Security

Account Registrations Enable 'Password Reset Man In The Middle' Attacks (helpnetsecurity.com) 73

"Attackers that have set up a malicious site can use users' account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated." Orome1 quotes Help Net Security: The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process on another website that uses that piece of information as the username (e.g. Google, YouTube, Amazon, Twitter, LinkedIn, PayPal, and so on). Every request for input from that site is forwarded to the potential victim, and then his or her answers forwarded back to that particular site.
Interestingly, it can also beat two-factor authentication -- since the targeted user will still input the phone code into the man-in-the-middle site.
Hardware

Survey Says: Raspberry Pi Still Rules, But X86 SBCs Have Made Gains (linuxgizmos.com) 81

DeviceGuru writes: Results from LinuxGizmos.com's annual hacker-friendly single board computer survey are in, and not surprisingly, the Raspberry Pi 3 is the most desired maker SBC by a 4-to-1 margin. In other trends: x86 SBCs and Linux/Arduino hybrids have trended upwards. The site's popular hacker SBC survey polled 1,705 survey respondents and asked for their first, second, and third favorite SBCs from a curated list of 98 community oriented, Linux- and Android-capable boards. Spreadsheets comparing all 98 SBCs' specs and listing their survey vote tallies are available in freely downloadable Google Docs.
Other interesting findings:
  • "A Raspberry Pi SBC has won in all four of our annual surveys, but never by such a high margin."
  • The second-highest ranked board -- behind the Raspberry Pi 3 -- was the Raspberry Pi Zero W.
  • "The Raspberry Pi's success came despite the fact that it offers some of the weakest open source hardware support in terms of open specifications. This, however, matches up with our survey responses about buying criteria, which ranks open source software support and community over open hardware support."
  • "Despite the accelerating Raspberry Pi juggernaut, there's still plenty of experimentation going on with new board models, and to a lesser extent, new board projects."

Stats

Phoronix Announces '2017 Linux Laptop Survey' (google.com) 61

Phoronix is hosting a 2017 Linux Laptop Survey. From their site: While Linux laptop compatibility is much better than where it was years ago, it's still not too uncommon to run into display/hybrid issues, shorter battery life under Linux than Windows or macOS, touchpad problems, and other occasional compatibility/performance shortcomings. So we've established this Linux Laptop Survey in conjunction with Linux stakeholders to hopefully gather more feedback that will be useful to many different parties...
The survey will be online until July 6th, after which the results will be publicly available, and will determine the most popular brands, distros, screen sizes, and GPUs, as well as common pain points and popular price points. And one particularly interestng question asks respondents what they'd like to see in a "dream Linux laptop."
Businesses

6 Female Founders Accuse VC Justin Caldbeck of Making Unwanted Advances (techcrunch.com) 367

An anonymous reader quotes a report from TechCrunch: Yesterday The Information reported on allegations made by half a dozen women working in the tech industry who say they have faced unwanted and inappropriate advances from Silicon Valley venture capitalist, Justin Caldbeck, co-founder and managing partner of Binary Capital. The women include Niniane Wang, co-creator of Google Desktop and a prior CTO of Minted; and Susan Ho and Leiti Hsu, co-founders of Journy, a travel planning and booking service. The Information also talked to three other women who said Caldbeck made inappropriate advances to them. It says these women did not want their names disclosed for fear of retaliation from the VC -- and because of wider concerns they might suffer a backlash from men in the industry who don't see inappropriate advances as a problem. Among the allegations made to The Information are that Caldbeck sent explicit text messages to women; that Caldbeck sent messages in the middle of the night suggesting meeting up; that Caldbeck suggested going to a hotel bedroom during a meeting; that Caldbeck made a proposition about having an open relationship; and that Caldbeck grabbed a woman's thigh under the table of a bar during a meeting. Several of the women reported finding Caldbeck's advances so awkward they gave up on continued dealings with him. In Caldbeck's initial statement, he "strongly" denied the allegations and claimed: "I have always enjoyed respectful relationships with female founders, business partners, and investors." However, in response to The Information's story, his tone changed significantly: "Obviously, I am deeply disturbed by these allegations. While significant context is missing from the incidents reported by The Information, I deeply regret ever causing anyone to feel uncomfortable. The fact is that I have been privileged to have worked with female entrepreneurs throughout my career and I sincerely apologize to anyone who I made uncomfortable by my actions. There's no denying this is an issue in the venture community, and I hate that my behavior has contributed to it." Caldbeck has since released a full statement to Axios, where he says he "will be taking an indefinite leave of absence from Binary Capital..."
Youtube

YouTube Claims 1.5 Billion Monthly Users (cnbc.com) 55

An anonymous reader shares a report: Google's YouTube unit says it now reaches 1.5 billion viewers every month -- and its users watch more than an hour of mobile videos per day -- as it expands its video programming to sell more digital ads. YouTube CEO Susan Wojcicki also wrote that YouTube Red, the company's foray into original videos, has launched 37 series that have generated "nearly a quarter billion views." YouTube Red has 12 new projects in the works, she said.
Google

Google Will Stop Reading Your Emails For Gmail Ads (bloomberg.com) 67

Google will soon stop scanning emails received by some Gmail users, a practice that has allowed it to show them targeted advertising but which stirred privacy worries. From a report: The decision didn't come from Google's ad team, but from its cloud unit, which is angling to sign up more corporate customers. Alphabet's Google Cloud sells a package of office software, called G Suite, that competes with market leader Microsoft. Paying Gmail users never received the email-scanning ads like the free version of the program, but some business customers were confused by the distinction and its privacy implications, said Diane Greene, Google's senior vice president of cloud. "What we're going to do is make it unambiguous," she said. Ads will continue to appear inside the free version of Gmail, as promoted messages. But instead of scanning a user's email, the ads will now be targeted with other personal information Google already pulls from sources such as search and YouTube.
Google

Google Will Now Hide Personal Medical Records From Search Results (betanews.com) 34

Mark Wilson, writing for BetaNews: Google has updated its search policies without any sort of fanfare. The search engine now "may remove" -- in addition to existing categories of information -- "confidential, personal medical records of private people" from search results. That such information was not already obscured from search results may well come as something of a surprise to many people. The change has been confirmed by Google, although the company has not issued any form of announcement about it.
Google

Alphabet Says Uber Knew About Stolen Self-Driving Car Files (cnet.com) 25

In a Wednesday filing with a California court, Alphabet said a former self-driving executive Anthony Levandowski hatched a plan with Uber to steal more than 14,000 proprietary documents, including designs for the sensors that help the car see its surroundings. CNET reports: Alphabet says Uber's former CEO, Travis Kalanick, knew about the files but told Levandowski to destroy them. Uber has argued that it did not encourage or condone Levandowski taking any files from Waymo or bringing them to Uber, and has noted that his employment agreement affirmed he wouldn't do that. The litigation between Alphabet and Uber has been reported as a primary reason Kalanick was forced to resign as Uber's CEO Tuesday.
Firefox

Chrome and Firefox Headless Modes May Spur New Adware & Clickfraud Tactics (bleepingcomputer.com) 80

From a report: During the past month, both Google and Mozilla developers have added support in their respective browsers for "headless mode," a mechanism that allows browsers to run silently in the OS background and with no visible GUI. [...] While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware. In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user's knowledge. The adware won't need to include or download any extra tools and could use locally installed software to perform most of its malicious actions. In the past, there have been quite a few adware families that used headless browsers to perform clickfraud. Martijn Grooten, an editor at Virus Bulletin, also pointed Bleeping Computer to a report where miscreants had abused PhantomJS, a headless browser, to post forum spam. The addition of headless mode in Chrome and Firefox will most likely provide adware devs with a new method of performing surreptitious ad clicks.
Businesses

Uber CEO Travis Kalanick Has Resigned Due To Investor Pressure (recode.net) 59

Travis Kalanick has resigned as chief executive of Uber after pressure from investors, ending eight years of leading the ride-hailing company that has expanded round the globe but became mired in controversies. From a report: Kalanick had become a giant liability to the car-hailing company for a growing number of reasons, from sketchy business practices to troubling lawsuits to a basic management situation that was akin to really toxic goat rodeo. Thus, he had to go, even though some sources said he had the voting power to stay. But big investors also have leverage and a big enough group of them joined to use it. Those investors include Benchmark, Fidelity and Menlo Ventures, all of whom sent Kalanick a joint letter called "Moving Uber Forward" on Tuesday afternoon. Interestingly, Google Ventures was not among the group, even though its parent company Alphabet is now in a major lawsuit with Uber over the alleged theft of self-driving car technology from its Waymo unit.
Businesses

The Best And Worst ISPs According To Consumer Reports (dslreports.com) 90

In the August 2017 issue of Consumer Reports magazine, the nonprofit organization ranked internet service providers based off customer satisfaction. According to the report, many consumers still don't like their broadband and television provider, and don't believe they receive a decent value for the high price they pay for service. DSLReports summarizes the findings: The report [...] names Chattanooga municipal broadband provider EPB as the most-liked ISP in the nation. EPB was followed by Google Fiber, Armstrong Cable, Consolidated Cable and RCN as the top-ranked ISPs in the nation. Google Fiber "was the clear winner for internet service," notes the report, "with the only high score for value." Google Fiber also received high marks for customer support and service. But large, incumbent ISPs continue to be aggressively disliked due to high prices and poor customer service, according to the report. Despite endless annual promises that customer service is the company's priority, Comcast ranked number 27 out of the 32 providers measured. The company's survey results were weighed down by low consumer marks for value, channel selection, technical support, customer service and free video on demand offerings. The least-liked ISPs in the nation, according to the report, are: Charter (Spectrum), Cable ONE, Atlantic broadband, Frontier Communications, and Mediacom. Not coincidentally, the two largest ISPs in that list just got done with massive mergers or acquisitions that resulted in higher prices and worse service than consumers saw previously. MyRatePlan has a breakdown of ISP providers and plans by ZIP code.
Android

Mozilla Launches Privacy-Minded 'Firefox Focus' Browser For Android (venturebeat.com) 58

An anonymous reader quotes a report from VentureBeat: Mozilla today launched a new browser for Android. In addition to Firefox, the company now also offers Firefox Focus, a browser dedicated to user privacy that by default blocks many web trackers, including analytics, social, and advertising. You can download the new app now from Google Play. Because Google isn't as strict as Apple, Android users can set Firefox Focus as their default browser. There are many use cases for wanting to browse the web without being tracked, but Mozilla offers a common example: reading articles via apps "like Facebook." On iOS, Firefox Focus is basically just a web view with tracking protection. On Android, Firefox Focus is the same, with a few additional features (which are still "under consideration" for iOS):
  • Ad tracker counter -- Lists the number of ads that are blocked per site while using the app.
  • Disable tracker blocker -- For sites that are not loading correctly, you can disable the tracker blocker to fix the issues.
  • Notification reminder -- When Firefox Focus is running in the background, a notification will remind you so you can easily tap to erase your browsing history.

Google

Google Launches Its AI-Powered Jobs Search Engine (techcrunch.com) 38

Now you can search for jobs across virtually all of the major online job boards like LinkedIn, Monster, WayUp, DirectEmployers, CareerBuilders, Facebook and others -- directly from Google's search result pages. The company will also include job listings it finds on a company's homepage. TechCrunch reports: The idea here is to give job seekers an easy way to see which jobs are available without having to go to multiple sites only to find duplicate postings and lots of irrelevant jobs. With this new feature, which is now available in English on desktop and mobile, all you have to type in is a query like "jobs near me," "writing jobs" or something along those lines and the search result page will show you the new job search widget that lets you see a broad range of jobs. From there, you can further refine your query to only include full-time positions, for example. When you click through to get more information about a specific job, you also get to see Glassdoor and Indeed ratings for a company. You can also filter jobs by industry, location, when they were posted, and employer. Once you find a query that works, you can also turn on notifications so you get an immediate alert when a new job is posted that matches your personalized query.
Government

Tim Cook Told Trump Tech Employees Are 'Nervous' About Immigration (cnbc.com) 327

Behind the scenes at the White House tech CEO meeting, Apple CEO Tim Cook told President Donald Trump that technology employees are "nervous" about the administration's approach to immigration, CNBC reports, citing a source familiar with the exchange. From the report: The source said the president told the CEOs on Monday that the Senate's health-care bill needs "more heart." That would be a second known instance of the president criticizing the GOP plan in private meetings. To that, the source said, Cook replied that the immigration approach by the administration also "needs more heart." Cook cited the Deferred Action for Childhood Arrivals program, which is under review by the Trump administration. He also said people in tech and their co-workers were nervous about their status, and added that it "would be great" if the president could "send them a signal." Here's what executives of Amazon, Google, and Microsoft said.
Android

OnePlus 5, 'The Best Sub-$500 Phone You Can Buy', Launched (arstechnica.com) 173

From an ArsTechnica article: Smartphone companies don't seem to care about cultivating a true "lineup" of phones. If you aren't spending at least $650, most companies will offer you anonymous, second-rate devices that seem like they've had no thought put into them. Enter the OnePlus 5, which continues the company's tradition of offering an all-business, high-end smartphone for a great price. Today OnePlus is both announcing the OnePlus 5 and lifting the review embargo on the device, which we've had for about two weeks now. $479 gets you an aluminum-clad pocket computer with a 2.45GHz Snapdragon 835 SoC, 6GB of RAM, 64GB of storage, and a 3,300mAh battery. You still get OnePlus' physical 3-way alert switch, a USB-C port, capacitive buttons with a front-mounted fingerprint reader, and a headphone jack. The phone has two cameras on the back: one 16MP main camera and one 20MP telephoto camera, arranged in the most iPhone-y way possible. Besides the $479 version, there's a more expensive $539 version, which ups the RAM from 6GB to a whopping 8GB, adds another 64GB of storage for a total of 128GB, and changes the color from "Slate Grey" to "Midnight Black." Further reading: OnePlus 5 review: as fast and smooth as Google Pixel, without the price tag - The Guardian; OnePlus 5 review: the me-too phone - The Verge; OnePlus 5 Review - Wired.
Security

Cisco Subdomain Private Key Found in Embedded Executable (google.com) 53

Earlier this month, a developer accidentally discovered the private key of a Cisco subdomain. An anonymous reader shares the post: Last weekend, in an attempt to get Sky's NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain. This certificate is used in a local WebSocket server, presumably to allow secure Sky/NOW TV origins to communicate with the video player on the users' local machines. I read the Baseline Requirements document (version 1.4.5, section 4.9.1.1), but I wasn't entirely sure whether this is considered a key compromise. I asked Hanno Bock on Twitter, and he advised me to post the matter to this mailing list. The executable containing the private key is named 'CiscoVideoGuardMonitor', and is shipped as part of the NOW TV video player. In case you are interested, the installer can be found here (SHA-256: 56feeef4c3d141562900f9f0339b120d4db07ae2777cc73a31e3b830022241e6). I would recommend to run this installer in a virtual machine, because it drops files all over the place, and installs a few launch items (agents/daemons). The executable 'CiscoVideoGuardMonitor' can be found at '$HOME/Library/Cisco/VideoGuardPlayer/VideoGuardMonitor/ VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor'. Certificate details: Serial number: 66170CE2EC8B7D88B4E2EB732E738FE3A67CF672, DNS names: drmlocal.cisco.com, Issued by: HydrantID SSL ICA G2. The issuer HydrantID has since communicated with the certificate holder Cisco, and the certificate has been revoked.
Businesses

Fidget Spinners Are Over (fivethirtyeight.com) 174

Walt Hickey, writing for Five Thirty Eight: The toy craze that has swept the nation -- cheaply manufactured fidget spinners of dubious metallic constitution -- is probably on the way out, with the high-water mark of fidget obsession appearing to be about a month behind us and the interest in the glorified ball bearings plateauing or declining. [...] Even if there's a long tail on this trend, it's very likely that peak fidget spinner is behind us. The kind of content now doing well on YouTube is either fidget-adjacent stunt videos or videos that have taken a particularly weird turn. This doesn't mean the ball-bearing business is doomed, just maybe don't go long on the spinner industrial complex or quit your job to live off a fidget-related Kickstarter idea at this point.
Google

Google Fights Bay Area Housing Prices With Pre-Fab Housing (siliconvalley.com) 302

An anonymous reader quotes the Bay Area Newsgroup: With rental costs skyrocketing and homes out of reach for many, Google has hit on a solution that may help it attract workers to the crushingly expensive Bay Area. The tech giant plans to buy 300 units of modular housing to serve as temporary employee accommodations on its planned "Bay View" campus at NASA's Moffett Field, according to a source familiar with the plan. Experts heralded the move as not only good for Google, but as a potential template for others to follow as the high cost of construction combined with expensive real estate make affordable housing hard to come by... Modular housing has the potential to be "a real game changer" for the Bay Area housing crunch, said Matt Regan, senior vice-president of public policy at the Bay Area Council, a business group of which Google is a member...

The Bay Area boasts many sites suitable for modular rental housing, undeveloped so far largely because the cost of traditional building is too high for the rent the facilities could generate, Regan said. With prefab housing costing up to 50 percent less, "all of a sudden sites like that become economically feasible to develop," Regan said.

Youtube

Google Announces New Measures To Fight Extremist YouTube Videos (cnet.com) 286

An anonymous reader quotes CNET: YouTube will take new steps to combat extremist- and terrorist-related videos, parent company Google said Sunday. "While we and others have worked for years to identify and remove content that violates our policies, the uncomfortable truth is that we, as an industry, must acknowledge that more needs to be done. Now," Kent Walker, Google's general counsel, said in an op-ed column in the London-based Financial Times.
Here's CNET's summary of the four new measure Google is implementing:
  • Use "more engineering resources to apply our most advanced machine learning research to train new 'content classifiers' to help us more quickly identify and remove such content."
  • Expand YouTube's Trusted Flagger program by adding 50 independent, "expert" non-governmental organizations to the 63 groups already part of it. Google will offer grants to fund the groups.
  • Take a "tougher stance on videos that do not clearly violate our policies -- for example, videos that contain inflammatory religious or supremacist content." Such videos will "appear behind a warning" and will not be "monetized, recommended or eligible for comments or user endorsements."
  • Expand YouTube's efforts in counter-radicalization. "We are working with Jigsaw to implement the 'redirect method' more broadly. ... This promising approach harnesses the power of targeted online advertising to reach potential Isis recruits, and redirects them towards anti-terrorist videos that can change their minds about joining."

Transportation

Auto Makers Threatened By Both Tech Company Autos And Ridesharing (caranddriver.com) 115

An anonymous reader quotes Car and Driver: For automakers, the first bit of bad news is that people seem quite receptive to buying a vehicle from a tech brand such as Apple or Google, according to Capgemini's 17th Cars Online report, which surveyed some 8000 consumers in eight countries... Consumer interest in buying cars from tech brands has grown from 49 percent in its 2015 study to 57 percent in the latest report... There is also the growing popularity of ride-sharing services offered by the likes of Uber and Lyft. Fewer people will feel the need to have their own car if it's easy and inexpensive to order up a cab on their smartphones. Capgemini's survey found that 34 percent of car buyers see ride sharing and related services as a genuine alternative to owning a vehicle.

Slashdot Top Deals