Google

Former Google CEO Eric Schmidt Says Tech Companies Can Regulate Themselves (yahoo.com) 128

Former Google CEO Eric Schmidt in a new interview rejected the notion that Capitol Hill has a role to play in regulating big tech companies, breaking with Facebook CEO Mark Zuckerberg's recent willingness to work with lawmakers. From a report: "The problem is if you write a rule, inevitably, you fix the solution on a specific solution, but the technology moves so quickly," Schmidt says. "It's generally better to let the tech companies do these things," he adds. Schmidt, who ran Google from 2001 to 2011, acknowledged that over his tenure the company did not understand the scale or severity of problems originating from its products. But since then, the company has addressed the issues, he said. "Our response has, in my view, been very strong," he said. "Today, we have all sorts of software that enforces policies of one kind or another. And people complain about the rules, but the fact of the matter is the rules are published."

[...] Schmidt suggested that even if Congress does pass new regulations on tech companies, issues will continue to originate on tech platforms because the sites display unpredictable human conduct. Content moderators and other employees need to ensure that users abide by the rules of a given platform, he said. "All of these platforms that are human centric will have to have a component of them, which is...watching what the users are doing and making sure they're consistent with their terms of service and the law," he says. "These issues are ongoing, because these are human-based systems," he says. "And so humans will continue to use them. They will continue to do unexpected things. There will continue to be surprises."
Further reading: Former Google CEO Eric Schmidt Predicts the Internet Will Split in Two By 2028 -- and One Part Will Be Led By China.
Power

Challenging Tesla, Volkswagen Announces Electric SUV, Mass Production of Electric Vehicles (apnews.com) 228

An anonymous reader quotes the AP: Volkswagen is planning to release a fully-electric SUV in China which could compete with Tesla's Model X. The German automaker said Sunday the ID. ROOMZZ will be unveiled at the upcoming Shanghai Auto Show and will be available in 2021. Volkswagen says the zero-emission vehicle can go approximately 450 kilometers (280 miles) before the battery has to be recharged.
Volkswagen also claims it will have "level 4 autonomous driving," Reuters reports, adding that this electric SUV "is the latest move in Volkswagen's aggressive growth strategy in China, where electric cars are given preferential treatment by authorities..." In fact, the company's chief executive says nearly half of VW's engineers are working on products for the China market, though the electric SUV will eventually be shipped to other markets. "We plan to produce more than 22 million electric cars in the next 10 years."

VW's head of e-mobility also tells Reuters that Volkswagen will convert eight of their factories to mass produce electric Volkswagens, and eight more factories to to mass-produce electric cars under a different brand.
Crime

The Rise and Fall of the Bayrob Malware Gang (zdnet.com) 54

Three Romanians ran a complicated online fraud operation -- along with a massive malware botnet -- for nine years, reports ZDNet, netting tens of millions of US dollars, but their crime spree is now over. But now they're all facing long prison sentences.

"The three were arrested in late 2016 after the FBI and Symantec had silently stalked their malware servers for years, patiently waiting for the highly skilled group to make mistakes that would leave enough of a breadcrumb trail to follow back to their real identities."

An anonymous Slashdot reader writes: The group started from simple eBay scams [involving non-existent cars and even a fake trucking company] to running one of the most widespread keylogger trojans around. They were considered one of the most advanced groups around, using PGP email and OTR encryption when most hackers were defacing sites under the Anonymous moniker, and using multiple proxy layers to protect their infrastructure. The group operated tens of fake websites, including a Yahoo subsidiary clone, conned and stole money from their own money mules, and were of the first groups to deploy Bitcoin crypto-mining malware on desktops, when Bitcoin could still be mined on PCs.

The Bayrob group was led by one of Romania's top IT students, who went to the dark side and helped create a malware operation that took nine years for US authorities and the FBI to track and eventually take down. Before turning hacker, he was the coach of Romania's national computer science team, although he was still a student, and won numerous awards in programming and CS contests.

Space

Flat Earther Now Wants to Launch His Homemade Rocket Into Space (phillyvoice.com) 151

At a flat-earth conference in May, Mad Mike Hughes will announce details of "an Antarctic expedition with the goal of reaching the edge of the world...to prove once and for all that this Earth is flat." But before that, he's heading for outer space.

An anonymous reader quotes PhillyVoice: If you recognize the name Mad Mike Hughes, it's likely because he strapped himself into a rocket last March and traveled three-tenths of a mile into the heavens in the name of Flat Earth awareness. (See for yourself!) Well, nearly a year to the date after that momentous achievement, the limousine-driving daredevil and gubernatorial candidate has announced he's building upon the lessons learned last year and pushing the limits even further...

We caught up with him Thursday afternoon on the phone from California where he was "putting decals on the rocket right now!" Before any sort of Antarctica excursion, he's planning for a May 9 launch either in New Mexico "or the middle of the ocean if the government tries to stop me..." He hopes to reach the Kármán line, some 62.8 miles above Earth where space begins. "That way, we'll see what shape this rock really is," he said.

"More people will watch this than those who watched the fake moon landing. It will be an incredible, incredible event. People will see what I'm seeing for three hours up there and back and they'll be able to make up their own minds.... I'm the only guy capable of actually proving what shape this rock is, and that's by going up into space to do it."

The Science Channel is now filming Hughes' progress. (Here's a slick trailer for an upcoming documentary called "Rocketman".)

And Hughes says he's also claimed the legal entities that famous people are operating under, including Elon Musk, Mark Zuckerberg, and Warren Buffett, putting these powerful people in a precarious position because now "they can't even exist..."

"I have a lot of court cases going on."
Yahoo!

Yahoo Offers $118 Million To Settle Lawsuit Over Massive Data Breach (cnn.com) 30

Yahoo is offering to pay $117.5 million to settle its massive data breaches that compromised personal information, including email addresses and passwords. "The proposed settlement was announced on Tuesday, but still needs to be approved by U.S. District Judge Lucy Koh," reports CNN. From the report: Earlier this year, a different version of the class-action settlement was rejected by Koh, who wanted to see more benefit to consumers and a specific settlement amount. Yahoo was hit by multiple data breaches from 2013 to 2016. The 2013 breach affected every single customer account that existed at the time, which totaled 3 billion. Yahoo previously said names, email addresses and passwords were compromised but not financial information.
Government

Finland's Basic Income Experiment Shows Recipients Are Happier and More Secure (yahoo.com) 439

An anonymous reader quotes Bloomberg: Unemployed people derive significant psychological benefits from receiving a fixed amount of financial support from the state, according to a landmark experiment into basic income in Finland that highlights the disadvantages of the country's existing means-tested system.

Initial results of the two-year study had already shown that its 2,000 participants were no more and no less likely to work than their counterparts receiving traditional unemployment benefit. Thursday's set of additional results from the social insurance institution Kela showed that those getting a basic income described their financial situation more positively than respondents in the control group. They also experienced less stress and fewer financial worries than the control group, Kela said in a statement... They had more trust in other people and social institutions, and showed more faith in their ability to have influence over their own lives, in their personal finances and in their prospects of finding employment

Finland is the first country in the world to test universal basic incomes at national level.
Security

Security Expert Launches BreachClarity.com, A New Data Breach Response Tool (breachclarity.com) 10

A new online tool "analyzes publicly disclosed data breaches and gives concrete advice to victims," reported CNET last week. Now the site's creator, data breach expert jimvandyke, is asking Slashdot's readers for feedback: At BreachClarity.com, just enter the name of any data breach you were in (such as 'Anthem', 'Equifax', 'Yahoo', etc.), and click the bright green 'search' button. Every publicly-reported breach since January 2017 (and noteworthy older ones) are in the database, and eventually every publicly-reported breach will be in the database, thanks to my non-profit partner the IDTheftCenter.org (ITRC). Breach Clarity is now available for free in basic form to consumers, as a very simple UI sitting in front of a comprehensive algorithm of my own design.

The goal of Breach Clarity is to help people by demystifying how any new data breach creates identity-holder risk of identity theft, identity fraud, and other harms. My goal in creating Breach Clarity is to move past the myths and victim-blaming (for instance, my research finds that very few people are actually 'apathetic' or 'lazy' when it comes to security, and it's simply not true that 'everyone's data is all already out there' for any cyber-criminal who wants to commit fraud in another person's name).

Breach Clarity uses dynamic research, technology, and design-thinking to protect people in the face of an onslaught of ongoing data breaches (The ITRC recorded 1,244 publicly reported US ones last year, leading to over $10B in annual identity crimes as reported by my former company Javelin Strategy & Research!)... If you like what you see, please use it and spread the word.

The original submission says the site's creator is currently "a one-person pre-funded operation, aiming to create an advanced and more full-featured version of Breach Clarity that will be licensed for financial institutions and employers." But if this is beta testing, there's some great technical support. "If you're confused by what you see, you can actually call the phone number in the upper right of BreachClarity and talk to a real person for free. You'll reach my partner, the ITRC, who gets grant funding from law enforcement and foundations."

CNET notes that "You can already find out if you've lost login credentials and other sensitive information by visiting Have I Been Pwned or Firefox Monitor. Breach Clarity takes things a step further by helping you decide what to do afterward."
Android

Readdle Brings Free Spark Email App To Android, Promises No Ads or Tracking (venturebeat.com) 26

Twelve years after its inception, Readdle is finally venturing beyond Apple's ecosystem with the launch today of its Spark email app for Android. This comes on the heels of Google killing its own popular Inbox email app. From a report: Spark's Android app -- like its iOS and macOS incarnations -- includes three key selling points: It is free for individual users, does not serve ads, and offers a host of features aimed at power users. Plus, it supports all major email providers, including Google, Microsoft, Yahoo, and Apple. Spark for Android, like the now defunct Inbox app, sorts emails -- prioritizing more important messages to help you reach "inbox zero." It offers options to snooze an email and to schedule when an email should go out. You can also pin emails so that it is easier to find them later and get reminders to follow up on previous conversations. Advanced search functionality lets you use conversational keywords to find things like that PDF file your boss sent last week. So how exactly does the Ukrainian-headquartered company make money? Readdle offers a paid version of Spark that is aimed at small to medium-sized teams and enterprises.
Education

More Colleges Try Forgoing Tuition For A Percentage of Future Income (yahoo.com) 180

"Some innovative colleges, in partnership with private investors and a small number of philanthropies, are experimenting with a new financing model called 'income share agreements' or 'ISAs,'" reports Yahoo Finance: With an ISA, instead of assuming a fixed debt obligation, students simply agree to pay an affordable percentage of their future income over a set time period, subject to an overall cap. High earners will have larger payments than low earners, but all will have an affordable payment, based on what they will actually be making. Importantly, when the college is providing some or all of the funding for the ISA, its return will be aligned with its students' post-college earnings, giving it economic incentives to make sure its students both graduate and find jobs. The college is, literally, invested in its students' success...

With ISAs, there is no principal or interest. Thus, they are much better suited for low income students as their financial obligations never exceed their ability to pay... In a recent paper commissioned by the Manhattan Institute, we looked at the small but growing number of colleges and universities offering ISA programs. Indiana's Purdue University launched the first such program in 2016. About a dozen other institutions have now followed suit, including Lackawanna College in Pennsylvania, Clarkson University in New York, and the University of Utah. Most of these pioneers offer ISAs to students as an alternative to non-subsidized federal loans, though a few are offering them as a complete substitute for borrowing... A common feature of all these ISA programs is that they require payments only when the graduate meets a certain income threshold. All impose time limits and caps on the total amount that needs to be repaid, though they differ widely in where they set those caps and limits.

Transportation

Prosecutors Were Already Investigating Whether Boeing Provided 'Incomplete or Misleading' 737 Information (yahoo.com) 95

Fox Business News reports:

- "Federal prosecutors are investigating whether Boeing provided incomplete or misleading information about its best-selling 737 Max aircraft to U.S. air safety regulators and customers, according to a report from The Wall Street Journal."

- That investigation began five months ago -- after the first crash that killed 189 people, but before the second one.

Nine days after that November 7 crash, America's Federal Aviation Administration had issued an international emergency order "warning that Boeing had discovered an 'unsafe condition' that is 'likely to exist or develop' in other planes," reports the Washington Post: The FAA directive said if erroneous data is received by the 737 Max jet's flight control system, the plane's nose could be pushed down repeatedly. Failing to address that "could cause the flight crew to have difficulty controlling the airplane," push the nose down and lead to "significant altitude loss, and possible impact with terrain," according to the notice. The notice told pilots that, if bad data causes problems to appear, they should "disengage autopilot" and use other controls and adjust other switches to fly the plane....

Investigators scouring black box data believe an automatic anti-stalling feature was engaged before a Boeing 737 Max jet crashed and killed 157 people in EthiÂoÂpia, an administration official said Friday. The feature, known as MCAS, also was a factor in the October crash in Indonesia, according to investigators. The investigators said inaccurate information from an outside sensor led MCAS to force the nose of the plane down over and over again.

That explanation is also supported by the positioning of equipment on the aircraft's tail "in a way that would push the plane's nose downward, consistent with the black box finding," reports the Washington Post.

Fox Business also reports that Boeing currently has over 4,600 "unfilled" orders for its 737 Max jets.
Earth

New York Becomes America's Third State To Ban Plastic Bags (yahoo.com) 215

An anonymous reader quotes the Associated Press: Gov. Andrew Cuomo and fellow Democrats who control the Legislature have reached a deal to make New York the third state with a ban on single-use plastic grocery bags as they worked to finalize budget agreements, officials said Friday. The ban would prohibit grocery stores from providing plastic bags for most purchases, something California has been doing since a statewide ban was approved in 2016. Hawaii has an effective statewide ban, with all its counties imposing their own restrictions....

New York's ban wouldn't take effect until next March. The plan also calls for allowing local governments the option to impose a 5-cent fee on paper bags, with 3 cents going to the state's Environmental Protection Fund and 2 cents kept by local governments.

Meanwhile, Tennessee's state House and Senate have passed a different kind of bill -- one that bans local Tennessee governments from regulating plastic bags, according to local channel WMC.

One Memphis councilman had proposed allowing the use of plastic bags, but with a seven-cent tax to support clean water initiatives. "But that won't happen if the governor signs the bill to 'ban the bans.'"
Microsoft

Microsoft Takes Control of 99 Domains Operated By Iranian State Hackers (zdnet.com) 49

An anonymous reader quotes a report from ZDNet: Court documents unsealed today revealed that Microsoft has been waging a secret battle against a group of Iranian government-sponsored hackers. The OS maker sued and won a restraining order that allowed it to take control of 99 web domains that had been previously owned and operated by a group of Iranian hackers known in cyber-security circles as APT35, Phosphorus, Charming Kitten, and the Ajax Security Team. The domains had been used as part of spear-phishing campaigns aimed at users in the US and across the world.

APT35 hackers had registered these domains to incorporate the names of well-known brands, such as Microsoft, Yahoo, and others. The domains were then used to collect login credentials for users the group had tricked into accessing their sites. The tactic is decades old but is still extremely successful at tricking users into unwittingly disclosing usernames and passwords, even today. Some of the domains Microsoft has confiscated include the likes of outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net. Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.

Google

Google Makes Emails More Dynamic With AMP For Email (techcrunch.com) 114

Google today officially launched AMP for Email, its effort to turn emails from static documents into dynamic, web page-like experiences. From a report: AMP for Email is coming to Gmail, but other major email providers like Yahoo Mail, Outlook and Mail.ru will also support AMP emails. It's been more than a year since Google first announced this initiative. Even by Google standards, that's a long incubation phase, though there's also plenty of backend work necessary to make this feature work.

The promise of AMP for Email is that it'll turn basic messages into a surface for actually getting things done. "Over the past decade, our web experiences have changed enormously -- evolving from static flat content to interactive apps -- yet email has largely stayed the same with static messages that eventually go out of date or are merely a springboard to accomplishing a more complex task," Gmail product manager Aakash Sahney writes. "If you want to take action, you usually have to click on a link, open a new tab, and visit another website." With AMP for Email, those messages become interactive. That means you'll be able to RSVP to an event right from the message, fill out a questionnaire, browse through a store's inventory or respond to a comment -- all without leaving your web-based email client.

First Person Shooters (Games)

Cities In India Ban 'PlayerUnknown's Battlegrounds' Over Fears It Turns Children Into 'Psychopaths' (yahoo.com) 163

Player Unknown's Battlegrounds is facing a "ferocious" backlash in India, Bloomberg reports: Nowhere has resistance to the game been quite like India. Multiple cities have banned PUBG, as it's known, and police in Western India arrested 10 university students for playing. The national child rights commission has recommended barring the game for its violent nature. One of India's largest Hindi newspapers declared PUBG an "epidemic" that turned children into "manorogi," or psychopaths. "There are dangerous consequences to this game," the Navbharat Times warned in a March 20 editorial. "Many children have lost their mental balance...."

What's different about India is the speed with which the country has landed in the strange digital world of no laws or morals. It skipped two decades of debate and adjustment, blowing into the modern gaming era in a matter of months. Rural communities that never had PCs or game consoles got smartphones in recent years -- and wireless service just became affordable for pretty much everyone after a price war last year. With half a billion internet users looking for entertainment, PUBG has set off a frenzy.

Over 250,000 students entered one recent PUBG competition, according to the article.

At least one local minister criticized the game as "the demon in every house."
Programming

82-Year-Old Pope Francis Is 'First Pope To Write a Line of Code' (geekwire.com) 97

Long-time Slashdot reader theodp writes: After seeing to it that UK Prime Minister David Cameron, US President Barack Obama, and Canadian Prime Minister Justin Trudeau all received (widely-publicized) coding lessons, Code.org CEO Hadi Partovi noted in late 2016 that he was "still working on Pope Francis." GeekWire reports that Partovi was able to cross that one off his bucket list Thursday, as he helped Pope Francis become 'the first Pope to write a line of code' at a 'Programming for Peace' event organized by the Pope's foundation, Scholas Occurrentes, in Vatican City (not ready for Twitch.TV video).

"In the 21st century, computer science is a fundamental subject that all students should learn," said Partovi, whose tech-bankrolled nonprofit has entered a partnership with Scholas to introduce children to computer science. "Schools should teach computer science to prepare students for the future, empower children with creativity and teach how to harness technology and creativity." The Pontiff's programming lesson comes a month after Partovi's next-door neighbor, Microsoft President and Code.org Board member Brad Smith, had a sit-down with the Pope to discuss the ethical use of AI and ways to bridge the digital divide between rich and poor nations.

Google

Google's Bad Data Wiped Another Neighborhood Off the Map (medium.com) 76

Medium's technology publication ran a 3,600-word investigation into a mystery that began when a 66-year-old New York woman Googled directions to her neighborhood, "and found that the app had changed the name of her community..." It's just as well no one contacted Google, because Google wasn't the company that renamed the Fruit Belt to Medical Park. When residents investigated, they found the misnomer repeated on several major apps and websites including HERE, Bing, Uber, Zillow, Grubhub, TripAdvisor, and Redfin... Monica Stephens, a geographer at the University at Buffalo who studies digital maps and misinformation, immediately suspected the geographic clearinghouse Pitney Bowes. Founded in 1920 as a maker of postage meters -- the machines that stamp mail with proof it's been sent -- Pitney Bowes expanded into neighborhood data in 2016 when it bought the leading U.S. provider, Maponics. In its 15-year run, Maponics had supplied neighborhood data to companies from Airbnb to Twitter to the Houston Chronicle. And it had also just acquired a longtime competitor, Urban Mapping, which has previously supplied Facebook, Microsoft, MapQuest, Yahoo, and Apple. Though Pitney Bowes is far from a household name, the $3.4 billion data broker is "a huge company at this point," says Stephens, with enough influence to inadvertently rename a neighborhood across hundreds of sites...

In the early 2000s, Urban Mapping offered new college grads $15 to $25 per hour to comb local blogs, home listings, city plans, and brochures for possible neighborhood names and locations. Maponics, meanwhile, used nascent technologies such as computer vision and natural language processing to pull neighborhoods from images and blocks of text, one former executive with the company said... I visited the Buffalo Central Library to find the source of the error... Sure enough, one of the librarians located a single planning office map that used the "Medical Park" label. It was a 1999 report on poverty and housing conditions -- long since relegated to a dusty shelf stacked with old binders and file folders... Somehow, likely in the early 2000s, this map made its way into what is now the Pitney Bowes data set -- and from there, was hoovered into Google Maps and out onto the wider internet. Buffalo published another map in 2017, with the Fruit Belt clearly marked, and broadcast on the city's open data portal. For whatever reason, Pitney Bowes and its customers never picked that map up.

This is not the first time Google Maps has seemed to spontaneously rename a neighborhood. But for Fruit Belt the reporter's query eventually prompted corrections to the maps on Redfin, TripAdvisor, Zillow, Grubhub, and Google Maps. But the article argues that when it comes to how city names are represented online, "the process is too opaque to scrutinize in public. And that ambiguity foments a sense of powerlessness."

Pitney Bowes doesn't even have a method for submitting corrections. Yet, "In an emailed statement, a spokesperson for Google defended its use of third-party neighborhood sources. 'Overall, this provides a comprehensive and up-to-date map,' the spokesperson said, 'but when we're made aware of errors, we work quickly to fix them.'"
The Internet

Tumblr's Web Traffic Has Dropped From 520 Million Page Views in December 2018 To 370 Million Page Views in February This Year Following Adult Content Ban (independent.co.uk) 79

Tumblr's ban on pornography and adult content has led to an estimated fifth of its users deserting the platform. From a report: Tumblr's ban on pornography and adult content has led to a fifth of its users deserting the platform, figures reveal. The ban, which came into effect on 17 December, provoked a backlash from users who claimed it would penalise sex-positive, LGBT and NSFW art communities. Visits to the Tumblr website fell from 521 million in December to 437 million in January and 370 million in February, according to data from web analytics firm SimilarWeb. Tumblr's decision to update its content policy came after the discovery of child sexual abuse imagery on its blogs.
Facebook

Facebook's Data Deals Are Under Criminal Investigation (cnn.com) 49

An anonymous reader quotes a report from The New York Times: Federal prosecutors are conducting a criminal investigation into data deals Facebook struck with some of the world's largest technology companies (Warning: source may be paywalled; alternative source), intensifying scrutiny of the social media giant's business practices as it seeks to rebound from a year of scandal and setbacks. A grand jury in New York has subpoenaed records from at least two prominent makers of smartphones and other devices, according to two people who were familiar with the requests and who insisted on anonymity to discuss confidential legal matters. Both companies had entered into partnerships with Facebook, gaining broad access to the personal information of hundreds of millions of its users. The companies were among more than 150, including Amazon, Apple, Microsoft and Sony, that had cut sharing deals with the world's dominant social media platform. The agreements, previously reported in The New York Times, let the companies see users' friends, contact information and other data, sometimes without consent. Facebook has phased out most of the partnerships over the past two years. "We are cooperating with investigators and take those probes seriously," a Facebook spokesman said in a statement. "We've provided public testimony, answered questions and pledged that we will continue to do so."
Movies

'Captain Marvel' Smashes Box Office Record, Laughs Off Review-Bombing Trolls (hollywoodreporter.com) 549

"With a $302 million international gross, Captain Marvel has earned $455 million overall to date, the largest ever global opening for a March release and the sixth highest of all-time," reports the Wrap. The superhero movie raked in $153 million just in America, reports Collider, "Suggesting that a sad, extremely vocal minority of idiots on the internet don't actually matter in the slightest."

They're referring to another Rotten Tomateos review-counting glitch Friday morning, as covered by the Hollywood Reporter: The Disney film had only been in theaters for hours on Friday when the female-driven superhero picture was torpedoed online via Rotten Tomatoes. As of 8 a.m., the film had more than 58,000 reviews. That is more than the total of audience score reviews for Avengers: Infinity War for its entire theatrical run.

Rotten Tomatoes explained in a statement to The Hollywood Reporter that a glitch was responsible for thousands of reviews showing up on the site when they shouldn't have. According to Rotten Tomatoes, it had included audience reviews given before the film was released, something which is no longer allowed.

Movieweb believes those pre-release reviews were generated by bots, suggesting a small handful of review-bombers who were attempting to amplify their impact. Yahoo Entertainment believes the attempted review-bombers were angry with the film's star "for, well, not giving a crap about what the trolls say. Perhaps that's the best superpower of all."

When asked about the attempt to review-bomb Captain Marvel, the film's star Brie Larson smilingly replied, "Oh... who cares?"

"Love what you love! Who cares what other people think?"
Privacy

Egypt Government Used Gmail Third-Party Apps To Phish Activists (zdnet.com) 16

An anonymous reader quotes a report from ZDNet: Members of Amnesty International say that Egyptian authorities are behind a recent wave of spear-phishing attacks that have targeted prominent local human rights defenders, media, and civil society organizations' staff. The attacks used a relatively new spear-phishing technique called "OAuth phishing," Amnesty experts said. OAuth phishing is when attackers aim to steal a user account's OAuth token instead of the account password. When a user grants a third-party app the right to access their account, the app receives an OAuth token instead of the user's password. These tokens work as authorization until the user revokes their access. Amnesty investigators said that in the recent spear-phishing campaign that targeted Egyptian activists, authorities created Gmail third-party apps through which they gained access to victim's accounts. Victims would receive an email that looked like a legitimate Gmail security alert. But when they clicked the link, they'd be redirected to a page where a third-party app would request access to their account. Once the victim granted the app access to their Gmail account, the user would be redirected to the account's legitimate security settings page where they'd be left to change their password. Even if the victim changes their password, at this point, the phishers would still have access to the account via the newly acquired OAuth token. The Amnesty International report says the spear-phishing campaign also targeted Yahoo, Outlook and Hotmail users.

Slashdot Top Deals