United States

US Congressmen Reveal Thousands of Facebook Ads Bought By Russian Trolls (mercurynews.com) 309

An anonymous reader writes: Democrats on the House Intelligence Committee on Thursday released about 3,400 Facebook ads purchased by Russian agents around the 2016 presidential election on issues from immigration to gun control, a reminder of the complexity of the manipulation that Facebook is trying to contain ahead of the midterm elections. The ads, which span from mid-2015 to mid-2017, illustrate the extent to which Kremlin-aligned forces sought to stoke social, cultural and political unrest on one of the Web's most powerful platforms. With the help of Facebook's targeting tools, Russia's online army reached at least 146 million people on Facebook and Instagram, its photo-sharing service, with ads and other posts, including events promoting protests around the country...

Rep. Adam Schiff of California, the top Democrat on the House Intelligence Committee, said lawmakers would continue probing Russia's online disinformation efforts. In February, Robert S. Mueller III, the special counsel investigating Russia and the 2016 election, indicted individuals tied to the IRA for trying to interfere in the presidential race. "They sought to harness Americans' very real frustrations and anger over sensitive political matters in order to influence American thinking, voting and behavior," Schiff said in a statement. "The only way we can begin to inoculate ourselves against a future attack is to see first-hand the types of messages, themes and imagery the Russians used to divide us...."

The documents released Thursday also reflect that Russian agents continued advertising on Facebook well after the presidential election... They marketed a page called Born Liberal to likely supporters of Sen. Bernie Sanders, I-Vt., the data show, an ad that had more than 49,000 impressions into 2017. Together, the ads affirmed the fears of some lawmakers, including Republicans, that Russian agents have continued to try to influence U.S. politics even after the 2016 election. Russian agents also had created thousands of accounts on Twitter, and in January, the company revealed that it discovered more than 50,000 automated accounts, or bots, with links to Russia.

Chrome

Malicious Chrome Extensions Infect Over 100,000 Users Again (arstechnica.com) 39

An anonymous reader quotes Ars Technica: Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google's official Chrome Web Store. The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected more than 100,000 users, at least one inside a "well-protected network" of an unnamed global manufacturing firm, Radware said...

The extensions were being pushed in links sent over Facebook that led people to a fake YouTube page that asked for an extension to be installed. Once installed, the extensions executed JavaScript that made the computers part of a botnet. The botnet stole Facebook and Instagram credentials and collected details from a victim's Facebook account. The botnet then used that pilfered information to send links to friends of the infected person. Those links pushed the same malicious extensions. If any of those friends followed the link, the whole infection process started all over again. The botnet also installed cryptocurrency miners that mined the monero, bytecoin, and electroneum digital coins.

Google

Does Gmail's New 'Confidential Mode' Make It Easier to Phish? (vortex.com) 82

Gmail's new confidential mode lets its users create "expiration dates" for emails, or require recipients to provide an SMS passcode. (And Google also claims they've removed the option to forward, copy, download or print messages.)

But Slashdot reader Lauren Weinstein warns that Google is also opening up a new vector for phishing emails: The problem arises since non-Gmail users cannot directly receive Gmail confidential mode messages. Instead...when a Gmail user wants to send a non-Gmail user such a message, the non-Gmail user is instead sent a link, that when clicked takes them to Google's servers where they can read the confidential mode message in their browser.

The potential risks for any service that operates in this way are obvious. Those of us working on Internet security and privacy have literally spent many years attempting to train users to avoid clicking on "to read the message, click here" links in emails that they receive. Criminals have simply become too adept at creating fraudulent emails that lead to phishing and malware sites.

Links

Scammers Are Using Google Maps To Skirt Link-Shortener Crackdown, Redirect Users To Dodgy Websites (theregister.co.uk) 85

According to security company Sophos, scam websites have been using obfuscated Google Maps links to redirect users to dodgy websites. The Register reports: The reason for this is Google's recent efforts to get rid of its Goo.gl URL-shortening service. The link-shortening site is a favorite for scammers looking to hide the actual address of pages. Without Goo.gl to pick on, scammers are now abusing a loophole in the Maps API that allows for redirects to be put into Google Maps URLs. This allows the attackers to chain the links to their scam pages within a link to Google Maps, essentially creating a more trustworthy URL that users are more likely to follow. The trick also has the benefit of being harder to catch and shut down than links made with the well-policed Goo.gl service. Because it uses Google Maps, there's no reporting structure in place to get the scammers shut down and the scammers don't have to use a Google-owned interface or API to do it.
Science

Einstein's 'Spooky Action' Has Been Demonstrated On a Massive Scale For the First Time (sciencealert.com) 278

schwit1 shares a report from ScienceAlert: For the first time, scientists have managed to show quantum entanglement -- which Einstein famously described as "spooky action at a distance" -- happening between macroscopic objects, a major step forward in our understanding of quantum physics. Quantum entanglement links particles in a way that they instantly affect each other, even over vast distances. On the surface, this powerful bond defies classical physics and, generally, our understanding of reality, which is why Einstein found it so spooky. But the phenomenon has since become a cornerstone of modern technology. Still, up until now quantum entanglement has only been demonstrated to work at the smallest of scales, in systems based on light and atoms, for example. Any attempt to increase the sizes has caused problems with stability, with the slightest of environmental disturbances breaking the connection. But new research changes all of this, by demonstrating that this "spooky action" can indeed be a reality between massive objects. We're not talking massive in the black hole sense but in the macroscopic sense -- two 15-micrometer-wide vibrating drum heads. And the next step will be to test whether those vibrations are being teleported between the two objects. The research has been published in the journal Nature.
Google

Slashdot Asks: How Do You Like the New Gmail UI? (vortex.com) 137

Earlier today, Google pushed out the biggest revamp of Gmail in years. In addition to a new material design look, there are quick links to other Google services, such as Calendar, Tasks, and Keep, as well as a new "confidential mode" designed to protect users against certain attacks by having the email(s) automatically expire at a time of the sender's choosing. Long-time Slashdot reader Lauren Weinstein shares their initial impressions of Google's new Gmail UI: Google launched general access to their first significant Gmail user interface (UI) redesign in many years today. It's rolling out gradually -- when it hits your account you'll see a "Try the new Gmail" choice under the settings ("gear") icon on the upper right of the page (you can also revert to the "classic" interface for now, via the same menu). But you probably won't need to revert. Google clearly didn't want to screw up Gmail, and my initial impression is that they've succeeded by avoiding radical changes in the UI. I'll bet that some casual Gmail users might not even immediately notice the differences.

The new Gmail UI is what we could call a "minimally disruptive" redesign of the now "classic" version. The overall design is not altered in major respects. So far I haven't found any notable missing features, options, or settings. My impression is that the back end systems serving Gmail are largely unchanged. Additionally, there are a number of new features (some of which are familiar in design from Google's "Inbox" email interface) that are now surfaced for the new Gmail. Crucially, overall readability and usability (including contrast, font choices, UI selection elements, etc.) seem so close to classic Gmail (at least in my limited testing so far) as to make any differences essentially inconsequential. And it's still possible to select a dark theme from settings if you wish, which results in even higher contrast.
Have you tried the new Gmail? If so, how do you like the new interface?
Bitcoin

Bezop Cryptocurrency Server Exposes Personal Info of 25,000 Investors (threatpost.com) 28

lod123 shares a report from Threatpost: A leaky Mongo database exposed personal information, including scanned passports and driver's licenses, of 25,000 investors and potential investors tied to the Bezop cryptocurrency, according to researchers. Kromtech Security said that it found the unprotected data on March 30, adding that it included a treasure-trove of information ranging from "full names, (street) addresses, email addresses, encrypted passwords, wallet information, along with links to scanned passports, driver's licenses and other IDs," according to the researchers. Kromtech researchers, in their overview of the results of its investigation, said that Bezop.io, the organization behind the currency, immediately secured the data after being notified. Bezop is one of over 1,000 cryptocurrencies in a crowded playing field vying for investor attention. According to Kromtech, the list of 25,000 people included both current and prospective investors promised Bezop cryptocurrency in exchange for promoting the cryptocurrency on social media.
Businesses

Appliance Companies Are Lobbying To Protect Their DRM-Fueled Repair Monopolies (vice.com) 143

Electronics companies Dyson, LG, and Wahl are fighting right-to-repair legislation, Motherboard reported Wednesday, citing letters it has obtained. From a report: The manufacturers of your appliances do not want you to be able to fix them yourself. Last week, at least three major appliance manufacturers -- Dyson, LG, and Wahl -- sent letters to Illinois lawmakers opposing "fair repair" legislation in that state. The letters were written with the help of a trade group called the Association of Home Appliance Manufacturers (AHAM). All three letters are similar but include slightly different wording and examples in parts. The letters ask lawmakers to "withdraw" a bill that would protect and expand the ability for consumers and independent repair professionals to repair everything from iPhones to robot vacuums, electric shavers, toasters, and tractors. Here are links to the Wahl, Dyson, and LG letters.
The Internet

Mosaic, the First HTML Browser That Could Display Images Alongside Text, Turns 25 (wired.com) 132

NCSA Mosaic 1.0, the first web browser to achieve popularity among the general public, was released on April 22, 1993. It was developed by a team of students at the University of Illinois' National Center for Supercomputing Applications (NCSA), and had the ability to display text and images inline, meaning you could put pictures and text on the same page together, in the same window. Wired reports: It was a radical step forward for the web, which was at that point, a rather dull experience. It took the boring "document" layout of your standard web page and transformed it into something much more visually exciting, like a magazine. And, wow, it was easy. If you wanted to go somewhere, you just clicked. Links were blue and underlined, easy to pick out. You could follow your own virtual trail of breadcrumbs backwards by clicking the big button up there in the corner. At the time of its release, NCSA Mosaic was free software, but it was available only on Unix. That made it common at universities and institutions, but not on Windows desktops in people's homes.

The NCSA team put out Windows and Mac versions in late 1993. They were also released under a noncommercial software license, meaning people at home could download it for free. The installer was very simple, making it easy for just about anyone to get up and running on the web. It was then that the excitement really began to spread. Mosaic made the web come to life with color and images, something that, for many people, finally provided the online experience they were missing. It made the web a pleasure to use.

Microsoft

Microsoft Ports Edge Anti-Phishing Technology To Google Chrome (bleepingcomputer.com) 75

An anonymous reader writes: Microsoft has released a Chrome extension named "Windows Defender Browser Protection" that ports Windows Defender's -- and inherently Edge's -- anti-phishing technology to Google Chrome. The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links. The warnings are eerily similar to the ones that Chrome natively shows via the Safe Browsing API, but are powered by Microsoft's database of malicious links —also known as the SmartScreen API.

Chrome users should be genuinely happy that they can now use both APIs for detecting phishing and malware-hosting URLs. The SmartScreen API isn't as known as Google's more famous Safe Browsing API, but works in the same way, and possibly even better. An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.

Operating Systems

ReactOS 0.4.8 Released (osnews.com) 60

jeditobe shares a report from OSNews: With software specifically leaving NT5 behind, ReactOS is expanding its target to support NT6+ (Vista, Windows 8, Windows 10) software. Colin, Giannis and Mark are creating the needed logic in NTDLL and LDR for this purpose. Giannis has finished the side-by-side support and the implicit activation context, Colin has changed Kernel32 to accept software made for NT6+, and Mark keeps working on the shim compatibility layer. Although in a really greenish and experimental state, the new additions in 0.4.8 should start helping several software pieces created for Vista and upwards to start working in ReactOS. Microsoft coined the term backwards compatibility, ReactOS the forward compatibility one. Slashdot reader jeditobe adds: "A new tool similar to DrWatson32 has been created by Mark and added to 0.4.8, so now any application crashing will create a log file on the desktop. This crash dump details the list of modules and threads loaded, stack traces, hexdumps, and register state."

The announcement, general notes, tests, and changelog for the release can be found at their respective links. A less technical community changelog for ReactOS 0.4.8 is also available.
Social Networks

Is It Time To Stop Using Social Media? (counterpunch.org) 291

Slashdot reader Nicola Hahn writes: Bulk data collection isn't the work of a couple of bad apples. Corporate social media is largely predicated on stockpiling and mining user information. As Zuckerberg explained to lawmakers, it's their business model...

While Zuckerberg has offered public apologias, spurring genuine regulation will probably be left to the public. Having said that, confronting an economic sector which makes up one of the country's largest political lobbying blocks might not be a tenable path in the short term.

The best immediate option for netizens may be to opt out of social media entirely.

The original submission links to this call-to-action from Counterpunch: Take personal responsibility for your own social life. Go back to engaging flesh and blood people without tech companies serving as an intermediary. Eschew the narcissistic impulse to broadcast the excruciating minutiae of your life to the world. Refuse to accept the mandate that you must participate in social media in order to participate in society. Reclaim your autonomy.
Firefox

Firefox 11.0 For iOS Arrives With Tracking Protection On By Default (venturebeat.com) 16

The new version of Firefox 11.0 for iOS turns on tracking protection by default, lets you reorder your tabs, and adds a handful of iPad-specific features. The latest version is currently available via Apple's App Store. VentureBeat details the new features: Tracking protection means Firefox blocks website elements (ads, analytics trackers, and social share buttons) that could track you while you're surfing the web. It's almost like a built-in ad blocker, though it's really closer to browser add-ons like Ghostery and Privacy Badger because ads that don't track you are allowed through. The feature's blocking list, which is based on the tracking protection rules laid out by the anti-tracking startup Disconnect, is published under the General Public License and available on GitHub. The feature is great for privacy, but it also improves performance. Content loads faster for many websites, which translates into less data usage and better battery life. If tracking protection doesn't work well on a given site, just turn it off there and Firefox for iOS should remember your preference.

Tracking protection aside, iOS users can now reorder their tabs. Organizing your tabs is very straightforward: Long-press the specific tab and drag it either left or right. iPad users have gained two new features, as well. You can now share URLs by just dragging and dropping links to and from Firefox with any other iOS app. If you're in side-by-side view, just drag the link or tab into the other app. Otherwise, bring up the doc or app switcher, drag the link into the other app until it pulses, release the link, and the other app will open the link. Lastly, iPad users have gained a few more keyboard shorts, including the standard navigation keys from the desktop. There's also cursor navigation through the bookmarks and history results, an escape key in the URL bar, and easier tab tray navigation (try using the keyboard shortcut Command + Option + Tab to get to and from the tabs view).

Mozilla

Firefox Follows Chrome and Blocks the Loading of Most FTP Resources (bleepingcomputer.com) 89

Mozilla says it will follow in the steps of Google Chrome and start blocking the loading of FTP subresources inside HTTP and HTTPS pages. From a report: By FTP subresources, we refer to files loaded via the FTP protocol inside img, script, or iframe tags that have a src="ftp://". FTP links placed inside normal angle bracket links or typed directly in the browser's address bar will continue to work. The reasoning is that FTP is an insecure protocol that doesn't support modern encryption techniques and will inherently break many other built-in browser security and privacy features, such as HSTS, CSP, XSA, or others. Furthermore, many malware distribution campaigns often rely on compromising FTP servers and redirecting or downloading malware on users' computers via FTP subresources. Mozilla engineers say FTP subresource blocking will ship with Firefox 61, currently scheduled for release on June 26.
Twitter

Two-Thirds of Tweeted Links Come From Bots, Report Says (cnet.com) 33

We already know bots have a significant presence on Twitter. But a report published Monday by the Pew Research Center suggests automated accounts are more prevalent than we may previously have thought. From a report: Pew estimates that two-thirds, or about 66 percent, of the links shared on Twitter come from bots rather than people. The research specifically focused on the 2,315 most popular websites and over 1 million tweets sent between July 27 and Sept. 11, 2017.
Windows

Is Microsoft Trying To Make Windows 10 Mail Worse? (venturebeat.com) 232

Emil Protalinski via VentureBeat argues that "Windows Mail is unusable, and instead of improving it, Microsoft is looking to drive users away": Microsoft started forcing Mail to use Edge for email links in Windows 10 build 17623 last month. This week, the company started including Office 365 ads right at the bottom of the app. But even these poor decisions are just extra nails in the coffin. Windows Mail has difficulty sending and receiving email. No, I'm not exaggerating for effect. If you have an email open and Windows Mail detects that a new email has hit your inbox, you'll get a notification. Standard stuff. If, however, you then click on said notification, Windows Mail will take you to the open email message, rather than the one that you just clicked on. That's half of the time. The other half of the time this happens, Windows Mail will crash altogether. Apparently having one email open and trying to open another one that just came in is overwhelming for Windows Mail. But that's not the end of it.

Windows Mail is also notorious for not sending emails. Multiple times a week, I open an email, hit reply, type out a quick message, hit send, and alt-tab back to Chrome or Word. Any normal email client will send the message despite the app not being the active window. With Windows Mail, countless times I have wondered why I never got heard back to a specific reply, only to discover hours later, and completely by accident, that the message is still a draft. It's not even sitting in my outbox -- it's just a fucking draft. I end up debating whether to send the email hours late, or if it doesn't make sense to send it anymore. That's not a decision I should have to make. There are of course small features I would like to see added to Windows Mail, like being able to set formatted signatures (as opposed to just plain text), but that's hardly a priority. Windows Mail is unusable, which means Windows 10 doesn't come with an email client. That's incredibly sad.

Communications

WhatsApp Public Groups Can Leave User Data Vulnerable To Scraping (venturebeat.com) 18

An anonymous reader writes: WhatsApp differentiates itself from parent company Facebook by touting its end-to-end encryption. "Some of your most personal moments are shared with WhatsApp," the company writes on its website, so "your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands." But WhatsApp members may not be aware that when using the app's Group Chat feature, their data can be harvested by anyone in the group. What is worse, their mobile numbers can be used to identify and target them.

WhatsApp groups are designed to enable groups of up to 256 people to join a shared chat without having to go through a central administrator. Group originators can add contacts from their phones or create links enabling anyone to opt-in. These groups, which can be found through web searches, discuss topics as diverse as agriculture, politics, pornography, sports, and technology. Not all groups have links, but in those that do, anyone who finds the link can join the group. While all new joining members are announced to the group, they are not required to provide a name or otherwise identify themselves. This design could leave inattentive members open to targeting, as a new report from European researchers shows.
WhatsApp is used by more than 1.2 billion users worldwide.
Links

Google Is Shutting Down Its Goo.gl URL Shortening Service (engadget.com) 154

Google is replacing its URL shortener service, goo.gl, with Firebase Dynamic Links (FDL) as of April 13th. These new smart URLs will let you send people to any location within iOS, Android or web apps. Engadget reports: You won't be able to create new goo.gl short links after the 13th, but existing users can manage them via the goo.gl console for the next year. After that, all the links will still work, but you won't be able to access the console itself after March 30th, 2019. Google suggests creating FDLs from now on, or using other shortening services like Bitly and Ow.ly.
Facebook

Facebook Begins 'Fact-Checking' Photos, Videos (reuters.com) 123

Facebook said today that it had begun "fact-checking" photos and videos to reduce the hoaxes and false news stories that have plagued the world's largest social media network. Reuters reports: The fact-checking began on Wednesday in France with assistance from the news organization AFP and will soon expand to more countries and partners, Tessa Lyons, a product manager at Facebook, said in a briefing with reporters. Lyons did not say what criteria Facebook or AFP would use to evaluate photos and videos, or how much a photo could be edited or doctored before it is ruled fake. The project is part of "efforts to fight false news around elections," she said. Facebook has tried other ways to stem the spread of fake news. It has used third-party fact-checkers to identify them, and then given such stories less prominence in the Facebook News Feed when people share links to them.
Businesses

90 Percent of Affiliate Ads on YouTube and Pinterest Aren't Disclosed, Says Study (theverge.com) 39

A new research paper [PDF] from Princeton University has found that 90 percent of affiliate posts on YouTube and Pinterest aren't disclosed to users. From a report: Affiliate links are customized URLs that content publishers can include in their posts. They're essentially ads, and publishers receive money from companies when users click on them. In the US, the Federal Trade Commission (FTC) requires that content makers identify when they're being paid to post something, but despite that, influencers continue to skirt around disclosures. The FTC has previously sent out letters to influencers reminding them of the requirement to communicate paid relationships with brands to their followers. The paper from Princeton analyzed over 500,000 YouTube videos and 2.1 million unique pins on Pinterest. Of those, 0.67 percent, or 3,472 videos on YouTube, and 0.85 percent, or 18,237 pins, contained affiliate links.

Slashdot Top Deals