According to the Guardian, Amazon CEO Jeff Bezos had his phone "hacked" in 2018 after receiving a WhatsApp message from the personal account of the crown prince of Saudi Arabia. From the report: The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world's richest man, according to the results of a digital forensic analysis. This analysis found it "highly probable" that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post. The two men had been having a seemingly friendly WhatsApp exchange when, on May 1 of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity. Large amounts of data were exfiltrated from Bezos's phone within hours, according to a person familiar with the matter. The Guardian has no knowledge of what was taken from the phone or how it was used. [...] The disclosure is likely to raise difficult questions for the kingdom about the circumstances around how U.S. tabloid the National Enquirer came to publish intimate details about Bezos's private life -- including text messages -- nine months later. It may also lead to renewed scrutiny about what the crown prince and his inner circle were doing in the months prior to the murder of Jamal Khashoggi, the Washington Post journalist who was killed in October 2018 -- five months after the alleged "hack" of the newspaper's owner.

Read more of this story at Slashdot.

The first case of an infection with a new coronavirus has been discovered in the United States. NPR reports: A man from Washington state returned home after a trip to Wuhan, China, on Jan. 15, sought medical attention on Jan. 19 and now is in isolation at Providence Regional Medical Center in Everett, Wash. State health officials say his condition is quite good and even referred to him as "healthy." But testing from the Centers for Disease Control and Prevention on the 20th confirm that he is infected with the Wuhan coronavirus. The man arrived back in the U.S. prior to the implementation of screening at three domestic airports on Friday. As of yesterday, over 200 cases of the virus have been reported in China.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Internet routers running the Tomato alternative firmware are under active attack by a self-propagating exploit that searches for devices using default credentials. When credentials are found, the exploit then makes the routers part of a botnet that's used in a host of online attacks, researchers said on Tuesday. The Muhstik botnet came to light about two years ago when it started unleashed a string of exploits that attacked Linux servers and Internet-of-things devices. It opportunistically exploited a host of vulnerabilities, including the so-called critical Drupalgeddon2 vulnerability disclosed in early 2018 in the Drupal content management system. Muhstik has also been caught using vulnerabilities in routers that use Gigabit Passive Optical Network (GPON) or DD-WRT software. The botnet has also exploited previously patched vulnerabilities in other server applications, including the Webdav, WebLogic, Webuzo, and WordPress. On Tuesday, researchers from Palo Alto Networks said they recently detected Muhstik targeting Internet routers running Tomato, an open-source package that serves as an alternative to firmware that ships by default with routers running Broadcom chips. The ability to work with virtual private networks and provide advanced quality of service control make Tomato popular with end users and in some cases router sellers. The exploits use already infected devices to scan the Internet for Tomato routers and, when found, to check if they use the default username and password of "admin:admin" or "root:admin" for remote administration. The exploit causes Tomato routers that haven't been locked down with a strong password to join an IRC server that's used to control the botnet. The infection also causes the routers to scan the Internet for servers or devices running WordPress, Webuzo, or WebLogic packages that are vulnerable.

Read more of this story at Slashdot.

The Swedish climate activist and the US president gave very different speeches at Davos.

Apple chief executive Tim Cook believes augmented reality, or technology that overlays virtual objects onto the real world, is "the next big thing" that is poised to "pervade our entire lives." From a report: Shanahan asked Cook about major developments in tech he expects in the next five to 10 years. "I'm excited about AR," said the Big Tech CEO, citing augmented reality as an emerging tech space to watch. "My view is it's the next big thing, and it will pervade our entire lives." [...] Cook also sees applications for AR helping with hands-on tasks. "You may be under the car changing the oil, and you're not sure exactly how to do it. You can use AR," he said. Interestingly, the tech CEO sees benefits for AR and connecting people, more than other available technologies. "I think it's something that doesn't isolate people. We can use it to enhance our discussion, not substitute it for human connection, which I've always deeply worried about in some of the other technologies."

Read more of this story at Slashdot.

A large number of Android mobile apps listed on the official Google Play Store contain self-contradictory language in their privacy policies in regards to data collection practices. From a report: In an academic study published last year, researchers created a tool named PolicyLint that analyzed the language used in the privacy policies of 11,430 Play Store apps. They found that 14.2% (1,618 apps) contained a privacy policy with logical contradicting statements about data collection. Examples include privacy policies that stated in one section that they do not collect personal data, only to contradict themselves in subsequent sections, where they state they collect emails or customer names -- which are clearly personally-idenfiable information. While the research team could not determine the app maker's intent in using contradicting statements in their privacy policy, researchers feel the primary purpose was to mislead users if they ever took the time to read the policies.

Read more of this story at Slashdot.

The U.S. government's longest shutdown to date ended a year ago, but the memory may have kept lingering in the minds of federal workers looking for greener pastures in the technology world. From a report: A report released Tuesday by recruiting website Indeed compared clicks by federal employees on private tech jobs against clicks by users not on the federal payroll. That comparison found federal employees' clicks on such jobs were up on average almost 11% in the first 11 months of 2019 compared with 2017. Clicks from the general public fell 7.8% in the same period. The gap is more dramatic between tech workers in the government and private sector. Clicks by federal tech employees on those private-sector jobs were up 6.1% from January 2017 as of November, while clicks from private-sector tech employees fell 21% in the same period. Potential explanations for the divide included advantages for private-sector jobs like higher salaries and the ability to work remotely. Certain tech companies pay an almost 50% premium compared to the federal government, Indeed said.

Read more of this story at Slashdot.

Sonos has announced that come May 2020, a number of its older products will no longer receive software updates. From a report: That's fair enough, especially considering some of the devices were introduced as far back as 2005. What's likely to raise the heckles of affected Sonos customers, though, is that should they choose to continue using their legacy products, they won't be able to get updates for their contemporary ones. The reason this is the case is that a multi-speaker Sonos system requires all devices to operate on the same software and older products "do not have enough memory or processing power to sustain future innovation." Thus, as Sonos explains in an email to customers, "If modern products remain connected to legacy products after May, they also will not receive software updates and new features."

Read more of this story at Slashdot.

Just tuned into a discussion on NPR that failed to take into account that the president was caught trying to steal the election. If you don't consider that, of course waiting for the election sounds more reasonable.

Re posting a nightly digest in the RSS feed. Been down that road in other contexts. Feed readers are so inconsistent, the result would be garbage for many if not most people. The platform is good at doing what it does, and that's it. The developers aren't listening. Also it wasn't easy to find an email format that works well enough across email clients, and it still looks mangled for some people. Email has only been an approximation of what works. To do this right, I'm going to write the software myself. I've spent 20-plus years waiting for collaboration. Fuck it, I'm not waiting any more. Shouldn't have waited in the first place. Wasn't thinking clearly about this.

BetaNews: Over the years Microsoft has taken numerous controversial decisions with Windows 10, including installing sponsored apps, using the Start menu to advertise apps it thinks you might be interested in, and -- of course -- the various forms of data-collecting telemetry. Now it has been discovered that more ads could be on their way. A Windows researcher has uncovered ads in WordPad encouraging people to try out Word, Excel and PowerPoint online. News of the ads was shared on Twitter by Rafael Rivera, and it was met with a mixture of indignation and reluctant acceptance. Reaction was mixed because while some people saw little wrong with Microsoft advertising a free service rather than trying to encourage people to part with money, there was still a widespread feeling that it was an invasive move.

Read more of this story at Slashdot.

Federal prosecutors in Brazil on Tuesday charged the American journalist Glenn Greenwald with cybercrimes for his role in the spreading of cellphone messages that have embarrassed prosecutors and tarnished the image of an anti-corruption task force. The New York Times: In a criminal complaint made public on Tuesday, prosecutors in the capital, Brasilia, accused Mr. Greenwald of being part of a "criminal organization" that hacked into the cellphones of several prosecutors and other public officials last year. The Intercept Brazil, a news organization Mr. Greenwald co-founded, has published several stories based on a trove of leaked messages he received last year.

Read more of this story at Slashdot.

A Beatles song. Prototype. Finished product.

Look I have a huge dildo.

And my retort to Doc. I cover a lot of ground, tying together all the threads on Scripting News. We're headed to a China/Soviet Union type government in the US. Tech will make it so much easier. Doc was right there will be a lot of angst about all this. But forget the election, and forget Congress. It's over. He not only will be able to ignore the Constitution, he also has Barr, who is infinitely more than Sessions. And Attorney General is so central to the functioing of the US govt. But unlike everyone else, I don't take it as a given that the Repubs will acquit. They must see the danger. What if a majority vote to convict, but not enough to remove him. That's a third outcome no one seems to consider.