Security

Suspicious Event Hijacks Amazon Traffic For 2 hours, Steals Cryptocurrency (arstechnica.com) 14

Amazon lost control of some of its widely used cloud services for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that allowed them to redirect traffic to rogue destinations, according to media reports. ArsTechnica: The attackers appeared to use one server masquerading as cryptocurrency website MyEtherWallet.com to steal digital coins from unwitting end users. They may have targeted other customers of Amazon's Route 53 service as well. The incident, which started around 6am California time, hijacked roughly 1,300 IP addresses, Oracle-owned Internet Intelligence said on Twitter. The malicious redirection was caused by fraudulent routes that were announced by Columbus, Ohio-based eNet, a large Internet service provider that is referred to as autonomous system 10297. Once in place, the eNet announcement caused some of its peers to send traffic over the same unauthorized routes. [...] Tuesday's event may also have ties to Russia, because MyEtherWallet traffic was redirected to a server in that country, security researcher Kevin Beaumont said in a blog post. The redirection came by rerouting domain name system traffic and using a server hosted by Chicago-based Equinix to perform a man-in-the-middle attack. MyEtherWallet officials said the hijacking was used to send end users to a phishing site. Participants in this cryptocurrency forum appear to discuss the scam site. Further reading: Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000 (BleepingComputer).
Businesses

Patent 'Death Squad' System Upheld by US Supreme Court (bloomberg.com) 31

The U.S. Supreme Court upheld an administrative review system that has helped Google, Apple and other companies invalidate hundreds of issued patents. From a report: The justices, voting 7-2, said Tuesday a U.S. Patent and Trademark Office review board that critics call a patent "death squad" wasn't unconstitutionally wielding powers that belong to the courts. Silicon Valley companies have used the system as a less-expensive way to ward off demands for royalties, particularly from patent owners derided as "trolls" because they don't use their patents to make products. Drugmakers and independent inventors complain that it unfairly upends what they thought were established property rights. "It came down to this: Is the patent office fixing its own mistakes or is the government taking property?" said Wayne Stacy, a patent lawyer with Baker Botts. "They came down on the side of the patent office fixing its own mistakes." The ruling caused shares to drop in companies whose main source of revenue -- their patents -- are under threat from challenges. VirnetX, which is trying to protect almost $1 billion in damages it won against Apple, dropped as much as 12 percent. The patent office has said its patents are invalid in a case currently before an appeals court.
Facebook

Facebook Has Hosted Stolen Identities and Social Security Numbers for Years (vice.com) 25

Cybercriminals have posted sensitive personal information, such as credit card and social security numbers, of dozens of people on Facebook and have advertised entire databases of private information on the social platform, Motherboard reports. Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them. From the report: As of Monday, there were several public posts on Facebook that advertised dozens of people's Social Security Numbers and other personal data. These weren't very hard to find. It was as easy as a simple Google search. Most of the posts appeared to be ads made by criminals who were trying to sell personal information. Some of the ads are several years old, and were posted as "public" on Facebook, meaning anyone can see them, not just the author's friends. Independent security researcher Justin Shafer alerted Motherboard to these posts Monday.
United States

Senate Confirms Trump's Pick for NSA, Cyber Command (politico.com) 35

An anonymous reader shares a report: The Senate Tuesday quietly confirmed President Donald Trump's nominee to lead the National Security Agency and U.S. Cyber Command. U.S. Army Cyber Command chief Lt. Gen. Paul Nakasone was unanimously confirmed by voice vote to serve as the "dual-hat" leader of both organizations. The two have shared a leader since the Pentagon established Cyber Command in 2009. He will replace retiring Navy Adm. Mike Rogers after a nearly four-year term. The Senate Intelligence and Armed Services committees both previously approved Nakasone's nomination by voice vote.
Security

Ask Slashdot: Do We Need a New Word For Hacking? 134

goombah99 writes: Hacking and Hackers get a bum rap. Headline scream "Every Nitendo switch can be hacked." But that's good right? Just like farmers hacking their tractors or someone re-purposing a talking teddy bear. On the other hand, remote hacking a Intel processor backdoor or looting medical data base, that are also described as hacking, are ill-motivated. It seems like we need words with different connotations for hacking. One for things you should definitely do, like program an Arduino or teddy bear. One for things that are pernicious. And finally one for things that are disputably good/bad such as hacking DRM protected appliances you own. What viral sounds terms and their nuances would you suggest? Editor's note: We suggest reading this New Yorker piece "A Short History of 'Hack'", and watching this Defcon talk by veteran journalist Steven Levy on the creativeness and chutzpah of the early hackers.
Facebook

Facebook Has Considered Profiling Its Users' Personalities and Using the Information To Target Ads (bbc.com) 45

An anonymous reader shares a report: A patent filed by the social network describes how personality characteristics, including emotional stability, could be determined from people's messages and status updates. The firm is currently embroiled in a privacy scandal over the use of its data by a political consultancy. Facebook says it has never used the personality test in its products. The patent, first filed in 2012, is in the names of Michael Nowak and Dean Eckles. Mr Nowak has worked for Facebook for 10 years, while Prof Eckles now teaches at the Massachusetts Institute of Technology. The patent has been updated twice, most recently in 2016. The BBC has seen emails from Mr Eckles and other Facebook staff to University of Cambridge psychologists in which they discuss analysis of data to infer personality traits, and talk of using such research to improve the product for users and advertisers.
Technology

Far From Being a Utilitarian Afterthought, an Astonishing Number of Design Choices Go Into Pagination (theoutline.com) 106

An anonymous reader shares a report: In his landmark 1931 book An Essay on Typography, the British typographer Eric Gill discusses everything from the proper place for the tail of an 'R' to terminate to which type of word press might best serve the amateur typographer. He casts the printed word as sacred. But there's one thing -- a silent, steady workhorse found in nearly every book -- that Gill fails to address: the lowly page number. The functional role of the page number is simple: it provides order and sequence to a text. And while it is a supremely utilitarian design element, more thought is put into it than you might imagine. Should it go at the top or the bottom of the page? In the right or left margin? Or in the center? These are all conscious and deliberate choices made by designers.
Security

Atlanta Projected To Spend At Least $2.6 Million on Ransomware Recovery (zdnet.com) 78

Atlanta is setting aside more than $2.6 million on recovery efforts stemming from a ransomware attack, which crippled a sizable part of the city's online services. ZDNet reports: The city was hit by the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. The ransom was set at around $55,000 worth of bitcoin, a digital cryptocurrency that in recent weeks has wildy fluctated in price. But the ransom was never paid, said Atlanta city spokesperson Michael Smith in an email. Between the ransomware attack and the deadline to pay, the payment portal was pulled offline by the ransomware attacker. According to newly published emergency procurement figures, the city is projected to spend as much as 50 times that amount in response to the cyberattack. Between March 22 and April 2, the city budgeted $2,667,328 in incident response, recovery, and crisis management.
Businesses

Spotify Wants More Paid Subscribers, So It Has Launched a New App To Give Away More Music For Free (recode.net) 47

Spotify on Tuesday announced a new redesigned app for free customers, its first major change to the free tier in four years, as it attempts to lure more customers into buying its subscription service. Free listeners will now get on-demand access to 15 playlists; they can play any song they want in those playlists and are no longer stuck in a world of shuffled playback. From a report: The idea: If people get more stuff without paying, they are more likely to end up paying in the long run. The new mobile app gives free users the ability to play more songs on demand, from 15 pre-populated playlists -- some of which are personalized for individual users, like its popular "Discover Weekly" feature. Spotify has always let users listen to on-demand music for free via an ad-supported option -- it's the main thing that set the company apart from other streaming services in the past. But it has limited full, free access to its library of songs to desktop users, and limited what free users could get to on its mobile app. Today's move doesn't remove those limits entirely, but gives users more opportunity to sample. Paid users get full access to Spotify's entire catalog, on-demand, without ads. The new app also offers users the ability to stream songs with lower data usage. The company says users can save up to 75% of mobile data with data saver mode while streaming on 3G.
AI

Scientists Plan Huge European AI Hub To Compete With US (theguardian.com) 50

Leading scientists have drawn up plans for a vast multinational European institute devoted to world-class artificial intelligence (AI) research in a desperate bid to nurture and retain top talent in Europe. From a report: The new institute would be set up for similar reasons as Cern, the particle physics lab near Geneva, which was created after the second world war to rebuild European physics and reverse the brain drain of the brightest and best scientists to the US. Named the European Lab for Learning and Intelligent Systems, or Ellis, the proposed AI institute would have major centres in a handful of countries, the UK included, with each employing hundreds of computer engineers, mathematicians and other scientists with the express aim of keeping Europe at the forefront of AI research. In an open letter that urges governments to act, the scientists describe how Europe has not kept up with the US and China, where the vast majority of leading AI firms and universities are based. The letter adds that while a few "research hotspots" still exist in Europe, "virtually all of the top people in those places are continuously being pursued for recruitment by US companies."
Businesses

Chinese Tech Companies Post Men-Only Job Listings, Report Finds (theverge.com) 286

Major Chinese tech companies like Huawei, Alibaba, and Tencent discriminate against women in their online job listings, a new report from Human Rights Watch found today. Some job postings directly state they are for men only, while others specify that women must have attractive appearances and even be a certain height. The Verge reports: The Human Rights Watch report reveals gender discrimination amongst major tech companies, as in the rest of Chinese society, is common and widespread. Search engine Baidu listed a job for content reviewers in March 2017 stating that applicants had to be men with the "strong ability to work under pressure, able to work on weekends, holidays and night shifts." The conglomerate Tencent, which owns WeChat, the massive game Honor of Kings, and a majority stake in League of Legends, was found to have posted an ad for a sports content editor in March 2017, stating it was looking for "strong men who are able to work nightshifts."

And Alibaba, despite Jack Ma touting the company's inclusiveness, merited an entire case study from the Human Rights Watch report. The report noted the e-commerce giant came under fire in 2015 for posting a job ad on its site for a "computer programmer's motivator" seeking women applicants with physical characteristics like Japanese adult film star Sola Aoi. Alibaba removed the reference to Sola Aoi after media reported on it, but kept the ad on the site. As recently as January this year, Alibaba still mentioned "men preferred" in job listings for "restaurant operations support specialist" positions. Tech companies also often tout the attractive women they've hired as incentives for more men to come on board, according to the HRW report. Both Tencent and Baidu were noted to have posted to their social media accounts interviews with male employees who cited having beautiful women around them as an incentive for working there.

Piracy

Netflix, Amazon, and Major Studios Try To Shut Down $20-Per-Month TV Service (arstechnica.com) 171

An anonymous reader quotes a report from Ars Technica: Netflix, Amazon, and the major film studios have once again joined forces to sue the maker of a TV service and hardware device, alleging that the products are designed to illegally stream copyrighted videos. The lawsuit was filed against the company behind Set TV, which sells a $20-per-month TV service with more than 500 channels.

"Defendants market and sell subscriptions to 'Setvnow,' a software application that Defendants urge their customers to use as a tool for the mass infringement of Plaintiffs' copyrighted motion pictures and television shows," the complaint says. Besides Netflix and Amazon, the plaintiffs are Columbia Pictures, Disney, Paramount Pictures, Twentieth Century Fox, Universal, and Warner Bros. The complaint was filed Friday in U.S. District Court for the Central District of California. The companies are asking for permanent injunctions to prevent further distribution of Set TV software and devices, the impoundment of Set TV devices, and for damages including the defendants' profits.

The Internet

Mosaic, the First HTML Browser That Could Display Images Alongside Text, Turns 25 (wired.com) 113

NCSA Mosaic 1.0, the first web browser to achieve popularity among the general public, was released on April 22, 1993. It was developed by a team of students at the University of Illinois' National Center for Supercomputing Applications (NCSA), and had the ability to display text and images inline, meaning you could put pictures and text on the same page together, in the same window. Wired reports: It was a radical step forward for the web, which was at that point, a rather dull experience. It took the boring "document" layout of your standard web page and transformed it into something much more visually exciting, like a magazine. And, wow, it was easy. If you wanted to go somewhere, you just clicked. Links were blue and underlined, easy to pick out. You could follow your own virtual trail of breadcrumbs backwards by clicking the big button up there in the corner. At the time of its release, NCSA Mosaic was free software, but it was available only on Unix. That made it common at universities and institutions, but not on Windows desktops in people's homes.

The NCSA team put out Windows and Mac versions in late 1993. They were also released under a noncommercial software license, meaning people at home could download it for free. The installer was very simple, making it easy for just about anyone to get up and running on the web. It was then that the excitement really began to spread. Mosaic made the web come to life with color and images, something that, for many people, finally provided the online experience they were missing. It made the web a pleasure to use.

Earth

Cow Could Soon Be Largest Land Mammal Left Due To Human Activity, Says Study (theguardian.com) 220

An anonymous reader quotes a report from The Guardian: The cow could be left as the biggest land mammal on Earth in a few centuries, according to a new study that examines the extinction of large mammals as humans spread around the world. The spread of hominims -- early humans and related species such as Neanderthals -- from Africa thousands of years ago coincided with the extinction of megafauna such as the mammoth, the sabre-toothed tiger and the glyptodon, an armadillo-like creature the size of a car. "There is a very clear pattern of size-biased extinction that follows the migration of hominims out of Africa," the study's lead author, Felisa Smith, of the University of New Mexico, said of the study published in the journal Science on Thursday. Humans apparently targeted big species for meat, while smaller creatures such as rodents escaped, according the report, which examined trends over 125,000 years. In North America, for instance, the mean body mass of land-based mammals has shrunk to 7.6kg (17lb) from 98kg after humans arrived. If the trend continues "the largest mammal on Earth in a few hundred years may well be a domestic cow at about 900kg", the researchers wrote. That would mean the loss of elephants, giraffes and hippos. In March, the world's last male northern white rhino died in Kenya.
Youtube

YouTube Says Computers Helped It Pull Down Millions of Objectionable Videos Last Quarter (recode.net) 122

YouTube says it has successfully trained computers to flag objectionable videos. In the last quarter of 2017, the company reportedly pulled down more than six million of these videos before any users saw them. The news comes from a brief aside in Google CEO Sundar Pichai's scripted remarks during parent company Alphabet's earnings call today. "He said YouTube had pulled down more than six million videos in the last quarter of 2017 after first being flagged by its 'machine systems,' and that 75 percent of those videos 'were removed before receiving a single view,'" reports Recode.

Slashdot Top Deals