EFF special consultant/blogger/science fiction writer Cory Doctorow warns in Locus magazine about the dangers of what Bruce Schneier calls "feudal security": Here in the 21st century, we are beset by all manner of digital bandits, from identity thieves, to stalkers, to corporate and government spies, to harassers... To be safe, then, you have to ally yourself with a warlord. Apple, Google, Facebook, Microsoft, and a few others have built massive fortresses bristling with defenses, whose parapets are stalked by the most ferocious cybermercenaries money can buy, and they will defend you from every attacker — except for their employers. If the warlord turns on you, you're defenseless. We see this dynamic playing out with all of our modern warlords. Google is tweaking Chrome, its dominant browser, to block commercial surveillance, but not Google's own commercial surveillance. Google will do its level best to block scumbag marketers from tracking you on the web, but if a marketer pays Google, and convinces Google's gatekeepers that it is not a scumbag, Google will allow them to spy on you. If you don't mind being spied on by Google, and if you trust Google to decide who's a scumbag and who isn't, this is great. But if you and Google disagree on what constitutes scumbaggery, you will lose, thanks, in part, to other changes to Chrome that make it much harder to block the ads that Chrome lets through. Over in Facebook land, this dynamic is a little easier to see. After the Cambridge Analytica scandal, Facebook tightened up who could buy Facebook's surveillance data about you and what they could do with it. Then, in the runup to the 2020 US elections, Facebook went further, instituting policies intended to prevent paid political disinformation campaigns at a critical juncture. But Facebook isn't doing a very good job of defending its users from the bandits. It's a bad (or possibly inattentive, or indifferent, or overstretched) warlord, though... Back to Apple. In 2017, Apple removed all effective privacy tools from the Chinese version of the iPhone/iPad App Store, at the behest of the Chinese government. The Chinese government wanted to spy on Apple customers in China, and so it ordered Apple to facilitate this surveillance... If Apple chose not to comply with the Chinese order, it would either have to risk fines against its Chinese subsidiary and possible criminal proceedings against its Chinese staff, or pull out of China and risk having its digital services blocked by China's Great Firewall, and its Chinese manufacturing subcontractors could be ordered to sever their relations with Apple. In other words, the cost of noncompliance with the order is high, so high that Apple decided that putting its customers at risk was an acceptable alternative. Therein lies the problem with trusting warlords to keep you safe: they have priorities that aren't your priorities, and when there's a life-or-death crisis that requires them to choose between your survival and their own, they will throw you to the bandits... "The fact that Apple devices are designed to prevent users from overriding the company's veto over their computing makes it inevitable that some government will demand that this veto be exercised in their favor..." Doctorow concludes. "As with feudal aristocrats, the state is happy to lend these warlords their legitimacy, in exchange for the power to militarize the aristocrat's holdings... " His proposed solution? What if Google didn't collect or retain so much user data in the first place -- or gave its users the power to turn off data-collection and data-retention altogether? And "What if Apple — by design — made is possible for users to override its killswitches?"

Read more of this story at Slashdot.

On Friday, America's Cybersecurity and Infrastructure Security Agency revealed that the "threat actor" behind the massive breach of U.S. networks through compromised SolarWinds software also used password guessing and password spraying attacks, according to ZDNet. And they may still be breaching federal networks, reports GCN: "Specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML) tokens consistent with this adversary's behavior is present, yet where impacted SolarWinds instances have not been identified," according to updated guidance published Jan 6. "CISA is continuing to work to confirm initial access vectors and identify any changes to the tactics, techniques, and procedures (TTPs)." SAML tokens having a 24-hour validity period or not containing multi-factor authentication details where expected are examples of these red flags. As more about the SolarWinds Orion breach has surfaced, analysts and lawmakers have repeatedly commented on how difficult it will be to remove hackers from the government's networks because their access is probably no longer predicated on flaws in SolarWinds Orion, an IT management software. CISA's new guidance appears to confirm that suspicion, stating Microsoft, which is helping the federal government investigate the hack, reported the hackers are tampering with the trust protocols in Azure/Microsoft 365. "Microsoft reported that the actor has added new federation trusts to existing on premises infrastructure," according to the agency's guidance. "Where this technique is used, it is possible that authentication can occur outside of an organization's known infrastructure and may not be visible to the legitimate system owner." In cases where administrative level credentials were compromised, organizations should conduct a "full reconstruction of identity and trust services," CISA said. Microsoft published a query to help identify this type of activity.

Read more of this story at Slashdot.

Today MSN published an article listing "Every social media platform Donald Trump is banned from using (so far)." Some excerpts: - Trump was suspended from Snapchat amid the riots on January 6, a spokesperson confirmed to The Hill... - On January 7, Twitch, the Amazon-owned video live-streaming platform made popular by gamers, disabled Trump's account indefinitely... - Though Trump does not have a Pinterest account, the image-sharing app has reportedly been limiting pro-Trump related topics since around November. For example, if you search "StoptheSteal," you will see the following message: "Pins about this topic often violate our community guidelines, so we're currently unable to show search results...." - Oh, how the tables have turned. Remember when Trump tried to ban TikTok? Well, even though Trump does not have an account of his own, the video platform still found a way to limit his reach. On January 7, TikTok confirmed it would be removing videos of Trump's speeches believed to have incited violence at the Capitol. Furthermore, it is redirecting hashtags used by rioters like #stormthecapitol and #patriotparty to its community guidelines. However, the company has not specified that it would ban Trump should he try to join the platform.

Read more of this story at Slashdot.

"Apple has suspended Parler until the makers of the app solve its content moderation challenges," reports Forbes, citing a statement from Apple saying "there is no place on our platform for threats of violence and illegal activity. Parler has not taken adequate measures to address the proliferation of these threats..." Meanwhile, BuzzFeed News reports: Amazon notified Parler that it would be cutting off the social network favored by conservatives and extremists from its cloud hosting service Amazon Web Services, according to an email obtained by BuzzFeed News. The suspension, which will go into effect on Sunday just before midnight, means that Parler will be unable to operate and will go offline unless it can find another hosting service... In an email obtained by BuzzFeed News, an AWS Trust and Safety team told Parler Chief Policy Officer Amy Peikoff that the calls for violence propagating across the social network violated its terms of service. Amazon said it was unconvinced that the service's plan to use volunteers to moderate calls for violence and hate speech would be effective. "Recently, we've seen a steady increase in this violent content on your website, all of which violates our terms," the email reads. "It's clear that Parler does not have an effective process to comply with the AWS terms of service." Earlier in the day, Bloomberg supplied some context: A group representing some Amazon.com Inc. employees has called for the company's cloud unit to cut ties with Parler after reports that the social media network was used by those who planned Wednesday's riot at the U.S. Capitol... It's unclear how many employees the group represents. Participation in rallies, social media statements and open letters has ranged from dozens of workers to thousands at events held before the Covid-19 pandemic. Amazon last year fired two of the group's leaders for what it said was violation of company policy. The employees say they were terminated for their activism.

Read more of this story at Slashdot.

Thelasko quotes gHacks: Linux Mint 20.1 is now available. The first stable release of Linux Mint in 2021 is available in the three flavors Cinnamon, MATE and Xfce. The new version of the Linux distribution is based on Ubuntu 20.04 LTS and Linux kernel 5.4... - Linux Mint 20.1 comes with a unified file system that sees certain directories being merged with their counterparts in /usr, e.g. /bin merged with /usr/bin, /lib merged with /usr/lib for compatibility purposes... - The developers have added an option to turn websites into desktop applications in the new version [using the new Web App manager]... Web apps behave like desktop programs for the most part; they start in their own window and use a custom icon, and you find them in the Alt-Tab interface when you use it. Web apps can be pinned and they are found in the application menu after they have been created.

Read more of this story at Slashdot.

Bleeping Computer reports: NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software. The vulnerabilities expose Windows and Linux machines to attacks leading to denial of service, escalation of privileges, data tampering, or information disclosure. All these security bugs require local user access, which means that potential attackers will first have to gain access to vulnerable devices using an additional attack vector. Following successful exploitation of one of the vulnerabilities patched today, attackers can easily escalate privileges to gain permissions above the default ones granted by the OS.

Read more of this story at Slashdot.

The author of the book Online Afterlives describes the unusual projects of people like Eugenia Kuyda, co-founder of Luka, an AI-powered chat simulator that books restaurant reservations and makes recommendations. Kuyda worked with computer scientists to convert several thousand text messages between deceased tech entrepreneur Roman Mazurenko and his friends and relatives into a chatbot simulation: "How are you there?" asks a friend. "I'm OK. A little down. I hope you aren't doing anything interesting without me," Roman responds. His friend replies that they all miss him. Another acquaintance asks him if God and the soul exist. Having probably indicated his atheism in chats while he was alive, he says no. "Only sadness." Not content with Luka, Eugenia also designed a chatbot called Replika. A cross between a diary and a personal assistant, Replika asks users a series of questions, eventually learning to mimic their personalities. The goal is to get closer to creating a digital avatar that would be able to reproduce us and replace us once we're dead, but also one that is able to create "friendships" with humans. Since the second half of 2017, over two million people have downloaded Replika onto their mobile devices... Luka and Replika are not the only inventions designed to give a voice to the digital ghosts of the deceased. A few years ago, James Vlahos, an American journalist who has been an AI enthusiast since childhood, created what he calls a "Dadbot." It all started on April 24, 2016, when his father John was diagnosed with lung cancer. Upon learning of his father's illness, James began recording all of their conversations with the idea of writing a commemorative book after his father's death. After 12 sessions, each an hour and a half, he found himself with 91,970 words. The printed transcripts filled around 203 pages... He decided to use the recordings of his father to create something other than a commemorative book. He remembered writing an article that discussed PullString (previously known as ToyTalk), a program designed to create conversations with fictional characters... James used PullString to reorganize the MP3 recordings of his father. He also used it to create his Dadbot, software that works on his smartphone and simulates a written conversation with John, based on the processing of almost 100,000 recorded words... The tone of the conversations reflects the personality of the deceased: "Where are you now?" asks James. "As a bot I suppose I exist somewhere on a computer server in San Francisco. "And also, I suppose, in the minds of people who chat with me."

Read more of this story at Slashdot.

On Thursday Axios tried to assess QAnon's role in the mob that stormed America's Capitol building: Adherents of the QAnon conspiracy theory, who imagine a vast deep-state cabal of pedophiles arrayed against Trump, have for years insisted that a moment of reckoning for their enemies is imminent. QAnon believers have largely accepted that Trump is waiting for the right time to bring a hammer down on his enemies (or already has, in secret). But time is running out. Because Congress was slated to officially certify Biden's victory on Jan. 6, the day became the focal point of a new conspiracy theory — that Trump would, on that date, reveal mountains of evidence of electoral fraud, somehow invalidate Biden's win, and secure a second term. The catch: That evidence does not exist. Instead, Trump Wednesday addressed the followers who came to Washington by reeling off a familiar list of grievances... Determined to play their part in the foreordained events of Jan. 6, the mob descended on the Capitol... The bottom line: The pro-Trump internet willed into being a siege on the Capitol that successfully delayed the certification of Biden's victory. But Tuesday, KrebsOnSecurity was already arguing that QAnon's infrastructure might have a legal vulnerability (according to this article shared by Slashdot reader aaltmann): In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by a U.S.-based publicly traded company, which experts say could be exposed to civil and criminal liabilities as a result of DDoS-Guard's business with Hamas... A review of the several thousand websites hosted by DDoS-Guard is revelatory, as it includes a vast number of phishing sites and domains tied to cybercrime services or forums online. Replying to requests for comment from a CBSNews reporter following up on my Oct. 2020 story, DDoS-Guard issued a statement saying, "We observe network neutrality and are convinced that any activity not prohibited by law in our country has the right to exist." But experts say DDoS-Guard's business arrangement with a Denver-based publicly traded data center firm could create legal headaches for the latter thanks to the Russian company's support of Hamas... Hamas has long been named by the U.S. Treasury and State departments as a Specially Designated Global Terrorist (SDGT) organization. Under such a designation, any U.S. person or organization that provides money, goods or services to an SDGT entity could face civil and/or criminal prosecution and hefty fines ranging from $250,000 to $1 million per violation. Sean Buckley, a former Justice Department prosecutor with the law firm Kobre & Kim... said companies can incur fines and prosecution for violating SDGT sanctions even when they don't know that they are doing so.

Read more of this story at Slashdot.

What's the world's richest man up to? Digital Trends reports: Tech CEO Elon Musk has urged his almost 42 million Twitter followers to use secure messaging app Signal instead of Facebook products. In a series of tweets, Musk shared a meme referencing Facebook's role in the spread of misinformation leading to the attack on Congress this week and suggested people should use the Signal app. The tweets seem to have been prompted by a recent change to Facebook's privacy policy. As reported by The Hacker News, the new updates allow more sharing of data between Facebook and its partner company WhatsApp, including the sharing of phone numbers, interactions on the platform, information about mobile devices used to access the service, and IP addresses. If WhatsApp users do not agree to the data sharing, their accounts are disabled. Musk has been vocally critical of Facebook in the past, saying that he chose to delete Facebook accounts for SpaceX and Tesla in the wake of the Cambridge Analytica scandal in 2018. He has also had spats with Facebook CEO Mark Zuckerberg personally, the two of them having sniped at each other over Twitter and other social media platforms several times in the past.

Read more of this story at Slashdot.

Slashdot reader the_newsbeagle shares an article from IEEE Spectrum: Many associate XPrize with a $10-million award offered in 1996 to motivate a breakthrough in private space flight. But the organization has since held other competitions related to exploration, ecology, and education. And in November, they launched the Pandemic Response Challenge, which will culminate in a $500,000 award to be split between two teams that not only best predict the continuing global spread of COVID-19, but also prescribe policies to curtail it... For Phase 1, teams had to submit prediction models by 22 December... Up to 50 teams will make it to Phase 2, where they must submit a prescription model... The top two teams will split half a million dollars. The competition may not end there. Amir Banifatemi, XPrize's chief innovation and growth officer, says a third phase might test models on vaccine deployment prescriptions. And beyond the contest, some cities or countries might put some of the Phase 2 or 3 models into practice, if Banifatemi can find adventurous takers. The organizers expect a wide variety of solutions. Banifatemi says the field includes teams from AI strongholds such as Stanford, Microsoft, MIT, Oxford, and Quebec's Mila, but one team consists of three women in Tunisia. In all, 104 teams from 28 countries have registered. "We're hoping that this competition can be a springboard for developing solutions for other really big problems as well," Miikkulainen says. Those problems include pandemics, global warming, and challenges in business, education, and healthcare. In this scenario, "humans are still in charge," he emphasizes. "They still decide what they want, and AI gives them the best alternatives from which the decision-makers choose." But Miikkulainen hopes that data science can help humanity find its way. "Maybe in the future, it's considered irresponsible not to use AI for making these policies," he says. For the Covid-19 competition, Banifatemi emphasized that one goal was "to make the resulting insights available freely to everyone, in an open-source manner — especially for all those communities that may not have access to data and epidemiology divisions, statisticians, or data scientists."

Read more of this story at Slashdot.

Mashable reports: We're all judged by the company we keep. With that adage seemingly in mind, Discord moved Friday to ban a pro-Donald Trump server from its platform. TheDonald, as the server was titled, allowed likeminded individuals to digitally gather and was directly linked to the recently banned r/DonaldTrump subreddit and a separate discussion forum... "While there is no evidence of that server being used to organize the Jan 6 riots, Discord decided to ban the server called TheDonald yesterday due to its overt connection to an online forum used to incite violence, plan an armed insurrection in the United States, and spread harmful misinformation related to 2020 U.S. election fraud," a Discord spokesperson confirmed over email. Mashable even notes one comment they'd spotted about shooting politicians. And the forum's reaction to Discord's ban included "calling Discord 'pedos' and saying 'these CEOs need to be dragged out into the street.'"

Read more of this story at Slashdot.

"As COVID-19 relentlessly infects more and more of us, scientists are getting a close look at the strange and frightening damage it can inflict on our bodies," writes Science Alert (in an article shared by long-time Slashdot reader AmiMoJo): We've known since early in the pandemic this disease wreaks havoc on more than just the respiratory system, also causing gastrointestinal conditions, heart damage and blood clotting disorders. Now, a year into the pandemic, in-depth autopsies of COVID-19 patients have revealed greater details of widespread inflammation and damage in brain tissues. This may help explain the deluge of neurological symptoms that have manifested in some patients, from headaches, memory loss, dizziness, weakness and hallucinations to more severe seizures and strokes. Some estimate that up to 50 percent of those hospitalised with COVID-19 could have neurological symptoms that can leave people struggling to do even common daily tasks like preparing a meal. "We were completely surprised. Originally, we expected to see damage that is caused by a lack of oxygen," said physician and clinical director at National Institute of Health (NIH), Avindra Nath. "Instead, we saw multifocal areas of damage that is usually associated with strokes and neuroinflammatory diseases...." Their report was published in the New England Journal of Medicine. The article also remembers a September remark by a University of Liverpool neurologist to Nature magazine back in September who had also suggested possible neurological symptoms from COVID-19. "We've seen this group of younger people without conventional risk factors who are having strokes, and patients having acute changes in mental status that are not otherwise explained."

Read more of this story at Slashdot.

Writing in the Atlantic, programmer/economics commentator Steve Randy Waldman explains "Why I changed my mind" about the Communication Decency Act's Section 230: In the United States, you are free to speak, but you are not free of responsibility for what you say. If your speech is defamatory, you can be sued. If you are a publisher, you can be sued for the speech you pass along. But online services such as Facebook and Twitter can pass along almost anything, with almost no legal accountability, thanks to a law known as Section 230. President Donald Trump has been pressuring Congress to repeal the law, which he blames for allowing Twitter to put warning labels on his tweets. But the real problem with Section 230, which I used to strongly support, is the kind of internet it has enabled. The law lets large sites benefit from network effects (I'm on Facebook because my friends are on Facebook) while shifting the costs of scale, like shoddy moderation and homogenized communities, to users and society at large. That's a bad deal. Congress should revise Section 230 — just not for the reasons the president and his supporters have identified. When the law was enacted in 1996, the possibility that monopolies could emerge on the internet seemed ludicrous. But the facts have changed, and now so must our minds... By creating the conditions under which we are all herded into the same virtual space, Section 230 helped turn the internet into a conformity machine. We regulate one another's speech through shame or abuse, but we have nowhere to go where our own expression might be more tolerable. And while Section 230 immunizes providers from legal liability, it turns those providers into agents of such concentrated influence that they are objects of constant political concern. When the Facebook founder Mark Zuckerberg and the Twitter founder Jack Dorsey are routinely (and justifiably!) browbeaten before Congress, it's hard to claim that Section 230 has insulated the public sphere from government interference... If made liable for posts flagged as defamatory or unlawful, mass-market platforms including Facebook and Twitter would likely switch to a policy of taking down those posts automatically.... Vigorous argument and provocative content would migrate to sites where people take responsibility for their own speech, or to forums whose operators devote attention and judgment to the conversations they host. The result would be a higher-quality, less consolidated, and ultimately freer public square.

Read more of this story at Slashdot.

A Sriwijaya Air flight with 62 aboard is missing after losing contact with Indonesia's aviation authorities shortly after takeoff from Jakarta. From a report: Flight SJ182, a 26-year-old Boeing 737-500, was scheduled to depart from the nation's capital to Pontianak on the island of Borneo at 1:40 p.m. local time, according to FlightRadar24 data. It had 56 passengers on board, along with two pilots and four cabin crew, MetroTV reported. Indonesian authorities said they have sent a search vessel from Jakarta to plane's last known location in the Java Sea. First responders were also deployed to the site to aid potential survivors, local TV reported. Sriwijaya Air said it's working to obtain more detailed information about the flight, and will release an official statement later. Updated at 14:53 GMT: The plane crashed, the Indonesian authorities said moments ago.

Read more of this story at Slashdot.

"Both local police and the FBI are seeking information about individuals who were 'actively instigating violence' in Washington, DC, on January 6," writes Ars Technica. Then they speculate on which tools will be used to find them: While media organizations took thousands of photos police can use, they also have more advanced technologies at their disposal to identify participants, following what several other agencies have done in recent months... In November, The Washington Post reported that investigators from 14 local and federal agencies in the DC area have used a powerful facial recognition system more than 12,000 times since 2019. Neither would an agency need actual photos or footage to track down any mob participant who was carrying a mobile phone. Law enforcement agencies have also developed a habit in recent years of using so-called geofence warrants to compel companies such as Google to provide lists of all mobile devices that appeared within a certain geographic area during a given time frame... With all of that said, however, the DC Metropolitan Police and the FBI will probably need to look no further than a cursory Google search to identify many of the leaders of Wednesday's insurrection, as many of them took to social media both before and after the event to brag about it in detail. In short: you don't need fancy facial recognition tools to identify people who livestream their crimes. Friday the Washington Post also cited "the countless hours of video — much of it taken by the rioters themselves and uploaded to social media" as a useful input for facial recognition software. But in addition, they note that "The Capitol, more than most buildings, has a vast cellular and wireless data infrastructure of its own to make communications efficient in a building made largely of stone and that extends deep underground and has pockets of shielded areas. Such infrastructure, such as individual cell towers, can turn any connected phone into its own tracking device. "Phone records make determining the owners of these devices trivially easy..."

Read more of this story at Slashdot.

The Weather Channel reports: One main reason humans need to get a flu vaccine annually: flu strains mutate regularly so vaccines need to be slightly altered every year. During past flu seasons, the CDC has noted a vaccine effectiveness range between 40-60%, and a reduced the risk of flu-related illness by 40-60% within the overall population. There are, however, several "universal" flu vaccines currently being studied that aim to make annual flu vaccinations a thing of the past. In fact, according to the American Society for Microbiology, some of these vaccine candidates are in phase 2 and phase 3 trials right now. Now UPI reports: Researchers believe they are one step closer to a "universal" flu vaccine, even as concerns over the seasonal virus move to the back burner during the COVID-19 pandemic. T cells found in the lungs may hold the key to long-lasting immunity against influenza A, the more common and often more severe form of the virus, according to the researchers behind a study published Friday by Science Immunology. These cells, which the researchers call resident helper T cells, help the body initiate antiviral responses against new influenza strains even after experience with only one type of the virus, the researchers said. This type of "generalized" immune response, against all virus strains, is not possible with the currently available yearly vaccine formulations, they said.

Read more of this story at Slashdot.

A Sriwijaya Air flight with 62 aboard is missing after losing contact with Indonesia's aviation authorities shortly after takeoff from Jakarta. From a report: Flight SJ182, a 26-year-old Boeing 737-500, was scheduled to depart from the nation's capital to Pontianak on the island of Borneo at 1:40 p.m. local time, according to FlightRadar24 data. It had 56 passengers on board, along with two pilots and four cabin crew, MetroTV reported. Indonesian authorities said they have sent a search vessel from Jakarta to plane's last known location in the Java Sea. First responders were also deployed to the site to aid potential survivors, local TV reported. Sriwijaya Air said it's working to obtain more detailed information about the flight, and will release an official statement later. Updated at 14:53 GMT: The plane crashed, the Indonesian authorities said moments ago.

Read more of this story at Slashdot.