Twitter

Twitter Suspends 300,000 Accounts Tied To Terrorism In 2017 (bloomberg.com) 69

According to a new transparency report, Twitter said it suspended nearly 300,000 accounts globally linked to terrorism in the first half of the year. The company is improving automation tools used to help block accounts that promote terrorism and violence. Bloomberg reports: Of [the nearly 300,000 accounts that were suspended], roughly 95 percent were identified by the company's spam-fighting automation tools. Meanwhile, the social network said government data requests continued to increase, and that it provided authorities with data on roughly 3,900 accounts from January to June. Twitter said about 75 percent of the blocked accounts this year were spotted before a single tweet was sent, and that 935,897 accounts had been suspended since August 2015, with two-thirds of those coming in the past year. American authorities made 2,111 requests from Twitter from January to June, the most of the 83 countries tracked by the company. Twitter supplied information on users in 77 percent of the inquiries. Japan made 1,384 requests and the U.K. issued 606 requests. Turkish authorities continued a trend of aggressively policing Twitter, making 554 requests for account data and issuing court orders to remove 715 pieces of content. Other governments made only 38 total content-removal requests.
Social Networks

New Book Argues Silicon Valley Will Lead Us to Our Doom (sandiegouniontribune.com) 201

Long-time Slashdot reader Zorro quotes the San Diego Union-Tribune: To many Americans, large technology firms embody much of what's good about the modern world. Franklin Foer has a different perspective. In his new book, "World Without Mind," the veteran journalist lays out a more ominous view of where Big Tech would like to take us -- in many ways, already has taken us... These firms have a program: to make the world less private, less individual, less creative, less human... Big Tech has imposed its will on the resident population with neither our input nor our permission.
The reviewer summarizes the book's argument as "Once hooked, consumers are robbed of choice, milked for profit, deprived of privacy and made the subjects of stealth social engineering experiments."

Interestingly, Foer was fired from The New Republic in 2014 by its new publisher -- Facebook co-founder Chris Hughes -- and Foer's new book includes strong criticism of the way companies are assembling detailed profiles on their users. "They have built their empires by pulverizing privacy; they will further ensconce themselves by pushing boundaries, by taking even more invasive steps that build toward an even more complete portrait of us."
Social Networks

Facebook Shares Details Of Russia-Bought Ads With US Investigators (cnn.com) 232

An anonymous reader quotes CNN: Special counsel Robert Mueller and his team are now in possession of Russian-linked ads run on Facebook during the presidential election, after they obtained a search warrant for the information. Facebook gave Mueller and his team copies of ads and related information it discovered on its site linked to a Russian troll farm, as well as detailed information about the accounts that bought the ads and the way the ads were targeted at American Facebook users, a source with knowledge of the matter told CNN. The disclosure, first reported by the Wall Street Journal, may give Mueller's office a fuller picture of who was behind the ad buys and how the ads may have influenced voter sentiment during the 2016 election...

As CNN reported Thursday, Facebook is still not sure whether pro-Kremlin groups may have made other ad buys intended to influence American politics that it simply hasn't discovered yet. It is even possible that unidentified ad buys may still exist on the social media network today.

Security

Equifax CEO Hired a Music Major as the Company's Chief Security Officer 428

Susan Mauldin, the person in charge of the Equifax's data security, has a bachelor's degree and a master of fine arts degree in music composition from the University of Georgia, according to her LinkedIn profile. Mauldin's LinkedIn profile lists no education related to technology or security. If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret.

Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. On Friday, the UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.

UPDATE (9/16/2017): CSO Susan Mauldin has abruptly 'retired' from Equifax.
Google

Social Media Site Gab Sues Google For Antitrust Violations Following Ban From Play Store (washingtonpost.com) 164

The social media site Gab.ai is accusing Google of violating federal antitrust laws when the tech giant booted Gab from the Google Play Store, according to lawsuit filed this week. From a report: The legal action is the latest salvo in an escalating battle between right-leaning technologists and leaders against Silicon Valley giants such as Facebook and Google. Gab alleges in the lawsuit that "Google deprives competitors, on a discriminatory basis, of access to the App Store, which an essential facility or resource." "Google is the biggest threat to the free flow of information," Gab chief executive Andrew Torba said in a statement. "Gab started to fight against the big tech companies in the marketplace, and their monopolistic conduct has forced us to bring the fight to the courtroom." Alternative source.
Businesses

Two Ex-Googlers Want To Make Bodegas And Mom-And-Pop Corner Stores Obsolete (fastcompany.com) 340

Elizabeth Segran, writing for FastCompany: While it sometimes feels like we do all of our shopping on the internet, government data shows that actually less than 10% of all retail transactions happen online. In a world where we get our groceries delivered in just two hours through Instacart or Amazon Fresh, the humble corner store -- or bodega, as they are known in New York and Los Angeles -- still performs a valuable function. No matter how organized you are, you're bound to run out of milk or diapers in the middle of the night and need to make a quick visit to your neighborhood retailer. Paul McDonald, who spent 13 years as a product manager at Google, wants to make this corner store a thing of the past. Today, he is launching a new concept called Bodega with his cofounder Ashwath Rajan, another Google veteran. Bodega sets up five-foot-wide pantry boxes filled with non-perishable items you might pick up at a convenience store. An app will allow you to unlock the box and cameras powered with computer vision will register what you've picked up, automatically charging your credit card. The entire process happens without a person actually manning the "store." Bodega's logo is a cat, a nod to the popular bodega cat meme on social media -- although if the duo gets their way, real felines won't have brick-and-mortar shops to saunter around and take naps in much longer. "The vision here is much bigger than the box itself," McDonald says. "Eventually, centralized shopping locations won't be necessary, because there will be 100,000 Bodegas spread out, with one always 100 feet away from you."
Communications

Study Finds That Banning Trolls Works, To Some Degree (vice.com) 340

An anonymous reader quotes a report from Motherboard: On October 5, 2015, facing mounting criticism about the hate groups proliferating on Reddit, the site banned a slew of offensive subreddits, including r/Coontown and r/fatpeoplehate, which targeted Black people and those with weight issues. But did banning these online groups from Reddit diminish hateful behavior overall, or did the hate just spread to other places? A new study from the Georgia Institute of Technology, Emory University, and University of Michigan examines just that, and uses data collected from 100 million Reddit posts that were created before and after the aforementioned subreddits were dissolved. Published in the journal ACM Transactions on Computer-Human Interaction, the researchers conclude that the 2015 ban worked. More accounts than expected discontinued their use on the site, and accounts that stayed after the ban drastically reduced their hate speech. However, studies like this raise questions about the systemic issues facing the internet at large, and how our culture should deal with online hate speech. First, the researchers automatically extracted words from the banned subreddits to create a dataset that included hate speech and community-specific lingo. The researchers looked at the accounts of users who were active on those subreddits and compared their posting activity from before and after those offensive subreddits were banned. The team was able to monitor upticks or drops in the hate speech across Reddit and if that speech had "migrated" to other subreddits as a result.
Open Source

Equifax Blames Open-Source Software For Its Record-Breaking Security Breach (zdnet.com) 268

The blame for the record-breaking cybersecurity breach that affects at least 143 million people falls on the open-source server framework, Apache Struts, according to an unsubstantiated report by equity research firm Baird. The firm's source, per one report, is believed to be Equifax. ZDNet reports: Apache Struts is a popular open-source software programming Model-View-Controller (MVC) framework for Java. It is not, as some headlines have had it, a vendor software program. It's also not proven that Struts was the source of the hole the hackers drove through. In fact, several headlines -- some of which have since been retracted -- all source a single quote by a non-technical analyst from an Equifax source. Not only is that troubling journalistically, it's problematic from a technical point of view. In case you haven't noticed, Equifax appears to be utterly and completely clueless about their own technology. Equifax's own data breach detector isn't just useless: it's untrustworthy. Adding insult to injury, the credit agency's advice and support site looks, at first glance, to be a bogus, phishing-type site: "equifaxsecurity2017.com." That domain name screams fake. And what does it ask for if you go there? The last six figures of your social security number and last name. In other words, exactly the kind of information a hacker might ask for. Equifax's technical expertise, it has been shown, is less than acceptable. Could the root cause of the hack be a Struts security hole? Two days before the Equifax breach was reported, ZDNet reported a new and significant Struts security problem. While many jumped on this as the security hole, Equifax admitted hackers had broken in between mid-May through July, long before the most recent Struts flaw was revealed. "It's possible that the hackers found the hole on their own, but zero-day exploits aren't that common," reports ZDNet. "It's far more likely that -- if the problem was indeed with Struts -- it was with a separate but equally serious security problem in Struts, first patched in March." The question then becomes: is it the fault of Struts developers or Equifax's developers, system admins, and their management? "The people who ran the code with a known 'total compromise of system integrity' should get the blame," reports ZDNet.
Businesses

How Techies Rescued Food Stamps (wired.com) 292

New submitter rgh02 writes: There is an endless variety of apps designed to manage life for the upper middle class, but most low-income Americans don't benefit from the same time-saving hacks. Thanks to new trends in civic technology, that's beginning to change. The 43 million Americans depending on food stamps are seeing the introduction of apps like Propel's Fresh EBT, which allows users to check balances, track deals, and organize budgets accordingly. And Propel is only one of several companies looking to disrupt outdated social programs, Tonya Riley reports at Backchannel. But the Trump administration, with its hiring freezes and budget cuts, poses threats to these advancements. Riley dives deep into the progress that's been made and how companies are navigating these obstacles.
Privacy

TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results (techcrunch.com) 176

An anonymous reader quotes security researcher Brian Krebs: The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach -- equifaxsecurity2017.com -- is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones.
TechCrunch has concluded that "the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach." One user reports that entering the same information twice produced two different answers. And ZDNet's security editor reports that even if you just enter Test or 123456, "it says your data has been breached." TechCrunch writes: The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there's no way to tell if you were really impacted. It's clear Equifax's goal isn't to protect the consumer or bring them vital information. It's to get you to sign up for its revenue-generating product TrustID.
Meanwhile, one web engineer claims the secret 10-digit "security freeze" PIN being issued by Equifax "is just a timestamp of when you made the freeze."
Government

Should Congress Force Social Media To Investigate Foreign Propaganda Trolls? (politico.com) 266

"I fought foreign propaganda for the FBI," writes a former special agent from its Counterintelligence Division. Now an associate dean at Yale Law School, he's warning that "the tools we had won't work anymore." An anonymous reader quotes Politico: The bureau is now faced with huge private companies, like Facebook and Twitter, which are ostensibly neutral and have no professional or ethical obligation to vet the material they distribute. Further, foreign intelligence service propaganda agents are no longer human operatives on American soil -- they are invisible "trolls," often operating from a foreign country and behind social media accounts that make them impossible for the FBI to approach directly. Or, in the case of so-called bots -- software programs designed to simulate humans -- they might not even be people at all... [S]ocial media platforms can reach an almost limitless audience, often within days or hours, more or less for free: Russia's Facebook ads alone reached between 23 million and 70 million viewers.

Without any direct way to investigate and identify the source of the private accounts that generate this "fake news," there's literally nothing the FBI can do to stop a propaganda operation that can occur on such a massive scale... But Congress could pass legislation that requires social media companies to cooperate with counterintelligence in the same ways they do with law enforcement. For example, the Communications Assistance for Law Enforcement Act requires telecommunications companies to design their digital networks in such a way that would permit wiretaps for criminal cases. Similarly, requiring social media platforms to develop ways to vet and authenticate foreign users and proactively report potential bots to the FBI would enable the FBI to identify perception management operations as they are occurring. In addition to monitoring these specific FIS-based accounts, the FBI could publicly expose the source of particular accounts, ads or news...

"At this point, we have no choice: It's clear that our current counterintelligence strategy hasn't caught up to the age of asymmetrical information warfare," the former counterintelligence agent concludes. "Until it does, we'll be silently allowing our freedoms to be manipulated...."
AI

AI Can Detect Sexual Orientation Based On Person's Photo (cnbc.com) 350

ugen shares a report from CNBC: Artificial Intelligence (AI) can now accurately identify a person's sexual orientation by analyzing photos of their face, according to new research. The Stanford University study, which is set to be published in the Journal of Personality and Social Psychology and was first reported in The Economist, found that machines had a far superior "gaydar" when compared to humans. Slashdot reader randomlygeneratename adds: Researchers built classifiers trained on photos from dating websites to predict the sexual orientation of users. The best classifier used logistic regression over features extracted from a VGG-Face conv-net. The latter was done to prevent overfitting to background, non-facial information. Classical facial feature extraction also worked with a slight drop in accuracy. From multiple photos, they achieved an accuracy of 91% for men and 83% for women (and 81% / 71% for a single photo). Humans were only able to get 61% and 54%, respectively. One caveat is the paper mentions it only used Caucasian faces. The paper went on to discuss how this capability can be an invasion of privacy, and conjectured that other types of personal information might be detectable from photos. The source paper can be found here.
Social Networks

Why It's So Hard To Trust Facebook (cnn.com) 139

Brian Stelter, writing for CNN: Why won't Facebook show the public the propagandistic ads that a so-called Russian troll farm bought last year to target American voters? That lack of transparency is troubling to many observers. "Show us the ads Zuck!" Silicon Valley entrepreneur Jason Calacanis wrote on Twitter when The Washington Post reported on the surreptitious ad buys on Wednesday. Calacanis said Facebook was "profiting off fake news," echoing a widely held criticism of the social network. It was only the latest example of Facebook's credibility problem. For a business based on the concept of friendship, it's proving to be a hard company to trust. On the business side, Facebook's metrics for advertisers have been error-prone, to say the least. Analysts and reporters have repeatedly uncovered evidence of faulty data and measurement mistakes. Facebook's opaqueness has also engendered mistrust in the political arena. Conservative activists have accused the company of censoring right-wing voices and stories. Liberal activists have raised alarms about its exploitation of personal information to target ads. And the news business is worried about the spread of bogus stories and hoaxes on the site. Some critics have even taken to calling Facebook a "surveillance company," seeking to reframe the business the social network is in -- not networking but ad targeting based on monitoring of users. Over at The Verge, Casey Newton documents inconsistencies in Facebook's public remarks over its role in the outcome of the presidential election last year. Newton says Facebook's shifting Russian ads stories and unwillingness to disclose information citing laws (which seem to imply otherwise) are damaging its credibility.
Privacy

Equifax Breach is Very Possibly the Worst Leak of Personal Info Ever (arstechnica.com) 401

The breach Equifax reported Thursday is very possibly is the most severe of all for a simple reason: the breath-taking amount of highly sensitive data it handed over to criminals. Dan Goodin of ArsTechnica writes: By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers, it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be. The theft, by criminals who exploited a security flaw on the Equifax website, opens the troubling prospect the data is now in the hands of hostile governments, criminal gangs, or both and will remain so indefinitely. Hacks hitting Yahoo and other sites, by contrast, may have breached more accounts, but the severity of the personal data was generally more limited. And in most cases the damage could be contained by changing a password or getting a new credit card number. What's more, the 143 million US people Equifax said were potentially affected accounts for roughly 44 percent of the population. When children and people without credit histories are removed, the proportion becomes even bigger. That means well more than half of all US residents who rely the most on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come. Besides being used to take out loans in other people's names, the data could be abused by hostile governments to, say, tease out new information about people with security clearances, especially in light of the 2015 hack on the US Office of Personnel Management, which exposed highly sensitive data on 3.2 million federal employees, both current and retired. Meanwhile, if you accept Equifax's paltry "help" you forfeit the right to sue the company, it has said. In its policy, Equifax also states that it won't be helping its customers fix hack-related problems.

UPDATE (9/9/17): Equifax has now announced that "the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident."

Bloomberg reported on Friday that a class action seeking to represent 143 million consumers has been filed, and it alleges the company didn't spend enough on protecting data. The class-action -- filed by the firm Olsen Daines PC along with Geragos & Geragos, a celebrity law firm known for blockbuster class actions -- will seek as much as $70 billion in damages nationally.
Businesses

VR Company Upload Settles Sexual Harassment Lawsuit (techcrunch.com) 83

An anonymous reader quotes a report from TechCrunch: Upload, formerly UploadVR, the virtual reality startup at the center of a sexual harassment and wrongful termination lawsuit filed earlier this year, has settled the case with its former employee and is aiming to put the ensuing damage behind it. The lawsuit, filed against the startup and its co-founders by former director of digital and social media Elizabeth Scott, alleged that the company had sought to create a "boy's club" environment and described "rampant" sexual behavior in the office, allegations that co-founders Will Mason and Taylor Freeman denied as "entirely without merit." The lawsuit is now over, according to people familiar with the matter, and though the terms of the agreement were undisclosed, some in the virtual reality community feel that the company has dodged a bullet in reaching some conclusion over the litigation.

"The matter has been concluded," was Upload's official statement. Neither Scott, nor her legal counsel, responded to a request for comment for this story. Upload has also released the following statement around the conclusion of the legal case. "Our primary focus at Upload is education, which we believe is the key to growing the mixed reality ecosystem. We are deeply committed to creating an inclusive community to empower the pioneers building the future."

Security

Credit Reporting Firm Equifax Announces 'Cybersecurity Incident Impacting Approximately 143 Million US Consumers' (cnbc.com) 299

Equifax, which supplies credit information and other information services, said Thursday that a cybersecurity incident discovered on July 29 could have potentially affected 143 million consumers in the U.S. "The leaked data includes names, birth dates, social security numbers, addresses and potentially drivers licenses," reports CNBC. "209,000 U.S. credit card numbers were also obtained, in addition to 'certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers."

Chairman and Chief Executive Officer, Richard F. Smith said in a statement: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident." Equifax is now alerting customers whose information was included in the breach via mail, and is working with state and federal authorities.

UPDATE (9/7/17): According to Bloomberg, "three Equifax senior executives sold shares worth almost $1.8 million" in the days after the company discovered the security breach. Regulatory filings show that three days after the breach was discovered on July 29th, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099." Meanwhile, "Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2."
Social Networks

67% of Americans Use Social Media To Get Some of their News 71

Shan Wang, writing for Neiman Lab: Sixty-seven percent of Americans report getting some of their news via social media at some point, according to a Pew Research survey of just under 5,000 U.S. adults conducted last month and published Thursday. That overall percentage is only up slightly from 62 percent in 2016, in the run-up to the November election. But among specific demographics, using social media for news has increased: 74 percent of non-white U.S. adults now get news from social media, up from 64 percent of that group who got news that way in 2016. Fifty-five percent of Americans 50 and older say the have gotten news from social media, up from 45 percent (older people are also driving the increasing percentage of people who get news via mobile). Facebook is still the dominant social media source for news. But when Pew looked at the percentage of users on each social media platform who were using it for news, it was Twitter, Snapchat, and YouTube that saw increases (remember that user bases are vastly different sizes, from YouTube to Facebook to Tumblr to Twitter):
Security

Over 28 Million Records Stolen In Breach of Latin American Social Network Taringa (thehackernews.com) 16

Taringa, also known as "The Latin American Reddit," has been compromised in a massive data breach that has resulted in the leaked login credentials of almost all of its over 28 million users. The Hackers News reports: The Hacker News has been informed by LeakBase, a breach notification service, who has obtained a copy of the hacked database containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords for Taringa users. The hashed passwords use an ageing algorithm called MD5 -- which has been considered outdated even before 2012 -- that can easily be cracked, making Taringa users open to hackers. Wanna know how weak is MD5? LeakBase team has already cracked 93.79 percent (nearly 27 Million) of hashed passwords successfully within just a few days. The data breach reportedly occurred last month, and the company then alerted its users via a blog post: "It is likely that the attackers have made the database containing nicks, email addresses and encrypted passwords. No phone numbers and access credentials from other social networks have been compromised as well as addresses of bitcoin wallets from the Taringa program! Creators." the post (translated) says. "At the moment there is no concrete evidence that the attackers continue to have access to the Taringa code! and our team continues to monitor unusual movements in our infrastructure."
Facebook

Facebook Offers Hundreds of Millions of Dollars for Music Rights (bloomberg.com) 84

Facebook is offering major record labels and music publishers hundreds of millions of dollars so the users of its social network can legally include songs in videos they upload, Bloomberg reported on Tuesday. From the report: The posting and viewing of video on Facebook has exploded in recent years, and many of the videos feature music to which Facebook doesn't have the rights. Under current law, rights holders must ask Facebook to take down videos with infringing material. Music owners have been negotiating with Facebook for months in search of a solution, and Facebook has promised to build a system to identify and tag music that infringes copyrights. Yet such a setup will take as long as two years to complete, which is too long for both sides to wait, said the people, who asked not to be named discussing details that aren't public. Facebook is eager to make a deal now so that it no longer frustrates users, by taking down their videos; partners, by hosting infringing material; or advertisers, with the prospect of legal headaches. The latest discussions will ensure Facebook members can upload video with songs just as it's rolling out Watch, a new hub for video, and funding the production of original series. Facebook is attempting to attract billions of dollars in additional advertising revenue and challenge YouTube as the largest site for advertising-supported video on the web.
Businesses

After Public Outcry From Customers, Britain's Biggest Bank HSBC Heads Off Complaints Over Small Business Account Closures (theguardian.com) 62

Julia Kollewe writing for The Guardian: HSBC has rushed to head off complaints from small businesses that found the bank had frozen or closed down their accounts as part of a crackdown on financial crime. Hundreds of small firms are thought to be affected, whose businesses range from an avocado importer to marketing and design companies. Britain's biggest bank, which has faced accusations of reacting slowly to the debacle, said that after becoming aware of problems in the past week, it was putting extra staff on its helpline and speeding up the process for dealing with complaints. It said staff were reducing the amount of time to unfreeze an account once a review had been completed. Earlier on Monday, Richard Davey, an HTML5 game developer and creator of Phaser, shared his ordeal dealing with HSBC, which had suspended transactions from his accounts without much explanation. It was only after thousands of users brought it to the company's attention on social media that the company fixed Davey's account, he said.

Slashdot Top Deals