Spam

Spam Is Back (theoutline.com) 140

Jon Christian, writing for The Outline: For a while, spam -- unsolicited bulk messages sent for commercial or fraudulent purposes -- seemed to be fading away. The 2003 CAN-SPAM Act mandated unsubscribe links in email marketing campaigns and criminalized attempts to hide the sender's identity, while sophisticated filters on what were then cutting-edge email providers like Gmail buried unwanted messages in out-of-sight spam folders. In 2004, Microsoft co-founder Bill Gates told a crowd at the World Economic Forum that "two years from now, spam will be solved." In 2011, cybersecurity reporter Brian Krebs noted that increasingly tech savvy law enforcement efforts were shutting down major spam operators -- including SpamIt.com, alleged to be a major hub in a Russian digital criminal organization that was responsible for an estimated fifth of the world's spam. These efforts meant that the proportion of all emails that are spam has slowly fallen to a low of about 50 percent in recent years, according to Symantec research.

But it's 2017, and spam has clawed itself back from the grave. It shows up on social media and dating sites as bots hoping to lure you into downloading malware or clicking an affiliate link. It creeps onto your phone as text messages and robocalls that ring you five times a day about luxury cruises and fictitious tax bills. Networks associated with the buzzy new cryptocurrency system Ethereum have been plagued with spam. Facebook recently fought a six-month battle against a spam operation that was administering fake accounts in Bangladesh, Indonesia, Saudi Arabia, and other countries. Last year, a Chicago resident sued the Trump campaign for allegedly sending unsolicited text message spam; this past November, ZDNet reported that voters were being inundated with political text messages they never signed up for. Apps can be horrid spam vectors, too. Repeated mass data breaches that include contact information, such as the Yahoo breach in which 3 billion user accounts were exposed, surely haven't helped. Meanwhile, you, me, and everyone we know is being plagued by robocalls.

Cloud

Cringely: Amazon Is Starting To Act Like 'Bad Microsoft' (cringely.com) 94

An anonymous reader quotes Cringely.com: My last column was about the recent tipping point signifying that cloud computing is guaranteed to replace personal computing over the next three years. This column is about the slugfest to determine what company's public cloud is most likely to prevail. I reckon it is Amazon's and I'll go further to claim that Amazon will shortly be the new Microsoft. What I mean by The New Microsoft is that Amazon is starting to act a lot like the old Microsoft of the 1990s. You remember -- the Bad Microsoft...

Tech companies behave this way because most employees are young and haven't worked anywhere else and because the behavior reflects the character of the founder. If the boss tells you to beat up customers and partners and it's your first job out of college, then you beat up customers and partners because that's the only world you know. At Microsoft this approach was driven by Bill Gates's belief that dominance could be lost in a single product cycle leaving no room for playing nice. At Amazon, Jeff Bezos is a believer in moving fast, making quick decisions and never looking back. The market has long rewarded this audacity so Amazon will continue to play hard until -- like Microsoft in the 90s -- they are punished for it.

Cringely points out most startups are already usings AWS -- and so are all 17 US intelligence agencies ("taking 350,000 PCs out of places like the CIA.")

Bonus link: 17 years ago Cringely answered questions from Slashdot readers.
Security

'Lazy' Hackers Exploit Microsoft RDP To Install Ransomware (sophos.com) 71

An anonymous reader writes: An investigation by Sophos has uncovered a new, lazy but effective ransomware attack where hackers brute force passwords on computers with [Microsoft's] Remote Desktop Protocol enabled, use off-the-shelf privilege escalation exploits to make themselves admins, turn off security software and then manually run fusty old versions of ransomware.
They even delete the recovery files created by Windows Live backup -- and make sure they can also scramble the database. "Because they've used their sysadmin powers to rig the system to be as insecure as they can, they can often use older versions of ransomware, perhaps even variants that other crooks have given up on and that are now floating around the internet 'for free'."

Most of the attacks hit small-to-medium companies with 30 or fewer employees, since "with small scale comes a dependence on external IT suppliers or 'jack-of-all-trades' IT generalists trying to manage cybersecurity along with many other responsibilities. In one case a victim was attacked repeatedly, because of a weak password used by a third-party application that demanded 24-hour administrator access for its support staff."
Education

Microsoft Debuts Minecraft-Themed Coding Tutorial 23

theodp writes: In a few weeks, writes Microsoft Corporate VP Mary Snapp, "millions of kids and others will participate in an Hour of Code, a global call to action to spend an hour learning the basics of coding. Today, it's my privilege to announce that Microsoft has released a new Minecraft tutorial for Hour of Code, called Hero's Journey." The release of the new Code.org-touted flagship Hour of Code tutorial -- the third since Microsoft purchased Minecraft Maker Mojang for $2.5B in 2014 -- comes as Microsoft celebrates Minecraft: Education Edition reaching a milestone of 2 million users.

Microsoft boasts that nearly 70 million of its Minecraft Hour of Code sessions have been launched to-date, which is certainly impressive from an infomercial or brand awareness standpoint. But does [adding a Scratch block to] move a Minecraft character forward 7 times on an $800 Microsoft Surface offer all that much more educational value than, say, moving a peg forward 5 times on a $10.99 Pop-O-Matic Trouble board game?
Microsoft

Microsoft and GitHub Team Up To Take Git Virtual File System To MacOS, Linux (arstechnica.com) 138

An anonymous reader writes: One of the more surprising stories of the past year was Microsoft's announcement that it was going to use the Git version control system for Windows development. Microsoft had to modify Git to handle the demands of Windows development but said that it wanted to get these modifications accepted upstream and integrated into the standard Git client. That plan appears to be going well. Yesterday, the company announced that GitHub was adopting its modifications and that the two would be working together to bring suitable clients to macOS and Linux. Microsoft says that, so far, about half of its modifications have been accepted upstream, with upstream Git developers broadly approving of the approach the company has taken to improve the software's scaling. Redmond also says that it has been willing to make changes to its approach to satisfy the demands of upstream Git. The biggest complexity is that Git has a very conservative approach to compatibility, requiring that repositories remain compatible across versions.

Microsoft and GitHub are also working to bring similar capabilities to other platforms, with macOS coming first, and later Linux. The obvious way to do this on both systems is to use FUSE, an infrastructure for building file systems that run in user mode rather than kernel mode (desirable because user-mode development is easier and safer than kernel mode). However, the companies have discovered that FUSE isn't fast enough for this -- a lesson Dropbox also learned when developing a similar capability, Project Infinite. Currently, the companies believe that tapping into a macOS extensibility mechanism called Kauth (or KAuth) will be the best way forward.

Security

Windows 8 and Later Fail To Properly Apply ASLR (bleepingcomputer.com) 62

An anonymous reader writes: Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to properly apply ASLR, rendering this crucial Windows security feature useless. The bug appeared when Microsoft changed a registry value in Windows 8 and occurs only in certain ASLR configuration modes. Basically, if users have enabled system-wide ASLR protection turned on, a bug in ASLR's implementation on Windows 8 and later will not generate enough entropy (random data) to start application binaries in random memory locations. For ASLR to work properly, users must configure it to work in a system-wide bottom-up mode. An official patch from Microsoft is not available yet, but a registry hack can be applied to make sure ASLR starts in the correct mode.

The bug was discovered by CERT vulnerability analyst Will Dormann while investigating a 17-years-old bug in the Microsoft Office equation editor, to which Microsoft appears to have lost the source code and needed to patch it manually.

Businesses

The Brutal Fight To Mine Your Data and Sell It To Your Boss (bloomberg.com) 75

An anonymous reader shares a report from Bloomberg, explaining how Silicon Valley makes billions of dollars peddling personal information, supported by an ecosystem of bit players. Editor Drake Bennett highlights the battle between an upstart called HiQ and LinkedIn, who are fighting for your lucrative professional identity. Here's an excerpt from the report: A small number of the world's most valuable companies collect, control, parse, and sell billions of dollars' worth of personal information voluntarily surrendered by their users. Google, Facebook, Amazon, and Microsoft -- which bought LinkedIn for $26.2 billion in 2016 -- have in turn spawned dependent economies consisting of advertising and marketing companies, designers, consultants, and app developers. Some operate on the tech giants' platforms; some customize special digital tools; some help people attract more friends and likes and followers. Some, including HiQ, feed off the torrents of information that social networks produce, using software bots to scrape data from profiles. The services of the smaller companies can augment the offerings of the bigger ones, but the power dynamic is deeply asymmetrical, reminiscent of pilot fish picking food from between the teeth of sharks. The terms of that relationship are set by technology, economics, and the vagaries of consumer choice, but also by the law. LinkedIn's May 23 letter to HiQ wasn't the first time the company had taken legal action to prevent the perceived hijacking of its data, and Facebook and Craigslist, among others, have brought similar actions. But even more than its predecessors, this case, because of who's involved and how it's unfolded, has spoken to the thorniest issues surrounding speech and competition on the internet.
The Internet

All Major Browsers Now Support WebAssembly (bleepingcomputer.com) 240

An anonymous reader writes: "It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it," reports Bleeping Computer. Project spearheads Firefox and Chrome were the first major browsers to graduate WebAssembly from preview versions to their respective stable branches over the summer. The second wave followed in the following weeks when Chromium-based browsers like Opera and Vivaldi also rolled out the feature as soon as it was added to the Chromium stable version. The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0 and Microsoft in Microsoft Edge (EdgeHTML 16), which is the version that shipped with the Windows 10 Fall Creators Update. Both were released last month. WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.
Businesses

Munich Council: To Hell With Linux, We're Going Full Windows in 2020 (theregister.co.uk) 544

The German city of Munich, which received much popularity back in the day when it first ditched Microsoft's services in favor of open-source software, has now agreed to stop using Linux and switch back to Windows. If the decision is ratified by the full council in two weeks, Windows 10 will start rolling out across the city in 2020. From a report: A coalition of Social Democrats and Conservatives on the committee voted for the Windows migration last week, Social Democrat councillor Anne Hubner told The Register. Munich rose to fame in the open-source world for deciding to use Linux and LibreOffice to make the city independent from the claws of Microsoft. But the plan was never fully realised -- mail servers, for instance, eventually wound up migrating to Microsoft Exchange -- and in February the city council formally voted to end Linux migration and go back to Microsoft. Hubner said the city has struggled with LiMux adoption. "Users were unhappy and software essential for the public sector is mostly only available for Windows," she said. She estimated about half of the 800 or so total programs needed don't run on Linux and "many others need a lot of effort and workarounds." Hubner added, "in the past 15 years, much of our efforts were put into becoming independent from Microsoft," including spending "a lot of money looking for workarounds" but "those efforts eventually failed." A full council vote on Windows 10 2020 migration is set for November 23, Hubner said. However, the Social Democrats and Conservatives have a majority in the council, and the outcome is expected to be the same as in committee.
Facebook

This Time, Facebook Is Sharing Its Employees' Data (fastcompany.com) 45

tedlistens writes from a report via Fast Company: "Facebook routinely shares the sensitive income and employment data of its U.S.-based employees with the Work Number database, owned by Equifax Workforce Solutions," reports Fast Company. "Every week, Facebook provides an electronic data feed of its employees' hourly work and wage information to Equifax Workforce Solutions, formerly known as TALX, a St. Louis-based unit of Equifax, Inc. The Work Number database is managed separately from the Equifax credit bureau database that suffered a breach exposing the data of more than 143 million Americans, but it contains another cache of extensive personal information about Facebook's employees, including their date of birth, social security number, job title, salary, pay raises or decreases, tenure, number of hours worked per week, wages by pay period, healthcare insurance coverage, dental care insurance coverage, and unemployment claim records."

Surprisingly, Facebook is among friends. Every payroll period, Amazon, Microsoft, and Oracle provide an electronic feed of their employees' hourly work and wage information to Equifax. So do Wal-Mart, Twitter, AT&T, Harvard Law School, and the Commonwealth of Pennsylvania. Even Edward Snowden's former employer, the sometimes secretive N.S.A. contractor Booz Allen Hamilton, sends salary and other personal data about its employees to the Equifax Work Number database. It now contains over 296 million employment records for employees at all wage levels, from CEOs to interns. The database helps streamline various processes for employers and even federal government agencies, says Equifax. But databases like the Work Number also come with considerable risks. As consumer journalist Bob Sullivan puts it, Equifax, "with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans' personal information ever created." On October 8, a month after Equifax announced its giant data breach, security expert Brian Krebs uncovered a gaping hole in the separate Work Number online consumer application portal, which allowed anyone to view a person's salary and employment history "using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax."

Businesses

Here Comes the World's Biggest Shopping Spree -- Again (bloomberg.com) 38

A reader shares a report: On Nov. 11, China celebrates Singles Day, a holiday dedicated to the nation's unattached. It's also the world's largest shopping festival -- and a bonanza for internet giant Alibaba Group. Up to 500 million consumers will visit sites run by the company searching for discounts on items including Bordeaux wine, UGG boots, SUVs, and high-end Japanese toilets. Citigroup estimates that Alibaba's sales during this year's event could reach 158 billion yuan ($23.8 billion). For Alibaba, Singles Day will also be a demonstration of how far its cloud business has come in eight years. At the peak of activity, Alibaba's servers may be tasked with processing 175,000 transactions a second from its own sites. "It's the day when the largest amount of computing power is needed in China," says He Yunfei, a senior product manager for Alibaba Cloud. [...] Alibaba dominates the Chinese cloud -- in part because local regulators won't issue data center operating licenses to foreign companies, curtailing the China ambitions of Amazon.com and Microsoft, the No. 1 and No. 2 cloud providers globally.
Microsoft

Microsoft To Integrate 3rd-party Security Info Into Its Windows Defender Advanced Threat Protection Service (zdnet.com) 26

Microsoft is partnering with other security vendors to integrate their macOS, Linux, iOS, and Android security wares with its Windows Defender Advanced Threat Protection (ATP) service From a report: Microsoft has announced the first three such partners: Bitdefender, Lookoutm and Ziften. These companies will feed any threats detected into the single Windows Defender ATP console. With Defender ATP, every device has its own timeline with event history dating back up to six months. According to Microsoft, no additional infrastructure is needed to onboard events from macOS, Linux, iOS and/or Android devices. Integration with Bitdefender's GravityZone Cloud -- which allows users to get macOS and Linux threat intelligence on malware and suspicious files -- is in public preview as of today. A trial version is available now. Integration with Lookout's Mobile Endpoint Security for iOS and Android and Ziften's Zenith systems and security operations platform for macOS and Linux will be in public preview "soon," Microsoft's blog post says.
Windows

Windows 10's Version of AirDrop Lets You Quickly Share Files Between PCs (theverge.com) 108

Microsoft is testing its "Near Share" feature of Windows 10 in the latest Insider build (17035) today, which will let Windows 10 PCs share documents or photos to PCs nearby via Bluetooth. The Verge reports: A new Near Share option will be available in the notification center, and the feature can be accessed through the main share function in Windows 10. Files will be shared wirelessly, and recipients will receive a notification when someone is trying to send a file. Microsoft's addition comes just a day after Google unveiled its own AirDrop-like app for Android.
Microsoft

Farmers In India Are Using AI To Increase Crop Yields (microsoft.com) 50

Reader joshtops shares an incredible story about how thousands of farmers in India are making use of AI and other technologies provided by Microsoft to ensure that they plow the field and sow the seeds at the right time. Prior to this, they were relying on their traditional instincts, which many of them say, had failed them in the recent years. From the story: The fields had been freshly plowed. The furrows ran straight and deep. Yet, thousands of farmers across Indian states of Andhra Pradesh (AP) and Karnataka waited to get a text message before they sowed the seeds. The SMS, which was delivered in Telugu and Kannada, their native languages, told them when to sow their groundnut crops. In a few dozen villages in Telengana, Maharashtra and Madhya Pradesh, farmers are receiving automated voice calls that tell them whether their cotton crops are at risk of a pest attack, based on weather conditions and crop stage. Meanwhile in Karnataka, the state government can get price forecasts for essential commodities such as tur (split red gram) three months in advance for planning for the Minimum Support Price (MSP). Welcome to digital agriculture, where technologies such as Artificial Intelligence (AI), Cloud Machine Learning, Satellite Imagery and advanced analytics are empowering small-holder farmers to increase their income through higher crop yield and greater price control. "Sowing date as such is very critical to ensure that farmers harvest a good crop. And if it fails, it results in loss as a lot of costs are incurred for seeds, as well as the fertilizer applications," says Dr. Suhas P. Wani, Director, Asia Region, of the International Crop Research Institute for the Semi-Arid Tropics (ICRISAT), a non-profit, non-political organization that conducts agricultural research for development in Asia and sub-Saharan Africa with a wide array of partners throughout the world. Microsoft in collaboration with ICRISAT, developed an AI Sowing App powered by Microsoft Cortana Intelligence Suite including Machine Learning and Power BI. The app sends sowing advisories to participating farmers on the optimal date to sow. The best part -- the farmers don't need to install any sensors in their fields or incur any capital expenditure. All they need is a feature phone capable of receiving text messages.
Microsoft

Microsoft Releases Standards For Highly Secure Windows 10 Devices (bleepingcomputer.com) 173

An anonymous reader writes from a report via BleepingComputer: Yesterday, Microsoft released new standards that consumers should follow in order to have a highly secure Windows 10 device. These standards include the type of hardware that should be included with Windows 10 systems and the minimum firmware features. The hardware standards are broken up into 6 categories, which are minimum specs for processor generation, processor architecture, virtualization, trusted platform modules (TPM), platform boot verification, and RAM. Similarly, firmware features should support at least UEFI 2.4 or later, Secure Boot, Secure MOR 2 or later, and support the Windows UEFI Firmware Capsule Update specification.
Intel

Arch-rivals Intel and AMD Team Up on PC Chips To Battle Nvidia (pcworld.com) 169

Intel and AMD, arch-rivals for decades, are teaming up to thwart a common competitor, Nvidia. On Monday, the two companies said they are co-designing an Intel Core microprocessor with a custom AMD Radeon graphics core inside the processor package. The chip is intended for laptops that are thin and lightweight but powerful enough to run high-end videogames, the companies said. From a report: Executives from both AMD and Intel told PCWorld that the combined AMD-Intel chip will be an "evolution" of Intel's 8th-generation, H-series Core chips, with the ability to power-manage the entire module to preserve battery life. It's scheduled to ship as early as the first quarter of 2018. Though both companies helped engineer the new chip, this is Intel's project -- Intel first approached AMD, both companies confirmed. AMD, for its part, is treating the Radeon core as a single, semi-custom design, in the same vein as the chips it supplies to consoles like the Microsoft Xbox One X and Sony Playstation 4. Some specifics, though, remain undisclosed: Intel refers to it as a single product, though it seems possible that it could eventually be offered at a range of clock speeds. [...] Shaking hands on this partnership represents a rare moment of harmony in an often bitter rivalry that began when AMD reverse-engineered the Intel 8080 microchip in 1975.
United States

The Disappearing American Grad Student (nytimes.com) 268

There are two very different pictures of the students roaming the hallways and labs at New York University's Tandon School of Engineering. At the undergraduate level, 80 percent of the students are United States residents. But that number, The New York Times reports, falls below the 20 percent mark when you move to the graduate level (Editor's note: the link could be paywalled). From the report: The Tandon School -- a consolidation of N.Y.U.'s science, technology, engineering and math programs on its Brooklyn campus -- is an extreme example of how scarce Americans are in graduate programs in STEM. Overall, these programs have the highest percentage of international students of any broad academic field. In the fall of 2015, about 55 percent of all graduate students in mathematics, computer sciences and engineering were from abroad, according to a survey by the Council of Graduate Schools and the Graduate Record Examinations Board. In arts and humanities, the figure was about 16 percent; in business, a little more than 18 percent. The dearth of Americans is even more pronounced in hot STEM fields like computer science, which serve as talent pipelines for the likes of Google, Amazon, Facebook and Microsoft: About 64 percent of doctoral candidates and almost 68 percent in master's programs last year were international students, according to an annual survey of American and Canadian universities by the Computing Research Association. In comparison, only about 9 percent of undergraduates in computer science were international students (perhaps, deans posit, because families are nervous about sending offspring who are barely adults across the ocean to study).
Businesses

Jeff Bezos Just Sold $1.1 Billion in Amazon Stock (cnn.com) 69

An anonymous reader quotes CNN Money: Amazon CEO Jeff Bezos, the newly minted richest person in the world, just sold more than $1 billion worth of his stock. The sale was made public in a filing posted Friday. In total, Bezos let go of one million shares for $1,097,803,365. Exactly how Bezos plans to spend those Benjamins wasn't clear. But it isn't unprecedented for him to sell such a large chunk. In May, he sold more than a million shares. A similar sale was executed in August 2016.

Even after his most recent sell off, Bezos still personally owns about a 16% of Amazon, which he founded in 1994. Bezos's large ownership stake helped vault him past Microsoft co-founder Bill Gates as the richest person in the world, according to the Bloomberg Billionaire's Index... One possible destination for the cash Bezos just freed up is his commercial space company, Blue Origin. Earlier this year, Bezos told reporters at a space symposium that he sells about $1 billion per year worth of Amazon stock to fund the company, according to Reuters... Last month, Blue Origin Chief Executive Officer Bob Smith said he expects the first manned flight to take place by April 2019.

One Silicon Valley newspaper calls it the biggest stock sale ever.
Microsoft

Microsoft Quietly Announces End of Last Free Windows 10 Upgrade Offer (zdnet.com) 147

Ed Bott, writing for ZDNet: If you've been waiting to claim your free Windows 10 upgrade using the "assistive technologies" exception, you need to act soon. In a quiet change to an obscure web page, Microsoft announced this week that those exceptions will end on December 31, 2017. On July 29, 2016, Microsoft officially ended the Get Windows 10 program, which offered free Windows 10 upgrades to anyone currently running a supported earlier version of Windows. But the company left a giant loophole in a separate announcement at the same time. Under the terms of that announcement, individuals who use "assistive technologies" received an automatic extension of the free upgrade offer. Sometime in the past week, Microsoft quietly edited that page, to add "The accessibility upgrade offer expires on December 31, 2017."
Upgrades

Xbox One X is the Perfect Representation of the Tech Industry's Existential Crisis (mashable.com) 190

A reader shares commentary on the newly launched Xbox One X gaming console: Fundamentally, Xbox One X is the same machine that Microsoft released in 2013. It plays the same games, runs the same apps, depends on the same operating system. You can still plug your cable box into it and watch OneGuide magically sync with your local TV listings. Most of the things you can do look a little better and run a little faster/more efficiently, sure. The actual casing is smaller than the previous iterations, too. It's a gorgeous $500 machine. That's why I keep eyeballing it. My brain screams, "Why do you exist?" The Xbox One X does not answer. This is a familiar problem in 2017. Look around at all the tech in your life and do a quick, informal poll: How many of those items become outdated every year or every few years when a newer, shinier version of the same thing comes along? I'm talking about your iPhone and iPad. Your Amazon Echo and Kindle. Your Pixel and Daydream VR headset. Your Apple Watch. Your Roku, your Apple TV, your Chromecast. Incremental upgrades that push features like 4K! HDR! Wireless charging! Slimmer design! No headphone jack! (Wait, no, that last one is awful.) Breathless bullet point after breathless bullet point. Some of these additions have genuine utility and add value to the product. Many don't, or depend on you also possessing some other piece of incrementally upgraded tech (like the kinds of fancy-shmancy TVs that play the nicest with Xbox One X).

Slashdot Top Deals