Heise Newsticker


  • FTC May Try To Delay Facebook's Plan To Integrate its Apps (2019/12/12 21:51)
    Facebook's stock took a dive on Thursday following a report that federal regulators may seek to prevent the company from more tightly integrating its social media products. From a report: The Federal Trade Commission is said to be considering asking for a court order to delay Facebook from making the services it owns, including WhatsApp, Instagram and Facebook Messenger, interoperable with one another, the Wall Street Journal reported, citing unnamed people familiar with the matter. Shares of Facebook fell more than 3 percent in afternoon trading Thursday after the news broke. Read more of this story at Slashdot.
  • Inside the Podcast that Hacks Ring Camera Owners Live on Air (2019/12/12 21:05)
    In the NulledCast podcast hackers livestream the harassment of Ring camera owners after accessing their devices. Hundreds of people can listen. From a report: A blaring siren suddenly rips through the Ring camera, startling the Florida family inside their own home. "It's your boy Chance on Nulled," a voice says from the Ring camera, which a hacker has taken over. "How you doing? How you doing?" "Welcome to the NulledCast," the voice says. The NulledCast is a podcast livestreamed to Discord. It's a show in which hackers take over people's Ring and Nest smarthome cameras and use their speakers to talk to and harass their unsuspecting owners. In the example above, Chance blared noises and shouted racist comments at the Florida family. "Sit back and relax to over 45 minutes of entertainment," an advertisement for the podcast posted to a hacking forum called Nulled reads. "Join us as we go on completely random tangents such as; Ring & Nest Trolling, telling shelter owners we killed a kitten, Nulled drama, and more ridiculous topics. Be sure to join our Discord to watch the shows live." Software to hack Ring cameras has recently become popular on the forum. The software churns through previously compromised email addresses and passwords to break into Ring cameras at scale. This has led to a recent spate of hacks that have occurred both during the podcast and at other times, several of which have been covered by local media outlets. In Brookhaven a hacker shouted at a sleeping woman through her hacked Ring camera to wake-up. In Texas, a hacker demanded a couple pay a bitcoin ransom. Hackers targeted a family in DeSoto County, Mississippi, and spoke through the device to one of the young children. Read more of this story at Slashdot.
  • Google Adds Spam Detection and Verified Business SMS To Messages (2019/12/12 20:23)
    Businesses often send one-time passwords, account alerts and appointment confirmations via text. But if you've ever received one of those, you know they tend to come from a random number, and bad actors can take advantage of that by disguising phishing scams as one of those messages. To protect users, Google will soon verify SMS messages from registered businesses. From a report: When you receive a message from a verified business, you'll see the company name, logo and a verification badge in the message thread. Businesses must sign up to use Verified SMS, and so far, 1-800-Flowers, Banco Bradesco, Kayak, Payback and SoFi are on-board. Verified SMS is rolling out gradually in the US, Brazil, Canada, France, India, Mexico, Philippines, Spain and the UK. Google is also adding real-time spam detection. When Google suspects a message is phishy or garbage, it will show a spam warning in Messages. Read more of this story at Slashdot.
  • Rude Paper Reviews Are Pervasive and Sometimes Harmful, Study Finds (2019/12/12 19:44)
    sciencehabit writes: There's a running joke in academia about Reviewer 2. That's the reviewer that doesn't bother to read the manuscript a journal has sent out for evaluation for possible publication, offers condescending or outright offensive comments, and -- of course -- urges the irrelevant citation of their own work. Such unprofessional conduct is so pervasive there's even a whole Facebook group, more than 25,000 members strong, named "Reviewer 2 Must Be Stopped!" But it is no laughing matter, concludes a new study that finds boorish reviewer comments can have serious negative impacts, especially on authors belonging to marginalized groups. The study surveyed 1106 scientists from 46 countries and 14 disciplines. More than half of the respondents -- who were promised anonymity -- reported receiving at least one "unprofessional" review, and a majority of those said they had received multiple problematic comments. Those comments tended to personally target a scientist, lack constructive criticism, or were just unnecessarily harsh or cruel, the authors report. For example, one author received a review that stated: "The phrases I have so far avoided using in this review are 'lipstick on a pig' and 'bullshit baffles brains.'" Another reported receiving this missive: "The author's last name sounds Spanish. I didn't read the manuscript because I'm sure it's full of bad English." Read more of this story at Slashdot.
  • 'Link in Bio' is a Slow Knife (2019/12/12 19:05)
    Anil Dash: We don't even notice it anymore -- "link in bio." It's a pithy phrase, usually found on Instagram, which directs an audience to be aware that a pertinent web link can be found on that user's profile. Its presence is so subtle, and so pervasive, that we barely even noticed it was an attempt to kill the web. Links on the web are incredibly powerful. There are decades of theory behind the role of hyperlinks in hypertext -- did you know in most early versions, links were originally designed to be two-way? You'd be able to see every page on the web that links to this one. But even in the very simple form that we've ended up with on the World Wide Web for the last 30 years, links are incredibly powerful, opening up valuable connections between unexpected things. For a closed system, those kinds of open connections are deeply dangerous. If anyone on Instagram can just link to any old store on the web, how can Instagram -- meaning Facebook, Instagram's increasingly-overbearing owner -- tightly control commerce on its platform? If Instagram users could post links willy-nilly, they might even be able to connect directly to their users, getting their email addresses or finding other ways to communicate with them. Links represent a threat to closed systems. Here's the thing, though: people like links. So closed systems have to present a pressure release valve. Hashtags are a great way out. They use the semiotics of links (early versions of hashtags on social platforms were really barely more than automated links to a search for a particular term) but are also constrained by the platforms they live on. A hashtag is easier to gather into a database, to harvest, to monetize. It's much easier, sure, but it also doesn't have all the messiness of a real link. Instagram doesn't have to worry that clicking on its hashtags will accidentally lead people to Twitter, or vice versa. Read more of this story at Slashdot.
  • Russian Police Raid NGINX Moscow Office (2019/12/12 18:05)
    Russian police have raided today the Moscow offices of NGINX, Inc., a subsidiary of F5 Networks and the company behind the internet's most popular web server technology. From a report: Equipment was seized and employees were detained for questioning. Moscow police executed the raid after last week the Rambler Group filed a copyright violation against NGINX Inc., claiming full ownership of the NGINX web server code. The Rambler Group is the parent company of, one of Russia's biggest search engines and internet portals. According to copies of the search warrant posted on Twitter today, Rambler claims that Igor Sysoev developed NGINX while he was working as a system administrator for the company, hence they are the rightful owner of the project. Sysoev created NGINX in the early 2000s and open-sourced the NGINX code in 2004. In 2009, he founded NGINX, Inc., a US company, to provide adjacent tools and support services for NGINX deployments. The company is based in San Francisco, but has offices all over the world, including Moscow. The NGINX server's source code is still free and managed through an open-source model, although a large chunk of the project's primary contributors are NGINX, Inc. employees, who have a firm grip on the project's stewardship. Read more of this story at Slashdot.
  • AI R&D is Booming, But General Intelligence is Still Out of Reach (2019/12/12 17:44)
    The AI world is booming in a range of metrics covering research, education, and technical achievements, according to AI Index report -- an annual rundown of machine learning data points now in its third year. From a news writeup, which outlines some of the more interesting and pertinent points: AI research is rocketing. Between 1998 and 2018, there's been a 300 percent increase in the publication of peer-reviewed papers on AI. Attendance at conferences has also surged; the biggest, NeurIPS, is expecting 13,500 attendees this year, up 800 percent from 2012. AI education is equally popular. Enrollment in machine learning courses in universities and online continues to rise. Numbers are hard to summarize, but one good indicator is that AI is now the most popular specialization for computer science graduates in North America. Over 21 percent of CS PhDs choose to specialize in AI, which is more than double the second-most popular discipline: security / information assurance. The US is still the global leader in AI by most metrics. Although China publishes more AI papers than any other nation, work produced in the US has a greater impact, with US authors cited 40 percent more than the global average. The US also puts the most money into private AI investment (a shade under $12 billion compared to China in second place globally with $6.8 billion) and files many more AI patents than any other country (with three times more than the number two nation, Japan). AI algorithms are becoming faster and cheaper to train. Research means nothing unless it's accessible, so this data point is particularly welcome. The AI Index team noted that the time needed to train a machine vision algorithm on a popular dataset (ImageNet) fell from around three hours in October 2017 to just 88 seconds in July 2019. Costs also fell, from thousands of dollars to double-digit figures. Self-driving cars received more private investment than any AI field. Just under 10 percent of global private investment went into autonomous vehicles, around $7.7 billion. That was followed by medical research and facial recognition (both attracting $4.7 billion), while the fastest-growing industrial AI fields were less flashy: robot process automation ($1 billion investment in 2018) and supply chain management (over $500 million). Read more of this story at Slashdot.
  • Getting Drivers for Old Hardware Is Harder Than Ever (2019/12/12 17:03)
    At least one major provider of hardware-level BIOS drivers is actively deleting old stuff it no longer supports, while old FTP sites where vintage drivers are often found are soon going to be harder to reach. Ernie Smith, writing for Motherboard: You've never lived until you've had to download a driver from an archived forum post on the Internet Archive's Wayback Machine. You have no idea if it's going to work, but it's your only option. So you bite the bullet. I recently did this with a PCI-based SATA card I was attempting to flash to support a PowerPC-based Mac, and while it was a bit of a leap of faith, it actually ended up working. Score one for chance. But this, increasingly, feels like it may be a way of life for people trying to keep old hardware alive -- despite the fact that all the drivers generally have to do is simply sit on the internet, available when they're necessary. Apparently, that isn't easy enough for Intel. Recently, the chipmaker took BIOS drivers, a boot-level firmware technology used for hardware initialization in earlier generations of PCs, for a number of its unsupported motherboards off its website, citing the fact that the programs have reached an "End of Life" status. While it reflects the fact that Unified Extensible Firmware Interface (UEFI), a later generation of firmware technology used in PCs and Macs, is expected to ultimately replace BIOS entirely, it also leaves lots of users with old gadgets out in a lurch. And as Bleeping Computer has noted, it appears to be part of a broader trend to prevent downloads for unsupported hardware on the Intel website -- things that have long lived past their current lives. After all, if something goes wrong, Intel can be sure it's not liable if a 15-year-old BIOS update borks a system. Read more of this story at Slashdot.
  • Google Assistant Can Now Interpret 44 Languages on Smartphones (2019/12/12 16:25)
    Kyle Wiggers, writing for VentureBeat: In January during the 2019 Consumer Electronics Show in Las Vegas, Google debuted interpreter mode, a real-time translation feature for Google Home speakers and third-party smart displays like those from JBL, Sony, LG, and Lenovo. The tech giant said at the time that interpreter mode would eventually come to mobile devices, but it didn't set a date. The date is today, as it turns out. As of this morning, Google Assistant on both Android and iOS smartphones supports interpreter mode, enabling you to ask for directions, order food, or simply chat in a foreign language. The number of recognized languages has increased from 27 to 44, and interpreter mode now lets you optionally type using a keyboard or manually select the language in which you'd like to speak. Saying a command like "Hey Google, be my German translator" or "Hey Google, help me speak Thai" kicks off interpreter mode. You'll see and hear the translated conversation on your phone, and after each translation, Google Assistant might present suggestions (like "Nien" or "Ju tut et") that let you quickly respond. Read more of this story at Slashdot.
  • Iran Banks Burned, Then Customer Accounts Were Exposed Online (2019/12/12 15:46)
    The details of millions of Iranian bank cards were published online after antigovernment protests last month. Experts suspect a state-sponsored cyberattack. From a report: After demonstrators in Iran set fire to hundreds of bank branches last month in antigovernment protests, the authorities dealt with another less visible banking threat that is only now coming to fuller light: a security breach that exposed the information of millions of Iranian customer accounts. As of Tuesday, details of 15 million bank debit cards in Iran had been published on social media in the aftermath of the protests, unnerving customers and forcing the government to acknowledge a problem. The exposure represented the most serious banking security breach in Iran, according to Iranian media and a law firm representing some of the victims. The breach, which targeted customers of Iran's three largest banks, was likely to further rattle an economy already reeling from the effects of American sanctions and came as Iran's leadership was grappling with deep-seated anger over its deadly crackdown on the protests. The number of affected accounts represents close to a fifth of the country's population. "This is the largest financial scam in Iran's history," reported Aftab News, a conservative media outlet. "Millions of Iranians are worried to find their names among the list of hacked accounts." Read more of this story at Slashdot.



    • BSI eröffnet zweiten Dienstsitz in Freital/Sachsen (2019/12/11 10:00)
      Als die Cyber-Sicherheitsbehörde des Bundes hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) heute einen zweiten Dienstsitz am Standort Freital eröffnet.
    • Allianz für Cyber-Sicherheit würdigt Engagement von ISACA Germany Chapter (2019/12/06 09:00)
      Im Rahmen des IT-GRC Kongresses 2019 überreichte Dr. Timo Hauschild, Leiter des Fachbereiches Kundenmanagement und Recht im BSI, am 5. Dezember die Multiplikatorenurkunde der Allianz für Cyber-Sicherheit an die ISACA Germany Chapter e.V.
    • BSI stellt Neuauflage des Cloud Computing Compliance Criteria Catalogue vor (2019/12/04 10:30)
      Am 21. Januar 2020 wird das BSI den Cloud Computing Compliance Criteria Catalogue (C5:2020) im Rahmen einer Veranstaltung in der Endversion vorstellen.
    • "What‘s NExT?" diskutiert die sichere Digitalisierung der Verwaltung (2019/12/03 10:00)
      Mit der rasanten Fortentwicklung der Informationstechnik entstehen in der öffentlichen Verwaltung zahlreiche neue IT-Anwendungen – und damit auch potentielle Sicherheitslücken. Je abhängiger die Geschäftsabläufe von der Informationstechnik werden, desto wichtiger ist ihr Schutz. Gemeinsam mit dem behördenübergreifenden Netzwerk "NExT" lud deshalb das Bundesamt für Sicherheit in der Informationstechnik (BSI) zur Veranstaltung "What‘s NExT? | Digitalisieren, aber sicher!" in den Universitätsclub Bonn ein.
    • Ergebnispräsentation "Institutionalisierung des gesellschaftlichen Dialogs" (2019/12/02 15:00)
      Am 28. November 2019 stellten das nexus Institut und die Digitale Gesellschaft e.V. die Ergebnisse des Projekts "Institutionalisierung des gesellschaftlichen Dialogs" in einer Abschlussveranstaltung im Bundesamt für Sicherheit in der Informationstechnik (BSI) in Bonn vor.
    • BSI im Dialog: Cyber-Sicherheit in die Schulen bringen (2019/11/29 12:00)
      Zur Veranstaltung "BSI im Dialog" am heutigen Freitag diskutierte das Bundesamt für Sicherheit in der Informationstechnik (BSI) mit Lehrinnen und Lehrern sowie Vertretern aus Ministerien, der Bezirksregierung, Bildungsinitiativen und Elterngremien, was es braucht, um Cyber-Sicherheit für und in Schulen zu gestalten.
    • SPS 2019: BSI gestaltet Cyber-Sicherheit in der Industrie 4.0 (2019/11/27 09:00)
      Gefährdungspotentiale und Lösungsansätze für mehr Cyber-Sicherheit im Bereich der Industrie 4.0 zeigt das Bundesamt für Sicherheit in der Informationstechnik (BSI) vom 26. bis 28. November 2019 als Aussteller auf der SPS - smart production solutions 2019 in Nürnberg.
    • Studiengang Cyber Security der Universität Bonn besucht BSI (2019/11/20 15:00)
      Seit diesem Wintersemester bietet die Universität Bonn den Bachelor-Studiengang Cyber Security an. Eine Entwicklung, die das Bundesamt für Sicherheit in der Informationstechnik (BSI) sehr begrüßt – und zum Anlass genommen hat, rund 65 Studierenden des Studiengangs einen Blick hinter die Kulissen der Cyber-Sicherheitsbehörde des Bundes zu gewähren.

    Internet Storm Center


    issf news