Bug

'Critical' T-Mobile Bug Allowed Hackers To Hijack Users' Accounts 1

An anonymous reader quotes a report from Motherboard: The vulnerability was found and reported by a security researcher on December 19 of last year, but it hasn't been revealed until now. Within a day, T-Mobile classified it as "critical," patched the bug, and gave the researcher a $5,000 reward. That's good news, but it's unclear how long the site was vulnerable and whether any malicious hackers found and exploited the bug before it was fixed. The newly disclosed bug allowed hackers to log into T-Mobile's account website as any customer. "It's literally like logging into your account and then stepping away from the keyboard and letting the attacker sit down," Scott Helme, a security researcher who reviewed the bug report, told Motherboard in an online chat. Shortly after we published this story, a T-Mobile spokesperson sent us a statement: "This bug was confidentially reported through our Bug Bounty program in December and fixed within a matter of hours," the emailed statement read. "We found no evidence of customer information being compromised."
Facebook

Facebook's Mandatory Anti-Malware Scan Is Invasive and Lacks Transparency 16

Louise Matsakis, writing for Wired: The internet is full of Facebook users frustrated with how the company handles malware threats. For nearly four years, people have complained about Facebook's anti-malware scan on forums, Twitter, Reddit, and on personal blogs. The problems appear to have gotten worse recently. While the service used to be optional, Facebook now requires it if it flags your device for malware. And according to screenshots reviewed by WIRED from people recently prompted to run the scan, Facebook also no longer allows every user to select what type of device they're on. The malware scans likely only impact a relatively small population of Facebook's billions of users, some of whose computers may genuinely be infected. But even a fraction of Facebook's users still potentially means millions of impacted people.

The mandatory scan has caused widespread confusion and frustration; WIRED spoke to people who had been locked out of their accounts by the scan, or simply baffled by it, on four different continents. The mandatory malware scan has downsides beyond losing account access. Facebook users also frequently report that the feature is poorly designed, and inconsistently implemented. In some cases, if a different user logs onto Facebook from the same device, they sometimes won't be greeted with the malware message. Similarly, if the "infected" user simply switches browsers, the message also appears to occasionally go away.
The Courts

Manafort Left an Incriminating Paper Trail Because He Couldn't Figure Out How to Convert PDFs to Word Files (slate.com) 84

There are two types of people in this world: those who know how to convert PDFs into Word documents and those who are indicted for money laundering. Former Trump campaign chairman Paul Manafort is the second kind of person , Slate reports. From the report: Back in October, a grand jury indictment charged Manafort and his business associate Rick Gates with a variety of crimes, including conspiring "to defraud the United States." On Thursday, special counsel Robert Mueller filed a new indictment against the pair, substantially expanding the charges. As one former federal prosecutor told the Washington Post, Manafort and Gates' methods appear to have been "extensive and bold and greedy with a capital 'G,' but ... not all that sophisticated." One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been. Here's the relevant passage from the indictment. I've bolded the most important bits:

Manafort and Gates made numerous false and fraudulent representations to secure the loans. For example, Manafort provided the bank with doctored [profit and loss statements] for [Davis Manafort Inc.] for both 2015 and 2016, overstating its income by millions of dollars. The doctored 2015 DMI P&L submitted to Lender D was the same false statement previously submitted to Lender C, which overstated DMI's income by more than $4 million. The doctored 2016 DMI P&L was inflated by Manafort by more than $3.5 million. To create the false 2016 P&L, on or about October 21, 2016, Manafort emailed Gates a .pdf version of the real 2016 DMI P&L, which showed a loss of more than $600,000. Gates converted that .pdf into a "Word" document so that it could be edited, which Gates sent back to Manafort. Manafort altered that "Word" document by adding more than $3.5 million in income. He then sent this falsified P&L to Gates and asked that the "Word" document be converted back to a .pdf, which Gates did and returned to Manafort. Manafort then sent the falsified 2016 DMI P&L .pdf to Lender D.
So here's the essence of what went wrong for Manafort and Gates, according to Mueller's investigation: Manafort allegedly wanted to falsify his company's income, but he couldn't figure out how to edit the PDF.
United States

From 1999 To 2016, America Lost 11.4 Million People From the Workforce (washingtonpost.com) 71

Andrew Van Dam, writing for the Washington Post: Where did all the jobs go? Well, we're finally starting to find some satisfactory answers to the granddaddy of all economic questions. The share of Americans with jobs dropped 4.5 percentage points from 1999 to 2016 -- amounting to about 11.4 million fewer workers in 2016. At least half of that decline probably was due to an aging population. Explaining the remainder has been the inspiration for much of the economic research published after the Great Recession.
Transportation

Airlines Won't Dare Use the Fastest Way to Board Planes (wired.com) 195

An anonymous reader writes: You've arrived at the airport early. You have already selected the perfect seat. You've employed all possible tricks for making the check-in and security processes zoom by. But there's still some blood-pressure-raising chaos you can't avoid: boarding. From impatient fellow travelers who are determined to beat you onto the plane to passengers who insist on jamming their too-big carry-ons into overhead bins, making your way to your seat can be straight-up hellish -- and Wired's Alex Davies offers up a cheery explanation of why the situation is unlikely to improve any time soon. It's not that airlines aren't trying. In fact, United is in the middle of a months-long test at LAX that involves splitting its five groups of passengers into two lines, instead of five, to see whether that will make boarding less painful. But there are some basic measures that airlines could be taking to speed things up -- offering free baggage check, for instance, or cutting down on early boarding perks -- if they weren't so worried about their bottom lines. "The question for the airlines, then, is not how to get everyone onto a plane as quickly as possible," Davies writes. "It's how to get everyone onto a plane as quickly as possible while still charging them extra for bags, doting on the regular customers, and maintaining the system that, like all class structures, serves whoever built it."
Science

The 'Loudness' of Our Thoughts Affects How We Judge External Sounds (sciencedaily.com) 29

The "loudness" of our thoughts -- or how we imagine saying something -- influences how we judge the loudness of real, external sounds, a team of researchers from NYU Shanghai and NYU has found. From a report: Its study, titled "Imagined Speech Influences Perceived Loudness of Sound" and published in the journal Nature Human Behaviour, offers new insights into the nature of brain activity. The research project was conducted by Tian Xing and Bai Fan from NYU Shanghai with, David Poeppel and Teng Xiangbin from NYU, and Ding Nai from Zhejiang University. "Our 'thoughts' are silent to others -- but not to ourselves, in our own heads -- so the loudness in our thoughts influences the loudness of what we hear," says Poeppel, a professor of psychology and neural science. Using an imagery-perception repetition paradigm, the team found that auditory imagery will decrease the sensitivity of actual loudness perception, with support from both behavioural loudness ratings and human electrophysiological (EEG and MEG) results.
Government

Supreme Court Declines To Broaden Whistleblower Protections (reuters.com) 55

The U.S. Supreme Court this week refused to broaden protections for corporate insiders who call out misconduct, ruling they must take claims of wrongdoing to the Securities and Exchange Commission in order to be shielded against retaliation. From a report: The justices ruled 9-0 in favor of Digital Realty Trust, throwing out a lawsuit brought against the California-based real estate trust by a fired former employee who had reported alleged wrongdoing only internally and not to the SEC. The 2010 Wall Street reform law known as the Dodd-Frank Act is unambiguous in offering no protection from retaliation such as firing or demotion to employees who report claims of securities law violations only in-house, the court ruled.
Security

More Than 40% of Global Log-in Attempts Are Malicious (infosecurity-magazine.com) 52

More than 40% of global log-in attempts are malicious thanks to bot-driven credential stuffing attacks, according to the latest report from Akamai. From a report: The cloud delivery provider's latest State of the Internet/Security report for Q4 2017 comprised analysis from over 7.3 trillion bot requests per month. It claimed that such requests account for over 30% of all web traffic across its platform per day, excluding video streaming. However, malicious activity has seen a sharp increase, as cyber-criminals look to switch botnets from DDoS attacks to using stolen credentials to try to access online accounts. Of the 17 billion login requests Akamai tracked in November and December, over two-fifths (43%) were used for credential abuse. The figure rose to a staggering 82% for the hospitality industry.
Iphone

Soderbergh's Thriller Shot on iPhone Premieres in Berlin (reuters.com) 49

Director Steven Soderbergh said this week he so enjoyed making his psychological thriller "Unsane" on an iPhone, he would find it hard to go back to conventional filmmaking. From a report: "Unsane", which premieres at the Berlin film festival, was shot over just two weeks - way shorter than the months a movie usually takes. It tells the story of Sawyer Valentini, who moves to a new city to escape her stalker David but finds herself admitted to a mental health institution where he works.
Intel

OpenBSD Releases Meltdown Patch (theregister.co.uk) 39

OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's -- pretty much the same approach as was taken in the Linux kernel. From a report: A few days after the Meltdown/Spectre bugs emerged in January, OpenBSD's Phillip Guenther responded to user concerns with a post saying the operating system's developers were working out what to do. Now he's revealed the approach used to fix the free OS: "When a syscall, trap, or interrupt takes a CPU from userspace to kernel the trampoline code switches page tables, switches stacks to the thread's real kernel stack, then copies over the necessary bits from the trampoline stack. On return to userspace the opposite occurs: recreate the iretq frame on the trampoline stack, switch stack, switch page tables, and return to userspace." That explanation is somewhat obscure to non-developers, but there's a more readable discussion of what the project's developers had in mind from January, here.
Intel

Intel Did Not Tell US Cyber Officials About Chip Flaws Until Made Public (reuters.com) 58

Intel Corp did not inform U.S. cyber security officials of Meltdown and Spectre chip security flaws until they leaked to the public, six months after Alphabet notified the chipmaker of the problems, according to letters sent by tech companies to lawmakers on Thursday. From a report: Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with U.S. authorities as hackers had not exploited the vulnerabilities. Intel did not tell the United States Computer Emergency Readiness Team, better known as US-CERT, about Meltdown and Spectre until Jan. 3, after reports on them in online technology site The Register had begun to circulate.
Patents

'Nobody Cares Who Was First, and Nobody Cares Who Copied Who': Marco Arment on Defending Your App From Copies and Clones (marco.org) 146

Marco Arment: App developers sometimes ask me what they should do when their features, designs, or entire apps are copied by competitors. Legally, there's not a lot you can do about it: Copyright protects your icon, images, other creative resources, and source code. You automatically have copyright protection, but it's easy to evade with minor variations. App stores don't enforce it easily unless resources have been copied exactly. Trademarks protect names, logos, and slogans. They cover minor variations as well, and app stores enforce trademarks more easily, but they're costly to register and only apply in narrow areas.

Only assholes get patents. They can be a huge PR mistake, and they're a fool's errand: even if you get one ($20,000+ later), you can't afford to use it against any adversary big enough to matter. Don't be an asshole or a fool. Don't get software patents. If someone literally copied your assets or got too close to your trademarked name, you need to file takedowns or legal complaints, but that's rarely done by anyone big enough to matter. If a competitor just adds a feature or design similar to one of yours, you usually can't do anything. You can publicly call out a copy, but you won't come out of it looking good. [...] Nobody else will care as much as you do. Nobody cares who was first, and nobody cares who copied who. The public won't defend you.

Privacy

Samsung Rescues Data-Saving Privacy App Opera Max and Relaunches it as Samsung Max (venturebeat.com) 13

Samsung has rescued Opera Software's Opera Max data-saving, privacy-protecting Android app from oblivion and relaunched it today as Samsung Max. From a report: Norwegian tech company Opera, which first became known for its desktop browser when it launched in 1995, has offered mobile browser apps across various platforms for years. But in 2014, it launched the standalone Opera Max app for Android, designed to get its users more bang from their data plan, along with some VPN-like features. The app compresses data such as photos, music, and videos while promising "no noticeable loss of quality." Opera Max can also block background processes to conserve battery and data. The app was given a number of new features over the past few years, but last August the company revealed it was pulling the plug on Opera Max once and for all.
Robotics

'Automating Jobs Is How Society Makes Progress' (qz.com) 201

An anonymous reader quotes a report from Quartz, written by Per Bylund, assistant professor at Oklahoma State University: Analysts discuss the automation of jobs as if robots are rising from the sea like Godzilla, rampaging through the Tokyo of stable employment, and leaving only chaos in their wake. According to data from PWC, 38% of jobs in the U.S. could become automated by the early 2030s. Meanwhile, a report from Ball State University's Center for Business and Economic Research warned that half of all American jobs could be replaced by automation. These prophecies of doom fail to recognize that automation and increased productivity are nothing new. From the cotton gin to the computer, automation has been happening for centuries. Consider the way automation has improved the mining industry over the past 100 years. Without machines, humans were forced to crawl into unstable passageways and chip away at rocks with primitive tools while avoiding the ever-present dangers of gas poisoning and cave-ins. Not only was this approach terrible for health, but it was also a highly inefficient use of skilled human laborers. With machines doing the heavy lifting, society was able to dedicate resources to building, servicing, and running the machinery.

Fewer people now do the traditional physical labor, but this advancement is celebrated rather than mourned. By letting machines handle the more tedious -- and, in some cases, dangerous -- tasks, people were liberated to use their labor in more efficient, effective, and fulfilling ways. Critics of automation miss the point. Nobody works for the sake of work -- people strive to create value, which helps pay our salaries and feed our families. Automation effectively opens the door for more new endeavors that will elevate our species to greater heights. Just as past generations turned away the mines for better careers, modern workers whose jobs are altered by automation will see their roles in society evolve rather than disappear.

Medicine

Major New Study Confirms Antidepressants Really Do Work (theguardian.com) 195

According to authors of a groundbreaking study, antidepressants really do work in treating depression, though some are more effective than others. "Millions more people around the world should be prescribed pills or offered talking therapies, which work equally well for moderate to severe depression, say the doctors, noting that just one in six people receive proper treatment in the rich world -- and one in 27 in the developing world," reports The Guardian. From the report: "Antidepressants are an effective tool for depression. Untreated depression is a huge problem because of the burden to society," said Andrea Cipriani of the NIHR Oxford Health Biomedical Research Centre, who led the study. The debate over antidepressants has unfortunately often been ideological, said Cipriani. Some doctors and patients have doubts over whether they work at all and point to the big placebo effect -- in trials, those given dummy pills also improve to some degree. Some people suspect drug companies of fiddling trial results. Some patients simply do not want to take pills for a mental health condition. The study published in the Lancet took six years, Cipriani said, and included all the published and unpublished data that the scientists could find. It was carried out by a team of international experts. They looked at results after eight weeks of more than 500 trials involving either a drug versus placebo or comparing two different medicines. The most famous antidepressant of them all, Prozac -- now out of patent and known by its generic name, fluoxetine -- was one of the least effective but best tolerated, measured by a low drop-out rate in the trials or fewer side-effects reported. The most effective of the drugs was amitriptyline, which was the sixth best tolerated.

Slashdot Top Deals