Users Complain of Account Hacks, But OkCupid Denies a Data Breach
Zack Whittaker reports via TechCrunch:
A reader contacted TechCrunch after his [OkCupid] account was hacked. The reader, who did not want to be named, said the hacker broke in and changed his password, locking him out of his account. Worse, they changed his email address on file, preventing him from resetting his password. OkCupid didn't send an email to confirm the address change -- it just blindly accepted the change. "Unfortunately, we're not able to provide any details about accounts not connected to your email address," said OkCupid's customer service in response to his complaint, which he forwarded to TechCrunch. Then, the hacker started harassing him strange text messages from his phone number that was lifted from one of his private messages. It wasn't an isolated case. We found several cases of people saying their OkCupid account had been hacked.
But several users couldn't explain how their passwords -- unique to OkCupid and not used on any other app or site -- were inexplicably obtained. "There has been no security breach at OkCupid," said Natalie Sawyer, a spokesperson for OkCupid. "All websites constantly experience account takeover attempts. There has been no increase in account takeovers on OkCupid." Even on OkCupid's own support pages, the company says that account takeovers often happen because someone has an account owner's login information. "If you use the same password on several different sites or services, then your accounts on all of them have the potential to be taken over if one site has a security breach," says the support page. In fact, when we checked, OkCupid was just one of many major dating sites -- like Match, PlentyOfFish, Zoosk, Badoo, JDate, and eHarmony -- that didn't use two-factor authentication at all.
New Study Finds More Post-Surgery Deaths Globally Than From HIV, Tuberculosis and Malaria Combined
schwit1 shares a report from UPI:
About 4.2 million people worldwide die every year within 30 days of surgery -- more than from HIV, tuberculosis and malaria combined, a new study reports. The findings show that 7.7 percent of all deaths worldwide occur within a month of surgery, a rate higher than that from any other cause except ischemic heart disease and stroke. "Although not all postoperative deaths are avoidable, many can be prevented by increasing investment in research, staff training, equipment and better hospital facilities," lead author of the study, Dr. Dmitri Nepogodiev, said in a university news release. Along with finding that 4.2 million people a year die within a month of having surgery, his team discovered that half of those deaths occur in low- and middle-income countries.
"Although not all postoperative deaths are avoidable, many can be prevented by increasing investment in research, staff training, equipment and better hospital facilities," Nepogodiev said in a university news release. "To avoid millions more people dying after surgery, planned expansion of access to surgery must be complemented by investment in to improving the quality of surgery around the world," he noted.
Tesla 'Dog Mode' Will Stop Pets From Overheating In Cars, Elon Musk Says
Tesla CEO Elon Musk said his fleet of electric vehicles
will be getting a "dog mode" to protect pets from overheating. The feature, which will be rolled out next week, will be able to detect when a pet is locked inside the car -- and keep the temperature at a safe level. The New Zealand Herald reports:
There will also likely be a display or some form of communication to inform passers-by that the dog is safe. The feature was added after Musk was inundated with tweets from customers. In October, one Tesla driver asked him: "Can you put a dog mode on the Tesla Model 3. "Where the music plays and the air conditioning is on, with a display on screen saying 'I'm fine my owner will be right back?'" Musk replied: "Yes."
'Dog mode' will likely be an extension of Tesla's Cabin Overheat Protection System. This already prevents temperatures inside the car from reaching unsafe levels when kids or pets are inside. But the screen in Tesla models is likely to now flash a message to pedestrians informing them that the pet inside is safe. The "dog mode" update will be launched at the same time as a "sentry mode" -- designed to ward off would-be thieves. Sentry Mode will use the dashcam to record footage in the event of an attempted break-in. And it is rumored the car will play loud classical music through the stereo system to draw attention to the intruder and encourage passersby to call the police.
Scientists Have Reduced the Forecast of Sea Level Rise Seven Times Due To Melting of the Antarctic
The destruction of the Antarctic ice sheet
may not lead to such a catastrophic rise in the level of the oceans, as previously thought. In a new study, the authors calculated that instead of growing by a meter or more by 2100, a growth of 14-15 cm is likely, writes N + 1. At the same time, the melting of the ice of Greenland and Antarctica is not fully taken into account in modern climate models, as it will lead to even more destabilization of the regional climate. Both studies on this are published in the journal Nature. An anonymous reader shares the report from Maritime Herald:
In the first study, Tamzin Edwards from King's College London and her colleagues question this prediction. According to Edwards, who is quoted by the college press service, scientists re-analyzed data on ice loss and ocean level 3 million years ago, 125 thousand years ago and in the last 25 years and estimated the likelihood of rapid destruction of unstable sea areas of Antarctic glaciers, which the authors 2016 was associated with a meter increase in the level of the oceans. The hypothesis of such destruction received the abbreviated name MICI (marine ice cliff instability). They found that MICI does not necessarily explain the dynamics of sea level in the past, and without this the probability that the level will grow by more than 39 centimeters by 2100 is only about 5 percent. Edwards notes that in their model, even if the Antarctic glaciers really will collapse rapidly, the maximum increase in sea level will not exceed half a meter, and the most likely growth will be 14-15 cm. At the same time, scientists cannot completely eliminate the MICI phenomenon: they only talk about that more research is needed in this area.
In the second article, Edwards and Nick Golledge of Queen Victoria University in Wellington and their co-authors write that current climate models do not fully take into account the consequences of the destruction of the ice of Greenland and the Antarctic, which will slow down the Atlantic Ocean and further melt the Antarctic ice due to "locking" of warm water in the Southern Ocean (climatologists call such self-enhancing processes positive feedback processes). In addition, according to the authors of the article, the melting of ice in the warming scenario of 3-4 degrees compared with the middle of the XIX century will lead to a less predictable climate and an increase in the scale of extreme weather events.
Google Play Caught Hosting An App That Steals Users' Cryptocurrency
The Google Play Store has been
caught hosting an app designed to steal cryptocurrency from unwitting end users, according to researchers with Eset security company. "The malware, which masqueraded as a legitimate cryptocurrency app, worked by replacing wallet addresses copied into the Android clipboard with one belonging to attackers," reports Ars Technica. "As a result, people who intended to use the app to transfer digital coins into a wallet of their choosing would instead deposit the funds into a wallet belonging to the attackers." From the report:
So-called clipper malware has targeted Windows users since at least 2017. The clipper malware available in Google Play impersonated a service called MetaMask, which is designed to allow browsers to run apps that work with the digital coin Ethereum. The primary purpose of Android/Clipper.C, as Eset has dubbed the malware, was to steal credentials needed to gain control of Ethereum funds. It also replaced both bitcoin and Ethereum wallet addresses copied to the clipboard with ones belonging to the attackers. Eset spotted the app shortly after its introduction to Google Play on February 1. Google has since removed it. Stefanko said it's the first time clipper malware has been hosted in the Android app bazaar. Eset malware researcher Lukas Stefanko
wrote: "This attack targets users who want to use the mobile version of the MetaMask service, which is designed to run Ethereum
decentralized apps in a browser, without having to run a full Ethereum node. However, the service currently does not offer a mobile app -- only add-ons for desktop browsers such as Chrome and Firefox. Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims' cryptocurrency funds."
Tesla Model 3 Becomes Best Selling Electric Car In World
Jose Pontes of EV Volumes and CleanTechnica has
crunched some numbers and found that the Tesla Model 3
is now the best selling plug-in vehicle in the world. "In fact, the Model 3 was approximately 55,000 sales above the #2 BAIC EC-Series, an extremely popular Chinese model," CleanTechnica reports. "The Model 3 gobbled 7% of the plug-in vehicle market, while the #2 EC-Series and #3 Nissan LEAF each had 4%." From the report:
After those top three, as the chart shows, the Tesla Model S and Model X were #4 and #5, respectively. They were followed by three Chinese models and then the Toyota Prius Prime and Mitsubishi Outlander PHEV. The Model 3 (and others) helped push the world plug-in vehicle share up to 2.1% in 2018. (Double that 4 times and we're at about 30% market share.) [...] Remember, 93% of plug-in vehicle sales in 2018 were not Model 3 sales. Nearly 2 million non -- Model 3 electric cars, SUVs, and crossovers made it into consumers' parking spots. Still, there's clearly a new king of the hill, and its young Tesla's 4th model.
Amazon To NYC After Reconsidering HQ2 Plans: It'd Be a Shame If Something Happened To Your Kids' CS Education
Commenting on reports that Amazon is reconsidering its plan to bring 25,000 jobs to a new campus in New York City following a wave of political and community opposition, Amazon issued the following statement: "We're focused on engaging with our new neighbors -- small business owners, educators, and community leaders. Whether it's building a pipeline of local jobs through workforce training or funding computer science classes for thousands of New York City students, we are working hard to demonstrate what kind of neighbor we will be." Yep, it'd be a shame if something happened. The Washington Post earlier reported that New York State Sen. Michael Gianaris, a strong opponent of the Amazon HQ2 deal, described the possibility that Amazon would pull out of the deal -- which totals up to $3 billion in state and city incentives -- as akin to blackmail. "Amazon has extorted New York from the start, and this seems to be their next effort to do just that," he said. "If their view is, 'We won't come unless we get three billion of your dollars,' then they shouldn't come." Over at Vice, Ankita Rao examines what Amazon infiltrating America's school system might look like.
Huawei Would Accept EU Supervision To Lay 5G Network
An anonymous reader quotes a report from TechRadar:
Huawei has said it is willing for its equipment and activities to be supervised by the European Union (EU) as it continues to fend off the threat of restrictions on the use of its kit in 5G networks. Last year it emerged the US, which has long frozen out the company from its own telecommunications infrastructure, had been encouraging other western nations to take similar action. The main basis for Washington's fears is a perception that Huawei is linked to the Chinese government and that the use of the company's equipment risks the possibility of backdoors that could be used for espionage. These fears are heightened by 5G because of the sensitive information these networks will carry. The US is concerned that if its allies continue to use Huawei kit, then America's security will be threatened.
Now, Abraham Liu, Huawei's chief representative to EU institutions, has used a speech to mark the Chinese New Year to repeat the company's denials and to stress its willingness to cooperate with the EU and European governments. "Cybersecurity should remain as a technical issue instead of an ideological issue. Because technical issues can always be resolved through the right solutions while ideological issue cannot," he is quoted as saying. "We are always willing to accept the supervision and suggestions of all European governments, customers and partners." A number of European nations, including the UK and Germany, have expressed concern about the use of Huawei equipment in their telecoms infrastructure, however earlier this week, France rejected proposals that would increase checks Last week, Huawei
pledged to spend about $2 billion over five years to resolve the security issues in the United Kingdom. However, they also claimed that the firm "has never and will never use UK-based hardware, software or information gathered in the UK or anywhere else globally, to assist other countries in gathering intelligence." They added: "We would not do this in any country."
Ask Slashdot: Could Nikola Tesla's Wardenclyffe Tower Have Worked?
For those who are unfamiliar with the story, from 1901-1902, inventor Nikola Tesla had a 187-foot-tall experimental wireless electricity transmission tower called the "Wardenclyffe Tower" built in Shoreham, New York. Tesla believed that it was possible to generate electrical power on a large scale in one part of the world and transmit that electrical power to electrical receivers in far away parts of the world wirelessly, using parts of Earth's atmosphere as the conducting medium. Tesla had huge problems getting the project financed -- powerful banker J.P. Morgan didn't play along and U.S. President Woodrow Wilson didn't help a pleading Tesla either. An excerpt from a Wardenclyffe documentary shows the tower finally being dynamited and sold for scrap in 1917. The Wardenclyffe Tower never reached operational status; wireless electrical transmission between continents never happened; Tesla became an emotionally broken man who died regretting that he did not manage to finish his life's work; and to this day nobody knows exactly how the Wardenclyffe Tower was supposed to function technically. To the question: Do you believe that Tesla's dream of electrical devices anywhere in the world essentially being able to draw electrical power from the sky with a relatively simple antenna could have worked, had he gotten the necessary funding to complete his experiments?
How Hackers and Scammers Break Into iCloud-Locked iPhones
Motherboard's Joseph Cox and Jason Koebler report of the underground industry where thieves, coders, and hackers
work to remove a user's iCloud account from a phone so that they can then be resold. They reportedly are able to do this by phishing the phone's original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. The other method (that is very labor intensive and rare) involves removing the iPhone's CPU from the Logic Board and reprogramming it to create what is essentially a "new" device. It is
generally done in Chinese refurbishing labs and involves stealing a "clean" phone identification number called an IMEI. Here's an excerpt from their report:
Making matters more complicated is the fact that not all iCloud-locked phones are stolen devices -- some of them are phones that are returned to telecom companies as part of phone upgrade and insurance programs. The large number of legitimately obtained, iCloud-locked iPhones helps supply the independent phone repair industry with replacement parts that cannot be obtained directly from Apple. But naturally, repair companies know that a phone is worth more unlocked than it is locked, and so some of them have waded into the hacking underground to become customers of illegal iCloud unlocking companies.
In practice, "iCloud unlock" as it's often called, is a scheme that involves a complex supply chain of different scams and cybercriminals. These include using fake receipts and invoices to trick Apple into believing they're the legitimate owner of the phone, using databases that look up information on iPhones, and social engineering at Apple Stores. There are even custom phishing kits for sale online designed to steal iCloud passwords from a phone's original owner. [...] There are many listings on eBay, Craigslist, and wholesale sites for phones billed as "iCloud-locked," or "for parts" or something similar. While some of these phones are almost certainly stolen, many of them are not. According to three professionals in the independent repair and iPhone refurbishing businesses, used iPhones -- including some iCloud-locked devices -- are sold in bulk at private "carrier auctions" where companies like T-Mobile, Verizon, Sprint, AT&T, and cell phone insurance providers sell their excess inventory (often through third-party processing companies.)
DoorDash and Amazon Won't Change Tipping Policy After Instacart Controversy
An anonymous reader quotes a report from Forbes:
The tipping controversy that prompted Instacart to reverse a compensation plan to its contract workers isn't likely to go away: Rivals DoorDash and Amazon Flex are continuing to adjust driver pay based on how much they get tipped, saying doing so ensures a minimum payout. The practice, which has its roots in the way brick-and-mortar restaurants pay waitstaff, has been adapted to suit the needs of app-based delivery companies. The difference is that gig-economy workers are independent contractors, and so aren't protected by the minimum wage laws. Instacart, a $7.6 billion grocery delivery company, made a change in October 2018 that workers would receive at least $10 per delivery order. Customers and shoppers didn't realize that the tips were counting towards that minimum instead of being a bonus on top. So if someone tipped more, Instacart effectively had to pay less. That's how one Instacart delivery driver ended up with Instacart only paying 80 cents and the rest of the minimum being met with tips.
The company reversed its decision on Wednesday after public outcry, admitting that counting tips in its payout totals was "misguided" and has moved to a new pay scale that doesn't factor in tips at all. But DoorDash and Amazon Flex, the contract workforce that delivers packages for Prime Now, continued to stand their ground. DoorDash claims it has been transparent about the tips being part of its delivery driver pay since it made the change in 2017, including on a blog post on whether customers should tip, and maintains that delivery-driver retention and overall satisfaction both "increased significantly" since the change. Both DoorDash and Instacart insist that they never turned the payment dial down if someone received a large tip. Instead, both companies used an algorithm to calculate a base pay rate that would include things like time and effort it took to deliver. If that base pay plus tip fell short of the price they guaranteed, then both companies would pay out more to make sure its delivery drivers reached the payout they had been promised. But in cases where the tip plus its initial calculation reached the promised payout, then the companies would only contribute the amount that the algorithm had calculated the delivery person deserved. One simple solution if you want to make sure your tip gets into the hand of your digital delivery worker: tip in cash.
Trump's Border Wall Could Split SpaceX's Texas Launchpad In Two
An anonymous reader quotes the Los Angeles Times
A launchpad on the U.S.-Mexico border, which it plans to use for rockets carrying humans around the world and eventually to Mars, could be split in two by the Trump administration's planned wall... Lawmakers said they were concerned about the effect on the company's 50-acre facility after seeing a Department of Homeland Security map showing a barrier running through what they described as a launchpad...
James Gleeson, a SpaceX spokesman, declined to provide details on how the fence would affect the facility. "The Department of Homeland Security and U.S. Customs and Border Protection recently requested SpaceX permit access to our South Texas Launch site to conduct a site survey," he said in a statement. "At this time, SpaceX is evaluating the request and is in communication with DHS to further understand their plans...." Musk is working on a new, more powerful vehicle known as Starship to eventually ferry humans to Mars. SpaceX recently announced that it would test the Starship test vehicle at the site in south Texas.
SpaceX Seeks Approval For Up To 1M Earth Stations for Its Satellite Service
SpaceX just filed a new earth-station license application with America's Federal Communications Commisions, seeking blanket approval "for up to a million earth stations" for customers of their Starlink satellite internet service, reports GeekWire:
Those satellites have already received clearance from the FCC, and SpaceX plans to launch the first elements of the initial 4,425-satellite constellation this year, using Falcon 9 rockets.... Eventually, SpaceX wants to build up the network to take in as many as 12,000 satellites in low Earth orbit...
SpaceX CEO Elon Musk has said the Starlink project aims is to provide high-speed, reliable and affordable broadband data services to consumers in the U.S. and around the world, including an estimated 3.8 billion people who are underserved by existing networks. When he unveiled the project four years ago in Seattle, he said revenue from the internet service would pay for his vision of creating a city on Mars.
The application assures regulators that the earth stations will "incorporate advanced technologies to enable highly efficient use of the spectrum and enhance the customer's broadband experience."
Should All Government IT Systems Be Using Open Source Software?
Writing at Linux Journal, Glyn Moody reports that
dozens of government IT systems are switching to open source software.
"The fact that this approach is not already the norm is something of a failure on the part of the Free Software community..."
One factor driving this uptake by innovative government departments is the potential to cut costs by avoiding constant upgrade fees. But it's important not to overstate the "free as in beer" element here. All major software projects have associated costs of implementation and support. Departments choosing free software simply because they believe it will save lots of money in obvious ways are likely to be disappointed, and that will be bad for open source's reputation and future projects.
Arguably as important as any cost savings is the use of open standards. This ensures that there is no lock-in to a proprietary solution, and it makes the long-term access and preservation of files much easier. For governments with a broader responsibility to society than simply saving money, that should be a key consideration, even if it hasn't been in the past.... Another is transparency. Recently it emerged that Microsoft has been gathering personal information from 300,000 government users of Microsoft Office ProPlus in the Netherlands, without permission and without documentation.
He includes an inspiring quote from the Free Software Foundation Europe about code
produced by the government: "If it is public money, it should be public code as well. But when it comes to the larger issue about the general usage of proprietary vs. non-proprietary software -- what do Slashdot's readers think?
Should all government IT systems be using open source software?
Alphabet's 'Verily' Plans to Use Tech To Fight The Opioid Crisis
"Verily, Alphabet's life science division, is building a tech-focused rehab campus in Dayton, Ohio to combat the opioid crisis," reports CNBC.
Verily will join two health networks, Kettering Health Network and Premier Health, to create a nonprofit named OneFifteen. Alexandria Real Estate Equities will design and develop the campus, which will offer both inpatient and outpatient services. There is no single solution to treating substance abuse, with strategies spanning from intensive rehabilitation programs to drop-in meetings. Verily hopes to get a better understanding of what works and what doesn't work in helping people get and stay sober....
Initially, Verily will focus on understanding what works in the clinic and then track patient behavior when they get out to see what sticks, Danielle Schlosser, senior clinical scientist of behavioral health at Verily, said in an interview. Verily will use a "variety of means" to track what works, she said, adding that patients would have to consent to being monitored... OneFifteen CEO Marti Taylor said "Because we will have facilities, an entire ecosystem and data, we'll be able to take a more holistic understanding of a person's health both inside and outside as we follow them long-term."
Verily's blog points out that Americans under 50 years old are more likely to die from unintentional overdoses than any other cause, and that two-thirds of those deaths involve an opioid. "In the face of one of the greatest public health crises the U.S. has seen,
we feel compelled to act," they write, saying their company is "focused on making health information useful so people can live healthier lives."
Their blog says their team recognized "the absence of high quality information to guide individuals, communities, and legislators" for picking effective recovery treatements. "Leaning into our capabilities of building health platforms, we are setting out to create a 'learning health system' that aims to address this critical information gap in addiction medicine."