Security

Backdoor Account Found in D-Link DIR-620 Routers (bleepingcomputer.com) 39

Catalin Cimpanu, writing for BleepingComputer: Security researchers have found a backdoor account in the firmware of D-Link DIR-620 routers that allows hackers to take over any device reachable via the Internet. Discovered by Kaspersky Lab researchers, this backdoor grants an attacker access to the device's web panel, and there's no way in which device owners can disable this secret account. The only way to protect devices from getting hacked is to avoid having the router expose its admin panel on the WAN interface, and hence, reachable from anywhere on the Internet.
Security

Cyber Firms Warn on Suspected Russian Plan To Attack Ukraine (reuters.com) 50

Jim Finkle, reporting for Reuters: Cisco Systems on Wednesday warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with highly sophisticated malicious software, possibly in preparation for another massive cyber attack on Ukraine. Cisco's Talos cyber intelligence unit said it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, because the hacking software shares code with malware used in previous cyber attacks that the U.S. government has attributed to Moscow. Cisco said the malware could be used for espionage, to interfere with internet communications or launch destructive attacks on Ukraine, which has previously blamed Russia for massive hacks that took out parts of its energy grid and shuttered factories. Head of Ukraine's cyber police said on Wednesday that the agency is aware of new large malware campaign, and that it is working to protect Ukraine against possible new cyber threat.
Sony

Sony In $2.3 Billion Deal For EMI, Becomes World's Biggest Music Publisher 24

Sony said on Tuesday it would pay about $2.3 billion to gain control of EMI, becoming the world's largest music publisher in an industry that has found new life on the back of streaming services. Reuters reports: The acquisition is the biggest strategic move yet by new CEO Kenichiro Yoshida and gives Sony a catalogue of more than 2 million songs from artists such as Kanye West, Sam Smith and Sia. The deal is part of Yoshida's mission to make revenue streams more stable with rights to entertainment content -- a strategy that follows a major revamp by his predecessor which shifted Sony's focus away from low-margin consumer electronics.

The spread of the internet led to a shrinking of the music market from around 1999 to 2014, Yoshida said, but added that has turned around with the growth of fixed-price music streaming services. The deal values EMI Music Publishing at $4.75 billion including debt, more than double the $2.2 billion value given in 2011 when a consortium led by Sony won bidding rights for the company. EMI currently commands 15 percent of the music publishing industry which combined with its Sony ATV business would make the Japanese giant the industry leader with market share of 26 percent, a company spokesman said.
Youtube

Google Launches YouTube Music Service With Creepy AI To Predict Listening Habits (audioholics.com) 73

Audiofan writes: Will the new YouTube Music streaming service provide the soundtrack to your life? Google believes that its ability to harness the power of artificial intelligence will help the new service catch up to its rivals in the music streaming business. Google's latest attempt to compete with Spotify and Apple Music may finally have what it takes if it doesn't creep users out in the process. While the service officially rolls out on Tuesday, May 22nd, only some users will be able to use it at launch. What separates YouTube's music streaming service from the competition is its catalog of remixes, live versions, and covers of official versions of songs. It also uses the Google Assistant to make music recommendations based on everything it knows (and can learn) about you and your listening habits. "When you arrive at the gym, for example, YouTube Music will offer up a playlist of hard-hitting pump-up jams (if that's your thing)," reports Audioholics. "Late at night, softer tunes will set a more relaxing mood."

YouTube Music is free with ads, but will cost $9.99 for ad-free listening. There is also YouTube Premium, which will cost $11.99 per month, and will include both the ad-free music service and the exclusive video content from the now-defunct YouTube Red.
Facebook

European Lawmakers Asked Mark Zuckerberg Why They Shouldn't Break Up Facebook (theverge.com) 175

European lawmakers questioned Mark Zuckerberg in Brussels today for almost an hour and a half, asking him to address concerns about the Cambridge Analytica data leak and Facebook's potential monopoly. German MEP Manfred Weber asked whether the Facebook CEO could name a single European alternative to his "empire," which includes apps like WhatsApp and Instagram in addition to Facebook. "I think it's time to discuss breaking up Facebook's monopoly, because it's already too much power in only one hand," said Weber. "So I ask you simple, and that is my final question: can you convince me not to do so?" Belgian MEP Guy Verhofstadt then chimed in and asked whether Facebook would cooperate with European antitrust authorities to determine whether the company was indeed a monopoly, and if it was, whether Facebook would accept splitting off WhatsApp or Messenger to remedy the problem. The Verge reports: The panel's format let Zuckerberg selectively reply to questions at the end of the session, and he didn't address Verhofstadt's points. Instead, he broadly outlined how Facebook views "competition" in various spaces. "We exist in a very competitive space where people use a lot of different tools for communication," said Zuckerberg. "From where I sit, it feels like there are new competitors coming up every day" in the messaging and social networking space. He also said that Facebook didn't hold an advertising monopoly because it only controlled 6 percent of the global advertising market. (It's worth noting: this is still a huge number.) And he argued that Facebook promoted competition by making it easier for small businesses to reach larger audiences -- which is basically unrelated to the question of whether Facebook itself is a monopoly.
The Internet

The Wayback Machine is Deleting Evidence of Malware Sold To Stalkers (vice.com) 87

The Internet Archive's Wayback Machine is a service that preserves web pages. But the site has been deleting evidence of companies selling malware to illegally spy on spouses, Motherboard reported Tuesday. From the report: The company in question is FlexiSpy, a Thailand-based firm which offers desktop and mobile malware. The spyware can intercept phone calls, remotely turn on a device's microphone and camera, steal emails and social media messages, as well as track a target's GPS location. Previously, pages from FlexiSpy's website saved to the Wayback Machine showed a customer survey, with over 50 percent of respondents saying they were interested in a spy phone product because they believe their partner may be cheating. That particular graphic was mentioned in a recent New York Times piece on the consumer spyware market.

In another example, a Wayback Machine archive of FlexiSpy's homepage showed one of the company's catchphrases: "Many spouses cheat. They all use cell phones. Their cell phone will tell you what they won't." Now, those pages are no longer on the Wayback Machine. Instead, when trying to view seemingly any page from FlexiSpy's domain on the archiving service, the page reads "This URL has been excluded from the Wayback Machine."

Microsoft

The Whole World is Now a Computer, Says Microsoft CEO Satya Nadella (zdnet.com) 161

Thanks to cloud computing, the Internet of Things and artificial intelligence, we should start to think of the planet as one giant computer, according to Microsoft chief executive Satya Nadella. From a report: "Digital technology, pervasively, is getting embedded in every place: every thing, every person, every walk of life is being fundamentally shaped by digital technology -- it is happening in our homes, our work, our places of entertainment," said Nadella speaking in London. "It's amazing to think of a world as a computer. I think that's the right metaphor for us as we go forward."

[...] AI is core to Microsoft's strategy, Nadella said: "AI is the run time which is going to shape all of what we do going forward in terms of applications as well as the platform." Microsoft is rethinking its core products by using AI to connect them together, he said, giving an example of a meeting using translation, transcription, Microsoft's HoloLens and other devices to improve decision-making. "The idea that you can now use all of the computing power that is around you -- this notion of the world as a computer -- completely changes how you conduct a meeting and fundamentally what presence means for a meeting," he said.

United States

Trump Ignores 'Inconvenient' Security Rules To Keep Tweeting On His iPhone, Says Report (politico.com) 479

According to Politico, "President Donald Trump uses a White House cellphone that isn't equipped with sophisticated security features designed to shield his communications." The decision is "a departure from the practice of his predecessors that potentially exposes him to hacking or surveillance." From the report: The president uses at least two iPhones, according to one of the officials. The phones -- one capable only of making calls, the other equipped only with the Twitter app and preloaded with a handful of news sites -- are issued by White House Information Technology and the White House Communications Agency, an office staffed by military personnel that oversees White House telecommunications. While aides have urged the president to swap out the Twitter phone on a monthly basis, Trump has resisted their entreaties, telling them it was "too inconvenient," the same administration official said. The president has gone as long as five months without having the phone checked by security experts. It is unclear how often Trump's call-capable phones, which are essentially used as burner phones, are swapped out.
Bug

Comcast Website Bug Leaks Xfinity Customer Data (zdnet.com) 38

An anonymous reader quotes a report from ZDNet: A bug in Comcast's website used to activate Xfinity routers can return sensitive information on the company's customers. The website, used by customers to set up their home internet and cable service, can be tricked into displaying the home address where the router is located, as well as the Wi-Fi name and password. Two security researchers, Karan Saini and Ryan Stevenson, discovered the bug. Only a customer account ID and that customer's house or apartment number is needed -- even though the web form asks for a full address.

ZDNet obtained permission from two Xfinity customers to check their information. We were able to obtain their full address and zip code -- which both customers confirmed. The site returned the Wi-Fi name and password -- in plaintext -- used to connect to the network for one of the customers who uses an Xfinity router. The other customer was using his own router -- and the site didn't return the Wi-Fi network name or password.

Businesses

US Treasury Secretary Calls For Google Monopoly Probe (theregister.co.uk) 86

After a 60 Minutes episode that focused on Google and its effective search monopoly, U.S. Treasury Secretary Steve Mnuchin called for large tech companies to be investigated for potential antitrust violations. Asked whether Google was abusing its market dominance as a monopoly, Mnuchin told CNBC on Monday "these are issues that the Justice Department needs to look at seriously," and argued that it was important to "look at the power they have" noting that companies like Google "have a greater and greater impact on the economy." The Register reports: Mnuchin's willingness to directly criticize Google and other tech companies and argue that they should be under investigation is just the latest sign that Washington DC is serious about digging in the market power of Big Internet. It is notable that it was 20 years ago, almost to the day, that America finally dealt with another tech antitrust problem when the Justice Department and 20 state attorneys general filed suit -- on May 18, 1998 -- against what was then the most powerful tech company in the country: Microsoft.
Communications

FCC is Hurting Consumers To Help Corporations, Mignon Clyburn Says On Exit (arstechnica.com) 94

Former Commissioner Mignon Clyburn, who left the agency this month, has taken aim at it in an interview, saying the agency has abandoned its mission to safeguard consumers and protect their privacy and speech. From her interview with ArsTechnica: "I'm an old Trekkie," Clyburn told Ars in a phone interview, while comparing the FCC's responsibility to the Star Trek fictional universe's Prime Directive. "I go back to my core, my prime directive of putting consumers first." If the FCC doesn't do all it can to bring affordable communications services to everyone in the US, "our mission will not be realized," she said. The FCC's top priority, as set out by the Communications Act, is to make sure all Americans have "affordable, efficient, and effective" access to communications services, Clyburn said. But too often, the FCC's Republican majority led by Chairman Ajit Pai is prioritizing the desires of corporations over consumers, Clyburn said. "I don't believe it's accidental that we are called regulators," she said. "Some people at the federal level try to shy away from that title. I embrace it."

Clyburn said that deregulation isn't bad in markets with robust competition, because competition itself can protect consumers. But "that is just not the case" in broadband, she said. "Let's just face it, [Internet service providers] are last-mile monopolies," she told Ars. "In an ideal world, we wouldn't need regulation. We don't live in an ideal world, all markets are not competitive, and when that is the case, that is why agencies like the FCC were constructed. We are here as a substitute for competition." Broadband regulators should strike a balance that protects consumers and promotes investment from large and small companies, she said. "If you don't regulate appropriately, things go too far one way or the other, and we either have prices that are too high or an insufficient amount of resources or applications or services to meet the needs of Americans," Clyburn said.

Transportation

Tesla Model 3 Falls Short of Consumer Reports Recommendation (cnbc.com) 288

Consumer Reports published their review of the Tesla Model 3 today. The product review site liked the vehicle's range of the battery and agile handling, but had issues with braking, controls, and ride quality. Overall, it failed to get a recommendation. CNBC highlights the key shortfalls: "Our testers also found flaws -- big flaws -- such as long stopping distances in our emergency braking test and difficult-to-use controls," said a review in the publication. In particular, the car's stopping distance of 152 feet from a speed of 60 miles per hour was slower than any of its contemporaries, including the Ford F-150, a full-size pickup. The location of almost all of Tesla's controls on a touchscreen and the vehicle's ride quality were also factors in the group's decision. Tesla issued a statement in response to Consumer Reports' stopping distance claim: "Tesla's own testing has found braking distances with an average of 133 feet when conducting the 60-0 mph stops using the 18-inch Michelin all season tire and as low as 126 feet with all tires currently available. Stopping distance results are affected by variables such as road surface, weather conditions, tire temperature, brake conditioning, outside temperature, and past driving behavior that may have affected the brake system. Unlike other vehicles, Tesla is uniquely positioned to address more corner cases over time through over-the-air software updates, and it continually does so to improve factors such as stopping distance."
Government

Congress Is Looking To Extend Copyright Protection Term To 144 Years (wired.com) 292

"Because it apparently isn't bad enough already, Congress is looking to extend the copyright term to 144 years," writes Slashdot reader llamalad. "Please write to your representatives and consider donating to the EFF." American attorney Lawrence Lessig writes via Wired: Almost exactly 20 years ago, Congress passed the Sonny Bono Copyright Term Extension Act, which extended the term of existing copyrights by 20 years. The Act was the 11th extension in the prior 40 years, timed perfectly to assure that certain famous works, including Mickey Mouse, would not pass into the public domain. Immediately after the law came into force, a digital publisher of public domain works, Eric Eldred, filed a lawsuit challenging the act [which the Supreme Court later rejected].

Twenty years later, the fight for term extension has begun anew. Buried in an otherwise harmless act, passed by the House and now being considered in the Senate, this new bill purports to create a new digital performance right -- basically the right to control copies of recordings on any digital platform (ever hear of the internet?) -- for musical recordings made before 1972. These recordings would now have a new right, protected until 2067, which, for some, means a total term of protection of 144 years. The beneficiaries of this monopoly need do nothing to get the benefit of this gift. They don't have to make the work available. Nor do they have to register their claims in advance.

Crime

Alleged Owners of Mugshots.com Have Been Arrested For Extortion (lawandcrime.com) 101

Reader schwit1 writes: The alleged owners of Mugshots.com have been charged and arrested. These four men Sahar Sarid, Kishore Vidya Bhavnanie, Thomas Keesee, and David Usdan only removed a person's mugshot from the site if this individual paid a "de-publishing" fee, according to the California Attorney General on Wednesday. That's apparently considered extortion. On top of that, they also face charges of money laundering, and identity theft.

If you read a lot of articles about crime, then you're probably already familiar with the site (which is still up as of Friday afternoon). They take mugshots, slap the url multiple times on the image, and post it on the site alongside an excerpt from a news outlet that covered the person's arrest. According to the AG's office, the owners would only remove the mugshots if the person paid a fee, even if the charges were dismissed. This happened even if the suspect was only arrested because of "mistaken identity or law enforcement error." You can read the affidavit here.

Businesses

The Internet of Trash: IoT Has a Looming E-Waste Problem (ieee.org) 79

As we add computing and radios to more things, we're also adding to the problem of e-waste. The United Nations found that people generated 44.7 million metric tons of e-waste globally in 2016, and expects that to grow to 52.2 million metric tons by 2021. From a report: There are two issues. We're adding semiconductors to products that previously had none, and we're also shortening the life of devices as we add more computing, turning products that might last 15 years into ones that must be replaced every five years. In fact, many small connected devices such as trackers, jewelry, or wearables are designed to fail once the battery dies. At that point, the consumer tosses it out and buys another.
Programming

Ask Slashdot: What's the Most Sophisticated Piece of Software Ever Written? (quora.com) 235

An anonymous reader writes: Stuxnet is the most sophisticated piece of software ever written, given the difficulty of the objective: Deny Iran's efforts to obtain weapons grade uranium without need for diplomacy or use of force, John Byrd, CEO of Gigantic Software (formerly Director of Sega and SPM at EA), argues in a blog post, which is being widely shared in developer circles, with most agreeing with Byrd's conclusion.

He writes, "It's a computer worm. The worm was written, probably, between 2005 and 2010. Because the worm is so complex and sophisticated, I can only give the most superficial outline of what it does. This worm exists first on a USB drive. Someone could just find that USB drive laying around, or get it in the mail, and wonder what was on it. When that USB drive is inserted into a Windows PC, without the user knowing it, that worm will quietly run itself, and copy itself to that PC. It has at least three ways of trying to get itself to run. If one way doesn't work, it tries another. At least two of these methods to launch itself were completely new then, and both of them used two independent, secret bugs in Windows that no one else knew about, until this worm came along."

"Once the worm runs itself on a PC, it tries to get administrator access on that PC. It doesn't mind if there's antivirus software installed -- the worm can sneak around most antivirus software. Then, based on the version of Windows it's running on, the worm will try one of two previously unknown methods of getting that administrator access on that PC. Until this worm was released, no one knew about these secret bugs in Windows either. At this point, the worm is now able to cover its tracks by getting underneath the operating system, so that no antivirus software can detect that it exists. It binds itself secretly to that PC, so that even if you look on the disk for where the worm should be, you will see nothing. This worm hides so well, that the worm ran around the Internet for over a year without any security company in the world recognizing that it even existed."
What do Slashdot readers think?
Music

'Yanny vs. Laurel' Reveals Flaws In How We Listen To Audio (theproaudiofiles.com) 233

Unless you've been living under a rock for the past few days, you've probably heard about the controversy over "Yanny" and "Laurel." The internet has been abuzz over an audio clip in which the name being said depends on the listener. Some hear "Laurel" while others hear "Yanny." Ian Vargo, an audio enthusiast who spends most of his working hours of the day listening to and editing audio, helps explain why we hear the name that we do: Human speech is actually composed of many frequencies, in part because we have a resonant chest cavity which creates lower frequencies, and the throat and mouth which creates higher frequencies. The word "laurel" contains a combination of both which are therefore present in the original recording at vocabulary.com, but the clip that you most likely heard has accentuated higher frequencies due to imperfections in the audio that were created by data compression. To make it worse, the playback device that many people first heard the audio clip playing out of was probably a speaker system built into a cellular phone, which is too small to accurately recreate low frequencies.

This helpful interactive tool from The New York Times allows you to use a slider to more clearly hear one or the other. Pitch shifting the audio clip up seems to accentuate "laurel" whereas shifting it down accentuates "yanny." In summary, this perfect storm of the human voice creating both low and high frequencies, the audio clip having been subject to data compression used to create smaller, more convenient files, and our tendency to listen out of devices with subpar playback components lead to an apparent near-even split of the population hearing "laurel" or "yanny."

Music

YouTube Unveils New Streaming Service 'YouTube Music,' Rebrands YouTube Red (gizmodo.com) 107

An anonymous reader quotes a report from Gizmodo: YouTube Music, a streaming music platform designed to compete with the likes of Spotify and Apple Music, officially has a launch date: May 22nd. Its existence will also shift around YouTube and Google's overall media strategy, which has thus far been quite the mess. YouTube Music will borrow the Spotify model and offer a free, ad-supported tier as well as a premium version. The paid tier, which will be called YouTube Music Premium, will be available for $9.99 per month. It will debut in the U.S., Australia, New Zealand, Mexico, and South Korea before expanding to 14 other countries.

One of the selling points for YouTube Music will be the ability to harness the endless amount of information Google knows about you, which it will use to try to create customized listening experiences. Pitchfork reported that the app, with the help of Google Assistant, will make listening recommendations based on the time of day, location, and listening patterns. It will also apparently offer "an audio experience and a video experience," suggesting perhaps an emphasis on music videos and other visual content. From here, Google seems to be focused on making its streaming strategy a little less wacky. Google Play Music, the company's previous music streaming service that is still inexplicably up and running despite teetering on the brink of extinction for years, will slowly be phased out according to USA Today.
Meanwhile, the paid streaming subscription service, known as YouTube Red, is being rebranded to YouTube Premium and will cost $11.99 per month instead of $9.99. (Pitchfork notes that existing YouTube Red subscribers will be able to keep their $9.99 rate.) YouTube Premium will include access to YouTube Music Premium. Here's a handy-dandy chart that helps show what is/isn't included in the two plans.
Twitter

Twitter Will Start Hiding Tweets That 'Detract From the Conversation' (slate.com) 183

Yesterday, Twitter announced several new changes to quiet trolls and remove spam. According to Slate, the company "will begin hiding tweets from certain accounts in conversations and search results." In order to see them, you'll now have to scroll to the bottom of the conversation and click "Show more replies," or go into your search settings and choose "See everything." From the report: When Twitter's software decides that a certain user is "detract[ing] from the conversation," all of that user's tweets will be hidden from search results and public conversations until their reputation improves. And they won't know that they're being muted in this way; Twitter says it's still working on ways to notify people and help them get back into its good graces. In the meantime, their tweets will still be visible to their followers as usual and will still be able to be retweeted by others. They just won't show up in conversational threads or search results by default. The change will affect a very small fraction of users, explained Twitter's vice president of trust and safety, Del Harvey -- much less than 1 percent. Still, the company believes it could make a significant difference in the average user's experience. In early testing of the new feature, Twitter said it has seen a 4 percent drop in abuse reports in its search tool and an 8 percent drop in abuse reports in conversation threads.
Google

Google Fixes Issue That Broke Millions of Web-Based Games in Chrome (bleepingcomputer.com) 37

Google this week rolled out an update to Chrome to patch a bug that had rendered millions of web-based games useless. From a report: The bug was introduced in mid-April when Google launched Chrome 66. One of this release's features was its ability to block web pages with auto-playing audio. [...] Not all games were affected the same. For some HTML5 games, users could re-enable audio by interacting with the game's canvas via a click-to-play interaction. Unfortunately, older games and those that weren't coded with such policy remained irrevocably broken, no matter what Chrome options users tried to modify in their settings sections. [...] With today's release of Chrome for Desktop v66.0.3359.181, Google has now fixed this issue, but only temporarily. John Pallett, a product manager at Google, admitted that Google "didn't do a good job of communicating the impact of the new autoplay policy to developers using the Web Audio API." He said, for this reason, the current version of Chrome, v66, will no longer automatically mute Web Audio objects.

Slashdot Top Deals