'What's Facebook?', Elon Musk Asks, As He Deletes SpaceX and Tesla Facebook Pages 66

It is unlikely that Facebook will see a significant drop in its mammoth userbase following the Cambridge Analytica scandal. But on Friday, the #DeleteFacebook campaign, which is seeing an increasingly growing number of people call it quits on the world's largest social network, found its biggest backer: Elon Musk. Responding to WhatsApp co-founder Brian Acton's "#DeleteFacebook" tweet, Musk asked "What's Facebook?" That was the beginning of a tweetstorm, which saw journalists asking Musk why his companies -- SpaceX and Tesla -- maintained their Facebook pages. Shouldn't Musk, they asked, delete them? Musk agreed. As of this writing, the official Facebook pages of SpaceX and Tesla, both of which had more than two million followers, are nowhere to be found. The Facebook page of SolarCity is gone too, if you were wondering.

The move comes months after Musk said Zuckerberg's understanding of AI was limited.

Atlanta City Government Systems Down Due To Ransomware Attack (arstechnica.com) 59

An anonymous reader quotes a report from Ars Technica: The city of Atlanta government has apparently become the victim of a ransomware attack. The city's official Twitter account announced that the city government "is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information." According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city's information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city's payroll application. "At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," a city spokesperson told Ars. "We are confident that our team of technology professionals will be able to restore applications soon." The city's primary website remains online, and the city government will continue to post updates there, the spokesperson added.

Mark Zuckerberg Apologizes For the Cambridge Analytica Scandal, Says He Isn't Opposed To Regulation (theverge.com) 176

An anonymous reader quotes a report from The Verge: Mark Zuckerberg apologized on Wednesday evening for his company's handling of the Cambridge Analytica privacy scandal. "This was a major breach of trust and I'm really sorry this happened," he said in an interview on CNN. "Our responsibility now is to make sure this doesn't happen again." Zuckerberg's comments reflected the first time he apologized following an uproar over how Facebook allowed third-party developers to access user data. Earlier in the day, Zuckerberg wrote a Facebook post in which he said the company had made mistakes in its handling of the Cambridge Analytica data revelations. The company laid out a multipart plan designed to reduce the amount of data shared by users with outside developers, and said it would audit some developers who had access to large troves of data before earlier restrictions were implemented in 2014. Zuckerberg also told CNN that he is not totally opposed to regulation. "I'm not sure we shouldn't be regulated," he said. "There are things like ad transparency regulation that I would love to see."

Other highlights of Zuckerberg's interviews:
-He told multiple outlets that he would be willing to testify before Congress.
-He said the company would notify everyone whose data was improperly used.
-He told the New York Times that Facebook would double its security force this year, adding: "We'll have more than 20,000 people working on security and community operations by the end of the year, I think we have about 15,000 now."
-He told the Times that Facebook would investigate "thousands" of apps to determine whether they had abused their access to user data.

Regarding moderation, Zuckerberg told Recode: "[The] thing is like, 'Where's the line on hate speech?' I mean, who chose me to be the person that did that?" Zuckerberg said. "I guess I have to, because of where we are now, but I'd rather not."

A 15-Year-Old Hacked the Secure Ledger Crypto Wallet (techcrunch.com) 66

An anonymous reader quotes a report from TechCrunch: A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped. The holes, which Rashid described on his blog, allowed for both a "supply chain attack" -- meaning a hack that could compromise the device before it was shipped to the customer -- and another attack that could allow a hacker to steal private keys after the device was initialized. The Ledger team described the vulnerabilities dangerous but avoidable. For the "supply chain attack," they wrote: "by having physical access to the device before generation of the seed, an attacker could fool the device by injecting his seed instead of generating a new one. The most likely scenario would be a scam operation from a shady reseller." "If you bought your device from a different channel, if this is a second hand device, or if you are unsure, then you could be victim of an elaborate scam. However, as no demonstration of the attack in the real has been shown, it is very unlikely. In both cases, a successful firmware update is the proof that your device has never been compromised," wrote the team.

Further, the post-purchase hack "can be achieved only by having physical access to the device, knowing your PIN code and installing a rogue unsigned application. This rogue app could break isolation between apps and access sensitive data managed by specific apps such as GPG, U2F or Neo." Ledger CEO Eric Larcheveque claimed that there were no reports of the vulnerability effecting any active devices. "No one was compromised that we know of," he said. "We have no knowledge that any device was affected." Rashid, for his part, was disappointed with the speed Ledger responded to his claims.


Twitter CEO Says Bitcoin Will Be the World's 'Single Currency' In 10 Years (theverge.com) 251

In a recent interview with The Times, Twitter and Square CEO Jack Dorsey said he believes that bitcoin will become the world's single currency within 10 years. "The world ultimately will have a single currency, the internet will have a single currency," said Dorsey. "I personally believe that it will be bitcoin." Dorsey went on to say that the transition would happen "probably over ten years, but it could go faster." The Verge reports: That Dorsey is a fan of bitcoin isn't too surprising, though. In addition to serving as the CEO of Twitter, Dorsey is also the CEO of Square, which recently added the option to buy and sell Bitcoin directly from the Square Cash app. The company also released an illustrated children's story touting the benefits of the digital currency. As for Dorsey himself, he's gone on the record in an interview with The Verge's own Lauren Goode about the benefits of bitcoin as a currency, describing it as the "next big unlock" for the world of finance. (Dorsey owns an unspecified amount of the cryptocurrency.)

WhatsApp Co-Founder Tells Everyone To Delete Facebook, Further Fueling the #DeleteFacebook Movement (theverge.com) 305

"In 2014, Facebook bought WhatsApp for $16 billion, making its co-founders -- Jan Koum and Brian Acton -- very wealthy men," reports The Verge. "Koum continues to lead the company, but Acton quit earlier this year to start his own foundation." Today, Acton told his followers on Twitter to delete Facebook. From the report: "It is time," Acton wrote, adding the hashtag #deletefacebook. Acton, who is worth $6.5 billion, did not immediately respond to a request for comment. Nor did Facebook and WhatsApp. It was unclear whether Acton's feelings about Facebook extend to his own app. But last month, Acton invested $50 million into Signal, an independent alternative to WhatsApp. The tweet came after a bruising five-day period for Facebook that has seen regulators swarm and its stock price plunge following concerns over data privacy in the wake of revelations about Cambridge Analytica's misuse of user data. Acton isn't the only one taking to Twitter to announce their breakup with Facebook. The #DeleteFacebook movement is gaining steam following the New York Times' report about how the data of 50 million users had been unknowingly leaked and purchased to aid President Trump's successful 2016 bid for the presidency. For many users, the news "highlighted the danger of Facebook housing the personal information of billions of users," reports SFGate. "And even before the Cambridge Analytica news, Facebook has been grappling with its waning popularity in the U.S. The company lost 1 million domestic users last quarter -- its first quarterly drop in daily users."

Sierra Leone Government Denies the Role of Blockchain In Its Recent Election (techcrunch.com) 20

The National Electoral Commission Sierra Leone is denying the news that theirs was one of the first elections recorded to the blockchain. "While the blockchain voting company Agora claimed to have run the first blockchain-based election, it appears that the company did little more than observe the voting and store some of the results," reports TechCrunch. From the report: "The NEC [National Electoral Commission] has not used and is not using blockchain technology in any part of the electoral process," said NEC head Mohamed Conteh. Why he is adamant about this fact is unclear -- questions I asked went unanswered -- but he and his team have created a set of machine readable election results and posted [a] clarification. "Anonymized votes/ballots are being recorded on Agora's blockchain, which will be publicly available for any interested party to review, count and validate," said Agora's Leonardo Gammar. "This is the first time a government election is using blockchain technology." In Africa the reactions were mixed. "It would be like me showing up to the UK election with my computer and saying, 'let me enter your counting room, let me plug-in and count your results,'" said Morris Marah to RFI. "Agora's results for the two districts they tallied differed considerably from the official results, according to an analysis of the two sets of statistics carried out by RFI," wrote RFI's Daniel Finnan.

Twitter Will Ban Most Cryptocurrency-Related Ads (axios.com) 35

An anonymous reader writes: Twitter plans to ban most cryptocurrency-related ads in the next few weeks, as Sky News first reported and a source confirms to Axios. Why it matters: The recent boom in cryptocurrencies and digital tokens has unsurprisingly attracted some fraudsters. Twitter is following in the footsteps of Facebook and Google, though it's been having its own problems with accounts promoting scams.

Hackers Are So Fed Up With Twitter Bots They're Hunting Them Down Themselves (theintercept.com) 45

An anonymous reader writes: Even if Twitter hasn't invested much in anti-bot software, some of its most technically proficient users have. They're writing and refining code that can use Twitter's public application programming interface, or API, as well as Google and other online interfaces, to ferret out fake accounts and bad actors. The effort, at least among the researchers I spoke with, has begun with hunting bots designed to promote pornographic material -- a type of fake account that is particularly easy to spot -- but the plan is to eventually broaden the hunt to other types of bots. The bot-hunting programming and research has been a strictly volunteer, part-time endeavor, but the efforts have collectively identified tens of thousands of fake accounts, underlining just how much low-hanging fruit remains for Twitter to prune.

Among the part-time bot-hunters is French security researcher and freelance Android developer Baptiste Robert, who in February of this year noticed that Twitter accounts with profile photos of scantily clad women were liking his tweets or following him on Twitter. Aside from the sexually suggestive images, the bots had similarities. Not only did these Twitter accounts typically include profile photos of adult actresses, but they also had similar bios, followed similar accounts, liked more tweets than they retweeted, had fewer than 1,000 followers, and directed readers to click the link in their bios.


Ghana's Windows Blackboard Teacher And His Students Have a Rewarding Outcome (qz.com) 81

Quartz: A lot has changed in the life of Richard Appiah Akoto in the fortnight since he posted photos of himself on Facebook drawing a Microsoft Word processing window on a blackboard with multi-colored chalk, to teach his students about computers -- which the school did not have. The photos went viral on social media and media stories like Quartz's went all around the world. Akoto, 33, is the information and communication technology (ICT) teacher at Betenase M/A Junior High School in the town of Sekyedomase, about two and half hours drive north of Ghana's second city, Kumasi. The school had no computers even though since 2011, 14 and 15-year-olds in Ghana are expected to write and pass a national exam (without which students cannot progress to high school) with ICT being one of the subjects.

The story of the school and Twitter pressure from prominent players in the African tech space drew a promise from Microsoft to "equip [Akoto] with a device from one of our partners, and access to our MCE program & free professional development resources on." To fulfill this promise, the technology giant flew Akoto to Singapore this week where he is participating in the annual Microsoft Education Exchange.


Facebook and Its Executives Are Getting Destroyed After Botching the Handling of a Massive Data Breach (businessinsider.com) 187

The way Facebook has disclosed the abuse of its system by Cambridge Analytica, which has been reported this week, speaks volumes of Facebook's core beliefs. Sample this except from Business Insider: Facebook executives waded into a firestorm of criticism on Saturday, after news reports revealed that a data firm with ties to the Trump campaign harvested private information from millions of Facebook users. Several executives took to Twitter to insist that the data leak was not technically a "breach." But critics were outraged by the response and accused the company of playing semantics and missing the point. Washington Post reporter Hamza Shaban: Facebook insists that the Cambridge Analytica debacle wasn't a data breach, but a "violation" by a third party app that abused user data. This offloading of responsibility says a lot about Facebook's approach to our privacy. Observer reporter Carole Cadwalladr, who broke the news about Cambridge Analytica: Yesterday Facebook threatened to sue us. Today we publish this. Meet the whistleblower blowing the lid off Facebook and Cambridge Analytica. [...] Facebook's chief strategy officer wading in. So, tell us @alexstamos (who expressed his displeasure with the use of "breach" in media reports) why didn't you inform users of this "non-breach" after The Guardian first reported the story in December 2015? Zeynep Tufekci: If your business is building a massive surveillance machinery, the data will eventually be used and misused. Hacked, breached, leaked, pilfered, conned, "targeted", "engaged", "profiled", sold.. There is no informed consent because it's not possible to reasonably inform or consent. [...] Facebook's defense that Cambridge Analytica harvesting of FB user data from millions is not technically a "breach" is a more profound and damning statement of what's wrong with Facebook's business model than a "breach." MIT Professor Dean Eckles: Definitely fascinating that Joseph Chancellor, who contributed to collection and contract-violating retention (?) of Facebook user data, now works for Facebook. Amir Efrati, a reporter at the Information: May seem like a small thing to non-reporters but Facebook loses credibility by issuing a Friday night press release to "front-run" publications that were set to publish negative articles about its platform. If you want us to become more suspicious, mission accomplished. Further reading: Facebook's latest privacy debacle stirs up more regulatory interest from lawmakers (TechCrunch).

Apple's Newest iPhone X Ad Captures an Embarrassing iOS 11 Bug (theverge.com) 81

Tom Warren, writing for The Verge: If you blink during Apple's latest iPhone ad, you might miss a weird little animation bug. It's right at the end of a slickly produced commercial, where the text from an iMessage escapes the animated bubble it's supposed to stay inside. It's a minor issue and easy to brush off, but the fact it's captured in such a high profile ad just further highlights Apple's many bugs in iOS 11. 9to5Mac writer Benjamin Mayo spotted the bug in Apple's latest ad, and he's clearly surprised "that this was signed off for the commercial," especially as he highlighted it months ago and has filed a bug report with Apple.

Facebook Says It is Sorry For Suggesting Child Sex Videos in Search (cnet.com) 47

Facebook issued an apology on Friday after offensive terms appeared in the social network's search predictions late Thursday. From a report: When users typed "videos of" into the search bar, Facebook prompted them to search phrases including "videos of sexuals," "videos of girl sucking dick under water" and, perhaps most disturbingly, "video of little girl giving oral." Shocked users reported the problem on Twitter, posting screenshots of the search terms, which also included multiple suggestions relating to the school shooting in Florida last month. The social network appeared to have fixed the problem by Friday morning.

Linus Torvalds Slams CTS Labs Over AMD Vulnerability Report (zdnet.com) 115

Earlier this week, CTS Labs, a Tel Aviv-based cybersecurity startup claimed it has discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Linus Torvalds, Linux's creator doesn't buy it. ZDNet reports: Torvalds, in a Google+ discussion, wrote: "When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah." Or, as a commenter put it on the same thread, "I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?" CTS Labs claimed in an interview they gave AMD less than a day because they didn't think AMD could fix the problem for "many, many months, or even a year" anyway. Why would they possibly do this? For Torvalds: "It looks more like stock manipulation than a security advisory to me."

These are real bugs though. Dan Guido, CEO of Trail of Bits, a security company with a proven track-record, tweeted: "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works." But, Guido also admitted, "Yes, all the flaws require admin [privileges] but all are flaws, not expected functionality." It's that last part that ticks Torvalds off. The Linux creator agrees these are bugs, but all the hype annoys the heck out of him. Are there bugs? Yes. Do they matter in the real world? No. They require a system administrator to be almost criminally negligent to work. To Torvalds, inflammatory security reports are annoying distractions from getting real work done.


Bitcoin's Highly Anticipated 'Lightning Network' Goes Live (thehill.com) 132

Lightning Labs on Thursday announced the beta release of its highly-anticipated Lightning Network Daemon (LND), a developer-friendly software client used to access Bitcoin's Lightning Network, anonymous readers wrote, citing media reports. From a report: Bitcoin supporters believe that the network has the potential to help the cryptocurrency achieve mass adoption. Bitcoin has struggled in recent months with slow and high-fee transactions, which make it harder for bitcoin to achieve mainstream popularity. Lightning Labs, the company behind the network, also announced on Thursday that it has received investments from major financial technology players, including Square chief executive and Twitter co-founder Jack Dorsey and PayPal chief operating officer David Sacks.

Can AMD Vulnerabilities Be Used To Game the Stock Market? (vice.com) 106

Earlier this week, a little-known security firm called CTS Labs reported, what it claimed to be, severe vulnerabilities and backdoors in some AMD processors. While AMD looks into the matter, the story behind the researchers' discovery and the way they made it public has become a talking point in security circles. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing their report online. Typically, researchers give companies a few weeks or even months to fix the issues before going public with their findings. To make things even stranger, a little bit over 30 minutes after CTS Labs published its report, a controversial financial firm called Viceroy Research published what they called an "obituary" for AMD. Motherboard reports: "We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries," Viceroy wrote in its report. CTS Labs seemed to hint that it too had a financial interest in the performance of AMD stock. "We may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports," CTS Labs wrote in the legal disclaimer section of its report.

On Twitter, rumors started to swirl. Are the researchers trying to make money by betting that AMD's share price will go down due to the news of the vulnerabilities? Or, in Wall Street jargon, were CTS Labs and Viceroy trying to short sell AMD stock? Security researcher Arrigo Triulzi speculated that Viceroy and CTS Lab were profit sharing for shorting, while Facebook's chief security officer Alex Stamos warned against a future where security research is driven by short selling.

[...] There's no evidence that CTS Labs worked with Viceroy to short AMD. But something like that has happened before. In 2016, security research firm MedSec found vulnerabilities in pacemakers made by St. Jude Medical. In what was likely a first, MedSec partnered with hedge fund Muddy Waters to bet against St. Jude Medical's stock. For Adrian Sanabria, director of research at security firm Threatcare and a former analyst at 451 Research, where he covered the cybersecurity industry, trying to short based on vulnerabilities just doesn't make much sense. While it could work in theory and could become more common in the future, he said in a phone call, "I don't think we've seen enough evidence of security vulnerabilities really moving the stock for it to really become an issue."
Further reading: Linus Torvalds slams CTS Labs over AMD vulnerability report (ZDNet).

Jewelry Site Leaks Personal Details, Plaintext Passwords of 1.3 Million Users (thenextweb.com) 37

Chicago-based MBM Company's jewelry brand Limoges Jewelry has accidentally leaked the personal information for over 1.3 million people. This includes addresses, zip-codes, e-mail addresses, and IP addresses. The Germany security firm Kromtech Security, which found the leak via an unsecured Amazon S3 storage bucket, also claims the database contained plaintext passwords. The Next Web reports: In a press release, Kromtech Security's head of communicationis, Bob Diachenko, said: "Passwords were stored in the plain text, which is great negligence [sic], taking into account the problem with many users re-using passwords for multiple accounts, including email accounts." The [MSSQL database] backup file was named "MBMWEB_backup_2018_01_13_003008_2864410.bak," which suggests the file was created on January 13, 2018. It's believed to contain current information about the company's customers. Records held in the database have dates reaching as far back as 2000. The latest records are from the start of this year. Other records held in the database include internal mailing lists, promo-codes, and item orders, which leads Kromtech to believe that this could be the primary customer database for the company. Diachenko says there's no evidence a malicious third-party has accessed the dump, but that "that does not mean that nobody [has] accessed the data."

Wikipedia Had No Idea YouTube Was Going To Use It To Fact-Check Conspiracy Theories (gizmodo.com) 136

Yesterday, YouTube CEO Susan Wojcicki announced that the company would drop a Wikipedia link beneath videos on highly contested topics. We have now learned that Wikipedia did not know about this move prior to the announcement. Gizmodo reports: In a Twitter thread asking the public to support Wikipedia as much as it relies on it, Wikimedia executive director Katherine Maher first suggested that the organization was unaware of YouTube's plans. When asked whether this new module would only apply to English Wikipedia pages, Maher responded, "I couldn't say; this was something they did independent of us." In a statement to Gizmodo, the Wikimedia Foundation confirmed that the organization first learned of the new YouTube feature on Tuesday. "We are always happy to see people, companies, and organizations recognize Wikipedia's value as a repository of free knowledge," a Wikimedia Foundation spokesperson said in a statement. "In this case, neither Wikipedia nor the Wikimedia Foundation are part of a formal partnership with YouTube. We were not given advance notice of this announcement."

Privacy-Busting Bugs Found in Popular VPN Services Hotspot Shield, Zenmate and PureVPN (zdnet.com) 60

A report by VpnMentor, a website which ranks VPN services, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users. VpnMentor says it hired a team of three external ethical hackers to find vulnerabilities in three random popular VPNs. While one hacker wants to keep his identity private, the other two are known as File Descriptor and Paulos Yibelo. ZDNet: The research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location. In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services. [...] AnchorFree, which makes Hotspot Shield, fixed the bugs, and noted that its mobile and desktop apps were not affected by the bugs. The researchers also reported similar IP leaking bugs to Zenmate and PureVPN.

Researchers Find Critical Vulnerabilities in AMD's Ryzen and EPYC Processors, But They Gave the Chipmaker Only 24 Hours Before Making the Findings Public (cnet.com) 195

Alfred Ng, reporting for CNET: Researchers have discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer. CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers. The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days' notice so that companies have time to address flaws properly. An AMD spokesperson said, "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings," an AMD spokesman said. Zack Whittaker, a security reporter at CBS, said: Here's the catch: AMD had less than a day to look at the research. No wonder why its response is so vague.

Slashdot Top Deals