Mozilla and the National Science Foundation want a new internet. And they want it to be free and accessible for everybody. From a report: They'll pay $2 million for it. On Wednesday, the two organizations issued a call to action for "big ideas that decentralize the web" as part of the "Wireless Innovation for a Networked Society" challenges. The challenges include getting the internet to communities off the grid, with proposals like a backpack with a computer and Wi-Fi router inside.
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's now on IFTTT. Check it out! Check out the new SourceForge HTML5 Internet speed test! ×
Catalin Cimpanu, writing for BleepingComputer: Despite being an expanding threat, ransomware infections are rarely reported to law enforcement agencies, according to conclusions from the 2016 Internet Crime Report (PDF), released yesterday by the FBI's Internet Crime Complaint Center (IC3). During 2016, FBI IC3 officials said they received only 2,673 complaints regarding ransomware incidents, which ranked ransomware as the 22nd most reported cyber-crime in the US, having caused just over $2.4 million in damages (ranked 25th). The numbers are ridiculously small compared to what happens in the real world, where ransomware is one of today's most prevalent cyber-threats, according to multiple reports from cyber-security companies.
Mark Wilson, writing for BetaNews: Google has updated its search policies without any sort of fanfare. The search engine now "may remove" -- in addition to existing categories of information -- "confidential, personal medical records of private people" from search results. That such information was not already obscured from search results may well come as something of a surprise to many people. The change has been confirmed by Google, although the company has not issued any form of announcement about it.
Abstract of a study: The Chinese government has long been suspected of hiring as many as 2,000,000 people to surreptitiously insert huge numbers of pseudonymous and other deceptive writings into the stream of real social media posts, as if they were the genuine opinions of ordinary people. Many academics, and most journalists and activists, claim that these so-called "50c party" posts vociferously argue for the government's side in political and policy debates. As we show, this is also true of the vast majority of posts openly accused on social media of being 50c. Yet, almost no systematic empirical evidence exists for this claim, or, more importantly, for the Chinese regime's strategic objective in pursuing this activity. In the first large scale empirical analysis of this operation, we show how to identify the secretive authors of these posts, the posts written by them, and their content. We estimate that the government fabricates and posts about 448 million social media comments a year. In contrast to prior claims, we show that the Chinese regime's strategy is to avoid arguing with skeptics of the party and the government, and to not even discuss controversial issues. From a CNET article, titled, Chinese media told to 'shut down' talk that makes country look bad: Being an internet business in China appears to be getting tougher. Chinese broadcasters, including social media platform Weibo, streamer Acfun and media company Ifeng were told to shut down all audio and visual content that cast the country or its government in bad light, China's State Administration of Press, Publication, Radio, Film and Television posted on its website on Thursday, saying they violate local regulations. "[The service providers] broadcast large amounts of programmes that don't comply with national rules and propagate negative discussions about public affairs. [The agency] has notified all relevant authorities and ... will take measures to shut down these programmes and rectify the situation," reads the statement.
An anonymous reader shares a report: Samsung Electronics has launched the Exynos i T200, its first processor optimised for Internet of Things (IoT) devices, the company has announced. The South Korean tech giant said the chip has upped security and supports wireless connections, with hopes of giving it an advantage in the expanding IoT market. The Exynos i T200 applies Samsung's 28-nanometer High-K Metal Gate process and has multiple cores, with the Cortex-R4 doing the heavy lifting and an independently operating Cortex-M0+ allowing for multifunctionality. For example, if applied to a refrigerator, Cotext-R4 will run the OS and Cotex-M0+ will power LED displays on the doors.
Netflix announced that it's launching an all-new interactive format that turns viewers in storytellers, letting them dictate each choice and direction the story takes. "In each interactive title, you can make choices for the characters, shaping the story as you go," according to Netflix. "Each choice leads to a different adventure, so you can watch again and again, and see a new story each time." The Next Web reports: The first two interactive shows that will be available on Netflix are Puss in Book: Trapped in an Epic Tale and Buddy Thunderstruck: The Maybe Pile. Puss in Book launches globally today, with Buddy Thunderstruck slated to make its debut a month from now on July 14. The new experience will be available on most television setups and iOS devices. "Content creators have a desire to tell non-linear stories like these, and Netflix provides the freedom to roam, try new things and do their best work," Product Innovation director Carla Fisher said. "The intertwining of our engineers in Silicon Valley and the creative minds in Hollywood has opened up this new world of storytelling possibilities." Fisher further added that, for the time being, the streaming service will be mainly focusing its efforts on producing interactive content for children -- especially since their research has shown that they already tend to be prone to interacting with the screen.
An anonymous reader quotes a report from Ars Technica: A tiny Internet service provider has sued Comcast, alleging that the cable giant and its hired contractors cut the smaller company's wires in order to take over its customer base. Telecom Cable LLC had "229 satisfied customers" in Weston Lakes and Corrigan, Texas when Comcast and its contractors sabotaged its network, the lawsuit filed last week in Harris County District Court said. Comcast had tried to buy Telecom Cable's Weston Lakes operations in 2013 "but refused to pay what they were worth," the complaint says. Starting in June 2015, Comcast and two contractors it hired "systematically destroyed Telecom's business by cutting its lines and running off its customers," the lawsuit says. Comcast destroyed or damaged the lines serving all Telecom Cable customers in Weston Lakes and never repaired them, the lawsuit claims. Telecom Cable owner Anthony Luna estimated the value of his business at about $1.8 million, which he is seeking to recover. He is also seeking other damages from Comcast and its contractors, including exemplary damages that under state statute could "amount to a maximum of twice the amount of economic damages, plus up to $750,000 of non-economic damages," the complaint says. CourtHouse News Service has a story about the lawsuit, and it posted a copy of the complaint.
From a report: During the past month, both Google and Mozilla developers have added support in their respective browsers for "headless mode," a mechanism that allows browsers to run silently in the OS background and with no visible GUI. [...] While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware. In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user's knowledge. The adware won't need to include or download any extra tools and could use locally installed software to perform most of its malicious actions. In the past, there have been quite a few adware families that used headless browsers to perform clickfraud. Martijn Grooten, an editor at Virus Bulletin, also pointed Bleeping Computer to a report where miscreants had abused PhantomJS, a headless browser, to post forum spam. The addition of headless mode in Chrome and Firefox will most likely provide adware devs with a new method of performing surreptitious ad clicks.
An anonymous reader shares a Recode report: Music industry sources say the carmaker has had talks with all of the major labels about licensing a proprietary music service that would come bundled with its cars, which already come equipped with a high-tech dashboard and internet connectivity. Label sources aren't clear about the full scope of Tesla's ambitions, but believe it is interested in offering multiple tiers of service, starting with a Pandora-like web radio offering. The bigger question: Why doesn't Tesla simply integrate existing services, like Spotify or Apple Music, into all of its cars from the start -- especially since Tesla already does a deal with Spotify for Teslas sold outside the U.S.? "We believe it's important to have an exceptional in-car experience so our customers can listen to the music they want from whatever source they choose," a Tesla spokesperson said. "Our goal is to simply achieve maximum happiness for our customers."
An anonymous reader quotes a report from The Verge: In 2014, Tumblr was on the front lines of the battle for net neutrality. The company stood alongside Amazon, Kickstarter, Etsy, Vimeo, Reddit, and Netflix during Battle for the Net's day of action. Tumblr CEO David Karp was also part of a group of New York tech CEOs that met with then-FCC chairman Tom Wheeler in Brooklyn that summer, while the FCC was fielding public comment on new Title II rules. President Obama invited Karp to the White House to discuss various issues around public education, and in February 2015 The Wall Street Journal reported that it was the influence of Karp and a small group of liberal tech CEOs that swayed Obama toward a philosophy of internet as public utility. But three years later, as the battle for net neutrality heats up once again, Tumblr has been uncharacteristically silent. The last mention of net neutrality on Tumblr's staff blog -- which frequently posts about political issues from civil rights to climate change to gun control to student loan debt -- was in June 2016. And Tumblr is not listed as a participating tech company for Battle for the Net's next day of action, coming up in three weeks. One reason for Karp and Tumblr's silence? Last week Verizon completed its acquisition of Tumblr parent company Yahoo, kicking off the subsequent merger of Yahoo and AOL to create a new company called Oath. As one of the world's largest ISPs, Verizon is notorious for challenging the principles of net neutrality -- it sued the FCC in an effort to overturn net neutrality rules in 2011, and its general counsel Kathy Grillo published a note this April complimenting new FCC chairman Ajit Pai's plan to weaken telecommunication regulations.
eBay announced today a new Price Match Guarantee for over 50,000 items across its site -- promising that it will have the best deal online, or it will match the lowest price of a competitor. While only select items are available for this offer, "the move is a significant effort on eBay's part to ensure that it doesn't lose customers to Amazon, Walmart and other online stores as the market consolidates behind the industry's major players," reports TechCrunch. From the report: In order to qualify, the item must be one of the new, unopened items sold daily through eBay Deals, for starters. Deals are eBay's selection of "trending" inventory across all its categories -- like consumer electronics, home & garden, and fashion. The deals are also generally offered at 20 percent to 90 percent off, and are sourced from over 900 of eBay's trusted sellers. These sellers include both smaller merchants looking to grow their customer base as well as major consumer brands. At any time, eBay says there are "tens of thousands" of items offered through the Deals site, with featured deals updating at least once per day, beginning at 8 AM PT.
An anonymous reader quotes a report from The Hacker News: The National Security Agency (NSA) -- the United States intelligence agency which is known for its secrecy and working in the dark -- has finally joined GitHub and launched an official GitHub page. GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP), while some of these are "coming soon." "The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace," the agency wrote on the program's page. "OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community's enhancements to the technology." Many of the projects the agency listed are years old that have been available on the Internet for some time. For example, SELinux (Security-Enhanced Linux) has been part of the Linux kernel for years.
Futurepower(R) writes: What is the best way to isolate a network from the internet and prevent intrusion of malware, while allowing carefully examined data transfer from internet-facing computers? An example of complete network isolation could be that each user would have two computers with a KVM switch and a monitor and keyboard, or two monitors and two keyboards. An internet-facing computer could run a very secure version of Linux. Any data to be transferred to that user's computer on the network would perhaps go through several Raspberry Pi computers running Linux; the computers could each use a different method of checking for malware. Windows computers on the isolated network could be updated using Autopatcher, so that there would never be a direct connection with the internet. Why not use virtualization? Virtualization does not provide enough separation; there is the possibility of vulnerabilities. Do you have any ideas about improving the example above?
An anonymous reader quotes a report from Ars Technica: A proposed law in California would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing history. The California Broadband Internet Privacy Act, a bill introduced by Assembly member Ed Chau (D-Monterey Park) on Monday, is very similar to an Obama-era privacy rule that was scheduled to take effect across the US until President Trump and the Republican-controlled Congress eliminated it. If Chau's bill becomes law, ISPs in California would have to get subscribers' opt-in consent before using browsing history and other sensitive information in order to serve personalized advertisements. Consumers would have the right to revoke their consent at any time. The opt-in requirement in Chau's bill would apply to "Web browsing history, application usage history, content of communications, and origin and destination Internet Protocol (IP) addresses of all traffic." The requirement would also apply to geolocation data, IP addresses, financial and health information, information pertaining to minors, names and billing information, Social Security numbers, demographic information, and personal details such as physical addresses, e-mail addresses, and phone numbers.
Earlier this year, hackers obtained and leaked the episodes of TV show Orange Is the New Black. In a candid interview, Larson Studios' chief engineer David Dondorf explained how the audio post-production business allowed the hacker group to gain access to the Netflix original content. Dandorf says the company hired private data security experts to find how it was breached. The investigation found that the hacker group had been searching the internet for PCs running older versions of Windows and stumbled across an old computer at Larson Studios still running Windows 7. From the report: Larson's employees just didn't know all that much about it. Having a computer running an ancient version of Windows on the network was clearly a terrible lack of oversight, as was not properly separating internal servers from the internet. "A lot of what went on was ignorance," admitted Rick Larson. "We are a small company. Did we even know what the content security departments were at our clients? Absolutely not. I couldn't have told you who to call. I can now." It's a fascinating story about how the hacker group first made contact and tried to threaten Larson Studios' president and his wife, and how they responded. Worth a read.
New submitter evolutionary writes: According to F-Secure's Chief Research Officer "IoT is unavoidable. If it uses electricity, it will become a computer. If it uses electricity, it will be online. In future, you will only buy IoT appliances, whether you like it or not, whether you know it or not." F-Secure's new product to help mitigate data leakage, "Sense", is a IoT Firewall, combining a traditional firewall with a cloud service and uses concepts including behaviour-based blocking and device reputation to figure out whether you have insecure devices.
In the August 2017 issue of Consumer Reports magazine, the nonprofit organization ranked internet service providers based off customer satisfaction. According to the report, many consumers still don't like their broadband and television provider, and don't believe they receive a decent value for the high price they pay for service. DSLReports summarizes the findings: The report [...] names Chattanooga municipal broadband provider EPB as the most-liked ISP in the nation. EPB was followed by Google Fiber, Armstrong Cable, Consolidated Cable and RCN as the top-ranked ISPs in the nation. Google Fiber "was the clear winner for internet service," notes the report, "with the only high score for value." Google Fiber also received high marks for customer support and service. But large, incumbent ISPs continue to be aggressively disliked due to high prices and poor customer service, according to the report. Despite endless annual promises that customer service is the company's priority, Comcast ranked number 27 out of the 32 providers measured. The company's survey results were weighed down by low consumer marks for value, channel selection, technical support, customer service and free video on demand offerings. The least-liked ISPs in the nation, according to the report, are: Charter (Spectrum), Cable ONE, Atlantic broadband, Frontier Communications, and Mediacom. Not coincidentally, the two largest ISPs in that list just got done with massive mergers or acquisitions that resulted in higher prices and worse service than consumers saw previously. MyRatePlan has a breakdown of ISP providers and plans by ZIP code.
An anonymous reader quotes a report from VentureBeat: Mozilla today launched a new browser for Android. In addition to Firefox, the company now also offers Firefox Focus, a browser dedicated to user privacy that by default blocks many web trackers, including analytics, social, and advertising. You can download the new app now from Google Play. Because Google isn't as strict as Apple, Android users can set Firefox Focus as their default browser. There are many use cases for wanting to browse the web without being tracked, but Mozilla offers a common example: reading articles via apps "like Facebook." On iOS, Firefox Focus is basically just a web view with tracking protection. On Android, Firefox Focus is the same, with a few additional features (which are still "under consideration" for iOS):
- Ad tracker counter -- Lists the number of ads that are blocked per site while using the app.
- Disable tracker blocker -- For sites that are not loading correctly, you can disable the tracker blocker to fix the issues.
- Notification reminder -- When Firefox Focus is running in the background, a notification will remind you so you can easily tap to erase your browsing history.
Now you can search for jobs across virtually all of the major online job boards like LinkedIn, Monster, WayUp, DirectEmployers, CareerBuilders, Facebook and others -- directly from Google's search result pages. The company will also include job listings it finds on a company's homepage. TechCrunch reports: The idea here is to give job seekers an easy way to see which jobs are available without having to go to multiple sites only to find duplicate postings and lots of irrelevant jobs. With this new feature, which is now available in English on desktop and mobile, all you have to type in is a query like "jobs near me," "writing jobs" or something along those lines and the search result page will show you the new job search widget that lets you see a broad range of jobs. From there, you can further refine your query to only include full-time positions, for example. When you click through to get more information about a specific job, you also get to see Glassdoor and Indeed ratings for a company. You can also filter jobs by industry, location, when they were posted, and employer. Once you find a query that works, you can also turn on notifications so you get an immediate alert when a new job is posted that matches your personalized query.
Earlier this month, a developer accidentally discovered the private key of a Cisco subdomain. An anonymous reader shares the post: Last weekend, in an attempt to get Sky's NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain. This certificate is used in a local WebSocket server, presumably to allow secure Sky/NOW TV origins to communicate with the video player on the users' local machines. I read the Baseline Requirements document (version 1.4.5, section 18.104.22.168), but I wasn't entirely sure whether this is considered a key compromise. I asked Hanno Bock on Twitter, and he advised me to post the matter to this mailing list. The executable containing the private key is named 'CiscoVideoGuardMonitor', and is shipped as part of the NOW TV video player. In case you are interested, the installer can be found here (SHA-256: 56feeef4c3d141562900f9f0339b120d4db07ae2777cc73a31e3b830022241e6). I would recommend to run this installer in a virtual machine, because it drops files all over the place, and installs a few launch items (agents/daemons). The executable 'CiscoVideoGuardMonitor' can be found at '$HOME/Library/Cisco/VideoGuardPlayer/VideoGuardMonitor/ VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor'. Certificate details: Serial number: 66170CE2EC8B7D88B4E2EB732E738FE3A67CF672, DNS names: drmlocal.cisco.com, Issued by: HydrantID SSL ICA G2. The issuer HydrantID has since communicated with the certificate holder Cisco, and the certificate has been revoked.