Fox Business News reports:

- "Federal prosecutors are investigating whether Boeing provided incomplete or misleading information about its best-selling 737 Max aircraft to U.S. air safety regulators and customers, according to a report from The Wall Street Journal."

- That investigation began five months ago -- after the first crash that killed 189 people, but before the second one.

Nine days after that November 7 crash, America's Federal Aviation Administration had issued an international emergency order "warning that Boeing had discovered an 'unsafe condition' that is 'likely to exist or develop' in other planes," reports the Washington Post: The FAA directive said if erroneous data is received by the 737 Max jet's flight control system, the plane's nose could be pushed down repeatedly. Failing to address that "could cause the flight crew to have difficulty controlling the airplane," push the nose down and lead to "significant altitude loss, and possible impact with terrain," according to the notice. The notice told pilots that, if bad data causes problems to appear, they should "disengage autopilot" and use other controls and adjust other switches to fly the plane....

Investigators scouring black box data believe an automatic anti-stalling feature was engaged before a Boeing 737 Max jet crashed and killed 157 people in EthiÂoÂpia, an administration official said Friday. The feature, known as MCAS, also was a factor in the October crash in Indonesia, according to investigators. The investigators said inaccurate information from an outside sensor led MCAS to force the nose of the plane down over and over again.
That explanation is also supported by the positioning of equipment on the aircraft's tail "in a way that would push the plane's nose downward, consistent with the black box finding," reports the Washington Post.

Fox Business also reports that Boeing currently has over 4,600 "unfilled" orders for its 737 Max jets.

An anonymous reader quotes the Associated Press: Gov. Andrew Cuomo and fellow Democrats who control the Legislature have reached a deal to make New York the third state with a ban on single-use plastic grocery bags as they worked to finalize budget agreements, officials said Friday. The ban would prohibit grocery stores from providing plastic bags for most purchases, something California has been doing since a statewide ban was approved in 2016. Hawaii has an effective statewide ban, with all its counties imposing their own restrictions....

New York's ban wouldn't take effect until next March. The plan also calls for allowing local governments the option to impose a 5-cent fee on paper bags, with 3 cents going to the state's Environmental Protection Fund and 2 cents kept by local governments.
Meanwhile, Tennessee's state House and Senate have passed a different kind of bill -- one that bans local Tennessee governments from regulating plastic bags, according to local channel WMC.

One Memphis councilman had proposed allowing the use of plastic bags, but with a seven-cent tax to support clean water initiatives. "But that won't happen if the governor signs the bill to 'ban the bans.'"

An anonymous reader quotes a report from ZDNet: Court documents unsealed today revealed that Microsoft has been waging a secret battle against a group of Iranian government-sponsored hackers. The OS maker sued and won a restraining order that allowed it to take control of 99 web domains that had been previously owned and operated by a group of Iranian hackers known in cyber-security circles as APT35, Phosphorus, Charming Kitten, and the Ajax Security Team. The domains had been used as part of spear-phishing campaigns aimed at users in the US and across the world.

APT35 hackers had registered these domains to incorporate the names of well-known brands, such as Microsoft, Yahoo, and others. The domains were then used to collect login credentials for users the group had tricked into accessing their sites. The tactic is decades old but is still extremely successful at tricking users into unwittingly disclosing usernames and passwords, even today. Some of the domains Microsoft has confiscated include the likes of outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net. Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.

Google today officially launched AMP for Email, its effort to turn emails from static documents into dynamic, web page-like experiences. From a report: AMP for Email is coming to Gmail, but other major email providers like Yahoo Mail, Outlook and Mail.ru will also support AMP emails. It's been more than a year since Google first announced this initiative. Even by Google standards, that's a long incubation phase, though there's also plenty of backend work necessary to make this feature work.

The promise of AMP for Email is that it'll turn basic messages into a surface for actually getting things done. "Over the past decade, our web experiences have changed enormously -- evolving from static flat content to interactive apps -- yet email has largely stayed the same with static messages that eventually go out of date or are merely a springboard to accomplishing a more complex task," Gmail product manager Aakash Sahney writes. "If you want to take action, you usually have to click on a link, open a new tab, and visit another website." With AMP for Email, those messages become interactive. That means you'll be able to RSVP to an event right from the message, fill out a questionnaire, browse through a store's inventory or respond to a comment -- all without leaving your web-based email client.

Player Unknown's Battlegrounds is facing a "ferocious" backlash in India, Bloomberg reports: Nowhere has resistance to the game been quite like India. Multiple cities have banned PUBG, as it's known, and police in Western India arrested 10 university students for playing. The national child rights commission has recommended barring the game for its violent nature. One of India's largest Hindi newspapers declared PUBG an "epidemic" that turned children into "manorogi," or psychopaths. "There are dangerous consequences to this game," the Navbharat Times warned in a March 20 editorial. "Many children have lost their mental balance...."

What's different about India is the speed with which the country has landed in the strange digital world of no laws or morals. It skipped two decades of debate and adjustment, blowing into the modern gaming era in a matter of months. Rural communities that never had PCs or game consoles got smartphones in recent years -- and wireless service just became affordable for pretty much everyone after a price war last year. With half a billion internet users looking for entertainment, PUBG has set off a frenzy.
Over 250,000 students entered one recent PUBG competition, according to the article.

At least one local minister criticized the game as "the demon in every house."

Long-time Slashdot reader theodp writes: After seeing to it that UK Prime Minister David Cameron, US President Barack Obama, and Canadian Prime Minister Justin Trudeau all received (widely-publicized) coding lessons, Code.org CEO Hadi Partovi noted in late 2016 that he was "still working on Pope Francis." GeekWire reports that Partovi was able to cross that one off his bucket list Thursday, as he helped Pope Francis become 'the first Pope to write a line of code' at a 'Programming for Peace' event organized by the Pope's foundation, Scholas Occurrentes, in Vatican City (not ready for Twitch.TV video).

"In the 21st century, computer science is a fundamental subject that all students should learn," said Partovi, whose tech-bankrolled nonprofit has entered a partnership with Scholas to introduce children to computer science. "Schools should teach computer science to prepare students for the future, empower children with creativity and teach how to harness technology and creativity." The Pontiff's programming lesson comes a month after Partovi's next-door neighbor, Microsoft President and Code.org Board member Brad Smith, had a sit-down with the Pope to discuss the ethical use of AI and ways to bridge the digital divide between rich and poor nations.

Medium's technology publication ran a 3,600-word investigation into a mystery that began when a 66-year-old New York woman Googled directions to her neighborhood, "and found that the app had changed the name of her community..." It's just as well no one contacted Google, because Google wasn't the company that renamed the Fruit Belt to Medical Park. When residents investigated, they found the misnomer repeated on several major apps and websites including HERE, Bing, Uber, Zillow, Grubhub, TripAdvisor, and Redfin... Monica Stephens, a geographer at the University at Buffalo who studies digital maps and misinformation, immediately suspected the geographic clearinghouse Pitney Bowes. Founded in 1920 as a maker of postage meters -- the machines that stamp mail with proof it's been sent -- Pitney Bowes expanded into neighborhood data in 2016 when it bought the leading U.S. provider, Maponics. In its 15-year run, Maponics had supplied neighborhood data to companies from Airbnb to Twitter to the Houston Chronicle. And it had also just acquired a longtime competitor, Urban Mapping, which has previously supplied Facebook, Microsoft, MapQuest, Yahoo, and Apple. Though Pitney Bowes is far from a household name, the $3.4 billion data broker is "a huge company at this point," says Stephens, with enough influence to inadvertently rename a neighborhood across hundreds of sites...

In the early 2000s, Urban Mapping offered new college grads $15 to $25 per hour to comb local blogs, home listings, city plans, and brochures for possible neighborhood names and locations. Maponics, meanwhile, used nascent technologies such as computer vision and natural language processing to pull neighborhoods from images and blocks of text, one former executive with the company said... I visited the Buffalo Central Library to find the source of the error... Sure enough, one of the librarians located a single planning office map that used the "Medical Park" label. It was a 1999 report on poverty and housing conditions -- long since relegated to a dusty shelf stacked with old binders and file folders... Somehow, likely in the early 2000s, this map made its way into what is now the Pitney Bowes data set -- and from there, was hoovered into Google Maps and out onto the wider internet. Buffalo published another map in 2017, with the Fruit Belt clearly marked, and broadcast on the city's open data portal. For whatever reason, Pitney Bowes and its customers never picked that map up.
This is not the first time Google Maps has seemed to spontaneously rename a neighborhood. But for Fruit Belt the reporter's query eventually prompted corrections to the maps on Redfin, TripAdvisor, Zillow, Grubhub, and Google Maps. But the article argues that when it comes to how city names are represented online, "the process is too opaque to scrutinize in public. And that ambiguity foments a sense of powerlessness."

Pitney Bowes doesn't even have a method for submitting corrections. Yet, "In an emailed statement, a spokesperson for Google defended its use of third-party neighborhood sources. 'Overall, this provides a comprehensive and up-to-date map,' the spokesperson said, 'but when we're made aware of errors, we work quickly to fix them.'"

Tumblr's ban on pornography and adult content has led to an estimated fifth of its users deserting the platform. From a report: Tumblr's ban on pornography and adult content has led to a fifth of its users deserting the platform, figures reveal. The ban, which came into effect on 17 December, provoked a backlash from users who claimed it would penalise sex-positive, LGBT and NSFW art communities. Visits to the Tumblr website fell from 521 million in December to 437 million in January and 370 million in February, according to data from web analytics firm SimilarWeb. Tumblr's decision to update its content policy came after the discovery of child sexual abuse imagery on its blogs.

An anonymous reader quotes a report from The New York Times: Federal prosecutors are conducting a criminal investigation into data deals Facebook struck with some of the world's largest technology companies (Warning: source may be paywalled; alternative source), intensifying scrutiny of the social media giant's business practices as it seeks to rebound from a year of scandal and setbacks. A grand jury in New York has subpoenaed records from at least two prominent makers of smartphones and other devices, according to two people who were familiar with the requests and who insisted on anonymity to discuss confidential legal matters. Both companies had entered into partnerships with Facebook, gaining broad access to the personal information of hundreds of millions of its users. The companies were among more than 150, including Amazon, Apple, Microsoft and Sony, that had cut sharing deals with the world's dominant social media platform. The agreements, previously reported in The New York Times, let the companies see users' friends, contact information and other data, sometimes without consent. Facebook has phased out most of the partnerships over the past two years. "We are cooperating with investigators and take those probes seriously," a Facebook spokesman said in a statement. "We've provided public testimony, answered questions and pledged that we will continue to do so."

"With a $302 million international gross, Captain Marvel has earned $455 million overall to date, the largest ever global opening for a March release and the sixth highest of all-time," reports the Wrap. The superhero movie raked in $153 million just in America, reports Collider, "Suggesting that a sad, extremely vocal minority of idiots on the internet don't actually matter in the slightest."

They're referring to another Rotten Tomateos review-counting glitch Friday morning, as covered by the Hollywood Reporter: The Disney film had only been in theaters for hours on Friday when the female-driven superhero picture was torpedoed online via Rotten Tomatoes. As of 8 a.m., the film had more than 58,000 reviews. That is more than the total of audience score reviews for Avengers: Infinity War for its entire theatrical run.

Rotten Tomatoes explained in a statement to The Hollywood Reporter that a glitch was responsible for thousands of reviews showing up on the site when they shouldn't have. According to Rotten Tomatoes, it had included audience reviews given before the film was released, something which is no longer allowed.
Movieweb believes those pre-release reviews were generated by bots, suggesting a small handful of review-bombers who were attempting to amplify their impact. Yahoo Entertainment believes the attempted review-bombers were angry with the film's star "for, well, not giving a crap about what the trolls say. Perhaps that's the best superpower of all."

When asked about the attempt to review-bomb Captain Marvel, the film's star Brie Larson smilingly replied, "Oh... who cares?"

"Love what you love! Who cares what other people think?"

An anonymous reader quotes a report from ZDNet: Members of Amnesty International say that Egyptian authorities are behind a recent wave of spear-phishing attacks that have targeted prominent local human rights defenders, media, and civil society organizations' staff. The attacks used a relatively new spear-phishing technique called "OAuth phishing," Amnesty experts said. OAuth phishing is when attackers aim to steal a user account's OAuth token instead of the account password. When a user grants a third-party app the right to access their account, the app receives an OAuth token instead of the user's password. These tokens work as authorization until the user revokes their access. Amnesty investigators said that in the recent spear-phishing campaign that targeted Egyptian activists, authorities created Gmail third-party apps through which they gained access to victim's accounts. Victims would receive an email that looked like a legitimate Gmail security alert. But when they clicked the link, they'd be redirected to a page where a third-party app would request access to their account. Once the victim granted the app access to their Gmail account, the user would be redirected to the account's legitimate security settings page where they'd be left to change their password. Even if the victim changes their password, at this point, the phishers would still have access to the account via the newly acquired OAuth token. The Amnesty International report says the spear-phishing campaign also targeted Yahoo, Outlook and Hotmail users.

An anonymous reader quotes the San Francisco Chronicle: Tristan O'Tierney, a co-founder of San Francisco payments company Square, died Feb. 23 in Ocala, Fla., of causes related to addiction, his family said. He was 35...

His family is awaiting an official cause of death from officials. "I do know that it was in relation to his addiction," [his mother] Pamela Tierney said. "I know he got to the hospital, he couldn't breathe and they couldn't revive him." O'Tierney was in a three-month rehabilitation program in Ocala and had been battling addiction for three years, Tierney said. O'Tierney openly discussed his struggles with addiction on social media. "As some of you may know, I've been battling with addiction for these past few years," he wrote in September in a now-deleted Instagram post that he also shared on Twitter. "With some success. A lot of failure too though."
Bloomberg remembers him as a former engineer at Yahoo and Apple who was hired to develop Square's original mobile payment app in 2009, then stayed on until 2013.

"In addition to his parents, O'Tierney is survived by his three-old-year daughter, according to an obituary on the website for the funeral home."

An anonymous reader shares a report: In a congressional hearing on Tuesday, Representative Katie Porter (D-CA) asked whether Equifax CEO Mark Begor would be willing to share his address, birth date, and Social Security number publicly at the hearing. Begor declined, citing the risk of "identity theft," letting Porter criticize Equifax's legal response to the 2017 security breach that exposed almost 150 million people's data of that sort to an unknown intruder. The company had unsuccessfully asked a judge presiding over a class-action suit over the breach to dismiss it, saying the plaintiffs hadn't "sufficiently alleged injury and proximate causation" to bring suit, as Yahoo Finance reported late last month.

Vitaly Kamluk, an information security expert and a high-ranking executive of cybersecurity company Kaspersky Lab, went on Twitter with concerns about an embedded camera in Singapore Airlines' (SIA) inflight entertainment systems. He tagged SIA in his post on Sunday, asking the airline to clarify how the camera is being used. Yahoo News reports: SIA quickly allayed his fears of unwanted surveillance by assuring Kamluk that the cameras have been disabled, with no plans to use them in the future. Not all of their devices sport the camera, though -- SIA explained that only some of its newer inflight entertainment systems come with cameras embedded in the hardware. In another tweet, SIA affirmed that the cameras were already built in by the original equipment manufacturers in newer inflight entertainment systems. Kamluk recommended that it's best to disable the cameras physically -- with stickers, for example -- to provide better peace of mind. In 2017, entertainment device developer Panasonic Avionics said it was studying how eye tracking can be used for a better passenger experience. As the report mentions, "Cameras can be used for identity recognition on planes, which in turn, would allow for in-flight biometric payment (much like Face ID on Apple devices) and personalized services."

An anonymous reader writes: Microsoft's Edge browser contains a secret whitelist that lets Facebook run Adobe Flash code behind users' backs. The whitelist allows Facebook's Flash content to bypass Edge security features such as the click-to-play policy that normally prevents websites from running Flash code without user approval beforehand.

The whitelist isn't new. It existed in Edge before, and prior to February 2018, it included 58 entries, including domains and subdomains for Microsoft's main site, the MSN portal, music streaming service Deezer, Yahoo, and Chinese social network QQ. The list was narrowed down to only two Facebook domains (facebook.com and apps.facebook.com) after a Google security researcher found that the whitelist mechanism had some security issues. The bug report also contains the original version of the whitelist, with all the 58 domains.

Reader theodp writes: Thanks to software, Bill and Melinda Gates report in their 2019 Annual Letter, textbooks are becoming obsolete. Bill writes: "I read more than my share of textbooks. But it's a pretty limited way to learn something. Even the best text can't figure out which concepts you understand and which ones you need more help with. It certainly can't tell your teacher how well you grasped last night's assigned reading. But now, thanks to software, the standalone textbook is becoming a thing of the past" (if so, it'll be a 60-year overnight success!). The Gates are putting their money where their mouths are -- their education investments include look-Ma-no-textbooks Khan Academy and Code.org. Code.org, whose AP Computer Science Principles course for high schools "does not require or follow a textbook", boasted in its just-released Annual Report that 38% of all AP CS exam takers in 2018 came from "Code.org Computer Science Principles classrooms," adding that it had spent $24.2 million of its donors' money on curriculum and its Code Studio learning platform (30,300 hours of coursework), another $46.7 million to prepare 87,000 new K-12 CS teachers, $12.4 million on Marketing, and $6.9 million on Government Affairs. So, do we still need textbooks?

HashCat, an open-source password recovery tool, can now crack an eight-character Windows NTLM password hash in less than 2.5 hours. "Current password cracking benchmarks show that the minimum eight character password, no matter how complex, can be cracked in less than 2.5 hours" using a hardware rig that utilizes eight Nvidia GTX 2080Ti GPUs, explained a hacker who goes by the pseudonym Tinker on Twitter in a DM conversation with The Register. "The eight character password is dead." From the report: It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. According to Tinker, it's still used for storing Windows passwords locally or in the NTDS.dit file in Active Directory Domain Controllers. It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. Tinker estimates that buying the GPU power described would require about $10,000; others have claimed the necessary computer power to crack an eight-character NTLM password hash can be rented in Amazon's cloud for just $25.

NIST's latest guidelines say passwords should be at least eight characters long. Some online service providers don't even demand that much. When security researcher Troy Hunt examined the minimum password lengths at various websites last year, he found that while Google, Microsoft and Yahoo set the bar at eight, Facebook, LinkedIn and Twitter only required six. Tinker said the eight character password was used as a benchmark because it's what many organizations recommend as the minimum password length and many corporate IT policies reflect that guidance. So how long is long enough to sleep soundly until the next technical advance changes everything? Tinker recommends a random five-word passphrase, something along the lines of the four-word example popularized by online comic XKCD, "correcthorsebatterystaple." That or whatever maximum length random password via a password management app, with two-factor authentication enabled in either case.

Photo-sharing website Flickr is starting to delete users' photos after changing its terms and conditions. The firm announced in November that it would no longer be allowing its members one terabyte of free storage. From a report: Under the new rules, there is a limit of 1,000 photographs for those who do not subscribe to the service at a cost of $49.99 per year. One terabyte would store around 200,000 photos with an average size of 5MB. Flickr was acquired by another photo platform called SmugMug in April 2018. The price it paid to former owner Verizon was not disclosed. In a blog in November announcing the changes, Flickr said that "storing tens of billions of Flickr members' photos is staggeringly expensive". It also said by introducing the free storage in 2013, Flickr's original owner Yahoo had "lost sight of what made Flickr truly special" as new users were attracted by the storage rather than the photography.

A U.S. judge rejected Yahoo's proposed settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history, faulting the Internet services provider for a lack of transparency. From a report: In a Monday night decision, U.S. District Judge Lucy Koh in San Jose, California, said she could not declare the settlement "fundamentally fair, adequate and reasonable" because it did not say how much victims could expect to recover. Yahoo, now part of New York-based Verizon Communications, was accused of being too slow to disclose three breaches from 2013 to 2016 that affected an estimated 3 billion accounts. The settlement called for a $50 million payout, plus two years of free credit monitoring for about 200 million people in the United States and Israel with nearly 1 billion accounts.

According to a report from Reason magazine, Twitter users who comment the "learn to code" advice at journalists who just lost their jobs might be treated as "abusive behavior," which is a violation of the social media site's terms of service. The rumor comes from Jon Levine, Media Editor at The Wrap. From the report: The Wrap's Jon Levine said representatives for the social media company had backed away from the position they related to him earlier, which was that the phrase "learn to code" itself constituted abusive behavior. The new position seems to be that "learn to code" is not de facto harassment, but could be considered harassment if tweeted aggressively as part of campaign to intimidate a specific user, in accordance with Twitter's somewhat vague abusive behavior policy. In an email to Reason, a Twitter spokesperson said: "Twitter is responding to a targeted harassment campaign against specific individuals -- a policy that's long been against the Twitter Rules."

Last week, journalists from BuzzFeed, HuffPost, Yahoo, AOL, and others, were let go. BuzzFeed founder and CEO, Jonah Peretti, said the company "would reduce headcount by 15%, or about 250 jobs, to around 1,100 employees globally," reports The Guardian. "At the same time, Verizon said it would trim 7% of headcount, about 800 people, from its media unit, which includes HuffPost, Yahoo and AOL. The job losses followed sales or cuts at Mic, Refinery29 and elsewhere."