SoylentNews

An Anonymous Coward writes:

Facebook chats sent by Zuckerberg from several years ago or older were missing from the inboxes of both former employees and non-employees. What's left makes it look the recipients were talking to themselves, as only their side of back-and-forth conversations with Zuckerberg still appear. Three sources asked to remain anonymous out of fear of angering Zuckerberg or burning bridges with the company.

When asked by TechCrunch about the situation, Facebook claimed in this statement it was done for corporate security:

"After Sony Pictures' emails were hacked in 2014 we made a number of changes to protect our executives' communications. These included limiting the retention period for Mark's messages in Messenger. We did so in full compliance with our legal obligations to preserve messages."

However, Facebook never publicly disclosed the removal of messages from users' inboxes, nor privately informed the recipients. That raises the question of whether this was a breach of user trust. When asked that question directly over Messenger, Zuckerberg declined to provide a statement.

[...] [Update: Recent messages from Zuckerberg remain in users' inboxes. Old messages from before 2014 still appear to some users, indicating the retraction did not apply to all chats the CEO sent. But more sources have come forward since publication, saying theirs disappeared as well.]

https://techcrunch.com/2018/04/05/zuckerberg-deleted-messages/

Original Submission

Arthur T Knackerbracket has found the following story:

Predicting an eventual upturn in the sagging smartphone market, research director Ranjit Atwal told The Reg that while artificial intelligence has proven key to making phones more useful by removing friction from transactions, AI required more permissive use of data to deliver. An example he cited was Uber "knowing" from your calendar that you needed a lift from the airport.

"Today there an no good use cases for AI - it's just an enhancement of what we do on a phone. We're thinking ahead a few years, when AI can start to remove friction between us and the phone." This can be done by automating mundane tasks - such as ordering an Uber - but that will require users to share data with services they trust.

Another example Atwal cited was renewing house and car insurance. "If you haven't changed your car insurance there should be easier and more effective ways of doing that. But that only happens if you share your data."

That seems a tall order today. Since news broke that Cambridge Analytica used of [sic] Facebook data it should not have been able to access, Facebook has been on the end of the backlash for its permissive data sharing. And not just Facebook. Gay hookup service Grindr was found to be sharing medical information - including their HIV status - with third parties.

[...] "By 2020, AI capabilities on smartphones will offer a more intelligent digital persona on the device. Machine learning, biometrics and user behaviour will improve the ease of use, self-service and frictionless authentications. This will allow smartphones to be more trusted than other credentials, such as credit cards, passports, IDs or keys," Atwal concludes.

Putting the pieces together, then: if AI is to transform efficiency, and this transformation requires plenty of consumer data, and the data is valuable, then there are some interesting sums to be done. How much is your calendar worth? Will it be profitable for the likes of Uber to pay you for that data in order to get your business?

Original Submission

takyon writes:

South Korea's former President Park Geun-hye has been imprisoned for 24 years for her role in a corruption scandal:

Park became South Korea's first democratically elected leader to be forced from office last year when the Constitutional Court ordered her out over a scandal that landed the heads of two conglomerates in jail. The court also fined Park, the daughter of a former military dictator, 18 billion won ($16.9 million) after finding her guilty of charges including bribery, abuse of power and coercion.

"The defendant abused her presidential power entrusted by the people, and as a result, brought massive chaos to the order of state affairs and led to the impeachment of the president, which was unprecedented," judge Kim Se-yoon said as he handed down the sentence.

Up to 1,000 Park supporters gathered outside the court, holding national flags and signs calling for an end to "political revenge" against her.

The court found Park guilty of colluding with her old friend, Choi Soon-sil, to receive about 7 billion won ($6.56 million) each from Lotte Group, a retail giant, and Samsung, the world's biggest maker of smartphones and semiconductors, while demanding 8.9 billion won from SK, an energy conglomerate. Most of the money was intended to bankroll non-profit foundations run by Choi's family and confidants, and to fund the education of Choi's horse-riding daughter, the court said.

Also at BBC and NYT.

Previously: South Korean President Park Geun-hye Impeached
President Park Geun-hye's Impeachment Upheld as South Korea's "Trial of the Century" Begins
Ousted South Korean Leader Behind Bars After Arrest on Bribery Charges
Samsung Electronics Vice Chairman Sentenced to Five Years in Corruption Scandal Ruling

Original Submission

Booga1 writes:

Notorious website backpage.com has been seized according to NY Daily News.

Sex ads platform Backpage.com was seized by the Federal Bureau of Investigation Friday hours after its founder's Phoenix home was raided.

Visitors to the site landed on a notice from the federal government announcing its seizure.

"Backpage.com and affiliated websites have been seized as part of an enforcement action by the Federal Bureau of Investigation, the U.S. Postal Inspection Service, and the Internal Revenue Service Criminal Investigation Division, with analytical assistance from the Joint Regional Intelligence Center," the announcement read.

Founder's home also raided by the FBI Friday morning.

U.S. Government Seizes backpage.com

takyon writes:

The FBI, Justice Department, and other agencies have seized backpage.com, and one of the co-founders had their home raided:

Arthur T Knackerbracket has found the following story:

European organisations are taking longer to detect breaches than their counterparts in North America, according to a study by FireEye.

Organisations in EMEA are taking almost six months (175 days) to detect an intruder in their networks, which is rather more than the 102 days that the firm found when asking the same questions last year. In contrast, the median dwell time in the Americas has improved to 76 days in 2017 from 99 in 2016. Globally it stands at 101 days.

The findings about European breach detection are a particular concern because of the looming GDPR deadline, which will introduce tougher breach disclosure guidelines for organisations that hold Europeans citizens' data. GDPR can also mean fines of €20 million, or four per cent of global turnover, whichever is higher.

FireEye's report also records a growing trend of repeat attacks by hackers looking for a second bite of the cherry. A majority (56 per cent) of global organisations that received incident response support were targeted again by the same of a similarly motivated attack group, FireEye reports.

FireEye has historically blamed China for many of the breaches its incident response teams detected. But as the geo-political landscape has changed Russia and North Korea are getting more and more "credit" for alleged cyber-nasties.

But a different country - Iran - features predominantly in attacks tracked by FireEye last year. Throughout 2017, Iran grew more capable from an offensive perspective. FireEye said that it "observed a significant increase in the number of cyber-attacks originating from Iran-sponsored threat actors".

FireEye's latest annual M-Trends report (pdf) is based on information gathered during investigations conducted by its security analysts in 2017 and uncovers emerging trends and tactics that threat actors used to compromise organisations.

Original Submission

Arthur T Knackerbracket has found the following story:

Cloudflare's new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Centre (APNIC).

The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy.

"We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque," wrote APNIC's chief scientist Geoff Huston in a blog post.

"We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs. We are also unclear how much of the DNS is related to end user or application requirements for name resolution, and how much is related to the DNS chattering to itself."

canopic jug writes:

IT Wire has a short note about the cost of (MS Windows) malware around the world.

The IBM report found number of breaches dropped as cyber criminals shifted their focus to ransomware and destructive attacks that lock or destroy data unless the victim pays a ransom.

IBM says that while the number of records breached was still significant, ransomware reigned in 2017 as attacks such as WannaCry, NotPetya, and Bad Rabbit caused chaos across industries without contributing to the total number of compromised records reported.

From IT Wire : Records breaches cost US$8bn, ransomware the main culprit

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow8317

Paying for stuff with your smartphone is downright dangerous according to Zhe Zhou, a pre-tenure associate professor at Fudan University, who yesterday explained how three different payment methods can be cracked at Black Hat Asia in Singapore.

In a talk titled "All your payment tokens are mine: Vulnerabilities of mobile payment systems", Zhe said mobile payments have two weaknesses: tokens aren't encrypted; and tokens aren't tied to a single transaction, so can be re-used and/or hijacked.

Zhe explained that mobile payments see smartphones generate a one-time token that's passed to a point of sale terminal. Once the token's exchanged and verified by a payments server somewhere, it won't be accepted again. The trick to using harvested tokens is therefore to stop them ever making it to the point of sale terminal, then to use that token for another transaction of higher value before it expires.

[...] Zhe's most devious attack targeted the QR codes used as tokens for some payments. His tactic for such tokens was to surreptitiously turn on a smartphone's front-facing camera to photograph the reflection of a QR code in a point of sale scanner's protective cover. This attack also detects the configuration of the QR code and subtly changes its appearance to make it unreadable. The malware running the attack on the smartphone, however, manages to retain a perfect and usable QR code.

Source: https://www.theregister.co.uk/2018/03/23/mobile_payments_token_interception_talk_black_hat_asia/

Original Submission

MrPlow writes:

Submitted via IRC for fungus

Templates for data models can be found for different industries, such as education and learning, healthcare, energy and utilities, banking and financial markets, insurance, telecommunications, retail, aviation, and more others. As a quick FYI, these are often put together by standards bodies or vendors of different systems and databases. They can also go by different names such as a standard data model, industry data model, or industry standard data model (ISDM).

[...] Most of the time, industry standard data models can offer a lot of value, especially when needing them to develop and launch new products and services, but plan for mitigating the associated risks if you're using them as a starting point to map your own business' data model or develop your data warehouse, your own system, and/or enterprise data strategy.

Source: http://www.lightsondata.com/benefits-risks-of-standard-data-models/

Original Submission

takyon writes:

U.S. Surgeon General Jerome Adams has urged more Americans to carry the opioid overdose reversal treatment naloxone, known under brand names such as Narcan and Evzio. However, the drug and its delivery systems have become more expensive in recent years:

As opioid-related deaths have continued to climb, naloxone, a drug that can reverse overdoses, has become an important part of the public health response. When people overdosing struggle to breathe, naloxone can restore normal breathing and save their lives. But the drug has to be given quickly.

On Thursday, U.S. Surgeon General Jerome Adams issued an advisory that encouraged more people to routinely carry naloxone. "The call to action is to recognize if you're at risk," he tells Morning Edition's Rachel Martin. "And if you or a loved one are at risk, keep within reach, know how to use naloxone."

[...] The medicine is now available at retail pharmacies in most states without a prescription. Between 2013 and 2015, researchers found a tenfold increase in naloxone sold by retail pharmacies in the U.S. But prices have increased along with demand. Naloxone-filled syringes that used to cost $6 apiece now cost $30 and up. A two-pack of naloxone nasal spray can cost $135 or more. And a two-pack of automatic naloxone injectors runs more than $3,700. And while it's true that naloxone can prevent many opioid-related deaths, it doesn't solve the root cause of the problem.

Also at NYT and CNN.

Related: Kroger Supermarkets to Carry Naloxone Without a Prescription
Chicago Jail Handing Out Naloxone to Inmates Upon Release
Opioid Crisis Official; Insys Therapeutics Billionaire Founder Charged; Walgreens Stocks Narcan

Original Submission

takyon writes:

You can now reserve a stay in an upcoming "luxury space hotel" for a "fully refundable" $80,000 deposit:

Well-heeled will have a new orbital destination four years from now, if one company's plans come to fruition. That startup, called Orion Span, aims to loft its "Aurora Station" in late 2021 and begin accommodating guests in 2022. "We are launching the first-ever affordable luxury space hotel," said Orion Span founder and CEO Frank Bunger, who unveiled the Aurora Station idea today (April 5) at the Space 2.0 Summit in San Jose, California.

"Affordable" is a relative term: A 12-day stay aboard Aurora Station will start at $9.5 million. Still, that's quite a bit less than orbital tourists have paid in the past. From 2001 through 2009, seven private citizens took a total of eight trips to the (ISS), paying an estimated $20 million to $40 million each time. (These private missions were brokered by the Virginia-based company Space Adventures and employed Russian Soyuz spacecraft and rockets.)

[...] Orion Span is building Aurora Station itself, Bunger added. The company — some of whose key engineering players have helped design and operate the ISS — is manufacturing the hotel in Houston and developing the software required to run it in the Bay Area, he said.

Aurora Station will orbit at an altitude of 200 miles (~322 km). The pressurized volume of the entire station is planned to be 160 cubic meters initially, compared to 916 m³ for the International Space Station, 330 m³ for a Bigelow B330 inflatable module, and 2,250 m³ for Bigelow's BA 2100 concept module. However, the company plans to expand Aurora Station with additional modules in the future, and may lease them out for long-term residents.

Also at the Orlando Sentinel and Space News.

Original Submission

takyon writes:

Elon Musk's Tesla, Inc. has been having some problems recently. But one easy-to-overlook problem is the debt incurred by its SolarCity subsidiary:

But 16 months after Chief Executive Officer Elon Musk kicked up controversy by acquiring the solar-panel installer founded by two of his cousins, its obligations are a strain on Tesla's finances. The $2 billion purchase came with a $2.9 billion debt load, and a chunk of that is soon coming due. That's bad timing for a company churning through about $6,500 a minute and trying to stave off the need for another capital raise. "SolarCity debt may not be the immediate cause of Tesla's problems, but it certainly isn't helping right now," said Alexander Diaz-Matos, an analyst at credit research firm Covenant Review LLC.

[...] Tesla's debt runs the gamut -- convertible bonds, promissory notes, term loans, cash-equity debt, asset-backed securities. Most of the total is tied to Tesla the automaker. But the energy unit, which includes the solar business, accounts for 27 of the 29 maturities set to come due through 2019.

[...] In recent months, Tesla's solar business lost the residential-solar throne to rival Sunrun Inc., a San Francisco-based installer with a market capitalization about half the SolarCity purchase price. Tesla ceded market share as it attempted to boost energy-unit profitability and scrapped SolarCity's costly door-to-door retail sales strategy. That was a smart move, according to Ross Gerber, co-founder of Gerber Kawasaki Wealth & Investment Management, which oversees more than $10 million in Tesla shares and options. He criticized the SolarCity deal but is still bullish on the company and Musk. "SolarCity was probably going to go bankrupt," Gerber said.

[...] For his part, Musk hasn't wavered from his commitment to turn Tesla into a one-stop shop selling solar panels to capture power, devices to store the energy and cars that can be charged in the garage. The company started producing photovoltaic glass tiles in December at a factory in Buffalo, New York, and has begun selling solar at some of its own stores and through retailer Home Depot Inc.

At least Tesla production is higher than ever.

Original Submission

Arthur T Knackerbracket has found the following story:

For children with severe cerebral palsy (CP), surgery for scoliosis (sideways curvature of the spine) significantly improves the quality of life (QoL) for them and their caregivers, reports a study in the April 4, 2018, issue of The Journal of Bone & Joint Surgery. The journal is published in partnership with Wolters Kluwer.

"Scoliosis surgery in patients with CP leads to a significant improvement in health-related QoL, which is maintained five years following surgery," write Firoz Miyanji, MD, of British Columbia Children's Hospital, Vancouver, and colleagues from seven other North American medical centers. Their study provides evidence that surgery for scoliosis improves outcomes important to severely disabled children with CP and their parents/caregivers -- outweighing the substantial rate of complications during the first year after surgery.

[...] Surgery may be performed to stop scoliosis progression. However, the true benefits of surgery in improving QoL are difficult to quantify in these complex cases. Dr. Miyanji and colleagues used a validated questionnaire specifically designed for evaluation of children with severe CP -- the Caregiver Priorities and Child Health Index of Life with Disabilities, or "CPCHILD" -- to assess the impact of scoliosis surgery at one, two, and five years postoperatively.

Scoliosis surgery significantly reduced the spinal curvature. On a standard x-ray measurement (Cobb angle), the curve was reduced from the severe to the mild-to-moderate range, on average. The improvement remained stable through two and five years after surgery.

Analysis of the CPCHILD scores showed improvements QoL for the patients with CP and their caregivers. In addition to improvement in the total CPCHILD score, there were improvements in the areas of personal care, positioning, and comfort. Overall, 92 percent of caregivers reported that their child's QoL was better one year after scoliosis surgery. Like the x-ray improvements, the gains in QoL persisted throughout follow-up.

As in previous studies of scoliosis surgery in children with CP, complications were common. This was especially so during the first year after surgery, when 46 percent of patients experienced a complication, most commonly pneumonia and surgical site infections. However, the first-year complications had little or no impact on QoL outcomes.

Original Submission

takyon writes:

During a recent SpaceX launch for Iridium, the live coverage of the mission was cut off early, with the host pointing to National Oceanic and Atmospheric Administration (NOAA) restrictions on launches that don't obtain a license. While SpaceX may have been breaking the law on previous missions that it had broadcasted without obtaining a license, it appears that nobody at NOAA realized until the high-profile maiden launch of Falcon Heavy. However, there is also a dispute over whether NOAA approached SpaceX about the issue or SpaceX voluntarily asked for a license:

NOAA had recently told the company to get a license for the cameras on the rocket, SpaceX said after the launch. The reason? The cameras take video of the Earth from orbit, and NOAA regulates imagery of Earth taken from space, thanks to a 26-year-old law. However, this was the first time SpaceX needed to get a license for its cameras. SpaceX filed a license application just four days before the launch, but NOAA couldn't approve the use of the cameras in time. (Reviews can take up to 120 days, NOAA says.) And so there was a blackout when the Falcon 9 reached orbit.

[Updated (2018-04-06 22:18 UTC): According to a report at c|net, the breach also affected: Sears, Kmart, and now Best Buy, too. --martyb]

takyon writes:

Delta Says Data Exposed for 'Several Hundred Thousand' Customers

Delta Air Lines Inc. said a cyber attack on a contractor potentially exposed the payment information of "several hundred thousand customers."

A data breach from Sept. 26 to Oct. 12 at a company called [24]7.ai allowed unauthorized access to customers' names, address, payment-card information, CVV numbers and expiration dates, Delta said in a statement Thursday. The vendor, which provides online chat services to Delta, notified the carrier and other clients last week.

[...] Delta said it wasn't yet able to say how many customers actually had their data stolen. The information was at risk if a customer entered data manually online to complete a payment transaction, Delta said. Data from customers who used a program called Delta Wallet weren't compromised.

Delta statement and response website.

Also at The Verge.

Original Submission