Israeli Firm Tied To Tool That Uses WhatsApp Flaw To Spy On Activists
An anonymous reader quotes a report from The New York Times:
An Israeli firm accused of supplying tools for spying on human-rights activists and journalists now faces claims that its technology can use a security hole in WhatsApp, the messaging app used by 1.5 billion people, to break into the digital communications of iPhone and Android phone users (Warning: source may be paywalled; alternative source). Security researchers said they had found so-called spyware -- designed to take advantage of the WhatsApp flaw -- that bears the characteristics of technology from the company, the NSO Group.
The spyware was used to break into the phone of a London lawyer who has been involved in lawsuits that accused the company of providing tools to hack the phones of Omar Abdulaziz, a Saudi dissident in Canada; a Qatari citizen; and a group of Mexican journalists and activists, the researchers said. There may have been other targets, they said. Digital attackers could use the vulnerability to insert malicious code and steal data from an Android phone or an iPhone simply by placing a WhatsApp call, even if the victim did not pick up the call. As WhatsApp's engineers examined the vulnerability, they concluded that it was similar to other tools from the NSO Group, because of its digital footprint. WhatsApp engineers patched the vulnerability on Monday.
"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," the Facebook-owned company said in a statement.
California May Go Dark This Summer, and Most Aren't Ready
schwit1 quotes a report from Bloomberg:
A plan by California's biggest utility to cut power on high-wind days during the onrushing wildfire season could plunge millions of residents into darkness. And most people aren't ready. The plan by PG&E comes after the bankrupt utility said a transmission line that snapped in windy weather probably started last year's Camp Fire, the deadliest in state history. While the plan may end one problem, it creates another as Californians seek ways to deal with what some fear could be days and days of blackouts. Some residents are turning to other power sources, a boon for home battery systems marketed by Sunrun, Tesla and Vivint Solar. But the numbers of those systems in use are relatively small when compared with PG&E's 5.4 million customers. Meanwhile, Governor Gavin Newsom said he's budgeting $75 million to help communities deal with the threat. PG&E said the city of Calistoga could have its service cut as many as 15 times this fire season, depending on how extreme the weather is. The utility also plans to set up dozens of so-called "resiliency centers," where backup generators can be brought in to run essential services.
"The utility aims to give at least two days warning about a shutoff and has embarked on a public awareness campaign including mailing letters to customers and is working to identify vulnerable residents," reports Bloomberg. "It also will be working to get power restored in a day after a shutoff, though its customers could be out for as many as five days."
Boost Mobile Says Hackers Broke into Customer Accounts
Boost Mobile is
informing customers of a data breach nearly two months after it happened. "Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code," said
the notification. "The Boost Mobile fraud team discovered the incident and was able to implement a permanent solution to prevent similar unauthorized account activity." TechCrunch reports:
It's not known exactly how the hackers obtained customer PINs -- or how many Boost customers are affected. The company also notified the California attorney general, which companies are required to do if more than 500 people in the state are affected by the same security incident. Boost Mobile reportedly had 15 million customers in 2018.
The hackers used those phone numbers and account PINs to break into customer accounts using the company's website Boost.com, said the notification. These codes can be used to alter account settings. Hackers can automate account logins using lists of exposed usernames and passwords -- or in this case phone numbers and PIN codes -- in what's known as a credential stuffing attack. Boost said it has sent to affected customers a text with a temporary PIN.
Lenovo Unveils World's First Foldable PC, Coming In 2020
At its Accelerate 2019 event in Orlando today, Lenovo
previewed "the world's first foldable PC." While we don't know the name, price tag, or ship date, we do know that the foldable PC will be part of Lenovo's flagship ThinkPad X1 line and that it will arrive in 2020. VentureBeat reports:
Lenovo backs up its "the world's first foldable PC" claim by saying it looked at laptops sold by major PC manufacturers this month. None shipped more than "1 million units worldwide annually" with foldable screens. Apparently Lenovo is hoping to ship at least 1 million units of its new foldable PC in the first year.
We don't know much about the device yet, and that's on purpose. Tom Butler, Lenovo's ThinkPad marketing director, did say that the company has been working on the device for "several years" with partners Intel, Microsoft and LG. He confirmed that those three have been part of the project from the very beginning. Intel chips and Windows will be powering the foldable ThinkPad. LG is responsible for manufacturing the screen, the highlight of the device. It's a 13.3-inch single OLED 2K display with a 4:3 aspect ratio. It's also a touchscreen and will support pen input. When folded in half, the width of the device is reduced by 50%, as you might expect.
Academics Improve SHA-1 Collision Attack, Make It Actually Dangerous
An anonymous reader writes:
"Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last week with the discovery of the first-ever 'chosen-prefix collision attack,' a more practical version of the SHA-1 collision attack first carried out by Google two years ago," reports ZDNet. Google's original research allowed attackers to force duplicates for specific files, but this process was often at random. A new SHA-1 collision attack variation (a chosen-prefix attack) detailed last week allows attackers to choose what SHA-1-signed files or data streams they want to forge on demand, making SHA-1 an attack that is now practical in the real world, albeit at a price tag of $100,000 per collision.
Facebook Sues Analytics Firm Rankwave Over Data Misuse
revealed last Friday that it has filed a lawsuit
alleging South Korean analytics firm Rankwave abused its developer platform's data, and has refused to cooperate with a mandatory compliance audit and request to delete the data. TechCrunch reports:
Facebook's lawsuit centers around Rankwave offering to help businesses build a Facebook authorization step into their apps so they can pass all the user data to Rankwave, which then analyzes biographic and behavioral traits to supply user contact info and ad targeting assistance to the business. Rankwave also apparently misused data sucked in by its own consumer app for checking your social media "influencer score." That app could pull data about your Facebook activity such as location checkins, determine that you've checked into a baseball stadium, and then Rankwave could help its clients target you with ads for baseball tickets.
The use of a seemingly fun app to slurp up user data and repurpose it for other business goals is strikingly similar to how Cambridge Analytica's personality quiz app tempted millions of users to provide data about themselves and their friends. TechCrunch has attained a copy of the lawsuit that alleges that Rankwave misused Facebook data outside of the apps where it was collected, purposefully delayed responding to a cease-and-desist order, claimed it didn't violate Facebook policy, lied about not using its apps since 2018 when they were accessed in April 2019, and then refused to comply with a mandatory audit of its data practices. Facebook Platform data is not supposed to be repurposed for other business goals, only for the developer to improve their app's user experience.
Twitter Bug Shared Location Data For Some iOS Users
Twitter today disclosed a bug in its platform that
impacted the privacy of some its iOS app's users. From a report:
"We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances," Twitter said. The company said the bug only occurred on its iOS app where users added a second Twitter account on their phones. If they allowed Twitter access to precise location data in one account, then that setting was applied to both accounts managed via the iOS app. This meant the app sent precise location data to Twitter, which then made it available to "a trusted partner during an advertising process known as real-time bidding," even for accounts users didn't agree to share such info.
Drinking Six or More Coffees a Day Can Be Detrimental To Your Health, New Study Reveals
While the pros and cons of drinking coffee have been debated for decades, new research from the University of South Australia reveals that drinking six or more coffees a day can be detrimental to your health,
increasing your risk of heart disease by up to 22 percent. From a report:
In Australia, one in six people are affected by cardiovascular disease. It is a major cause of death with one person dying from the disease every 12 minutes. According to the World Health Organization, cardiovascular disease is the leading cause of death, yet one of the most preventable. Investigating the association of long-term coffee consumption and cardiovascular disease, UniSA researchers Dr Ang Zhou and Professor Elina Hypponen of the Australian Centre for Precision Health say their research confirms the point at which excess caffeine can cause high blood pressure, a precursor to heart disease.
This is the first time an upper limit has been placed on safe coffee consumption and cardiovascular health. "Coffee is the most commonly consumed stimulant in the world -- it wakes us up, boosts our energy and helps us focus -- but people are always asking 'How much caffeine is too much?'," Prof Hypponen says. "Most people would agree that if you drink a lot of coffee, you might feel jittery, irritable or perhaps even nauseous -- that's because caffeine helps your body work faster and harder, but it is also likely to suggest that you may have reached your limit for the time being.
A New Aerospace Company Enters the Race To Build Fastest Aircraft In the World
An anonymous reader quotes a report from Ars Technica:
On Monday, a U.S.-based company named Hermeus announced plans to develop an aircraft that will travel at speeds of up to Mach 5. Such an aircraft would cut travel time from New York to Paris from more than 7 hours to 1.5 hours. Hermeus said it has raised an initial round of funding led by Khosla Ventures, but it declined to specify the amount. This funding will allow Hermeus to develop a propulsion demonstrator and other initial technologies needed to make its supersonic aircraft a reality, Skyler Shuford, the company's chief operating officer, told Ars.
The announcement follows three years after another company, Boom Supersonic, declared its own intentions to develop faster-than-sound aircraft. As of January 2019, Boom had raised more than $140 million toward development of its Overture airliner, envisioned to travel at Mach 2.2, which is about 10 percent faster than the Concorde traveled. Officials with Boom Supersonic have said its planes could be ready for commercial service in the mid-2020s, and they added that Virgin Group and Japan Airlines have preordered a combined 30 airplanes.
Apple Announces New NFC Feature For iPhone: Special Tags That Trigger Apple Pay Purchases When Tapped
Apple's VP of Apple Pay, Jennifer Bailey, announced new NFC tags that
will let iPhone users make purchases simply by tapping their phones against the stickers, without the need to download a special app first. "The company is partnering with Bird scooters, Bonobos clothing store, and PayByPhone parking meters for the initial rollout," reports 9to5Mac. From the report:
Apple also announced that inside the Wallet app, users will soon be able to sign up for loyalty cards in one tap, presumably presented to users as recommendations when they make eligible purchases. Right now, physical Apple Pay transactions require bulky terminals like those you find at retail store checkouts. With the new support, an iPhone will know how to read a specially-encoded NFC tag (that can be as inert as a sticker) and automatically show the Apple Pay purchase interface when a user holds their device near it. No third-party apps or other set up required.
The obvious example is a user can ad-hoc top up their miles on a hired electric scooter simply by tapping their phone or watch to a NFC sticker on the bike. For Bonobos, it will enable simpler self-service shopping with the ability to place NFC tags directly onto clothing rails. The new Apple Pay features will be rolling out later this year, presumably with more partners onboard now that the news is public. This is yet another step towards Apple's goal of replacing the wallet.
Facebook Will Increase Pay For Its Contractors in North America
Facebook will increase the hourly pay rate for thousands of contract workers across the United States, the company said today. From a report:
Its base rate for contractors will rise from $15 an hour to $18, with slightly higher raises in cities with higher costs of living. The changes will go into effect by the middle of next year, the company said, and it will explore bringing similar raises to other sites around the world. The move comes after reporting from The Verge and others on the long-term impact of working as a contract moderator for Facebook, which has left some workers with symptoms of post-traumatic stress. Workers in larger metropolitan areas will get raises as well: from $18 to $20 an hour in Seattle and from $20 to $22 an hour in the Bay Area, New York City, and Washington, DC.
Accused of 'Terrorism' For Putting Legal Materials Online
Carl Malamud believes in open access to government records, and he has spent more than a decade putting them online. You
might think states would welcome the help. From a report:
But when Mr. Malamud's group posted the Official Code of Georgia Annotated, the state sued for copyright infringement. Providing public access to the state's laws and related legal materials, Georgia's lawyers said, was part of a "strategy of terrorism." A federal appeals court ruled against the state, which has asked the Supreme Court to step in. On Friday, in an unusual move, Mr. Malamud's group, Public.Resource.Org, also urged the court to hear the dispute, saying that the question of who owns the law is an urgent one, as about 20 other states have claimed that parts of similar annotated codes are copyrighted.
The issue, the group said, is whether citizens can have access to "the raw materials of our democracy." The case, Georgia v. Public.Resource.Org, No. 18-1150, concerns the 54 volumes of the Official Code of Georgia Annotated, which contain state statutes and related materials. The state, through a legal publisher, makes the statutes themselves available online, and it has said it does not object to Mr. Malamud doing the same thing. But people who want to see other materials in the books, the state says, must pay the publisher.
California is Bringing Law and Order To Big Data. It Could Change the Internet in the US
California is embarking on a
new era of privacy on the internet, and Xavier Becerra can't stop thinking about the failed debut of Obamacare. From a report:
Back in 2013, Becerra, then a Democratic congressman from Los Angeles, watched as technical problems with the website marred the rollout of President Barack Obama's signature law, delaying sign-ups for health insurance and denting the public's faith in the new offering. Now, as California's attorney general, Becerra is worried that a similarly halting start awaits the California Consumer Privacy Act, a far-reaching law that would put some of the world's strictest rules on how tech companies -- many of which call the state home -- handle and collect user data.
The rest of the country is watching closely. No other state has attempted such an ambitious privacy law, and since before the dawn of the internet, Congress hasn't either. The law has numerous parts. It forces companies to reveal what data they collect. It gives users the right to delete that data and prevent its sale. And it will likely restrict how data can be used for online ads. Becerra, whose office will be responsible for enforcing the law when it goes into effect Jan. 1, 2020, said he might not have enough staff to carry out the job, and that as a result the law could collapse under its own weight.
The Great Firewall of China Blocks Off Wikipedia
China is known for its censorship of certain websites. The country went the extra mile by
blocking Wikipedia in April. From a report:
Multiple reports confirm China blocked Wikipedia across all language URLs sometime in late April. The country is using DNS injections to prevent its citizens from accessing the online encyclopedia, according to a report from the Open Observatory of Network Interference on May 4.
Amazon, Eager For Drivers, Offers To Help Employees Quit To Start Delivery Businesses
Amazon, which is racing to deliver packages faster, is turning to its employees with a proposition:
Quit your job and we'll help you start a business delivering Amazon packages. From a report:
The offer, announced Monday, comes as Amazon seeks to speed up its shipping time from two days to one for its Prime members. The company sees the new incentive as a way to get more packages delivered to shoppers' doorsteps faster. Amazon says it will cover up to $10,000 in startup costs for employees who are accepted into the program and leave their jobs. The company says it will also pay them three months' worth of their salary. The offer is open to most part-time and full-time Amazon employees, including warehouse workers who pack and ship orders.
Supreme Court Says Apple Will Have To Face App Store Monopoly Lawsuit
A group of iPhone owners accusing Apple of violating US antitrust rules because of its App Store monopoly can sue the company, the Supreme Court ruled Monday. From a report:
The Supreme Court upheld the Ninth Circuit Court of Appeals' decision in Apple v. Pepper, agreeing in a 5-4 decision that Apple app buyers could sue the company for allegedly driving up prices. "Apple's line-drawing does not make a lot of sense, other than as a way to gerrymander Apple out of this and similar lawsuits," wrote Justice Brett Kavanaugh. Apple had claimed that iOS users were technically buying apps from developers, while developers themselves were Apple's App Store customers. According to an earlier legal doctrine known as Illinois Brick, "indirect purchasers" of a product don't have the standing to file antitrust cases. But in today's decision, the Supreme Court determined that this logic doesn't apply to Apple.
There is More CO2 in the Atmosphere Today Than Any Point Since the Evolution of Humans
data from the Mauna Loa Observatory in Hawaii, the concentration of CO2 in the atmosphere is over 415 parts per million (ppm),
far higher than at any point in the last 800,000 years, since before the evolution of homo sapiens. From a report:
Holthaus spotted the new high on Sunday when it was tweeted out by the Scripps Institution of Oceanography, which measures daily CO2 rates at Mauna Loa along with scientists from the National Oceanic and Atmospheric Administration. Measurements have been ongoing since the program was started in 1958 by the late Charles David Keeling, for whom the Keeling Curve, a graph of increasing CO2 concentration in the atmosphere, is named. "This is the first time in human history our planet's atmosphere has had more than 415ppm CO2," Holthaus said in a widely shared tweet. "Not just in recorded history, not just since the invention of agriculture 10,000 years ago. Since before modern humans existed millions of years ago," added Holthaus.
Hotstar, Disney's Indian Streaming Service, Sets New Global Record For Live Viewership
Indian video streaming giant Hotstar, owned by Disney, today set a new global benchmark for the number of people an OTT service can draw to a live event. From a report:
Some 18.6 million users simultaneously tuned into Hotstar's website and app to watch the deciding game of the 12th edition of the Indian Premier League (IPL) cricket tournament. The streaming giant, which competes with Netflix and Amazon in India, broke its own "global best" 10.3 million concurrent views milestone that it had set last year. Hotstar topped the 10 million concurrent viewership mark a number of times during this year's 51-day IPL season. More than 12.7 million viewers huddled to watch an earlier game in the tournament, a spokesperson for the four-year-old service said. In mid-April, Hotstar said that the cricket series had already garnered a 267 million overall viewership, creating a new record for the streamer. (Last year's IPL had clocked a 202 million overall viewership.) These figures coming out of India, the fastest-growing internet market, are astounding to say the least. In comparison, a 2012 live stream of skydiver Felix Baumgartner jumping from near-space to the Earth's surface, remains the most concurrently viewed video on YouTube. It amassed about 8 million concurrent viewers.
Business Messaging Service Slack Says It's Going To Replace Email and is as Necessary as Electricity in Its Pitch To Investors
messaging service Slack briefed investors on Monday, as the company expects to go public with a direct listing on the New York Stock Exchange later this year. From a report:
The service, which primarily caters to businesses, said it has more than 10 million users as of January. Stewart Butterfield, co-founder and CEO of Slack, made the case to investors that replacing email with Slack changes the way employees of a company communicate. "This shift is inevitable. We believe every organization will switch to Slack or something like it," Butterfield said in a presentation. He also pitched Slack as a software-focused company that believes the world is "only at the beginning" of its reliance on software. In that essence, Butterfield likened Slack as eventually becoming a utility, similar to the internet or electricity.
Amazon is Rolling Out Machines To Automate Boxing Up Customer Orders
Amazon is rolling out machines to automate a job held by thousands of its workers:
boxing up customer orders. From a report:
The company started adding technology to a handful of warehouses in recent years, which scans goods coming down a conveyor belt and envelopes them seconds later in boxes custom-built for each item, two people who worked on the project told Reuters. Amazon has considered installing two machines at dozens more warehouses, removing at least 24 roles at each one, these people said. These facilities typically employ more than 2,000 people. That would amount to more than 1,300 cuts across 55 U.S. fulfillment centers for standard-sized inventory. Amazon would expect to recover the costs in under two years, at $1 million per machine plus operational expenses, they said. The plan, previously unreported, shows how Amazon is pushing to reduce labor and boost profits as automation of the most common warehouse task -- picking up an item -- is still beyond its reach.
'I Bought Some Noise-Canceling Headphones. They Don't Cancel Noise'
"Many are seduced by the idea that they can listen in silence," complains ZDNet columnist Chris Matyszczyk.
"This doesn't seem to be true," he writes, describing a typical experience with some $279.95 Beats Studio3 wireless over-ear headphones:
I could still hear so much of what was going on beyond the soccer match or movie upon which my headphones were supposed to be focused. This wasn't noise-canceling. It was noise-dulling... I did a little research. This noise-canceling thing is a splendid hype. The technology works best on quashing -- somewhat -- low-frequency sounds. The more high-pitched elements of life -- human speech, babies on planes, high-revving engines, the Darkness in concert -- get a little flattening at best, once you don your headphones. Door bells, a glass being dropped on the floor, a dog barking -- all these sounds were slightly dulled by my headphones, but still perfectly audible.
I'm not suggesting Beats is solely responsible for the promise of noise-canceling being overblown. I understand it's the same with all other headphones of the genre. It's like a self-driving car that actually needs you to check it's not about to kill you....
Yes, if I wear my Beats for a couple of hours and then take them off, I feel like I'm returning from some sort of purgatorial netherworld. But these things are supposed to cancel noise. You know, like you cancel a subscription or an air ticket. When I decide to cancel my flight from San Francisco to New York, I don't expect to still have to fly to Boise, Idaho.
Is It Finally the Year of 'Linux on the Desktop' ?
"2019 is truly, finally shaping up to be the year of Linux on the desktop," writes PC World's senior editor, adding "Laptops, too!"
But most people won't know it. That's because the bones of the open-source operating system kernel will soon be baked into Windows 10 and Chrome OS, as Microsoft and Google revealed at their respective developer conferences this week... Between lurking in Windows 10 and Chrome OS, and the tiny portion of actual Linux distro installs, pretty much any PC you pick up will run a Linux kernel and Linux software. Macs won't, but it's based on a Unix-like BSD system that already runs many Linux apps with relative ease (hence Apple's popularity with developers).
You have to wonder where that leaves proper Linux distributions like Ubuntu and Linux Mint, though. They already suffer from a minuscule user share, and developers may shift toward Windows and Chrome if the Linux kernels in those operating systems get the same job done. Could this fruit wind up poisonous over the long term? We'll have to see. That said, Linux is healthier than ever. The major distros are far more polished than they used to be, with far fewer hardware woes than installs of yesteryear. You can even get your game on relatively well thanks to Valve's Proton technology, which gets many (but not all) Steam games working on Linux systems. And hey, Linux is free.
Normal users may never be aware of it, but 2019 may finally be the year of Linux on the desktop -- just not Linux operating systems on the desktop.
Boeing's New Plan: Replace Human Inspectors With Technology
"Boeing is pushing ahead on a plan to cut about 900 inspectors, replacing their jobs with technology improvements at its Seattle area factories, despite being under fire for software flaws in the 737 Max and quality issues in its other aircraft," reports USA Today.
"The union has raised an outcry, calling it a 'bad decision' that will 'eliminate the second set of eyes on thousands of work packages' in its newsletter to members."
Some 451 inspectors will be transferred to other jobs this year, and about the same number next year, out of a total of about 3,000 at its commercial aircraft operations in the Seattle area, the International Association of Machinists and Aerospace Workers, Local 751, has told its members.... When it comes to paring its inspection staff on the West Coast, Boeing says the "QA Transformation Plan" won't undermine safety. Substituting technology gains, it says, will increase quality and effect only "stable" procedures, those in which there is a low probability of mistakes.
For instance, Boeing says when it is bringing out a new aircraft with wings made out of composites, there is equipment now that can do the inspections more thoroughly than humans. Once the inspection equipment has verified that it can do the job -- with humans overseeing the process -- traditional inspectors can be redeployed to other tasks. "As we identify and reduce second-layer inspections for stable processes, quality assurance professionals will be redeployed and take on new roles such as leading and supporting efforts to prevent defects and rework," Boeing said in a statement. It adds that it is working to try to convince regulators and others that the changes "will not jeopardize our quality, but will, in fact, lead to higher levels."
So far, the Federal Aviation Administration hasn't given the plan a ringing endorsement... And skeptics are emerging. Ralph Nader, the consumer advocate who lost a niece when the Ethiopian Airlines jet crashed and who believes the 737 Max design is fatally flawed, is leery of substituting machines for people when it comes to quality. "They still haven't learned the lesson that risky automation does not replicate experienced human intelligence," he said. "There is no comparison. There is all kinds of human intuition that can't be translated into computer code."