Bitcoin

Julian Assage Taunts US Government For Forcing Wikileaks To Invest In Bitcoin (facebook.com) 182

Saturday's tweet from Julian Assange says it all: "My deepest thanks to the US government, Senator McCain and Senator Lieberman for pushing Visa, MasterCard, PayPal, AmEx, Moneybookers, et al, into erecting an illegal banking blockade against @WikiLeaks starting in 2010. It caused us to invest in Bitcoin -- with > 50000% return."
Assange's tweet was accompanied by a graph showing the massive spike in the price of bitcoin -- though most of that growth occurred in the last year.
Crime

Pizza Hut Leaks Credit Card Info On 60,000 Customers (kentucky.com) 76

An anonymous reader quotes McClatchy: Pizza Hut told customers by email on Saturday that some of their personal information may have been compromised. Some of those customers are angry that it took almost two weeks for the fast food chain to notify them. According to a customer notice emailed from the pizza chain, those who placed an order on its website or mobile app between the morning of Oct. 1 and midday Oct. 2 might have had their information exposed. The "temporary security intrusion" lasted for about 28 hours, the notice said, and it's believed that names, billing ZIP codes, delivery addresses, email addresses and payment card information -- meaning account number, expiration date and CVV number -- were compromised... A call center operator told McClatchy that about 60,000 people across the U.S. were affected.
"[W]e estimate that less than one percent of the visits to our website over the course of the relevant week were affected," read a customer notice sent only to those affected, offering them a free year of credit monitoring. But that hasn't stopped sarcastic tweets like this from the breach's angry victims.

"Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it."
Chrome

Microsoft Edge Beats Chrome and Firefox in Malware-Blocking Tests (computerworld.com) 125

An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.

Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%.

The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers. But in the real world, Edge runs on just 5% of all personal computers, while Firefox runs on 13% and Chrome on 60%.
Communications

Russia Reportedly Used Pokemon Go In an Effort To Inflame Racial Tensions (theverge.com) 209

An anonymous reader quotes a report from The Verge: Russia's far-ranging campaign to promote dissension in the United States reportedly included an effort to weaponize Pokemon Go. CNN reported that in July 2016, a Tumblr page linked to Russia's now-notorious Internet Research Agency promoted a contest encouraging people sympathetic to the Black Lives Matter movement to play the game near famous sites of police brutality. Players were told to change their characters' names to the victims of those incidents -- an apparent effort to inflame racial tensions. The Tumblr page was linked to Do Not Shoot Us, a multi-platform campaign designed to mimic aspects of Black Lives Matter. (As CNN notes, the name plays on "hands up, don't shoot," one of the movement's slogans.) Do Not Shoot Us included a website, donotshoot.us, along with related pages on Facebook, Instagram, Twitter, and YouTube. The Facebook page was one of 470 pages that were removed after the company determined that it was linked to Russian groups attempting to interfere in US politics.
Google

Google Bombs Are Our New Normal (wired.com) 94

mirandakatz writes: Tech companies' worst crises used to come in the form of pranks like Google bombs: Users figured out how to game search results, such as when a search for "miserable failure" turned up links to information about then-president George W. Bush. Today, in the era of fake news and Russian interference, that's basically our new normal -- but as Karen Wickre, a former communications lead at companies like Google and Twitter, points out, tech companies' approaches to dealing with the new breed of crises haven't evolved much since the age of Google bombs. Wickre suggests a new, collaborative approach that she dubs the "Federation," writing that "No single company, no matter how massive and wealthy, can hire its way out of a steady gusher of bad information or false and manipulative ads...The era of the edge case -- the exception, the outlier—is over. Welcome to our time, where trouble is forever brewing."
Businesses

Real Moviegoers Don't Care About Rotten Tomatoes 170

In a recent essay published on the Hollywood Reporter, Martin Scorsese inveighs against two conjoined trends -- the widespread reporting of box-office results and the grading of movies by consumers on CinemaScore and by critics on Rotten Tomatoes -- and blames it for "a tone that is hostile to serious filmmakers." In particular, he contends that this hostile environment is worsening "as film criticism written by passionately engaged people with actual knowledge of film history has gradually faded from the scene." Richard Brody, a movie critic at the New Yorker, thinks Scorsese is missing the mark. He writes: I think that film criticism is, over all, better than ever, because, with its new Internet-centrism, it's more democratic than ever and many of the critics who write largely online are more film-curious than ever. Anyone who is active on so-called Film Twitter -- who sees links by critics, mainly younger critics, to his or her work -- can't help but be impressed by the knowledge, the curiosity, and the sensibility of many of them. Their tastes tend to be broader and more daring than those of many senior critics on more established publications. And, even if readers of the wider press aren't reading these more obscure critics, the critics whom general readers read are often reading those young critics (and if they're not, it shows). This is, of course, not universally so, any more than it ever was. The Internet is democratic in all directions -- it's also available to writers of lesser knowledge, duller taste, and dubious agendas, and it may be their work that's advertised most loudly -- but the younger generation of critics is present online and there for the finding. [...] What Scorsese doesn't exactly say, but what, I think, marks a generation gap in movie thinking that his essay reflects, is the appearance of an increasing divide between artistically ambitious films and Hollywood films -- the gap between the top box-office films and the award winners. For filmmakers ready to work on lower budgets, the gap is irrelevant. The filmmakers whose conceptions tend toward the spectacular are the ones whose styles may, literally, be cramped by shrinking budgets -- filmmakers such as Scorsese and Wes Anderson, whose work has both an original and elaborate sense of style and a grand historical reach.
Twitter

Twitter Is Crawling With Bots and Lacks Incentive To Expel Them (bloomberg.com) 94

An anonymous reader shares a report: On Wednesday, the exterior of Twitter's San Francisco headquarters bore an eerie message: "Ban Russian Bots." Someone -- the company doesn't know who -- projected the demand onto the side of its building. Bots, or automated software programs, can be programmed to periodically send out messages on the internet. Now Twitter is scrambling to explain how bots controlled by Russian meddlers may have been used to impact the 2016 president election. Twitter was designed to be friendly to bots. They can help advertisers quickly spread their messages and respond to customer service complaints. Research from the University of Southern California and Indiana University shows that 9 to 15 percent of active Twitter accounts are bots. Many innocuously tweet headlines, the weather or Netflix releases. After the election, there was little discussion inside the company about whether the platform may have been misused, according to people familiar with the matter who asked not to be identified because it is private. But the ubiquity and usefulness of bots did come up. At one point, there were talks about whether Twitter should put a marking on bot accounts, so that users would know they were automated, one of the people said. Yet most of the conversation after the election focused on whether Trump's tweets violated Twitter's policies, the person said.
Operating Systems

OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users (bleepingcomputer.com) 164

An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Science

Mondays Are the Worst, Data Science Proves (qz.com) 103

An anonymous shares a report: People who are miserable on Monday have lots of company. It's the worst day of the week for millions, according to researchers at the University of Vermont Complex Systems Center who analyze Twitter messages for happiness sentiment. Mood tends to improve during the rest of the week, peaking on Saturday, before beginning to crash again, according to data based tweets since 2008. In this analysis, the university's "hedonometer" takes a random sample of about 50 million Twitter posts each day, which is roughly 10% of all the site's message traffic. The researchers have assigned average scores to more than 10,000 commonly used words (from 1 to 9, on a scale of increasing happiness), which are used to measure a particular day's happiness. The data can also offer some insight into how populations have responded to major events. The day after the mass shooting in Las Vegas on Oct. 2 was Twitter's saddest day on record, according to the University of Vermont research. Another low was recorded on May 2, 2011, when Osama Bin Laden, the terrorist mastermind behind thousands of murders, was killed. Rather than clear positivity, language used on Twitter "reflected that a very negatively viewed character met a very negative end," according to the researcher's website.
Microsoft

Microsoft Exec Says Windows 10 Mobile is No Longer a 'Focus' (engadget.com) 135

From a report: Microsoft's Joe Belfiore informed Twitter users that new features and hardware for Windows 10 Mobile "aren't the focus" any more. There will be fixes and security patches, of course, but you shouldn't expect more than that. As for why the platform has been all but dropped? The executive boils it down to one main reason: the difficulty of getting developers to write apps. Microsoft tried paying companies to produce apps and even wrote them itself when creators couldn't or wouldn't get involved, but the number of users was "too low for most companies to invest." Why build an app for a relatively small bunch of Windows phone owners when there are many more Android and iOS users? Belfiore himself switched to Android for the "app/[hardware] diversity." It's a bit more complicated than that, of course. You can point to a few other factors in Windows' fate on phones, such as slowness in responding to Apple and Google as well as an inconsistent hardware strategy (you could rarely count on getting a timely sequel to a handset you liked). Whatever the reason, it's safe to say that Microsoft isn't just acknowledging that Android and iOS hold a clear lead -- it's quashing any hopes for a comeback, at least for the foreseeable future.
Earth

100K Lose Power As America Faces Its Third Hurricane In Three Weeks (go.com) 119

An anonymous reader writes: The good news: Hurricane Nate was eventually downgraded to "a tropical storm" at 4:30 Sunday morning (EST), moving north-northeast with maximum winds of 70 mph. The bad news: 100,000 people don't have power in Mississippi and Alabama, and a tornado watch is in effect until 11 a.m. "Even though Nate has made landfall and will weaken today, we are still forecasting heavy rain from Nate to spread well inland towards the Tennessee Valley and Appalachian mountains," ABC News meteorologist Daniel Manzo said Sunday morning. Saturday the Gulf Coast near Biloxi, Mississippi was hit with 85 mph winds and a storm surge of between four to five feet. "Gulf Coast residents are waking up to a wet, windy -- and in some cases, powerless -- Sunday morning," reports ABC News, "but it's still not as devastating as they expected."
Youtube

YouTube Alters Algorithm To Promote News, Penalize Vegas Shooting Conspiracy Theories (usatoday.com) 372

An anonymous reader quotes USA Today: YouTube has changed its powerful search algorithm to promote videos from more mainstream news outlets in search results after people looking for details on the Las Vegas shooting were served up conspiracy theories and misinformation. YouTube confirmed the changes Thursday... In the days after the mass shooting, videos abounded on YouTube, some questioning whether the shooting occurred and others claiming law enforcement officials had deceived the public about what really happened...

Public outcry over YouTube videos promoting conspiracy theories is just the latest online flap for the major U.S. Internet companies. Within hours of the attack, Facebook and Google were called out for promoting conspiracy theories... Helping drive YouTube's popularity is the "Up next" column which suggests additional videos to viewers. The Wall Street Journal found incidents this week in which YouTube suggested videos promoting conspiracy theories next to videos from mainstream news sources. YouTube acknowledged issues with the "Up next" algorithm and said it was looking to promote more authoritative results there, too.

At least one video was viewed over a million times, and Slashdot reader Lauren Weinstein writes that "I've received emails from Google users who report YouTube pushing links to some of those trending fake videos directly to their phones as notifications." He's suggesting that from now on, YouTube's top trending videos should be reviewed by actual humans.
Bitcoin

Bitcoin Transactions Lead To Arrest of Major Drug Dealer (techspot.com) 169

"Drug dealer caught because of BitCoin usage," writes Slashdot reader DogDude. TechSpot reports: 38-year-old French national Gal Vallerius stands accused of acting as an administrator, senior moderator, and vendor for dark web marketplace Dream Market, where visitors can purchase anything from heroin to stolen financial data. Upon arriving at Atlanta international airport on August 31, Vallerius was arrested and his laptop searched. U.S. Drug Enforcement Administration agents allegedly discovered $500,000 of Bitcoin and Bitcoin cash on the computer, as well a Tor installation and a PGP encryption key for someone called OxyMonster...

In addition to his role with the site, agents had identified OxyMonster as a major seller of Oxycontin and crystal meth. "OxyMonster's vendor profile featured listings for Schedule II controlled substances Oxycontin and Ritalin," testified DEA agent Austin Love. "His profile listed 60 prior sales and five-star reviews from buyers. In addition, his profile stated that he ships from France to anywhere in Europe." Investigators discovered OxyMonster's real identity by tracing outgoing Bitcoin transactions from his tip jar to wallets registered to Vallerius. Agents then checked his Twitter and Instagram accounts, where they found many writing similarities, including regular use of quotation marks, double exclamation marks, and the word "cheers," as well as intermittent French posts. The evidence led to a warrant being issued for Vallerius' arrest.

U.S. investigators had been monitoring the site for nearly two years, but got their break when Vallerius flew to the U.S. for a beard-growing competition in Austin, Texas. He now faces a life sentence for conspiracy to distribute controlled substances.
Bug

Massive 70-Mile-Wide Butterfly Swarm Shows Up On Denver Radar System (bbc.com) 47

dryriver shares a report from BBC: A colorful, shimmering spectacle detected by weather radar over the U.S. state of Colorado has been identified as swarms of migrating butterflies. Scientists at the National Weather Service (NWS) first mistook the orange radar blob for birds and had asked the public to help identifying the species. They later established that the 70-mile wide (110km) mass was a kaleidoscope of Painted Lady butterflies. Forecasters say it is uncommon for flying insects to be detected by radar. "We hadn't seen a signature like that in a while," said NWS meteorologist Paul Schlatter, who first spotted the radar blip. "We detect migrating birds all the time, but they were flying north to south," he told CBS News, explaining that this direction of travel would be unusual for migratory birds for the time of year. So he put the question to Twitter, asking for help determining the bird species. Almost every response he received was the same: "Butterflies." Namely the three-inch long Painted Lady butterfly, which has descended in clouds on the Denver area in recent weeks. The species, commonly mistaken for monarch butterflies, are found across the continental United States, and travel to northern Mexico and the U.S. southwest during colder months. They are known to follow wind patterns, and can glide hundreds of miles each day.
Power

Elon Musk Says Tesla Could Rebuild Puerto Rico's Power Grid With Batteries, Solar (electrek.co) 337

After Puerto Rico was hit by hurricane Maria, Tesla quickly started shipping hundreds of its Powerwall batteries there to try and get power back on to some houses with solar arrays. Now, Tesla CEO Elon Musk took to Twitter to say that Tesla could rebuild Puerto Rico's power grid with batteries and solar on a bigger scale. Electrek reports: Puerto Rico's electricity rates were already quite high at around $0.20 per kWh and reliant on fossil fuels. After it was pointed out that Puerto Rico's destroyed grid is an opportunity to build a better one, Musk wrote on Twitter: "The Tesla team has done this for many smaller islands around the world, but there is no scalability limit so it can be done for Puerto Rico too. Such a decision would be in the hands of the Puerto Rico government, PUC (Public Utilities Commission), any commercial stakeholders and, most importantly, the people of Puerto Rico."

Musk is referring to solar and battery projects that Tesla recently deployed on other islands, like Tesla's visually stunning Powerpack and solar project in Kauai. Those projects power grids for much smaller populations, but Musk has always said that it's scalable to support much larger islands, like Puerto Rico, and ultimately entire continents, which are just like big islands to a certain degree. The thing is that those systems are still reliant on power lines for larger communities and devices, like solar panels and wind turbines, that are still subject to problems with natural disasters. The advantage of Tesla's solution is that it has the potential to be distributed, which increases the odds of at least some systems staying online or bringing some back online quicker.

Government

Russian Hackers Exploited Kaspersky Antivirus To Steal NSA Data on US Cyber Defense: WSJ (wsj.com) 221

An NSA contractor brought home highly classified documents that detailed how the U.S. penetrates foreign computer networks and defends against cyberattacks. The contractor used Kaspersky antivirus on his home computer, which hackers working for the Russian government exploited to steal the documents, the WSJ reported on Thursday (the link could be paywalled; alternative source), citing multiple people with knowledge of the matter. From the report: The hackers appear to have targeted the contractor after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said. The theft, which hasn't been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S. The incident occurred in 2015 but wasn't discovered until spring of last year, said the people familiar with the matter. Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said. Ahead of the publication of WSJ report, Kaspersky founder Eugene Kaspersky tweeted, "New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats."
Sci-Fi

According To Star Trek: Discovery, Starfleet Still Runs Microsoft Windows (theverge.com) 237

AmiMoJo shares a report from The Verge: The third episode of Star Trek: Discovery aired this week, and at one point in the episode, Sonequa Martin-Green's Michael Burnham is tasked with reconciling two suites of code. In the show, Burnham claims the code is confusing because it deals with quantum astrophysics, biochemistry, and gene expression. And while the episode later reveals that it's related to the USS Discovery's experimental new mycelial network transportation system, Twitter user Rob Graham noted the code itself is a little more pedestrian in nature. More specifically, it seems to be decompiled code for the infamous Stuxnet virus, developed by the United States to attack Iranian computers running Windows.
Android

Google Is Latest Company To Ditch Headphone Jack In Its Newest Smartphones (cultofmac.com) 391

When launching its original Pixel smartphone, Google mocked the iPhone 7's missing headphone jack in its marketing material. According to Cult of Mac, Google won't be doing the same for the Pixel 2. "The company has decided to remove the aging port from its latest handsets," reports Cult of Mac. "A new leak reveals that the lineup will rely solely on USB-C for wired connectivity." From the report: Incredibly reliable leaker Evan Blass has published pictures and details of Google's upcoming Pixel 2 smartphones on VentureBeat. He has also confirmed that neither device will feature a headphone jack, which means users will have to rely on a USB-C adapter or Bluetooth. It also means Google will no longer be able to put out Pixel ads that take sly swipes at the iPhone's missing port. Blass says both Pixel handsets will be powered by a Snapdragon 835 chipset -- the same one found in the Galaxy S8, the LG V30, and other 2017 flagships -- not a faster Snapdragon 836 processor as originally planned. Other features are said to include 12-megapixel cameras, 4GB of RAM, and 64GB or 128GB storage options. The smaller Pixel will pack a 5-inch 1080p display with a 16:9, while its larger sibling will pack a 6-inch Quad HD display with an 18:9 aspect ratio. Is the lack of a headphone jack a deal-breaker, or do you think the Pixel's other features, like stock Android and front-facing stereo speakers, will make up for it?
Security

Equifax Says 2.5 Million More Americans May Be Affected By Hack (reuters.com) 78

According to Reuters, Equifax said about 2.5 million additional U.S. consumers may have been impacted by a cyber attack at the company last month. Last month, the company disclosed that personal details of up to 143 million U.S. consumers were accessed by hackers between mid-May and July.

As for what led to the breach, Ars Technica reports it was "a series of costly delays and crucial errors." From the report: Chief among the failures: an Equifax e-mail directing administrators to patch a critical vulnerability in the open source Apache Struts Web application framework went unheeded, despite a two-day deadline to comply. Equifax also waited a week to scan its network for apps that remained vulnerable. Even then, the delayed scan failed to detect that the code-execution flaw still resided in a section of the sprawling Equifax site that allows consumers to dispute information they believe is incorrect. Equifax said last month that the still-unidentified attackers gained an initial hold in the network by exploiting the critical Apache Struts vulnerability.
Google

Google Investigates Facebook's Russian Political Operatives, Will Address Congressmen (recode.net) 93

An anonymous reader quotes Recode: Facebook has shared some details about the Russian-operated profiles it discovered on its platform with Google, as the search giant -- with the rest of the tech industry -- continues to probe the extent to which Kremlin-backed misinformation spread through their websites during the 2016 U.S. presidential election. It is unclear if Google has found any suspicious ads or other content after evaluating Facebook's data, an exchange of intel confirmed to Recode today by three sources familiar with the matter. At the very least, Google's investigation appears to be much broader in scope than a similar one by Twitter, which had drawn the ire of Congress for appearing to be incomplete. A Google spokesperson declined to comment for this story, as did a Facebook rep.

For now, though, Google is slated to deliver a private briefing to U.S. lawmakers studying Russia's political tactics in the coming weeks, additional sources told Recode. A date does not appear to have been set. And the search-and-advertising giant has been asked to join Facebook and Twitter at two upcoming hearings in the House and Senate where the industry will face questions -- out in the open -- about its safeguards against Russian political interference in the future.

Slashdot Top Deals