Tag: technology

Advertiser That Tracked Around 100M Phone Users Without Consent Pays $950,000

Mobile advertising firm InMobi will be paying a fine of $950, 000 and revamp its services to resolve federal regulators’ claims that it deceptively tracked locations of hundreds of millions of people, including children. Ars Technica reports:The US Federal Trade Commission alleged in a complaint filed Wednesday that Singapore-based InMobi undermined phone users’ ability to make informed decisions about the collection of their location information. While InMobi claimed that its software collected geographical whereabouts only when end users provided opt-in consent, the software in fact used nearby Wi-Fi signals to infer locations when permission wasn’t given, FTC officials alleged. InMobi then archived the location information and used it to push targeted advertisements to individual phone users. Specifically, the FTC alleged, InMobi collected nearby basic service set identification addresses, which act as unique serial numbers for wireless access points. The company, which thousands of Android and iOS app makers use to deliver ads to end users, then fed each BSSID into a “geocorder” database to infer the phone user’s latitude and longitude, even when an end user hadn’t provided permission for location to be tracked through the phone’s dedicated location feature. Read more of this story at Slashdot.

View the original here:
Advertiser That Tracked Around 100M Phone Users Without Consent Pays $950,000

Cryptocurrency raider takes $60 million in digital cash

A cryptocurrency is only as reliable as the technology that keeps it running, and Ethereum is learning this the hard way. An attacker has taken an estimated $60 million in Ethereum’s digital money (Ether) by exploiting vulnerabilities in the Decentralized Autonomous Organization, an investment collective. The raider took advantage of a “recursive call” flaw in the DAO’s code-based smart contracts, which administer the funds, to scoop up Ether many times in a single pass. Ethereum’s Vitalik Buterin (pictured above) has revealed a planned software fork that would prevent the intruder from using the ill-gotten goods, but there are still plenty of headaches in store for both contract creators and investors. Contract makers will have to take extra care to avoid the flaw and limit the value of their contracts so that a bad actor doesn’t make off with a huge sum of cash. Buterin says that Ethereum itself is safe — miners can carry on, and users should “sit tight and remain calm” while they wait to trade again. Still, it’s easy to imagine everyone being nervous. The kicker? People were convinced that the bug posed no risk to DAO funds just a few days prior. Clearly, that wasn’t true. While the invader didn’t get away scot-free, the breach has caused a lot of chaos. And while one person’s claims that they legitimately took the funds is sketchy, Bloomberg notes that the code defining the smart contracts may have explicitly allowed this attack even if that’s not what the DAO wanted. This may not be so much a hack as exploitation of poorly-defined terms, and there may not be a legal recourse. In short: basing an investment framework around code instead of human-made contracts may have been too optimistic. Via: Coindesk , Bloomberg , The Verge Source: Vitalik Buterin (Reddit) , Etherscan , Ethereum

More:
Cryptocurrency raider takes $60 million in digital cash

Businesses Lose $3.1 Billion to Email Scams, FBI Warns

Business have lost over $3 billion because of compromised e-mail accounts, the FBI reports, citing “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” 22, 143 business have been affected — 14, 302 within the U.S. — with a total dollar loss of $3, 086, 250, 090, representing an increase of 1, 300% since January of 2015. Using social engineering or “computer intrusion techniques, ” the attackers target employees responsible for wire transfers (or issuing checks) using five scenarios, which include bogus invoices or executive requests for a wire transfer of funds, with some attackers even impersonating a corporate law firm. “Victims report that IP addresses frequently trace back to free domain registrars, ” warns the FBI’s Internet Crime Complaint Center, which also urges businesses to avoid free web-based e-mail accounts. Read more of this story at Slashdot.

More:
Businesses Lose $3.1 Billion to Email Scams, FBI Warns

Olli is a 3D Printed, IBM Watson-Powered, Self-Driving Minibus

An anonymous reader writes from a report via Phys.Org: Arizona-based startup Local Motors unveiled Olli — a 3D-printed minibus capable of carrying 12 people. It’s powered by IBM’s supercomputer platform Watson and is designed as an on-demand transportation solution that passengers can summon with a mobile app. The company claims it can be “printed” to specification in “micro factories” in a matter of hours. They say it is ready to go as soon as regulations allow it to hit the streets. While Local Motors has developed the system to control the driving, IBM’s Watson system is used to provide the user interface so passengers can have “conversations” with Olli. “Watson is bringing an understanding to the vehicle, ” said IBM’s Bret Greenstein. “If you have someplace you need to be you can say that in your own words. A vehicle that understands human language, where you can walk in and say, ‘I’d like to get to work, ‘ that lets you as a passenger relax and enjoy your journey, ” he said. The vehicle relies on more than 30 sensors and streams of data from IBM’s cloud. Olli will be demonstrated in National Harbor, Maryland, over the next few months with additional trials expected in Las Vegas and Miami. Read more of this story at Slashdot.

Read More:
Olli is a 3D Printed, IBM Watson-Powered, Self-Driving Minibus

VLC 3.0 nightlies arrive with (sort of working) Chromecast support

Grab the latest build of VLC and you’ll see a “Render Output” option in the “Tools” menu. 6 more images in gallery Streaming online content to a Chromecast is fast and easy, but what if you have local files on your desktop that you want to get on the big screen? There are a few niche apps out there that will serve, but one of the biggest media players, VLC, is working on built-in support for Google’s Chromecast. Recently the nightly build servers started pumping out early, unstable builds of VLC with Chromecast support, so I gave it a try. You won’t find the familiar “cast” button that you see in many apps in this VLC build. Instead, the “Tools” menu has a new option called “Render Output”—this screen is for playing media on something other than the computer screen in front of you. It will detect and display Chromecasts on your local network, and the detection process seems to work great. You just pick the device you want to use and hit “OK.” If you’re playing media you’ll need to stop it, and then once you hit play the casting process should start. I got an “unknown certificate” error at first, but, after accepting it, the usual Chromecast stuff started to happen. My TV turned on and switched to the right input. A Chromecast logo appeared, the loading bar popped up—and then it failed. Read 1 remaining paragraphs | Comments

More:
VLC 3.0 nightlies arrive with (sort of working) Chromecast support

GitHub Presses Big Red Password Reset Button After Third-Party Breach

John Leyden, writing for The Register: GitHub has reset the passwords of users targeted in an attack this week that relied on using stolen credentials from a breach at a third-party site. The software repository itself has not suffered a breach. Hackers behind the assault were trying to break into the accounts of users who had inadvisedly used the same login credentials on an unnamed site that had suffered a breach, as a statement by GitHub explains. GitHub said it had reset the passwords on all affected accounts before beginning the process of notifying those affected. “We encourage all users to practise good password hygiene and enable two-factor authentication to protect your account, ” GitHub sensibly advised. Read more of this story at Slashdot.

Originally posted here:
GitHub Presses Big Red Password Reset Button After Third-Party Breach

Rolls-Royce Unveils First Driverless Car Complete With Silk ‘Throne’

An anonymous reader writes: Rolls-Royce has unveiled its first driverless vehicle dubbed The Vision Next 100. It is an autonomous vehicle aimed at “the most discerning and powerful patrons in the world.” There’s no steering wheel but there is a silk “throne” where passengers can sit and stare out the window. Rolls-Royce said the zero-emission model, codenamed 103EX, showed the company “rejects the notion of anonymous, utilitarian and bland future modes of mobility.” The owner will be “encircled by the most modern handcrafted fine-line Macassar wood panelling” as they gaze at a “generous” high-definition television display. In addition to the “finest one-off deep-pile ivory wool carpet, ” the vehicle features a virtual assistant named Eleanor, inspired after the actor Eleanor Thornton. It will be able to remind users about meetings; it will even bring the car around to the front of the owner’s house at the start of a journey. “As the Rolls-Royce Vision Next 100 gracefully comes to a halt, something magnificent occurs, ” the company said. The glass roof rises to allow the occupant to stand, while a step emerges from below the running board and a red light is projected, “carpet-like” to announce their arrival. Rolls-Royce did not say how the vehicle would be powered or how much it costs, but it did say it’s due to hit the streets in the 2040s. You can watch a 360-degree video of the 103EX the company posted on YouTube. Read more of this story at Slashdot.

View article:
Rolls-Royce Unveils First Driverless Car Complete With Silk ‘Throne’

Asymmetric Molecule, Key To Life, Detected In Space For First Time

schwit1 quotes a report from Yahoo News: Scientists for the first time have found a complex organic molecule in space that bears the same asymmetric structure as molecules that are key to life on Earth. The researchers said on Tuesday they detected the complex organic molecule called propylene oxide in a giant cloud of gas and dust near the center of the Milky Way galaxy. Akin to a pair of human hands, certain organic molecules including propylene oxide possess mirror-like versions of themselves, a chemical property called chirality. Scientists have long pondered why living things make use of only one version of certain molecules, such as the ‘right-handed’ form of the sugar ribose, which is the backbone of DNA. The discovery of propylene oxide in space boosts theories that chirality has cosmic origins. The scientists in the new study used radio telescopes to ferret out the chemical details of molecules in the distant, star-forming cloud of gas and dust. As molecules move around in the vacuum of space they emit telltale vibrations that appear as distinctive radio waves. Future studies of how polarized light interacts with the molecules may reveal if one version of propylene oxide dominates in space, the researchers said. Read more of this story at Slashdot.

See original article:
Asymmetric Molecule, Key To Life, Detected In Space For First Time

Hacker Puts 51 Million iMesh Accounts For Sale On Dark Web

An anonymous reader shares a ZDNet report: User accounts for iMesh, a now-defunct file sharing service, are for sale on the dark web. The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the “dotcom” boom. LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database. The group’s analysis of the database shows it contains a little over 51 million accounts. The database, of which a portion was shared with ZDNet for verification, contains user information that dates back to late-2005 when the site launched, including email addresses, passwords (which were hashed and salted with MD5, an algorithm that nowadays is easy to crack), usernames, a user’s location and IP address, registration date, and other information — such as if the account is disabled, or if the account has inbox messages. Read more of this story at Slashdot.

View the original here:
Hacker Puts 51 Million iMesh Accounts For Sale On Dark Web

Apple Is Fighting A Secret War To Keep You From Repairing Your Phone

It’s no secret that Apple makes a ton of money by charging ‘astronomical’ fee for replacing and fixing display and other components of iPhone and iPad (as well as Mac line). For instance, the company charges $599 for replacing the display on the iPad Pro tablet. Which sounds insane when you realize that you can almost certainly purchase a new iPad Pro under $700. And this is what most people do. A Huffington Post article notes that this behavior has contributed significantly in “generating heaps of e-waste.” Citing many advocates, the publication claims that Apple has “opposed legislation that could help curb it.” From the report: The Huffington Post spoke with politicians in two states who support such legislation, and confirmed through government filings that Apple has lobbied on the issue. Four states — Minnesota, Nebraska, Massachusetts and New York — have considered adopting “right to repair” amendments, which would update existing laws regarding the sale of electronic equipment. Amending these laws would make it easier to fix your devices and would help reduce “e-waste, ” a catch-all term for any electronic detritus. The New York State Senate and Assembly could approve one of these amendments next week. This would help unofficial repair shops get the information they need to fix your iPad, ideally driving down repair costs and encouraging you to squeeze more life out of your old devices — thus cutting down on the e-waste generated by our voracious appetites for new gadgets. Apple asserts that it helps recycle millions of pounds of electronics equipment every year. But it won’t support right to repair amendments.One would ask what is preventing a user from getting their device repaired by unofficial service person? In addition to the security implication, you also run a risk of getting your device bricked by Apple. To recall, the iPhone maker was found bricking the handsets that had been repaired by third-party vendors earlier this year. Read more of this story at Slashdot.

View the original here:
Apple Is Fighting A Secret War To Keep You From Repairing Your Phone