United States

Extreme Winter Weather In the US Linked To a Warming Arctic (theverge.com) 219

A new study shows how global climate change can have ripple effects at the local level. According to the research, extreme winter weather is two to four times more likely in the eastern U.S. when the Arctic is unusually warm. The Verge reports: Researchers analyzed a variety of atmospheric data in the Arctic, as well as how severe winter weather was in 12 cities across the U.S. from 1950 to 2016. Since 1990, as the Arctic has been warming up and losing ice, extreme cold snaps and heavy snow in the winter have been two to four times more frequent in the eastern U.S. and the Midwest, while in the western U.S., their frequency has decreased, according to a study published today in Nature Communications. The study, however, only shows there might be a correlation -- not a direct causal link -- between the warming Arctic and severe winters in the U.S. And it doesn't show how exactly the two are connected, so it doesn't really add much to what scientists already knew, according to several experts.

Today's study focuses on the Arctic as the main culprit for the extreme winter weather. Previous research has suggested that the warming Arctic may disrupt the polar vortex, a ring of swirling cold air circling the North Pole. Think of the polar vortex as a river, says study co-author Judah Cohen, a climatologist and director of seasonal forecasting at Atmospheric and Environmental Research. The fast flow of this river locks up the cold air over the Arctic. But as the Arctic warms -- especially in some areas like the Barents-Kara seas north of Europe and Russia -- a boulder springs up in this river, disrupting the polar vortex and allowing the freezing Arctic air to flow south, Cohen says.


YouTube Will Add Information From Wikipedia To Videos About Conspiracies (theverge.com) 226

An anonymous reader quotes a report from The Verge: YouTube will add information from Wikipedia to videos about popular conspiracy theories to provide alternative viewpoints on controversial subjects, its CEO said today. YouTube CEO Susan Wojcicki said that these text boxes, which the company is calling "information cues," would begin appearing on conspiracy-related videos within the next couple of weeks. Wojcicki, who spoke Tuesday evening at a panel at the South by Southwest Interactive festival in Austin, showed examples of information cues for videos about the moon landing and chemtrails. "When there are videos that are focused around something that's a conspiracy -- and we're using a list of well-known internet conspiracies from Wikipedia -- then we will show a companion unit of information from Wikipedia showing that here is information about the event," Wojcicki said. The information cues that Wojcicki demonstrated appeared directly below the video as a short block of text, with a link to Wikipedia for more information. Wikipedia -- a crowdsourced encyclopedia written by volunteers -- is an imperfect source of information, one which most college students are still forbidden from citing in their papers. But it generally provides a more neutral, empirical approach to understanding conspiracies than the more sensationalist videos that appear on YouTube.

Mozilla Working On In-Page Popup Blocker For Firefox (androidpolice.com) 53

Firefox is working on a blocker for annoying in-page alerts that often ask you to input your email address to receive a newsletter from the site. "The feature is still in the planning stages, but Mozilla is asking users for any examples of sites with annoying pop-ups," reports Android Police. "Mozilla wants to make Firefox automatically detect and dismiss the popups." From the report: If you know of sites that use in-page popups (whether it be newsletter signups, surveys, or something else), you can fill out the survey here. There are also Firefox and Chrome extensions that make the process easier. I'll be interested to see how Mozilla pulls this off, it will no doubt be difficult to detect the difference between helpful and not-helpful popups.

Data Breach Victims Can Sue Yahoo in the United States, Federal Judge Rules (reuters.com) 13

Yahoo has been ordered by a federal judge to face much of a lawsuit in the United States claiming that the personal information of all 3 billion users was compromised in a series of data breaches. From a report: In a decision on Friday night, U.S. District Judge Lucy Koh in San Jose, California rejected a bid by Verizon Communications, which bought Yahoo's Internet business last June, to dismiss many claims, including for negligence and breach of contract. Koh dismissed some other claims. She had previously denied Yahoo's bid to dismiss some unfair competition claims.

[...] The plaintiffs amended their complaint after Yahoo last October revealed that the 2013 breach affected all 3 billion users, tripling its earlier estimate. Koh said the amended complaint highlighted the importance of security in the plaintiffs' decision to use Yahoo. 'Plaintiffs' allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System," Koh wrote. She also said the plaintiffs could try to show that liability limits in Yahoo's terms of service were "unconscionable," given the allegations that Yahoo knew its security was deficient but did little.


Dial P for Privacy: The Phone Booth Is Back (nytimes.com) 110

As mobile phone use exploded and the pay phone was increasingly linked to crime, the booth began to disappear. But things are appear to be changing. From a report: Now, the phone booth -- or at least a variation of it -- is making a modest comeback. When the women-only club and work space The Wing opened its first location in the Flatiron neighborhood of Manhattan in October of 2016, the interior featured marble tables, pink velvet couches, and one small, windowless, reflective glass-doored room dubbed the Phone Booth. One year later, when another location of The Wing opened in Soho, eight built-in, glass-doored call rooms were included in the design. [...]

Other companies that have recently purchased Zenbooths include Volkswagen, Lyft, Meetup and Capital One. The Berkeley, Calif., company was launched in 2016, and its products range from $3,995 (for a standard one-person booth) to $15,995 (for a two-person "executive" booth). The one-person booth is a soundproof, eco-friendly, American-made box that's about 36 inches wide and 34 inches deep, with an insulated glass door, a ventilation fan, power outlets and a skylight -- and it can be assembled in roughly an hour. (It does not, however, contain an actual phone.) Sam Johnson, a co-founder of the company, said it produced "hundreds" of Zenbooths a month in 2017. This year, it's on track to quadruple that production. But he doesn't call them phone booths. "We're manufacturing quiet spaces and privacy," he said.

Zenbooth is not the only free-standing office phone booth in the game. Companies like Cubicall, Nomad, and TalkBox, among others, are offering up solutions to the modern office's privacy problem.


New Traces of Hacking Team in the Wild (welivesecurity.com) 19

Previously unreported samples of Hacking Team's infamous surveillance tool -- the Remote Control System (RCS) -- are in the wild, and have been detected by ESET systems in fourteen countries. From a report: Our analysis of the samples reveals evidence suggesting that Hacking Team's developers themselves are actively continuing the development of this spyware. Since being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world. The capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device's webcam and microphone. The company has been criticized for selling these capabilities to authoritarian governments -- an allegation it has consistently denied. When the tables turned in July 2015, with Hacking Team itself suffering a damaging hack, the reported use of RCS by oppressive regimes was confirmed. With 400GB of internal data -- including the once-secret list of customers, internal communications, and spyware source code -- leaked online, Hacking Team was forced to request its customers to suspend all use of RCS, and was left facing an uncertain future.

Lawmakers Continue Fighting For Net Neutrality in the US Senate, Courts, and States (cnet.com) 57

Here's the latest developments in the ongoing fight over net neutrality rules:
  • CNET reports that Democrats in the Senate "have been pushing to use the Congressional Review Act to roll back the FCC's repeal of net neutrality rules. They've gotten the support of 50 senators for the measure, including one Republican, Susan Collins of Maine. Sen. John Kennedy from Louisiana , who's been undecided in his support of the CRA bill, was being courted by Democrats as the tie-breaking vote to pass the measure in the Senate...

    "On Wednesday, Kennedy introduced a piece of legislation that would ban companies like AT&T and Comcast from slowing down or blocking access to websites or internet services. But the bill wouldn't prevent these broadband and wireless companies from offering paid prioritization, which many critics fear could lead to so-called internet 'fast lanes.'"
  • The Associated Press reports that on Monday, Washington became the first state to set up its own net-neutrality requirements. But they add that governors in five states -- Hawaii, New Jersey, New York, Montana and Vermont -- "have signed executive orders related to net-neutrality issues, according to the National Conference of State Legislatures. Montana's order, for instance, bars telecommunications companies from receiving state contracts if they interfere with internet traffic or favor higher-paying sites or apps."


FCC Accuses Stealthy Startup of Launching Rogue Satellites 128

Back in January, the FCC pulled permission from Silicon Valley startup Swarm Technologies to launch four satellites into space after what it says was an "apparent unauthorized launch." IEEE Spectrum reports that the unauthorized launch consisted of four experimental satellites that the FCC had decided were too small to be noticed in space -- and hence pose an unacceptable risk of collision -- but which the company may have launched anyway, using a rocket based in India. The federal regulator has since issued a letter to Swarm revoking its authorization for a follow-up mission to launch four new, larger versions of its "SpaceBee" satellites. From the report: Swarm was founded in 2016 by one engineer who developed a spacecraft concept for Google and another who sold his previous company to Apple. The SpaceBees were built as technology demonstrators for a new space-based Internet of Things communications network. Swarm believes its network could enable satellite communications for orders of magnitude less cost than existing options. It envisages the worldwide tracking of ships and cars, new agricultural technologies, and low cost connectivity for humanitarian efforts anywhere in the world. The four SpaceBees would be the first practical demonstration of Swarm's prototype hardware and cutting-edge algorithms, swapping data with ground stations for up to eight years.
The FCC told the startup that the agency would assess "the impact of the applicant's apparent unauthorized launch and operation of four satellites... on its qualifications to be a Commission licensee." If Swarm cannot convince the FCC otherwise, the startup could lose permission to build its revolutionary network before the wider world even knows the company exists. An unauthorized launch would also call into question the ability of secondary satellite "ride-share" companies and foreign launch providers to comply with U.S. space regulations.

Cable Industry Finally Fights Cord Cutting With Fewer Ads (dslreports.com) 106

The cable industry is slowly realizing that more advertisements and higher prices aren't the solution to cord cutting. Karl Bode writes via DSLReports: AT&T and Dish have explored offering cheaper, more flexible streaming alternatives (DirecTV Now and Sling TV, respectively), both understanding that getting out ahead of the cord cutting trend is the right play, even if the net result is making less money from traditional television. And on the broadcasting front, several companies this month made it clear they'll be reducing the ad loads on their programming, since charging users a subscription fee and socking them with endless ads is becoming a dated concept in the cord cutting era. Fox, for example, told the Wall Street Journal this week that the company would be reducing TV ad time in its content to two minutes an hour by 2020. Comcast NBC Universal says it's also following suit, having cut advertising time in its own shows by 10%, and reduced the overall number of advertising during commercial breaks by 20%. Given there's 83 million households still subscribing to traditional cable TV, many cable executives are under the false impression they can keep doubling down on bad ideas without the check coming due. But the data indicates this head in the sand approach simply isn't sustainable. Pay TV providers saw a reduction of more than 500,000 traditional pay TV customers during the fourth quarter, a decline of 3.4% total pay TV customers from the year before. That 3.4% decline was up from the 2% rate during in the fourth quarter of 2016 and a 1% rate of decline one year before that.

YouTube Is Full of Easy-To-Find Neo-Nazi Propaganda (vice.com) 378

An anonymous reader quotes an exclusive report from Motherboard: Through a software-aided investigation, Motherboard has found that while YouTube has managed to clamp down on Islamic extremists uploading propaganda, the video giant is still awash with videos supporting violent and established neo-Nazi organizations, even when, in some cases, users have reported the offending videos. Clips of neo-Nazi propaganda operations, hate-filled speeches, and extremists pushing for direct action have remained on the site for weeks, months, or years at a time. Arguably, many if not all of these videos may fall under YouTube's own policy on hate speech, which "refers to content that promotes violence against or has the primary purpose of inciting hatred against individuals or groups based on certain attributes," including race or ethnic origin, religion, and sexual orientation, according to the policy.

Motherboard built a tool to monitor YouTube and make a record of when the platform removed certain videos, and limited the clips to propaganda for established neo-Nazi and far-right terrorist organizations like Atomwaffen, rather than people in the so-called "alt-right." Most of the videos were discovered through simple YouTube searches of relevant organizations' names, or sometimes through the "recommended videos" sidebar after Motherboard had built up a browsing history of neo-Nazi material. For the sake of comparison, over a week-long period Motherboard also tracked pro-ISIS videos uploaded by the group's supporters and then distributed through a network of Telegram channels. Typically, YouTube removed these Islamic extremism videos in a matter of hours, including those that did not contain images of violence, but were instead speeches or other not directly violent content. But YouTube is playing catch up with neo-Nazi material. YouTube removed only two videos that Motherboard was monitoring: two identical clips of a speech from UK terrorist organization National Action.


132-Year-Old Science Experiment Washes Ashore In Australia (npr.org) 55

An anonymous reader quotes a report from The New York Times (Warning: source may be paywalled; alternative source): A message in a bottle was tossed off the side of a German ship on June 12, 1886, as it sailed through the Indian Ocean, the date and location penned carefully in script on the scroll inside. In January, more than 131 years after the bottle was set adrift, an Australian woman walking on the beach noticed the thick, discolored glass of an old bottle poking through the sand. The bottle -- and the message -- had been found. It is believed to be the oldest known message in a bottle ever recovered. The woman, Tonya Illman, discovered the tokens from another era while walking on a beach near Wedge Island, in Western Australia.

The Illmans took their discovery to the Western Australian Museum, which verified that the bottle and the note date back to the 19th century. The museum contacted experts in the Netherlands and Germany for more information, and confirmed that the bottle had been dropped from a German vessel called the Paula. A search of German archives uncovered the Paula's original Meteorological Journal, and in a captain's entry from June 12, 1886, researchers discovered a reference to the bottle, thrown overboard as the ship was sailing from Cardiff, Wales, to Makassar, Indonesia. The date and the coordinates matched. The bottle had been tossed into the Indian Ocean from the ship as part of a decades-long experiment by the German Naval Observatory to understand ocean currents. Thousands of bottles were thrown into the ocean around the world from German ships between the 1860s and the 1930s, each with a form bearing the date and location where it had been tossed into the sea, the name of the ship, its home port and the travel route, the Western Australian Museum said.


Comcast's Protected Browsing Is Blocking PayPal, Steam and TorrentFreak, Customers Say (vice.com) 82

Comcast's Xfinity internet customers have been reporting multiple websites, including PayPal, Steam, and TorrentFreak have been getting blocked by the ISP's "protected browsing" setting. From a report: The "protected browsing" setting is designed to "reduce the risk of accessing known sources of malware, spyware, and phishing for all devices connected to your home network." This, in general, isn't a bad thing. It's similar to Google Chrome's security settings that warn you when you have an insecure connection. But it's odd that Xfinity's security setting would be blocking perfectly harmless sites like PayPal. Multiple consumers have been reporting on Comcast's forums and elsewhere that they've been blocked while trying to access sites that many people use every day. After posting about it on the forums, one user who said they couldn't access PayPal said the problem with that particular site had been fixed. Further reading: Comcast's Protected Browsing Blocks TorrentFreak as "Suspicious" Site (TorrentFreak).

Oculus Rift Headsets Are Offline Following a Software Error (polygon.com) 111

Polygon reports that Oculus Rift virtual reality headsets around the world are experiencing an outage. The outage appears to be a result of an expired security certificate. "That certificate has expired," said the Oculus support team on its forums, "and we're looking at a few different ways to resolve the issue. We'll update you with the latest info as available. We recommend you wait until we provide an official fix. Thanks for your patience." Polygon reports: One place where users experiencing the issue are gathering is on the Oculus forums. Last night user apexmaster booted up his computer, tried to open the Oculus app and was greeted by an error indicating that the software could not reach the "Oculus Runtime Service." That same error is cropping up on computers all around the world, including several devices here at Polygon. Once it has appeared, there's no way to restart the Oculus app, which renders the Rift headset unusable.

BlackBerry Files Patent Infringement Lawsuit Against Facebook, WhatsApp and Instagram (reuters.com) 87

BlackBerry on Tuesday filed patent infringement lawsuit against Facebook, Whatsapp and Instagram in Los Angeles Federal court. In a statement, BlackBerry said: We have a lot of respect for Facebook and the value they've placed on messaging capabilities, some of which were invented by BlackBerry. As a cybersecurity and embedded software leader, BlackBerry's view is that Facebook, Instagram, and WhatsApp could make great partners in our drive toward a securely connected future, and we continue to hold this door open to them. However, we have a strong claim that Facebook has infringed on our intellectual property, and after several years of dialogue, we also have an obligation to our shareholders to pursue appropriate legal remedies.

Six Tech Companies Filing Net Neutrality Lawsuit (thehill.com) 31

An anonymous reader quotes a report from The Hill: Six technology companies, including Kickstarter, Foursquare and Etsy, have launched a lawsuit against the Federal Communications Commission (FCC) in an effort to preserve net neutrality rules. The companies, which also include Shutterstock, Expa and Automattic, on Monday filed their petition with the U.S. Court of Appeals for the District of Columbia Circuit. The companies join Vimeo and Mozilla, as well as several state attorneys general who have also filed lawsuits against the FCC in support of the net neutrality rules. Like the other lawsuits, their new case hinges on the Administrative Procedure Act, which they argue prevents the FCC from "arbitrary and capricious" redactions to already existing policy. "Already, over 30,000 Etsy sellers participated in the FCC's public comment process, and tens of thousands more reached out to Congress in support of net neutrality. Now we're bringing their stories and experiences to the courts," said Althea Erickson, head of advocacy and impact at Etsy.

Tencent's WeChat Hits 1 Billion Milestone as Lunar New Year Boosts Monthly Active Users (scmp.com) 25

WeChat hit the milestone of one billion monthly active users during the Lunar New Year in February, a "remarkable number" according to Tencent Holdings chief executive Pony Ma Huateng who disclosed the figure at a Two Sessions media briefing in Beijing on Monday. From a report: The user numbers are up from 980 million in the third quarter of 2017, as reported in Tencent's third quarter results. More than 688 million WeChat users sent or received digital versions of hongbao, the traditional Chinese red packet containing cash and given as a gift during the new year holiday season, pushing the monthly active users of WeChat hongbao to 800 million, Ma revealed on Saturday, as reported by Chinese tech media 36Kr.

New LTE Attacks Can Snoop On Messages, Track Locations, and Spoof Emergency Alerts (zdnet.com) 28

An anonymous reader quotes a report from ZDNet: A slew of newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts. Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. Those flaws can allow authentication relay attacks that can allow an adversary to connect to a 4G LTE network by impersonating an existing user -- such as a phone number. Although authentication relay attacks aren't new, this latest research shows that they can be used to intercept message, track a user's location, and stop a phone from connecting to the network. By using common software-defined radio devices and open source 4G LTE protocol software, anyone can build the tool to carry out attacks for as little as $1,300 to $3,900, making the cost low enough for most adversaries. The researchers aren't releasing the proof-of-concept code until the flaws are fixed, however.

23,000 HTTPS Certs Axed After CEO Emails Private Keys (arstechnica.com) 72

An anonymous reader quotes Ars Technica: A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates. The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec...

In communications earlier this month, Trustico notified DigiCert that 50,000 Symantec-issued certificates Trustico had resold should be mass revoked because of security concerns. When Jeremy Rowley, an executive vice president at DigiCert, asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security... In a statement, Trustico officials said the keys were recovered from "cold storage," a term that typically refers to offline storage systems. "Trustico allows customers to generate a Certificate Signing Request and Private Key during the ordering process," the statement read. "These Private Keys are stored in cold storage, for the purpose of revocation."

"There's no indication the email was encrypted," reports Ars Technica, and the next day DigiCert sent emails to Trustico's 23,000+ customers warning that their certificates were being revoked, according to Bleeping Computer.

In a related development, Thursday Trustico's web site went offline, "shortly after a website security expert disclosed a critical vulnerability on Twitter that appeared to make it possible for outsiders to run malicious code on Trustico servers."
The Internet

US House Passes Bill To Penalize Websites For Sex Trafficking (trust.org) 190

An anonymous reader quotes a report from Thomson Reuters Foundation News: The U.S. House of Representatives on Tuesday overwhelmingly passed legislation to make it easier to penalize operators of websites that facilitate online sex trafficking, chipping away at a bedrock legal shield for the technology industry. The bill's passage marks one of the most concrete actions in recent years from the U.S. Congress to tighten regulation of internet firms, which have drawn heavy scrutiny from lawmakers in both parties over the past year due to an array of concerns regarding the size and influence of their platforms. The House passed the measure 388-25. It still needs to pass the U.S. Senate, where similar legislation has already gained substantial support, and then be signed by President Donald Trump before it can become law.

Several major internet companies, including Alphabet Inc's Google and Facebook Inc, had been reluctant to support any congressional effort to dent what is known as Section 230 of the Communications Decency Act, a decades-old law that protects them from liability for the activities of their users. But facing political pressure, the internet industry slowly warmed to a proposal that gained traction in the Senate last year, and eventually endorsed it after it gained sizable bipartisan support. The legislation is a result of years of law-enforcement lobbying for a crackdown on the online classified site backpage.com, which is used for sex advertising. It would make it easier for states and sex-trafficking victims to sue social media networks, advertisers and others that fail to keep exploitative material off their platforms.


Nokia, Vodafone To Bring 4G To the Moon (reuters.com) 80

According to Reuters, the moon will get its first mobile phone network next year, enabling high-definition streaming from the landscape back to earth. "Vodafone Germany, network equipment maker Nokia and carmaker Audi said on Tuesday they were working together to support the mission, 50 years after the first NASA astronauts walked on the moon." From the report: Vodafone said it had appointed Nokia as its technology partner to develop a space-grade network which would be a small piece of hardware weighing less than a bag of sugar. The companies are working with Berlin-based company PTScientists on the project, with a launch scheduled in 2019 from Cape Canaveral on a SpaceX Falcon 9 rocket, Vodafone said. One executive involved said the decision to build a 4G network rather than a state-of-the-art 5G network was taken because the next generation networks remain in the testing and trial stage and are not stable enough to ensure they would work from the lunar surface.

Slashdot Top Deals