Leap Towards a Career in Ethical Hacking with 60+ Hours of Prep Toward CISM, CISA, & More Certification Exams at 95% off ×
Google

Google Built an Escape Room, Making People Use Its Apps To Get Out (adweek.com) 28

An anonymous reader writes: Google France has built an escape room created by We Are Social, called "Premiere Piece," that will open in the heart of Paris. Adweek writes: "The campaign builds on the escape room trend, in which you and a bunch of friends pay to get locked in a room for an hour or two, left to solve puzzles and work in collaboration to find a way out. In 40 minutes, you must solve puzzles with help from apps like Search, Maps, Translate, Photos, Art and Culture and Cardboard, all of which are integrated into the gameplay. In Premiere Piece, visitors must help save a crew of digital artists locked in a workshop, so they can present their painstaking work at an art center in Paris. By working together, participants must unlock an object that completes their masterpiece." Google France was in the news recently for being raided by investigators for unpaid taxes.
Security

Genius' Web Annotations Undermined Web Security (theverge.com) 24

New reader BradyDale shares an article on the Verge: Until early May, when The Verge confidentially disclosed the results of my independent security tests, the "web annotator" service provided by the tech startup Genius had been routinely undermining a web browser security mechanism. The web annotator is a tool which essentially republishes web pages in order to let Genius users leave comments on specific passages. In the process of republishing, those annotated pages would be stripped of an optional security feature called the Content Security Policy, which was sometimes provided by the original version of the page. This meant that anyone who viewed a page with annotations enabled was potentially vulnerable to security exploits that would have been blocked by the original site. Though no specific victims have been identified, the potential scope of this bug was broad: it was applied to all Genius users, undermined any site with a Content Security Policy, and re-enabled all blocked JavaScript code. Vijith Assar dives deep into how Genius did this :The primary way Genius annotations are accessed on the web is by adding "genius.it" in front of any URL as a prefix. The genius.it server reads the original content behind the scenes, adds the annotations, and delivers the hybrid content. The Genius version of the page includes a few extra scripts and highlighted passages, but until recently it also eliminated the original page's Content Security Policy. The Content Security Policy is an optional set of instructions encoded in the header of the HTTP connection which tells browsers exactly which sites and servers should be considered safe -- any code which isn't from one of those sites can then be ignored.
The Almighty Buck

Class Action Lawsuit Filed Against Fitbit For 'Highly Inaccurate' Heart Rate Trackers (nbcnews.com) 125

An anonymous reader quotes a report from NBC News: A class action lawsuit against Fitbit may have grown teeth following the release of a new study that claims the company's popular heart rate trackers are "highly inaccurate." Researchers at the California State Polytechnic University, Pomona tested the heart rates of 43 healthy adults with Fitbit's PurePulse heart rate monitors, using the company's Surge watches and Charge HR bands on each wrist. Subjects were then hooked up to a BioHarness device that produced an electrocardiogram (ECG), to record the heart's rhythm against the data being produced by Fitbit's devices. Comparative results from rest and exercise -- including jump rope, treadmills, outdoor jogging and stair climbing -- showed that the Fitbit devices miscalculated heart rates by up to 20 beats per minute on average during more intensive workouts. The study was commissioned by the Lieff Cabraser, the law firm behind the class action suit that is taking aim at three Fitbit models that use the PurePulse heart monitor, including the Fitbit Blaze, Fitbit Charge HR and Fitbit Surge. "What the plaintiffs' attorneys call a 'study' is biased, baseless, and nothing more than an attempt to extract a payout from Fitbit. It lacks scientific rigor and is the product of flawed methodology," Fitbit said in a statement posted by Gizmodo.
HP

HPE To Spin Out Its Huge Services Business, Merge It With CSC (cio.com) 136

itwbennett writes from a report via CIO: Hewlett-Packard Enterprise announced Tuesday that it will spin off its enterprise services business and merge it with IT services company Computer Sciences Corp. (CSC) to create a company with $26 billion in annual revenue. The services business "accounts for roughly 100,000 employees, or two-thirds of the Silicon Valley giant's workforce," according to the Wall Street Journal. In a statement, HPE CEO Meg Whitman said customers would benefit from a "stronger, more versatile services business, better able to innovate and adapt to an ever-changing technology landscape." Layoffs were not a topic of discussion in Tuesday's announcement, but HPE did say last year they would cut 33,000 jobs by 2018, in addition to the 55,000 job cuts it had already announced. The company also split into two last year, betting that the smaller parts will be nimbler and more able to reverse four years of declining sales.
Java

Pastejacking Attack Appends Malicious Terminal Commands To Your Clipboard (softpedia.com) 79

An anonymous reader writes: "It has been possible for a long time for developers to use CSS to append malicious content to the clipboard without a user noticing and thus fool them into executing unwanted terminal commands," writes Softpedia. "This type of attack is known as clipboard hijacking, and in most scenarios, is useless, except when the user copies something inside their terminal." Security researcher Dylan Ayrey published a new version of this attack last week, which uses only JavaScript as the attack medium, giving the attack more versatility and making it now easier to carry out. The attack is called Pastejacking and it uses Javascript to theoretically allow attackers to add their malicious code to the entire page to run commands behind a user's back when they paste anything inside the console. "The attack can be deadly if combined with tech support or phishing emails," writes Softpedia. "Users might think they're copying innocent text into their console, but in fact, they're running the crook's exploit for them."
Security

Elderly Use More Secure Passwords Than Millennials, Says Report (qz.com) 147

An anonymous reader writes from a report via Quartz: A report released May 24 by Gigya surveyed 4,000 adults in the U.S. and U.K. and found that 18- to 34-year-olds are more likely to use bad passwords and report their online accounts being compromised. The majority of respondents ages 51 to 69 say they completely steer away from easily cracked passwords like "password," "1234," or birthdays, while two-thirds of those in the 18-to-34 age bracket were caught using those kind of terms. Quartz writes, "The diligence of the older group could help explain why 82% of respondents in this age range did not report having had any of their online accounts compromised in the past year. In contrast, 35% of respondents between 18 and 34 said at least one of their accounts was hacked within the last 12 months, twice the rate of those aged 51 to 69."
Microsoft

Microsoft Awards Grants To Deliver Affordable Internet Access (cnet.com) 24

An anonymous reader quotes a report from CNET: Microsoft said Tuesday it had awarded grants to 12 businesses as part of the company's Affordable Access Initiative, part of the software giant's effort to encourage low-cost Internet around the world. Grant recipients include businesses from Argentina, Botswana, India, Indonesia, Malawi, Nigeria, Philippines, Rwanda, Uganda, the UK and the US. In addition to financial support, each company will have access to Microsoft resources, software and services to help them develop their technology. "With more than half of the world's population lacking access to the Internet, connectivity is a global challenge that demands creative problem solving," Peggy Johnson, executive vice president of business development, said in a press release. "By using technology that's available now and partnering with local entrepreneurs who understand the needs of their communities, our hope is to create sustainable solutions that will not only have impact today but also in the years to come." Google and Facebook are also working on bringing affordable Internet access around the world. Google has plans to broadcast Internet from hot air balloons via Project Loon, while Facebook plans to beam Internet down to earth from drones.
Facebook

Facebook Is Tweaking Trending Topics To Counter Charges of Bias (recode.net) 151

An anonymous reader writes: Facebook has said once again in an open letter to Sen. John Thune, chairman of the Senate Commerce Committee, that its Trending Topics section is free of any political bias or manipulation. But in response to Gizmodo's report that Facebook employees were suppressing conservative news stories, Facebook is revamping how editors find trending stories. "We could not fully exclude the possibility of isolated improper actions or unintentional bias in the implementation of our guidelines or policies," Facebook general Counsel Colin Stretch wrote. Of course, Facebook is going to train the human editors who work on their trending section; they're also going to abandon several automated tools it used to find and categorize trending news in the past. Recode provides some examples, writing, "[Facebook] will no longer use its "1K list," a group of 1,000 websites it used to help verify headlines." Facebook will also get rid of several top publications, including the New York Times and CNN.
The Internet

Hacker Phineas Fisher is Trying To Start a 'Hack Back' Political Movement (vice.com) 122

An anonymous reader writes: The hacker who breached Hacking Team and FinFisher is trying to get more people to "hack back" and fight "the system." For some, thanks to his targeted attacks and sophisticated political views, Phineas Fisher is quickly becoming the most influential hacktivist of the last few years. In response to his most recent hack where he released a 39-minute how-to video showing how to strip data from targeted websites, specifically a website of the Catalan police union, Phineas Fisher told Motherboard, "Everything doesn't have to be big. I wanted to strike a small blow at the system, teach a bit of hacking with the video, and inspire people to take action." Biella Coleman, professor at McGill University in Montreal, believes Phineas Fisher has a good chance of inspiring a new generation of hacktivists and "setting the stage for other hackers to follow in his footsteps." She says he has been better at choosing targets and justifying his actions with more rounded and sophisticated political and ethical views than Anonymous and LulzSec-inspired hackers. Phineas Fisher told Motherboard, "I don't want to be the lone hacker fighting the system. I want to inspire others to take similar action, and try to provide the information so they can learn how."
Communications

Researchers Set World Record Wireless Data Transmission Rate of 6 GB/Sec Over 37 KM (sciencedaily.com) 70

An anonymous reader quotes a report from Science Daily: Transmitting the contents of a conventional DVD in under ten seconds by radio transmission is incredibly fast -- and a new world record in wireless data transmission. With a data rate of 6 Gigabit per second over a distance of 37 kilometers, a collaborative project with the participation of researchers from the University of Stuttgart and the Fraunhofer Institute for Applied Solid State Physics IAF exceeded the state of the art by a factor of 10. The extremely high data rates of 6 Gbit/s was achieved by the group through efficient transmitters and receivers at a radio frequency of 71-76 GHz in the so-called E band, regulated for terrestrial and satellite broadcasting. The circuits are based on two innovative transistor technologies developed and manufactured by the project partner Fraunhofer IAF. In the transmitter the broadband signals are amplified to a comparatively high transmission power of up to 1 W with the help of power amplifiers on the basis of the novel compound semiconductor gallium-nitride. A highly directive parabolic antenna emits the signals. Built into the receiver are low-noise amplifiers on the basis of high-speed transistors using indium-gallium-arsenide-semiconductor layers with very high electron mobility. They ensure the detection of the weak signals at high distance. The transmission of high quantities of data by radio over large distances serves a high number of important application areas: the next generation of satellite communication requires an ever-increasing data offload from earth observation satellites down to earth. Supplying the rural area and remote regions with fast Internet is possible as shown in the trial. Earlier this year, engineers at the University of Illinois were able to set a record for fiber-optic data transmission, transmitting 57Gbps of error-free data at room temperature.
Network

Americans Used Nearly 10 Trillion Megabytes of Mobile Data Last Year (washingtonpost.com) 89

An anonymous reader writes: A report from CTIA released Monday found that consumers have nearly doubled their consumption of mobile data last year. It found that last month, consumers chugged down 804 billion megabytes of data, which adds up to a total of 9.65 billion gigabytes. The numbers are especially significant when compared to previous years. "From December 2013 to December 2014, U.S. data consumption grew by about 26 percent. But over the following year, it grew by 137 percent," writes Washington Post. YouTube and Netflix account for over half of North American internet traffic at peak hours, according to the networking equipment firm Sandvine. That figure spikes to 70 percent when streaming audio is part of the mix. The wireless industry as a result raked in nearly $200 billion last year alone, which is a 70 percent jump compared to a decade ago. The numbers are likely to rise as more and more devices become connected to the internet. With news of films from Disney, Marvel, Lucasfilm and Pixar coming to Netflix this September, we're likely to see mobile data use increase even more this year.
Movies

September: Netflix Will 'Become Exclusive US Pay TV Home of Films From Disney, Marvel, Lucasfilm and Pixar' (venturebeat.com) 167

An anonymous reader writes: The licensing deal between Netflix and Disney for the rights to all new films that hit movie theaters in 2016 is nothing new. What is new is when exactly the deal will come into effect. "From September onwards, Netflix will become the exclusive U.S. pay TV home of the latest films from Disney, Marvel, Lucasfilms and Pixar," said Netflix content chief Ted Sarandos in a blog post. This will only apply to new theatrical releases because separate licensing deals are in place for other Disney content. The exclusive partnership with Disney does also extend into original programming. Netflix's partnership with Disney is part of a bigger plan to host more unique content that rival services do not offer.
Transportation

Tesla Co-Founder Says Hydrogen Fuel Cells Are a 'Scam' (electrek.co) 583

Marc Tarpenning, co-founder of Tesla, believes hydrogen fuel cells are a "scam". Tarpenning, who is not with Tesla anymore appeared on Internet History Podcast last week to outline a number of issues with hydrogen fuel cells. He said (via Electrek blog): If your goal is to reduce energy consumption, petrol or whatever resource, you want to use it as efficiently as possible. You don't want to pick something that consumes a lot for whatever reason, and hydrogen is uniquely bad. There's a saying in the auto industry that hydrogen is the future of transportation and always will be. It's a scam as far as I can tell because the energy equation is terrible. People will say that hydrogen is the most abundant element in the universe, but it's abundant out there in the universe not here. We live on a planet where hydrogen is super reactive -- it's bound up into everything. It's bound up into water, wood and everything else. They only way that you get hydrogen requires you to pour energy into it to break it from the chemical bonds. Electrolysis is the most common method. You put electricity in water and it separates it, but you are pouring energy in order to make hydrogen, and then you have to compress it and that takes energy, and then you have to transport it to wherever you actually need it, which is really difficult because hydrogen is much harder to work with than gasoline or even natural gas -- and natural gas is not that easy. And then you ultimately have to place it into a car where you'll have a very high-pressure vessel which offers its own safety issues -- and that's only to convert it back again to electricity to make the car go because hydrogen fuel cell cars are really electric cars. They just have an extraordinary bad battery.Here's the podcast.
Google

How Copyright Law Is Being Misused To Remove Material From the Internet (theguardian.com) 102

London-based resident Annabelle Narey posted a negative review of a building firm on Mumsnet. She noted in her review that her ceiling fell down in an upstairs bedroom. The Guardian reports about what happened to her in the aftermath of posting that review. Building firm BuildTeam sent a letter to Mumsnet, which the site passed on to Narey. According to Narey, BuildTeam found Narey's comment defamatory and untrue, and asked for the removal of the comment from the website. The original comment saw several other users also post similar grievances, though many of these users pulled their comments in response to the legal threats from BuildTeam. Narey wanted to keep hers up. Then things got even weirder, reports the Guardian. Narey says BuiltTeam staff visited her apartment, and instead of offering any apology, asked her to remove the comment. Mumsnet received a warning from Google: a takedown request under DMCA, alleging copyright infringement. This led Google to de-list the entire thread. From the report: No copyright infringement had occurred at all. At some point after Narey posted her comments on Mumsnet, someone had copied the entire text of one of her posts and pasted it, verbatim, to a spammy blog titled "Home Improvement Tips and Tricks". The post, headlined "Buildteam interior designers" was backdated to September 14 2015, three months before Narey had written it. BuildTeam says it has no idea why Narey's review was reposted, but that it had nothing to do with it.The Guardian deep dives into what is wrong with the copyright system, the issues Google faces in dealing with them, and the consequences many users are facing because of this.
Botnet

Ransomware Adds DDoS Attacks To Annoy More People (softpedia.com) 35

An anonymous reader writes: Ransomware developers have found another method of monetizing their operations by adding a DDoS component to their malicious payloads. So instead of just encrypting your files and locking your screen, new ransomware versions seen this week also started adding a DDoS bot that quietly blasts spoofed network traffic at various IPs on the Internet.
Softpedia points out that "Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years."
Facebook

Fake Facebook Event Draws Police, Spawns New Meme (cnet.com) 92

An anonymous reader writes: A fake event announcement on Facebook has now launched "a long string of viral jokes featuring fake concert events for music acts at oddly appropriate venues," according to CNET -- for example, a Radiohead concert at Radio Shack or a Sunday Brunch with Insane Clown Posse. It began with a fake announcement touting an upcoming concert with Limp Bizkit on April 20 at a Sunoco gas station. "The event got so much viral attention and local and national news coverage that the Dayton Police Department had to issue a statement to the local press and on its Twitter page on April 19 that there would be no Limp Bizkit concert..." CNET reports.

"That still didn't stop a crowd of 100 Limp Bizkit fans from going to the Sunoco and chanting 'Fred! Fred! Fred!' in front of the station. The station had to close up for the night and police were called to the scene to disperse the crowd. Since then, other Facebook users decided to try their luck at tricking the more gullible people on the Internet into going to concerts that don't exist."
In an unrelated development, 12 Facebook employees and their guests were stuck in an elevator at Facebook's California headquarters for more than two hours on Friday, until being rescued by local firefighters using the Jaws of Life.
Network

DARPA Extreme DDOS Project Transforming Network Attack Mitigation (networkworld.com) 21

coondoggie quotes a report from Networkworld: Researchers with the Defense Advanced Research Projects Agency (DARPA) have quickly moved to alter the way the military, public and private enterprises protect their networks from high-and low-speed distributed denial-of-service attacks with a program called Extreme DDoS Defense (XD3). The agency has since September awarded seven XD3 multi-million contracts to Georgia Tech, George Mason University, Invincea Labs, Raytheon BBN, Vencore Labs (two contracts) and this week to the University of Pennsylvania to radically alter DDOS defenses. One more contract is expected under the program. [DARPA says the XD3 program looks to develop technologies that: Thwart DDos attacks by dispersing cyber assets (physically and/or logically) to complicate adversarial targeting, disguise the characteristics and behaviors of those assets to confuse or deceive the adversary, blunt the effects of attacks that succeed in penetrating other defensive measures by using adaptive mitigation techniques on endpoints such as mission-critical servers.]
The Almighty Buck

Wristband Gives You An Electric Shock When You Overspend (softpedia.com) 62

An anonymous reader writes: "Intelligent Environments, the company that brought us emoji passwords, has launched another original product, a banking platform integrated with IoT devices working on the classic 'If This, Then That' principle," writes Softpedia. "Called Interact IoT, the platform will allow developers to create smart products that interact with your bank account. Intelligent Environments launched the platform yesterday with two integrations, one for the Pavlok wristband and one for Google's Nest thermostat." Bank account owners can set a threshold for their account, which if they go under they'll receive an electric shock from their Pavlok wristband or Interact IoT will turn down their Nest thermostat to save money. More integrations are under work. Which ones would you like to see? "Both Pavlok and Nest Thermostat are opt-in services, so customers can decide whether to switch them on or not," said David Webber, Managing Director at Intelligent Environments. "However, with the Pavlok integration users have told us they love it. They think it's much better to get a little shock now, instead of a nasty one later."
China

China Fakes 488 Million Social Media Posts a Year To Deceive Its Citizens (bloomberg.com) 120

In an attempt to keep its citizens from seeing bad news and getting involved in sensitive political debates, China's government fabricates about 488 million social media comments a year, reports Bloomberg citing a study (PDF). The propaganda workers who post comments are known as Fifty Cent Party because they are believed to be paid 50 Chinese cents by the Chinese government for every comment they post. From the report: Although those who post comments are often rumored to be ordinary citizens, the researchers were surprised to find that nearly all the posts were written by workers at government agencies including tax and human resource departments, and at courts. The researchers said they found no evidence that people were paid for the posts, adding the work was probably part of the employees' job responsibilities. Fifty Cent Party is a derogatory term since it implies people are bought off cheaply. About half of the positive messages appear on government websites, and the rest are injected into the 80 billion social media posts that enter China's Internet. That means one of every 178 social media posts on China's micro blogs is made up by the government, the researchers said. The sites affected include those run by Tencent Holdings Ltd., Sina Corp. and Baidu Inc.
Government

New Surveillance System May Let Cops Use All Of The Cameras (engadget.com) 116

An anonymous reader quotes a report from Wired: [Computer scientists have created a way of letting law enforcement tap any camera that isn't password protected so they can determine where to send help or how to respond to a crime.] The system, which is just a proof of concept, alarms privacy advocates who worry that prudent surveillance could easily lead to government overreach, or worse, unauthorized use. It relies upon two tools developed independently at Purdue. The Visual Analytics Law Enforcement Toolkit superimposes the rate and location of crimes and the location of police surveillance cameras. CAM2 reveals the location and orientation of public network cameras, like the one outside your apartment. You could do the same thing with a search engine like Shodan, but CAM2 makes the job far easier, which is the scary part. Aggregating all these individual feeds makes it potentially much more invasive. [Purdue limits access to registered users, and the terms of service for CAM2 state "you agree not to use the platform to determine the identity of any specific individuals contained in any video or video stream." A reasonable step to ensure privacy, but difficult to enforce (though the team promises the system will have strict security if it ever goes online). Beyond the specter of universal government surveillance lies the risk of someone hacking the system.] EFF discovered that anyone could access more than 100 "secure" automated license plate readers last year.

Slashdot Top Deals