Google Removes 17 Android Apps Caught Engaging In WAP Billing Fraud
Google has recently
removed 17 Android applications from the official Play Store because they were infected with the Joker (aka Bread) malware. ZDNet reports:
"This spyware is designed to steal SMS messages, contact lists, and device information, along with silently signing up the victim for premium wireless application protocol (WAP) services," Zscaler security researcher Viral Gandhi said this week. The 17 malicious apps were uploaded on the Play Store this month and didn't get a chance to gain a following, having been downloaded more than 120,000 times before being detected.
Following its internal procedures, Google removed the apps from the Play Store, used the Play Protect service to disable the apps on infected devices, but users still need to manually intervene and remove the apps from their devices. But this recent takedown also marks the third such action from Google's security team against a batch of Joker-infected apps over the past few months. [...] The way these infected apps usually manage to sneak their way past Google's defenses and reach the Play Store is through a technique called "droppers," where the victim's device is infected in a multi-stage process. Malware authors begin by cloning the functionality of a legitimate app and uploading it on the Play Store. This app is fully functional, requests access to dangerous permissions, but also doesn't perform any malicious actions when it's first run.
Because the malicious actions are usually delayed by hours or days, Google's security scans don't pick up the malicious code, and Google usually allows the app to be listed on the Play Store. But once on a user's device, the app eventually downloads and "drops" (hence the name droppers, or loaders) other components or apps on the device that contain the Joker malware or other malware strains.
Hacker Publishes Info On Las Vegas-Area Students After Demanding Ransom
An anonymous reader quotes a report from Business Insider:
Last month, Las Vegas' largest public school district announced that a hacker compromised some of its files using ransomware and was holding the files hostage while demanding a ransom payment. Now, a hacker has published files containing students' grades and personal information after school district officials refused to pay the ransom.
Brett Callow, a threat analyst with cybersecurity firm Emsisoft, told Business Insider that he discovered leaked documents published to an online hacking forum that purported to include records from Nevada's Clark County School District, including students' names, social security numbers, addresses, and some financial information. Callow's findings were first reported by The Wall Street Journal on Monday. "Ransomware attacks happen for one reason, and one reason only: they're profitable," Callow told Business Insider. "The only way way to stop them is to make them unprofitable, and that means organizations must stop paying ransoms."
Elon Musk: Tesla May Be Overvalued Today, But I Think It'll Be Worth More In 5 Years
an interview with Kara Swisher via a New York Times podcast, Elon Musk said he thinks Tesla
will be worth more than it is today in 5 years. CNBC reports:
"Some critical mass of the market has concluded that Tesla will win, I guess," said Musk on the stock's increases. "I've gone on record already saying the stock prices have been high, and that was well before the current level. But also if you ask me, do I think if Tesla will be worth more than this in 5 years? I think the answer is yes." In May, Musk tweeted that Tesla's stock price was "too high," which sent it down 12% that day. However, since he made those remarks, shares are up almost 200%.
In the wide-ranging interview, Musk also said, "Tesla at this point is not in mortal danger, as it was, say, three years ago." He added, "The thing that Tesla has been able to achieve is get to volume manufacturing and have sustainable positive free cash flow. From a car company standpoint, that is the real achievement of Tesla." "Tesla should be measured by how many years we accelerate the advent of sustainable energy," said Musk.
Police Charity Bought An iPhone Hacking Tool and Gave It To Cops
The San Diego Police Foundation, an organization that receives donations from corporations,
purchased iPhone unlocking technology for the city's police department, according to emails obtained by Motherboard. From the report:
The finding comes as activist groups place renewed focus on police foundations, which are privately run charities that raise funds from Wall Street banks and other companies, purchase items, and then give those to their respective police departments. Because of their private nature, they are often less subject to public transparency laws, except for when they officially interact with a department. "The GrayKey was purchased by the Police Foundation and donated to the lab," an official from the San Diego Police Department's Crime Laboratory wrote in a 2018 email to a contracting officer, referring to the iPhone unlocking technology GrayKey.
"The EULA I sent you [is] for a software upgrade that will allow us to get into the latest generation of Apple phones. Our original license was a 1 year license agreement paid for by the Police Foundation," the email adds. In a 2019 email, two other officials discussed purchasing the GrayKey for the following year. "This is the phone unlocking technique that the Police Foundation purchased for us (for 15k). Apparently the software 'upgrade' costs the same as the initial purchase each year. :/ They are the only ones that offer a tool that can crack iPhones, so they charge A LOT!," the email reads. Because police foundations act as private entities, they also do not directly fall under public records laws, meaning their expenditure or other activity may be more opaque than that of a police department itself. "Our end goal is to have an intervention on the funneling of private money into police forces and into policing," Scott Roberts, senior director of criminal justice campaigns at Color of Change,
told Politico recently. "If the police foundations existed to raise money for the families of fallen police officers, we wouldn't say we need to abolish police foundations. It's the specific type of work that they're doing that we object to."
26% of US Adults Get Their News From YouTube, Study Finds
In a study the Pew Research Center
released today, 26% of U.S. adults said
they now get their news from YouTube. That includes 23% via videos posted by news organizations and 23% from independent YouTube channels. Researchers surveyed 12,638 U.S. adults for the report. VentureBeat reports:
"The study finds a news landscape on YouTube in which established news organizations and independent news creators thrive side by side -- and consequently, one where established news organizations no longer have full control over the news Americans watch," the authors wrote. The report defines "external news organizations" as both traditional media like the New York Times and digital-native outlets like BuzzFeed. Independent channels can include celebrities like John Oliver alongside "YouTubers," the 30% who have built their following almost entirely on the platform.
While the report paints a picture of a thriving news ecosystem, it also notes some disturbing differences between traditional and independent sources. Independent channels, for instance, tend to be built around personalities, rather than a broader news organization. And those independent channels are far more likely to focus on conspiracy theories around subjects like anti-vaccine topics or Jeffrey Epstein's death. The report analyzed 3,000 videos posted from the 100 top YouTube news channels in November and December 2019 and found that 4% involved conspiracy theories of some kind. But among independent channels, 14% of videos were primarily dedicated to conspiracy theories, and up to 21% made some mention of them. Only 2% of videos by traditional news organizations mentioned conspiracy theories. In addition, 37% of videos from independent channels tended to view their subjects through a negative lens, versus just 17% from news organizations. Perhaps unsurprisingly, that negativity seemed to drive more views, which has made this subset of independent channels particularly problematic for YouTube.
A Week With the Xbox Series X: Load Times, Game Performance, and More
The Verge's Tom Warren
spent the past week with an Xbox Series X, playing a variety of games on the preview unit, testing load times, performance, and some of the new Series X features. Here's an excerpt from each section of his report:
Load Times: The most significant and obvious improvement with existing games on the Xbox Series X is the massive changes to load times. I noticed load times drop in pretty much every single game I've tested over the past week. Games like Sea of Thieves, Warframe, and Destiny 2 have their load times cut by up to a minute or more on the Series X. In Destiny 2, for example, I can now load into a planet in the game in around 30 seconds, compared to over a minute later on an Xbox One X and nearly two minutes in total on a standard Xbox One. These improved load times are identical to my custom-built PC that includes a fast NVMe SSD, and they genuinely transform how you play the game -- you can get more quests and tasks done instead of sitting and looking at a planet loading. [...] None of these games have been fully optimized for the Xbox Series X either. This is simply Microsoft's backward compatibility support in action. I switched back to my Xbox One X regularly throughout the week, and it was painful to witness these old load times that added a minute or more to games.
Game Performance: Not only do games load faster, but in many cases they also feel a lot smoother. Destiny 2 is a great example of a game that was held back by the weaker CPU and slow HDD in the Xbox One X. It's a title that hit native 4K previously, but the 6 teraflops of GPU performance in the One X was bottlenecked by a laptop-like CPU and an old spinning hard disk. This meant the game was stuck on 30fps. While Bungie has committed to enhancing Destiny 2 for the Xbox Series X and PS5 with 60fps support, it already feels faster without the patch. I would regularly notice frame rate drops in Destiny 2 on the Xbox One X when things got a little hectic on screen during a public event or in a raid with mobs of enemies coming at you. I haven't seen a single stutter running Destiny 2 on the Xbox Series X. This console has also improved other parts of Destiny 2 that were slow on the Xbox One. Loading into the character menu sometimes takes a few seconds on the Xbox One X, but on the Series X it feels like I'm playing on my PC as it's near instant. These are minor improvements, but they're the small things that add up and make a game more enjoyable to play.
Quick Resume: The Xbox One had a fast resume feature to let you swap between games, but it felt like it never really worked properly or games didn't support it. It couldn't be more different on the Xbox Series X. Quick Resume utilizes the SSD inside the Series X to let you swap between multiple games freely. It takes around five seconds to resume games where you left off, and I was able to switch between five games easily. I even rebooted the Xbox Series X for an update and all of the games still quickly resumed. Most games I tested worked flawlessly with Quick Resume, but some aren't supported. Titles like Sea of Thieves, that feature a big multiplayer arena, don't work with the new feature. It makes sense, though, since these games can't quickly resume a live and evolving environment that changes every second. "What I will say is that the Xbox Series X felt like I was playing on a familiar Xbox that's a lot faster and more capable," writes Warren in closing. "The experience of switching back to an Xbox One was genuinely dispiriting."
"The true next generation of games is still a mystery, but what I've seen from backward-compatible games over the past week is encouraging. I'm hoping that game developers will have a lot fewer bottlenecks with both the Xbox Series X and PS5, enabling them to deliver some game improvements we're only used to seeing over on the PC side."
YouTube Celebrates Deaf Awareness Week By Killing Crowd-Sourced Captions
Two days after the
International Week of the Deaf, which is the last full week in September, YouTube is
killing its "Community Contributions" feature for videos, which let content creators crowdsource captions and subtitles for their videos. Ars Technica reports:
Once enabled by a channel owner, the Community Contributions feature would let viewers caption or translate a video and submit it to the channel for approval. YouTube currently offers machine-transcribed subtitles that are often full of errors, and if you also need YouTube to take a second pass at the subtitles for machine translation, they've probably lost all meaning by the time they hit your screen. The Community Caption feature would load up those machine-written subtitles as a starting point and allow the user to make corrections and add text that the machine transcription doesn't handle well, like transcribed sound cues for the deaf and hard of hearing.
YouTube says it's killing crowd-source subtitles due to spam and low usage. "While we hoped Community Contributions would be a wide-scale, community-driven source of quality translations for Creators," the company wrote, "it's rarely used and people continue to report spam and abuse." The community does not seem to agree with this assessment, since a petition immediately popped up asking YouTube to reconsider, and so far a half-million people have signed. "Removing community captions locks so many viewers out of the experience," the petition reads. "Community captions ensured that many videos were accessible that otherwise would not be."
Instead of the free, in-house solution YouTube already built and doesn't want to keep running, the company's shutdown post pushes users to paid, third-party alternatives like Amara.org. YouTube says that because "many of you rely on community captions," (what happened to the low usage?) "YouTube will be covering the cost of a 6 month subscription of Amara.org for all creators who have used the Community Contribution feature for at least 3 videos in the last 60 days."
Liquid Water on Mars? New Research Indicates Buried 'Lakes'
The existence of liquid water on Mars -- one of the more hotly debated matters about our cold, red neighbor -- is looking increasingly likely. From a report:
New research published Monday in the journal Nature Astronomy indicates there really is a buried reservoir of super-salty water near the south pole of the planet. Scientists say such a lake would significantly improve the likelihood that the red planet just might harbor microscopic life of its own. Some scientists remain unconvinced that what's been seen is liquid water, but the latest study adds weight to a tentative 2018 finding from radar maps of the planet's crust made by the Mars Express robot orbiter. That research suggested an underground "lake" of liquid water had pooled beneath frozen layers of sediment near the Martian south pole -- akin to the subglacial lakes detected beneath the Antarctic and the Greenland ice sheets on Earth.
Earth's subglacial lakes are teeming with bacterial life, and similar life might survive in liquid reservoirs on Mars, scientists have speculated. "We are much more confident now," said Elena Pettinelli, a professor of geophysics at Italy's Roma Tre University, who led the latest research and the earlier study. "We did many more observations, and we processed the data completely differently." The planetary scientist and her team processed 134 observations of the region near the south pole with ground-penetrating radar from the Mars Express Orbiter between 2012 until 2019 -- more than four times as many as before, and covering a period of time more than twice as long. They then applied a new technique to the observation data that has been used to find lakes beneath the Antarctic ice sheet, as well as an older technique used in the 2018 study. Both methods indicate there is a "patchwork" of buried reservoirs of liquid in the region, Pettinelli said -- a large reservoir about 15 miles across, surrounded by several smaller patches up to 6 miles across.
Uber Can Continue Operating In London After Winning Court Appeal
losing its license to operate in London last November, deputy chief magistrate of Transport for London (TfL), Tanweer Ikram,
granted Uber an 18-month license after winning their court appeal. "Despite their historical failings, I find them, now, to be a fit and proper person to hold a London PHV [private hire vehicle] operator's license," he concluded. Engadget reports:
Uber's new licence runs for 18 months. It has "a number of conditions," according to TfL, that will allow the regulator to "closely monitor Uber's adherence to the regulations and to swiftly take action if they fail to meet the required standards." Jamie Heywood, Uber's regional general manager for Northern and Eastern Europe, added: "This decision is a recognition of Uber's commitment to safety and we will continue to work constructively with TfL. There is nothing more important than the safety of the people who use the Uber app as we work together to keep London moving."
The UK's App Drivers and Couriers Union (ACDU) has "cautiously" welcomed the court's decision, but believes London mayor Sadiq Khan should take further action and limit the number of licensed drivers on the platform. "Such reductions, achieved through attrition, are necessary to ensure Uber can comfortably meet its compliance obligations including worker rights whilst giving TfL the breathing space necessary so that it can comfortably meet its responsibilities to ensure that Uber drivers and the traveling public are protected," the union said in a press release.
Ransomware Attacks Take On New Urgency Ahead of Vote
A Texas company that sells software that cities and states use to display results on election night was
hit by ransomware last week, the latest of nearly a thousand such attacks over the past year against small towns, big cities and the contractors who run their voting systems. From a report:
Many of the attacks are conducted by Russian criminal groups, some with shady ties to President Vladimir V. Putin's intelligence services. But the attack on Tyler Technologies, which continued on Friday night with efforts by outsiders to log into its clients' systems around the country, was particularly rattling less than 40 days before the election. While Tyler does not actually tally votes, it is used by election officials to aggregate and report them in at least 20 places around the country -- making it exactly the kind of soft target that the Department of Homeland Security, the F.B.I. and United States Cyber Command worry could be struck by anyone trying to sow chaos and uncertainty on election night.
Tyler would not describe the attack in detail. It initially appeared to be an ordinary ransomware attack, in which data is made inaccessible unless the victim pays the ransom, usually in harder-to-trace cryptocurrencies. But then some of Tyler's clients -- the company would not say which ones -- saw outsiders trying to gain access to their systems on Friday night, raising fears that the attackers might be out for something more than just a quick profit. That has been the fear haunting federal officials for a year now: that in the days leading up to the election, or in its aftermath, ransomware groups will try to freeze voter registration data, election poll books or the computer systems of the secretaries of the state who certify election results. With only 37 days before the election, federal investigators still do not have a clear picture of whether the ransomware attacks clobbering American networks are purely criminal acts, seeking a quick payday, or Trojan horses for more nefarious Russian interference. But they have not had much success in stopping them. In just the first two weeks of September, another seven American government entities have been hit with ransomware and their data stolen. "The chance of a local government not being hit while attempting to manage the upcoming and already ridiculously messy election would seem to be very slim," said Brett Callow, a threat analyst at Emsisoft, a security firm.
Healthcare Giant UHS Hit By Ransomware Attack, Sources Say
Universal Health Services, one of the largest healthcare providers in the U.S.,
has been hit by a ransomware attack. "Looks like another case of ransomware at
over 400 hospital locations," writes Slashdot reader
nickwinlund77. "They've had to go back to pen & paper for handling forms." TechCrunch reports:
The attack hit UHS systems early on Sunday morning, according to two people with direct knowledge of the incident, locking computers and phone systems at several UHS facilities across the country, including in California and Florida. One of the people said the computer screens changed with text that referenced the "shadow universe," consistent with the Ryuk ransomware. "Everyone was told to turn off all the computers and not to turn them on again," the person said. "We were told it will be days before the computers are up again."
It's not immediately known what impact the ransomware attack is having on patient care, or how widespread the issue is. UHS published a statement on Monday, saying its IT network "is currently offline, due to an IT security issue." "We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively," the statement said. "No patient or employee data appears to have been accessed, copied or otherwise compromised," it added.
Apple's Battle With Epic Over Fortnite Could Reach Jury Trial Next July
Apple and Epic met in a virtual court hearing on Monday to debate whether Fortnite should be allowed to remain in Apple's App Store while the two fight an even bigger battle over whether Apple is violating federal antitrust law. From a report:
California Judge Yvonne Gonzalez Rogers said didn't issue any update to her previous ruling, which upheld Apple's ban on Fortnite while the antitrust case is ongoing. Instead she said the companies should expect to hear from her in writing. Rogers said that it's likely that the case, which she added was "the frontier of antitrust law," will be heard in July 2021. She recommended a trial by jury in order that the final judgement reached would be more likely stand up to appeal, although said it's up to Apple or Epic to request this.
[...] In court on Monday, Rogers seemed less than impressed with the arguments put forward by Epic's legal team. She said that in the gaming industry, of which Epic is a part, it was standard practice for platforms to take 30% commission, as Apple does. She challenged Epic over its decision to circumvent Apple's policy in spite of its explicit contractual relations with the company, saying the company had "lied about it by omission." "You were not forthright," she said. "You were told you couldn't do it, and you did. There's an old saying, a rose by any other name is still a rose [...] There are plenty of people in the public could consider you guys heroes for what you did, but it's still not honest."
UK Risks Losing Contract For New Climate Research Centre Because of Brexit
The UK is at risk of losing the contract for the expansion of a flagship European weather research centre based in Reading because of Brexit. From a report:
The European Centre for Medium Range Weather Forecasts (ECMWF) has been based in Berkshire for the last 45 years but its future EU-funded activities are now the subject of an international battle. At stake is a planned new facility with up to 250 jobs, and nine countries -- including France, Germany, Spain, Ireland and Italy -- are vying for the business. "As a consequence of Brexit, a competition to relocate all ECMWF EU-funded activities from Reading in the UK to an EU member state is taking place during 2020," an official briefing note from one member state said. ECMWF, which is also a key body for climate-change research, is backed by 34 countries, 22 of them EU member states. In addition to weather forecasting, it operates a number of EU-funded programmes, including two services from the EU's Copernicus satellite Earth-observation programme, monitoring the atmosphere and the climate crisis.
Netflix CEO on Paying Sky-High Salaries: 'The Best Are Easily 10 Times Better Than Average'
Netflix CEO Reed Hastings,
writing at CNBC:
In the first few years of Netflix, we were growing fast and needed to hire more software engineers. With my new understanding that high talent density would be the engine of our success, we focused on finding the top performers in the market. In Silicon Valley, many of them worked for Google, Apple, and Facebook -- and they were being paid a lot. We didn't have the cash to lure them away in any numbers. But, as an engineer, I was familiar with a concept that has been understood in software since 1968, referred to as the "rock-star principle." The rock-star principle is rooted in a famous study that took place in a basement in Santa Monica, California. At 6:30 a.m., nine trainee programmers were led into a room with dozens of computers. Each was handed a manila envelope, explaining a series of coding and debugging tasks they would need to complete to their best ability in the next 120 minutes. The researchers expected that the best programmer would outperform his average counterpart by a factor of two or three. But it turned out that the most skilled programmer far outperformed the worst. He was 20 times faster at coding, 25 times faster at debugging, and 10 times faster at program execution than the programmer with the lowest marks.
This study has caused ripples across the software industry since it was published, as managers grapple with how some programmers can be worth so much more than their perfectly adequate colleagues. With a fixed amount of money for salaries and a project I needed to complete, I had a choice: Hire 10 to 25 average engineers, or hire one "rock-star" and pay significantly more than what I'd pay the others, if necessary. Over the years, I've come to see that the best programmer doesn't add 10 times the value. He or she adds more like a 100 times. Bill Gates, whom I worked with while on the Microsoft board, purportedly went further. He is often quoted as saying, "A great lathe operator commands several times the wages of an average lathe operator, but a great writer of software code is worth 10,000 times the price of an average software writer." In the software industry, this is a known principle (although still much debated). I started thinking about where this model applied outside the software industry. The reason the rock-star engineer is so much more valuable than his counterparts isn't unique to programming. The great software engineer is incredibly creative and can see conceptual patterns that others can't.
Amazon Plans Vancouver Expansion Where Talent Is Cheap
Amazon expects to
nearly triple its workforce in Vancouver, where software engineers are cheap, smart and plentiful. From a report:
The online retail giant plans to occupy a bunker-like former Canada Post mailing center that's being redeveloped into a new 1.1 million square-foot office to house 8,000 jobs by 2023, Jesse Dougherty, a vice president and Vancouver site lead at Amazon, said by phone. Currently, the company has 2,700 full-time employees at its city hub. It also plans to add 500 jobs in Toronto, according to a statement released Monday. A weak loonie, lower wages and a steady flow of graduates make Canada an attractive place to expand for tech companies whose largest expense is labor. The average wage of a software developer in Vancouver last year was $92,726, compared to $141,785 in San Francisco or $128,067 in Amazon's hometown of Seattle, according to a July report by real estate firm CBRE Group Inc. Once rental costs are folded in, the cost of running a 500-employee operation in the Canadian city is half that of a similar-sized operation in the Bay Area, it found.