Social Networks

New Book Argues Silicon Valley Will Lead Us to Our Doom (sandiegouniontribune.com) 201

Long-time Slashdot reader Zorro quotes the San Diego Union-Tribune: To many Americans, large technology firms embody much of what's good about the modern world. Franklin Foer has a different perspective. In his new book, "World Without Mind," the veteran journalist lays out a more ominous view of where Big Tech would like to take us -- in many ways, already has taken us... These firms have a program: to make the world less private, less individual, less creative, less human... Big Tech has imposed its will on the resident population with neither our input nor our permission.
The reviewer summarizes the book's argument as "Once hooked, consumers are robbed of choice, milked for profit, deprived of privacy and made the subjects of stealth social engineering experiments."

Interestingly, Foer was fired from The New Republic in 2014 by its new publisher -- Facebook co-founder Chris Hughes -- and Foer's new book includes strong criticism of the way companies are assembling detailed profiles on their users. "They have built their empires by pulverizing privacy; they will further ensconce themselves by pushing boundaries, by taking even more invasive steps that build toward an even more complete portrait of us."
Government

NSA Launches 'Codebreaker Challenge' For Students: Stopping an Infrastructure Attack (ltsnet.net) 53

Slashdot reader eatvegetables writes: The U.S. National Security Agency launched Codebreaker Challenge 2017 Friday night (Sept 15) at 9 p.m. EST. It started off as a reverse-engineering challenge a few years ago but has grown in scope to include network analysis, reverse-engineering, and vulnerability discovery/exploitation.

This year's challenge story centers around hackers attacking critical "supervisory control and data acquisition" (SCADA) infrastructure. Your mission, should you choose to accept it, is to figure out how the SCADA network is being attacked, find the attack vector(s), and stop the bad guy(s)/gal(s)/other(s).

Codebreaker-Challenge is unusual for capture-the-flag(ish) contests due to the scope/number of challenges and how long the contest runs (now until end of year). Also (this year, at least), the challenge is built around a less than well-known networking protocol, MQTT. It's open to anyone with a school.edu email address. A site leader-board shows which school/University has the most l33t students. Carnegie Mellon and Georgia Institute of Tech are at the top of the leader-board as of Saturday morning.

Last year, 3,300 students (from 481 schools) participated, with 15 completing all six tasks. One Carnegie Mellon student finished in less than 18 hours.

A resources page offers "information on reverse engineering," and the NSA says the first 50 students who complete all the tasks ths year will receive a "small token" of appreciation from the agency.
Facebook

WordPress Ditches ReactJS Over Facebook's Patent Clause (techcrunch.com) 72

An anonymous reader quote TechCrunch: Matt Mullenweg, the co-founder of the popular open source web publishing software WordPress, has said the community will be pulling away from using Facebook's React JavaScript library over concerns about a patent clause in Facebook's open source license. In a blog post explaining the decision yesterday, Mullenweg said he had hoped to officially adopt React for WordPress -- noting that Automattic, the company behind WordPress.com which he also founded, had already used React for the Calypso ground-up rewrite of WordPress.com a few years ago, while the WordPress community had started using it for its major Gutenberg core project.

But he said he has changed his mind after seeing Facebook dig in behind the patent clause -- which was recently added to the Apache Software Foundation's list of disallowed licenses... [H]e writes that he cannot, in good conscience, require users of the very widely used open source WordPress software to inherit the patent clause and associated legal risk. So he's made the decision to ditch React.

Facebook can revoke their license if a React user challenges Facebook's patents.
Social Networks

Facebook Shares Details Of Russia-Bought Ads With US Investigators (cnn.com) 232

An anonymous reader quotes CNN: Special counsel Robert Mueller and his team are now in possession of Russian-linked ads run on Facebook during the presidential election, after they obtained a search warrant for the information. Facebook gave Mueller and his team copies of ads and related information it discovered on its site linked to a Russian troll farm, as well as detailed information about the accounts that bought the ads and the way the ads were targeted at American Facebook users, a source with knowledge of the matter told CNN. The disclosure, first reported by the Wall Street Journal, may give Mueller's office a fuller picture of who was behind the ad buys and how the ads may have influenced voter sentiment during the 2016 election...

As CNN reported Thursday, Facebook is still not sure whether pro-Kremlin groups may have made other ad buys intended to influence American politics that it simply hasn't discovered yet. It is even possible that unidentified ad buys may still exist on the social media network today.

Piracy

Can The Pirate Bay Replace Ads With A Bitcoin Miner? (betanews.com) 122

Mark Wilson writes: When it comes to the Pirate Bay, it's usually movie studios, music producers and software creators that get annoyed with the site — you know, copyright and all that. But in an interesting twist it is now users who find themselves irked by and disappointed in the most famous torrent site in the world.

So what's happened? Out of the blue, the Pirate Bay has added a Javascript-powered Bitcoin miner to the site. Nestling in the code of the site is an embedded cryptocurrency miner from Coinhive. Users who have noticed an increase in resource usage on their computers as a result of this are not happy.

TorrentFreak reports the miner is being tested for about 24 hours -- as a possible way to earn enough revenue to remove advertising from the site.
Bug

Equifax CSO 'Retires'. Known Bug Was Left Unpatched For Nearly Five Months (marketwatch.com) 196

phalse phace quotes MarketWatch: Following on the heels of a story that revealed that Equifax hired a music major with no education related to technology or security as its Chief Security Officer, Equifax announced on Friday afternoon that Chief Security Officer Susan Mauldin has quit the company along with Chief Information Officer David Webb.

Chief Information Officer David Webb and Chief Security Officer Susan Mauldin retired immediately, Equifax said in a news release that did not mention either of those executives by name. Mark Rohrwasser, who had been leading Equifax's international information-technology operations since 2016, will replace Webb and Russ Ayres, a member of Equifax's IT operation, will replace Mauldin.

The company revealed Thursday that the attackers exploited Apache Struts bug CVE-2017-5638 -- "identified and disclosed by U.S. CERT in early March 2017" -- and that they believed the unauthorized access happened from May 13 through July 30, 2017.

Thus, MarketWatch reports, Equifax "admitted that the security hole that attackers used was known in March, about two months before the company believes the breach began." And even then, Equifax didn't notice (and remove the affected web applications) until July 30.
The Military

Mystery of Sonic Weapon Attacks At US Embassy In Cuba Deepens (theguardian.com) 214

An anonymous reader quotes a report from The Guardian: The blaring, grinding noise jolted the American diplomat from his bed in a Havana hotel. He moved just a few feet, and there was silence. He climbed back into bed. Inexplicably, the agonizing sound hit him again. It was as if he'd walked through some invisible wall cutting straight through his room. Soon came the hearing loss, and the speech problems, symptoms both similar and altogether different from others among at least 21 U.S. victims in an astonishing international mystery still unfolding in Cuba. The top U.S. diplomat has called them "health attacks." New details learned by the Associated Press indicate at least some of the incidents were confined to specific rooms or even parts of rooms with laser-like specificity, baffling U.S. officials who say the facts and the physics don't add up.

Suspicion initially focused on a sonic weapon, and on the Cubans. Yet the diagnosis of mild brain injury, considered unlikely to result from sound, has confounded the FBI, the state department and U.S. intelligence agencies involved in the investigation. Some victims now have problems concentrating or recalling specific words, several officials said, the latest signs of more serious damage than the U.S. government initially realized. The United States first acknowledged the attacks in August -- nine months after symptoms were first reported.

Privacy

Credit Karma To Launch Free ID Monitoring Following Equifax Hack (reuters.com) 24

Credit Karma is launching a new free service that will alert customers if their identity data has been compromised in hacks, the San Francisco-based fintech company said on Friday in the wake of massive breach at credit monitoring agency Equifax. From a report: The new ID monitoring service is being tested and will be available in October, the company said on Friday. Similar to services offered by Symantec-owned LifeLock, CreditKarma will keep track of data breaches and tell customers if they are one of the victims. Customers can then check to use the company's credit monitoring services and flag suspicious activities. The company said it was accelerating the launch of the new service in response to the large data breach at Equifax, where thieves may have stolen personal information of 143 million Americans.
Youtube

PewDiePie Is Inexcusable But DMCA Takedowns Are Not the Way To Fight Him (vice.com) 504

An anonymous reader quotes a report from Motherboard: Felix Kjellberg, better known as PewDiePie, is the most popular YouTuber in the world. He's gotten himself into another controversy, this time for shouting the n-word while livestreaming a video game. The 27-year-old Swede has repeatedly been criticized for hate speech, and just last month said he would no longer make Nazi jokes after a white supremacist rally in Charlottesville, Virginia turned violent. But while playing PlayerUnknown's Battlegrounds on Sunday, Kjellberg, who has over 57 million subscribers on YouTube, called another player the n-word before erupting into laughter. "What a fucking n****r," he said. "Jeez, oh my god. What the fuck? Sorry, but what the fuck? What a fucking asshole. I don't mean that in a bad way." Kjellberg did not immediately respond to a request for comment, and has yet to publicly acknowledge the incident.

In response to Kjellberg's use of a racial slur, a number of video game players and developers have condemned the creator. Sean Vanaman, the co-founder of video game company Campo Santo, decided to use copyright law to push back against Kjellberg. On Twitter, he said he was filing a Digital Millennium Copyright Act (DMCA) takedown request against the famous YouTuber regarding a video in which Kjellberg plays Campo Santo's game Firewatch. There are compelling reasons to [remove hate speech from major internet platforms] by any means necessary, but DMCA overreach is among the least compelling options, considering that it unilaterally puts power into the hands of what are essentially uninvolved parties and allows for little arbitration or defense on the part of those who have their content removed.

Security

Warning: 'MetalKettle' Repository For Kodi Becomes Vulnerable After GitHub Takeover (betanews.com) 28

BrianFagioli shares a report from BetaNews: Unfortunately, there can apparently be security issues with repositories when they shut down. For example, when the metalkettle repo ended, the developer deleted its entry on GitHub. This in itself is not a cause for concern, but unfortunately, GitHub's allowance of project names to be recycled is. You see, someone re-registered the metalkettle name, making it possible for nefarious people to potentially serve up malware to Kodi users. The warning came from the metalkettle developer over on Twitter. He warns that devices with the repository installed could be in danger from a security standpoint. If a user was to search that repo, and the new owner of the GitHub name was to share malware, the user could assume it is safe and install it. We do not know 100 percent if the person that re-registered the metalkettle name on GitHub is planning anything evil, but it is better to be safe than sorry. If you still have the repository installed, you should remove it immediately. Not to mention, if you know someone using Kodi, such as a friend or family member, you should warn them too.
Security

Equifax Says Almost 400,000 Britons Hit In Data Breach (bbc.co.uk) 45

MalachiK shares a report from the BBC: Data about British people "may potentially have been accessed" during the data breach at the U.S. credit rating firm Equifax. The UK arm of the organization said files containing information on "fewer than 400,000" UK consumers was accessed in the breach. In a statement, the UK office of Equifax said an internal investigation had shown that data on UK consumers was accessed during the hack. It said data on Britons was being held in the U.S. due to a "process failure" which meant that a limited amount of information was stored in North America between 2011 and 2016. The information held included names, dates of birth, email addresses and telephone numbers. No addresses, passwords or financial data was involved.
Google

Social Media Site Gab Sues Google For Antitrust Violations Following Ban From Play Store (washingtonpost.com) 164

The social media site Gab.ai is accusing Google of violating federal antitrust laws when the tech giant booted Gab from the Google Play Store, according to lawsuit filed this week. From a report: The legal action is the latest salvo in an escalating battle between right-leaning technologists and leaders against Silicon Valley giants such as Facebook and Google. Gab alleges in the lawsuit that "Google deprives competitors, on a discriminatory basis, of access to the App Store, which an essential facility or resource." "Google is the biggest threat to the free flow of information," Gab chief executive Andrew Torba said in a statement. "Gab started to fight against the big tech companies in the marketplace, and their monopolistic conduct has forced us to bring the fight to the courtroom." Alternative source.
Government

Trump Blocks China-Backed Takeover of US Chip Maker 'Lattice Semi' (cnn.com) 151

MountainLogic shares a report from CNN: President Trump has stopped the takeover of an American chip maker by a private equity firm with ties to China. The deal, which would have seen China-backed Canyon Bridge Capital Partners acquire Lattice Semiconductors, was blocked over national security concerns. "Today, consistent with the administration's commitment to take all actions necessary to ensure the protection of U.S. national security, the president issued an order prohibiting the acquisition," Treasury Secretary Steven Mnuchin said in a statement Wednesday. The national security risk included "the potential transfer of intellectual property" to the Chinese-backed company and the "Chinese government's role in supporting this transaction," according to Mnuchin's statement. Those are sensitive matters: the Trump administration launched an investigation last month into whether China is unfairly getting hold of American technology and intellectual property. The Committee on Foreign Investment in the U.S., which reviews deals that could result in a foreign entity taking control of an American company, had previously recommended halting the deal. Lattice CEO Darin G. Billerbeck called the outcome "disappointing" and called the proposed acquisition "an excellent deal" for Lattice and for "expanding the opportunity to keep jobs in America." According to CNN, Lattice currently employs 300 people in Oregon -- and Canyon Bridge has committed to adding 350 more if the takeover deal went through.
Advertising

First Ever Malvertising Campaign Uses JavaScript To Mine Cryptocurrencies In Your Browser (bleepingcomputer.com) 70

An anonymous reader writes from a report via Bleeping Computer: Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers (mostly Monero), without their knowledge. The way crooks pulled this off was by using an online advertising company that allows them to deploy ads with custom JavaScript code. The JavaScript code is a modified version of MineCrunch (also known as Web Miner), a script released in 2014 that can mine cryptocurrencies using JavaScript code executed inside the browser. Cryptocurrency mining operations are notoriously resource-intensive and tend to slow down a user's computer. To avoid raising suspicion, crooks delivered malicious ads mainly on video streaming and browser-based gaming sites (currently mostly Ukrainian and Russian sites). Both types of sites use lots of resources, and users wouldn't get suspicious when their computer slowed down while accessing the site. Furthermore, users tend to linger more on browser games and video streaming services, allowing the mining script to do its job and generate profits for the crooks.
Businesses

Wisconsin State Legislature Signs Off On $3 Billion Foxconn Incentive Package (venturebeat.com) 158

On Thursday, legislators in the state of Wisconsin approved a nearly $3 billion incentive package for the Taiwanese electronics manufacturer, Foxconn, in exchange for it investing approximately $10 billion in the state and building a factory that could employ up to 13,000 workers. The legislation is now headed to Republican Governor Scott Walker's desk, where he is expected to give it his seal of approval. VentureBeat reports: The bill passed the Wisconsin State Assembly on a 64-31 vote, after previously passing the state senate on a 20-13 vote. The move signals the start of what will likely be an important experiment in just how much generous incentive packages can do to help create new tech hubs. Governor Walker has said that the Foxconn factory â" the company's first in the United States -- will help transform Wisconsin into "Wisconn Valley." While on a trade mission this week to Japan and South Korea, Governor Walker told reporters that many of the companies he met with on the trip were already "every interested in how they could come to Wisconsin and partner for that new ecosystem." However, there are still a few details that need to be finalized before Foxconn can start breaking ground -- most notably, where the company will build the factory. The factory was set to be built in either Kenosha or Racine County, Wisconsin, before Kenosha dropped out of the running earlier this week.

Slashdot Top Deals