Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity and also includes identity interoperability. TechCrunch reports: This kind of alliance is relatively unusual between what are essentially competing clouds, but while Oracle wants to be seen as a major player in this space, it also realizes that it isn't likely to get to the size of an AWS, Azure or Google Cloud anytime soon. For Oracle, this alliance means that its users can run services like the Oracle E-Business Suite and Oracle JD Edwards on Azure while still using an Oracle database in the Oracle cloud, for example. With that, Microsoft still gets to run the workloads and Oracle gets to do what it does best (though Azure users will also continue be able to run their Oracle databases in the Azure cloud, too).

For now, the direct interconnect between the two clouds is limited to Azure US East and Oracle's Ashburn data center. The two companies plan to expand this alliance to other regions in the future, though they remain mum on the details. It'll support applications like JD Edwards EnterpriseOne, E-Business Suite, PeopleSoft, Oracle Retail and Hyperion on Azure, in combination with Oracle databases like RAC, Exadata and the Oracle Autonomous Database running in the Oracle Cloud.

JustAnotherOldGuy writes: A government watchdog says the FBI has access to about 640 million photographs -- including from driver's licenses, passports and mugshots -- that can be searched using facial recognition technology. The figure reflects how the technology is becoming an increasingly powerful law enforcement tool, but is also stirring fears about the potential for authorities to intrude on the lives of Americans. It was reported by the Government Accountability Office at a congressional hearing in which both Democrats and Republicans raised questions about the use of the technology.

The FBI maintains a database known as the Interstate Photo System of mugshots that can help federal, state and local law enforcement officials. It contains about 36 million photographs, according to Gretta Goodwin of the GAO. But taking into account the bureau contracts providing access to driver's licenses in 21 states, and its use of photos and other databases, the FBI has access to about 640 million photographs, Goodwin told lawmakers at the House oversight committee hearing. Kimberly Del Greco, a deputy assistant director at the FBI, said the bureau has strict policies for using facial recognition. She said it is used only when there is an active FBI investigation or an assessment, which can precede a formal investigation.

An anonymous reader writes: The Russian government has added dating service Tinder on a government database that legally forces the company to hand over user data and private communications to the country's law enforcement and intelligence agencies. The database is called ORI, or the Register of Information Dissemination Organizations. According to Russian laws 97-FZ and 374-FZ, companies added to this database must hand over data to Russian police or Russian intelligence agencies like the FSB, upon request, with or without a court order, in order to help with investigations into terrorist and national security cases.

Prior to today, the ORI database contained 175 companies, from both Russia and foreign countries. Tinder's addition to the ORI database was announced earlier today in a press release published by Roskomnadzor, the Russian government's telecommunications watchdog, and the agency in charge of maintaining ORI. According to Roskomsvoboda, a Russian non-governmental organization for the protection of digital rights of Internet users, Tinder is the fourth dating service added to ORI, after Mamba, Wamba, and Badoo's dating portal.

A new report finds that the CRISPR babies created by Chinese scientist He Jiankui last year may be at risk of an early death. It finds that genetic mutations similar to those He created, to a gene called CCR5, shortens people's lives by an average of 1.9 years. MIT Technology Review reports: "It's clearly a mutation of quite strong effect," says population geneticist Rasmus Nielsen of the University of California, Berkeley, who made the discovery while studying DNA and death records of 400,000 volunteers in a large British gene database, the UK Biobank. "You can't have many mutations that do that, or you wouldn't live that long." The finding offers a warning light to anyone else seeking to enhance human beings. That's because many genes have more than one role, and scientists tinkering with the balance are likely to cause side effects they didn't expect or want.

Synthetic events remain a big security hole for macOS in spite of Apple's recent efforts to prevent malicious applications from abusing this feature. From a report: Speaking at the second edition of the Objective by the Sea security conference that was held in Monaco over the weekend, Patrick Wardle, a well-known Apple security expert, has revealed a zero-day impacting Apple's macOS operating system, including the new version launched today. The zero-day is a bypass of the security protections that Apple has put in place to prevent unauthorized access to synthetic events. Synthetic events are a macOS mechanism that allows applications to automate mouse clicks and keyboard input. It was created for the sake of automation and can be used via either the Core Graphics framework or the AppleScript scripting language. [...]

For almost two years now, Wardle has been looking at Apple's countermeasures aimed to prevent the abuse of synthetic events. He previously showed two methods[1, 2] of bypassing Apple's synthetic events protections, so much so that Apple decided last year to block access to synthetic events by default. But over the weekend, Wardle disclosed a new way of bypassing these latest protections, once again. "It's the gift that keeps giving," Wardle told ZDNet via email. "And actually gets more and more valuable as Apple adds more protections (privacy and security mechanisms) that can be 'allowed' by a single synthetic click." The new technique is possible because of the Transparency Consent and Control (TCC) system. Wardle says the TCC contains a compatibility database in the form of a file named AllowApplications.plist. This file lists apps and app versions that are allowed to access various privacy and security features, including synthetic events.

"You gotta be kidding me," said a Wisconsin man, when police arrested his 82-year-old next-door neighbor "old Ray" -- the guy who would occasionally come over to fix his lawnmower.

An anonymous reader quotes the Associated Press: Ray Vannieuwenhoven was his next-door neighbor -- a helpful, 82-year-old handyman with a gravelly voice and a loud, distinctive laugh, the kind of guy who always waved from his car. The widower and father of five grown children had lived quietly for two decades among the 800 residents of Lakewood, a northern Wisconsin town surrounded by forests and small lakes. Now authorities were saying this man was a cold-blooded killer. They had used genetic genealogy to crack a cold case that stretched back well into the 20th century -- a double murder 25 miles southwest of Lakewood. For nearly 43 years, Vannieuwenoven had lived in plain sight, yet outside detectives' radar....

DNA profiling in the '90s brought new hope, but detectives got no matches... Last year, detectives contacted Virginia-based Parabon NanoLabs, a DNA technology company whose work with genetic genealogy analysis has helped police identify 55 suspects in cold cases nationwide since May 2018, according to the company. Parabon uploads DNA from crime scenes to GEDmatch, a free, public genealogy database with about 1.2 million profiles, all voluntarily submitted by people who've used consumer genealogy sites like Ancestry.com and 23andMe. California law enforcement used GEDmatch to capture the Golden State Killer last year by finding distant relatives and reverse-engineering his family tree.

Parabon's experts completed Vannieuwenhoven's family tree in late December. They'd found his parents, who had lived in the Green Bay area. Now detectives needed DNA samples from Vannieuwenhoven and his three brothers. Two were ruled out with DNA samples collected from one brother's trash and another's used coffee cup. On March 6, two sheriff's deputies knocked on Vannieuwenhoven's door, pretending they wanted him to fill out a brief survey on area-policing. They told him to put the survey in an envelope and seal it with his tongue.

Detectives didn't need to visit the fourth brother. Eight days later, Vannieuwenhoven was in custody.
Vannieuwenhoven has pleaded not guilty.

An anonymous reader quotes a report from BuzzFeed News: A New York school district will move forward with its facial recognition pilot program next week, despite an explicit order from the New York State Education Department that it wait until a standard for data privacy and security for all state educational agencies is finalized. On Friday, the Lockport school district said it was "confident" that the data collection policy for its facial recognition system was sound enough that it could begin testing it on campuses June 3.

"[State Education Department] representatives previously communicated to the District their recommendation that the System not become operational until the dialogue between the District and SED with regard to student data security and privacy is complete," the statement, sent by district director of technology Robert LiPuma to BuzzFeed News, said. "However, the District's Initial Implementation Phase of the System (which will commence June 3, 2019 and continue through August 31, 2019) will not include any student data being entered into the System database or generated by the System." Reached by phone, JP O'Hare, a representative of the New York State Education Department, would not say whether the department knew Lockport planned to go ahead with its facial recognition test in spite of the department's request for a delay. Lockport said that its facial recognition system should not be a privacy concern because it "does not compile information on and track the movements of all District students, staff and visitors." Instead, the system is "limited to identifying whether an individual whose photograph has been entered into the System database is on District property (i.e., is visible on one of the District's security cameras)." But it also said the individuals who may be entered into the database included those who are prohibited from being on District property, "such as suspended students or staff."

An anonymous reader shares a report: Every week millions of these requests are sent to hosting platforms, as well as third-party services, such as search engines. Quite a few of the major players, including Twitter, Google, and Bing, publish these requests online. However, due to the massive volume, it's hard for casual observers to spot any trends in the data. Researchers from Queen Mary University of London and Boston University aim to add some context with an elaborate study covering a broad database of takedown requests. Their results are now bundled in a paper titled: "Who Watches the Watchmen: Exploring Complaints on the Web."

The research covers all takedown requests that were made available through the Lumen Database in 2017. The majority of these were sent to Google, with Bing, Twitter, and Periscope as runners-up. In total, more than one billion reported URLs were analyzed. Most takedown requests or 'web complaints' were copyright-related, 98.6% to be precise. This means that other notices, such as defamation reports, court orders, and Government requests, make up a tiny minority. The researchers report that the complaints were submitted by 38,523 unique senders, covering 1.05 billion URLs. While that's a massive number, most reported links are filed by a very small group of senders.

The US Navy is seeking to create an archive of at least 350 billion social media posts from around the world, in order to study how people talk online. From a report: The military project team has not specified which social media platform it intends to collect the data from. The posts must be publicly available, come from at least 100 different countries and include at least 60 different languages. They should also date between 2014 and 2016. The details were revealed in a tender document from the Naval Postgraduate School for a firm to provide the data. Applications have now closed. Additional requirements included: the posts must come from at least 200 million unique users; no more than 30% can come from a particular country; at least 50% must be in a language other than English; location information must be included in at least 20% of the records; private messaging and user information will not form part of the database.

JustAnotherOldGuy shared this story from Reuters: Early last year, Grindr LLC's Chinese owner gave some Beijing-based engineers access to personal information of millions of Americans such as private messages and HIV status, according to eight former employees, prompting U.S. officials to ask it to sell the dating app for the gay community.
Engadget explains what the concerns were about Grindr's owner, Beijing Kunlun: Reuters sources have claimed that Beijing Kunlun triggered alarms after it gave engineers in Beijing access to Grindr's database for several months. While there wasn't evidence that the company misused the data, the tipsters believe the Committee on Foreign Investment in the United States (CFIUS) was worried that the Chinese government could comb the database to find info on US intelligence and military personnel.
Engadget says the confrontation "reflects the U.S. government's increasingly strict approach to Chinese companies -- it doesn't want even the slightest risk of China's having access to private information."

Millions of golfer records from the Game Golf app, including GPS details from courses played, usernames and passwords, and even Facebook login data, were all exposed for anyone with an internet browser to see -- a veritable hole-in-one for a cyberattacker looking to build profiles for potential victims, to be used in follow-on social-engineering attacks. Threatpost reports: Security Discovery researcher Bob Diachenko recently ran across an Elastic database that was not password-protected and thus visible in any browser. Further inspection showed that it belongs to Game Golf, which is a family of apps developed by San Francisco-based Game Your Game Inc. Game Golf comes as a free app, as a paid pro version with coaching tools and also bundled with a wearable. It's a straightforward analyzer for those that like to hit the links -- tracking courses played, GPS data for specific shots, various player stats and so on -- plus there's a messaging and community function, and an optional "caddy" feature. It's popular, too: It has 50,000+ installs on Google Play.

Unfortunately, Game Golf landed its users in a sand trap of privacy concerns by not securing the database: Security Discovery senior security researcher Jeremiah Fowler said that the bucket included all of the aforementioned analyzer information, plus profile data like usernames and hashed passwords, emails, gender, and Facebook IDs and authorization tokens. In all, the exposure consisted of millions of records, including details on "134 million rounds of golf, 4.9 million user notifications and 19.2 million records in a folder called 'activity feed,'" Fowler said. The database also contained network information for the company: IP addresses, ports, pathways and storage info that "cybercriminals could exploit to access deeper into the network," according to Fowler, writing in a post on Tuesday. No word on whether malicious players took a swing at the data, as it were, but the sheer breadth of the information that the app gathers is concerning, Fowler noted.

For the first time, scientists have mapped the millions of species of fungi and bacteria that swap nutrients between soil and the roots of trees, using a database of more than 28,000 tree species living in more than 70 countries. This interconnected web of organisms throughout the woods is being dubbed the "wood wide web." Science Magazine reports: Before scientists could map the forest's underground ecosystem, they needed to know something more basic: where trees live. Ecologist Thomas Crowther, now at ETH Zurich in Switzerland, gathered vast amounts of data on this starting in 2012, from government agencies and individual scientists who had identified trees and measured their sizes around the world. In 2015, he mapped trees' global distribution and reported that Earth has about 3 trillion trees. Inspired by that paper, Kabir Peay, a biologist at Stanford University in Palo Alto, California, emailed Crowther and suggested doing the same for the web of underground organisms that connects forest trees. Each tree in Crowther's database is closely associated with certain types of microbes. For example, oak and pine tree roots are surrounded by ectomycorrhizal (EM) fungi that can build vast underground networks in their search for nutrients. Maple and cedar trees, by contrast, prefer arbuscular mycorrhizae (AM), which burrow directly into trees' root cells but form smaller soil webs. Still other trees, mainly in the legume family (related to crop plants such as soybeans and peanuts), associate with bacteria that turn nitrogen from the atmosphere into usable plant food, a process known as "fixing" nitrogen.

The researchers wrote a computer algorithm to search for correlations between the EM-, AM-, and nitrogen-fixer-associated trees in Crowther's database and local environmental factors such as temperature, precipitation, soil chemistry, and topography. They then used the correlations found by the algorithm to fill in the global map and predict what kinds of fungi would live in places where they didn't have data, which included much of Africa and Asia. Local climate sets the stage for the wood wide web, the team reports today in Nature. In cool temperate and boreal forests, where wood and organic matter decay slowly, network-building EM fungi rule. About four in five trees in these regions associate with these fungi, the authors found, suggesting the webs found in local studies indeed permeate the soils of North America, Europe, and Asia. By contrast, in the warmer tropics where wood and organic matter decay quickly, AM fungi dominate. These fungi form smaller webs and do less intertree swapping, meaning the tropical wood wide web is likely more localized. About 90% of all tree species associate with AM fungi; the vast majority are clustered in the hyperdiverse tropics. Nitrogen fixers were most abundant in hot, dry places such as the desert of the U.S. Southwest. According to the data he gathered, Crowther suggests that about 10% of EM-associated trees could be replaced by AM-associated trees as the planet warms.

"Microbes in forests dominated by AM fungi churn through carbon-containing organic matter faster, so they could liberate lots of heat-trapping carbon dioxide quickly, potentially accelerating a climate change process that is already happening at a frightening pace," the report says.

A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. From a report: The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records -- but was growing by the hour. From a brief review of the data, each record contained public data scraped from influencer Instagram accounts, including their bio, profile picture, the number of followers they have, if they're verified and their location by city and country, but also contained their private contact information, such as the Instagram account owner's email address and phone number.

Security researcher Anurag Sen discovered the database and alerted TechCrunch in an effort to find the owner and get the database secured. We traced the database back to Mumbai-based social media marketing firm Chtrbox, which pays influencers to post sponsored content on their accounts. Each record in the database contained a record that calculated the worth of each account, based off the number of followers, engagement, reach, likes and shares they had. This was used as a metric to determine how much the company could pay an Instagram celebrity or influencer to post an ad.

"Ogusers.com -- a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims' phone numbers -- has itself been hacked," reports security researcher Brian Krebs, "exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users." On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months' worth of private messages, forum posts and prestige points, and that he'd restored a backup from January 2019. Little did the administrators of OGusers know at the time, but that May 12 incident coincided with the theft of the forum's user database, and the wiping of forum hard drives. On May 16, the administrator of rival hacking community RaidForums announced he'd uploaded the OGusers database for anyone to download for free...

"The website owner has acknowledged data corruption but not a breach so I guess I'm the first to tell you the truth. According to his statement he didn't have any recent backups so I guess I will provide one on this thread lmfao."
Some users of the hijacking forum complained that their email addresses had started getting phishing emails -- and that the forum's owner had since altered the forum's functionality so user's couldn't delete their accounts.

"It's difficult not to admit feeling a bit of schadenfreude in response to this event..." writes Krebs, adding "federal and state law enforcement investigators going after SIM swappers are likely to have a field day with this database, and my guess is this leak will fuel even more arrests and charges for those involved."

Friday Salesforce "was forced to shut down large chunks of its infrastructure," ZDNet reports, calling it one of the company's biggest outages ever: At the heart of the outage was a change the company made to its production environment that broke access permission settings across organizations and gave employees access to all of their company's files. According to reports on Reddit, users didn't just get read access, but they also received write permissions, making it easy for malicious employees to steal or tamper with a company's data...

Salesforce said the script only impacted customers of Salesforce Pardot -- a business-to-business (B2B) marketing-focused CRM. However, out of an abundance of caution, the company decided to take down all other Salesforce services, for both current and former Pardot customers. "As a result, customers who were not affected may have also experienced service disruption, including customers using Marketing Cloud integrations," Salesforce said.
A status update at Salesforce.com reports that the final duration of the service disruption was 15 hours and 8 minutes.

"The New York Police Department used a photo of Woody Harrelson in its facial recognition program in an attempt to identify a beer thief who looked like the actor," reports the Associated Press: Georgetown University's Center on Privacy and Technology highlighted the April 2017 episode in "Garbage In, Garbage Out," a report on what it says are flawed practices in law enforcement's use of facial recognition. The report says security footage of the thief was too pixelated and produced no matches while high-quality images of Harrelson, a three-time Oscar nominee, returned several possible matches and led to one arrest.

The NYPD also used a photo of a New York Knicks player to search its database for a man wanted for a Brooklyn assault, the report said.

"The stakes are too high in criminal investigations to rely on unreliable â" or wrong â" inputs," Georgetown researcher Clare Garvie wrote.... The Georgetown report says facial recognition has helped the NYPD crack about 2,900 cases in more than five years of using the technology.
And in Florida, Vice reports, law enforcement agencies "run roughly 8,000 of these searches per month."

For more than three decades, Stephen Wolfram, a 59-year-old scientist, software designer and entrepreneur, has built software that has attracted an avid following among mathematicians and scientists. His Mathematica program for symbolic mathematical computation and its programming language, Wolfram Language, are favorites of the intelligentsia of the quant world in universities and corporations. Wolfram Alpha, one of his creations, is a unique search engine that does not forage the web, but culls its own painstakingly curated database to find answers. This week, the search engine turned 10. On the big occasion, Mr. Wolfram has shared some insight: It was a unique and surprising achievement when it first arrived, and over its first decade it's become ever stronger and more unique. It's found its way into more and more of the fabric of the computational world, both realizing some of the long-term aspirations of artificial intelligence, and defining new directions for what one can expect to be possible. Oh, and by now, a significant fraction of a billion people have used it. And we've been able to keep it private and independent, and its main website has stayed free and without external advertising.

As the years have gone by, Wolfram Alpha has found its way into intelligent assistants like Siri, and now also Alexa. It's become part of chatbots, tutoring systems, smart TVs, NASA websites, smart OCR apps, talking (toy) dinosaurs, smart contract oracles, and more. It's been used by an immense range of people, for all sorts of purposes. Inventors have used it to figure out what might be possible. Leaders and policymakers have used it to make decisions. Professionals have used it to do their jobs every day. People around the world have used it to satisfy their curiosity about all sorts of peculiar things. And countless students have used it to solve problems, and learn. The footage of the launch of Alpha, from 10 years ago.

"An unprotected and public-facing MongoDB database containing over 275 million records of personal information on Indian citizens has been discovered on search engine Shodan," writes Slashdot reader helpfulhecker.

BleepingComputer reports that the detailed personally identifiable information was exposed online for over two weeks: Security Discovery researcher Bob Diachenko discovered the publicly accessible MongoDB database hosted on Amazon AWS using Shodan, and as historical data provided by the platform showed, the huge cache of PII data was first indexed on April 23, 2019. As he found out after further investigation, the exposed data included information such as name, gender, date of birth, email, mobile phone number, education details, professional info (employer, employment history, skills, functional area), and current salary for each of the database records.

While the unprotected MongoDB database leaked the sensitive information of hundreds of millions of Indians, Diachenko did not find any information that would link it to a specific owner. Additionally, the names of the data collections stored within the database suggested that the entire cache of resumes was collected "as part of a massive scraping operation" for unknown purposes.
Two months ago Diachenko also helped uncover over 800 million exposed email addresses in another unprotected MongoDB database. And in January an investigation with TechCrunch also discovered millions of highly sensitive financial documents from tens of thousands of individuals who took out loans or mortgages.

The same month Diachenko also discovered an exposed 854 gigabyte MongoDB database filled with resumes from over 200 million job-seekers in China.

An anonymous reader shares a report: Smart cities are designed to make life easier for their residents: better traffic management by clearing routes, making sure the public transport is running on time and having cameras keeping a watchful eye from above. But what happens when that data leaks? One such database was open for weeks for anyone to look inside. Security researcher John Wethington found a smart city database accessible from a web browser without a password. He passed details of the database to TechCrunch in an effort to get the data secured.

The database was an Elasticsearch database, storing gigabytes of data -- including facial recognition scans on hundreds of people over several months. The data was hosted by Chinese tech giant Alibaba. The customer, which Alibaba did not name, tapped into the tech giant's artificial intelligence-powered cloud platform, known as City Brain. "This is a database project created by a customer and hosted on the Alibaba Cloud platform," said an Alibaba spokesperson. "Customers are always advised to protect their data by setting a secure password." "We have already informed the customer about this incident so they can immediately address the issue. As a public cloud provider, we do not have the right to access the content in the customer database," the spokesperson added. The database was pulled offline shortly after TechCrunch reached out to Alibaba. But while Alibaba may not have visibility into the system, we did.

The intelligence community's annual transparency report revealed a spike in the number of warrantless searches of Americans' data in 2018. From a report: The data, published Tuesday by the Office of the Director of National Intelligence (ODNI), revealed a 28 percent rise in the number of targeted search terms used to query massive databases of collected Americans' communications. Some 9,637 warrantless search queries of the contents of Americans' calls, text messages, emails and other communications were conducted by the NSA during 2018, up from 7,512 searches on the year prior, the report said. The figures also don't take into account queries made by the FBI or the Drug Enforcement Administration, which also has access to the database, nor do they say exactly how many Americans had their information collected.