.
Bhagwan Chowdhry, a professor of finance and economics at the UCLA Anderson School of Management, offers a less bleak view of the future. "Technology will eliminate some jobs that are repetitive and require less human judgment," he said, "But I think they will get replaced by other jobs that humans are better at. Anything that requires judgment is something humans will continue to do. We are not good at multiplying 16-digit numbers, but we're good at judging people and detecting if someone is telling the truth."
Facebook

'Login With Facebook' Data Hijacked By JavaScript Trackers (techcrunch.com) 91

An anonymous reader quotes a report from TechCrunch: Facebook confirms to TechCrunch that it's investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user's data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data. The abusive scripts were found on 434 of the top 1 million websites including freelancer site Fiverr.com, camera seller B&H Photo And Video, and cloud database provider MongoDB. That's according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton's Center For Information Technology Policy.
Communications

A Florida Man Has been Accused of Making 97 Million Robocalls (bloomberg.com) 176

A Florida man accused of flooding consumers with 97 million phone calls touting fake travel deals appeared Wednesday before lawmakers to explain how robocalls work and to say, "I am not the kingpin of robocalling that is alleged." From a report: Adrian Abramovich, of Miami, who is fighting a proposed $120 million fine, told senators that open-source software lets operators make thousands of phone calls with the click of a button, in combination with cloud-based computing and "the right long distance company." "Clearly regulation needs to address the carriers and providers and require the major carriers to detect robocalls activity," Abramovich said in testimony submitted in advance to the Senate Commerce Committee. He has asked the Federal Communications Commission to reduce the fine proposed last year, calling it disproportionate, in part because most calls went unanswered or resulted in a quick hang-up by consumers. The panel's chairman, Senator John Thune, a South Dakota Republican, called Abamovich and officials from the FCC and other agencies to discuss ways to stop abusive calls.
Cloud

Microsoft Built Its Own Custom Linux Kernel For Its New IoT Service (techcrunch.com) 199

At a small press event in San Francisco, Microsoft today announced the launch of a secure end-to-end IoT product that focuses on microcontroller-based devices -- the kind of devices that use tiny and relatively low-powered microcontrollers (MCUs) for basic control or connectivity features. TechCrunch reports: At the core of Azure Sphere is a new class of certified MCUs. As Microsoft president and chief legal officer Brad Smith stressed in today's announcement, Microsoft will license these new Azure Sphere chips for free, in hopes to jump-start the Azure Sphere ecosystem. Because it's hard to secure a device you can't update or get telemetry from, it's no surprise that these devices will feature built-in connectivity. And with that connectivity, these devices can also connect to the Azure Sphere Security Service in the cloud. For the first time ever, Microsoft is launching a custom Linux kernel and distribution: the Azure Sphere OS. It's an update to the kind of real-time operating systems that today's MCUs often use.

Why use Linux? "With Azure Sphere, Microsoft is addressing an entirely new class of IoT devices, the MCU," Rob Lefferts, Microsoft's partner director for Windows enterprise and security told me at the event. "Windows IoT runs on microprocessor units (MPUs) which have at least 100x the power of the MCU. The Microsoft-secured Linux kernel used in the Azure Sphere IoT OS is shared under an OSS license so that silicon partners can rapidly enable new silicon innovations." And those partners are also very comfortable with taking an open-source release and integrating that with their products. To get the process started, MediaTek is producing the first set of these new MCUs. These are low-powered, single-core ARM-A7 systems that run at 500MHz and include WiFi connectivity as well as a number of other I/O options.

Security

Hackers Stole a Casino's High-Roller Database Through a Thermometer in the Lobby Fish Tank (businessinsider.com) 245

From a report: Nicole Eagan, the CEO of cybersecurity company Darktrace, told the WSJ CEO Council in London on Thursday: "There's a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There's just a lot of IoT. It expands the attack surface and most of this isn't covered by traditional defenses."

Eagan gave one memorable anecdote about a case Darktrace worked on where an unnamed casino was hacked via a thermometer in a lobby aquarium. "The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud," she said.

Red Hat Software

Red Hat Enterprise Linux Version 7.5 Released (redhat.com) 64

On Tuesday Red Hat announced the general availability of Red Hat Enterprise Linux version 7.5. An anonymous reader writes: Serving as a consistent foundation for hybrid cloud environments, Red Hat Enterprise Linux 7.5 provides enhanced security and compliance controls, tools to reduce storage costs, and improved usability, as well as further integration with Microsoft Windows infrastructure both on-premise and in Microsoft Azure.

New features include a large combination of Ansible Automation with OpenSCAP, and LUKS-encrypted removable storage devices can be now automatically unlocked using NBDE. The Gnome shell has been re-based to version 3.26, the Kernel version is 3.10.0-862, and the kernel-alt packages include kernel version 4.14 with support for 64-bit ARM, IBM POWER9 (little endian), and IBM z Systems, while KVM virtualization is now supported on IBM POWER8/POWER9 systems.

See the detailed release notes here.
Businesses

Amazon Spent Close To $23B on R&D in 2017, Outpacing Fellow Tech Giants (geekwire.com) 62

Amazon powered its prolific 2017, which saw the release of a cavalcade of new products and services, with $22.6 billion in spending on research and development, tops among U.S. companies. From a report: According to data from FactSet, Google parent Alphabet came in second in R&D spending in 2017 at $16.6 billion, followed by Intel at $13.1 billion, Microsoft at $12.3 billion and Apple at $11.6 billion. Facebook jumped into the top 10, spending $7.8 billion in 2017. One of Amazon's biggest R&D efforts in recent years has been the cashier-less grocery store concept Amazon Go. The company spent 2017 getting the technology, first announced in December 2016, ready for prime time before opening the first location in January. Amazon has invested heavily in its market-leading cloud computing arm, Amazon Web Services. AWS juiced Amazon.
The Courts

The Supreme Court Fight Over Microsoft's Foreign Servers Is Over (theverge.com) 94

An anonymous reader quotes a report from The Verge: The much-anticipated Supreme Court case U.S. v. Microsoft -- which could have decided the extent of American jurisdiction over foreign servers -- is now, for all intents and purposes, dead. On March 30th, the Department of Justice moved to drop the lawsuit as moot, and today, Microsoft filed to agree with the motion. While the Supreme Court has yet to officially drop the case, it's a foregone conclusion that they will. Both the government and Microsoft agree that the newly passed CLOUD Act renders the lawsuit meaningless. In U.S. v. Microsoft, federal law enforcement clashed with Microsoft over the validity of a Stored Communications Act warrant for data stored on a server in Dublin. The CLOUD Act creates clear new procedures for procuring legal orders for data in these kinds of cross-border situations. In last week's motion to vacate, DOJ disclosed that it had procured a new warrant under the CLOUD Act.
Google

Google Turns To Users To Improve Its AI Chops Outside the US (wired.com) 24

Google is betting that algorithms that understand images and text will draw business to its cloud services, make augmented reality popular, and prompt us to search using our smartphone cameras. From a report: The search company's machine learning systems work best on material from a few rich parts of the world, like the US. They stumble more frequently on data from less affluent countries -- particularly emerging economies like India that Google is counting on to maintain its growth. "We have a very sparse training data set from parts of the world that are not the United States and Western Europe," says Anurag Batra, a researcher at Google.

When Batra travels to his native Delhi, he says Google's AI systems become less smart. Now, he leads a project trying to change that. "We can understand pasta very well, but if you ask about pesarattu dosa, or anything from Korea or Vietnam, we're not very good," Batra says. To fix the problem, Batra is tapping the brains and phones of some of Google's billions of users. His team built an app called Crowdsource that asks people to perform quick tasks like checking the accuracy of Google's image-recognition and translation algorithms. Starting this week, the Crowdsource app also asks users to take and upload photos of nearby objects.

Microsoft

Microsoft: We'll Help Customers Create Patents But We Get a License To Use Them (zdnet.com) 52

Microsoft outlined a new intellectual-property policy on Thursday for co-developed technology that embraces open source and seeks to assure customers it won't run off with their innovations. From a report: The shared innovation principles build on its Azure IP Advantage program for helping customers combat patent trolls. The new principles for co-developed innovation cover ownership of existing technology, customer ownership of new patents, support for open source, licensing new IP back to Microsoft, software portability, transparency, and learning. Microsoft president Brad Smith says the principles aim to assuage customers' fears that Microsoft may end up using co-developed technology to rival them.

[...] In return, Microsoft gets to license back any of the patents in the new technology but promises to limit their use to improving its own platform technologies, such as Azure, Azure AI services, Office 365, Windows, Xbox, and HoloLens. It also reserves the right to use "code and tools developed by or on behalf of Microsoft that are intended to provide technical assistance to customers in their respective businesses."

DRM

Ask Slashdot: What Would Happen If Everything On the Internet Was DRM Protected? 190

dryriver writes: The whole Digital Rights Management (DRM) train started with music and films, spread horribly to computer and console games (Steam, Origin), turned a lot of computer software you could once buy-and-use into DRM-locked Software As A Service or Cloud Computing products (Adobe, Autodesk, MS Office 365 for example) that are impossible to use without an active Internet connection and account registration on a cloud service somewhere. Recently the World Wide Web Consortium (W3C) appears to have paved the way for DRM to find its way into the world of Internet content in various forms as well. Here's the question: What would happen to the Internet as we know it if just about everything on a website -- text, images, audio, video, scripts, games, PDF documents, downloadable files and data, you name it -- had DRM protection and DRM usage-limitations hooked into it by default?

Imagine trying to save a JPEG image you see on a website to your harddisk, and not only does every single one of your web browsers refuse the request, but your OS's screen-capture function won't let you take a snapshot of that JPEG image either. Imagine trying to copy-and-paste some text from a news article somewhere into a Slashdot submission box, and having browser DRM tell you 'Sorry! The author, copyright holder or publisher of this text does not allow it to be quoted or re-published anywhere other than where it was originally published!'. And then there is the (micro-)payments aspect of DRM. What if the DRM-fest that the future Internet may become 5 to 10 years from now requires you to make payments to a copyright holder for quoting, excerpting or re-publishing anything of theirs on your own webpage? Lets say for example that you found some cool behind-the-scenes-video of how Spiderman 8 was filmed, and you want to put that on your Internet blog. Except that this video is DRM'd, and requires you to pay 0.1 Cent each time someone watches the video on your blog. Or you want to use a short excerpt from a new scifi book on your blog, and the same thing happens -- you need to pay to re-publish even 4 paragraphs of the book. What then?
Cloud

Move Over Moore's Law, Make Way For Huang's Law (ieee.org) 55

Tekla Perry writes: Are graphics processors a law unto themselves? Nvidia's Jensen Huang says a 25-times speedup over five years is evidence that they are. He calls this the 'supercharged law,' and says it's time to start counting advances on multiple fronts, including architecture, interconnects, memory technology, and algorithms, not just circuits on a chip.
AI

Non-Tech Businesses Are Beginning To Use AI at Scale (economist.com) 33

Artificial intelligence is spreading beyond the technology sector, with big consequences for companies, workers and consumers. An anonymous reader shares a report: Bosses of non-tech companies in a broad range of industries are starting to worry that AI could scorch or even incinerate them, and have been buying up promising young tech firms to ensure they do not fall behind (the link may be paywalled). In 2017 firms worldwide spent around $21.8bn on mergers and acquisitions related to AI, according to PitchBook, a data provider, about 26 times more than in 2015. They are doing this partly to secure talent, which is thin on the ground. Startups without revenue are fetching prices that amount to $5m-10m per AI expert.

As AI spreads beyond the tech sector, it will fuel the rise of new firms that challenge incumbents. This is already happening in the car industry, with autonomous-vehicle startups and ride-hailing firms such as Uber. But it will also change the way other companies work, transforming traditional functions such as supply-chain management, customer service and recruitment. The path ahead is exhilarating but perilous. Around 85% of companies think AI will offer a competitive advantage, but only one in 20 is "extensively" employing it today, according to a report by MIT's Sloan Management Review and the Boston Consulting Group. Large companies and industries, such as finance, that generate a lot of data, tend to be ahead and often build their own AI-enhanced systems. But many firms will choose to work with the growing array of independent AI vendors, including cloud providers, consultants and startups.

Microsoft

Microsoft Email Privacy Case No Longer Needed, Says The US (cnn.com) 84

An anonymous reader quotes CNN: The U.S. Department of Justice is asking the Supreme Court to abandon its case against Microsoft over international data privacy. A new law signed by President Donald Trump last week answers the legal question at the heart of Microsoft's case, the DOJ says. So the case "is now moot," the department said in a court filing posted Saturday.

Microsoft's legal battle began in 2013, when it refused to hand over emails stored on a server in Ireland to US officials who were investigating drug trafficking. Microsoft argued at the time that sharing data stored abroad could violate international treaties and policies, and there was no law on the books to provide any clarity. That changed with the The Cloud Act, which was tucked into the spending bill that Trump signed March 23. The act establishes a legal pathway for the United States to form agreements with other nations that make it easier for law enforcement to collect data stored on foreign soil... Microsoft cheered the new law, saying the Cloud Act provides the legal clarity the company sought.

The ACLU's legislative counsel argues that the new act hurts privacy and human rights, "at a time when human rights activists, dissidents and journalists around the world face unprecedented attacks."

"Would even a well-intentioned technology company, particularly a small one, have the expertise and resources to competently assess the risk that a foreign order may pose to a particular human rights activist?"
Cloud

Microsoft Is 'Demoting' Windows for the Cloud, Says CNN (cnn.com) 127

An anonymous reader quotes CNN: Microsoft is giving Windows a demotion, and leaning into the cloud. CEO Satya Nadella told employees on Thursday that Terry Myerson, leader of the Windows and Devices Group, is leaving the company. "Microsoft has been my work, my team, and my purpose for 21 years," Myerson wrote in a LinkedIn blog post. "It is an emotional day"... The shakeup includes the formation of two new engineering teams that will prioritize Microsoft's cloud and artificial intelligence products -- a move that should make investors happy, said Brad Reback, a software analyst at Stifel. Morgan Stanley said recently that Microsoft could hit $1 trillion in market value within a year, thanks in large part to the strengths of Azure, Microsoft's cloud computing service, and the cloud-based Office 365 software suite... Amy Hood, Microsoft's chief financial officer, said in January that the company's commercial cloud revenue grew 56% year-over-year. In that quarter, Windows commercial products and cloud services sales fell 4%.
Privacy

Adobe Is Helping Some 60 Companies Track People Across Devices (neowin.net) 66

Neowin reports of Adobe's recent announcement of its new Marketing Cloud Device Co-op initiative: The announcement of the new solution for tracking customers across devices was made at the Adobe Summit this week in Las Vegas to a digital marketing conference. According to an Adobe blog post released earlier this month citing Forrester, consumers are increasingly accessing multiple devices before making a purchase decision -- an average of 5.5 connected devices per person. This behavior creates a challenge for retailers, who cannot easily target people in their marketing campaigns, ultimately depending on Facebook or Google to track people instead of devices. Both Facebook and Google are able to do this job because of the massive amount of users logged into their ecosystems regularly, so most retailers have been opting to use those platforms as a way to reach potential customers. But Adobe's approach is to provide a platform agnostic solution acting as a glue between the world's biggest brands' own data management platforms.

In order for Device Co-op to work, each company that has joined the initiative will provide Adobe with "cryptographically hashed login IDs" and HTTP header data, which Adobe claims will completely hide the customer's identity. This data will be used to create groups of devices used by the same person or household, which will then be made available to all the members of the initiative so they can target people on different devices, instead of creating one customer profile per device, as can be seen from the example given in the image above. Until now, some 60 companies have joined the Adobe initiative, including brands such as Subway, Sprint, NFL, Lenovo, Intel, Barnes & Noble, and Subaru. Also, preliminary measurements made by Adobe indicate that Device Co-op could link up to 1.2 billion devices worldwide, based on the amount of accesses seen by current members. But it is important to note that the initiative is currently collecting data of U.S. and Canada users only.
Adobe is claiming the initiative will not disclose a user's identity to its members, including any personal data, but, given the recent Facebook and Cambridge Analytica scandal, many will be skeptical of those claims. Thankfully, Adobe is allowing users to completely opt out all of their devices from the services via this website.
Businesses

Amazon's Music Storage Service Will Remove MP3 Files on April 30 (theverge.com) 64

Amazon announced last year that it intends to shut down its dedicated cloud music locker. Now, the company has elaborated on its thinking. From a report: In an email to Amazon Music users, the company says uploaded songs will be removed from a user's library on April 30th, 2018. You can however keep any music in the cloud by proactively going to your Music Settings and clicking the "Keep my songs" button. Back in December, Amazon stopped letting users upload new tracks to Music Storage, which holds up to 250 songs for free. The company said at the time that by January 2019, users wouldn't be able to download or stream tracks they've uploaded to Music Storage, so it sounds like you'll still have many months between April and next January to get your music downloaded and onto a different storage platform or hard drive.
Operating Systems

macOS 10.13.4 Enables Support for External GPU (engadget.com) 53

With the latest release of macOS High Sierra, Apple has officially delivered on a couple of items in the works since WWDC 2017 last June. macOS 10.13.4 brings the external GPU (eGPU) support that lets developers, VR users gamers and anyone else in need of some extra oomph to plug in a more powerful graphics card via Thunderbolt 3. From a report: While that may not make every underpowered laptop VR ready, it certainly makes staying macOS-only more palatable for some power users. Another notable addition is Business Chat in Messages for users in the US. Twitter, Facebook, WhatsApp and others have tweaked their services to enable customer service linkups and now Apple has its version available on the desktop. With it, you can interact with business representatives or even make purchases. Other tweaks include waiting for the user to select login fields before autofilling password information in Safari, a smoke cloud wallpaper that had previously been restricted to the iMac Pro and a Safari shortcut for jumping to the rightmost tab by pressing Command-9. Further reading: Gizmodo.
China

China, in Search of Water, is Building a Rain-Making Network Three Times the Size of Spain (scmp.com) 111

China is testing cutting-edge defence technology to develop a powerful yet relatively low-cost weather modification system to bring substantially more rain to the Tibetan plateau, Asia's biggest freshwater reserve. From a report: The system, which involves an enormous network of fuel-burning chambers installed high up on the Tibetan mountains, could increase rainfall in the region by up to 10 billion cubic metres a year -- about 7 per cent of China's total water consumption -- according to researchers involved in the project. Tens of thousands of chambers will be built at selected locations across the Tibetan plateau to produce rainfall over a total area of about 1.6 million square kilometres (620,000 square miles), or three times the size of Spain. It will be the world's biggest such project.

The chambers burn solid fuel to produce silver iodide, a cloud-seeding agent with a crystalline structure much like ice. The chambers stand on steep mountain ridges facing the moist monsoon from south Asia. As wind hits the mountain, it produces an upward draft and sweeps the particles into the clouds to induce rain and snow.

Slashdot Top Deals