A federal grand jury returned a second superseding indictment today charging Julian P. Assange, the founder of WikiLeaks, with offenses that relate to Assange's alleged role in one of the largest compromises of classified information in the history of the United States. DOJ, in a press release: The new indictment does not add additional counts to the prior 18-count superseding indictment returned against Assange in May 2019. It does, however, broaden the scope of the conspiracy surrounding alleged computer intrusions with which Assange was previously charged. According to the charging document, Assange and others at WikiLeaks recruited and agreed with hackers to commit computer intrusions to benefit WikiLeaks. Since the early days of WikiLeaks, Assange has spoken at hacking conferences to tout his own history as a "famous teenage hacker in Australia" and to encourage others to hack to obtain information for WikiLeaks. In 2009, for instance, Assange told the Hacking At Random conference that WikiLeaks had obtained nonpublic documents from the Congressional Research Service by exploiting "a small vulnerability" inside the document distribution system of the United States Congress, and then asserted that "[t]his is what any one of you would find if you were actually looking." In 2010, Assange gained unauthorized access to a government computer system of a NATO country. In 2012, Assange communicated directly with a leader of the hacking group LulzSec (who by then was cooperating with the FBI), and provided a list of targets for LulzSec to hack. With respect to one target, Assange asked the LulzSec leader to look for (and provide to WikiLeaks) mail and documents, databases and pdfs. In another communication, Assange told the LulzSec leader that the most impactful release of hacked materials would be from the CIA, NSA, or the New York Times. WikiLeaks obtained and published emails from a data breach committed against an American intelligence consulting company by an "Anonymous" and LulzSec-affiliated hacker. According to that hacker, Assange indirectly asked him to spam that victim company again.

If our social platforms are going to be gatekeepers, then they need to acknowledge their role in the information ecosystems. It is knowing what to boost and what to ignore that makes a good platform, writes veteran technology journalist and now a venture capitalist Om Malik. From his essay: The battle of good email versus spam email has taken a long time, but it has been worth fighting. The struggle between real information and fake information is no different. Unfortunately, what we have is ambivalent algorithms on our social platforms that blindly amplify both hope and hate. This gets complicated pretty quickly. Without access to the same platforms currently being used to gaslight our country, we won't see the awful videos of police in conflict with the people they should protect. Without the same platforms, it would be harder to tell that the media just glorifies the titillating stuff, whether it is the opinion page of the old Gray Lady or the fake looting of a non-existent Rolex store.

I am the first to admit that this is one hard and messy problem. The challenge we face today is that technology's supreme commanders fail to fight the real monkey on their back -- how the modern internet works. Whether it is Facebook, Twitter, Amazon, or Google, the core principle of these companies is engagement and growth. More engagement means more growth, and that means more attention and thus more money. If Facebook removed news from your feed and just restricted it to social items, like baby pictures, ravings of a crazy uncle, and event announcements, there is a good chance that engagement on the platform would decrease. Twitter would be a lot less engaging if it reverted back to its original premise of showing the latest, not the loudest. And what if Google stopped rewarding frequent visits as one of the measurements for showing the results on its search engine? I think you know.

Google announced this week plans to enable its new anti-notification spam system in Chrome over the summer, with the release of Chrome 84, on July 12, 2020. From a report: Known internally as the "quieter notification permission UI," this Chrome component works by blocking sites from showing notification requests, which are hidden under an icon in the Chrome URL bar (on desktop) or under a toolbar (on mobile). Google first announced the "quieter notification permission UI" in January, and shipped it in February, in Chrome 80, in a limited, user opt-in fashion. But in a blog post, Google said the new UI and its ability to detect spammy notification popups has been improved and will roll out enabled by default for all users in July, with the release of Chrome 84.

An anonymous reader writes: Jeff Teper, CVP for Microsoft 365, has a vision for the company's Office 365 chat-based collaboration tool that competes with Slack, Facebook's Workplace, and Google Chat. In terms of reach, Teper wants Microsoft Teams to eclipse Windows. (Windows 10 runs on over 1 billion monthly active devices.)

Our interview took place a day after Microsoft concluded its online-only Build 2020 developer conference, where the company gave business developers new tools to build Teams apps. Microsoft launched a Visual Studio and Visual Studio Code extension for Teams in preview, introduced new integrations between its Power Platform and Teams, and announced a custom app submission process to help IT admins. Teper was happy to cover a range of Teams topics, including metrics, growth, competitors, consumer positioning, machine learning, and of course dealing with the increased demand during the coronavirus pandemic.

CAM4, a popular adult platform that advertises "free live sex cams," misconfigured an ElasticSearch production database so that it was easy to find and view heaps of personally identifiable information, as well as corporate details like fraud and spam detection logs. According to Wired, the database exposed 7 terabytes of names, sexual orientations, payment logs, and email and chat transcripts -- 10.88 billions records in all. From the report: First of all, very important distinction here: There's no evidence that CAM4 was hacked, or that the database was accessed by malicious actors. That doesn't mean it wasn't, but this is not an Ashley Madison-style meltdown. It's the difference between leaving the bank vault door wide open (bad) and robbers actually stealing the money (much worse). [...] The list of data that CAM4 leaked is alarmingly comprehensive. The production logs Safety Detectives found date back to March 16 of this year; in addition to the categories of information mentioned above, they also included country of origin, sign-up dates, device information, language preferences, user names, hashed passwords, and email correspondence between users and the company.

Out of the 10.88 billion records the researchers found, 11 million contained email addresses, while another 26,392,701 had password hashes for both CAM4 users and website systems. A few hundred of the entries included full names, credit card types, and payment amounts. Who's Affected? It's hard to say exactly, but the Safety Detectives analysis suggests that roughly 6.6 million US users of CAM4 were part of the leak, along with 5.4 million in Brazil, 4.9 million in Italy, and 4.2 million in France. It's unclear to what extent the leak impacted both performers and customers. The report says CAM4's parent company, Granity Entertainment, took the server offline within a half hour of being contacted by the researchers.

An anonymous reader writes: Browser maker Mozilla is working on a new service called Private Relay that generates unique aliases to hide a user's email address from advertisers and spam operators when filling in online forms. The service entered testing last month and is currently in a closed beta, with a public beta currently scheduled for later this year, ZDNet has learned. Private Relay will be available as a Firefox add-on that lets users generate a unique email address -- an email alias -- with one click. The user can then enter this email address in web forms to send contact requests, subscribe to newsletters, and register new accounts. "We will forward emails from the alias to your real inbox," Mozilla says on the Firefox Private Relay website. "If any alias starts to receive emails you don't want, you can disable it or delete it completely," the browser maker said.

Google announced this week new rules for the Chrome Web Store in an attempt to cut down the number of shady Chrome extensions submitted and listed on the site. From a report: Starting August 27, Google says it intends to enforce a new set of rules, which will result in a large number of extensions being delisted. These rules are meant to crack down on a series of practices extension developers have been recently employing to flood the Web Store with shady extensions or boost install counts for low-quality content. They include:
1. Developers cannot submit duplicate extensions anymore. (e.g. Wallpaper extensions that have different names but provide the user with the same wallpapers when installed.)
2. Extensions are not allowed to use "keyword spam" techniques to flood metadata fields with multiple terms and have the extension listed across multiple categories to improve the extension's visibility in search results.
3. Developers are not allowed to use misleading, improperly formatted, non-descriptive, irrelevant, excessive, or inappropriate metadata. Extension metadata needs to be accurate, and Google intends to be strict about it.
4. Developers are now forbidden from inflating product ratings, reviews, or install counts by illegitimate means, such as fraudulent or paid downloads, reviews, and ratings.

1.5 billion people use Gmail, according to a recent article in the BBC. And every day millions of them receive an email about a coronavirus scam: Scammers are sending 18 million hoax emails about Covid-19 to Gmail users every day, according to Google... The company said it was blocking more than 100 million phishing emails a day. Over the past week, almost a fifth were scam emails related to coronavirus. The virus may now be the biggest phishing topic ever, tech firms say...

The growth in coronavirus-themed phishing is being recorded by several cyber-security companies. Barracuda Networks said it had seen a 667% increase in malicious phishing emails during the pandemic...

Google claims that its machine-learning tools are able to block more than 99.9% of [scam] emails from reaching its users.

McGruber shares a report from Business Insider: Facebook is blocking users from posting some legitimate news articles about the coronavirus in what appears to be a bug in its spam filters. On Tuesday, multiple Facebook users reported on Twitter that they found themselves unable to post articles from certain news outlets including Business Insider, BuzzFeed, The Atlantic, and the Times of Israel. It's not clear exactly what has gone wrong, and Facebook did not respond to a request for comment.

Alex Stamos, an outspoken former Facebook security exec, speculated that it might be caused by Facebook's shift to automated software after it sent its human content moderators home. "It looks like an anti-spam rule at FB is going haywire," he wrote on Twitter. "Facebook sent home content moderators yesterday, who generally can't [work from home] due to privacy commitments the company has made. We might be seeing the start of the machine learning going nuts with less human oversight. In a tweet, VP of Integrity Guy Rosen said: "We're on this -- this is a bug in an anti-spam system, unrelated to any changes in our content moderator workforce. We're in the process of fixing and bringing all these posts back."

Malware distributors "have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software," reports security researcher Brian Krebs: In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware. Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins interactive map as part of a Java-based malware deployment scheme.

The kit costs $200 if the buyer already has a Java code signing certificate, and $700 if the buyer wishes to just use the seller's certificate. "It loads [a] fully working online map of Corona Virus infected areas and other data," the seller explains. "Map is resizable, interactive, and has real time data from World Health Organization and other sources. Users will think that PreLoader is actually a map, so they will open it and will spread it to their friends and it goes viral...!" The sales thread claims the customer's payload can be bundled with the Java-based map into a filename that most Webmail providers allow in sent messages... The seller says the user/victim has to have Java installed for the map and exploit to work, but that it will work even on fully patched versions of Java...

It's unclear how many takers this seller has had, but earlier this week security experts began warning of new malicious Web sites being stood up that used interactive versions of the same map to distract visitors while the sites tried to foist the password-stealing AZORult malware.

An anonymous reader quotes a report from TechCrunch: Twitter today updated its Developer Policy to clarify rules around data usage, including in academic research, as well as its position on bots, among other things. The policy has also been entirely rewritten in an effort to simplify the language used and make it more conversational, Twitter says. The new policy has been shortened from eight sections to four, and the accompanying Twitter Developer Agreement has been updated to align with the Policy changes, as well. One of the more notable updates to the new policy is a change to the rules to better support non-commercial research.

Twitter data is used to study topics like spam, abuse, and other areas related to conversation health, the company noted, and it wants these efforts to continue. The revised policy now allows the use of the Twitter API for academic research purposes. In addition, Twitter is simplifying its rules around the redistribution of Twitter data to aid researchers. Now, researchers will be able to share an unlimited number of Tweet IDs and/or User IDs, if they're doing so on behalf of an academic institution and for the sole purpose of non-commercial research, such as peer review, says Twitter. The company is also revising rules to clarify how developers are to proceed when the use cases for Twitter data change. In the new policy, developers are informed that they must notify the company of any "substantive" modification to their use case and receive approval before using Twitter content for that purpose. Not doing so will result in suspension and termination of their API and data access, Twitter warns.

The policy additionally outlines when and where "off-Twitter matching" is permitted, meaning when a Twitter account is being associated with a profile built using other data. Either the developer will need to obtain opt-in consent from the user in question, or they can only proceed if the information was provided by the person or is based on publicly available data. [...] Finally, the revamped policy clarifies that not all bots are bad. Some even enhance the Twitter experience, the company says, or provide useful information. Going forward, developers must specify if they're operating a bot account, what the account is, and who is behind it. This way, explains Twitter, "it's easier for everyone on Twitter to know what's a bot – and what's not."

Microsoft announced today a coordinated takedown of Necurs, one of the largest spam and malware botnets known to date, believed to have infected more than nine million computers worldwide. From a report: The takedown effort came after Microsoft and industry partners broke the Necurs DGA -- the botnet's domain generation algorithm, the component that generates random domain names. Necurs authors register DHA-generated domains weeks or months in advance and host the botnet's command-and-control (C&C) servers, where bots (infected computers) connect to receive new commands. "We were then able to accurately predict over six million unique domains that would be created in the next 25 months," said Tom Burt, Microsoft Vice President for Customer Security & Trust. Breaking the DGA allowed Microsoft and its industry partners to create a comprehensive list of future Necurs C&C server domains that they can now block and prevent the Necurs team from registering.

Facebook filed a lawsuit this week against Namecheap, claiming the domain name registrar has refused to cooperate in an investigation into a series of malicious domains that have been registered through its service and which impersonated the Facebook brand. ZDNet reports: Christen Dubois, Director and Associate General Counsel at Facebook, said today that Facebook engineers tracked down 45 suspicious Facebook lookalike domains registered through Namecheap, which had the owners' details hidden through the company's WhoisGuard side-service. Some of the sample domains included the likes of instagrambusinesshelp.com, facebo0k-login.com, and whatsappdownload.site. Dubois said lookalike domains like these -- which abuse the Facebook brand -- are often used for phishing, fraud, and scams.

"We sent notices to Whoisguard between October 2018 and February 2020, and despite their obligation to provide information about these infringing domain names, they declined to cooperate," Dubois said. "We don't want people to be deceived by these web addresses, so we've taken legal action," the Facebook exec said.

Adrianne Jeffries, Leon Yin, and Surya Mattu, reporting for The Markup: Pete Buttigieg is leading at 63 percent. Andrew Yang came in second at 46 percent. And Elizabeth Warren looks like she's in trouble with 0 percent. These aren't poll numbers for the U.S. 2020 Democratic presidential contest. Instead, they reflect which candidates were able to consistently land in Gmail's primary inbox in a simple test. The Markup set up a new Gmail account to find out how the company filters political email from candidates, think tanks, advocacy groups, and nonprofits. We found that few of the emails we'd signed up to receive -- 11 percent -- made it to the primary inbox, the first one a user sees when opening Gmail and the one the company says is "for the mail you really, really want."

Half of all emails landed in a tab called "promotions," which Gmail says is for "deals, offers, and other marketing emails." Gmail sent another 40 percent to spam. For political causes and candidates, who get a significant amount of their donations through email, having their messages diverted into less-visible tabs or spam can have profound effects. "The fact that Gmail has so much control over our democracy and what happens and who raises money is frightening," said Kenneth Pennington, a consultant who worked on Beto O'Rourke's digital campaign. "It's scary that if Gmail changes their algorithms," he added, "they'd have the power to impact our election."

If you thought LinkedIn had already reached peak undesirability, you were wrong: the company is now planning to add Snapchat-style Stories to its platform. From a report: Yes, the business-focused networking app that fills your inbox with recruiter and PR spam may be getting Stories. Social media users have been suffering from Stories exhaustion for years at this point. It's a feature that works great for its pioneer, Snapchat, and for Instagram... and pretty much nothing else -- I mean, have you ever watched a Facebook Story on purpose? LinkedIn Stories inevitably promise to bring well-manicured, painfully corporate video clips to your feed as a way to mix up the approach to networking. Or, as the company puts it, to "bring creativity and authenticity to the ways that members share more of their work life, so that they can build and nurture the relationships necessary to become more productive and successful."

Truecaller, one of the world's largest caller-identification service providers, has amassed 200 million monthly active users and is increasingly proving that it can turn a profit, it said Tuesday. The company also noted that India is its largest market with 150 million active users. From a report: Reaching the 200 million milestone gives the Swedish firm a significant lead over its Seattle-based rival Hiya, which had about 100 million users as of October last year. But unlike its rivals, Truecaller has expanded beyond its caller ID and spam monitoring service. In recent years, it has added messaging and payments services in some markets. Both of these are gaining adoption, said Truecaller co-founder and chief executive Alan Mamedi (pictured above) in an interview with TechCrunch. The payments service, currently available only in India, would soon be expanded to some African markets, said Mamedi. In India, Truecaller plans to offer lending service in a few weeks, he said.

Mogster shares a report from the BBC: Monty Python stars have led the tributes to their co-star Terry Jones, who has died at the age of 77. The Welsh actor and writer played a variety of characters in the iconic comedy group's Flying Circus TV series, and directed several of their films. He died on Tuesday, four years after contracting a rare form of dementia known as Frontotemporal Dementia (FTD). Here are some of Jones' best lines:

"Now, you listen here! He's not the Messiah. He's a very naughty boy!" -- as Brian's mother in Monty Python's Life of Brian

"I'm alive, I'm alive!" -- as the naked hermit who gives away the location of a hiding Brian in Life of Brian

"I shall use my largest scales" - as Sir Belvedere, who oversees a witch trial in Monty Python and the Holy Grail

"What, the curtains?" -- as Prince Herbert, who is told "One day, lad, all this will be yours" in Holy Grail

"Spam, spam, spam, spam, spam, spam, spam" -- as the greasy spoon waitress in a Monty Python sketch

It's a tantalizing prospect for traders whose success often hinges on microseconds: a desktop PC algorithm that crunches market data faster than today's most advanced supercomputers. Japan's Toshiba says it has the technology to make such rapid-fire calculations a reality -- not quite quantum computing, but perhaps the next best thing. From a report: The claim is being met with a mix of intrigue and skepticism at financial firms in Tokyo and around the world. Toshiba's "Simulated Bifurcation Algorithm" is designed to harness the principles behind quantum computers without requiring the use of such machines, which currently have limited applications and can cost millions of dollars to build and keep near absolute zero temperature. Toshiba says its technology, which may also have uses outside finance, runs on PCs made from off-the-shelf components.

"You can just plug it into a server and run it at room temperature," Kosuke Tatsumura, a senior research scientist at Toshiba's Computer & Network Systems Laboratory, said in an interview. The Tokyo-based conglomerate, while best known for its consumer electronics and nuclear reactors, has long conducted research into advanced technologies. Toshiba has said it needs a partner to adopt the algorithm for real-world use, and financial firms have taken notice as they grapple for an edge in markets increasingly dominated by machines. Banks, brokerages and asset managers have all been experimenting with quantum computing, although viable applications are generally considered to be some time away.

Following in Mozilla's footsteps, Google announced today plans to hide notification popup prompts inside Chrome starting next month, February 2020. ZDNet reports: According to a blog post published today, Google plans to roll out a "quieter notification permission UI that reduces the interruptiveness of notification permission requests." The change is scheduled for Google Chrome 80, scheduled for release on February 4, next month.

Starting with Chrome 80 next month, Google's browser will also block most notification popups by default, and show an icon in the URL bar, similar to Firefox. When Chrome 80 launches next month, a new option will be added in the Chrome settings section that allows users to enroll in the new "quieter notification UI." Users can enable this option as soon as Chrome 80 is released, or they can wait for Google to enable it by default as the feature rolls out to the wider Chrome userbase in the following weeks. According to Google, the new feature works by hiding notification requests for Chrome users who regularly dismiss notification prompts. Furthermore, Chrome will also automatically block notification prompts on sites where users rarely accept notifications.

Security researcher Ibrahim Balic said he has matched 17 million phone numbers to Twitter user accounts by exploiting a flaw in Twitter's Android app. TechCrunch reports: Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter's contacts upload feature. "If you upload your phone number, it fetches user data in return," he told TechCrunch. He said Twitter's contact upload feature doesn't accept lists of phone numbers in sequential format -- likely as a way to prevent this kind of matching. Instead, he generated more than two billion phone numbers, one after the other, then randomized the numbers, and uploaded them to Twitter through the Android app. (Balic said the bug did not exist in the web-based upload feature.)

Over a two-month period, Balic said he matched records from users in Israel, Turkey, Iran, Greece, Armenia, France and Germany, he said, but stopped after Twitter blocked the effort on December 20. Balic provided TechCrunch with a sample of the phone numbers he matched. Using the site's password reset feature, we verified his findings by comparing a random selection of usernames with the phone numbers that were provided. While he did not alert Twitter to the vulnerability, he took many of the phone numbers of high-profile Twitter users -- including politicians and officials -- to a WhatsApp group in an effort to warn users directly. A Twitter spokesperson told TechCrunch the company was working to "ensure this bug cannot be exploited again."

"Upon learning of this bug, we suspended the accounts used to inappropriately access people's personal information. Protecting the privacy and safety of the people who use Twitter is our number one priority and we remain focused on rapidly stopping spam and abuse originating from use of Twitter's APIs," the spokesperson said.