Twitter

Twitter Says It Exposed Nearly 700,000 People To Russian Propaganda During Election (theverge.com) 284

An anonymous reader quotes a report from The Verge: Twitter this evening released a new set of statistics related to its investigation on Russia propaganda efforts to influence the 2016 U.S. presidential election, including that 677,775 people were exposed to social media posts from more than 50,000 automated accounts with links to the Russian government. Many of the new accounts uncovered have been traced back to an organization called the the Internet Research Agency, or IRA, with known ties to the Kremlin. The data was first presented in an incomplete form to the Senate Select Intelligence Committee last November, which held hearings to question Facebook, Google, and Twitter on the role the respective platforms and products played in the Russian effort to help elect President Donald Trump. Twitter says it's now uncovered more accounts and new information on the wide-reaching Russian cyberintelligence campaign.

"Consistent with our commitment to transparency, we are emailing notifications to 677,775 people in the United States who followed one of these accounts or retweeted or liked a Tweet from these accounts during the election period," writes Twitter's public policy division in a blog post published today. "Because we have already suspended these accounts, the relevant content on Twitter is no longer publicly available."

AI

Google Has Made It Simple For Anyone To Tap Into Its Image Recognition AI (gizmodo.com) 42

An anonymous reader quotes a report from Gizmodo: Google released a new AI tool on Wednesday designed to let anyone train its machine learning systems on a photo dataset of their choosing. The software is called Cloud AutoML Vision. In an accompanying blog post, the chief scientist of Google's Cloud AI division explains how the software can help users without machine learning backgrounds harness artificial intelligence. All hype aside, training the AI does appear to be surprisingly simple. First, you'll need a ton of tagged images. The minimum is 20, but the software supports up to 10,000. Using a meteorologist as an example for their promotional video was an apt choice by Google -- not many people have thousands of tagged HD images bundled together and ready to upload. A lot of image recognition is about identifying patterns. Once Google's AI thinks it has a good understanding of what links together the images you've uploaded, it can be used to look for that pattern in new uploads, spitting out a number for how well it thinks the new images match it. So our meteorologist would eventually be able to upload images as the weather changes, identifying clouds while continuing to train and improve the software.
Google

Google Blocks Pirate Search Results Prophylactically (torrentfreak.com) 38

Google is accepting "prophylactic" takedown requests to keep pirated content out of its search results, an anonymous reader writes, citing a TorrentFreak report. From the article: Over the past year, we've noticed on a few occasions that Google is processing takedown notices for non-indexed links. While we assumed that this was an 'error' on the sender's part, it appears to be a new policy. "Google has critically expanded notice and takedown in another important way: We accept notices for URLs that are not even in our index in the first place. That way, we can collect information even about pages and domains we have not yet crawled," Caleb Donaldson, copyright counsel at Google writes. In other words, Google blocks URLs before they appear in the search results, as some sort of piracy vaccine. "We process these URLs as we do the others. Once one of these not-in-index URLs is approved for takedown, we prophylactically block it from appearing in our Search results, and we take all the additional deterrent measures listed above." Some submitters are heavily relying on the new feature, Google found. In some cases, the majority of the submitted URLs in a notice are not indexed yet.
Crime

Kansas Swatting Perpetrator 'SWauTistic' Interviewed on Twitter (krebsonsecurity.com) 434

"That kids house that I swatted is on the news," tweeted "SWauTistic" -- before he realized he'd gotten somebody killed. Security researcher Brian Krebs reveals what happened next. When it became apparent that a man had been killed as a result of the swatting, Swautistic tweeted that he didn't get anyone killed because he didn't pull the trigger. Swautistic soon changed his Twitter handle to @GoredTutor36, but KrebsOnSecurity managed to obtain several weeks' worth of tweets from Swautistic before his account was renamed. Those tweets indicate that Swautistic is a serial swatter -- meaning he has claimed responsibility for a number of other recent false reports to the police. Among the recent hoaxes he's taken credit for include a false report of a bomb threat at the U.S. Federal Communications Commission (FCC) that disrupted a high-profile public meeting on the net neutrality debate. Swautistic also has claimed responsibility for a hoax bomb threat that forced the evacuation of the Dallas Convention Center, and another bomb threat at a high school in Panama City, Fla, among others.

After tweeting about the incident extensively Friday afternoon, KrebsOnSecurity was contacted by someone in control of the @GoredTutor36 Twitter account. GoredTutor36 said he's been the victim of swatting attempts himself, and that this was the reason he decided to start swatting others. He said the thrill of it "comes from having to hide from police via net connections." Asked about the FCC incident, @GoredTutor36 acknowledged it was his bomb threat. "Yep. Raped em," he wrote. "Bomb threats are more fun and cooler than swats in my opinion and I should have just stuck to that," he wrote. "But I began making $ doing some swat requests."

Krebs' article also links to a police briefing with playback from the 911 call. "There is no question that police officers and first responders across the country need a great deal more training to bring the number of police shootings way down..." Krebs argues. "Also, all police officers and dispatchers need to be trained on what swatting is, how to spot the signs of a hoax, and how to minimize the risk of anyone getting harmed when responding to reports about hostage situations or bomb threats."

But he also argues that filing a false police report should be reclassified as a felony in all states.
Bitcoin

Beware: 'Digmine' Cryptocurrency Bot Is Spreading Via Facebook Messenger (techspot.com) 96

Cybersecurity firm Trend Micro has discovered a cryptocurrency bot that is being spread through Facebook Messenger. The bot, dubbed Digmine, was discovered in South Korea and has since been found in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. TechSpot explains: Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension. Extensions can only be downloaded from the Chrome Web Store, but this is bypassed using the command line. Once the malware infects a system, a modified version of XMRig -- a Monero mining tool -- is installed. This mines the cryptocurrency in the background using a victim's CPU, sending all profits back to the hackers. Additionally, the Chrome extension is also used to spread Digmine. If someone has their Facebook account set to log in automatically, the fake video file link will be sent to all their friends via Messenger. The malware could also be used to take over a Facebook account entirely. The good news is that Digmine only works through the Chrome desktop version of Messenger. Right now, opening the malicious file via the Facebook/Messenger app or mobile webpage won't have the same effect. After Trend Micro revealed its findings, Facebook said it had taken down any links connected to Digmine.
Google

Is Google Home Fit For Elderly and Disabled Users? (vortex.com) 93

Chances are either you or someone you know received a Google Home over the holidays. Not only are they being marketed heavily by Google but they seem to have appeared in almost every "Holiday Gift Guide" on the internet. Slashdot reader Lauren Weinstein brings up an interesting dilemma: is Google Home fit for the elderly? Weinstein writes: You cannot install or routinely maintain Google Home units without a smartphone and the Google Home smartphone app. There are no practical desktop based and/or remotely accessible means for someone to even do this for you. A smartphone on the same local Wi-Fi network as the device is always required for these purposes. This means that many elderly persons and individuals with physical or visual disabilities -- exactly the people whose lives could be greatly enhanced by Home's advanced voice query, response, and control capabilities -- are up the creek unless they have someone available in their physical presence to set up the device and make any ongoing configuration changes. Additionally, all of the "get more info" links related to Google Home responses are also restricted to the smartphone Home app.
Space

Can We Get Global Broadband From Low-Earth Orbit Satellites? (blogspot.com) 134

"The internet is unavailable to and/or unaffordable by about 50% of the world population," writes Larry Press (formerly of IBM), who's now an information systems professor at California State University. But he's also long-time Slashdot reader lpress, and reports on new efforts to bring cheap high-speed internet to the entire world. SpaceX, Boeing, OneWeb, Telesat, and Leosat are investing in very large projects to deliver global, high-speed Internet service [using low-earth orbit satellites]. This could be a significant option for developing nations, rural areas of developed nations, long-haul links, Internet of things, and more by the mid-2020s.
Parts of Alaska could see internet-via-satellite as soon as 2020, according to Larry's article, which adds that the technology could even be used to bring high-speed internet access to ships at sea.
Bug

Ubuntu 17.10 Temporarily Pulled Due To A BIOS Corrupting Problem (phoronix.com) 167

An anonymous reader writes: Canonical has temporarily pulled the download links for Ubuntu 17.10 "Artful Aardvark" from the Ubuntu website due to ongoing reports of some laptops finding their BIOS corrupted after installing this latest Ubuntu release. The issue is appearing most frequently with Lenovo laptops but there are also reports of issues with other laptop vendors as well. This issue appears to stem from the Intel SPI driver in the 17.10's Linux 4.13 kernel corrupting the BIOS for a select number of laptop motherboards. Canonical is aware of this issue and is planning to disable the Intel SPI drivers in their kernel builds. Canonical's hardware enablement team has already verified this works around the problem, but doesn't provide any benefit if your BIOS is already corrupted.
Businesses

'Productivity Is Dangerous' (theoutline.com) 233

Vincent Bevins, writing for The Outline: So every morning, I get messages asking me to click through to articles like "How I Optimized My Morning Routine To Get More Done Than ever -- before 8 a.m.!" The people posting links like this have a sickness, and we need to stop it before it gets out of hand. Of course, if you actually click through to this trash, it's a bit shocking to see what they actually do. Some guy is proud that he set aside his social life so that he could unleash four extremely psychologically damaging apps on the world by the age of 30. Or it's like, "Congratulate Lisa on her new job as advertising director for Nestle in Africa." Here's a productivity idea: Just, fucking, don't make shitty apps, or do advertising for Nestle, or really for anything. I often see shit like, "Ten Habits I Have QUIT to Get More Done," and I think, "Maybe quit writing posts like this." If you're waking up at 4 a.m. to write 1,000 words about how you write 1,000 words every day, what are you actually getting done? Just stay in bed. Whenever I am back in the Protestant centers of modern capitalism (New York or London, basically), it's especially jarring to remember what it feels like to treat being busy as if it were a virtue.
DRM

Why Linux HDCP Isn't the End of the World (collabora.com) 136

"There is no reason for the open-source community to worry..." writes Daniel Stone, who heads the graphics team at open-source consultancy Collabora. mfilion quotes Collabora.com: Recently, Sean Paul from Google's ChromeOS team, submitted a patch series to enable HDCP support for the Intel display driver. HDCP is used to encrypt content over HDMI and DisplayPort links, which can only be decoded by trusted devices... However, if you already run your own code on a free device, HDCP is an irrelevance and does not reduce freedom in any way....

HDCP support is implemented almost entirely in the hardware. Rather than adding a mandatory encryption layer for content, the HDCP kernel support is dormant unless userspace explicitly requests an encrypted link. It then attempts to enable encryption in the hardware and informs userspace of the result. So there's the first out: if you don't want to use HDCP, then don't enable it! The kernel doesn't force anything on an unwilling userspace.... HDCP is only downstream facing: it allows your computer to trust that the device it has been plugged into is trusted by the HDCP certification authority, and nothing more. It does not reduce user freedom, or impose any additional limitations on device usage.

Bitcoin

An Anonymous Bitcoin Millionaire Is Donating Their Fortune To Charities (gizmodo.com) 98

An anonymous reader quotes a report from Gizmodo: Tis the season for giving, and one Bitcoin investor claims to be giving away the majority of their cryptocurrency holdings after experiencing an incredible year. The unnamed donor has set up a fund to hand out $86 million worth of Bitcoin to various charities, and they've already started listing the donations and providing receipts. If this whole thing works out, you can just call this mystery person the Bitcoin Bill Gates. So far, The Pineapple Fund claims to have distributed just over $6.5 million in Bitcoin between eight charities. Its website provides links to the blockchain transactions under the name of each charity. These transactions are in a public ledger, but the sender and recipient are only identified by a long string of digits. We contacted the Electronic Freedom Foundation to ask if the two transactions that were purportedly sent to the activist group were indeed legitimate. A spokesperson confirmed via email that the EFF has "been in touch with the Pineapple Fund and are in the process of receiving the donation." The anonymous founder writes: "Sometime around the early days of bitcoin, I saw the promise of decentralized money and decided to mine/buy/trade some magical internet tokens. The expectation shattering returns of bitcoin over many years has lead to an amount far more than I can spend. What do you do when you have more money than you can ever possibly spend? Donating most of it to charity is what I'm doing. For reference, The Pineapple Fund is bigger than the entire market cap of bitcoin when I got in, and one of the richest 250 bitcoin addresses today."
Chrome

Chrome 64 Beta Adds Sitewide Audio Muting, Pop-Up Blocker, Windows 10 HDR Video (9to5google.com) 43

Chrome 64 is now in beta and it has several new features over version 63. In addition to a stronger pop-up blocker and support for HDR video playback when Windows 10 is in HDR mode, Chrome 64 features sitewide audio muting to block sound when navigating to other pages within a site. 9to5Google reports: An improved pop-up blocker in Chrome 64 prevents sites with abusive experiences -- like disguising links as play buttons and site controls, or transparent overlays -- from opening new tabs or windows. Meanwhile, as announced in November, other security measures in Chrome will prevent malicious auto-redirects. Beginning in version 64, the browser will counter surprise redirects from third-party content embedded into pages. The browser now blocks third-party iframes unless a user has directly interacted with it. When a redirect attempt occurs, users will remain on their current page with an infobar popping up to detail the block. This version also adds a new sitewide audio muting setting. It will be accessible from the permissions dropdown by tapping the info icon or green lock in the URL bar. This version also brings support for HDR video playback when Windows 10 is in HDR mode. It requires the Windows 10 Fall Creator Update, HDR-compatible graphics card, and display. Meanwhile, on Windows, Google is currently prototyping support for an operating system's native notification center. Other features include a new "Split view" feature available on Chrome OS. Developers will also be able to take advantage of the Resize Observer API to build responsive sites with "finger control to observe changes to sizes of elements on a page."
Social Networks

Facebook Admits that Some Social Media Use Can Be Harmful (axios.com) 63

In a new installment of its "Hard Questions" series, Facebook acknowledged on Friday that social media can have negative effects on people, depending on how they use it. From a report: This might be the first public acknowledgment from the company that its product -- and category in general -- can have detrimental effects on people. Facebook is also addressing the topic shortly after two former executives publicly criticized the company for what they described as exploiting human psychology. Passive use of social media -- reading information without interacting with others -- makes people feel worse. Clicking on more links or "liking" more posts than the average user also leads to worse mental health, according to one study.
Google

Google Is Using Light Beam Tech To Connect Rural India To the Internet (techcrunch.com) 67

Google is preparing to use light beams to bring rural areas of the planet online after it announced to a planned rollout in India. From a report: The firm is working with a telecom operator in Indian state Andhra Pradesh, home to over 50 million people, to use Free Space Optical Communications (FSOC), a technology that uses beams of light to deliver high-speed, high-capacity connectivity over long distances. Now partner AP State FiberNet will introduce 2,000 FSOC links starting from January to add additional support to its network backbone in the state. The Google project is aimed at "critical gaps to major access points, like cell-towers and WiFi hotspots, that support thousands of people," Google said. The initiative ties into a government initiative to connect 12 million households to the internet by 2019, the U.S. firm added.
The Internet

Zimbabwe's Internet Went Down for About Five Hours. The Culprit Was Reportedly a Tractor. (slate.com) 63

Zimbabweans lost internet access en masse on Tuesday when a tractor reportedly cut through key fiber-optic cables in South Africa and another internet provider experienced simultaneous issues with its primary internet conduits. From a report: The outage began shortly before noon local time and persisted for more than five hours, affecting not only citizens' day-to-day internet usage but businesses that rely upon web access. And while five internet-free hours might sound unfathomable to those of us accustomed to having the web constantly at our fingertips, large-scale internet outages -- from inadvertent lapses caused by ship anchors to government-calculated blackouts designed to showcase political power -- do happen, and maybe more frequently than you'd thought. According to local news sources, a tractor in South Africa damaged cables belonging to Liquid Telecom, which has an 81.5 percent market share of Zimbabwe's international-equipped internet bandwidth as of the second quarter of 2017 and leases capacity to other internet providers. In a bad coincidence, city council employees in Kuwadzana, a suburb of Zimbabwe's capitol city of Harare, cut an additional TelOne cable around the same time. (According to NewsDay Zimbabwe, it was an accident. The company blamed "faults that occurred on our main links through South Africa and Botswana" in a statement.)
Operating Systems

ReactOS 0.4.7 Released (reactos.org) 94

jeditobe writes: OSNews reports that the latest version of ReactOS has been released: "ReactOS 0.4.7 has been released, and it contains a ton of fixes, improvements, and new features. Judging by the screenshots, ReactOS 0.4.7 can run Opera, Firefox, and Mozilla all at once, which is good news for those among us who want to use ReactOS on a more daily basis. There's also a new application manager which, as the name implies, makes it easier to install and uninstall applications, similar to how package managers on Linux work. On a lower level, ReactOS can now deal with Ext2, Ext3, Ext4, BtrFS, ReiserFS, FFS, and NFS partitions." General notes, tests, and changelog for the release can be found at their respective links. A less technical community changelog for ReactOS 0.4.7 is also available. ISO images are ready at the ReactOS Download page.
Government

FBI Failed To Notify 70+ US Officials Targeted By Russian Hackers (apnews.com) 94

An anonymous reader quotes the AP: The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin's crosshairs, The Associated Press has found. Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.

"It's utterly confounding," said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. "You've got to tell your people. You've got to protect your people." The FBI declined to answer most questions from AP about how it had responded to the spying campaign... A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks... A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year's electoral contest. But to this day, some leak victims have not heard from the bureau at all.

Here's an interesting statistic from the AP's analysis. "Out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them."
Spam

Spam Is Back (theoutline.com) 154

Jon Christian, writing for The Outline: For a while, spam -- unsolicited bulk messages sent for commercial or fraudulent purposes -- seemed to be fading away. The 2003 CAN-SPAM Act mandated unsubscribe links in email marketing campaigns and criminalized attempts to hide the sender's identity, while sophisticated filters on what were then cutting-edge email providers like Gmail buried unwanted messages in out-of-sight spam folders. In 2004, Microsoft co-founder Bill Gates told a crowd at the World Economic Forum that "two years from now, spam will be solved." In 2011, cybersecurity reporter Brian Krebs noted that increasingly tech savvy law enforcement efforts were shutting down major spam operators -- including SpamIt.com, alleged to be a major hub in a Russian digital criminal organization that was responsible for an estimated fifth of the world's spam. These efforts meant that the proportion of all emails that are spam has slowly fallen to a low of about 50 percent in recent years, according to Symantec research.

But it's 2017, and spam has clawed itself back from the grave. It shows up on social media and dating sites as bots hoping to lure you into downloading malware or clicking an affiliate link. It creeps onto your phone as text messages and robocalls that ring you five times a day about luxury cruises and fictitious tax bills. Networks associated with the buzzy new cryptocurrency system Ethereum have been plagued with spam. Facebook recently fought a six-month battle against a spam operation that was administering fake accounts in Bangladesh, Indonesia, Saudi Arabia, and other countries. Last year, a Chicago resident sued the Trump campaign for allegedly sending unsolicited text message spam; this past November, ZDNet reported that voters were being inundated with political text messages they never signed up for. Apps can be horrid spam vectors, too. Repeated mass data breaches that include contact information, such as the Yahoo breach in which 3 billion user accounts were exposed, surely haven't helped. Meanwhile, you, me, and everyone we know is being plagued by robocalls.

Google

Google Will Stop Letting Sites Use AMP Format To Bait and Switch Readers (theverge.com) 57

"Google today announced a forthcoming update to its Accelerated Mobile Pages, or AMP, web format that aims to discourage website owners from misusing the service," reports The Verge. "The company says that, starting in February 2018, AMP pages must contain content nearly identical to that of the standard page they're replicating." From the report: Currently, because AMP pages load faster and more clutter-free versions of a website, they naturally contain both fewer ads and less links to other portions of a site. That's led some site owners to publish two versions of a webpage: a standard page and an AMP-specific one that acts a teaser of sorts that directs users to the original. That original page, or canonical page in Google parlance, is by nature a slower loading page containing more ads and with a potentially lower bounce rate, which is the percentage of viewers who only view one page before leaving. Now, Google is cracking down on that behavior. "AMP was introduced to dramatically improve the performance of the web and deliver a fast, consistent content consumption experience," writes Ashish Mehta, an AMP product manager. "In keeping with this goal, we'll be enforcing the requirement of close parity between AMP and canonical page, for pages that wish to be shown in Google Search as AMPs."
The Military

North Korean Hackers Are Targeting US Defense Contractors (wpengine.com) 146

chicksdaddy quotes Security Ledger: North Korean hackers have stepped up their attacks on U.S. defense contractors in an apparent effort to gain intelligence on weapon systems and other assets that might be used against the country in an armed conflict with the United States and its allies, The Security Ledger is reporting. Security experts and defense industry personnel interviewed by The Security Ledger say that probes and attacks by hacking groups known to be associated with the government of the Democratic People's Republic of Korea (DPRK) have increased markedly as hostilities between that country and the United States have ratcheted up in the last year. The hacking attempts seem to be aimed at gaining access to intellectual property belonging to the companies, including weapons systems deployed on the Korean peninsula.

"As the situation between the DPRK and the US has become more tense, we've definitely seen an increase in number of probe attempts from cyber actors coming out of the DPRK," an official at an aerospace and defense firm told Security Ledger. The so-called "probes" were targeting the company's administrative network and included spear phishing attacks via email and other channels. The goal was to compromise computers on the corporate network... So far, the attacks have targeted "weakest links" within the firms, such as Human Resources personnel and general inquiry mailboxes, rather than targeting technical staff directly. However, experts who follow the DPRK's fast evolving cyber capabilities say that the country may have more up their sleeve.

CNBC also reports that America's congressional defense committees have authorized a last-minute request for $4 billion in extra spending for "urgent missile defeat and defense enhancements to counter the threat of North Korea."

Other countries newly interested in purchasing missile defense systems include Japan, Sweden, Poland, and Saudi Arabia.

Slashdot Top Deals