Facebook

Facebook Security Chief Says Its Corporate Network Is Run 'Like a College Campus' (zdnet.com) 16

An anonymous reader quotes a report from ZDNet: Facebook's security chief has told employees that the social media giant needs to improve its internal security practices to be more akin to a defense contractor, according to a leaked recording obtained by ZDNet. Alex Stamos made the comments to employees at a late-July internal meeting where he argued that the company had not done enough to respond to the growing threats that the company faces, citing both technical challenges and cultural issues at the company. "The threats that we are facing have increased significantly and the quality of the adversaries that we are facing," he said. "Both technically and from a cultural perspective I don't feel like we have caught up with our responsibility. The way that I explain to [management] is that we have the threat profile of a Northrop Grumman or a Raytheon or another defense contractor, but we run our corporate network, for example, like a college campus, almost," he said.
Chrome

Chrome 62 Released With OpenType Variable Fonts, HTTP Warnings In Incognito Mode (bleepingcomputer.com) 78

An anonymous reader writes: Earlier today, Google released version 62 of its Chrome browser that comes with quite a few new features but also fixes for 35 security issues. The most interesting new features are support for OpenType variable fonts, the Network Quality Estimator API, the ability to capture and stream DOM elements, and HTTP warnings for the browser's Normal and Incognito mode. The most interesting of the new features is variable fonts. Until now, web developers had to load multiple font families whenever they wanted variations on a font family. For example, if a developer was using the Open Sans font family on a site, if he wanted a font variation such as Regular, Bold, Black, Normal, Condensed, Expanded, Highlight, Slab, Heavy, Dashed, or another, he'd have to load a different font file for each. OpenType variable fonts allow font makers to merge all these font family variations in one file that developers can use on their site and control via CSS. This results in fewer files loaded on a website, saving bandwidth and improving page load times. Two other features that will interest mostly developers are the Network Quality Estimator and the Media Capture from DOM Elements APIs. As the name hints, the first grants developers access to network speed and performance metrics, information that some websites may use to adapt video streams, audio quality, or deliver low-fi versions of their sites. Developers can use the second API -- the Media Capture from DOM Elements -- to record videos of how page sections behave during interaction and stream the content over WebRTC. This latter API could be useful for developers debugging a page, but also support teams that want to see what's happening on the user's side.
Android

Android Oreo Helps Google's Pixel 2 Smartphones Outperform Other Android Flagships (hothardware.com) 78

MojoKid highlights Hot Hardware's review of Google's new Pixel 2 and Pixel 2 XL smartphones: Google officially launched it's Pixel 2 phones today, taking the wraps off third-party reviews. Designed by Google but manufactured by HTC (Pixel 2) and LG (Pixel 2 XL), the two new handsets also boast Google's latest Android 8.0 operating system, aka Oreo, an exclusive to Google Pixel and certain Nexus devices currently. And in some ways, this is also a big advantage. Though they are based on the same Qualcomm Snapdragon 835 processor as many other Android devices, Google's new Pixel 2s manage to outpace similarly configured smartphones in certain benchmarks by significant margins (Basemark, PCMark and 3DMark). They also boot dramatically faster than any other Android handset on the market, in as little as 10 seconds. Camera performance is also excellent, with both the 5-inch Pixel 2 and 6-inch Pixel 2 XL sporting identical electronics, save for their displays and chassis sizes. Another notable feature built into Android Oreo is Google Now Playing, an always-listening, Shazam-like service (if you enable it) that displays song titles on the lock screen if it picks up on music playing in the room you're in. Processing is done right on the Pixel 2 and it doesn't need network connectivity. Another Pixel 2 Oreo-based trick is Google Lens, a machine vision system that Google notes "can recognize places like landmarks and buildings, artwork that you'd find in a museum, media covers such as books, movies, music albums, and video games..." The Google Pixel 2 and Pixel 2 XL are available now on Verizon or unlocked via the Google Store starting at $649 and $849 respectively for 64GB storage versions, with a $100 up-charge for 128GB variants.
Piracy

Netflix, Amazon, Movie Studios Sue Over TickBox Streaming Device (arstechnica.com) 128

Movies studios, Netflix, and Amazon have teamed up to file a lawsuit against a streaming media player called TickBox TV. The device in question runs Kodi on top of Android 6.0, and searches the internet for streams that it can make available to users without actually hosting any of the content itself. An anonymous reader quotes a report from Ars Technica: The complaint (PDF), filed Friday, says the TickBox devices are nothing more than "tool[s] for mass infringement," which operate by grabbing pirated video streams from the Internet. The lawsuit was filed by Amazon and Netflix Studios, along with six big movie studios that make up the Motion Picture Association of America: Universal, Columbia, Disney, Paramount, 20th Century Fox, and Warner Bros.

"What TickBox actually sells is nothing less than illegal access to Plaintiffs' copyrighted content," write the plaintiffs' lawyers. "TickBox TV uses software to link TickBox's customers to infringing content on the Internet. When those customers use TickBox TV as Defendant intends and instructs, they have nearly instantaneous access to multiple sources that stream Plaintiffs' Copyrighted Works without authorization." The device's marketing materials let users know the box is meant to replace paid-for content, with "a wink and a nod," by predicting that prospective customers who currently pay for Amazon Video, Netflix, or Hulu will find that "you no longer need those subscriptions." The lawsuit shows that Amazon and Netflix, two Internet companies that are relatively new to the entertainment business, are more than willing to join together with movie studios to go after businesses that grab their content.

United States

Smartphones Are Killing Americans, But Nobody's Counting (bloomberg.com) 400

An anonymous reader shares a Bloomberg report: Over the past two years, after decades of declining deaths on the road, U.S. traffic fatalities surged by 14.4 percent. In 2016 alone, more than 100 people died every day in or near vehicles in America, the first time the country has passed that grim toll in a decade. Regulators, meanwhile, still have no good idea why crash-related deaths are spiking: People are driving longer distances but not tremendously so; total miles were up just 2.2 percent last year. Collectively, we seemed to be speeding and drinking a little more, but not much more than usual. Together, experts say these upticks don't explain the surge in road deaths. There are however three big clues, and they don't rest along the highway. One, as you may have guessed, is the substantial increase in smartphone use by U.S. drivers as they drive. From 2014 to 2016, the share of Americans who owned an iPhone, Android phone, or something comparable rose from 75 percent to 81 percent. The second is the changing way in which Americans use their phones while they drive. These days, we're pretty much done talking. Texting, Twitter, Facebook, and Instagram are the order of the day -- all activities that require far more attention than simply holding a gadget to your ear or responding to a disembodied voice. By 2015, almost 70 percent of Americans were using their phones to share photos and follow news events via social media. In just two additional years, that figure has jumped to 80 percent.
Government

Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software? (slashdot.org) 306

First, here's the opinion of two former NSA cybersecurity analysts (via Consumer Reports): "It's a big deal," says Blake Darche, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. "For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn't recommend running Kaspersky." By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server. "One of the things people don't realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting," says Chris O'Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria.
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."

And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."

Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?
Bitcoin

Julian Assage Taunts US Government For Forcing Wikileaks To Invest In Bitcoin (facebook.com) 194

Saturday's tweet from Julian Assange says it all: "My deepest thanks to the US government, Senator McCain and Senator Lieberman for pushing Visa, MasterCard, PayPal, AmEx, Moneybookers, et al, into erecting an illegal banking blockade against @WikiLeaks starting in 2010. It caused us to invest in Bitcoin -- with > 50000% return."
Assange's tweet was accompanied by a graph showing the massive spike in the price of bitcoin -- though most of that growth occurred in the last year.
Chrome

Microsoft Edge Beats Chrome and Firefox in Malware-Blocking Tests (computerworld.com) 126

An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.

Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%.

The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers. But in the real world, Edge runs on just 5% of all personal computers, while Firefox runs on 13% and Chrome on 60%.
Communications

Russia Reportedly Used Pokemon Go In an Effort To Inflame Racial Tensions (theverge.com) 211

An anonymous reader quotes a report from The Verge: Russia's far-ranging campaign to promote dissension in the United States reportedly included an effort to weaponize Pokemon Go. CNN reported that in July 2016, a Tumblr page linked to Russia's now-notorious Internet Research Agency promoted a contest encouraging people sympathetic to the Black Lives Matter movement to play the game near famous sites of police brutality. Players were told to change their characters' names to the victims of those incidents -- an apparent effort to inflame racial tensions. The Tumblr page was linked to Do Not Shoot Us, a multi-platform campaign designed to mimic aspects of Black Lives Matter. (As CNN notes, the name plays on "hands up, don't shoot," one of the movement's slogans.) Do Not Shoot Us included a website, donotshoot.us, along with related pages on Facebook, Instagram, Twitter, and YouTube. The Facebook page was one of 470 pages that were removed after the company determined that it was linked to Russian groups attempting to interfere in US politics.
Software

PornHub Uses Computer Vision To ID Actors, Acts In Its Videos (techcrunch.com) 135

Baron_Yam shares a report from TechCrunch, which details PornHub's use of machine learning to ID actors and acts in its videos: The computer vision system can identify specific actors in scenes and even identifies various positions and attributes. While it is obviously very difficult to describe the feature set for a family audience, the system can identify individual performers in real time -- in the demo here it recognizes one performer even from the side -- and it can also identify sex acts. Facial detection is nothing new, even for mobile devices, but this system goes one step further by categorizing videos and images based on various attributes. This means you'll be able find favorites by name or characteristics, a feat that once require prodigious amounts of data entry.

"So far we've used the model on about 500k featured videos which includes user submitted and we plan to scan the whole library in the beginning of 2018," said Price. "Very shortly, the technology will also be used to detect various sex positions / categories and be able to properly tag them as well."

Television

Hulu Lowers Prices After Netflix Raises Theirs (variety.com) 108

Coincidentally, as Netflix raised their prices last week, Hulu decided to lower theirs. The streaming service is now offering a plan, which includes commercials, for $5.99 per month for the first year -- a short-term promotion aimed at luring new subs with the kickoff of the fall television and Hulu's expanded TV library lineup. Variety reports: Hulu's special offer for the limited-commercials plan is available through Jan. 9, 2018, only to new or returning Hulu subs. After one year, the regular $7.99 monthly price will kick in. Hulu offers a commercial-free option for $12 per month, and a live TV service (which includes access to original series like Emmy-winning "The Handmaid's Tale" and on-demand titles) for $40 monthly. A Hulu rep said the company's new promo is intended to draft off the fall 2017 TV season. As it looks for another original series on the order of "Handmaid's Tale" -- so far its only breakout hit -- Hulu has inked deals to bring thousands of current and older TV shows to the platform to armor-up in its battle with rivals Netflix and Amazon Prime.
Media

Windows 10 Update Removes Windows Media Player (betanews.com) 255

Recently made available Windows 10 update KB4046355 for the Fall Creators Update disables Windows Media Player from the operating system. BetaNews reports: While it could be argued that Windows Media Player is no longer an essential addition to Windows -- there are plenty of quality third-party alternatives, such as VLC Media Player, not to mention the Films & TV app in Windows 10 itself -- many users still rely on it. The feature's removal came to light when users installed KB4046355 on devices running Windows 10 version 1709 -- the Fall Creators Update. This update, referred to as FeatureOnDemandMediaPlayer, removes Windows Media Player from the OS, although it doesn't kill access to it entirely. If you want the media player back you can install it via the Add a Feature setting. Open Settings, go to Apps > Apps & Features, and click on Manage optional features.
China

Chinese State Media Report Bloated Battery in Apple's iPhone 8 (reuters.com) 36

A fresh case of Apple's new iPhone popping open due to a swollen battery has been reported in state media in China, the world's biggest smartphone market where the U.S. firm is seeking to revive faltering sales. From a report: The incident comes as Apple investigates similar cases reported in Taiwan and Japan of batteries in its latest iPhone 8 Plus becoming bloated, causing the device's casing to open. On its website on Thursday, China's state-backed ThePaper.cn cited an iPhone buyer surnamed Liu as saying his newly purchased iPhone 8 Plus arrived cracked open on Oct. 5. There was no sign of scorching or an explosion. Liu told ThePaper he bought the handset through online marketplace of JD.com. He said he did not charge the new device and returned it to the seller. The fresh reports comes on the heels of another story last week where Apple claimed that it was looking into a similar matter.
China

Beijing Startup Offers Engineers $1M Salary Plus Options in Battle For Talent (financialpost.com) 119

An anonymous reader shares a Financial Post report: Beijing ByteDance Technology is the brainchild of entrepreneur Zhang Yiming. The company is best known for a mobile app called Jinri Toutiao, or Today's Headlines, which aggregates news and videos from hundreds of media outlets. In five years, the app has become one of the most popular news services anywhere, with 120 million daily users. Toutiao is on pace to pull in about US$2.5 billion in revenue this year, largely from advertising. It was just valued at more than US$20 billion, according to a person familiar with the matter, roughly the same as Elon Musk's SpaceX. In China, the Beijing company is controversial because of its recruiting. ByteDance hires top performers from such giants as Baidu and Tencent Holdings, sometimes raising salaries 50 per cent and tossing in stock options. "Our philosophy is to pay the top of the market to get the best," says the slight 34-year-old in an interview at the company's headquarters, his first with foreign media. "The company that wants to achieve the most, you need the best talent." Top performers can make US$1 million in salary and bonus a year, plus options, according to people familiar with its hiring. Total compensation can exceed US$3 million.
Government

Russian Hackers Exploited Kaspersky Antivirus To Steal NSA Data on US Cyber Defense: WSJ (wsj.com) 223

An NSA contractor brought home highly classified documents that detailed how the U.S. penetrates foreign computer networks and defends against cyberattacks. The contractor used Kaspersky antivirus on his home computer, which hackers working for the Russian government exploited to steal the documents, the WSJ reported on Thursday (the link could be paywalled; alternative source), citing multiple people with knowledge of the matter. From the report: The hackers appear to have targeted the contractor after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said. The theft, which hasn't been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S. The incident occurred in 2015 but wasn't discovered until spring of last year, said the people familiar with the matter. Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said. Ahead of the publication of WSJ report, Kaspersky founder Eugene Kaspersky tweeted, "New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats."
Advertising

Facebook Fought Rules That Could Have Exposed Fake Russian Ads (bloomberg.com) 193

According to Bloomberg, Facebook has for years fought to avoid being transparent about who's behind election-related ads online. "Since 2011, Facebook has asked the Federal Election Commission for blanket exemptions from political advertising disclosure rules -- transparency that could have helped it avoid the current crisis over Russia ad spending ahead of the 2016 U.S. election," reports Bloomberg. From the report: Communications law requires traditional media like TV and radio to track and disclose political ad buyers. The rule doesn't apply online, an exemption that's helped Facebook's self-serve advertising business generate hundreds of millions of dollars in political campaign spots. When the company was smaller, the issue was debated in some policy corners of Washington. Now that the social network is such a powerful political tool, with more than 2 billion users, the topic is at the center of a debate about the future of American democracy. Back in 2011, Facebook argued for the exemption for the same reasons as internet search giant Google: its ads are too small and have a character limit, leaving no room for language saying who paid for a campaign, according to documents on the FEC's website. Some FEC commissioners agreed, while others argued that Facebook could provide a clickable web link to get more information about the ad.

Facebook wouldn't budge. It warned that FEC proposals for more political ad disclosure could hinder free speech in a 2011 opinion written by Marc Elias, a high-powered Democratic lawyer who later became general counsel for Hillary Clinton's 2016 campaign. Colin Stretch, a top Facebook lawyer, said the agency "should not stand in the way of innovation," and warned that such rules would quickly become obsolete. When it came time for the FEC to decide in June 2011, the agency's six commissioners split on a 3-3 vote. Facebook didn't get its exemption, so an advertiser using its platform was still subject to a 2006 ruling by the FEC requiring disclosure. But the company allowed ads to run without those disclaimers, leaving it up to ad buyers to comply.

Businesses

Steemit Is a Social Network That Pays You For Your Posts In Cryptocurrency (wired.com) 54

New submitter mirandakatz writes: Our relationships with most social media are sneakily transactional: We log onto Facebook or Instagram and wind up paying the platforms with our attention and ad clicks. A new social network aims to turn that on its head by paying users for their posts. Steemit runs on Steem, a cryptocurrency that currently has a market cap of $294 million -- and users have made more than $1.2 million in American dollars on the network. At Backchannel, Andrew McMillen takes a deep dive into Steemit, writing that 'By removing the middlemen and allowing users to profit directly from the networks they participate in, Steemit could provide a roadmap to a more equitable social network...Or users could get bored or distracted by something newer and shinier and abandon it. Fortunes could vanish at any moment, but someone stands to get rich in the process.'
NASA

NASA Images of Puerto Rico Reveal How Maria Wiped Out Power On the Island (jalopnik.com) 180

An anonymous reader quotes a report from Jalopnik: Hurricane Maria was the most devastating hurricane to make land in Puerto Rico in nearly 100 years and the country is still reeling in its wake. Much of the island still doesn't have running water, reliable communication or electricity. Recently, NASA published a set of date-processed photos that show the island's nighttime lights both before and after the storm. Here, you can see images of the country's capital, San Juan, on a typical night before Maria. It's based on cloud-free and low moonlight conditions. Conversely, the following composite image is of data taken on the nights of Sept. 27 and 28 -- nearly a week after the storm hit -- by the Visible Infrared Imaging Radiometer Suite, a scanning radiometer that collects visible and infrared imagery of land, atmosphere, cryosphere and oceans, according to NASA's website.
Android

Ask Slashdot: Why Would Anyone Want To Spend $1,000 on a Smartphone? 487

Last month, Apple CEO Tim Cook said the $1,000 sticker price for the base model of iPhone X, the latest flagship smartphone from the company which goes on sale next month, is "a value price for the technology that you're getting." An anonymous reader writes: I simply don't understand why anyone would want to spend such amount on a phone. Don't get me wrong. Having a smartphone is crucial in this day and age. I get it. But even a $200 phone, untethered from any carrier contract, will let you install the apps you need, will allow you to take good pictures, surf the web, and listen to music. That handset might not be as fast as the iPhone X or Samsung's new Galaxy Note 8, or it might not be able to take as great pictures, but the difference, I feel, doesn't warrant an additional $800. The reader shares a column: When considering a purchase, comparing the value a product will add to our lives, and its cost is wise. Subjective perceptions affect how we value possessions, but let's consider the practical value of how we use smartphones. Smartphones aren't used for talking as often as the phones that preceded them were. In fact, actual "phone" use ranks below messaging, web surfing, social media and other activities that dominate smartphone usage. Furthermore, statistically we use only six core apps regularly. [...] My point is, smartphones have't changed all that much relatively speaking. Sure they're bigger, faster, more powerful and have awesome cameras. But the iPhone X is fundamentally the same device the earlier iPhones were, and provides the same basic and sought after functions. It's a glass-covered rectangular slab mostly used for messaging, web-surfing, music and social media activity. An individual's perception of self, financial resources, desired or actual social position and love for tech will likely play a role in his perception of the value of a $1,000 smartphone.
Mozilla

Donate Your Noise To Xiph/Mozilla's Deep-Learning Noise Suppression Project (xiph.org) 119

Mozilla-backed researchers are working on a real-time noise suppression algorithm using a neural network -- and they want your noise! Long-time Slashdot reader jmv writes: The Mozilla Research RRNoise project combines classic signal processing with deep learning, but it's small and fast. No expensive GPUs required -- it runs easily on a Raspberry Pi. The result is easier to tune and sounds better than traditional noise suppression systems (been there!). And you can help!
From the site: Click on this link to let us record one minute of noise from where you are... We're interested in noise from any environment where you might communicate using voice. That can be your office, your car, on the street, or anywhere you might use your phone or computer.
They claim it already sounds better than traditional noise suppression systems, and even though the code isn't optmized yet, "it already runs about 60x faster than real-time on an x86 CPU."

Slashdot Top Deals