Apple's Newest iPhone X Ad Captures an Embarrassing iOS 11 Bug (theverge.com) 65

Tom Warren, writing for The Verge: If you blink during Apple's latest iPhone ad, you might miss a weird little animation bug. It's right at the end of a slickly produced commercial, where the text from an iMessage escapes the animated bubble it's supposed to stay inside. It's a minor issue and easy to brush off, but the fact it's captured in such a high profile ad just further highlights Apple's many bugs in iOS 11. 9to5Mac writer Benjamin Mayo spotted the bug in Apple's latest ad, and he's clearly surprised "that this was signed off for the commercial," especially as he highlighted it months ago and has filed a bug report with Apple.

Facebook Says It is Sorry For Suggesting Child Sex Videos in Search (cnet.com) 47

Facebook issued an apology on Friday after offensive terms appeared in the social network's search predictions late Thursday. From a report: When users typed "videos of" into the search bar, Facebook prompted them to search phrases including "videos of sexuals," "videos of girl sucking dick under water" and, perhaps most disturbingly, "video of little girl giving oral." Shocked users reported the problem on Twitter, posting screenshots of the search terms, which also included multiple suggestions relating to the school shooting in Florida last month. The social network appeared to have fixed the problem by Friday morning.

Linus Torvalds Slams CTS Labs Over AMD Vulnerability Report (zdnet.com) 115

Earlier this week, CTS Labs, a Tel Aviv-based cybersecurity startup claimed it has discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Linus Torvalds, Linux's creator doesn't buy it. ZDNet reports: Torvalds, in a Google+ discussion, wrote: "When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah." Or, as a commenter put it on the same thread, "I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?" CTS Labs claimed in an interview they gave AMD less than a day because they didn't think AMD could fix the problem for "many, many months, or even a year" anyway. Why would they possibly do this? For Torvalds: "It looks more like stock manipulation than a security advisory to me."

These are real bugs though. Dan Guido, CEO of Trail of Bits, a security company with a proven track-record, tweeted: "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works." But, Guido also admitted, "Yes, all the flaws require admin [privileges] but all are flaws, not expected functionality." It's that last part that ticks Torvalds off. The Linux creator agrees these are bugs, but all the hype annoys the heck out of him. Are there bugs? Yes. Do they matter in the real world? No. They require a system administrator to be almost criminally negligent to work. To Torvalds, inflammatory security reports are annoying distractions from getting real work done.


Bitcoin's Highly Anticipated 'Lightning Network' Goes Live (thehill.com) 129

Lightning Labs on Thursday announced the beta release of its highly-anticipated Lightning Network Daemon (LND), a developer-friendly software client used to access Bitcoin's Lightning Network, anonymous readers wrote, citing media reports. From a report: Bitcoin supporters believe that the network has the potential to help the cryptocurrency achieve mass adoption. Bitcoin has struggled in recent months with slow and high-fee transactions, which make it harder for bitcoin to achieve mainstream popularity. Lightning Labs, the company behind the network, also announced on Thursday that it has received investments from major financial technology players, including Square chief executive and Twitter co-founder Jack Dorsey and PayPal chief operating officer David Sacks.

Can AMD Vulnerabilities Be Used To Game the Stock Market? (vice.com) 105

Earlier this week, a little-known security firm called CTS Labs reported, what it claimed to be, severe vulnerabilities and backdoors in some AMD processors. While AMD looks into the matter, the story behind the researchers' discovery and the way they made it public has become a talking point in security circles. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing their report online. Typically, researchers give companies a few weeks or even months to fix the issues before going public with their findings. To make things even stranger, a little bit over 30 minutes after CTS Labs published its report, a controversial financial firm called Viceroy Research published what they called an "obituary" for AMD. Motherboard reports: "We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries," Viceroy wrote in its report. CTS Labs seemed to hint that it too had a financial interest in the performance of AMD stock. "We may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports," CTS Labs wrote in the legal disclaimer section of its report.

On Twitter, rumors started to swirl. Are the researchers trying to make money by betting that AMD's share price will go down due to the news of the vulnerabilities? Or, in Wall Street jargon, were CTS Labs and Viceroy trying to short sell AMD stock? Security researcher Arrigo Triulzi speculated that Viceroy and CTS Lab were profit sharing for shorting, while Facebook's chief security officer Alex Stamos warned against a future where security research is driven by short selling.

[...] There's no evidence that CTS Labs worked with Viceroy to short AMD. But something like that has happened before. In 2016, security research firm MedSec found vulnerabilities in pacemakers made by St. Jude Medical. In what was likely a first, MedSec partnered with hedge fund Muddy Waters to bet against St. Jude Medical's stock. For Adrian Sanabria, director of research at security firm Threatcare and a former analyst at 451 Research, where he covered the cybersecurity industry, trying to short based on vulnerabilities just doesn't make much sense. While it could work in theory and could become more common in the future, he said in a phone call, "I don't think we've seen enough evidence of security vulnerabilities really moving the stock for it to really become an issue."
Further reading: Linus Torvalds slams CTS Labs over AMD vulnerability report (ZDNet).

Jewelry Site Leaks Personal Details, Plaintext Passwords of 1.3 Million Users (thenextweb.com) 37

Chicago-based MBM Company's jewelry brand Limoges Jewelry has accidentally leaked the personal information for over 1.3 million people. This includes addresses, zip-codes, e-mail addresses, and IP addresses. The Germany security firm Kromtech Security, which found the leak via an unsecured Amazon S3 storage bucket, also claims the database contained plaintext passwords. The Next Web reports: In a press release, Kromtech Security's head of communicationis, Bob Diachenko, said: "Passwords were stored in the plain text, which is great negligence [sic], taking into account the problem with many users re-using passwords for multiple accounts, including email accounts." The [MSSQL database] backup file was named "MBMWEB_backup_2018_01_13_003008_2864410.bak," which suggests the file was created on January 13, 2018. It's believed to contain current information about the company's customers. Records held in the database have dates reaching as far back as 2000. The latest records are from the start of this year. Other records held in the database include internal mailing lists, promo-codes, and item orders, which leads Kromtech to believe that this could be the primary customer database for the company. Diachenko says there's no evidence a malicious third-party has accessed the dump, but that "that does not mean that nobody [has] accessed the data."

Wikipedia Had No Idea YouTube Was Going To Use It To Fact-Check Conspiracy Theories (gizmodo.com) 136

Yesterday, YouTube CEO Susan Wojcicki announced that the company would drop a Wikipedia link beneath videos on highly contested topics. We have now learned that Wikipedia did not know about this move prior to the announcement. Gizmodo reports: In a Twitter thread asking the public to support Wikipedia as much as it relies on it, Wikimedia executive director Katherine Maher first suggested that the organization was unaware of YouTube's plans. When asked whether this new module would only apply to English Wikipedia pages, Maher responded, "I couldn't say; this was something they did independent of us." In a statement to Gizmodo, the Wikimedia Foundation confirmed that the organization first learned of the new YouTube feature on Tuesday. "We are always happy to see people, companies, and organizations recognize Wikipedia's value as a repository of free knowledge," a Wikimedia Foundation spokesperson said in a statement. "In this case, neither Wikipedia nor the Wikimedia Foundation are part of a formal partnership with YouTube. We were not given advance notice of this announcement."

Privacy-Busting Bugs Found in Popular VPN Services Hotspot Shield, Zenmate and PureVPN (zdnet.com) 60

A report by VpnMentor, a website which ranks VPN services, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users. VpnMentor says it hired a team of three external ethical hackers to find vulnerabilities in three random popular VPNs. While one hacker wants to keep his identity private, the other two are known as File Descriptor and Paulos Yibelo. ZDNet: The research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location. In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services. [...] AnchorFree, which makes Hotspot Shield, fixed the bugs, and noted that its mobile and desktop apps were not affected by the bugs. The researchers also reported similar IP leaking bugs to Zenmate and PureVPN.

Researchers Find Critical Vulnerabilities in AMD's Ryzen and EPYC Processors, But They Gave the Chipmaker Only 24 Hours Before Making the Findings Public (cnet.com) 195

Alfred Ng, reporting for CNET: Researchers have discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer. CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers. The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days' notice so that companies have time to address flaws properly. An AMD spokesperson said, "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings," an AMD spokesman said. Zack Whittaker, a security reporter at CBS, said: Here's the catch: AMD had less than a day to look at the research. No wonder why its response is so vague.

SXSW: No 'Hot Apps' Anymore But Still a Launchpad For Some Startups (axios.com) 28

South by Southwest is no longer the preferred launchpad for social apps, but it may be for others like Blue Duck, a San Antonio-based transportation company debuting its scooter service this weekend. From a report: Between Twitter's big breakout moment in 2007 and Meerkat's in 2015, SXSW has served as a great marketing opportunity for social apps. But that's ended as consumer trends have shifted and Hollywood and other consumer companies have taken over the festival. Standing outside the Austin Convention Center, co-founder Eric Bell tells me that he came up with the idea out of frustration with his local public transit, and he designed the scooters. For now, the company is self-funded, but he expects to soon raise outside funding.

Twitter Suspends Numerous Popular Accounts That Are Known For Stealing Tweets (buzzfeed.com) 52

An anonymous reader shares a report: Continuing its battle against the "tweetdeckers," Twitter suspended on Friday several popular accounts known for stealing tweets or mass-retweeting tweets into manufactured virality. @Dory, @GirlPosts, @SoDamnTrue, Girl Code/@reiatabie, Common White Girl/@commonwhitegiri, @teenagernotes, @finah, @holyfag, and @memeprovider were among the accounts that got swept up in the purge. Many of these accounts were hugely popular, with hundreds of thousands or even millions of followers. In addition to stealing people's tweets without credit, some of these accounts are known as "tweetdeckers" due to their practice of teaming up in exclusive Tweetdeck groups and mass-retweeting one another's -- and paying customers' -- tweets into forced virality. A Twitter spokesperson declined to comment on individual accounts, but BuzzFeed News understands the accounts were suspended for violating Twitter's spam policy.

Elon Musk Changes 'Boring Company' Vision To Reward Cyclists and Pedestrians (techcrunch.com) 152

"Remember Elon Musk's plan to dig a massive web of traffic-beating tunnels underneath Los Angeles...?" asks CNN. "Now, that plan appears to be getting a huge makeover." An anonymous reader quotes TechCrunch: While it will still focus on digging tunnels to provide a network of underground tubes suitable for use by high-speed Hyperloop pods, the plan now is to use that Hyperloop to transport pedestrians and cyclists first, and then only later to work on moving cars around underground to bypass traffic. Musk shared the update via Twitter, noting that the idea would be to load customers onto cars roughly the size that a single parking space takes up currently, [thousands of which] would be dotted around an urban environment close to any destinations where someone might travel. The single-car station model would be designed to replace the current subway-style model, Musk said, where only a few small stations are very spread out... This is a big departure from the original vision, and it seems like one that might have evolved after Musk and his collaborators on the project spoke to urban planners and transit authorities.
"If someone can't afford a car, they should go first," Musk posted on Twitter, sharing a new conceptual video where an elevator lowers one of these pedestrian- and cyclist-focussed shuttle pods underground.

TechCrunch says this new vision "would be appealing both to urban officials looking to decrease congestion on downtown roads and discourage personal vehicle use, and to anyone hoping to increase access to affordable transit options."
Social Networks

Twitter Exploring Letting Everyone Get a Blue Tick For Verification, CEO Jack Dorsey Says (cnbc.com) 62

An anonymous reader shares a report: Twitter could one day allow everyone to be verified by one of the company's signature blue ticks, according to CEO Jack Dorsey. In a livestream on Periscope, Dorsey said Thursday that opening verification to more people could help to make sure people on the platform are who they say they are. "The intention is to open verification for everyone, and to do it in a way that is scalable where we (Twitter) are not in the way. And people can verify more facts about themselves and we don't have to be the judge or imply any bias on our part," Dorsey said. Twitter introduced the blue checkmark in 2009. It was initially available to public figures such as celebrities, but has since expanded to others like journalists and bloggers. Users need to apply for the blue tick, explaining why they need one.

Fake News Spreads Faster Than True News On Twitter -- Thanks To People, Not Bots (sciencemag.org) 94

A new study shows that people are the prime culprits when it comes to the propagation of misinformation through social networks. Tweets containing falsehoods reach 1,500 people on Twitter six times faster than truthful tweets, the research reveals. Science Magazine reports: The lead author -- Soroush Vosoughi, a data scientist at the Massachusetts Institute of Technology in Cambridge -- and his colleagues collected 12 years of data from Twitter, starting from the social media platform's inception in 2006. Then they pulled out tweets related to news that had been investigated by six independent fact-checking organizations -- websites like PolitiFact, Snopes, and FactCheck.org. They ended up with a data set of 126,000 news items that were shared 4.5 million times by 3 million people, which they then used to compare the spread of news that had been verified as true with the spread of stories shown to be false. They found that whereas the truth rarely reached more than 1000 Twitter users, the most pernicious false news stories routinely reached well over 10,000 people. False news propagated faster and wider for all forms of news -- but the problem was particularly evident for political news, the team reports today in Science. At first the researchers thought that bots might be responsible, so they used sophisticated bot-detection technology to remove social media shares generated by bots. But the results didn't change: False news still spread at roughly the same rate and to the same number of people. By default, that meant that human beings were responsible for the virality of false news.

Trump Promises Copyright Crackdown As DoJ Takes Aim At Streaming Pirates (torrentfreak.com) 107

An anonymous reader quotes a report from TorrentFreak: Yesterday, a panel discussion on the challenges associated with piracy from streaming media boxes took place on Capitol Hill. Hosted by the Information Technology and Innovation Foundation (ITIF), "Unboxing the Piracy Threat of Streaming Media Boxes" (video) went ahead with some big name speakers in attendance, not least Neil Fried, Senior Vice President, Federal Advocacy and Regulatory Affairs at the MPAA. ITIF and various industry groups tweeted many interesting comments throughout the event. Kevin Madigan from Center for the Protection of Intellectual Property told the panel that torrent-based content "is becoming obsolete" in an on-demand digital environment that's switching to streaming-based piracy. "There's a criminal enterprise going on here that's stealing content and making a profit," Fried told those in attendance. "The piracy activity out there is bad, it's hurting a lot of economic activity & creators aren't being compensated for their work," he added.

And then, of course, we come to President Trump. Not usually that vocal on matters of intellectual property and piracy, yesterday -- perhaps coincidentally, perhaps not -- he suddenly delivered one of his "something is coming" tweets. "The U.S. is acting swiftly on Intellectual Property theft," Trump tweeted. "We cannot allow this to happen as it has for many years!" Given Trump's tendency to focus on problems overseas causing issues for companies back home, a comment by Kevin Madigan during the panel yesterday immediately comes to mind. "To combat piracy abroad, USTR needs to work with the creative industries to improve enforcement and target the source of pirated material," Madigan said.


Elon Musk Sides With Trump On Trade With China, Citing 25 Percent Import Duty On American Cars (cnbc.com) 330

Elon Musk believes China isn't playing fair in the car trade with the U.S. since it puts a 25 percent import duty on American cars, while the U.S. only does 2.5 percent for Chinese cars. "I am against import duties in general, but the current rules make things very difficult," Musk tweeted. "It's like competing in an Olympic race wearing lead shoes." CNBC reports: Tesla's Elon Musk is complaining to President Donald Trump about China's car tariffs. "Do you think the US & China should have equal & fair rules for cars? Meaning, same import duties, ownership constraints & other factors," Musk said on Twitter in response to a Trump tweet about trade with China. He added that no American car company is "allowed to own even 50% of their own factory" in the Asian country, but China's auto firms can own their companies in the U.S. Trump responded to Musk's tweets later at his steel and aluminum tariff press conference Thursday. "We are going to be doing a reciprocal tax program at some point, so that if China is going to charge us 25% or if India is going to charge us 75% and we charge them nothing ... We're going to be at those same numbers. It's called reciprocal, a mirror tax," Trump said after reading Musk's earlier tweets out loud.

Scientists Prove That Truth is No Match For Fiction on Twitter (theguardian.com) 194

Researchers find fake news reaches users up to 20 times faster than factual content -- and real users are more likely to spread it than bots. From a report: "Falsehood flies, and the truth comes limping after it," wrote Jonathan Swift in 1710. Now a group of scientists say they have found evidence Swift was right -- at least when it comes to Twitter. In the paper, published in the journal Science, three MIT researchers describe an analysis of a vast amount of Twitter data: more than 125,000 stories, tweeted more than 4.5 million times in total, all categorised as being true or false by at least one of six independent fact-checking organisations. The findings make for unhappy reading. "Falsehood diffused significantly farther, faster, deeper and more broadly than the truth in all categories of information," they write, "and the effects were more pronounced for false political news than for false news about terrorism, natural disasters, science, urban legends or financial information."

How much further? "Whereas the truth rarely diffused to more than 1,000 people, the top 1% of false-news cascades routinely diffused to between 1,000 and 100,000 people," they write. In other words, true facts don't get retweeted, while too-good-to-be-true claims are viral gold. How much faster? "It took the truth about six times as long as falsehood to reach 1,500 people, and 20 times as long as falsehood to reach a cascade depth of 10" -- meaning that it was retweeted 10 times sequentially (so, for example, B reads A's feed and retweets a tweet, and C then reads B's feed and retweets the same tweet, all the way to J).


Amazon Admits Its AI Alexa is Creepily Laughing at People (theverge.com) 170

Over the past few days, users with Alexa-enabled devices have reported hearing strange, unprompted laughter. The Verge: Amazon responded to the creepiness in a statement to The Verge, saying, "We're aware of this and working to fix it." As noted in media reports and a trending Twitter moment, Alexa laughs without being prompted to wake. People on Twitter and Reddit reported that they thought it was an actual person laughing near them, which can be scary when you're home alone. Many responded to the cackling sounds by unplugging their Alexa-enabled devices.

Microsoft Confirms Windows 10 'S Mode' (bleepingcomputer.com) 90

An anonymous reader shares a report: Microsoft head honcho Joe Belfiore confirmed today that Windows 10 S won't be a separate Windows version anymore and that Microsoft will ship an "S Mode" with Windows 10 starting 2019. "Next year 10S will be a "mode" of existing versions, not a distinct version," Belfiore said today on Twitter.

Coinbase Announces Cryptocurrency-Focused Index Fund (marketwatch.com) 26

In an interview with CNBC on its "Fast Money" segment, Coinbase's President and COO Asiff Hirji said the digital-currency platform would launch a cryptocurrency-focused index fund. Details are scarce but Hirji said it will be intended to give retail investors broad exposure to virtual currencies, and would be targeted to accredited investors on Day 1. He also said the index fund would be market-cap weighted.

UPDATE: Coinbase has since issued a blog post detailing the announcement. They are also introducing Coinbase Index, which "is a measure of the financial performance of all assets listed on GDAX, weighted by their market capitalization."

Slashdot Top Deals