Communications

Discord Bans Servers That Promote Nazi Ideology (theverge.com) 453

A popular video game chat service with over 25 million users announced today that it had shut down "a number of accounts" following violence instigated by white supremacists over the weekend. Discord, the service "which lets users chat with voice and text, was being used by proponents of Nazi ideology both before and after the attacks in Charlottesville, Virginia," reports The Verge. "We will continue to take action against Nazi ideology, and all forms of hate," the company said in a tweet. From the report: Discord declined to state how many servers had been affected, but said it included a mix of old accounts and accounts that were created over the weekend. Among the affected servers was one used by AltRight.com, a white nationalist news site. The site's homepage includes a prominent link to a Discord chat which is now broken. The company said it does not read private messages exchanged on its servers. Members of those groups reported messages in the chats for violating Discord's terms of service, the company said, and it took action. "When hatred like this violates our community standards we act swiftly to take servers down and ban individual users," the company said in a statement. "The public server linked to AltRight.com that violated those terms was shut down along with several other public groups and accounts fostering bad actors on Discord. We will continue to be aggressive to ensure that Discord exists for the community we set out to support -- gamers."
Security

Spyware Apps Found on Google Play Store (bleepingcomputer.com) 37

Researchers at the security firm Lookout have identified a family of malicious Android apps, referred to as SonicSpy. From a report: Experts say the malware author modified a version of the official Telegram app, injected the spyware code, rebranded it, and uploaded the modified app on the Play Store. In total, the crook uploaded the app three times on the Play Store under the names Soniac, Hulk Messenger, and Troy Chat. Only Soniac was active on Google's app store when researchers first spotted the spyware, as the other two apps were already taken down, most likely by the developer himself. At the time of writing, Lookout says they identified over 1,000 variations of this new spyware called SonicSpy, which they believe to be a new version of an older Android spyware named SpyNote.
The Courts

Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware (vice.com) 71

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.
AI

Why AI Won't Take Over The Earth (ssrn.com) 296

Law professor Ryan Calo -- sometimes called a robot-law scholar -- hosted the first White House workshop on AI policy, and has organized AI workshops for the National Science Foundation (as well as the Department of Homeland Security and the National Academy of Sciences). Now an anonymous reader shares a new 30-page essay where Calo "explains what policymakers should be worried about with respect to artificial intelligence. Includes a takedown of doomsayers like Musk and Gates." Professor Calo summarizes his sense of the current consensus on many issues, including the dangers of an existential threat from superintelligent AI:

Claims of a pending AI apocalypse come almost exclusively from the ranks of individuals such as Musk, Hawking, and Bostrom who possess no formal training in the field... A number of prominent voices in artificial intelligence have convincingly challenged Superintelligence's thesis along several lines. First, they argue that there is simply no path toward machine intelligence that rivals our own across all contexts or domains... even if we were able eventually to create a superintelligence, there is no reason to believe it would be bent on world domination, unless this were for some reason programmed into the system. As Yann LeCun, deep learning pioneer and head of AI at Facebook colorfully puts it, computers don't have testosterone.... At best, investment in the study of AI's existential threat diverts millions of dollars (and billions of neurons) away from research on serious questions... "The problem is not that artificial intelligence will get too smart and take over the world," computer scientist Pedro Domingos writes, "the problem is that it's too stupid and already has."
A footnote also finds a paradox in the arguments of Nick Bostrom, who has warned of that dangers superintelligent AI -- but also of the possibility that we're living in a computer simulation. "If AI kills everyone in the future, then we cannot be living in a computer simulation created by our decedents. And if we are living in a computer simulation created by our decedents, then AI didn't kill everyone. I think it a fair deduction that Professor Bostrom is wrong about something."
Google

269 People Joined An Age Discrimination Class Action Suit Against Google (bizjournals.com) 178

Slashdot reader #9,119 BrookHarty writes: "269 people have joined a class-action lawsuit against Google claiming they were discriminated against in the workplace based on their age..." reports BizJournals. "The lawsuit originated in 2015 with plaintiff Robert Heath and was certified as a class-action in 2016." Google has stated it has implemented policies to stop age discrimination but still has an average employee age of 29.

In 2004 Larry Page fired Brian Reid nine days before IPO costing Reid 45 million in unvested stock options. Reid was fired for lack of "cultural fit". Reid has settled for an undisclosed amount.

Democrats

Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com) 191

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.
Transportation

Uber and Lyft May Cause Lower Car Ownership In Big Cities, Says Report (slashgear.com) 118

A new study from the University of Michigan Transportation Research Institute has shed light on what may turn out to be a growing trend: lower car ownership in cities where ride-sharing services are available. SlashGear reports: While Uber and Lyft have both deployed in a number of cities, they have, at times, had to abandon those cities due to local governments driving them out for one reason or another. That's what happened in Austin, Texas, opening the door for an interesting study on personal car ownership. Did the sudden absence of these two services cause increased car usage and/or ownership, or did things remain unaffected? The result, according to the study, was a big increase in personal car usage and a statistically significant increase in car ownership. The researchers surveyed a total of 1,200 people from the Austin region, and found that 41-percent of them started using their own car more often to make up for the lack of Uber and Lyft rides. As well, a total of 9-percent of those surveyed bought their own personal car to make up for the services' absences.
Government

FBI Says Islamic State Used eBay, PayPal To Channel Money To the US (theverge.com) 57

An anonymous reader quotes a report from The Verge: Islamic State allegedly used PayPal and fake eBay transactions to channel money to an operative in the U.S., The Wall Street Journal reports. The man who allegedly received the money was American citizen Mohamed Elshinawy, who was arrested last year in Maryland. The FBI claims that Elshinawy, in his early 30s, sold computer printers on eBay as a front in order to receive the payments through PayPal. The details have come to light because of a recently unsealed FBI affidavit, which alleges Elshinawy was part of a worldwide network that used such channels to fund ISIS. Elshinawy received $8,700 from ISIS, including five PayPal payments from senior ISIS official Siful Sujan through his technology company. Those funds were used to buy a laptop, a cellphone, and a VPN to communicate with IS, according to the affidavit. Sujan was killed in a drone strike in 2015. eBay told The Wall Street Journal it "has zero tolerance for criminal activities taking place on our marketplace." Meanwhile, a spokeswoman for PayPal said it "invests significant time and resources in working to prevent terrorist activity on our platform. We proactively report suspicious activities and respond quickly to lawful requests to support law enforcement agencies in their investigations."
The Courts

Silicon Valley Billionaire Fails To Prevent Access To Public Beach (theguardian.com) 283

Robotron23 writes: Vinod Khosla, a Silicon Valley venture capitalist, has lost his appeal to privatize Martins Beach -- a publicly-owned strip of coastline in California. Having previously fenced off the land in a bid to render the area private, Khosla has been ordered to restore access by a California court. Khosla had previously demanded the government pay him $30 million to reopen the gate to the beachfront. The law of California states that all beaches should be open to the public up to the "mean high tide line." "The decision this week, affirming a lower court ruling, stems from a lawsuit filed by the Surfrider Foundation, a not-for-profit group that says the case could have broader implications for beach access across the U.S.," reports The Guardian.
Government

FCC Extends Net Neutrality Comment Period By Two Weeks (theverge.com) 22

An anonymous reader quotes a report from The Verge: You'll have two extra weeks to file your thoughts with the FCC on its plan to get rid of net neutrality. The proposal's comment period was originally scheduled to end next week, on August 16th, but the commission just pushed the date out to August 30th. The extension was granted in response to 10 groups asking for more time to respond. They had been looking for an additional eight weeks, but the commission said an additional two weeks would be more in line with the type of extensions granted in the past. The commission didn't signal that disruptions to its filing system, caused by an apparent DDOS attack, factored into the decision at all. Granting a two week extension gives people more time to file "reply comments," which are meant to respond to what people filed during the first phase of the comment period, which closed in July. That comment period had been much longer than usual, because the commission released the proposal a month before it was voted on.
Businesses

Uber Shareholder Group Wants Benchmark Off Board (axios.com) 31

Dan Primack, reporting for Axios: A group of Uber investors has asked that venture capital firm Benchmark step down from the company's board of directors, Axios has learned. It also wants Benchmark to divest enough shares so as to no longer have board appointment rights. The move comes one day after Benchmark sued former Uber CEO Travis Kalanick for fraud, in an attempt to have him removed from the board. From the letter: Mr. Kalanick's resignation, along with other concessions, on a few hours' notice and within weeks of a personal tragedy, under threat of public scandal. Even less so your escalation of this fratricidal course -- notwithstanding Mr. Kalanick's resignation -- through your recent lawsuit, which we fear will cost the company public goodwill, interfere with fundraising and impede the critical search for a new, world-class Chief Executive Officer. Benchmark has used false allegations from lawsuits like Waymo as a matter of fact and this and many actions has crossed the fiduciary line. Benchmark's investment of $27M is worth $8.4 billion today and you are suing the founder, the company and the employees who worked so hard to create such unprecedented value. We ask you to please consider the lives of these employees and allow them to continue to grow this company in peace and make it thrive. These actions do the opposite.
The Courts

Developers File Antitrust Complaint Against Apple in China (reuters.com) 27

A Chinese law firm has filed a complaint against Apple on behalf of 28 local developers alleging the firm breached antitrust regulations. From a report: The complaint, lodged by Beijing-based Dare & Sure Law Firm, accuses Apple of charging excessive fees and removing apps from its local store without proper explanation, Lin Wei, an attorney at the firm told Reuters on Thursday. "During its localization process Apple has run into several antitrust issues ... after an initial investigation we consulted a number of enterprises and got a very strong response," said Lin. The law firm invited developers to join the complaint in April and on Tuesday filed it to China's State Administration for Industry and Commerce and the National Development and Reform Commission, which oversees antitrust matters in the country.
United States

Hearing Loss of US Diplomats In Cuba Is Blamed On Covert Device (bostonglobe.com) 224

bsharma shares a report from The Boston Globe: The two-year-old U.S. diplomatic relationship with Cuba was roiled Wednesday by what U.S. officials say was a string of bizarre incidents that left a group of American diplomats in Havana with severe hearing loss attributed to a covert sonic device. In the fall of 2016, a series of U.S. diplomats began suffering unexplained losses of hearing, according to officials with knowledge of the investigation into the case. Several of the diplomats were recent arrivals at the embassy, which reopened in 2015 as part of former President Barack Obama's reestablishment of diplomatic relations with Cuba. Some of the diplomats' symptoms were so severe that they were forced to cancel their tours early and return to the United States, officials said. After months of investigation, U.S. officials concluded that the diplomats had been exposed to an advanced device that operated outside the range of audible sound and had been deployed either inside or outside their residences. It was not immediately clear if the device was a weapon used in a deliberate attack, or had some other purpose.
Businesses

Why Amazon's UK Tax Bill Has Dropped 50% (bbc.com) 139

An anonymous reader quotes a report from BBC: Amazon has seen a 50% fall in the amount of UK corporation tax it paid last year, while recording a 54% increase in turnover for the same period. This snippet of news raised eyebrows this morning when it was revealed. So what's going on? Taxes are paid on profit not turnover. It paid lower taxes because it made lower profits. Last year it made 48 million British Pounds (BP) or ~$62 million U.S. dollars (USD) in profit -- this year it made only 24 million BP or ~$31 million USD so it paid 7 million BP (~$9 million USD) tax compared to 15 million BP (~$19 million USD). What is more interesting is WHY its profits were lower. Part of the reason is the way it pays its staff. Amazon UK Services is the division which runs the fulfillment centers which process, package and post deliveries to UK customers. It employs about 16,000 of the 24,000 people Amazon have in the UK. Each full-time employee gets given at least 1,000 BP (~$1,297 USD) worth of shares every year. They can't cash them in immediately -- they have to hold them for a period of between one and three years.

If Amazon's share price goes up in that time, those shares are worth more. Amazon's share price has indeed gone up over the past couple of years -- a lot. In fact, in the past two years the share price has nearly doubled, so 1,000 BP (~$1,297 USD) in shares granted in August 2015 are now worth nearly 2,000 BP (~$2,595 USD). Staff compensation goes up, compensation is an expense, expenses can be deducted from revenue -- so profits are lower and so are the taxes on those profits.

United States

Wisconsin Won't Break Even On Foxconn Plant Deal For Over Two Decades (theverge.com) 309

Last month, Foxconn announced plans to build a $10 billion factory in southeastern Wisconsin in exchange for $3 billion in tax breaks. While the factory was heralded as a big win for President Trump and Governor Scott Walker, a report issued last week says the plan is looking less and less like a good deal for the state. In the report, Wisconsin's Legislative Fiscal Bureau said that the state wouldn't break even on its investment until 2043 -- and that's in an absolute best-case scenario. The Verge reports: How many workers Foxconn actually hires, and where Foxconn hires them from, would have a significant impact on when the state's investment pays off, the report says. The current analysis assumes that "all of the construction-period and ongoing jobs associated with the project would be filled by Wisconsin residents." But the report says it's likely that some positions would go to Illinois residents, because the factory would be located so close to the border. That would lower tax revenue and delay when the state breaks even. And that's still assuming that Foxconn actually creates the 13,000 jobs it claimed it might create, at the average wage -- just shy of $54,000 -- it promised to create them at. In fact, the plant is only expected to start with 3,000 jobs; the 13,000 figure is the maximum potential positions it could eventually offer. If the factory offers closer to 3,000 positions, the report notes, "the breakeven point would be well past 2044-45."
China

China Working On 'Repression Network' Which Lets Cameras Identify Cars With Unprecedented Accuracy (thesun.co.uk) 80

schwit1 shares a report from The Sun: Researchers at a Chinese university have revealed the results of an investigation aimed at creating a "repression network" which can identify cars from "customized paintings, decorations or even scratches" rather than by scanning its number plate. A team from Peking University said the technology they have developed to perform this task could also be used to recognize the faces of human beings. Essentially, it works by learning from what it sees, allowing it to differentiate between cars (or humans) by spotting small differences between them. "The growing explosion in the use of surveillance cameras in public security highlights the importance of vehicle search from large-scale image databases," the researcher wrote. "Precise vehicle search, aiming at finding out all instances for a given query vehicle image, is a challenging task as different vehicles will look very similar to each other if they share same visual attributes." They added: "We can extend our framework [software] into wider applications like face and person retrieval [identification] as well."
Security

Password Power Rankings: a Look At the Practices of 40+ Popular Websites (helpnetsecurity.com) 127

Orome1 shares a report from Help Net Security: Nothing should be more important for these sites and apps than the security of the users who keep them in business. Unfortunately, Dashlane found that that 46% of consumer sites, including Dropbox, Netflix, and Pandora, and 36% of enterprise sites, including DocuSign and Amazon Web Services, failed to implement the most basic password security requirements. The most popular sites provide the least guidance when it comes to secure password policies. Of the 17 consumer sites that failed Dashlane's tests, eight are entertainment/social media sites, and five are e-commerce. Most troubling? Researchers created passwords using nothing but the lowercase letter "a" on Amazon, Google, Instagram, LinkedIn, Venmo, and Dropbox, among others. GoDaddy emerged as the only consumer website with a perfect score, while enterprise sites Stripe and QuickBooks also garnered a perfect score of 5/5. Here's a screenshot of how each consumer/enterprise website performed.
Security

Scientists Create DNA-Based Exploit of a Computer System (technologyreview.com) 43

Archeron writes: It seems that scientists at University of Washington in Seattle have managed to encode malware into genomic data, allowing them to gain full access to a computer being used to analyze the data. While this may be a highly contrived attack scenario, it does ask the question whether we pay sufficient attention to data-driven exploits, especially where the data is instrument-derived. What other systems could be vulnerable to a tampered raw data source? Perhaps audio and RF analysis systems? MIT Technology Review reports: "To carry out the hack, researchers led by Tadayoshi Kohno and Luis Ceze encoded malicious software in a short stretch of DNA they purchased online. They then used it to gain 'full control' over a computer that tried to process the genetic data after it was read by a DNA sequencing machine. The researchers warn that hackers could one day use faked blood or spit samples to gain access to university computers, steal information from police forensics labs, or infect genome files shared by scientists. To make the malware, the team translated a simple computer command into a short stretch of 176 DNA letters, denoted as A, G, C, and T. After ordering copies of the DNA from a vendor for $89, they fed the strands to a sequencing machine, which read off the gene letters, storing them as binary digits, 0s and 1s. Yaniv Erlich, a geneticist and programmer who is chief scientific officer of MyHertige.com, a genealogy website, says the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command. In this case, the command contacted a server controlled by Kohno's team, from which they took control of a computer in their lab they were using to analyze the DNA file." You can read their paper here.
China

China's VPN Developers Face Crackdown (bbc.com) 55

China recently launched a crackdown on the use of software which allows users to get around its heavy internet censorship. Now as the BBC reports, developers are facing growing pressure. From the report: The three plain-clothes policemen tracked him down using a web address. They came to his house and demanded to see his computer. They told him to take down the app he was selling on Apple's App Store, and filmed it as it was happening. His crime was to develop and sell a piece of software that allows people to get round the tough restrictions that limit access to the internet in China. A virtual private network (VPN) uses servers abroad to provide a secure link to the internet. It's essential in China if you want to access parts of the outside world like Facebook, Gmail or YouTube, all of which are blocked on the mainland. "They insisted they needed to see my computer," the software developer, who didn't want us to use his name, told us during a phone interview. "I said this is my private stuff. How can you search as you please?" No warrant was produced and when he asked them what law he had violated they didn't say. Initially he refused to co-operate but, fearing detention, he relented. Then they told him what they wanted: "If you take the app off the shelf from Apple's App Store then this will be all over." 'Sorry, I can't help you with that'. Up until a few months ago his was a legal business. Then the government changed the regulations. VPN sellers need a licence now.
Crime

UK Wants To Criminalize Re-Identification of Anonymized User Data (bleepingcomputer.com) 120

An anonymous reader writes: European countries are currently implementing new data protection laws. Recently, despite leaving the European Union, the United Kingdom has expressed intent to implement the law called General Data Protection Regulation. As an extension, the UK wants to to ban re-identification (with a penalty of unlimited fines), the method of reversing anonymization, or pointing out the weakness of the used anonymisation process. One famous example was research re-identifying Netflix users from published datasets. By banning re-identification, UK follows the lead of Australia which is considering enacting similarly controversial law that can lead to making privacy research difficult or impossible. Privacy researchers express concerns about the effectiveness of the law that could even complicate security, a view shared by privacy advocates.

Slashdot Top Deals