Businesses

Google and Facebook 'Must Pay For News' From Which They Make Billions (yahoo.com) 163

Internet giants such as Google and Facebook must pay copyright charges for using news content on their platforms, nine European press agencies said. These giant platforms, news agencies said, make vast profits from news content on their platforms. The call comes at a time when the EU is debating a directive to make Facebook, Google, Twitter and other major players pay for the millions of news articles they use or link to. From a report: "Facebook has become the biggest media in the world," the agencies said in a plea published in the French daily Le Monde. "Yet neither Facebook nor Google have a newsroom... They do not have journalists in Syria risking their lives, nor a bureau in Zimbabwe investigating Mugabe's departure, nor editors to check and verify information sent in by reporters on the ground." The agencies argued, "access to free information is supposedly one of the great victories of the internet. But it is a myth."
Facebook

Russia-Linked Accounts Were Active on Facebook Ahead of Brexit (ft.com) 245

The Russia-linked troll farm that used Facebook to target Americans during last year's election was also active in the UK ahead of the Brexit vote (Editor's note: the link may be paywalled; alternative source), the social media company has admitted. From a report: In a letter to the Electoral Commission, Facebook said accounts associated with the Internet Research Agency spent $0.97 for three ads in the days before the EU referendum. These ads appeared on approximately 200 news feeds in the UK before the country voted to leave the EU last year. For months the social media company has sidestepped questions from MPs and journalists about Russian interference through its platform in the UK. The concerns were fuelled by revelations this summer that Facebook had been weaponised by Russian entities before the election of US President Donald Trump. France and Germany have said their elections were also targeted. "We strongly support the Commission's efforts to regulate and enforce political campaign finance rules in the United Kingdom, and we take the Commission's request very seriously," Facebook said in the letter.
Python

Did Programming Language Flaws Create Insecure Apps? (bleepingcomputer.com) 99

Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes: The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi, who says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

Space

New Satellite Experiment Helps Confirm Einstein's Equivalence Principle (presse.cnes.fr) 71

Part of Einstein's theory of general relativity posits that gravity equals inertial mass -- and for the first time in 10 years, there's new evidence that he's right. Slashdot reader orsayman reports: Most stories around space today seem to revolve around SpaceX, but let's not forget that space is also a place for cool physics experiments. One such experiment currently running into low orbit is the MICROSCOPE satellite launched in 2016 to test the (weak) Equivalence Principle (also knows as the universality of free fall) a central hypothesis in General Relativity.

The first results confirm the principle with a precision ten times better than previous experiments. And it's just the beginning since they hope to increase the precision by another factor of 10. If the Equivalence Principle is still verified at this precision, this could constrain or invalidate some quantum gravity theories. For those of you who are more satellite-science oriented, the satellite also features an innovative "self destruct" mechanism (meant to limit orbit pollution) based on inflatable structures described in this paper.

"The science phase of the mission began in December 2016," reports France's space agency, "and has already collected data from 1,900 orbits, the equivalent of a free fall of 85 million kilometres or half the Earth-Sun distance."
Security

'Process Doppelganging' Attack Bypasses Most Security Products, Works On All Windows Versions (bleepingcomputer.com) 126

An anonymous reader quotes a report from Bleeping Computer: Yesterday, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelganging." This new attack works on all Windows versions and researchers say it bypasses most of today's major security products. Process Doppelganging is somewhat similar to another technique called "Process Hollowing," but with a twist, as it utilizes the Windows mechanism of NTFS Transactions.

"The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine," Tal Liberman & Eugene Kogan, the two enSilo researchers who discovered the attack told Bleeping Computer. "Very similar to process hollowing but with a novel twist. The challenge is doing it without using suspicious process and memory operations such as SuspendProcess, NtUnmapViewOfSection. In order to achieve this goal we leverage NTFS transactions. We overwrite a legitimate file in the context of a transaction. We then create a section from the modified file (in the context of the transaction) and create a process out of it. It appears that scanning the file while it's in transaction is not possible by the vendors we checked so far (some even hang) and since we rollback the transaction, our activity leaves no trace behind." The good news is that "there are a lot of technical challenges" in making Process Doppelganging work, and attackers need to know "a lot of undocumented details on process creation." The bad news is that the attack "cannot be patched since it exploits fundamental features and the core design of the process loading mechanism in Windows."
More research on the attack will be published on the Black Hat website in the following days.
The Internet

EU Urges Internet Companies To Do More To Remove Extremist Content (reuters.com) 79

Internet groups such as Facebook, Google's YouTube and Twitter need to do more to stem the proliferation of extremist content on their platforms, the European Commission said after a meeting on Wednesday. From a report: Social media companies have significantly boosted their resources to take down violent and extremist content as soon as possible in response to growing political pressure from European governments, particularly those hit by militant attacks in recent years. But Julian King, EU security commissioner, said that while a lot of progress had been made, additional efforts were needed. "We are not there yet. We are two years down the road of this journey: to reach our final destination we now need to speed up our work," King said in his closing speech at the third meeting of the EU Internet Forum, which brings together the Commission, EU member states, law enforcement and technology companies. The EU has said it will come forward with legislation next year if it is not satisfied with progress made by tech companies in removing extremist content, while a German online hate speech law comes into effect on Jan. 1.
EU

Apple To Start Paying Ireland the Billions It Owes In Back Taxes (engadget.com) 124

Last year, Apple was ordered to pay a record sum of 13 billion euros ($14.5 billion) plus interest after the European Commission said Ireland illegally slashed the iPhone maker's tax bill. "But Ireland was rather slow to start collecting that cash, which led the Commission to refer the Irish government to the European Court of Justice in October due to Ireland's non-compliance with the 2016 ruling," reports Engadget. "However, the Wall Street Journal reports today that the country will finally start collecting those billions of dollars owed by Apple and it may start doing so early next year." From the report: Both Apple and Ireland have fought back against the ruling -- Ireland has said that the European Union overstepped its authority and got some of the country's laws wrong while Apple has maintained that the amount it's being told to repay was miscalculated. Both are continuing to appeal the decision and the money will sit in an escrow fund while they do so. Ireland has said that negotiating the terms of that fund is what has held up its collection of the money but the European Commission said that the action it has taken against Ireland for failing to follow the 2016 ruling will proceed until the money is collected in full.
Businesses

Shouting 'Pay Your Taxes', Activists Occupy Apple Stores in France (marketwatch.com) 233

An anonymous reader quotes MarketWatch: A group of global activists stormed and occupied several Apple Stores in France on Saturday in a move aimed at pressuring the company to pay up on a €13 billion ($15.5 billion) tax bill to the European Union. In a press release, the France unit of the Association for the Taxation of Financial Transactions and Citizen's Action organization (Attac), said 100 of its members occupied the Opera Apple Store in Paris, demanding the company pay its taxes... Attac said dozens of protests were organized at other Apple store locations throughout France on Saturday. In the Paris store, activists were seen via videos circulating on Twitter, pushing past security and hanging a banner that said "We will stop when Apple pays." Security in Paris reportedly evacuated Apple workers from the building as those protests began.
After three hours they left the store -- leaving behind protest messages on the iPads on display. The group claims that Apple has stashed $230 billion in tax havens around the world, but also hopes to raise awareness about other issues.

"Attac said the action was part of the #PhoneRevolt movement aimed at highlighting unfair practices by Apple, that are not just about taxes, but also pollution via extraction of metals for its phones, worker exploitation and driving a global consumption binge."
Software

Three Quarters of Android Apps Track Users With Third Party Tools, Says Study (theguardian.com) 46

A study by French research organization Exodus Privacy and Yale University's Privacy Lab analyzed the mobile apps for the signatures of 25 known trackers and found that more than three in four Android apps contain at least one third-party "tracker." The Guardian reports: Among the apps found to be using some sort of tracking plugin were some of the most popular apps on the Google Play Store, including Tinder, Spotify, Uber and OKCupid. All four apps use a service owned by Google, called Crashlytics, that primarily tracks app crash reports, but can also provide the ability to "get insight into your users, what they're doing, and inject live social content to delight them." Other less widely-used trackers can go much further. One cited by Yale is FidZup, a French tracking provider with technology that can "detect the presence of mobile phones and therefore their owners" using ultrasonic tones. FidZup says it no-longer uses that technology, however, since tracking users through simple wifi networks works just as well.
Transportation

Firms Team Up On Hybrid Electric Plane Technology (bbc.com) 111

An anonymous reader shares a report: Airbus, Rolls-Royce and Siemens are to develop hybrid electric engine plane technology as part of a push towards cleaner aviation. The E-Fan X programme will first put an electric engine with three jet engines on a BAe 146 aircraft. The firms want to fly a demonstrator version of the plane by 2020, with a commercial application by 2030. Firms are racing to develop electric engines for planes after pressure from the EU to cut aviation pollution. Each of the partners in the programme will be investing tens of millions of pounds, they said on a press call. The firms are developing hybrid technology because fully electric commercial flights are currently out of reach, a spokeswoman said.
Star Wars Prequels

Legislators Take Aim At Star Wars Battlefront II, EA Over 'Gambling In Games' (polygon.com) 72

dryriver writes: A number of pay-to-win microtransaction FPS games, including Dirty Bomb and the $60 Star Wars Battlefront II, have drawn the ire of legislators in countries like Belgium and the United States. Not only are advanced characters like Luke Skywalker and Darth Vader and various weapons and abilities in these games "locked" -- you pay for them in hard cash, or play for them for dozens and dozens of tedious hours -- the games also feature so called "Loot Boxes," which are boxes that contain a random item, weapon, character or ability. So like playing slot machines in Vegas, each time you can get something good, something mediocre or something totally crap. You cannot determine with any certainty what you will get for your real-world dollars or in-game achievements. Angry Reddit users recently downvoted a blundering statement by EA on the topic with a whopping 249,000 downvotes -- an all time downvote record on Reddit, shocking EA into retreating from its pay-to-win model and announcing unspecified "changes" now being made to Star Wars Battlefront II. Legislators in a number of countries have also sharply criticized "Loot Boxes" and "microtransactions" in games, with one legislator in Belgium vowing to have the sale of such games banned completely in the EU, because children are essentially being forced to "gamble with real money" in these games. Forbes has written a great piece about how EA is now essentially stuck with a $60 Star Wars game that cost a lot to make but probably cannot be monetized any further, because there is considerable risk of all games with loot boxes, microtransactions and "pay to win" monetization models being completely banned from sale in a number of different countries now. The morale of the story? Maybe people should not pay a game developer any more than the $40-60 they paid when they thought they "bought" the game in the first place.
EU

EU Lawmakers Back Exports Control on Spying Technology (reuters.com) 35

An anonymous reader shares a report: EU lawmakers overwhelmingly backed plans on Thursday to control exports of devices to intercept mobile phone calls, hack computers or circumvent passwords that could be used by foreign states to suppress political opponents or activists. Members of the European Parliament's trade committee voted by 34 votes to one in favor of a planned update to export controls on "dual use" products or technologies. The EU has had export controls since 2009 on such dual use products including toxins, laser and technology for navigation or nuclear power, which can have a civilian or military applications but also be used to make weapons of mass destruction. The EU has felt that spyware or malware and telecom of Internet surveillance technologies are increasingly threatening security and human rights and proposed a modernization of its export control system to cover cyber-surveillance.
Businesses

EU Agrees To End Country-Specific Limits For Online Retailers (reuters.com) 72

An anonymous reader shares a report: The European Union has agreed a plan obliging online retailers operating in the bloc to make electrical goods, concert tickets or car rental available to all EU consumers regardless of where they live. Putting an end to "geoblocking", whereby consumers in one EU country cannot buy a good or service sold online in another, has been a priority for the EU as it tries to create a digital single market with 24 legislative proposals. The agreement late on Monday between the European Parliament, the EU's 28 member states and the Commission will allow EU consumers to buy products and services online from any EU country. The agreement applies to e-commerce sites including Amazon and eBay.
EU

New EU Consumer Protection Law Contains a Vague Website Blocking Clause (bleepingcomputer.com) 45

An anonymous reader quotes a report from Bleeping Computer: The European Union (EU) has voted on Tuesday, November 14, to pass the new Consumer Protection Cooperation regulation, a new EU-wide applicable law that gives extra power to national consumer protection agencies, but which also contains a vaguely worded clause that also grants them the power to block and take down websites without judicial oversight. The new law "establishes overreaching Internet blocking measures that are neither proportionate nor suitable for the goal of protecting consumers and come without mandatory judicial oversight," Member of the European Parliament Julia Reda said in a speech in the European Parliament Plenary during a last ditch effort to amend the law. "According to the new rules, national consumer protection authorities can order any unspecified third party to block access to websites without requiring judicial authorization," Reda added later in the day on her blog. This new law is an EU regulation and not a directive, meaning its obligatory for all EU states, which do not have to individually adopt it.
Encryption

Mozilla Might Distrust Dutch Government Certs Over 'False Keys' (bleepingcomputer.com) 112

Long-time Slashdot reader Artem Tashkinov quotes BleepingComputer: Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys". If the plan is approved, Firefox will not trust certificates issued by the Staat der Nederlanden (State of the Netherlands) Certificate Authority (CA)...

This new law gives Dutch authorities the powers to intercept and analyze Internet traffic. While other countries have similar laws, what makes this one special is that authorities will have authorization to carry out covert technical attacks to access encrypted traffic. Such covert technical capabilities include the use of "false keys," as mentioned in Article 45 1.b, a broad term that includes TLS certificates.

"Fears arise of mass Dutch Internet surveillance," reads a subhead on the article, citing a bug report which notes, among other things, the potential for man-in-the-middle attacks and the fact that the Netherlands hosts a major internet transit point.
Power

Four Automakers Team Up To Create an Electric Car Charging Network Across Europe (theverge.com) 62

An anonymous reader quotes a report from The Verge: A group of automakers has created a new company to build a network of 400 fast chargers across Europe ahead of the wave of new electric cars they've promised in the next few years, as countries push EVs as a way to meet emissions goals. Ionity, announced Friday by BMW Group, Daimler AG, Ford Motor Company and the Volkswagen Group, will install a network of 400 high-power EV chargers across Europe by 2020. There are already 20 chargers under the Ionity network that are being installed this year in Germany, Austria, and Norway at 75-mile intervals, the companies said. Those chargers would also be maintained through partnerships with stores such as Tank & Rast, Circle K, and OMV. Such a network is also necessary to compete with the efforts from Tesla's Supercharger network, which is now 7,000 strong worldwide. It uses the company's own connector and started a major European expansion three years ago. To that, Ionity has invited other companies to join the venture in which the four initial automakers have an equal share.
Security

Hilton Paid a $700K Fine For 2015 Breach; Under GDPR, It Would Be $420 Million (digitalguardian.com) 110

chicksdaddy writes from a report via Digital Guardian: If you want to understand the ground shaking change that the EU's General Data Protection Rule (GDPR) will have when it comes into force in May of 2018, look no further than hotel giant Hilton Domestic Operating Company, Inc., formerly known as Hilton Worldwide, Inc (a.k.a. "Hilton."). On Tuesday, the New York Attorney General Eric T. Schneiderman slapped a $700,000 fine on the hotel giant for two 2015 incidents in which the company was hacked, spilling credit card and other information for 350,000 customers. Schneiderman also punished Hilton for its response to the incident. The company first learned in February 2015 that its customer data had been exposed through a UK-based system belonging to the company, which was observed by a contractor communicating with "a suspicious computer outside Hilton's computer network." Still, it took Hilton until November 24, 2015 -- over nine months after the first intrusion was discovered -- to notify the public. That kind of lackluster response has become pretty typical among Fortune 500 companies (see also: Equifax). And why not? The $700,000 fine from the NY AG is a palatable $2 per lost record -- and a mere rounding error for Hilton, which reported revenues of $11.2 billion in 2015, the year of the breach. That means the $700,000 fine was just %.00006 of Hilton's annual revenue in the year of the breach. Schneiderman's fine was less "bringing down the hammer" than a butterfly kiss for Hilton's C-suite, board and shareholders.

But things are going to be different for Hilton and other companies like it come May 2018 when provisions of the EU's General Data Protection Rule (or GDPR) go into effect, as Digital Guardian points out on their blog. Under that new law, data "controllers" like Hilton (in other words: organizations that collect data on customers or employees) can be fined up to 4% of annual turnover in the year preceding the incident for failing to meet the law's charge to protect that data. What does that mean practically for a company like Hilton? Well, the company's FY 2014 revenue (or "turnover") was $10.5 billion. Four percent of that is a cool $420 million dollars -- or $1,200, rather than $2, for every customer record lost. Needless to say, that's a number that will get the attention of the company's Board of Directors and shareholders.

Government

Portuguese ISP Shows What The Net Looks Like Without Net Neutrality (boingboing.net) 244

"In Portugal, with no net neutrality, internet providers are starting to split the net into packages," argues a California congressman -- retweeting a stunning graphic. An anonymous reader quotes BoingBoing's Cory Doctorow: Since 2006, Net Neutrality activists have been warning that a non-Neutral internet will be an invitation to ISPs to create "plans" where you have to choose which established services you can access, shutting out new entrants to the market and allowing the companies with the deepest pockets to permanently dominate the internet... the Portuguese non-neutral ISP MEO has mistaken a warning for a suggestion, and offers a series of "plans" for its mobile data service where you pay €5 to access a handful of messaging services, €5 more to use social media; and €5 more for video-streaming services.
The congressman notes this arrangement offers "a huge advantage for entrenched companies, but it totally ices out startups trying to get in front of people, which stifles innovation."
Transportation

Electric Cars Emit 50 Percent Less Greenhouse Gas Than Diesel, Study Finds (theguardian.com) 239

entirely_fluffy shares a report from The Guardian: Electric cars emit significantly less greenhouse gases over their lifetimes than diesel engines even when they are powered by the most carbon intensive energy, a new report has found. In Poland, which uses high volumes of coal, electric vehicles produced a quarter less emissions than diesels when put through a full lifecycle modeling study by Belgium's VUB University. CO2 reductions on Europe's cleanest grid in Sweden were a remarkable 85%, falling to around one half for countries such as the UK. The new study uses an EU estimate of Poland's emissions -- at 650gCO2/kWh -- which is significantly lower than calculations by the European commission's Joint Research Centre science wing last year. The VUB study says that while the supply of critical metals -- lithium, cobalt, nickel and graphite -- and rare earths would have to be closely monitored and diversified, it should not constrain the clean transport transition. As battery technology improves and more renewables enter the electricity grid, emissions from battery production itself could be cut by 65%, the study found.
Botnet

2 Million IoT Devices Enslaved By Fast-Growing BotNet (bleepingcomputer.com) 69

An anonymous reader writes: Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper, researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, routers, network-attached storage (NAS) devices, network video recorders (NVRs), and digital video recorders (DVRs), primarily from vendors such as Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link, and Synology.

The botnet reuses some Mirai source code, but it's unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet's author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there.

Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that "This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."

Slashdot Top Deals