Google

Google AMP Flaw Exploited By Russian Hackers Targeting Journalists (salon.com) 10

An anonymous reader writes: Russian hacktivist group Fancy Bear (also referred to as APT28, Sofacy, and Strontium) has been using a flaw in Google's caching of Accelerated Mobile Pages (AMP) to phish targets, Salon reports. To make matters worse, Google has been aware of the bug for almost a year but has refused to fix it... The vulnerability involves how Google delivers google.com URLs for AMP pages to its search users in an effort to speed up mobile browsing. This makes Google products more vulnerable to phishing attacks.
Conservative blogger Matthew Sheffield writes in the article that most of the known targets "appear to have been journalists who were investigating allegations of corruption or other wrongdoing by people affiliated with the Russian government." One such target was Aric Toler, a researcher and writer for the website Bellingcat who specializes in analyzing Russian media and the country's relationship with far-right groups within Europe and America... another journalist who writes frequently about Russia, David Satter, was taken in by a similar AMP phishing message... Shortly after Satter was tricked into visiting the fake website and entering his password, a program that was hosting the site logged into his Gmail account and downloaded its entire contents. Within three weeks, as the Canadian website Citizen Lab reported, the perpetrators of the hack began posting Satter's documents online, and even altering them to make opponents and critics of Russian President Vladimir Putin look bad.
Google told Salon they've "made a number of changes" to AMP -- without saying what they were. (After contacting Google for a comment, AMP's creator and tech lead blocked public comments on a Github bug report about Google's AMP implementation.) "More things ... will come on Google's side in the future and we are working with browser vendors to eventually get the origin right," AMP's tech lead wrote last February.

Jason Kint, CEO of a major web publishing trade association, told Salon that "This report of an ongoing security issue is troubling and exactly why consolidation of power and closed standards are problematic. The sooner AMP migrates to the open web and becomes less tied to the interests of Google, in every way the better."
AI

Are Companies Overhyping AI? (hackaday.com) 154

When it comes to artificial intelligence, "companies have been overselling the concept and otherwise normal people are taking the bait," writes Hackaday: Not to pick on Amazon, but all of the home assistants like Alexa and Google Now tout themselves as AI. By the most classic definition, that's true. AI techniques include matching natural language to predefined templates. That's really all these devices are doing today. Granted the neural nets that allow for great speech recognition and reproduction are impressive. But they aren't true intelligence nor are they even necessarily direct analogs of a human brain... The danger is that people are now getting spun up that the robot revolution is right around the corner...

[N]othing in the state of the art of AI today is going to wake up and decide to kill the human masters. Despite appearances, the computers are not thinking. You might argue that neural networks could become big enough to emulate a brain. Maybe, but keep in mind that the brain has about 100 billion neurons and almost 10 to the 15th power interconnections. Worse still, there isn't a clear consensus that the neural net made up of the cells in your brain is actually what is responsible for conscious thought. There's some thought that the neurons are just control systems and the real thinking happens in a biological quantum computer... Besides, it seems to me if you build an electronic brain that works like a human brain, it is going to have all the problems a human brain has (years of teaching, distraction, mental illness, and a propensity for error).

Citing the dire predictions of Elon Musk and Bill Gates, the article argues that "We are a relatively small group of people who have a disproportionate influence on what our friends, families, and co-workers think... We need to spread some sense into the conversation."
Google

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs (bleepingcomputer.com) 103

An anonymous reader writes from a report via Bleeping Computer: The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari. Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues. The tests were carried out with a new fuzzing tool created by Google engineers named Domato, also open-sourced on GitHub. This is the third fuzzing tool Google creates and releases into open-source after OSS-Fuzz and syzkaller. Researchers focused on testing DOM engines for vulnerabilities because they expect them to be the next target for browser exploitation after Flash reaches end-of-life in 2020.
Businesses

The Problem, Really, is This Thing Called 'Disruption' (wired.com) 105

New submitter mirandakatz writes: The word "disruption" is everywhere in tech -- and it's getting founders in trouble. Just look at what happened with Bodega last week: Had the startup not professed to be disrupting the mom-and-pop shops on every corner, it might not have landed itself in such hot water. At Backchannel, veteran Silicon Valley communications whiz Karen Wickre makes the case against "disruption," pointing out that many of today's biggest companies got their starts without claiming to completely upend an existing industry. She writes: "What if Sergey and Larry had touted Google, in 1998, as 'an unprecedented platform for disrupting global advertising?' Do you think Jeff Bezos claimed that Amazon.com was upending global retail? Netflix? Within a few months of its 1997 launch, it did not foresee the actual paradigm shift of media streaming."
Firefox

Firefox For iOS Gets Tracking Protection, Firefox Focus For Android Gets Tabs 28

An anonymous reader quotes a report from VentureBeat: Mozilla today released Firefox 9.0 for iOS and updated Firefox Focus for Android. The iOS browser is getting tracking protection, improved sync, and iOS 11 compatibility. The Android privacy browser is getting tabs. You can download the former from Apple's App Store and the latter from Google Play. This is the first time Firefox has offered tracking protection on iOS, and Nick Nguyen, vice president of product at Mozilla, notes that it's finally possible "thanks to changes by Apple to enable the option for 3rd party browsers." This essentially means iPhone and iPad users with Firefox and iOS 11 will have automatic ad and content blocking in Private Browsing mode, and the option to turn it on in regular browsing. This is the same feature that's available in Firefox for Android, Windows, Mac, and Linux, as well as the same ad blocking technology used in Firefox Focus for Android and iOS.
Security

Security Researchers Warn that Third-Party GO Keyboard App is Spying on Millions of Android Users (betanews.com) 65

An anonymous reader shares a report: Security researchers from Adguard have issued a warning that the popular GO Keyboard app is spying on users. Produced by Chinese developers GOMO Dev Team, GO Keyboard was found to be transmitting personal information about users back to remote servers, as well as "using a prohibited technique to download dangerous executable code." Adguard made the discovery while conducting research into the traffic consumption and unwanted behavior of various Android keyboards. The AdGuard for Android app makes it possible to see exactly what traffic an app is generating, and it showed that GO Keyboard was making worrying connections, making use of trackers, and sharing personal information. Adguard notes that there are two versions of the keyboard in Google Play which it claims have more than 200 million users in total.
DRM

Corporations Just Quietly Changed How the Web Works (theoutline.com) 245

Adrianne Jeffries, a reporter at The Outline, writes on W3C's announcement from earlier this week: The trouble with DRM is that it's sort of ineffective. It tends to make things inconvenient for people who legitimately bought a song or movie while failing to stop piracy. Some rights holders, like Ubisoft, have come around to the idea that DRM is counterproductive. Steve Jobs famously wrote about the inanity of DRM in 2007. But other rights holders, like Netflix, are doubling down. The prevailing winds at the consortium concluded that DRM is now a fact of life, and so it would be be better to at least make the experience a bit smoother for users. If the consortium didn't work with companies like Netflix, Berners-Lee wrote in a blog post, those companies would just stop delivering video over the web and force people into their own proprietary apps. The idea that the best stuff on the internet will be hidden behind walls in apps rather than accessible through any browser is the mortal fear for open web lovers; it's like replacing one library with many stores that each only carry books for one publisher. "It is important to support EME as providing a relatively safe online environment in which to watch a movie, as well as the most convenient," Berners-Lee wrote, "and one which makes it a part of the interconnected discourse of humanity." Mozilla, the nonprofit that makes the browser Firefox, similarly held its nose and cooperated on the EME standard. "It doesn't strike the correct balance between protecting individual people and protecting digital content," it said in a blog post. "The content providers require that a key part of the system be closed source, something that goes against Mozilla's fundamental approach. We very much want to see a different system. Unfortunately, Mozilla alone cannot change the industry on DRM at this point."
Security

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (wired.com) 147

An anonymous reader shares a report: Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. It wound up installed on more than 700,000 computers. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected. On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 20 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they'd compromised within the company's network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.
Businesses

Google Buys Part of HTC's Smartphone Team For $1.1 Billion (betanews.com) 92

BrianFagioli shares a report from BetaNews: Today, a deal finally happens, but Google didn't buy HTC outright. Strangely, as the deal is laid out, the search giant has seemingly bought HTC employees. Yes, for $1.1 billion, the search giant has sort of purchased human beings -- plus it gets access to some intellectual property. HTC gets a much-needed big influx of cash. "Google and HTC Corporation today announced a definitive agreement under which certain HTC employees -- many of whom are already working with Google to develop Pixel smartphones -- will join Google. HTC will receive $1.1 billion in cash from Google as part of the transaction. Separately, Google will receive a non-exclusive license for HTC intellectual property (IP). The agreement is a testament to the decade-long strategic relationship between HTC and Google around the development of premium smartphones," says HTC.
Youtube

More Are Paying To Stream Music, But YouTube Still Holds the Value Gap (theregister.co.uk) 43

An anonymous reader shares a report: With Google's user-generated content loophole firmly in lawmaker's sights, global music trade body IFPI has published new research looking at demand for music streaming. The research confirms YouTube's pre-eminence as the world's de facto jukebox. 46 percent of on-demand music streaming is from Google's video website. 75 percent of internet users use video streaming to hear music. The paid-for picture is bullish: 50 percent of internet users have paid for licensed music in the last six months, in one form or another, of which 53 per are 13- to 15-year-olds. Audio streaming is split between 39 percent who stream for free and 29 percent who pay. [...] So what's the problem? European policy makers have become convinced by the "value gap" argument: compensation doesn't reflect usage. Google finds itself with a unique advantage here, thanks to YouTube's "user-generated content" exception, as we explained last year.
AI

Amazon Is Reportedly Working On Alexa-Enabled Smart Glasses (techcrunch.com) 32

According to the Financial Times (Warning: source paywalled), Amazon is working on building a pair of smart glasses to house its Alexa voice assistant. The report also mentions a home security camera that is in the works, capable of linking up to Amazon's existing Echo connected devices. TechCrunch reports: According to the FT, the smart glasses are intended to be purely an earbuds-free housing for Amazon's Alexa AI -- with a bone-conduction audio system that would enable the wearer to hear Alexa without the need to be wired in. The FT reports the glasses would wirelessly tether to a user's smartphone for connectivity. They are also apparently being designed to look like a regular pair of spectacles, so they could be worn comfortably and unobtrusively. The paper notes that Amazon hired Babak Parviz, founder of Google Glass, in 2014, and says he's been closely involved in the project. It also points to several other Glass researchers, engineers and designers having moved to Amazon's labs -- per analysis of their LinkedIn profiles.
GNOME

GNOME Partners With Purism On Librem 5 Linux-based Privacy-focused Smartphone (betanews.com) 99

BrianFagioli writes: The Librem 5 smartphone by Purism has a long and difficult road ahead of it. Competing against the likes of Apple and Google on the mobile market has proven to be a death sentence for many platforms -- including Microsoft with its failed Windows 10 Mobile. Luckily, Purism has found itself a new partner on this project -- one of the most important organizations in the Linux community -- The GNOME Foundation. The GNOME Foundation explains, 'The Librem 5 is a hardware platform the Foundation is interested in advancing as a GNOME/GTK phone device. The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone. As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5.'
Businesses

Slashdot Asks: Why Does Google Want To Purchase HTC? (bloomberg.com) 101

Rumor has it Google is planning to purchase HTC -- or at least a portion of it. The speculation of this has been doing rounds for weeks now, and it reached a new high today after HTC said its stock will stop trading from Thursday, as it prepares to make a "major announcement" tomorrow. Bloomberg reported today: Alphabet's Google is close to acquiring assets from Taiwan's HTC, according to a person familiar with the situation, in a bid to bolster the internet giant's nascent hardware business. HTC, once ranked among the world's top smartphone makers, is holding a town hall meeting Thursday, according to tech website Venture Beat, which cited a copy of an internal invitation. The shares will also be suspended from trading as of Sept. 21 due to a pending announcement, according to the Taiwan stock exchange. Of course Google has made similar moves in the past. It previously owned Motorola for a brief period of time, but that acquisition didn't materialize much. The company has however, since re-hired the Motorola chief it once had, Rick Osterloh, and founded a separate hardware team under his stewardship. Claude Zellweger, the one-time chief designer of HTC Vive, is also now at Google, working on that company's Daydream virtual reality system.

What reasons could Google have to purchase HTC? Share your thoughts in the comments section below.
Businesses

Amazon 'Reviewing' Its Website After It Suggested Bomb-Making Items (nytimes.com) 156

An anonymous reader shares a report: Amazon said on Wednesday that it was reviewing its website after a British television report said the online retail giant's algorithms were automatically suggesting bomb-making ingredients that were "Frequently bought together." The news is particularly timely in Britain, where the authorities are investigating a terrorist attack last week on London's Underground subway system. The attack involved a crude explosive in a bucket inside a plastic bag, and detonated on a train during the morning rush. The news report is the latest example of a technology company drawing criticism for an apparently faulty algorithm. Google and Facebook have come under fire for allowing advertisers to direct ads to users who searched for, or expressed interest in, racist sentiments and hate speech. Growing awareness of these automated systems has been accompanied by calls for tech firms to take more responsibility for the contents on their sites. Amazon customers buying products that were innocent enough on their own, like cooking ingredients, received "Frequently bought together" prompts for other items that would help them produce explosives, according to the Channel 4 News.
Data Storage

Google, Bing, Yahoo Data Retention Doesn't Improve Search Quality, Study Claims (theregister.co.uk) 38

A new paper released on Monday via the National Bureau of Economic Research claims that retaining search log data doesn't do much for search quality. "Data retention has implications in the debate over Europe's right to be forgotten, the authors suggest, because retained data undermines that right," reports The Register. "It's also relevant to U.S. policy discussions about privacy regulations." From the report: To determine whether retention policies affected the accuracy of search results, Chiou and Tucker used data from metrics biz Hitwise to assess web traffic being driven by search sites. They looked at Microsoft Bing and Yahoo! Search during a period when Bing changed its search data retention period from 18 months to 6 months and when Yahoo! changed its retention period from 13 months to 3 months, as well as when Yahoo! had second thoughts and shifted to an 18-month retention period. According to Chiou and Tucker, data retention periods didn't affect the flow of traffic from search engines to downstream websites. "Our findings suggest that long periods of data storage do not confer advantages in search quality, which is an often-cited benefit of data retention by companies," their paper states. Chiou and Tucker observe that the supposed cost of privacy laws to consumers and to companies may be lower than perceived. They also contend that their findings weaken the claim that data retention affects search market dominance, which could make data retention less relevant in antitrust discussions of Google.
AI

You Might Use AI, But That Doesn't Mean You're an AI Company, Says a Founder of Google Brain (venturebeat.com) 73

As AI space gets crowded, there are a slew of businesses -- new and old -- looking to market themselves as "AI companies." But according to Andrew Ng, a founder of the Google Brain team and a luminary in the space, there's more to being an AI company than just using a neural net. From a report: In his view, while it's possible to create a website for a shopping mall, that doesn't make it an internet company. In the same way, just implementing basic machine learning does not make a standard technology company (or any other business) an AI company. "You're not an AI company because there are a few people using a few neural networks somewhere," Ng said. "It's much deeper than that." First and foremost, AI companies are strategic about their acquisition of data, which is used as the fuel for machine learning systems. Once an AI company has acquired the data, Ng said that they tend to store it in centralized warehouses for processing. Most enterprises have their information spread across multiple different warehouses, and collating that data for machine learning can prove difficult. AI companies also implement modern development practices, like frequent deployments. That means it's possible to change the product and learn from the changes.
AI

Google's AI Boss Blasts Musk's Scare Tactics on Machine Takeover (bloomberg.com) 129

Mark Bergen, writing for Bloomberg: Elon Musk is the most-famous Cassandra of artificial intelligence. The Tesla chief routinely drums up the technology's risks in public and on Twitter, where he recently called the global race to develop AI the "most likely cause" of a third world war. Researchers at Google, Facebook and other AI-focused companies find this irritating. John Giannandrea, the head of search and AI at Alphabet's Google, took one of the clearest shots at Musk on Tuesday -- all while carefully leaving him unnamed. "There's a huge amount of unwarranted hype around AI right now," Giannandrea said at the TechCrunch Disrupt conference in San Francisco. "This leap into, 'Somebody is going to produce a superhuman intelligence and then there's going to be all these ethical issues' is unwarranted and borderline irresponsible."
Entertainment

Sonos To Launch a Wireless Speaker That Would Support Multiple Voice Assistants (yahoo.com) 33

Sonos, a mid- to high-end speaker manufacturer, released an updated privacy policy for its speakers that almost certainly confirms that the company will release a speaker with Amazon's Alexa voice assistant built into the device in the near term. From a report: Though many devices that integrate with Alexa have been announced and are starting to come to market, this is one of the higher-profile examples and could be instructive for smart-speaker designers. The company first announced its intention to add voice-assistant integration to its speakers over a year ago, but didn't give any specific time frame for that step. And an FCC filing from the company that surfaced a few weeks ago showed that it is looking into systems that would support multiple voice assistants, so a user could potentially have the option to choose between Amazon's Alexa or Google's Assistant, depending on what other devices they own and what platform they prefer.
Chrome

Google Chrome Most Resilient Against Attacks, Researchers Find (helpnetsecurity.com) 98

Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.
Encryption

Why You Shouldn't Use Texts For Two-Factor Authentication (theverge.com) 102

An anonymous reader quotes a report from The Verge: A demonstration video posted by Positive Technologies (and first reported by Forbes) shows how easy it is to hack into a bitcoin wallet by intercepting text messages in transit. The group targeted a Coinbase account protected by two-factor authentication, which was registered to a Gmail account also protected by two-factor. By exploiting known flaws in the cell network, the group was able to intercept all text messages sent to the number for a set period of time. That was enough to reset the password to the Gmail account and then take control of the Coinbase wallet. All the group needed was the name, surname and phone number of the targeted Bitcoin user. These were security researchers rather than criminals, so they didn't actually steal anyone's bitcoin, although that would have been an easy step to take. At a glance, this looks like a Coinbase vulnerability, but the real weakness is in the cellular system itself. Positive Technologies was able to hijack the text messages using its own research tool, which exploits weaknesses in the cellular network to intercept text messages in transit. Known as the SS7 network, that network is shared by every telecom to manage calls and texts between phone numbers. There are a number of known SS7 vulnerabilities, and while access to the SS7 network is theoretically restricted to telecom companies, hijacking services are frequently available on criminal marketplaces. The report notes of several ways you can protect yourself from this sort of attack: "On some services, you can revoke the option for SMS two-factor and account recovery entirely, which you should do as soon as you've got a more secure app-based method established. Google, for instance, will let you manage two-factor and account recovery here and here; just set up Authenticator or a recovery code, then go to the SMS option for each and click 'Remove Phone.'"

Slashdot Top Deals