Linux fréttir

According to the Guardian, Amazon CEO Jeff Bezos had his phone "hacked" in 2018 after receiving a WhatsApp message from the personal account of the crown prince of Saudi Arabia. From the report: The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world's richest man, according to the results of a digital forensic analysis. This analysis found it "highly probable" that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post. The two men had been having a seemingly friendly WhatsApp exchange when, on May 1 of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity. Large amounts of data were exfiltrated from Bezos's phone within hours, according to a person familiar with the matter. The Guardian has no knowledge of what was taken from the phone or how it was used. [...] The disclosure is likely to raise difficult questions for the kingdom about the circumstances around how U.S. tabloid the National Enquirer came to publish intimate details about Bezos's private life -- including text messages -- nine months later. It may also lead to renewed scrutiny about what the crown prince and his inner circle were doing in the months prior to the murder of Jamal Khashoggi, the Washington Post journalist who was killed in October 2018 -- five months after the alleged "hack" of the newspaper's owner.

Read more of this story at Slashdot.

The first case of an infection with a new coronavirus has been discovered in the United States. NPR reports: A man from Washington state returned home after a trip to Wuhan, China, on Jan. 15, sought medical attention on Jan. 19 and now is in isolation at Providence Regional Medical Center in Everett, Wash. State health officials say his condition is quite good and even referred to him as "healthy." But testing from the Centers for Disease Control and Prevention on the 20th confirm that he is infected with the Wuhan coronavirus. The man arrived back in the U.S. prior to the implementation of screening at three domestic airports on Friday. As of yesterday, over 200 cases of the virus have been reported in China.

Read more of this story at Slashdot.

Planned obsolescence strikes again

Sonos is doubling down on its previously disclosed inclination to drop support for older products that aren't profitable to support.…

An anonymous reader quotes a report from Ars Technica: Internet routers running the Tomato alternative firmware are under active attack by a self-propagating exploit that searches for devices using default credentials. When credentials are found, the exploit then makes the routers part of a botnet that's used in a host of online attacks, researchers said on Tuesday. The Muhstik botnet came to light about two years ago when it started unleashed a string of exploits that attacked Linux servers and Internet-of-things devices. It opportunistically exploited a host of vulnerabilities, including the so-called critical Drupalgeddon2 vulnerability disclosed in early 2018 in the Drupal content management system. Muhstik has also been caught using vulnerabilities in routers that use Gigabit Passive Optical Network (GPON) or DD-WRT software. The botnet has also exploited previously patched vulnerabilities in other server applications, including the Webdav, WebLogic, Webuzo, and WordPress. On Tuesday, researchers from Palo Alto Networks said they recently detected Muhstik targeting Internet routers running Tomato, an open-source package that serves as an alternative to firmware that ships by default with routers running Broadcom chips. The ability to work with virtual private networks and provide advanced quality of service control make Tomato popular with end users and in some cases router sellers. The exploits use already infected devices to scan the Internet for Tomato routers and, when found, to check if they use the default username and password of "admin:admin" or "root:admin" for remote administration. The exploit causes Tomato routers that haven't been locked down with a strong password to join an IRC server that's used to control the botnet. The infection also causes the routers to scan the Internet for servers or devices running WordPress, Webuzo, or WebLogic packages that are vulnerable.

Read more of this story at Slashdot.

Convenient timing for this story to emerge

Apple ditched plans to fully encrypt its iCloud backups two years ago after being pressured by the FBI, it is claimed.…

Apple chief executive Tim Cook believes augmented reality, or technology that overlays virtual objects onto the real world, is "the next big thing" that is poised to "pervade our entire lives." From a report: Shanahan asked Cook about major developments in tech he expects in the next five to 10 years. "I'm excited about AR," said the Big Tech CEO, citing augmented reality as an emerging tech space to watch. "My view is it's the next big thing, and it will pervade our entire lives." [...] Cook also sees applications for AR helping with hands-on tasks. "You may be under the car changing the oil, and you're not sure exactly how to do it. You can use AR," he said. Interestingly, the tech CEO sees benefits for AR and connecting people, more than other available technologies. "I think it's something that doesn't isolate people. We can use it to enhance our discussion, not substitute it for human connection, which I've always deeply worried about in some of the other technologies."

Read more of this story at Slashdot.

A large number of Android mobile apps listed on the official Google Play Store contain self-contradictory language in their privacy policies in regards to data collection practices. From a report: In an academic study published last year, researchers created a tool named PolicyLint that analyzed the language used in the privacy policies of 11,430 Play Store apps. They found that 14.2% (1,618 apps) contained a privacy policy with logical contradicting statements about data collection. Examples include privacy policies that stated in one section that they do not collect personal data, only to contradict themselves in subsequent sections, where they state they collect emails or customer names -- which are clearly personally-idenfiable information. While the research team could not determine the app maker's intent in using contradicting statements in their privacy policy, researchers feel the primary purpose was to mislead users if they ever took the time to read the policies.

Read more of this story at Slashdot.

Deal will crank telco's reach up to 8 million premises in UK

Goldman Sachs-backed telco CityFibre has snapped up TalkTalk's fibre-to-the-premises (FTTP) network for £200m, two months after the deal was delayed during the general election.…

The U.S. government's longest shutdown to date ended a year ago, but the memory may have kept lingering in the minds of federal workers looking for greener pastures in the technology world. From a report: A report released Tuesday by recruiting website Indeed compared clicks by federal employees on private tech jobs against clicks by users not on the federal payroll. That comparison found federal employees' clicks on such jobs were up on average almost 11% in the first 11 months of 2019 compared with 2017. Clicks from the general public fell 7.8% in the same period. The gap is more dramatic between tech workers in the government and private sector. Clicks by federal tech employees on those private-sector jobs were up 6.1% from January 2017 as of November, while clicks from private-sector tech employees fell 21% in the same period. Potential explanations for the divide included advantages for private-sector jobs like higher salaries and the ability to work remotely. Certain tech companies pay an almost 50% premium compared to the federal government, Indeed said.

Read more of this story at Slashdot.

Sonos has announced that come May 2020, a number of its older products will no longer receive software updates. From a report: That's fair enough, especially considering some of the devices were introduced as far back as 2005. What's likely to raise the heckles of affected Sonos customers, though, is that should they choose to continue using their legacy products, they won't be able to get updates for their contemporary ones. The reason this is the case is that a multi-speaker Sonos system requires all devices to operate on the same software and older products "do not have enough memory or processing power to sustain future innovation." Thus, as Sonos explains in an email to customers, "If modern products remain connected to legacy products after May, they also will not receive software updates and new features."

Read more of this story at Slashdot.

Federal prosecutors in Brazil on Tuesday charged the American journalist Glenn Greenwald with cybercrimes for his role in the spreading of cellphone messages that have embarrassed prosecutors and tarnished the image of an anti-corruption task force. The New York Times: In a criminal complaint made public on Tuesday, prosecutors in the capital, Brasilia, accused Mr. Greenwald of being part of a "criminal organization" that hacked into the cellphones of several prosecutors and other public officials last year. The Intercept Brazil, a news organization Mr. Greenwald co-founded, has published several stories based on a trove of leaked messages he received last year.

Read more of this story at Slashdot.

Nothing to see here, insists browser-maker

Opera has responded to accusations that it offers predatory short-term loans to some of the world's most disadvantaged communities to shore up its financial results.…

BetaNews: Over the years Microsoft has taken numerous controversial decisions with Windows 10, including installing sponsored apps, using the Start menu to advertise apps it thinks you might be interested in, and -- of course -- the various forms of data-collecting telemetry. Now it has been discovered that more ads could be on their way. A Windows researcher has uncovered ads in WordPad encouraging people to try out Word, Excel and PowerPoint online. News of the ads was shared on Twitter by Rafael Rivera, and it was met with a mixture of indignation and reluctant acceptance. Reaction was mixed because while some people saw little wrong with Microsoft advertising a free service rather than trying to encourage people to part with money, there was still a widespread feeling that it was an invasive move.

Read more of this story at Slashdot.

Nastygram to DNS overseer follows long, flawed and drawn-out process

Eight South American governments have vowed to make life difficult for DNS overseer ICANN after it gave the .amazon top-level domain to the US tech giant headed by Jeff Bezos.…

'Clerical error' causes major screw-up... misery loves company at UK's largest 'leccy retailer

Just because you want something badly doesn't mean you can will it to happen. This is what Dixons found out today when it was forced to re-issue a trading statement, with the first one saying sales had grown. (Spoiler: they hadn't.)…

French President Emmanuel Macron said on Monday he had a "great discussion" with U.S. President Donald Trump over a digital tax planned by Paris and said the two countries would work together to avoid a rise in tariffs. From a report: The two leaders agreed to the truce after Paris offered to suspend down payments for this year's digital tax and Washington promised to keep negotiating toward a solution rather than acting on a tariff threat, French sources said. Specifically, Macron and Trump agreed to hold off on a potential tariff war until the end of 2020, a French diplomatic source said, and to push ahead with broader negotiations at the Organization for Economic Cooperation and Development to rewrite the rules of international taxation during that period. "They agreed to give a chance to negotiations until the end of the year," the source said. "During that time period, there won't be successive tariffs." France decided in July to apply a 3% levy on revenue from digital services earned in France by companies with revenues of more than 25 million euros ($28 million) in France and 750 million euros worldwide.

Read more of this story at Slashdot.

Uber is testing a new feature that gives some drivers in California the ability to set their fares, the latest in a series of moves to give them more autonomy in response to the state's new gig-economy law. From a report: Starting Tuesday morning, drivers who ferry passengers from airports in Santa Barbara, Palm Springs and Sacramento can charge up to five times the fare Uber sets on a ride, according to a person involved in developing the feature. Uber confirmed in an emailed statement that it is doing an "initial test" that "would give drivers more control over the rates they charge riders." The ride-hailing giant has made many changes to the way it works in response to California's passage of Assembly Bill 5. The law requires companies to treat workers as employees -- eligible for sick days and other benefits -- rather than independent contractors if they are controlled by their employer and contribute to its usual course of business.

Read more of this story at Slashdot.

Just don't mention software giant's carbon-producing customers, 'cos that doesn't matter, right?

The World Economic Forum is pinning a sustainability badge on its 2020 conference, which, according to one estimate, will produce 18,090 metric tonnes* of CO2 in private air travel alone.…

Redmond's own security tools could be abused to create hard-to-scrub infections

The encryption technology Microsoft uses to protect its own file system could also be turned into a weapon for ransomware attackers.…

Apple dropped plans to let iPhone users fully encrypt backups of their devices in the company's iCloud service after the FBI complained that the move would harm investigations, Reuters reported on Tuesday, citing six sources familiar with the matter. From the report: The tech giant's reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers' information. The long-running tug of war between investigators' concerns about security and tech companies' desire for user privacy moved back into the public spotlight last week, as U.S. Attorney General William Barr took the rare step of publicly calling on Apple to unlock two iPhones used by a Saudi Air Force officer who shot dead three Americans at a Pensacola, Florida naval base last month. U.S. President Donald Trump piled on, accusing Apple on Twitter of refusing to unlock phones used by "killers, drug dealers and other violent criminal elements." Republican and Democratic senators sounded a similar theme in a December hearing, threatening legislation against end-to-end encryption, citing unrecoverable evidence of crimes against children. Apple did in fact did turn over the shooter's iCloud backups in the Pensacola case, and said it rejected the characterization that it "has not provided substantive assistance." Behind the scenes, Apple has provided the U.S. Federal Bureau of Investigation with more sweeping help, not related to any specific probe.

Read more of this story at Slashdot.