China

YouTube Suspends Account of Popular Chinese Dissident (freebeacon.com) 15

schwit1 brings news about an exiled Chinese billionaire with 500,000 followers on YouTube. The Washington Free Beacon reports:YouTube has suspended the video account of popular Chinese dissident Guo Wengui amid a mounting pressure from the Beijing government to silence one of its critics. According to a person familiar with the action, YouTube issued what the company calls a 'strike' against Guo, who since the beginning of the year has created an online sensation by posting lengthy videos in which he reveals details of corruption by senior Chinese officials. The suspension involves a 90-day block on any new live-stream postings of videos and was the result of a complaint made against a recent Guo video for alleged harassment. The identity of the person or institution who issued the complaint could not be learned... Other videos by Guo posted prior to the suspension remain accessible.
The suspension coincides with this week's once-every-five-years congress of the Chinese Communist party to reveal which top officials will serve President Xi Jinping, according to Financial Times, adding that "China's choreographed politics is not designed for public participation or questioning."
Botnet

2 Million IoT Devices Enslaved By Fast-Growing BotNet (bleepingcomputer.com) 21

An anonymous reader writes: Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper, researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, routers, network-attached storage (NAS) devices, network video recorders (NVRs), and digital video recorders (DVRs), primarily from vendors such as Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link, and Synology.

The botnet reuses some Mirai source code, but it's unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet's author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there.

Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that "This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."
Idle

Data Science Meets Sports Gambling: How Researchers Beat the Bookies (newscientist.com) 27

"A trio of data scientists developed a betting strategy to beat bookmakers at football games," writes austro. [The game Americans call soccer.] New Scientist reports: The team studied 10 years' worth of data on nearly half a million football matches and the associated odds offered by 32 bookmakers between January 2005 and June 2015. When they applied their strategy in a simulation, they made a return of 3.5 per cent. Making bets randomly resulted in a loss of 3.32 per cent. Then the team decided to try betting for real. They developed an online tool that would apply their odds-averaging formula to upcoming football matches. When a favorable opportunity arose, a member of the team would email Kaunitz and his wife, one of whom then placed a bet.

They kept this up for five months, placing $50 bets around 30 times a week. And they were winning. After five months the team had made a profit of $957.50 -- a return of 8.5 per cent. But their streak was cut short. Following a series of several small wins, the trio were surprised to find that their accounts had been limited, restricting how much they could bet to as little as $1.25. The gambling industry has long restricted players who appear to show an edge over the house, says Mark Griffiths at Nottingham Trent University, UK.

The paper "illustrates how the sports gambling industry compensates market inefficiencies with discriminatory practices against successful clients," adds austro, noting that the researchers posted a paper explaining their methodology on arxiv last week. "They also made the dataset and source code available on github. And best of all, they made an online publicly available dashboard that shows a live list of bet recommendations on football matches based on their strategy here or here for anyone to try."
Security

Google Offers $1,000 Bounties For Hacking Dropbox, Tinder, Snapchat, and Others (mashable.com) 24

An anonymous reader quotes Mashable: Google, in collaboration with bug bounty platform HackerOne, has launched the Google Play Security Reward Program, which promises $1,000 to anyone who can identify security vulnerabilities in participating Google Play apps. Thirteen apps are currently participating, including Tinder, Duolingo, Dropbox, Snapchat, and Headspace... If you find a security vulnerability in one of the participating apps, you can report that vulnerability to the developer, and work with them to fix it. When the problem has been resolved, the Android Security team will pay you $1,000 as a reward, on top of any reward you get from the app developer. Google will be collecting data on the vulnerabilities and sharing it (anonymized) with other developers who may be exposed to the same problems. For HackerOne, it's about attracting more and better participants in bounty programs.
Businesses

Why Are We Still Using Passwords? (securityledger.com) 112

Here's some surprising news from the Akamia Edge conference. chicksdaddy writes: [E]xecutives at some of the U.S.'s leading corporations agreed that the much maligned password won't be abandoned any time soon, even as data breaches and follow-on attacks make passwords more susceptible than ever to abuse, the Security Ledger reports. "We reached the end of needing passwords maybe seven years ago, but we still use them," said Steve Winterfeld, Director of Cybersecurity, at clothing retailer Nordstrom. "They're still the primary layer of defense."

"It's hard to kill them," noted Shalini Mayor, who is a Senior Director at Visa Inc. "The question is what to replace them with." This, even though the cost of using passwords is high and getting higher, as sophisticated attacks attempt to compromise legitimate accounts using so-called "credential stuffing" techniques, which use automated password guessing attacks against web-based applications... Stronger and more reliable alternatives to passwords already exist, but the obstacles to using them are often prohibitive. Shalani Mayor said Visa is "looking at" biometric technologies like Apple's TouchID as a tool for making payments securely. Such technologies -- from fingerprint scans to facial and retinal scans -- promise more secure and reliable factors than alphanumeric passwords, the executives agreed. But customers often resist the technologies or find them error prone or too difficult to use.

Education

Code School Fined $375K Over Employment Claims and Licensing Issues (arstechnica.com) 26

An anonymous reader quotes Ars Technica: [O]ne of the most prominent institutions, New York's Flatiron School, will be shelling out $375,000 to settle charges brought by New York Attorney General Eric Schneiderman's office. The AG said the school operated for a period without the proper educational license, and it improperly marketed both its job placement rates and the salaries of its graduates. New York regulators didn't find any inaccuracies in Flatiron's "outcomes report," a document the company is proud of. However, the Attorney General's office found that certain statements made on Flatiron's website didn't constitute "clear and conspicuous" disclosure.

For instance, Flatiron claimed that 98.5 percent of graduates were employed within 180 days of graduation. However, only by carefully reading the outcomes report would one find that the rate included not just full-time employees, but apprentices, contract workers, and freelancers. Some of the freelancers worked for less than 12 weeks. The school also reported an average salary of $74,447 but didn't mention on its website that the average salary claim only applied to graduates who achieved full-time employment. That group comprised only 58 percent of classroom graduates and 39 percent of those who took online courses.

The school's courses last 12 to 16 weeks, and cost between $12,000 and $15,000, according to a statement from the attorney general's office [PDF]. (Or $1,500 a month for an onine coding class). Eligible graduate can claim their share of the $375,000 by filing a complaint within the next thee months.
The Courts

Friendlier GPL-Enforcement Permission Proposed By Linux Kernel Developers (kroah.com) 44

The former Executive Director of the Free Software Foundation -- and Slashdot user #41121 -- contacted Slashdot with this announcement. bkuhn -- now president of the Software Freedom Conservancy -- writes: Software Freedom Conservancy, home of the GPL Compliance Project for Linux Developers, publicly applauded today the proposal of the Linux Kernel Enforcement Statement, which adds a per-copyright-holder-opt-in additional permission to the termination provisions of Linux's GPLv2-only license.
It apparently addresses a developer who "made claims based on ambiguities in the GPL-2.0 that no one in our community has ever considered part of compliance," according to a statement from some of the kernel developers who drafted the statement. While the kernel community has always supported enforcement efforts to bring companies into compliance, we have never even considered enforcement for the purpose of extracting monetary gain... [W]e are aware of activity that has resulted in payments of at least a few million Euros. We are also aware that these actions, which have continued for at least four years, have threatened the confidence in our ecosystem. Because of this, and to help clarify what the majority of Linux kernel community members feel is the correct way to enforce our license, the Technical Advisory Board of the Linux Foundation has worked together with lawyers in our community, individual developers, and many companies that participate in the development of, and rely on Linux, to draft a Kernel Enforcement Statement to help address both this specific issue we are facing today, and to help prevent any future issues like this from happening again. It adopts the same termination provisions we are all familiar with from GPL-3.0 as an Additional Permission giving companies confidence that they will have time to come into compliance if a failure is identified.
Businesses

Tech Companies To Lobby For Immigrant 'Dreamers' To Remain In US (reuters.com) 173

An anonymous reader quotes a report from Reuters: Nearly two dozen major companies in technology and other industries are planning to launch a coalition to demand legislation that would allow young, illegal immigrants a path to permanent residency, according to documents seen by Reuters. The Coalition for the American Dream intends to ask Congress to pass bipartisan legislation this year that would allow these immigrants, often referred to as "Dreamers," to continue working in the United States, the documents said. Alphabet Inc's Google, Microsoft Corp, Amazon.com Inc, Facebook Inc, Intel Corp, Uber Technologies Inc, IBM Corp, Marriott International Inc and other top U.S. companies are listed as members, one of the documents shows. The push for this legislation comes after President Donald Trump's September decision to allow the Deferred Action for Childhood Arrivals (DACA) program to expire in March. That program, established by former President Barack Obama in 2012, allows approximately 900,000 illegal immigrants to obtain work permits. Some 800 companies signed a letter to Congressional leaders after Trump's decision, calling for legislation protecting Dreamers. That effort was spearheaded by a pro-immigration reform group Facebook Chief Executive Mark Zuckerberg co-founded in 2013 called FWD.us.
Desktops (Apple)

Tim Cook Confirms the Mac Mini Isn't Dead (macrumors.com) 122

Apple has refreshed just about every Mac product within the last couple of years -- except for the Mac Mini. Naturally, this has left many analysts questioning whether or not the company would be phasing out the Mini to focus more on its mobile devices. A MacRumors reader decided to email Apple CEO Tim Cook to get an update on the Mac mini and he received a response. Cook said it was "not time to share any details," but he confirmed that the Mac mini will be an important part of the company's product lineup in the future. MacRumors reports: Cook's response echoes a similar statement from Apple marketing chief Phil Schiller, who commented on the Mac mini when Apple's plans for a new Mac Pro were unveiled. "The Mac mini is an important product in our lineup and we weren't bringing it up because it's more of a mix of consumer with some pro use," he said. Positioned as a "bring your own peripherals" machine that comes without a mouse, keyboard, or display, the Mac mini is Apple's most affordable desktop machine. The current version is woefully outdated though, and continues to use Haswell processors and integrated Intel HD 5000/Intel Iris Graphics. It's not clear when Apple will introduce a new Mac mini, and aside from a single rumor hinting at a new high-end Mac mini with a redesign that "won't be so mini anymore," we've heard no rumors about work on a possible Mac mini refresh.
Government

The US Government Keeps Spectacularly Underestimating Solar Energy Installation (qz.com) 110

Michael J. Coren reports via Quartz: Every two years, the U.S. Energy Information Administration (EIA), America's official source for energy statistics, issues 10-year projections about how much solar, wind and conventional energy the future holds for the U.S. Every two years, since the mid-1990s, the EIA's projections turn out to be wrong. Last year, they proved spectacularly wrong. The Natural Resources Defense Council, an environmental advocacy group, and Statista recently teamed up to analyze the EIA's predictions for energy usage and production. They found that the EIA's 10-year estimates between 2006 to 2016 systematically understated the share of wind, solar and gas. Solar capacity, in particular, was a whopping 4,813% more in 2016 than the EIA had predicted in 2006 it would be. To be fair, there is a caveat here: The prediction in 2006 was that 10 years hence the U.S. would be generating just 0.8 gigawatts (GW) of solar energy. With such a low baseline figure, any increase will look huge in percentage terms. Nonetheless, there is an unmistakable trend in the data: The EIA regularly underestimates the growth in renewables but overestimates U.S. fossil-fuel consumption, which some critics see as an attempt to boost the oil and gas industry.
Government

Body Camera Study Shows No Effect On Police Use of Force Or Citizen Complaints (npr.org) 114

An anonymous reader quotes a report from NPR: Having police officers wear little cameras seems to have no discernible impact on citizen complaints or officers' use of force, at least in the nation's capital. That's the conclusion of a study performed as Washington, D.C., rolled out its huge camera program. The city has one of the largest forces in the country, with some 2,600 officers now wearing cameras on their collars or shirts. In the wake of high-profile shootings, many police departments have been rapidly adopting body-worn cameras, despite a dearth of solid research on how the technology can change policing. "We need science, rather than our speculations about it, to try to answer and understand what impacts the cameras are having," says David Yokum, director of the Lab @ DC. His group worked with local police officials to make sure that cameras were handed out in a way that let the researchers carefully compare officers who were randomly assigned to get cameras with those who were not. The study ran from June 2015 to last December. It's to be expected that these cameras might have little impact on the behavior of police officers in Washington, D.C., he says, because this particular force went through about a decade of federal oversight to help improve the department.
Bitcoin

Software Developer Creates Personal Cryptocurrency (wired.com) 81

mirandakatz writes: If you want to pick Evan Prodromou's brain -- as many people often do -- you'll have to pay him. And not just a consulting fee: You'll have to pay him in his own personal cryptocurrency, dubbed Evancoin. Currently, 20 days after his Initial Coin Offering, a single Evancoin is worth $45. As Prodromou tells Scott Rosenberg at Backchannel, "I'm not above a stunt! But in this case I'm really serious about exploring how cryptocurrency is changing what we can do with money and how we think about it. Money is this sort of consensual hallucination, and I wanted to experiment around that." The story goes on to explain what, exactly, goes into creating a personal cryptocurrency, and whether Evancoin could becoming a phenomenon that spreads.
Transportation

Elon Musk Begins Digging a Hyperloop Tunnel In Maryland (baltimoresun.com) 121

Elon Musk has been granted permission by Maryland to start digging tunnels for his hyperoop transit system that he wants to build between New York and Washington. "Hogan administration officials said Thursday the state has issued a conditional utility permit to let Musk's tunneling firm, The Boring Co., dig a 10.3-mile tunnel beneath the state-owned portion of the Baltimore-Washington Parkway, between the Baltimore city line and Maryland 175 in Hanover," reports Baltimore Sun. From the report: It would be the first portion of the underground system that Musk says could eventually ferry passengers from Washington to New York, with stops in Baltimore and Philadelphia, in just 29 minutes. Maryland's approval is the first step of many needed to complete the multibillion-dollar project. Gov. Larry Hogan toured a site in Hanover that aides said could become an entry point for the hyperloop. The state does not plan to contribute to the cost of the project, aides said. Administration officials said they will treat the hyperloop like a utility, and permitted it in the same way the state allows electric companies to burrow beneath public rights-of-way. It was not immediately clear Thursday what environmental review or other permitting procedures must be completed before the company breaks ground.
Businesses

Vungle CEO Arrested For Child Rape and Attempted Murder (axios.com) 102

Freshly Exhumed writes: Axios is working to get details about a revelation on a government website that Vungle CEO Zain Jaffer is facing charges at the Maple Street Correctional Center in Redwood City, California of attempted murder, a lewd act on a child, oral copulation of a person under 14, child abuse, assault with a deadly weapon and battery upon an officer and emergency personnel. Vungle is self-described on its website as "the leading in-app video advertising platform for performance marketers," and was founded by Jaffer in 2011. Vungle has since issued a statement: "While we do not have any information that is not in the public record at this point, these are extremely serious allegations, and we are shocked beyond words. While these are only preliminary charges, they are obviously so serious that it led to the immediate removal of Mr. Jaffer from any operational responsibility at the company. The company stressed that this matter has nothing to do with Mr. Jaffer's former role at the company." Axios notes that "the San Francisco-based company has raised over $25 million in VC funding from firms like Google Ventures, Thomvest Ventures, Crosslink Capital, SoftTech VC and 500 Startups."
Android

Google Says 64 Percent of Chrome Traffic On Android Now Protected With HTTPS, 75 Percent On Mac, 66 Percent On Windows (techcrunch.com) 82

An anonymous reader quotes a report from TechCrunch: Google's push to make the web more secure by flagging sites using insecure HTTP connections appears to be working. The company announced today that 64 percent of Chrome traffic on Android is now protected, up 42 percent from a year ago. In addition, over 75 percent of Chrome traffic on both ChromeOS and Mac is now protected, up from 60 percent on Mac and 67 percent on ChromeOS a year ago. Windows traffic is up to 66 percent from 51 percent. Google also notes that 71 of the top 100 websites now use HTTPS by default, up from 37 percent a year ago. In the U.S., HTTPS usage in Chrome is up from 59 percent to 73 percent. Combined, these metrics paint a picture of fairly rapid progress in the switchover to HTTPS. This is something that Google has been heavily pushing by flagging and pressuring sites that hadn't yet adopted HTTPS.

Slashdot Top Deals