Atlanta Projected To Spend At Least $2.6 Million on Ransomware Recovery
it - Posted On:2018-04-24 11:30:00 Source: slashdot
Atlanta is setting aside more than $2.6 million on recovery efforts stemming from a ransomware attack, which crippled a sizable part of the city's online services. ZDNet reports: The city was hit by the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. The ransom was set at around $55,000 worth of bitcoin, a digital cryptocurrency that in recent weeks has wildy fluctated in price. But the ransom was never paid, said Atlanta city spokesperson Michael Smith in an email. Between the ransomware attack and the deadline to pay, the payment portal was pulled offline by the ransomware attacker. According to newly published emergency procurement figures, the city is projected to spend as much as 50 times that amount in response to the cyberattack. Between March 22 and April 2, the city budgeted $2,667,328 in incident response, recovery, and crisis management. Read more of this story at Slashdot.
Chinese Tech Companies Post Men-Only Job Listings, Report Finds
technology - Posted On:2018-04-24 09:14:57 Source: slashdot
Major Chinese tech companies like Huawei, Alibaba, and Tencent discriminate against women in their online job listings, a new report from Human Rights Watch found today. Some job postings directly state they are for men only, while others specify that women must have attractive appearances and even be a certain height. The Verge reports: The Human Rights Watch report reveals gender discrimination amongst major tech companies, as in the rest of Chinese society, is common and widespread. Search engine Baidu listed a job for content reviewers in March 2017 stating that applicants had to be men with the "strong ability to work under pressure, able to work on weekends, holidays and night shifts." The conglomerate Tencent, which owns WeChat, the massive game Honor of Kings, and a majority stake in League of Legends, was found to have posted an ad for a sports content editor in March 2017, stating it was looking for "strong men who are able to work nightshifts." And Alibaba, despite Jack Ma touting the company's inclusiveness, merited an entire case study from the Human Rights Watch report. The report noted the e-commerce giant came under fire in 2015 for posting a job ad on its site for a "computer programmer's motivator" seeking women applicants with physical characteristics like Japanese adult film star Sola Aoi. Alibaba removed the reference to Sola Aoi after media reported on it, but kept the ad on the site. As recently as January this year, Alibaba still mentioned "men preferred" in job listings for "restaurant operations support specialist" positions. Tech companies also often tout the attractive women they've hired as incentives for more men to come on board, according to the HRW report. Both Tencent and Baidu were noted to have posted to their social media accounts interviews with male employees who cited having beautiful women around them as an incentive for working there. Read more of this story at Slashdot.
Mosaic, the First HTML Browser That Could Display Images Alongside Text, Turns 25
technology - Posted On:2018-04-24 03:14:58 Source: slashdot
NCSA Mosaic 1.0, the first web browser to achieve popularity among the general public, was released on April 22, 1993. It was developed by a team of students at the University of Illinois' National Center for Supercomputing Applications (NCSA), and had the ability to display text and images inline, meaning you could put pictures and text on the same page together, in the same window. Wired reports: It was a radical step forward for the web, which was at that point, a rather dull experience. It took the boring "document" layout of your standard web page and transformed it into something much more visually exciting, like a magazine. And, wow, it was easy. If you wanted to go somewhere, you just clicked. Links were blue and underlined, easy to pick out. You could follow your own virtual trail of breadcrumbs backwards by clicking the big button up there in the corner. At the time of its release, NCSA Mosaic was free software, but it was available only on Unix. That made it common at universities and institutions, but not on Windows desktops in people's homes. The NCSA team put out Windows and Mac versions in late 1993. They were also released under a noncommercial software license, meaning people at home could download it for free. The installer was very simple, making it easy for just about anyone to get up and running on the web. It was then that the excitement really began to spread. Mosaic made the web come to life with color and images, something that, for many people, finally provided the online experience they were missing. It made the web a pleasure to use. Read more of this story at Slashdot.
Algorithm Automatically Spots 'Face Swaps' In Videos
technology - Posted On:2018-04-23 21:44:58 Source: slashdot
yagoda shares a report from MIT Technology Review: Andreas Rossler at the Technical University of Munich in Germany and colleagues have developed a deep-learning system that can automatically spot face-swap videos. The new technique could help identify forged videos as they are posted to the web. But the work also has sting in the tail. The same deep-learning technique that can spot face-swap videos can also be used to improve the quality of face swaps in the first place -- and that could make them harder to detect. The new technique relies on a deep-learning algorithm that Rossler and co have trained to spot face swaps. These algorithms can only learn from huge annotated data sets of good examples, which simply have not existed until now. In semi-related news, the Screen Actors Guild-American Federation of Television and Radio Artists (SAG-AFTRA) says it's "fighting back" against the dangers posed by new face-swapping technologies that have been used to digitally superimpose the faces of its members onto the bodies of porn stars. "SAG-AFTRA has undertaken an exhaustive review of our collective bargaining options and legislative options to combat any and all uses of digital re-creations, not limited to deepfakes, that defame our members and inhibit their ability to protect their images, voices and performances from misappropriation. We are talking with our members' representatives, union allies, and with state and federal legislators about this issue right now and have legislation pending in New York and Louisiana that would address this directly in certain circumstances. We also are analyzing state laws in other jurisdictions, including California, to make sure protections are in place. To the degree that there are not sufficient protections in place, we will work to fix that..." Read more of this story at Slashdot.
Microsoft Readies Windows 10 April Update With New Features and Enhancements
technology - Posted On:2018-04-23 19:14:59 Source: slashdot
MojoKid writes: Microsoft has been preparing a Spring Creators Update for Windows 10 for a while now, which was recently pushed out as an RTM (Release To Manufacturing) build to all rings of the Windows Insider program. Now dubbed the "Windows 10 April Update," Redmond is billing that "lots of new features" are rolling out with this release, including the ability to resume past activities in timeline and a file sharing feature with nearby devices. Also, based on what has been tested in pre-release builds, there will be other features coming as well, including a rebuilt Game Bar with a new Fluent design UI, a diagnostic data viewing tool in the Security and Privacy section, and Cortana is reportedly easier to use with a new Organizer interface and My Skills tab. It is expected Microsoft will be pushing out this update for Windows 10 this week sometime. Read more of this story at Slashdot.
Google Accused of Showing 'Total Contempt' for Android Users' Privacy
technology - Posted On:2018-04-23 17:45:00 Source: slashdot
On the heels of a terse privacy debate, Google may have found another thing to worry about: its attempt to rethink the traditional texting system. From a report: Joe Westby is Amnesty International's Technology and Human Rights researcher. Recently, in response to Google's launch of a new messaging service called "Chat", Westby argued that Google, "shows total contempt for Android users' privacy." "With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications. Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers," Westby contended. Westby continued, saying: "In the wake of the recent Facebook data scandal, Google's decision is not only dangerous but also out of step with current attitudes to data privacy." Read more of this story at Slashdot.
New Attack Group Orangeworm Targets Healthcare Sector in US, Asia, and Europe: Symantec
it - Posted On:2018-04-23 16:30:00 Source: slashdot
Security researchers at Symantec say a group of hackers has been targeting firms related to health care in order to steal intellectual property. The security firm observed a hacking team, called Orangeworm, compromise the systems of pharmaceutical firms, medical-device manufacturers, health-care providers, and even IT companies working with medical organizations in the US, Europe, and Asia markets. Victims don't appear to have been chosen at random but "carefully and deliberately." You can read the full report here. Read more of this story at Slashdot.
Google Is Testing a New Chrome UI
technology - Posted On:2018-04-23 15:45:00 Source: slashdot
Catalin Cimpanu, writing for BleepingComputer: Google engineers have rolled out a new Chrome user interface (UI). Work on the new Refresh UI has been underway since last year, Bleeping Computer has learned. The new UI is in early testing stages, and only available via the Google Chrome Canary distribution, a version of the Chrome browser used as a testing playground. Users who are interested in giving the new UI a spin must install Chrome Canary, and then access chrome://flags, a section that contains various experimental options not included in Chrome's default settings section. Read more of this story at Slashdot.
Hacking a Satellite is Surprisingly Easy
it - Posted On:2018-04-23 14:00:00 Source: slashdot
Caroline Haskins, writing for The Outline: Hundreds of multi-ton liabilities -- soaring faster than the speed of sound, miles above the surface of the earth -- are operating on Windows-95. They're satellites, responsible for everything from GPS positioning, to taking weather measurements, to carrying cell signals, to providing television and internet. For the countries that own these satellites, they're invaluable resources. Even though they're old, it's more expensive to take satellites down than it is to just leave them up. So they stay up. Unfortunately, these outdated systems makes old satellites prime targets for cyber attacks. [...] A malicious actor could fake their IP address, which gives information about a user's computer and its location. This person could then get access to the satellite's computer system, and manipulate where the satellite goes or what it does. Alternatively, an actor could jam the satellite's radio transmissions with earth, essentially disabling it. The cost of such an attack could be huge. If a satellite doesn't work, life-saving GPS or online information could be withheld to people on earth when they need it most. What's worse, if part of a satellite -- or an entire satellite -- is knocked out of its orbit from an attack, the debris could create a domino effect and cause extreme damage to other satellites. Read more of this story at Slashdot.
Microsoft Developers Hid a Secret Puzzle in Windows Backgrounds as They Knew Images Would Leak
technology - Posted On:2018-04-23 10:44:56 Source: slashdot
An anonymous reader shares a report: Microsoft developers working on Windows 8 created a puzzle and embedded it in the wallpapers used for internal builds of the operating system. The team knew that the images would leak out to the public -- and probably the internal builds of Windows -- so they decided to have some fun with it. Over the course of numerous builds, the puzzle was developed -- but only one person ever solved it! Over the weekend, Jensen Harris -- a former group program manager of Microsoft Office and Microsoft director leading the team working on the redesign of Windows 8 -- took to Twitter to come clean about the secret puzzle. He explained that it was common for internal test builds of Windows to have wallpapers that were not intended for public release, but said that messages tended to be included to discourage leaking: "Traditionally, these wallpapers included text embedded in them threatening to throw people in jail if they leaked the build, blah blah, substantial penalty for early withdrawal, not all coins go up in value (some go down!), etc. etc. We wanted to try a more elegant tact. So early in Windows 8, we created a wallpaper that was a combination of the text the lawyers wanted us to use with an attempt to appeal to people's better nature...thus the "shhh... let's not leak our hard work" series of wallpapers was born." Read more of this story at Slashdot.
Net Neutrality Is Over Monday, But Experts Say ISPs Will Wait To Screw Us
technology - Posted On:2018-04-23 03:14:57 Source: slashdot
'Drupalgeddon2' Touches Off Arms Race To Mass-Exploit Powerful Web Servers
technology - Posted On:2018-04-22 21:14:59 Source: slashdot
Researchers with Netlab 360 warn that attackers are mass-exploiting "Drupalgeddon2," the name of an extremely critical vulnerability Drupal maintainers patched in late March. The exploit allows them to take control of powerful website servers. Ars Technica reports: Formally indexed as CVE- 2018-7600, Drupalgeddon2 makes it easy for anyone on the Internet to take complete control of vulnerable servers simply by accessing a URL and injecting publicly available exploit code. Exploits allow attackers to run code of their choice without having to have an account of any type on a vulnerable website. The remote-code vulnerability harkens back to a 2014 Drupal vulnerability that also made it easy to commandeer vulnerable servers. Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can." China-based Netlab 360, meanwhile, said at least three competing attack groups are exploiting the vulnerability. The most active group, Netlab 360 researchers said in a blog post published Friday, is using it to install multiple malicious payloads, including cryptocurrency miners and software for performing distributed denial-of-service attacks on other domains. The group, dubbed Muhstik after a keyword that pops up in its code, relies on 11 separate command-and-control domains and IP addresses, presumably for redundancy in the event one gets taken down. Read more of this story at Slashdot.
Pornhub Hasn't Been Actively Enforcing Its Deepfake Ban
technology - Posted On:2018-04-22 17:15:00 Source: slashdot
Pornhub said in February that it was banning AI-generated deepfake videos, but BuzzFeed News found that it's not doing a very good job at enforcing that policy. The media company found more than 70 deepfake videos -- depicting graphic fake sex scenes with Emma Watson, Scarlett Johanson, and other celebrities -- were easily searchable from the site's homepage using the search term "deepfake." From the report: Shortly after the ban in February, Mashable reported that there were dozens of deepfake videos still on the site. Pornhub removed those videos after the report, but a few months later, BuzzFeed News easily found more than 70 deepfake videos using the search term "deepfake" on the site's homepage. Nearly all the videos -- which included graphic and fake depictions of celebrities like Katy Perry, Scarlett Johansson, Daisy Ridley, and Jennifer Lawrence -- had the word "deepfake" prominently mentioned in the title of the video and many of the names of the videos' uploaders contained the word "deepfake." Similarly, a search for "fake deep" returned over 30 of the nonconsensual celebrity videos. Most of the videos surfaced by BuzzFeed News had view counts in the hundreds of thousands -- one video featuring the face of actor Emma Watson garnered over 1 million views. Some accounts posting deepfake videos appeared to have been active for as long as two months and have racked up over 3 million video views. "Content that is flagged on Pornhub that directly violates our Terms of Service is removed as soon as we are made aware of it; this includes non-consensual content," Pornhub said in a statement. "To further ensure the safety of all our fans, we officially took a hard stance against revenge porn, which we believe is a form of sexual assault, and introduced a submission form for the easy removal of non-consensual content." The company also provided a link where users can report any "material that is distributed without the consent of the individuals involved." Read more of this story at Slashdot.
Your Next Job Interview Could Be With a Racist Bot
technology - Posted On:2018-04-22 10:14:57 Source: slashdot
An anonymous reader quotes a report from The Daily Beast: Companies across the nation are now using some rudimentary artificial intelligence, or AI, systems to screen out applicants before interviews commence and for the interviews themselves. As a Guardian article from March explained, many of these companies are having people interview in front of a camera that is connected to AI that analyzes their facial expressions, their voice and more. One of the top recruiting companies doing this, Hirevue, has large customers like Hilton and Unilever. Their AI scores people using thousands of data points and compares it to the scores of the best current employees. But that can be unintentionally problematic. As Recode pointed out, because most programmers are white men, these AI are actually often trained using white male faces and male voices. That can lead to misperceptions of black faces or female voices, which can lead to the AI making negative judgments about those people. The results could trend sexist or racist, but the employer who is using this AI would be able to shift the blame to a supposedly neutral technology. Companies are also having people do their first interview with an AI chatbot. "One popular AI that does this is called Mya, which promises a 70 percent decrease in hiring time," reports The Daily Beast. "Any number of questions these chatbots could ask could be proxies for race, gender or other factors." Read more of this story at Slashdot.
Silicon Valley Investors Wants to Fund a 'Good For Society' Facebook Replacement
technology - Posted On:2018-04-22 06:44:57 Source: slashdot
Silicon Valley angel investor Jason Calacanis just announced the "Openbook Challenge," a competition to create a replacement for Facebook. "Over the next three months, 20 finalists will compete for seven $100,000 incubator grants," explains long-time Slashdot reader reifman. "Their goal is to find startups with a sustainable business model e.g. subscriptions, reasonable advertising, cryptocurrency. etc. And they want it to be 'good for society.'" Jason Calacanis writes: All community and social products on the internet have had their era, from AOL to MySpace, and typically they're not shut down by the government -- they're slowly replaced by better products. So, let's start the process of replacing Facebook... We already have two dozen quality teams cranking on projects and we hope to get to 100... This is not an idea or business plan competition. We're looking for teams that can actually build a better social network, and we'll be judging teams primarily based upon their ability to execute... Keep in mind, that while ideas really matter, Zuckerberg has shown us, execution matters more. Calacanis has even created a discussion group for the competition...on Facebook. And his announcement includes a famous quote from Mark Zuckerberg. "Don't be too proud to copy." Read more of this story at Slashdot.
NYT: Lynchings Around the World are Linked To Facebook Posts
technology - Posted On:2018-04-21 23:44:58 Source: slashdot
An anonymous reader quotes the New York Times: Riots and lynchings around the world have been linked to misinformation and hate speech on Facebook, which pushes whatever content keeps users on the site longest -- a potentially damaging practice in countries with weak institutions and histories of social instability. Time and again, communal hatreds overrun the newsfeed unchecked as local media are displaced by Facebook and governments find themselves with little leverage over the company. Some users, energized by hate speech and misinformation, plot real-world attacks. A reconstruction of Sri Lanka's descent into violence, based on interviews with officials, victims and ordinary users caught up in online anger, found that Facebook's newsfeed played a central role in nearly every step from rumor to killing. Facebook officials, they say, ignored repeated warnings of the potential for violence, resisting pressure to hire moderators or establish emergency points of contact... Sri Lankans say they see little evidence of change. And in other countries, as Facebook expands, analysts and activists worry they, too, may see violence. A Facebook spokeswoman countered that "we remove such content as soon as we're made aware of it," and said they're now trying to expand those teams and investing in "technology and local language expertise to help us swiftly remove hate content." But one anti-hate group told the Times that Facebook's reporting tools are too slow and ineffective. "Though they and government officials had repeatedly asked Facebook to establish direct lines, the company had insisted this tool would be sufficient, they said. But nearly every report got the same response: the content did not violate Facebook's standards." Read more of this story at Slashdot.
Former Reddit Executive Sees 'No Hope' For Reddit
technology - Posted On:2018-04-21 18:44:59 Source: slashdot
An anonymous reader quotes former Reddit product head Dan McComas: I think, ultimately, the problem that Reddit has is the same as Twitter and Discord. By focusing on growth and growth only and ignoring the problems, they amassed a large set of cultural norms on their platforms. Their cultural norms are different for every community, but they tend to stem from harassment or abuse or bad behavior, and they have worked themselves into a position where they're completely defensive... I really don't believe it's possible for either of them to catch up on the problem. I think the best that they can do is figure out how to hide this behavior from an average user. I don't see any way that it's going to improve. I have no hope for either of those platforms. I just think that the problems are too ingrained, in not only the site and the site's communities and users but in the general understanding and expectations of the public... I don't think that they're going to be able to turn these things around... I fundamentally believe that my time at Reddit made the world a worse place. And that sucks, and it sucks to have to say that about myself... I've got a lot of advice for start-ups, and it's not very fucking complicated. It's just: Think about the impact that you want to have on your users and on the people consuming your content and do the right thing... Don't be idiots about it. You're people, you see what's going on, you see trends that are forming, just fucking do something. It's not that hard. Read more of this story at Slashdot.
Lycos Finally Discontinues Its Free Email Service
technology - Posted On:2018-04-21 15:44:59 Source: slashdot
Long-time Slashdot reader williamyf writes: You may think of it as the end of an era, or as the final nail in the coffin. Today Lycos, one of the pioneering web portals of the '90s, notified all it's users that "On May 15th, 2018, we will no longer be offering free Lycos Mail accounts." They have been very upfront about the reason: "Q: Why are you doing this? A: Providing mailboxes costs us money, and we no longer make enough from ads to support the cost of the mailboxes." At it's heyday, Lycos was acquired by Terra Networks (a division of Telefonica), then sold to Daum Communications in Korea and then to Ybrant Digital in India. The search engine and other parts (like Angelfire, Tripod and Gamesville) continue working. In the meantime, instructions are provided to download all your mail via POP3 for offline archiving, or to upgrade to Paid Accounts. Read more of this story at Slashdot.
The 'Terms and Conditions' Reckoning Is Coming
technology - Posted On:2018-04-20 14:45:00 Source: slashdot
Everyone from Uber to PayPal is facing a backlash against their impenetrable legalese. From a report: Personal finance forums online are brimming with complaints from hundreds of PayPal customers who say they've been suspended because they signed up before age 18. PayPal declined to comment on any specific cases, but says it's appropriate to close accounts created by underage people "to ensure our customers have full legal capacity to accept our user agreement." While that may seem "heavy-handed," says Sarah Kenshall, a technology attorney with law firm Burges Salmon, the company is within its rights because the users clicked to agree to the rules -- however difficult the language might be to understand. Websites have long required users to plow through pages of dense legalese to use their services, knowing that few ever give the documents more than a cursory glance. In 2005 security-software provider PC Pitstop LLC promised a $1,000 prize to the first user to spot the offer deep in its terms and conditions; it took four months before the reward was claimed. The incomprehensibility of user agreements is poised to change as tech giants such as Uber Technologies and Facebook confront pushback for mishandling user information, and the European Union prepares to implement new privacy rules called the General Data Protection Regulation, or GDPR. The measure underscores "the requirement for clear and plain language when explaining consent," British Information Commissioner Elizabeth Denham wrote on her blog last year. Read more of this story at Slashdot.
Kaspersky Lab Banned From Advertising on Twitter Because of Its Alleged Ties With Russian Intelligence Agencies
technology - Posted On:2018-04-20 14:15:00 Source: slashdot
An anonymous reader shares a report: Russian cybersecurity company Kaspersky Lab has been banned from advertising on Twitter due to its allegedly close and active ties between the company and Russian intelligence agencies, according to the social network. The ban is the latest blow in an ongoing saga for Kaspersky, which includes two ongoing legal battles with the U.S. government. Eugene Kaspersky, CEO of Kaspersky Lab, took to Twitter on Friday to condemn the ban. A Twitter spokesperson reiterated that the "decision is based on our determination that Kaspersky Lab operates using a business model that inherently conflicts with acceptable Twitter Ads business practices." Read more of this story at Slashdot.