Bitcoin

People Who Can't Remember Their Bitcoin Passwords Are Really Freaking Out Now (slate.com) 201

An anonymous reader quotes a report from Slate: Bitcoin has had quite a week. On Thursday, the cryptocurrency surged past $19,000 a coin before dropping down to $15,600 by Friday midday. The price of a single Bitcoin was below $1,000 in January. Any investors who bought Bitcoins back in 2013, when the price was less than $100, probably feel pretty smart right now. But not all early cryptocurrency enthusiasts are counting their coins. Instead they might be racking their brains trying to remember their passwords, without which those few Bitcoins they bought as an experiment a few years ago could be locked away forever. That's because Bitcoin's decentralization relies on cryptography, where each transaction is signed with an identifier assigned to the person paying and the person receiving Bitcoin.

"I've tried to ignore the news about Bitcoin completely," joked Alexander Halavais, a professor of social technology at Arizona State University, who said he bought $70 of Bitcoin about seven years as a demonstration for a graduate class he was teaching at the time but has since forgotten his password. "I really don't want to know what it's worth now," he told me. "This is possibly $400K and I'm freaking the fuck out. I'm a college student so this would change my life lmao," wrote one Reddit user last week. The user claimed to have bought 40 bitcoins in 2013 but can't remember the password now. "A few years ago, I bought about 20 euros worth of bitcoin, while it was at around 300eur/btc.," lamented another Reddit user earlier this week. "Haven't looked at it since, and recently someone mentioned the price had hit 10.000usd. So, I decided to take a look at my wallet, but found that it wasn't my usual password. I have tried every combination of the password variations I usually use, but none of them worked."

The Almighty Buck

Insurers Are Rewarding Tesla Owners For Using Autopilot (reuters.com) 138

Britain's largest auto insurance company Direct Line is testing out an idea to let Tesla owners receive a 5% discount for switching on the car's autopilot system, seeking to encourage use of a system it hopes will cut down on accidents. Reuters reports: The move - confirmed by company representatives in response to Reuters' questions - is Tesla's only tie-up in the UK and comes at a time when the company is trying to convince insurers that its internet-connected vehicles are statistically safer. Direct Line said it was too early to say whether the use of the autopilot system produced a safety record that justified lower premiums. It said it was charging less to encourage use of the system and aid research.

"Crash rates across all Tesla models have fallen by 40 percent since the introduction of the autopilot system ... However, when owners seek to insure their Tesla vehicles, this is not reflected in the pricing of premiums," Daniel Pearce, Financial Analyst at GlobalData, said. Direct Line, which is enjoying soaring motor insurance prices in Britain, said it sets premiums for Tesla drivers based on the risk they present, including who is driving, their age, driving experience and claim history.

Security

Zero-Day iOS HomeKit Vulnerability Allowed Remote Access To Smart Accessories Including Locks (9to5mac.com) 39

Apple has issued a fix to a vulnerability that allowed unauthorized control of accessories, including smart locks and garage door openers. "Our understanding is Apple has rolled out a server-side fix that now prevents unauthorized access from occurring while limiting some functionality, and an update to iOS 11.2 coming next week will restore that full functionality," reports 9to5Mac. From the report: The vulnerability, which we won't describe in detail and was difficult to reproduce, allowed unauthorized control of HomeKit-connected accessories including smart lights, thermostats, and plugs. The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers, the former of which was demonstrated to 9to5Mac. The issue was not with smart home products individually but instead with the HomeKit framework itself that connects products from various companies. The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple's mobile operating system, connected to the HomeKit user's iCloud account; earlier versions of iOS were not affected.
Security

'Process Doppelganging' Attack Bypasses Most Security Products, Works On All Windows Versions (bleepingcomputer.com) 125

An anonymous reader quotes a report from Bleeping Computer: Yesterday, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelganging." This new attack works on all Windows versions and researchers say it bypasses most of today's major security products. Process Doppelganging is somewhat similar to another technique called "Process Hollowing," but with a twist, as it utilizes the Windows mechanism of NTFS Transactions.

"The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine," Tal Liberman & Eugene Kogan, the two enSilo researchers who discovered the attack told Bleeping Computer. "Very similar to process hollowing but with a novel twist. The challenge is doing it without using suspicious process and memory operations such as SuspendProcess, NtUnmapViewOfSection. In order to achieve this goal we leverage NTFS transactions. We overwrite a legitimate file in the context of a transaction. We then create a section from the modified file (in the context of the transaction) and create a process out of it. It appears that scanning the file while it's in transaction is not possible by the vendors we checked so far (some even hang) and since we rollback the transaction, our activity leaves no trace behind." The good news is that "there are a lot of technical challenges" in making Process Doppelganging work, and attackers need to know "a lot of undocumented details on process creation." The bad news is that the attack "cannot be patched since it exploits fundamental features and the core design of the process loading mechanism in Windows."
More research on the attack will be published on the Black Hat website in the following days.
Android

Google Puts Android Accessibility Crackdown On Hold (slashgear.com) 28

Last month, Google issued a warning to Android app developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically used to help users with "disabilities." Since a lot of password managers use the Accessibility API, as well as poplar apps like Tasker automation and Greenify battery saver, there was a large amount of backlash from developers and users alike. According to SlashGear, Google is putting the Android accessibility crackdown on hold. From the report: Google has now sent another email that basically says "we'll think about it." It is evaluating "responsible and innovative use" of those services on a case to case basis. It is also requiring developers to explicitly inform users why they are asking for accessibility permissions rather than just informing them. This, of course, puts a heavier burden on Google, as it has to be more involved in the screening of apps rather than just rely on good ol' machine learning and automation. Developers and users probably won't mind, if it means still having access to those features that make Android a platform above all the rest.
AI

Elon Musk Says Tesla Is Building Dedicated Chips For Autopilot (theregister.co.uk) 32

Elon Musk says Tesla is developing its own chip to run the Autopilot system in future vehicles from the firm. The news was revealed at a Tesla party that took place at the intelligence conference NIPS. Attendees at the party told The Register that Musk said, "I wanted to make it clear that Tesla is serious about AI, both on the software and hardware fronts. We are developing custom AI hardware chips." From the report: Musk offered no details of his company's plans, but did tell the party that "Jim is developing specialized AI hardware that we think will be the best in the world." "Jim" is Jim Keller, a well-known chip engineer who was lead architect on a range of silicon at AMD and Apple and joined Tesla in 2016. Keller later joined Musk on a panel discussing AI at the Tesla Party alongside Andrej Karpathy, Tesla's Director of AI and chaired by Shivon Zilis, a partner and founding member at Bloomberg Beta, a VC firm. Musk is well known for his optimism about driverless cars and pessimism about whether AI can operate safely. At the party he voiced a belief that "about half of new cars built ten years from now will be autonomous." He added his opinion that artificial general intelligence (AGI) will arrive in about seven or eight years.
Music

Apple Is Reportedly Buying Shazam For Nearly Half a Billion Dollars (phonedog.com) 59

Apple is close to acquiring Shazam, one of the most recognized services for music recognition. While the exact amount is unknown, the service may be purchased by Apple for around $400 million. PhoneDog reports: Apple is close to acquiring Shazam, say sources speaking to TechCrunch. The deal will reportedly be signed this week and could be announced as early as next Monday. A report from Recode echoes the news of Apple acquiring Shazam, adding that Shazam will likely be valued at around $400 million. Apple -- and other companies -- already offer a music recognition service, but Apple must see something in Shazam's services that it thinks can help improve its own music recognition if it's going to drop nearly half a billion dollars on this deal. Shazam is able to identify TV shows, films, and advertisements in addition to music, so perhaps Apple sees some benefit to these abilities, too.
Chrome

Chrome 63 Offers Even More Protection From Malicious Sites, Using Even More Memory (arstechnica.com) 63

An anonymous reader quotes a report from Ars Technica: To further increase its enterprise appeal, Chrome 63 -- which hit the browser's stable release channel yesterday -- includes a couple of new security enhancements aimed particularly at the corporate market. The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another. [...]

Naturally, this greater use of multiple processes incurs a price; with this option enabled, Chrome's already high memory usage can go up by another 15 to 20 percent. As such, it's not enabled by default; instead, it's intended for use by enterprise users that are particularly concerned about organizational security. The other new capability is the ability for administrators to block extensions depending on the features those extensions need to use. For example, an admin can block any extension that tries to use file system access, that reads or writes the clipboard, or that accesses the webcam or microphone. Additionally, Google has started to deploy TLS 1.3, the latest version of Transport Layer Security, the protocol that enables secure communication between a browser and a Web server. In Chrome 63, this is only enabled between Chrome and Gmail; in 2018, it'll be turned on more widely.

Social Networks

Twitter Says It Accidentally Banned A Bunch Of Accounts (buzzfeed.com) 25

An anonymous reader shares a report: Over the past 24 hours, some Twitter users had their profiles replaced with a notice saying their accounts were now being "withheld in: Worldwide." The "country withheld" program run by Twitter typically prevents users based in a specific country from from seeing tweets sent by a withheld account. This was the first time people could recall the company withholding accounts globally, which was in effect a total ban for the user. At the time of writing, BuzzFeed News had identified 21 accounts that were being withheld worldwide, and users on Twitter were beginning to wonder if this was a new method being used by the company to suspend accounts. But a Twitter spokesperson tells BuzzFeed News that the worldwide withholdings were in fact the result of a bug. "We have identified a bug that incorrectly impacted certain accounts. We have identified a fix, are working to resolve the issue, and anticipate it will be fully resolved shortly," the spokesperson told BuzzFeed News.
The Internet

Zimbabwe's Internet Went Down for About Five Hours. The Culprit Was Reportedly a Tractor. (slate.com) 63

Zimbabweans lost internet access en masse on Tuesday when a tractor reportedly cut through key fiber-optic cables in South Africa and another internet provider experienced simultaneous issues with its primary internet conduits. From a report: The outage began shortly before noon local time and persisted for more than five hours, affecting not only citizens' day-to-day internet usage but businesses that rely upon web access. And while five internet-free hours might sound unfathomable to those of us accustomed to having the web constantly at our fingertips, large-scale internet outages -- from inadvertent lapses caused by ship anchors to government-calculated blackouts designed to showcase political power -- do happen, and maybe more frequently than you'd thought. According to local news sources, a tractor in South Africa damaged cables belonging to Liquid Telecom, which has an 81.5 percent market share of Zimbabwe's international-equipped internet bandwidth as of the second quarter of 2017 and leases capacity to other internet providers. In a bad coincidence, city council employees in Kuwadzana, a suburb of Zimbabwe's capitol city of Harare, cut an additional TelOne cable around the same time. (According to NewsDay Zimbabwe, it was an accident. The company blamed "faults that occurred on our main links through South Africa and Botswana" in a statement.)
Businesses

'Face Reality! We Need Net Neutrality!' Crowd Chants Across the Country (arstechnica.com) 292

ArsTechnica staff took to the streets in Washington DC, New York, and San Francisco to capture rallies in support for net neutrality, a week before the FCC is scheduled to take a historic vote rolling back network neutrality regulations. From their report: Protestors say those regulations, which were enacted by the Obama FCC in 2015, are crucial for protecting an open Internet. Organizers chose to hold most of the protests outside of Verizon cell phone stores. Ajit Pai, the FCC Chairman who is leading the agency's charge to repeal network neutrality, is a former Verizon lawyer, and Verizon has been a critic of the Obama network neutrality rules. The protest that got the most attention from FCC decision makers took place on Thursday evening in Washington DC. The FCC was holding a dinner event at the Hilton on Connecticut Avenue, just north of the city's Dupont Circle area. Protestors gathered on the street corner outside the hotel, waving pro-net neutrality posters to traffic, blaring chants, projecting pro-net neutrality messages on a building across the street, and telling personal stories about what net neutrality meant to them via a megaphone. The FCC's two Democratic commissioners also joined the demonstration, Mignon Clyburn and Jessica Rosenworcel. They both gave brief speeches to the protestors, rallying for the cause and discussing the importance of a neutral Internet.
Bitcoin

About 40 Percent of Bitcoin Is Held By 1,000 Users. If a Few of Them Want To Sell, That Could Tank Values (bloomberg.com) 241

On Nov. 12, someone moved almost 25,000 bitcoins, worth about $159 million at the time, to an online exchange. The news soon rippled through online forums, with bitcoin traders arguing about whether it meant the owner was about to sell the digital currency. From a report on Bloomberg: Holders of large amounts of bitcoin are often known as whales. And they're becoming a worry for investors. They can send prices plummeting by selling even a portion of their holdings. And those sales are more probable now that the cryptocurrency is up nearly twelvefold from the beginning of the year. About 40 percent of bitcoin is held by perhaps 1,000 users; at current prices, each may want to sell about half of his or her holdings, says Aaron Brown, former managing director and head of financial markets research at AQR Capital Management. What's more, the whales can coordinate their moves or preview them to a select few. Many of the large owners have known one another for years and stuck by bitcoin through the early days when it was derided, and they can potentially band together to tank or prop up the market.
Space

Almost All Bronze Age Artifacts Were Made From Meteorite Iron (sciencealert.com) 132

dryriver shares a report from Science Alert: According to a new study, it's possible that all iron-based weapons and tools of the Bronze Age were forged using metal salvaged from meteorites. The finding has given experts a better insight into how these tools were created before humans worked out how to produce iron from its ore. While previous studies had found specific Bronze Age objects to be made from meteoric metal -- like one of the daggers buried with King Tutankhamun -- this latest research answers the question of just how widespread the practice was. Albert Jambon, from the National Centre for Scientific Research (CNRS) in France, studied museum artifacts from Egypt, Turkey, Syria, and China, analyzing them using an X-Ray Fluorescence Spectrometer to discover they all shared the same off-world origins. "The present results complementing high quality analyses from the literature suggest that most or all irons from the Bronze Age are derived from meteoritic iron," writes Jambon in his published paper. "The next step will be to determine where and when terrestrial iron smelting appeared for the first time."
The Military

The US Is Testing a Microwave Weapon To Stop North Korea's Missiles (vox.com) 213

An anonymous reader quotes a report from Vox: According to an NBC News report, the weapon -- which is still under development -- could be put on a cruise missile and shot at an enemy country from a B-52 bomber. It's designed to use microwaves to target enemy military facilities and destroy electronic systems, like computers, that control their missiles. The weapon itself wouldn't damage the buildings or cause casualties. Air Force developers have been working with Boeing on the system since 2009. They're hoping to receive up to $200 million for more prototyping and testing in the latest defense bill. There's just one problem. It's not clear that the weapon is entirely ready for use -- and it's not clear that it would be any more effective than the powerful weapons the U.S. already possesses. The weapon, which has the gloriously military-style name of Counter-electronics High Power Microwave Advanced Missile Project, or CHAMP, isn't quite ready for action, but it could be soon. Two unnamed Air Force officials told NBC that the weapon could be ready for use in just a few days.
Businesses

ISP Disclosures About Data Caps and Fees Eliminated By Net Neutrality Repeal (arstechnica.com) 281

In 2015, the Federal Communications Commission forced ISPs to be more transparent with customers about hidden fees and the consequences of exceeding data caps. Since the requirements were part of the net neutrality rules, they will be eliminated when the FCC votes to repeal the rules next week. Ars Technica reports: While FCC Chairman Ajit Pai is proposing to keep some of the commission's existing disclosure rules and to impose some new disclosure requirements, ISPs won't have to tell consumers exactly what everything will cost when they sign up for service. There have been two major versions of the FCC's transparency requirements: one created in 2010 with the first net neutrality rules, and an expanded version created in 2015. Both sets of transparency rules survived court challenges from the broadband industry. The 2010 requirement had ISPs disclose pricing, including "monthly prices, usage-based fees, and fees for early termination or additional network services." That somewhat vague requirement will survive Pai's net neutrality repeal. But Pai is proposing to eliminate the enhanced disclosure requirements that have been in place since 2015. Here are the disclosures that ISPs currently have to make -- but won't have to after the repeal:

-Price: the full monthly service charge. Any promotional rates should be clearly noted as such, specify the duration of the promotional period and the full monthly service charge the consumer will incur after the expiration of the promotional period.
-Other Fees: all additional one time and/or recurring fees and/or surcharges the consumer may incur either to initiate, maintain, or discontinue service, including the name, definition, and cost of each additional fee. These may include modem rental fees, installation fees, service charges, and early termination fees, among others.
-Data Caps and Allowances: any data caps or allowances that are a part of the plan the consumer is purchasing, as well as the consequences of exceeding the cap or allowance (e.g., additional charges, loss of service for the remainder of the billing cycle).

Pai's proposed net neutrality repeal says those requirements and others adopted in 2015 are too onerous for ISPs.

Android

Android 8.0 Oreo For Android Wear Released (9to5google.com) 9

According to a Google developer, Android 8.0 Oreo is rolling out to Android Wear devices starting today. The developer said "timing is determined by each watch's manufacturer." 9to5Google notes that there are "no major redesigns with Oreo for the wearable platform," but there are some useful tweaks. From the report: There is a new option to disable touch-to-wake called "Touch lock" in Settings that Google positions as being useful in wet conditions. Google has added the ability to control the strength of vibrations for incoming notifications. Referred to as the "Vibration pattern," options include Normal, Long, and Double. Meanwhile, there is now a toggle to manually enable the "Battery saver," instead of having to wait until the device hits a low charge. This mode disables Vibration, Location services, Wi-Fi & mobile usage, Data & app updates, and the Always-on display. Meanwhile, the update includes notification channels for apps that should provide more granular user control. Google also shared that Wear is now available in seven new countries and languages: Belgium (Dutch), Czech Republic (Czech), El Salvador (Spanish), Honduras (Spanish), Nigeria (English), Paraguay (Spanish), and Portugal (Portuguese).
Software

Apple Has Ruined Its Podcasts App (slate.com) 134

Mike Pesca, host of Slate's daily podcast The Gist, writes about the recent interface changes to Apple's Podcasts app (condensed): Up until two months ago, the Apple Podcasts app was the only podcasting app I used. It gave me a nice, workable list of the shows I liked; let me know when those shows were updated; played the shows easily and without glitches; and offered the option of listening in double speed. I knew where everything was, and I thought of its shortcomings not as features the app was lacking but more like things one simply could not do with a podcast. If the Apple Podcast app wasn't great for sharing podcasts via email or text -- and it was not -- I told myself, "That just must be something that's hard for a podcast app to execute." I figured the best a podcasting app could do was to facilitate sharing the feed of a show, rather than the specific episode I was listening to. I never dared dream I could send a specific time within that episode. What sorcery is that? But sometime in the past few months, the Apple app began to fail me. Of my four basic requirements, three suffered. The list of the shows I listened to was now incomplete. There was no longer a number denoting how many episodes of each show I had on the app. The list of unplayed episodes had melded into the list of played episodes. I was offered the opportunity to browse my "Library," but access to any "card catalog" or "Dewey Decimal System" proved elusive. Apple kept pushing me toward my "recently updated" shows, but these weren't the offerings most useful to me every time I checked back in.
Businesses

Tesla Could Be Hogging Batteries and Causing a Global Shortage, Says Report (gizmodo.com) 157

According to a report from the Korea news outlet ETNews, Tesla's solution to fixing a manufacturing bottleneck responsible for a $619 million loss last quarter could be causing a global battery shortage. Panasonic reportedly gave most of its cache of batteries in Japan to Tesla so that the automaker and Gigafactory 1 energy-storage company could keep up with its ambitious production schedule. Gizmodo reports: In early October, Tesla struggled with a "production bottleneck," but by the end of the month, Panasonic stated it would increase battery output at the Gigafactory, now that it understood the issues that led to the bottleneck and could automate some of the processes that had been done by hand. But this likely did not help Tesla fix any immediate shortage issues. ETNews claims that Panasonic is coping with the shortage by shipping batteries in from Japan. And many Japanese companies in need of cylinder batteries have turned to other suppliers like LG, Murata, and Samsung -- but those companies have not been able to meet the demands. Reportedly, companies that had contracts before 2017 aren't affected by the shortage, but several other manufacturers have not been able to place orders for batteries, and won't be able to order more batteries until the middle of next year.
Google

Inside Oracle's Cloak-and-dagger Political War With Google (recode.net) 83

schwit1 shares a Recode report: The story that appeared in Quartz this November seemed shocking enough on its own: Google had quietly tracked the location of its Android users, even those who had turned off such monitoring on their smartphones. But missing from the news site's report was another eyebrow-raising detail: Some of its evidence, while accurate, appears to have been furnished by one of Google's fiercest foes: Oracle. For the past year, the software and cloud computing giant has mounted a cloak-and-dagger, take-no-prisoners lobbying campaign against Google, perhaps hoping to cause the company intense political and financial pain at a time when the two tech giants are also warring in federal court over allegations of stolen computer code. Since 2010, Oracle has accused Google of copying Java and using key portions of it in the making of Android. Google, for its part, has fought those claims vigorously. More recently, though, their standoff has intensified. And as a sign of the worsening rift between them, this summer Oracle tried to sell reporters on a story about the privacy pitfalls of Android, two sources confirmed to Recode.
Google

Google's Mobile Search Results Now Include Videos Of Celebrities Answering Your Questions (techcrunch.com) 63

Google is testing a new feature that will allow celebrities and other notable figures to answer users' search queries directly in the form of "selfie" videos posted in the Google Search results. From a report: The company says this program is initially being piloted on mobile with a handful of people for now, including Priyanka Chopra, Will Ferrell, Tracee Ellis Ross, Gina Rodriguez, Kenan Thompson, Allison Williams, Nick Jonas, Mark Wahlberg, James Franco, Seth MacFarlane, Jonathan Yeo and Dominique Ansel. Of course, the celebs aren't answering users' queries in real-time. Instead, Google has had them pre-record their videos in response to what it already knows are some of fans' most-asked questions typed into the Google search box.

Slashdot Top Deals