Slashdot

TikTok routes the personal data of job applicants through servers in China, and only discloses this to candidates in certain countries, Business Insider has discovered. From a report: US job candidates, notably, are not told their data will be routed through China. Some of the personal information TikTok says it collects about applicants is potentially highly sensitive, with the firm's own policies stating that it collects medical data; sex and race data; marital status; geolocation data, among many other categories. The revelation is an embarrassment for TikTok, which has spent much of 2020 maintaining that it is separate to its Chinese owner ByteDance, and fending off unproven insinuations by President Trump that it funnels user data to China. After being approached by Business Insider, TikTok said it would no longer store job applicant data in China.

Read more of this story at Slashdot.

samleecole shares a report from Motherbard: Forty victims of sex trafficking operation Girls Do Porn have filed a lawsuit against Mindgeek, Pornhub's parent company, for a litany of accusations, including knowingly benefiting from Girls Do Porn videos on Pornhub and failing to moderate the images circulating rampantly on its network of tube sites. >In total, the lawsuit is demanding more than $40 million in damages -- at least $1 million per plaintiff -- as well as the money Mindgeek earned from hosting and promoting their videos and legal fees. "As a proximate result of MindGeek's knowing financial benefit and participation in GirlsDoPorn's sex trafficking venture, Plaintiffs have suffered damages, including, but not limited to, severe emotional distress, significant trauma, attempted suicide, and social and familial ostracization," the complaint states. Filed with the United States District Court for the Southern District of California on December 15 by attorneys Brian Holm and John O'Brien, the 43-page complaint details the suffering of these alleged victims of Girls Do Porn, and claims that each of the 40 plaintiffs became suicidal because of the harassment they endured when their videos spread non-consensually across the internet, including across Mindgeek's network of porn sites. Girls Do Porn was a sex trafficking operation that forced and coerced dozens of women as young as 18 into sex on camera, and lied to them about where and how the videos would be distributed. The women were told by everyone involved, from cast and crew to the owner, that the videos would not appear online. After filming, their videos were uploaded to Girls Do Porn's own site, as well as Pornhub, where the Girls Do Porn monetized its videos as a Pornhub "content partner." Pornhub also promoted Girls Do Porn as a content partner even after women in Girls Do Porn videos came forward about abuse and sued it. Last week, following a report from The New York Times about allegations of child sexual abuse imagery on the site, Pornhub changed its police to only allow verified uploads and downloads. Soon after, Mastercard and Visa stopped processing payments for Pornhub.

Read more of this story at Slashdot.

SolarWinds has removed a list of high-profile clients from its website in the wake of a massive breach, "suggesting the company may be trying to obscure its clients in an effort to protect them from bad publicity," reports The Verge. From the report: The list of vulnerable companies is much smaller than SolarWinds' overall client list, so simply appearing on the list doesn't mean a company has been affected. SolarWinds claims that only 33,000 companies use the Orion product, compared to its total client base of 330,000. Out of that 33,000, the company estimates that fewer than 18,000 were directly impacted by a malicious update, and the list of directly targeted companies is likely even smaller. Still, there is much about the attack that remains unknown, and it is possible that additional compromises have yet to be discovered. SolarWinds' overall client list includes a broad range of sensitive organizations. Before its removal, the page boasted a broad range of clients, including more than 425 of the companies listed on the Fortune 500 as well as the top 10 telecom operators in the United States. In an article on Monday, The New York Times cited a number of organizations as vulnerable that are not cited on the public client page, including Boeing and Los Alamos National Laboratory. Other organizations have been cagey about their own exposure, even within the federal government. Several news outlets have reported that the breach affected the Department of Homeland Security, but the department has not made any official statement regarding its exposure.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: While it doesn't appear to be completely down like it was yesterday morning, we're hearing many reports from Gmail users that the email service is having major issues right now. Some users are reporting that Gmail is particularly slow, while others are reporting constant error messages. One TechCrunch writer, meanwhile, noticed that emails he was sending to Gmail accounts appeared to immediately bounce, with Gmail's server responding with an error reading "550-5.1.1 The email account that you tried to reach does not exist." Google confirms the issues on its services dashboard, writing at 1:30 PM Pacific that they're impacting a "significant" number of users: "We're aware of a problem with Gmail affecting a significant subset of users. The affected users are able to access Gmail, but are seeing error messages, high latency, and/or other unexpected behavior." In a second update at 2:30 PM, Google says its teams are "continuing to investigate this issue"; as of 3:30 PM, the company says it expects the issues to be fixed by 4:00 PM while noting that time may change. Google says the problems have been resolved, although encrypted email service ProtonMail tweets that the email bouncing issue is widespread, with many emails sent to Gmail users bouncing permanently.

Read more of this story at Slashdot.

Intel became the latest tech company to report diversity statistics Tuesday, sharing a mixed bag of annual numbers that included small gains in some areas, relatively flat numbers of Black employees and a decline in female representation in the U.S. Axios reports: Women made up a bit more than a quarter of Intel's employee headcount, seeing a tiny drop in the U.S. compared to last year and a similarly minuscule increase over the same period for Intel's total global workforce. The percentage of underrepresented minorities in the U.S. workforce ticked up by a fraction of a percentage point, coming in at just over 16%. African American representation was flat at 4.9%. "It may be slower than we would like but at least the conversation is on the table," Intel's interim chief diversity and inclusion officer Dawn Jones told Axios. Intel's inability to significantly boost the diversity of its workforce is far from unique in the industry. Intel wants to set up an industry-wide effort that would work to help standardize ways of measuring different diversity statistics from one company to another.

Read more of this story at Slashdot.

Twitter has announced that it'll be shutting down Periscope as a service, with the company set to discontinue the Periscope applications by March 2021. The Verge reports: Twitter will, however, continue to offer live video streaming through its integrated Twitter Live feature within the main Twitter app. "The Periscope app is in an unsustainable maintenance-mode state, and has been for a while," the company explained in a blog post. "Over the past couple of years, we've seen declining usage and know that the cost to support the app will only continue to go up over time." While Periscope won't be fully shut down until March, the company is already blocking any new account signups starting in the latest update to the apps, which is rolling out today. Users will have the chance to download an archive of both their Periscope videos and their data before the app is shuttered next year. Additionally, the Periscope website will remain active to serve as a "read-only archive of public broadcasts." Periscope will also be "relaxing our requirements" for users to apply to become "Super Broadcasters," the company's term for select users who are given the opportunity to cash out tips given to them by followers. Broadcasters will have until April 30th, 2021, to finish cashing out their tips.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Conversation: When wildfires swept through the hills near Santa Cruz, California, in 2020, they released toxic chemicals into the water supplies of at least two communities. One sample found benzene, a carcinogen, at 40 times the state's drinking water standard. Our testing has now confirmed a source of these chemicals, and it's clear that wildfires aren't the only blazes that put drinking water systems at risk. In a new study, we heated plastic water pipes commonly used in buildings and water systems to test how they would respond to nearby fires. The results, released Dec. 14, show how easily wildfires could trigger widespread drinking water contamination. They also show the risks when only part of a building catches fire and the rest remains in use. In some of our tests, heat exposure caused more than 100 chemicals to leach from the damaged plastics. To determine if plastic pipes could be responsible for drinking water contamination after wildfires, we exposed commonly available plastic pipes to heat. The temperatures were similar to the heat from a wildfire that radiates toward buildings but isn't enough to cause the pipes to catch fire. We tested several popular plastic drinking water pipes, including high-density polyethylene (HDPE), crosslinked polyethylene (PEX), polyvinyl chloride (PVC) and chlorinated polyvinylchloride (CPVC). Benzene and other chemicals were generated inside the plastic pipes just by heating. After the plastics cooled, these chemicals then leached into the water. It happened at temperatures as low as 392 degrees Fahrenheit. Fires can exceed 1,400 degrees. While researchers previously discovered that plastics could release benzene and other chemicals into the air during heating, this new study shows heat-damaged plastics can directly leach dozens of toxic chemicals into water. What can be done about the contamination? The report says a community can stop water contamination if they can quickly isolate the damaged pipes. Rinsing heat-damaged pipes can also work, but some plastic pipes require more than 100 days of nonstop water rinsing to be safe to use. If that's the case, the pipes may need to be replaced instead. "Water companies can install network isolation valves and backflow prevention devices, to prevent contaminated water moving from a damaged building into the utility pipe network," the report adds. "Insurance companies can use pricing to encourage property owners and cities to install fire-resistant metal pipes instead of plastic. Rules for keeping vegetation away from meter boxes and buildings can also lessen the chance heat reaches plastic water system components."

Read more of this story at Slashdot.

Rival French and Russian disinformation campaigns have sought to deceive and influence Internet users in the Central African Republic ahead of an election later this month, Facebook said on Tuesday. Reuters reports: Facebook said it was the first time it had seen foreign influence operations directly engage on its platforms, with fake accounts denouncing each other as "fake news." The company said it had suspended three networks totaling almost 500 accounts and pages for so-called "coordinated inauthentic behavior." One network was linked to "individuals associated with French military," it said, while the other two had connections to "individuals associated with past activity by the Russian Internet Research Agency" as well as Russian businessman Evgeny Prigozhin. France and Russia are both keen to assert influence in Africa. Paris has ties with many French-speaking African countries, which it sees as vital to preventing the spread of violent Islamisation, and Moscow is jockeying for position in a lucrative market. Facebook said the two campaigns largely focused on the Central African Republic (CAR), which votes on Dec. 27, but also targeted users in 13 other African countries including Algeria, Cameroon, Libya and Sudan. Ben Nimmo, head of investigations at social media analytics firm Graphika, said both campaigns used fake accounts to pose as local people, sometimes sharing doctored photos. [...] But neither side built a significant audience in CAR, he added. "They looked like two troll teams arm wrestling, with nobody else really paying attention."

Read more of this story at Slashdot.

Starting in 2021, Walmart will use fully autonomous box trucks to make deliveries in Arkansas without any safety drivers in the vehicles. The Verge reports: The big-box retailer has been working with a startup called Gatik on a delivery pilot for 18 months. Gatik, which is based in Palo Alto and Toronto, outfitted several multitemperature box trucks with sensors and software to enable autonomous driving. Since last year, those trucks have been operating on a two-mile route between a "dark store" (a store that stocks items for fulfillment but isn't open to the public) and a nearby Neighborhood Market in Bentonville, Arkansas. Since then, the vehicles have racked up 70,000 miles in autonomous mode with a safety driver. Next year, the companies intend to start incorporating fully autonomous trucks into those deliveries. And they plan on expanding to a second location in Louisiana, where trucks with safety drivers will begin delivering items from a "live" Walmart Supercenter to a designated pickup location where customers can retrieve their orders. Those routes, which will begin next year, will be longer than the Arkansas operation -- 20-miles between New Orleans and Metairie, Louisiana.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: A Republican US senator from West Virginia has asked the government to block broadband funding earmarked for Frontier Communications, saying that the ISP is not capable of delivering gigabit-speed Internet service to all required locations. Sen. Shelley Moore Capito (R-W.Va.) outlined her concerns in a letter to Federal Communications Commission Chairman Ajit Pai last week. Capito told Pai that Frontier has mismanaged previous government funding and seems to lack both the technological capabilities and financial ability to deliver on its new obligations. Frontier, which filed for bankruptcy in April, is one of 180 ISPs that won funding in the FCC's Rural Digital Opportunity Fund (RDOF) reverse-auction results announced last week. Frontier is due to receive $370.9 million over 10 years to bring broadband to 127,188 homes and businesses in eight states. Frontier's biggest payout is in West Virginia, where it is due to receive $247.6 million over 10 years to expand its broadband network to 79,391 locations. Frontier won over two-thirds of the funding that the FCC allocated to West Virginia despite failing to hit FCC deadlines for a previous round of subsidized broadband deployment in West Virginia and other states. Under the previous funding allocated in 2015 via the FCC's Connect America Fund, Frontier was originally required to meet the build deadlines by the end of 2020. Frontier told Ars today that it will now meet that deadline "by the end of 2021." Capito urged Pai to block Frontier's new funding by rejecting the ISP's long-form application, which must be completed by winning bidders in order to receive the allocated money. "The stakes are simply too high to provide nearly $250 million to a company that does not have the capability to deliver on the commitments made to the FCC," she wrote. Under FCC rules, winning bidders must deploy broadband to 40 percent of required locations in each state within three calendar years, to 60 percent within four years, 80 percent within five years, and 100 percent within six years. Because Frontier won funding in the gigabit tier, it is required to offer download speeds of 1Gbps and upload speeds of 500Mbps along with monthly usage allowances of at least 2TB.

Read more of this story at Slashdot.

An anonymous reader quotes a report from ZDNet: Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar with the matter. The domain in question is avsvmcloud[.]com, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company's Orion app. SolarWinds Orion updates versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, contained a strain of malware named SUNBURST (also known as Solorigate). Once installed on a computer, the malware would sit dormant for 12 to 14 days and then ping a subdomain of avsvmcloud[.]com. According to analysis from security firm FireEye, the C&C domain would reply with a DNS response that contained a CNAME field with information on another domain from where the SUNBURST malware would obtain further instructions and additional payloads to execute on an infected company's network. Earlier today, a coalition of tech companies seized and sinkholed avsvmcloud[.]com, transferring the domain into Microsoft's possession. Sources familiar with today's actions described the takedown as "protective work" done to prevent the threat actor behind the SolarWinds hack from delivering new orders to infected computers.

Read more of this story at Slashdot.

Microsoft is rolling out an update today that brings native support for Apple's M1 chip to the Windows productivity suite. "The apps getting the updates are Word, Excel, Outlook, PowerPoint, and OneNote," reports The Verge. "Notably absent, however, is Teams." From the report: The updates are making the apps universal ones -- meaning these versions will run on both Intel and Apple Silicon Macs, so any upcoming updates or features will be coming at the same time for both platforms. [...] Office users who have automatic updates turned on should have the new versions sometime today, and anyone else can update it through the Mac App Store or Microsoft's AutoUpdate software (depending on if you downloaded Office through the App Store or directly from Microsoft). Outlook users will get not only native Apple Silicon support, but support for iCloud accounts as well, allowing them to sync their email, contacts, and calendars to the app if they use Apple's service to store them. Teams isn't included in today's rollout of updates, but Microsoft says they're working on it. No timeline is available, though.

Read more of this story at Slashdot.

Academics from an Israeli university have published new research today detailing a technique to convert a RAM card into an impromptu wireless emitter and transmit sensitive data from inside a non-networked air-gapped computer that has no Wi-Fi card. From a report: Named AIR-FI, the technique is the work of Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev, in Israel. Over the last half-decade, Guri has led tens of research projects that investigated stealing data through unconventional methods from air-gapped systems. [...] At the core of the AIR-FI technique is the fact that any electronic component generates electromagnetic waves as electric current passes through. Since Wi-Fi signals are radio waves and radio is basically electromagnetic waves, Guri argues that malicious code planted on an air-gapped system by attackers could manipulate the electrical current inside the RAM card in order to generate electromagnetic waves with the frequency consistent with the normal Wi-Fi signal spectrum (2,400 GHz). In his research paper, titled "AIR-FI: Generating Covert WiFi Signals from Air-Gapped Computers," Guri shows that perfectly timed read-write operations to a computer's RAM card can make the card's memory bus emit electromagnetic waves consistent with a weak Wi-Fi signal. This signal can then be picked up by anything with a Wi-Fi antenna in the proximity of an air-gapped system, such as smartphones, laptops, IoT devices, smartwatches, and more. Guri says he tested the technique with different air-gapped computer rigs where the Wi-Fi card was removed and was able to leak data at speeds of up to 100 b/s to devices up to several meters away.

Read more of this story at Slashdot.

When large companies like Netflix or Amazon want to test the resilience of their systems, they use chaos engineering tools designed to help them simulate worst-case scenarios and find potential issues before they even happen. Today at AWS re:Invent, Amazon CTO Werner Vogels introduced the company's Chaos Engineering as a Service offering called AWS Fault Injection Simulator. From a report: The name may lack a certain marketing panache, but Vogels said that the service is designed to help bring this capability to all companies. "We believe that chaos engineering is for everyone, not just shops running at Amazon or Netflix scale. And that's why today I'm excited to pre-announce a new service built to simplify the process of running chaos experiments in the cloud," Vogels said. As he explained, the goal of chaos engineering is to understand how your application responds to issues by injecting failures into your application, usually running these experiments against production systems. AWS Fault Injection Simulator offers a fully managed service to run these experiments on applications running on AWS hardware.

Read more of this story at Slashdot.

An anonymous reader shares a report: On an earnings call two months ago, SolarWinds Chief Executive Kevin Thompson touted how far the company had gone during his 11 years at the helm. There was not a database or an IT deployment model out there to which his Austin, Texas-based company did not provide some level of monitoring or management, he told analysts on the Oct. 27 call. "We don't think anyone else in the market is really even close in terms of the breadth of coverage we have," he said. "We manage everyone's network gear." Now that dominance has become a liability -- an example of how the workhorse software that helps glue organizations together can turn toxic when it is subverted by sophisticated hackers. On Monday, SolarWinds confirmed that Orion -- its flagship network management software -- had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers. [...] Cybersecurity experts across government and private industry are still struggling to understand the scope of the damage, which some are already calling one of the most consequential breaches in recent memory. [...] Experts are reviewing their notes to find old examples of substandard security at the company. Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds' update server by using the password "solarwinds123" "This could have been done by any attacker, easily," Kumar said. Others -- including Kyle Hanslovan, the cofounder of Maryland-based cybersecurity company Huntress -- noticed that, even days after SolarWinds realized their software had been compromised, the malicious updates were still available for download.

Read more of this story at Slashdot.

High-frequency traders are using an experimental type of cable to speed up their systems by billionths of a second, the latest move in a technological arms race to execute stock trades as quickly as possible. From a report: The cable, called hollow-core fiber, is a next-generation version of the fiber-optic cable used to deliver broadband internet to homes and businesses. Made of glass, such cables carry data encoded as beams of light. But instead of being solid, hollow-core fiber is empty inside, with dozens of parallel, air-filled channels narrower than a human hair. Because light travels nearly 50% faster through air than glass, it takes about one-third less time to send data through hollow-core fiber than through the same length of standard fiber. The difference is often just a minuscule fraction of a second. But in high-frequency trading, that can make the difference between profits and losses. HFT firms use sophisticated algorithms and ultrafast data networks to execute rapid-fire trades in stocks, options and futures. Many are secretive about their trading strategies and technology. Hollow-core fiber is the latest in a series of advances that fast traders have used to try to outrace their competition. A decade ago, a company called Spread Networks spent about $300 million to lay fiber-optic cable in a straight line from Chicago to New York, so traders could send data back and forth along the route in just 13 milliseconds, or thousandths of a second. Within a few years the link was superseded by microwave networks that reduced transmission times along the route to less than nine milliseconds. HFT firms have also used lasers to zip data between the data centers of the New York Stock Exchange and Nasdaq, and they have embedded their algorithms in superfast computer chips. Now, faced with the limits of physics and technology, traders are left fighting over nanoseconds. "The time increments of these improvements have gotten markedly smaller," said Michael Persico, chief executive of Anova Financial Networks, a technology provider that runs communications networks used by HFT firms. High-frequency trading is controversial, with critics saying that some ultrafast strategies amount to an invisible tax on investors. Industry representatives say such criticism is unfounded.

Read more of this story at Slashdot.

The U.S. Food and Drug Administration on Tuesday authorized the first coronavirus test that people will be able to buy at a local store without a prescription and use for immediate results at home to find out if they're positive or negative. From a report: The test will cost about $30 and be available by January, according to the Australian company that makes it, Ellume. The FDA had previously authorized other tests that let people avoid long lines by collecting a sample themselves at home. But those tests require people to send the sample to a lab and wait for the results. Another recently authorized test doesn't have to be sent off to a lab, but it requires a prescription to get it. The new test is the first that people will be able to buy without a prescription at a local store and do entirely at home on their own. It takes about five minutes to collect the sample and produces results within 15 minutes. "Today's authorization is a major milestone in diagnostic testing for COVID-19," FDA Commissioner Stephen Hahn said in a statement announcing the authorization.

Read more of this story at Slashdot.

Facebook will shift all its users in the United Kingdom into user agreements with the corporate headquarters in California, moving them out of their current relationship with Facebook's Irish unit and out of reach of Europe's privacy laws. From a report: The change takes effect next year and follows a similar move announced in February by Google here. Those companies and others have European head offices in Dublin, and the UK's exit from the EU will change its legal relationship with Ireland, which remains in the Union. Initially, sources briefed on the matter told Reuters about the move. Facebook later confirmed it. "Like other companies, Facebook has had to make changes to respond to Brexit and will be transferring legal responsibilities and obligations for UK users from Facebook Ireland to Facebook. There will be no change to the privacy controls or the services Facebook offers to people in the UK," the company's UK arm said.

Read more of this story at Slashdot.

IT software provider SolarWinds downplayed a recent security breach in documents filed with the US Securities and Exchange Commission on Monday. From a report: SolarWinds disclosed on Sunday that a nation-state hacker group breached its network and inserted malware in updates for Orion, a software application for IT inventory management and monitoring. Orion app versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, were tainted with malware, SolarWinds said in a security advisory. The trojanized Orion update allowed attackers to deploy additional and highly stealthy malware on the networks of SolarWinds customers. But while initial news reports on Sunday suggested that all of SolarWinds' customers were impacted, in SEC documents filed today, SolarWinds said that of its 300,000 total customers, only 33,000 were using Orion, a software platform for IT inventory management and monitoring, and that fewer than 18,000 are believed to have installed the malware-laced update. The company said it notified all its 33,000 Orion customers on Sunday, even if they didn't install the trojanized Orion update, with information about the hack and mitigation steps they could take.

Read more of this story at Slashdot.

The Food and Drug Administration has approved genetically engineered pigs for use in food and medical products. The pigs, developed by medical company Revivicor, could be used in the production of drugs, to provide organs and tissues for transplants, and to produce meat that's safe to eat for people with meat allergies. From a report: "Today's first-ever approval of an animal biotechnology product for both food and as a potential source for biomedical use represents a tremendous milestone for scientific innovation," said FDA Commissioner Stephen M. Hahn in a press release. The pigs are called GalSafe pigs because they lack a molecule called alpha-gal sugar, which can trigger allergic reactions. Alpha-gal sugar is found in many mammals, but not usually in humans. Alpha-gal syndrome (AGS), which causes a serious meat allergy, can happen after a bite from a lone star or deer tick. Though it hasn't been tested specifically for people with AGS yet, the FDA has determined GalSafe pork products are safe for the general population to eat. In addition to their potential for safer consumption, there are several potential medical uses for GalSafe pigs. They could be used to make drugs like heparin, a common blood-thinner derived from animal tissue, safer for people with AGS.

Read more of this story at Slashdot.