YouTube Is Full of Easy-To-Find Neo-Nazi Propaganda ( 378

An anonymous reader quotes an exclusive report from Motherboard: Through a software-aided investigation, Motherboard has found that while YouTube has managed to clamp down on Islamic extremists uploading propaganda, the video giant is still awash with videos supporting violent and established neo-Nazi organizations, even when, in some cases, users have reported the offending videos. Clips of neo-Nazi propaganda operations, hate-filled speeches, and extremists pushing for direct action have remained on the site for weeks, months, or years at a time. Arguably, many if not all of these videos may fall under YouTube's own policy on hate speech, which "refers to content that promotes violence against or has the primary purpose of inciting hatred against individuals or groups based on certain attributes," including race or ethnic origin, religion, and sexual orientation, according to the policy.

Motherboard built a tool to monitor YouTube and make a record of when the platform removed certain videos, and limited the clips to propaganda for established neo-Nazi and far-right terrorist organizations like Atomwaffen, rather than people in the so-called "alt-right." Most of the videos were discovered through simple YouTube searches of relevant organizations' names, or sometimes through the "recommended videos" sidebar after Motherboard had built up a browsing history of neo-Nazi material. For the sake of comparison, over a week-long period Motherboard also tracked pro-ISIS videos uploaded by the group's supporters and then distributed through a network of Telegram channels. Typically, YouTube removed these Islamic extremism videos in a matter of hours, including those that did not contain images of violence, but were instead speeches or other not directly violent content. But YouTube is playing catch up with neo-Nazi material. YouTube removed only two videos that Motherboard was monitoring: two identical clips of a speech from UK terrorist organization National Action.


Downloads of Popular Apps Were Silently Swapped For Spyware in Turkey: Citizen Lab ( 29

Matthew Braga, reporting for CBC: Since last fall, Turkish internet users attempting to download one of a handful of popular apps may have been the unwitting targets of a wide-reaching computer surveillance campaign. And in Egypt, users across the country have, seemingly at random, had their browsing activity mysteriously redirected to online money-making schemes. Internet filtering equipment sold by technology company Sandvine -- founded in Waterloo, Ont. -- is believed to have played a significant part in both.

That's according to new research from the University of Toronto's Citizen Lab, which has examined misuse of similar equipment from other companies in the past. The researchers say it's likely that Sandvine devices are not only being used to block the websites of news, political and human rights organizations, but are also surreptitiously redirecting users toward spyware and unwanted ads. Using network-filtering devices to sneak spyware onto targets' computers "has long been the stuff of legends" according to the report -- a practice previously documented in leaked NSA documents and spyware company brochures, the researchers say, but never before publicly observed.
Citizen Lab notes that targeted users in Turkey and Syria who attempted to download Windows applications from official vendor websites including Avast Antivirus, CCleaner, Opera, and 7-Zip were silently redirected to malicious versions by way of injected HTTP redirects. It adds: This redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default. Additionally, targeted users in Turkey and Syria who downloaded a wide range of applications from CBS Interactive's (a platform featured by CNET to download software) were instead redirected to versions containing spyware. does not appear to support HTTPS despite purporting to offer "secure download" links.

Comcast's Protected Browsing Is Blocking PayPal, Steam and TorrentFreak, Customers Say ( 82

Comcast's Xfinity internet customers have been reporting multiple websites, including PayPal, Steam, and TorrentFreak have been getting blocked by the ISP's "protected browsing" setting. From a report: The "protected browsing" setting is designed to "reduce the risk of accessing known sources of malware, spyware, and phishing for all devices connected to your home network." This, in general, isn't a bad thing. It's similar to Google Chrome's security settings that warn you when you have an insecure connection. But it's odd that Xfinity's security setting would be blocking perfectly harmless sites like PayPal. Multiple consumers have been reporting on Comcast's forums and elsewhere that they've been blocked while trying to access sites that many people use every day. After posting about it on the forums, one user who said they couldn't access PayPal said the problem with that particular site had been fixed. Further reading: Comcast's Protected Browsing Blocks TorrentFreak as "Suspicious" Site (TorrentFreak).

Businesses Under Pressure To 'Consumerize' Logins ( 47

Almost two-thirds (64 percent) of IT leaders say their security teams are considering implementing consumer-grade access to cloud services for employees. From a report: According to the 2018 Identity and Access Management Index from digital security company Gemalto 54 percent of respondents believe that the authentication methods they implement in their businesses are not as good compared to those found on popular sites including Amazon and Facebook. Authentication methods applied in the consumer world can be applied to secure access to enterprise resources 70 percent of IT professionals believe. But despite this, 92 percent of IT leaders express concern about employees reusing personal credentials for work. This comes as 61 percent admit they are still not implementing two-factor authentication to allow access to their network, potentially leaving themselves vulnerable to cyber criminals.

McAfee Acquires VPN Provider TunnelBear ( 56

McAfee announced that it has acquired Canada-based virtual private network (VPN) company TunnelBear. From a report: Founded in 2011, Toronto-based TunnelBear has gained a solid reputation for its fun, cross-platform VPN app that uses quirky bear-burrowing animations to bring online privacy to the masses. The company claims around 20 million people have used its service across mobile and desktop, while a few months back it branched out into password management with the launch of the standalone RememBear app. [...] That TunnelBear has sold to a major brand such as McAfee won't be greeted warmly by many of the product's existing users. However, with significantly more resources now at its disposal, TunnelBear should be in a good position to absorb any losses that result from the transfer of ownership.

Time To Bring Back the Software User Conference ( 43

Holger Mueller, writing for ZDNet (condensed for space): Every tech company has a user conference these days. And is it just me, or are they all starting to feel the exact same? Same announcements, same message, same speakers, same venue. Rinse, repeat. On top of this sameness, irrelevant gimmicks and lack of substance threaten to drag the tech user conference into obsolescence. But all is not lost. Here are a few areas in which tech conferences are going astray, and a few ideas about how to fix them.

It's about the product. Users attend conferences to learn more about a vendor's software. So product needs to get a lot of air time. Yes, services matter too-but it's the product that people have taken time out of their busy schedules to learn about.
Have a motivational speaker who matters.
Demo software. Many attendees are expert users. Vendors need to demonstrate they, too, are experts with their own product. The best way to do this is to demo the product.
Subject expertise beats celebrity. Yes, user conferences are about inspiration, but a celebrity, soap opera star, or a talk show host is not something an enterprise software user can relate to their work and is definitely not why they spend 3-4 days and a few thousand dollars/euros to attend a conference.
Limit the philanthropy. It's great for vendors to give back to a purpose outside of the software. But it should not be 50 percent of a keynote.
Users want to network. Vendors should give users a chance to network. Not just informally, but in a planned way.
Party hard but responsibly.


Researchers Bypassed Windows Password Locks With Cortana Voice Commands ( 90

Two independent Israeli researchers found a way for an attacker to bypass the lock protection on Windows machines and install malware by using voice commands directed at Cortana, the multi-language, voice-commanded virtual assistant that comes embedded in Windows 10 desktop and mobile operating systems. From a report: Tal Be'ery and Amichai Shulman found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use https -- that is, a web address that does not encrypt traffic between a user's machine and the website. The attacker's malicious network adapter then intercepts the web session to send the computer to a malicious site instead, where malware downloads to the machine, all while the computer owner believes his or her machine is protected.

Uber Self-Driving Trucks Are Now Moving Cargo For Uber Freight Customers ( 52

Uber's autonomous trucks are now being put to work via Uber Freight, Uber's commercial cargo shipping on-demand app. "The first runs are being done in Arizona, with regular hauls operating with both human drivers and autonomous trucks working in tandem," reports TechCrunch. From the report: How it works is that Uber will load up the freight on a conventional, human driven truck who collects the load from the shipper and then does a short haul run to a transfer hub. The short haul truck then loads its cargo onto a long-haul freight transport, which is autonomous for the purposes of these trips. That self-driving test truck handles the highway driving for the longer portion of the trip, handing it off once again to a human-driven trip for the short haul cap to the overall journey. Uber Freight handles the load sourcing, just as it dos for connecting shippers with regular human truckers. Uber's Advanced Technology Group is simply deploying its self-driving trucks on the Uber Freight platform, in the same way that the autonomous team within Uber is using the Uber ride-hailing network to test and deploy its self-driving ride share vehicles. Uber has released a video depicting this journey.

Silicon Valley Is Over, Says Silicon Valley ( 304

An anonymous reader shares a New York Times report: In recent months, a growing number of tech leaders have been flirting with the idea of leaving Silicon Valley. Some cite the exorbitant cost of living in San Francisco and its suburbs, where even a million-dollar salary can feel middle class. Others complain about local criticism of the tech industry and a left-wing echo chamber that stifles opposing views. And yet others feel that better innovation is happening elsewhere. "I'm a little over San Francisco," said Patrick McKenna, the founder of High Ridge Venture Partners who was also on the bus tour. "It's so expensive, it's so congested, and frankly, you also see opportunities in other places." Mr. McKenna, who owns a house in Miami in addition to his home in San Francisco, told me that his travels outside the Bay Area had opened his eyes to a world beyond the tech bubble. "Every single person in San Francisco is talking about the same things, whether it's 'I hate Trump' or 'I'm going to do blockchain and Bitcoin,'" he said. "It's the worst part of the social network."

[...] Complaints about Silicon Valley insularity are as old as the Valley itself. Jim Clark, the co-founder of Netscape, famously decamped for Florida during the first dot-com era, complaining about high taxes and expensive real estate. Steve Case, the founder of AOL, has pledged to invest mostly in start-ups outside the Bay Area, saying that "we've probably hit peak Silicon Valley." But even among those who enjoy living in the Bay Area, and can afford to do so comfortably, there's a feeling that success has gone to the tech industry's head. "Some of the engineers in the Valley have the biggest egos known to humankind," Mr. Khanna, the Silicon Valley congressman, said during a round-table discussion with officials in Youngstown.


Frequency Deviations In Continental Europe Are Causing Electric Clocks To Run Behind By 5 Minutes ( 251

elgatozorbas shares a short note from the European Network of Transmission System Operators for Electricity (ENTSO-E): Apparently the Continental European Power System has been off since mid-January, causing some clocks to run behind by 5 minutes. How common are these mains-frequency synchronized clocks anyway, and why are they built that way? "The power deviations have led to a slight drop in the electric frequency," reports ENTSO-E. "This in turn has also affected those electric clocks that are steered by the frequency of the power system and not by a quartz crystal... All actions are taken by the transmission system operators (TSOs) of Continental Europe and by ENTSO-E to resolve the situation."

Do Neural Nets Dream of Electric Sheep? ( 201

An anonymous reader shares a post: If you've been on the internet today, you've probably interacted with a neural network. They're a type of machine learning algorithm that's used for everything from language translation to finance modeling. One of their specialties is image recognition. Several companies -- including Google, Microsoft, IBM, and Facebook -- have their own algorithms for labeling photos. But image recognition algorithms can make really bizarre mistakes. Microsoft Azure's computer vision API added the above caption and tags. But there are no sheep in the image. None. I zoomed all the way in and inspected every speck. It also tagged sheep in this image. I happen to know there were sheep nearby. But none actually present. Here's one more example. In fact, the neural network hallucinated sheep every time it saw a landscape of this type. What's going on here?

Are neural networks just hyper-vigilant, finding sheep everywhere? No, as it turns out. They only see sheep where they expect to see them. They can find sheep easily in fields and mountainsides, but as soon as sheep start showing up in weird places, it becomes obvious how much the algorithms rely on guessing and probabilities. Bring sheep indoors, and they're labeled as cats. Pick up a sheep (or a goat) in your arms, and they're labeled as dogs.


Facebook Asks Users: Should We Allow Men To Ask Children For Sexual Images? ( 386

Alex Hern, writing for The Guardian: Facebook has admitted it was a "mistake" to ask users whether paedophiles requesting sexual pictures from children should be allowed on its website. On Sunday, the social network ran a survey for some users asking how they thought the company should handle grooming behaviour. "There are a wide range of topics and behaviours that appear on Facebook," one question began. "In thinking about an ideal world where you could set Facebook's policies, how would you handle the following: a private message in which an adult man asks a 14-year-old girl for sexual pictures." The options available to respondents ranged from "this content should not be allowed on Facebook, and no one should be able to see it" to "this content should be allowed on Facebook, and I would not mind seeing it." A second question asked who should decide the rules around whether or not the adult man should be allowed to ask for such pictures on Facebook. Options available included "Facebook users decide the rules by voting and tell Facebook" and "Facebook decides the rules on its own."

New LTE Attacks Can Snoop On Messages, Track Locations, and Spoof Emergency Alerts ( 28

An anonymous reader quotes a report from ZDNet: A slew of newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts. Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. Those flaws can allow authentication relay attacks that can allow an adversary to connect to a 4G LTE network by impersonating an existing user -- such as a phone number. Although authentication relay attacks aren't new, this latest research shows that they can be used to intercept message, track a user's location, and stop a phone from connecting to the network. By using common software-defined radio devices and open source 4G LTE protocol software, anyone can build the tool to carry out attacks for as little as $1,300 to $3,900, making the cost low enough for most adversaries. The researchers aren't releasing the proof-of-concept code until the flaws are fixed, however.

Australia Considers Making It Illegal For ISPs To Advertise Inflated Speeds ( 70

The Australian government is currently considering a bill that would make it illegal for internet service providers to exaggerate speeds, or else face a fine of up to $1 million. "One constituent says he's being charged for a 25 megabit per second download speed and a five megabit per second upload and he's actually getting less than one tenth of that," said Andrew Wilkie, the Member of Parliament who introduced the bill. "In other words, people are getting worse than dial-up speed when they've been promised a whizz-bang, super-fast connection." Motherboard reports: Internet speeds can vary based on how many people are on the network and even the hardware you use, but while we can't expect ISPs to deliver maximum speed 100 percent of the time, previous probes into their performance have shown many ISPs in the U.S. aren't delivering even the minimum advertised speeds a majority of the time for the average user. Under the proposed Australian law, ISPs are simply required to be more transparent about what consumers can expect with a specific plan. Rather than advertising only the maximum speeds, they would have to include typical speeds for the average user, indicate busy periods, and clearly list any other factors that might impact service. The bill was only introduced this week, so it's yet to be seen if it will gain traction.

Germany Says Government Network Was Breached ( 30

An anonymous reader shares a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): German authorities said on Wednesday they were investigating a security breach of the government's highly protected computer network. The country's intelligence agencies were examining attacks on more than one government ministry, the interior ministry said, adding that the affected departments had been informed and that the attack had been isolated and brought under control. Earlier on Wednesday, the German news agency DPA reported that German security services had discovered a breach of the government's IT network in December and traced it back to state-sponsored Russian hackers. German companies have been the target of sustained attacks by state-sponsored hackers, mainly believed to be Chinese. In 2015, the Bundestag, parliament's lower house, suffered a extensive breach, leading to the theft of several gigabytes of data by what German security officials believe were Russian cyberthieves. Hackers believed to be part of the Russia-linked APT28 group sought to infiltrate the computer systems of several German political parties in 2016, Germany's domestic intelligence agency said in 2016.

Nokia, Vodafone To Bring 4G To the Moon ( 80

According to Reuters, the moon will get its first mobile phone network next year, enabling high-definition streaming from the landscape back to earth. "Vodafone Germany, network equipment maker Nokia and carmaker Audi said on Tuesday they were working together to support the mission, 50 years after the first NASA astronauts walked on the moon." From the report: Vodafone said it had appointed Nokia as its technology partner to develop a space-grade network which would be a small piece of hardware weighing less than a bag of sugar. The companies are working with Berlin-based company PTScientists on the project, with a launch scheduled in 2019 from Cape Canaveral on a SpaceX Falcon 9 rocket, Vodafone said. One executive involved said the decision to build a 4G network rather than a state-of-the-art 5G network was taken because the next generation networks remain in the testing and trial stage and are not stable enough to ensure they would work from the lunar surface.

Qualcomm's Simulated 5G Tests Shows How Fast Real-world Speeds Could Actually Be ( 61

At Mobile World Congress, Qualcomm demonstrated the real-world potential of 5G by sharing findings of extensive network simulations it has conducted over the past several months. From a report: Instead of just offering guesses as to the gigabit-plus speeds that 5G technology could one day offer, Qualcomm's tests modeled real-world conditions in Frankfurt and San Fransisco, based on the location of existing cell sites and spectrum allocations in the two cities. The simulations factor in conditions like geography, different user demands on the network, a wide spectrum of devices with various levels of LTE and 5G connectivity for different speeds in order to accurately give an idea of what to expect when these networks launch. Additionally, the simulations are intended only to show the kind of 5G NR (New Radio) networks that could feasibly exist next year -- the non-standalone networks built in tandem with existing 4G LTE technology, not the truly standalone 5G networks that will come later on.

The Frankfurt simulation is the more basic network, based on 100 MHz of 3.5GHz spectrum with an underlying gigabit-LTE network on 5 LTE spectrum bands, but the results are still staggering. Browsing jumped from 56 Mbps for the median 4G user to more than 490 Mbps for the median 5G user, with roughly seven times faster response rates for browsing. Download speeds also improved dramatically, with over 90 percent of users seeing at least 100 Mbps download speeds on 5G, versus 8 Mbps on LTE.


Scientists Say Space Aliens Could Hack Our Planet ( 293

Scientists are worried that space aliens might send messages that worm their way into human society -- not to steal our passwords but to bring down our culture. "Astrophysicists Michael Hippke and John Learned argue in a recent paper that our telescopes might pick up hazardous messages sent our way -- a virus that shuts down our computers, for example, or something a bit like cosmic blackmail: 'Do this for us, or we'll make your sun go supernova and destroy Earth,'" reports NBC News. "Or perhaps the cosmic hackers could trick us into building self-replicating nanobots, and then arrange for them to be let loose to chew up our planet or its inhabitants." From the report: The astrophysicists also suggest that the extraterrestrials could show their displeasure (what did we do?) by launching a cyberattack. Maybe you've seen the 1996 film "Independence Day," in which odious aliens are vanquished by a computer virus uploaded into their machinery. That's about as realistic as sabotaging your neighbor's new laptop by feeding it programs written for the Commodore 64. In other words, aliens that could muster the transmitter power (not to mention the budget) to try wiping us out with code are going to have a real compatibility problem.

Yet there is a way that messages from space might be disruptive. Extraterrestrials could simply give us some advanced knowledge -- not as a trade, but as a gift. How could that possibly be a downer? Imagine: You're a physicist who has dedicated your career to understanding the fundamental structure of matter. You have a stack of reprints, a decent position, and a modicum of admiration from the three other specialists who have read your papers. Suddenly, aliens weigh in with knowledge that's a thousand years ahead of yours. So much for your job and your sense of purpose. If humanity is deprived of the opportunity to learn things on its own, much of its impetus for novelty might evaporate. In a society where invention and discovery are written out of the script, progress and improvement would suffer.


'Memtransistor' Brings World Closer To Brain-Like Computing 94

the gmr writes: According to a recent article published in the journal Nature, researchers at Northwestern University's McCormick School of Engineering have developed a "memtransistor," a device that both stores information in memory and processes information. The combined transistor and memory resistor work more like a neuron and purports to make computing more brain-like. The new "memtransistor" would use less energy than digital computers and eliminate the need to run memory and processing as separate functions while also being more brain-like. Lead researcher Mark C. Hersam clarified the brain-like efficacy of the memtransistor: " the brain, we don't usually have one neuron connected to only one other neuron. Instead, one neuron is connected to multiple other neurons to form a network. Our device structure allows multiple contacts, which is similar to the multiple synapses in neurons... [but] making dozens of devices, as we have done in our paper, is different than making a billion, which is done with conventional transistor technology today." Hersam reported no barriers to scaling up to billions of devices. This new technology would make smart devices more capable and possibly more seemingly-human. The devices may also promote advances in neural networks and brain-computer interfaces, new technologies also recently reported at Futurism.

How Are Sysadmins Handling Spectre/Meltdown Patches? ( 49

Esther Schindler (Slashdot reader #16,185) writes that the Spectre and Meltdown vulnerabilities have become "a serious distraction" for sysadmins trying to apply patches and keep up with new fixes, sharing an HPE article described as "what other sysadmins have done so far, as well as their current plans and long-term strategy, not to mention how to communicate progress to management." Everyone has applied patches. But that sounds ever so simple. Ron, an IT admin, summarizes the situation succinctly: "More like applied, applied another, removed, I think re-applied, I give up, and have no clue where I am anymore." That is, sysadmins are ready to apply patches -- when a patch exists. "I applied the patches for Meltdown but I am still waiting for Spectre patches from manufacturers," explains an IT pro named Nick... Vendors have released, pulled back, re-released, and re-pulled back patches, explains Chase, a network administrator. "Everyone is so concerned by this that they rushed code out without testing it enough, leading to what I've heard referred to as 'speculative reboots'..."

The confusion -- and rumored performance hits -- are causing some sysadmins to adopt a "watch carefully" and "wait and see" approach... "The problem is that the patches don't come at no cost in terms of performance. In fact, some patches have warnings about the potential side effects," says Sandra, who recently retired from 30 years of sysadmin work. "Projections of how badly performance will be affected range from 'You won't notice it' to 'significantly impacted.'" Plus, IT staff have to look into whether the patches themselves could break something. They're looking for vulnerabilities and running tests to evaluate how patched systems might break down or be open to other problems.

The article concludes that "everyone knows that Spectre and Meltdown patches are just Band-Aids," with some now looking at buying new servers. One university systems engineer says "I would be curious to see what the new performance figures for Intel vs. AMD (vs. ARM?) turn out to be."

Slashdot Top Deals