Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels ( 120

An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.

YouTube Pays Music Industry $1 Billion From Ads ( 65

YouTube, the music industry's enemy No. 1 earlier this year, said Tuesday it has paid more than $1 billion in advertising revenue to artists, labels and publishers in the last 12 months. From a report on CNET: The milestone, released in a blog post by business chief Robert Kyncl, is a stab by Google's giant video site at mending fences with music industry critics. At least, it's YouTube hoping to convince some of them that the massive amount of free, ad-supported music listening that happens there is a valuable complement to music subscriptions, the industry's main area of growth right now.

No Man's Sky's Steam Page Didn't Mislead Gamers, Rules UK Ad Watchdog ( 76

Shortly after it officially launched in August on PlayStation and Windows, No Man's Sky -- the game that sees the protagonist explore space and experience uncertain places -- was accused of false advertising. Players felt that the pictures and videos used to promote the game on its Steam page didn't represent the sort of things players might expect to encounter in the game. Today, a UK advertising regulator has ruled the opposite -- the game didn't mislead gamers. Ars Technica reports: The complainants -- who had been part of a semi-organized campaign upset with the state of the game at release -- insisted that the screenshots on the storefront had seemed to promise various features that turned out to be absent from the final game. These included things like the appearance and behavior of animals, large in-game buildings, large-scale space combat, loading screens, a promised system wherein the different factions contested galactic territory, and general graphical polish. Hello Games' defense rested on the fact that No Man's Sky is procedurally generated, and that while players would not enjoy the exact experience shown in promotional images, they could reasonably expect to see similar things. The Advertising Standards Authority (ASA) agreed, saying: "The summary description of the game made clear that it was procedurally generated, that the game universe was essentially infinite, and that the core premise was exploration. As such, we considered consumers would understand the images and videos to be representative of the type of content they would encounter during gameplay, but would not generally expect to see those specific creatures, landscapes, battles, and structures." It also ruled that the developers hadn't misled customers over graphics: "We understood the graphical output of the game would be affected by the specifications of each player's computer, and considered that consumers would generally be aware of this limitation."
PlayStation (Games)

'No Man's Sky' Releases Huge New 'Foundation' Update ( 112

"No Man's Sky changed a great deal this morning, getting new modes and a ton of gameplay tweaks thanks to update 1.1, the largest one yet," reports Kotaku. Calling it "the first of many free updates," the game's developers introduced a new Minecraft-style Creative Mode which "allows players to explore the universe without limits, and build a huge base," plus a tougher Survival Mode, "creating a much more challenging endurance experience." The Next Web calls it "features that really should have been in the game from Day One." Now, when you stumble upon a desolate outpost, you can build your own base on it, which can be upgraded with new housing, hydroponics, research, and storage buildings. If all goes well, you'll start to attract alien settlers who bring their own skills to your new society. As your stockpiles of resources begin to swell, you'll want to schlep them across the galaxy to other bases and trade terminals. Which is where freighters come in... Oh, and did I mention you can now stack items five times per inventory slot, meaning you can carry more stuff? Handy. "The discussion around No Man's Sky since release has been intense and dramatic," Hello Games announced Friday, describing update 1.1 as "putting in place a foundation for things to come... the first small step in a longer journey." Hello Games founder Sean Murray tweeted "We're getting better as quickly as we can for the players who invested in us," adding "Thank you for sticking with us." At 2 a.m. this morning, he tweeted "If you could have lived our lives over the last months, you'd know how meaningful this is," adding "Here's the update..."

Advertising Company AppNexus Bans Breitbart News Over Hate Speech ( 434

Mark Wilson quotes a report from BetaNews: Right-wing website Breitbart -- the darling of the so-called alt-right movement (which it defines as being "younger people who are anti-globalists, very nationalist [and] terribly anti-establishment") -- has been blocked by a leading ad exchange. The site, home to Milo Yiannopoulos (also known as @Nero and banned from Twitter) will no longer be permitted to sell ad space via AppNexus. The move comes after an audit by AppNexus found that Breitbart was in violation of its policies on hate speech and incitement to violence. AppNexus's spokesperson Joshua Zeitz told the BBC: "We use a number of third-party standards to determine what is and isn't hate speech, and if we detect a pattern of speech that could incite violence or discrimination against a minority group, we determine that to be non-compliant and we simply won't serve ads against it. I'm not going to put the examples out there because I'm not going to engage in a tit-for-tat on what is compliant." Bloomberg, which was the first publication to report on the news, noted that AppNexus' investors included Microsoft, News Corp and Sir Martin Sorrell's WPP.

Slashdot Asks: Are You Ashamed of Your Code? ( 280

Programmer and teacher Bill Sourour wrote a post last week called "Code I'm Still Ashamed Of," where he recounts a story in which he was hired to write code for a pharmaceutical company. Little did he know at the time, he was being "duped into helping the company skirt drug advertising laws in order to persuade young women to take a particular drug," recaps Business Insider. "He later found out the drug was known to worsen depression and at least one young woman committed suicide while taking it." Sourour was inspired to write the post after viewing a talk by Robert Martin, called "The Future of Programming," who argues that software developers need to figure out how to self-regulate themselves quickly as software becomes increasingly prevalent in many people's lives. Business Insider reports: "Let's decide what it means to be a programmer," Martin says in the video. "Civilization depends on us. Civilization doesn't understand this yet." His point is that in today's world, everything we do like buying things, making a phone call, driving cars, flying in planes, involves software. And dozens of people have already been killed by faulty software in cars, while hundreds of people have been killed from faulty software during air travel. "We are killing people," Martin says. "We did not get into this business to kill people. And this is only getting worse." Martin finished with a fire-and-brimstone call to action in which he warned that one day, some software developer will do something that will cause a disaster that kills tens of thousands of people. But Sourour points out that it's not just about accidentally killing people or deliberately polluting the air. Software has already been used by Wall Street firms to manipulate stock quotes. "This could not happen without some shady code that creates fake orders," Sourour says. We'd like to ask what your thoughts are on Sourour's post and whether or not you've ever had a similar experience. Have you ever felt ashamed of your code?
The Media

Mark Zuckerberg Announces Facebook Will Fight Fake News -- Next To An Ad With Fake News ( 149

An anonymous reader writes: "We take misinformation seriously," Facebook's CEO announced in a late-night status update Friday. "Our goal is to connect people with the stories they find most meaningful, and we know people want accurate information. We've been working on this problem for a long time and we take this responsibility seriously. We've made significant progress, but there is more work to be done."

But you know what's funny? The ad to the right of Zuck's post is fake news. It has the headline "Hugh Hefner Says 'Goodbye' at 90" and a quote from his wife saying "I can't believe he is actually gone," even though Hugh Hefner isn't dead. And clicking through, it's just another lame ad for erectile dysfunction -- on a site that's been tricked up to look like Fox News.

I saw it too. (Here's my screenshot... And yes, it did link to an advertising site with a fake "Fox News" banner across the top.) Oh, the irony. "The CEO said that Facebook is working to develop stronger fake news detection, a warning system, easier reporting and technical ways to classify misinformation," reports CNN, adding "Zuckerberg did not say how quickly the measures would be in place." They also quote Zuckerberg as saying "Some of these ideas will work well, and some will not." But apparently it's pretty easy to get fake news onto Facebook. You just have to pay them.

Mozilla Launches Firefox Focus, a Stripped-Down Private Browser For iOS ( 35

Krystalo quotes a report from VentureBeat: Mozilla today launched a new browser for iOS. In addition to Firefox, the company now also offers Firefox Focus, a browser dedicated to user privacy that by default blocks many web trackers, including analytics, social, and advertising. You can download the new app now from Apple's App Store. If you're getting a huge feeling of deja vu, that's because in December 2015, Mozilla launched Focus by Firefox, a content blocker for iOS. The company has now rebranded the app as Firefox Focus, and it serves two purposes. The content blocker, which can still be used with Safari, remains unchanged. The basic browser, which can be used in conjunction with Firefox for iOS, is new. Firefox Focus is basically just an iOS web view with tracking protection. If you shut it down, or iOS shuts it down while it's in the background, the session is lost. There's also an erase button if you want to wipe your session sooner. But those are really the only features -- there's no history, menus, or even tabs.
America Online

AOL To Cut 500 Workers To Narrow Focus On Mobile, Video ( 60

According to a report from Bloomberg, AOL is firing as many as 500 employees as part of a restructuring plan to focus on mobile, video and data. The move comes a year after Verizon acquired the company for $4.4 billion. Bloomberg reports: The layoffs are occurring in all of AOL's business units, said the person, who asked not to be identified disclosing the scope of the cuts. AOL employs about 6,400 people worldwide, the person said. In addition to the job cuts, the company will split into two parts, according to the memo. One will be dedicated to media properties, which include Huffington Post and TechCrunch, and the other will focus on platforms, like AOL's advertising technology. "Mobile, video, and data are the key growth drivers of that strategy and the company will be putting resources into each of these areas," [Chief Executive Officer Tim Armstrong wrote in a memo to employees Thursday.] With the wireless industry maturing, AOL parent Verizon has been buying up media and advertising-technology companies and working to refine go90, its free video-streaming service aimed at phone-toting teens.
Social Networks

Facebook Finds More Ad-Metric Errors, Vows Clarity About Fixes ( 11

Facebook said today it has uncovered more miscalculated metrics related to how consumers interact with content from publishers. From an article on Bloomberg, submitted by an anonymous reader: The social-networking company conducted a broad review after discovering three months ago that it had overstated how long people watched videos on its site. The miscalculation wasn't broadly disclosed, sparking some criticism of the social network. Now, Facebook says it has found four other instances where it miscalculated reach on its site, including overstating how long people spent reading Instant Articles and how many people interacted with businesses' Facebook Pages. Companies and marketers rely on Facebook to tell them how well the content they post is performing, so that they can make strategic decisions about what to do next and how much to invest through advertising or otherwise. To avoid future errors, the company said it's establishing a measurement council made up of top advertisers and partners. Facebook will also allow more third party measurement companies such as Nielsen to track and supplement its metrics. Additionally, Facebook is revising the descriptions for its data to explain exactly what they measure, for example reporting "3-second video views" instead of just "video views."

Secret Backdoor in Some US Phones Sent Data To China ( 111

Security contractors have warned that many Android smartphones ship with preinstalled software that has a backdoor that sends all your text messages to China every 72 hours. (Editor's note: the link could be paywalled; here's the press release.) The New York Times reported Tuesday that "the American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence." From the report: International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature. Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users, said Tom Karygiannis, a vice president of Kryptowire, which is based in Fairfax, Va. "Even if you wanted to, you wouldn't have known about it," he said.

Google To Prohibit Fake News Websites From Using Its Ad-Selling Software ( 294

According to The Wall Street Journal, Google is working on a policy update that will prohibit fake news websites from using its ad-selling software. The move would ultimately make it more challenging for those fake news sites to earn revenue. Reuters reports: The policy change is imminent, Google spokeswoman Andrea Faville told Reuters. "Moving forward, we will restrict ad serving on pages that misrepresent, misstate, or conceal information about the publisher, the publisher's content, or the primary purpose of the web property," she said in a statement. The policy change comes amid an intensifying debate over how much responsibility technology companies bear for monitoring the accuracy of content as more and more people access news through sites such as Facebook rather than traditional media companies. Facebook, in particular, has been criticized over the spread of inaccurate articles promoting U.S. president-elect Donald Trump on the site. Facebook Chief Executive Mark Zuckerberg has denied that the site influenced the outcome of the election. Google's AdSense advertising network is a key financial driver for many publishers. The company places various restrictions on where its ads may be placed, including bans on pornographic and violent content. Work on the policy update began before the election, Faville said.

Tesla Tells Germany that 98% of Drivers Don't Find the Term 'Autopilot' Misleading ( 168

An anonymous reader writes:Tesla has responded to Germany's request to stop using the word "autopilot" in its advertising, due to safety concerns, by carrying out a survey of Tesla-owners in Germany. It says that the overwhelming majority of customers it surveyed did not find the term confusing. Last month, German transport minister Alexander Dobrindt had asked Tesla to stop using "autopilot" in its messaging, as he felt the term implied that drivers could operate their vehicles without applying their attention to the roads. Tesla responded by saying that "autopilot" had been used in aerospace for a long time to describe a system that works in conjunction with a human operator. "Just as in an airplane, when used properly, autopilot reduces driver workload and provides an added layer of safety when compared to purely manual driving," a spokesperson said at the time. Without divulging exact numbers, Tesla has now said that it has "worked with a third party" to survey owners of its cars in Germany to "better understand how they perceive Autopilot." The company found that 98 percent of those surveyed "understand that when using Autopilot, the driver is expected to maintain control of the vehicle at all times."

Facebook To Stop Ads that Target, Exclude Races ( 143

An anonymous reader shares a USA Today report: Facebook says it will no longer allow advertisers to exclude specific racial and ethnic groups when placing ads related to housing, credit or employment. "We are going to turn off, actually prohibit, the use of ethnic affinity marketing for ads that we identify as offering housing, employment and credit," Erin Egan, Facebook's vice president of U.S. public policy, told USA TODAY. Facebook will also require advertisers to affirm that they will not place discriminatory ads on Facebook and will offer educational materials to help advertisers understand their obligations, Egan said. The policy changes came after discussions with Attorney General Eric Schneiderman, Rep. Robin Kelly (D-Illinois) and the Congressional Black Caucus, and Rep. Linda Sanchez (D-Calif.) and the Congressional Hispanic Caucus.

Google Safe Browsing Adds 'Repeat Offender' Category ( 18

An anonymous reader writes: Google's Safe Browsing service will now brand sites which fall victim to malware repeatedly as "repeat offenders." When a site is identified as serving malware -- which usually occurs via an SQL injection attack or through auction-driven network advertising -- Google adds a "This site will harm your computer" tag to domain entries in its search results, and serves further warnings by way of interstitial pages. From today, sites which continue to succumb to attackers will not be permitted to resubmit their domain for consideration via Search Console for thirty days -- enough time to do significant SEO damage. That period does not include additional time for Google to respond to submissions about repaired sites and to remove the warnings.

Teenagers In Macedonia Launch Fake Pro-Trump Sites To Earn Money ( 142

"In Macedonia the economy is very weak and teenagers are not allowed to work, so we need to find creative ways to make some money," one 17-year-old told BuzzFeed News, which reports on a "strange hub" of over 140 political sites, all being run in the same small town in the former Yugoslav Republic of Macedonia. These sites have American-sounding domain names such as,,,, and They almost all publish aggressively pro-Trump content aimed at conservatives and Trump supporters in the U.S... The young Macedonians who run these sites say they don't care about Donald Trump. They are responding to straightforward economic incentives... The fraction-of-a-penny-per-click of U.S. display advertising -- a declining market for American publishers -- goes a long way in Veles. Several teens and young men who run these sites told BuzzFeed News that they learned the best way to generate traffic is to get their politics stories to spread on Facebook -- and the best way to generate shares on Facebook is to publish sensationalist and often false content that caters to Trump supporters... Most of the posts on these sites are aggregated, or completely plagiarized, from fringe and right-wing sites in the U.S...
Earlier this year they experimented with fake sites supporting Bernie Sanders, "but nothing performed as well on Facebook as Trump content," according to the 16-year-old who operates The largest Macedonian sites now have hundreds of thousands of followers on Facebook, and sources close to one site say it earns $5,000 per month, and has even earned $3,000 in a single day.

Why a Theoretical Physicist Wants All State Bills To Be Online Before Final Vote ( 304

An anonymous reader quotes a report from Ars Technica: Among a slew on ballot propositions that Californians will be asked to consider on Election Day (Nov. 8) is Proposition 54, a proposed constitutional amendment that seems like a no-brainer. If passed, the law would require that the final text of all proposed legislation be published on the Internet for 72 hours before lawmakers can conduct a final vote. Typically, the text of bills in California is put online as it goes through the committee and voting process, but sometimes those bills can change at the last minute. Accessing those changes isn't always easy. The initiative, which seems all-but-certain to pass, has massive support from Charles T. Munger, Jr., the son of billionaire Charles Munger. The younger Munger, an experimental physicist at the Stanford Linear Accelerator Center and a longtime Republican activist, has donated over $10.6 million to the "Yes on Prop. 54" campaign. The effort supporting the opposing view has taken in just over $27,000. Proposition 54 would also force the Assembly and State Senate to allow the public to record meetings as well, which could potentially be used in political advertising. So why would anyone oppose the bill? According to Steven Maviglio, the director of Californians for an Effective Legislature, a campaign committee formed to oppose Proposition 54. It all comes down to who is behind the initiative, and why. "The first thing you need to do is follow the money," he told Ars, pointing us to Munger, Jr. "He's been the top contributor to the California Republican Party. His goal is to disrupt the power of a legislature that's getting things done."

Google Rejects EU Antitrust Charges, Says Evidence is Lacking ( 75

Google said Thursday it is rejecting accusations made by European Union that it abuses its dominant position with its shopping and advertising services, ramping up its fight back against the bloc's regulators. "The Commission's revised case still rests on a theory that doesn't fit the reality of how most people shop online," said Kent Walker, Google's general counsel, in a blog post. From a report on Reuters: "We never compromised the quality or relevance of the information we received. On the contrary, we improved it. That isn't 'favoring' -- that's listening to our customers," Walker said. His comments came as the company formally replied to the two charges, one of which it received in April last year and the other in July this year, earlier on Thursday.The official blog post here. Further reporting on Bloomberg.

Serious Hacks Possible Through Inaudible Ultrasound ( 109

An anonymous reader writes: "High-frequency audio 'beacons' are embedded into TV commercials or browser ads," reports New Scientist. "These sounds, which are inaudible to the human ear, can be picked up by any nearby device that has a microphone and can then activate certain functions on that device...Some shopping reward apps, such as Shopkick, already use it to let retailers push department or aisle-specific ads and promotions to customers' phones as they shop."

But now Fortune reports that some apps "often actively listen for ultrasound signals, even when the app itself is closed, creating a new and relatively poorly-understood pathway for hacking." In addition, security researchers "have already found ways to mine cloaked IP addresses. Speaking to New Scientist, team member Vasilios Mavroudis suggests that an app's always-on microphone access could be leveraged to monitor conversations (and, if you're not paranoid already, to decipher what you're typing). The 'beacons' that transmit ultrasound data can also be spoofed to manipulate apps' user data."


Facebook Lets Advertisers Exclude Users By Race ( 197

schwit1 quotes a report from ProPublica: Imagine if, during the Jim Crow era, a newspaper offered advertisers the option of placing ads only in copies that went to white readers. That's basically what Facebook is doing nowadays. The ubiquitous social network not only allows advertisers to target users by their interests or background, it also gives advertisers the ability to exclude specific groups it calls "Ethnic Affinities." Ads that exclude people based on race, gender and other sensitive factors are prohibited by federal law in housing and employment. You can view a screenshot of a housing advertisement that ProPublica's Julia Angwin and Terry Parris Jr. purchased from Facebook's self-service advertising portal here. The report adds: "The ad we purchased was targeted to Facebook members who were house hunting and excluded anyone with an "affinity" for African-American, Asian-American or Hispanic people. (Here's the ad itself.) The Fair Housing Act of 1968 makes it illegal "to make, print, or publish, or cause to be made, printed, or published any notice, statement, or advertisement, with respect to the sale or rental of a dwelling that indicates any preference, limitation, or discrimination based on race, color, religion, sex, handicap, familial status, or national origin." Violators can face tens of thousands of dollars in fines. The Civil Rights Act of 1964 also prohibits the "printing or publication of notices or advertisements indicating prohibited preference, limitation, specification or discrimination" in employment recruitment. Facebook's business model is based on allowing advertisers to target specific groups -- or, apparently to exclude specific groups -- using huge reams of personal data the company has collected about its users. Facebook's micro-targeting is particularly helpful for advertisers looking to reach niche audiences, such as swing-state voters concerned about climate change. Facebook says its policies prohibit advertisers from using the targeting options for discrimination, harassment, disparagement or predatory advertising practices.

Slashdot Top Deals