"Sorry, something went wrong. Try again in a few seconds." That's the response that Google smart speaker users around the world heard Wednesday when they asked their devices to play music, get the weather or even respond to its "Hey, Google" prompt. From a report: Google confirmed there's a problem with both their smart speakers and the Chromecast, the plug-in video casting dongle for televisions. While the company did not say how many people are affected or what caused the issue, it did confirm it's working on a fix. "We're aware of an issue affecting some Google Home and Chromecast users. We're investigating the issue and working on a solution," Google said in a statement. Google Home and Chromecast owners started reporting issues to Google early Wednesday morning, according to online help forums for both devices. Devices affected by the problem have lost their normal functions.

An anonymous reader quotes a report from Bloomberg: Facebook's Instagram is estimated to be worth more than $100 billion, if it were a stand-alone company, marking a 100-fold return for the app purchased in 2012, according to data compiled by Bloomberg Intelligence. The photo-sharing platform, which reached 1 billion monthly active users earlier this month, will likely help nudge Instagram revenue past $10 billion over the next 12 months, Bloomberg Intelligence analyst Jitendra Waral wrote in a report Monday. Instagram is attracting new users faster than Facebook's main site and is on track to exceed 2 billion users within the next five years, Waral said. While the social network already has surpassed that milestone, Instagram's audience is younger than its parent, making it more attractive to advertisers. And unlike Facebook, Instagram is still growing in the U.S.

A prominent Japanese blogger has been stabbed to death minutes after giving a seminar on how to resolve personal disputes on the internet. The Guardian reports: Media reports said Kenichiro Okamoto, better known by his blogger name Hagex, died on Sunday evening after reportedly being attacked by a man he had argued with online. The suspect, Hidemitsu Matsumoto, allegedly followed Okamoto into the toilets after he had ended his talk at a venue in the south-western city of Fukuoka.

Okamoto was stabbed several times before staggering out of the toilets after his assailant, who fled on a bicycle, according to the Mainichi Shimbun newspaper. Okamoto, who sustained stab wounds to the chest and neck, was taken to hospital where he was confirmed dead. His attacker reportedly handed himself in almost three hours after the attack.

The German website Heise reports that Nvidia's new non-disclosure agreements (NDAs) last for five years and are more far reaching than product-specific information. HardOCP explains what NDAs are and shares an excerpt from Heise's report: First and foremost, I should tell you that NDAs in the tech world are nothing new, but those non-disclosure agreements usually are product-specific and date-specific. Say we agree to get a review sample of video card X. Many times we will get an NDA that is specific to releasing any information shared by card X's representative and a date when we can share that information with you, often referred to as the "embargo date."

[Here's the excerpt from Heise about Nvidia's new NDA]: "The NDA should apply to all information provided by Nvidia, so it did not refer to a specific product or information. There was also no concrete expiration date. It was also full of conditions that ran counter to journalistic principles. Our legal department clapped their hands over their heads as they read the document. In other words, journalists are allowed to write only what fits Nvidia in the junk. In doing so, Nvidia downgrades the independent press into a marketing tool." There are several forums discussing Nvidia's new NDA. HardOCP has shared a copy of the NDA for you to read and make up your own mind.

An anonymous reader quotes a report from ABC News: California state senators advanced a last-minute internet privacy bill Tuesday ahead of a deadline while acknowledging it would need changes if it becomes law. The bill would let consumers ask companies what personal data they collect and opt out of having their data sold, among other privacy provisions. Lawmakers voted to pass the measure, AB375, out of the Senate Judiciary Committee.

The bill is aimed at keeping a related initiative off the November ballot. Lawmakers negotiated it with San Francisco housing developer Alastair Mactaggart, who spent millions of dollars to place the initiative on the ballot. He said he would pull the measure from the ballot if the bill is signed into law by the Thursday deadline to withdraw initiatives. The bill now moves to the Senate Appropriations Committee, a spokeswoman for co-author Sen. Bob Hertzberg, D-Van Nuys, said. The full Assembly and Senate each plan to vote on the bill Thursday. Gov. Jerry Brown's office has not said whether he will sign it.

Wave723 shares a report from IEEE Spectrum: Facebook's plans to beam high-speed Internet from enormous solar-powered drones in the stratosphere appear to be in disarray. Two key engineers behind its Aquila drones have left the company, and it recently cancelled plans for a secret high-altitude flight campaign at Spaceport America, possibly because Facebook no longer has any aircraft available to deploy.

A trove of emails between Facebook and Spaceport America, obtained under New Mexico public records law and first reported by Business Insider, details the painstaking process of turning a site for rockets and spaceplanes into a testbed for some of the largest drones in the world.

An Access Now report finds that Venezuela has blocked all access to the Tor network. "The latest block includes both direct connections to the network and connections over bridge relays, which had escaped many previous Tor blocks," reports The Verge. From the report: According to network metrics, Tor access in Venezuela had recently spiked in response to recent web blocks placed on local news outlets. Unlike previous blocks, the latest restrictions could not be circumvented by using a censorship-resistant DNS server like those provided by Google and CloudFlare. For many Venezuelans, Tor seems to have been the only way left to access the restricted content. "This is the latest escalation in Venezuela's internet censorship efforts, as it blocks higher-profile sites with more sophisticated methods," said Andres Azpurua of Venezuela Inteligente, in a statement provided through Access. "This is one of their boldest internet censorship actions yet."

Back in January, Facebook banned cryptocurrency ads because too many companies in this space were "not currently operating in good faith." Now the social media company is reversing its ban effective immediately. "The company says it will allow ads and related content from 'pre-approved advertisers,' but will still not allow ads promoting binary options and initial coin offerings," reports TechCrunch. From the report: This time around, it's making advertisers go through an application process to determine their eligibility. Facebook will ask advertisers to include on their applications details like what licenses they've obtained, whether they're a publicly traded company, and other relevant background information regarding their business. How thoroughly this information is fact-checked by Facebook staff remains unclear.

The company reminded users in the same announcement that they should continue to flag ad content that violates its guidelines. In other words, expect some bad ads to get through. Facebook explains its new requirements will keep some crypto advertisers from being able to hawk their businesses on the social network, but adds that its policy in this area continues to be a work in progress. Facebook's Product Management Director, Rob Leathern, made the announcement.

There are cyberheists, and then there's Carbanak, a cybercriminal gang that has stolen about $1.2 billion from more than 100 banks in 40 nations. The suspected 34-year-old ringleader is under arrest, but the whopping $1.2 billion amount remains missing. And to add insult to the injury, the malware attacks live on. Bloomberg Businessweek has an insightful story on this, which includes comments from none other than Europol itself, on the chase to catch Carabanak which has lasted for three years. Some excerpts from the story: Before WannaCry, before the Sony Pictures hack, and before the breaches that opened up Equifax and Yahoo!, there was a nasty bit of malware known as Carbanak. Unlike those spectacular attacks, this malware wasn't created by people interested in paralyzing institutions for ransom, publishing embarrassing emails, or taking personal data. The Carbanak guys just wanted loot, and lots of it.

Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union's law enforcement agency. The string of thefts, collectively dubbed Carbanak -- a mashup of a hacking program and the word "bank" -- is believed to be the biggest digital bank heist ever. In a series of exclusive interviews with Bloomberg Businessweek, law enforcement officials and computer-crime experts provided revelations about their three-year pursuit of the gang and the mechanics of a caper that's become the stuff of legend in the digital underworld.

Besides forcing ATMs to cough up money, the thieves inflated account balances and shuttled millions of dollars around the globe. Deploying the same espionage methods used by intelligence agencies, they appropriated the identities of network administrators and executives and plumbed files for sensitive information about security and account management practices. The gang operated through remotely accessed computers and hid their tracks in a sea of internet addresses.

wiredmikey writes: The Wi-Fi Alliance, the organization responsible for maintaining Wi-Fi technology, announced the launch of the WPA3 security standard. The latest version of the Wi-Fi Protected Access (WPA) protocol brings significant improvements in terms of authentication and data protection.

WPA3 has two modes of operation: Personal and Enterprise. WPA3-Personal's key features include enhanced protection against offline dictionary attacks and password guessing attempts. WPA3-Enterprise provides 192-bit encryption for extra security, improved network resiliency, and greater consistency when it comes to the deployment of cryptographic tools.

An anonymous reader quotes a report from Bleeping Computer: Security researchers have found, on average, five security flaws in each cryptocurrency ICO held last year. Only one ICO held in 2017 did not contain any critical flaws. According to Positive.com, a security firm specialized in ICO security audits, most of the vulnerabilities they found, they discovered in the smart contracts at the base of the ICO itself.

"71% of tested projects contained vulnerabilities in smart contracts, the heart and soul of an ICO," the company said. "Once an ICO starts, the contract cannot be changed and is open to everyone, meaning anyone can view it and look for flaws. Typically, these would consist of non compliance with the ERC20 standard (the token interface for digital wallets and cryptocurrency exchanges), incorrect random number generation and incorrect scoping amongst others," Positive.com experts say. "Generally, these vulnerabilities occur due to lack of programmer expertise and insufficient source code testing." According to the researchers, all the mobile apps ICO organizers have launched in 2017 contained security flaws. "The most common flaws in mobile apps are the use of insecure data transfer methods, storage of user data in phone backups, and disclosure of session IDs that an attacker could capture and use against the user," reports Bleeping Computer. Security bugs were also found in the web apps.

Troy Hunt, web security expert and creator of the website Have I Been Pwned (HIBP), wrote a blog post announcing his partnerships with Firefox and 1Password. For those unfamiliar with the site, Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised. The service is especially handy now that data breaches are becoming a daily occurrence. Hunt writes: Last November, there was much press about Mozilla integrating HIBP into Firefox. I was a bit surprised at the time as it was nothing more than their Breach Alerts feature which simply highlighted if the site being visited had previously been in a data breach (it draws this from the freely accessible breach API on HIBP). But the press picked up on some signals which indicated that in the long term, we had bigger plans than that and the whole thing got a heap of very positive attention. I ended up fielding a heap of media calls just on that one little feature - people loved the idea of HIBP in Firefox, even in a very simple form. As it turns out, we had much bigger plans and that's what I'm sharing here today. Over the coming weeks, Mozilla will begin trialling integration between HIBP and Firefox to make breach data searchable via a new tool called "Firefox Monitor." Here's what Hunt has to say about 1Password: As of now, you can search HIBP from directly within 1Password via the Watchtower feature in the web version of the product. This helps Watchtower become "mission control" for accounts and introduces the "Breach Report" feature. If you're a 1Password user you can use this feature right now, just head on over to the 1Password login page.

News agency AFP reports: After mocking censors working overtime to delete comparisons of Chinese President Xi Jinping with the cartoon bear, comedian John Oliver and now the website of TV giant HBO have fallen victim to Beijing's censorship machine. Chinese authorities blocked HBO's site in China, just days after Oliver took Xi to task, anti-censorship and monitoring group GreatFire.org said on Saturday. The website was still not accessible on Monday. HBO joins a long list of Western media outlets that have had their websites blocked in China including The New York Times, Facebook and Twitter.

Mark Wilson writes: When it comes to messaging tools, people have started to show greater interest in whether encryption is used for security, and the same for websites -- but not so much with email. Thanks to the work of the Electronic Frontier Foundation, however, email security is being placed at the top of the agenda. The privacy group today announces STARTTLS Everywhere, its new initiative to improve the security of the email ecosystem. STARTTLS is an addition to SMTP, and while it does not add end-to-end encryption, it does provide hop-to-hop encryption, which is very much a step in the right direction. In a blog post, EFF elaborates SMARTTLS for the uninitiated, and outlines how it worked around some of the tech's underlying challenges: There are two primary security models for email transmission: end-to-end, and hop-to-hop. Solutions like PGP and S/MIME were developed as end-to-end solutions for encrypted email, which ensure that only the intended recipient can decrypt and read a particular message. Unlike PGP and S/MIME, STARTTLS provides hop-to-hop encryption (TLS for email), not end-to-end. Without requiring configuration on the end-user's part, a mailserver with STARTTLS support can protect email from passive network eavesdroppers. For instance, network observers gobbling up worldwide information from Internet backbone access points (like the NSA or other governments) won't be able to see the contents of messages, and will need more targeted, low-volume methods. In addition, if you are using PGP or S/MIME to encrypt your emails, STARTTLS prevents metadata leakage (like the "Subject" line, which is often not encrypted by either standard) and can negotiate forward secrecy for your emails.

News outlet The Intercept on Monday published a report that reveals eight AT&T-owned locations: two in California, one in Washington, another in Washington, D.C., one in New York, one in Texas, one in Illinois, and one in Georgia, that serve as backbone or "peering" facilities that the NSA has secretly been using for eavesdropping purposes. Spokespeople of AT&T, which refers to the aforementioned peering sites as "Service Node Routing Complexes", and NSA, could neither confirm or deny the report's findings. From the report: The NSA considers AT&T to be one of its most trusted partners and has lauded the company's "extreme willingness to help." It is a collaboration that dates back decades. Little known, however, is that its scope is not restricted to AT&T's customers. According to the NSA's documents, it values AT&T not only because it "has access to information that transits the nation," but also because it maintains unique relationships with other phone and internet providers. The NSA exploits these relationships for surveillance purposes, commandeering AT&T's massive infrastructure and using it as a platform to covertly tap into communications processed by other companies.

[...] While network operators would usually prefer to send data through their own networks, often a more direct and cost-efficient path is provided by other providers' infrastructure. If one network in a specific area of the country is overloaded with data traffic, another operator with capacity to spare can sell or exchange bandwidth, reducing the strain on the congested region. This exchange of traffic is called "peering" and is an essential feature of the internet.

Because of AT&T's position as one of the U.S.'s leading telecommunications companies, it has a large network that is frequently used by other providers to transport their customers' data. Companies that "peer" with AT&T include the American telecommunications giants Sprint, Cogent Communications, and Level 3, as well as foreign companies such as Sweden's Telia, India's Tata Communications, Italy's Telecom Italia, and Germany's Deutsche Telekom.

Smart home devices are supposed to bring convenience to people's lives, but increasingly, their unintended consequences are surfacing, and are being exploited to harass others, an investigation by The New York Times has found. [Editor's note: the link maybe paywalled; syndicated source.] From the report: In more than 30 interviews with The New York Times, domestic abuse victims, their lawyers, shelter workers and emergency responders described how the technology was becoming an alarming new tool. Abusers -- using apps on their smartphones, which are connected to the internet-enabled devices -- would remotely control everyday objects in the home, sometimes to watch and listen, other times to scare or show power. Even after a partner had left the home, the devices often stayed and continued to be used to intimidate and confuse.

For victims and emergency responders, the experiences were often aggravated by a lack of knowledge about how smart technology works, how much power the other person had over the devices, how to legally deal with the behavior and how to make it stop. "People have started to raise their hands in trainings and ask what to do about this," Erica Olsen, director of the Safety Net Project at the National Network to End Domestic Violence, said of sessions she holds about technology and abuse. She said she was wary of discussing the misuse of emerging technologies because "we don't want to introduce the idea to the world, but now that it's become so prevalent, the cat's out of the bag."

Another high-profile endorsement for Firefox -- this time from the lead consumer technology writer for The New York Times. (Alternate link here). The web has reached a new low. It has become an annoying, often toxic and occasionally unsafe place to hang out. More important, it has become an unfair trade: You give up your privacy online, and what you get in return are somewhat convenient services and hyper-targeted ads. That's why it may be time to try a different browser.

Remember Firefox...? About two years ago, six Mozilla employees were huddled around a bonfire one night in Santa Cruz, Calif., when they began discussing the state of web browsers. Eventually, they concluded there was a "crisis of confidence" in the web. "If they don't trust the web, they won't use the web," Mark Mayo, Mozilla's chief product officer, said in an interview.... After testing Firefox for the last three months, I found it to be on a par with Chrome in most categories. In the end, Firefox's thoughtful privacy features persuaded me to make the switch and make it my primary browser.
The Times cites privacy features like Firefox's "Facebook Container," which prevents Facebook from tracking you after you've left their site.

While both Chrome and Firefox have tough security (including sandboxing), Cooper Quintin, a security researcher for the Electronic Frontier Foundation, tells the Times that Google "is fundamentally an advertising company, so it's unlikely that they will ever have a business interest in making Chrome more privacy friendly."

America's Department of Defense "has quietly empowered the United States Cyber Command to take a far more aggressive approach to defending the nation against cyberattacks, a shift in strategy that could increase the risk of conflict with the foreign states that sponsor malicious hacking groups," reports the New York Times. Long-time Slashdot reader TheSauce shares their report: In the spring, as the Pentagon elevated the command's status, it opened the door to nearly daily raids on foreign networks, seeking to disable cyberweapons before they can be unleashed, according to strategy documents and military and intelligence officials... The new strategy envisions constant, disruptive "short of war" activities in foreign computer networks... "Continuous engagement imposes tactical friction and strategic costs on our adversaries, compelling them to shift resources to defense and reduce attacks"...

The risks of escalation -- of U.S. action in foreign networks leading to retaliatory strikes against U.S. banks, dams, financial markets or communications networks -- are considerable, according to current and former officials... The chief risk is that the internet becomes a battleground of all-against-all, as nations not only place "implants" in the networks of their adversaries -- something the United States, China, Russia, Iran and North Korea have done with varying levels of sophistication -- but also begin to engage in daily attack and counterattack.
An article shared by schwit1 notes that officials in the Obama administration "were also worried that a vigorous cyber response...could escalate into a full scale cyber war."

Yet the Times reports that this new policy reflects "a widespread view that the United States has mounted an inadequate defense against the rising number of attacks aimed at America."

U.S. states can now require online retailers to collect local sales taxes, according to a recent Supreme Court ruling that could affect thousands of third-party sellers on top tech sites. An anonymous reader quotes The Verge: In fact, Amazon, which last year started collecting sales tax in all 45 states that require it by law, may have a substantial amount of work to do to help its Amazon Marketplace sellers stay compliant. Yet we don't know if that burden will fall primarily on Amazon or if it will be the responsibility of the sellers. More than 50 percent of all sales on the site are conducted via third-party sellers, some of which use Amazon for fulfillment but otherwise operate independent small- to medium-sized businesses... Etsy, eBay, and others are in similar boats. According to the US Government Accountability Office, as much as $13 billion in annual sales tax revenue is at stake....

Etsy is concerned about what it sees as "significant complexities in the thousands of state and local sales tax laws" and that by overruling the Quill decision, the Supreme Court has put the ball in Congress' court. "We believe there is now a call to action for Congress to create a simple, fair federal solution for micro-businesses," Silverman added.
The Verge writes that "the case may be litigated for years to come to figure out how to account for the over 10,000 state jurisdictions that govern sales tax across the country. That is, unless congressional legislation supersedes the state court decisions... Even groups that were in favor of the ruling, like the nonpartisan research institute the Information Technology and Innovation Foundation, are imploring Congress to act."

eBay has already mass-emailed many of their users urging them to sign an online petition "to protect entrepreneurs, artisans and small businesses from potentially devastating Internet sales tax legislation." The petition presses state governors, U.S. lawmakers, and president Trump to "support the millions of small businesses and consumers across the country."

Keep reading to see what eBay is urging legislators to do...

schwit1 quotes a report from Reuters: The U.S. Supreme Court ruled on Friday that companies can recover profits lost because of the unauthorized use of their patented technology abroad in a victory for Schlumberger NV, the world's largest oilfield services provider. The decision expands the ability of patent owners to recover foreign-based damages, increasing the threat posed by certain infringement lawsuits in the United States.

Internet-based companies and others had expressed concern that extending patent damages beyond national borders would expose U.S. high-technology firms to greater patent-related risks abroad. U.S. patent law generally applies only domestically, but Schlumberger said that since the law protects against infringement that occurs when components of a patented invention are supplied from the U.S. for assembly abroad, it should be fully compensated for the infringement, including any lost foreign sales. The high court agreed.