Ars Technica - Technology Lab

Ousted COO sues Pinterest, alleges rampant gender discrimination

Wed, 12 Aug 2020 19:51:50 GMT

Enlarge / A Pinterest logo seen displayed on a smartphone. (credit: Mateusz Slodkowski | SOPA Images | LightRocket | Getty Images)

The former chief operating officer of Pinterest is suing her ex-employer, claiming that the platform's woman-friendly public face is not matched internally and instead "reflects a pattern of discrimination and exclusion."

Pinterest hired Francoise Brougher as chief operating officer in March 2018, then fired her in April of this year. In a lawsuit (PDF) Tuesday in California, Brougher claims that her dismissal was unrelated to her performance and was instead in retaliation for complaining about sexism.

Brougher learned in 2019, while reviewing filings that Pinterest was required to make as part of its IPO, that she had been deliberately misled about executive compensation. She was, therefore, being paid less well than other C-suite executives, the suit alleges. After she brought the discrepancy to the attention of Chief Executive Officer Ben Silbermann, she began being squeezed out of executive and board meetings, Brougher alleged, which prevented her from being able to do her job.

Read 10 remaining paragraphs | Comments

Mozilla cuts 250 jobs, says Firefox development will be affected

Wed, 12 Aug 2020 17:32:59 GMT

Enlarge (credit: Getty Images | Anadolu Agency)

Mozilla Corporation is laying off 250 people, about a quarter of its workforce, explaining that the COVID-19 pandemic has significantly lowered revenue. Mozilla previously had about 1,000 employees.

The Firefox maker's CEO, Mitchell Baker, announced the job cuts yesterday, writing that "economic conditions resulting from the global pandemic have significantly impacted our revenue. As a result, our pre-COVID plan was no longer workable."

In a memo sent to employees, Baker said the 250 job cuts include "closing our current operations in Taipei, Taiwan." The layoffs will reduce Mozilla's workforce in the United States, Canada, Europe, Australia, and New Zealand. Another 60 people will be reassigned to different teams.

Read 10 remaining paragraphs | Comments

0days, a failed patch, and a backdoor threat. Update Tuesday highlights

Wed, 12 Aug 2020 11:55:34 GMT

Enlarge

Microsoft on Tuesday patched 120 vulnerabilities, two that are notable because they’re under active attack and a third because it fixes a previous patch for a security flaw that allowed attackers to gain a backdoor that persisted even after a machine was updated.

Zero-day vulnerabilities get their name because an affected developer has zero days to release a patch before the security flaw is under attack. Zero-day exploits can be among the most effective because they usually go undetected by antivirus, intrusion prevention systems, and other security protections. These types of attacks usually indicate a threat actor of above-average means because of the work and skill required to identify the unknown vulnerability and develop a reliable exploit. Adding to the difficulty: the exploits must bypass defenses developers have spent considerable resources implementing.

A hacker's dream: Bypassing code-signing checks

The first zero-day is present in all supported versions of Windows, including Windows 10 and Server 2019, which security professionals consider two of the world’s most secure operating systems. CVE-2020-1464 is what Microsoft is calling a Windows Authenticode Signature Spoofing Vulnerability. Hackers who exploit it can sneak their malware onto targeted systems by bypassing a malware defense that uses digital signatures to certify that software is trustworthy.

Read 16 remaining paragraphs | Comments

Charter tries to convince FCC that broadband customers want data caps

Tue, 11 Aug 2020 18:55:02 GMT

Enlarge (credit: Aurich Lawson / Getty Images)

Charter Communications has claimed to the Federal Communications Commission that broadband users enjoy having Internet plans with data caps, in a filing arguing that Charter should be allowed to impose caps on its Spectrum Internet service starting next year.

Charter isn't currently allowed to impose data caps because of conditions the FCC placed on its 2016 purchase of Time Warner Cable. The data-cap condition is scheduled to expire on May 18, 2023, but Charter in June petitioned the FCC to let the condition expire two years early, in May 2021.

With consumer-advocacy groups and Internet users opposing the petition, Charter filed a response with the FCC last week, saying that plans with data caps are "popular."

Read 14 remaining paragraphs | Comments

Why movie theaters are in trouble after DOJ nixes 70-year-old case

Tue, 11 Aug 2020 10:30:01 GMT

Enlarge / The House of Mouse is the shadow lurking in the future of movie theaters. (credit: Aurich Lawson / Getty Images)

If you went to the movies in 2019, you probably saw a Disney movie. Seven of the top 10 highest-grossing films released in the United States last year were distributed by the House of Mouse, and hundreds of millions of people went to see them on thousands of screens. Some weeks it felt like the entire film industry was Disney: Captain Marvel and the rest of the Avengers (Endgame) competed for your attention for a while, as Aladdin, The Lion King, and Toy Story 4 kept up a steady drumbeat of animation until Elsa dropped back onto hapless households in Frozen II. In amongst that morass, though, there were still other movies shown, many of them popular with audiences and critics alike.

But now, the rule that prevented a studio from buying up a major theater chain is gone—opening up the possibility that your local cinema could go whole hog and become a true Disneyplex before you know it.

On Friday, a federal judge agreed to the Department of Justice's petition to vacate the Paramount Consent Decrees, a landmark 1948 ruling that forbade vertical integration in the film sector and ended the Hollywood studio system. In isolation, the decision could raise some concerns. In a world where theaters are decimated thanks to a pandemic and consolidation among media firms is already rampant, the future for independent theaters looks grim.

Read 39 remaining paragraphs | Comments

AT&T to lay off 600 at HBO and Warner Bros. after revenue decline

Mon, 10 Aug 2020 17:50:21 GMT

Enlarge / An AT&T sign and logo on Main Street during the Sundance Film Festival on January 23, 2020 in Park City, Utah. (credit: Getty Images | Mat Hayward)

AT&T's WarnerMedia division is planning to lay off hundreds of employees in AT&T's latest cost-cutting move. "Warner Bros. is expected to commence layoffs of around 650 people starting Monday, according to people familiar with the matter, while HBO is seen shedding between 150 and 175 staffers. A WarnerMedia spokesman declined to comment," Variety reported yesterday.

The numbers quoted in Variety may be a bit too high. A source with knowledge of the AT&T layoffs told Ars that the real number is about 600 jobs across all of WarnerMedia, which includes Warner Bros., HBO, and Turner.

The layoffs come days after WarnerMedia CEO Jason Kilar announced a shakeup including the departure of three executives and an increased focus on AT&T's new HBO Max streaming service. Kilar detailed the changes in an internal memo published by CNBC on Friday.

Read 9 remaining paragraphs | Comments

Chinese hackers have pillaged Taiwan’s semiconductor industry

Sun, 09 Aug 2020 10:56:27 GMT

Enlarge (credit: Getty Images)

Taiwan has faced existential conflict with China for its entire existence and has been targeted by China's state-sponsored hackers for years. But an investigation by one Taiwanese security firm has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry.

At the Black Hat security conference today, researchers from the Taiwanese cybersecurity firm CyCraft plan to present new details of a hacking campaign that compromised at least seven Taiwanese chip firms over the past two years. The series of deep intrusions—called Operation Skeleton Key due to the attackers' use of a "skeleton key injector" technique—appeared aimed at stealing as much intellectual property as possible, including source code, software development kits, and chip designs. And while CyCraft has previously given this group of hackers the name Chimera, the company's new findings include evidence that ties them to mainland China and loosely links them to the notorious Chinese state-sponsored hacker group Winnti, also sometimes known as Barium, or Axiom.

Read 13 remaining paragraphs | Comments

Snapdragon chip flaws put >1 billion Android phones at risk of data theft

Sat, 08 Aug 2020 14:30:36 GMT

Enlarge (credit: Qualcomm)

A billion or more Android devices are vulnerable to hacks that can turn them into spying tools by exploiting more than 400 vulnerabilities in Qualcomm’s Snapdragon chip, researchers reported this week.

The vulnerabilities can be exploited when a target downloads a video or other content that’s rendered by the chip. Targets can also be attacked by installing malicious apps that require no permissions at all.

From there, attackers can monitor locations and listen to nearby audio in real time and exfiltrate photos and videos. Exploits also make it possible to render the phone completely unresponsive. Infections can be hidden from the operating system in a way that makes disinfecting difficult.

Read 7 remaining paragraphs | Comments

The quest to liberate $300,000 of bitcoin from an old ZIP file

Sat, 08 Aug 2020 11:40:08 GMT

Enlarge (credit: Getty Images)

In October, Michael Stay got a weird message on LinkedIn. A total stranger had lost access to his bitcoin private keys—and wanted Stay's help getting his $300,000 back.

It wasn't a total surprise that The Guy, as Stay calls him, had found the former Google security engineer. Nineteen years ago, Stay published a paper detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in.

In a talk at the Defcon security conference this week, Stay details the epic attempt that ensued.

Read 18 remaining paragraphs | Comments

Mass hijacking spree takes over subreddits to promote Donald Trump

Fri, 07 Aug 2020 19:05:10 GMT

Enlarge

Dozens of discussion groups on Reddit—including those dedicated to the National Football League, the San Francisco 49ers, and the Gorillaz—were hit in a Friday morning mass takeover spree that used the subreddits to spread messages promoting President Trump.

The hijacked accounts had tens of millions of combined members. The 148,000-member subreddit Supernatural, dedicated to the TV show by the same name, was emblazoned with pro-Trump images and slogans. Reddit personnel have since restored the moderator account to its rightful owner. The image above is how the subreddit appeared when the takeover was still active. The takeovers came five weeks after Reddit banned /r/The_Donald, a leading forum for fans of the president, and hundreds of other unrelated subreddits for violating recently rewritten content rules.

Reddit personnel published this post captioned, "Ongoing incident with compromised mod accounts." Reddit personnel then warned that moderator accounts were being compromised and used to vandalize subreddits. It asked moderators of affected subreddits to report them in responses. At the time this post when live, the list of reported subreddits included:

Read 7 remaining paragraphs | Comments

Trump declares TikTok, WeChat "national emergency,” preps bans

Fri, 07 Aug 2020 17:12:19 GMT

Enlarge / If the Trump administration has its way, these logos will be scarce inside the US in a few weeks. (credit: Ivan Abreu | Bloomberg | Getty Images)

The White House's campaign against the China-based developers of popular apps escalated dramatically in the last day, as President Donald Trump declared both TikTok and WeChat to be national emergencies and said the administration will ban or curtail their operations in September.

Trump late Thursday signed a pair of very similar executive orders "addressing the threat" allegedly posed by TikTok and WeChat.

"The spread in the United States of mobile applications developed and owned by companies in the People’s Republic of China (China) continues to threaten the national security, foreign policy, and economy of the United States," both orders read. "The United States must take aggressive action against the owners" of the apps "to protect our national security."

Read 20 remaining paragraphs | Comments

Lawn chairs and kitchen tables: Ergonomics in the involuntary work-from-home era

Fri, 07 Aug 2020 13:00:22 GMT

Enlarge / This is your skeleton. This is your skeleton working from home. Any questions? (credit: Aurich Lawson / Getty Images)

With offices shuttered around the world, many people are experiencing working from home for the first time—or experiencing it in much longer doses than they were used to. Many companies are planning to keep employees working remotely at least part of the time well into 2021. And some are considering making it permanent.

Countless people have had to improvise their work-at-home workspaces. But now that we're several months in, some of that improvisation may be wearing thin. And one of the things that often gets pushed to the back burner in all this improvisation is ergonomics. If you haven't worked from home regularly in the past, and you're now sitting at the kitchen table every day working from a corporate-issued laptop, you're probably feeling the physical strains of this never-going-to-be-normal reality.

As someone who has worked primarily from home for a quarter of a century, I've had a lot of time to figure out what does and does not work in a home office. The changes that have come with COVID-19—including having my wife and daughter in lockdown with me, both working from home themselves—have required some adjustments and some re-equipping. We needed our home workspaces to support the new world of work while maintaining comfort and a reasonable level of sanity mid-pandemic.

Read 21 remaining paragraphs | Comments

More than 20GB of Intel source code and proprietary data dumped online

Thu, 06 Aug 2020 23:59:45 GMT

Enlarge (credit: Tillie Kottman)

Intel is investigating the purported leak of more than 20 gigabytes of its proprietary data and source code that a security researcher said came from a data breach earlier this year.

The data—which at the time this post went live was publicly available on BitTorrent feeds—contains data Intel makes available to partners and customers under NDA, a company spokeswoman said. Speaking on background, she said Intel officials don’t believe the data came from a network breach. She also said the company is still trying to determine how current the material is and that, so far, there is no signs the data includes any customer or personal information.

“We are investigating this situation,” company officials said in a statement. “The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”

Read 14 remaining paragraphs | Comments

Insecure satellite Internet is threatening ship and plane safety

Wed, 05 Aug 2020 22:31:29 GMT

Enlarge (credit: Aurich Lawson / Getty Images)

More than a decade has passed since researchers demonstrated serious privacy and and security holes in satellite-based Internet services. The weaknesses allowed attackers to snoop on and sometimes tamper with data received by millions of users thousands of miles away. You might expect that in 2020—as satellite Internet has grown more popular—providers would have fixed those shortcomings, but you’d be wrong.

In a briefing delivered on Wednesday at the Black Hat security conference online, researcher and Oxford Ph.D. candidate James Pavur presented findings that show that satellite-based Internet is putting millions of people at risk, despite providers adopting new technologies that are supposed to be more advanced.

Over the course of several years, he has used his vantage point in mainland Europe to intercept the signals of 18 satellites beaming Internet data to people, ships, and planes in a 100 million-square-kilometer swath that stretches from the United States, Caribbean, China, and India. What he found is concerning. A small sampling of the things he observed include:

Read 20 remaining paragraphs | Comments

Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users

Tue, 04 Aug 2020 21:09:35 GMT

Enlarge (credit: Christine Wang / Flickr)

The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps.

“Location data can be extremely valuable and must be protected,” an advisory published on Tuesday stated. “It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.”

NSA officials acknowledged that geolocation functions are enabled by design and are essential to mobile communications. The officials also admit that the recommended safeguards are impractical for most users. Mapping, location tracking of lost or stolen phones, automatically connecting to Wi-Fi networks, and fitness trackers and apps are just a few of the things that require fine-grained locations to work at all.

Read 12 remaining paragraphs | Comments