Microsoft has revealed it has awarded security researchers $13.7m for reporting bugs in Microsoft software since July last year. From a report: Microsoft's bug bounties are one of the largest source of financial awards for researchers probing software for flaws and, importantly, reporting them to the relevant vendor rather than selling them to cybercriminals via underground markets or exploit brokers who distribute them to government agencies. The Redmond company has 15 bug-bounty programs through which researchers netted $13.7m between July 1, 2019 and June 30, 2020. That figure is triple the $4.4m it awarded in the same period the previous year. [...] Microsoft's total annual bug-bounty payouts are now much larger than Google's awards for security flaws in its software, which totaled $6.5m in calendar year 2019. That figure was double the previous year's payouts from the ad and search giant, which called it a "record-breaking year."

Read more of this story at Slashdot.

At the Black Hat security conference on Thursday, researchers will present "darn subtle" flaws in industry-wide protections used to ensure that emails come from the address they claim to. From a report: The study looked at the big three protocols used in email sender authentication -- Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) -- and found 18 instances of what the researchers call "evasion exploits." The vulnerabilities don't stem from the protocols themselves, but from how different email services and client applications implement them. Attackers could use these loopholes to make spearphishing attacks even harder to detect. "I think I'm a savvy, educated user and the reality is, no, that's actually not enough," says Vern Paxson, cofounder of the network traffic analysis firm Corelight and a researcher at the University of California, Berkeley, who worked on the study along with Jianjun Chen, a postdoctoral researcher at the International Computer Science Institute, and Jian Jiang, senior director of engineering at Shape Security. "Even users who are pretty savvy are going to look at the indicators that Gmail or Hotmail or others provide and be fooled," Paxson says. Think about when you hand a friend a birthday card at their party. You probably only write their first name on the outside of the envelope, and maybe underline it or draw a heart. If you mail that letter instead, though, you need the recipient's full name and detailed address, a stamp, and ultimately a postmark with a date on it. Sending email across the internet works similarly. Though email services only require you to fill out the "To" and "Subject" fields, there's a whole list of more detailed information getting filled out behind the scenes. Those industry-standard "headers," as they're known, include date and time sent and received, language, a unique identifier called a Message-ID, and routing information.

Read more of this story at Slashdot.

A virus has brought the world's most powerful country to its knees. From a report: A pandemic can be prevented in two ways: Stop an infection from ever arising, or stop an infection from becoming thousands more. The first way is likely impossible. There are simply too many viruses and too many animals that harbor them. Bats alone could host thousands of unknown coronaviruses; in some Chinese caves, one out of every 20 bats is infected. Many people live near these caves, shelter in them, or collect guano from them for fertilizer. Thousands of bats also fly over these people's villages and roost in their homes, creating opportunities for the bats' viral stowaways to spill over into human hosts. Based on antibody testing in rural parts of China, Peter Daszak of EcoHealth Alliance, a nonprofit that studies emerging diseases, estimates that such viruses infect a substantial number of people every year. "Most infected people don't know about it, and most of the viruses aren't transmissible," Daszak says. But it takes just one transmissible virus to start a pandemic. Sometime in late 2019, the wrong virus left a bat and ended up, perhaps via an intermediate host, in a human -- and another, and another. Eventually it found its way to the Huanan seafood market, and jumped into dozens of new hosts in an explosive super-spreading event. The COVID-19 pandemic had begun. [...] Being prepared means being ready to spring into action, "so that when something like this happens, you're moving quickly," Ronald Klain, who coordinated the U.S. response to the West African Ebola outbreak in 2014, told me. "By early February, we should have triggered a series of actions, precisely zero of which were taken." Trump could have spent those crucial early weeks mass-producing tests to detect the virus, asking companies to manufacture protective equipment and ventilators, and otherwise steeling the nation for the worst. Instead, he focused on the border. On January 31, Trump announced that the U.S. would bar entry to foreigners who had recently been in China, and urged Americans to avoid going there.

Read more of this story at Slashdot.

It will finally be slightly easier to share files, images, links, and other content between Android devices. Google is launching a new Android feature called "Nearby Share" that enables direct sharing between any device running Android 6 and up. Nearby Share is already available on some Pixel and Samsung phones, and Google says it'll arrive on other devices "over the next few weeks." From a report: Nearby Share works very much like Apple's AirDrop feature for the iPhone: you simply select the Nearby Share button on the share menu and then wait for a nearby phone to appear. Then whatever thing you're sharing is sent directly over your transfer method of choice to the other phone. As with AirDrop, you can set your preferred visibility for Nearby Share to different levels of contacts: all, some, or stay hidden. Google says it's even possible to "send and receive files anonymously." (Welcome to AirSlothing, Android users.) Nearby Share also shares files directly via whatever method your two phones deem is fastest: "Bluetooth, Bluetooth Low Energy, WebRTC or peer-to-peer Wi-Fi," which Google says should allow it to work offline.

Read more of this story at Slashdot.

Apple announced on Tuesday that longtime marketing boss Phil Schiller will step down from his role and be replaced by one of his deputies, Greg Joswiak, who now has Schiller's former title of vice president of worldwide marketing. From a report: Schiller will continue to work at Apple as an "Apple Fellow," the company said, and will continue his role as the boss of Apple's App Store and company events. Schiller will also continue to report to Apple CEO Tim Cook. Schiller has worked at Apple since 1987. "I'll keep working here as long as they will have me, I bleed six colors, but I also want to make some time in the years ahead for my family, friends, and a few personal projects I care deeply about," Schiller said in a statement. Schiller's departure from his formal role on Apple's leadership team comes following several other notable departures over the last couple years, including head of design Jony Ive, PR boss Steve Dowling and retail boss Angela Ahrendts. But Apple also made an addition to its exec team in that time period with John Giannandrea, the head of artificial intelligence.

Read more of this story at Slashdot.

A U.S. investigation into ByteDance's TikTok is really intended to smother a Chinese-owned app that's become a sensation with Americans, founder Zhang Yiming told employees in China Tuesday. From a report: In his second missive to the troops in as many days, the billionaire entrepreneur said a government probe into the company's 2017 purchase of Musical.ly, -- TikTok's progenitor -- was intended to spur a complete shutout. Escalating U.S.-China tensions had prompted American politicians to warn that the app posed a potential national security threat and call for an investigation into whether U.S. user data was being shared with Beijing, accusations that ByteDance has repeatedly rejected. Beijing-based ByteDance has come under pressure from the White House and U.S. lawmakers to sell off its U.S. TikTok operations and now has until Sept. 15 to hold negotiations with Microsoft over such a deal. President Donald Trump said on Monday any sale of TikTok's American operations would have to include a substantial payment to the U.S., though it wasn't clear under what authority he can extract a payment. While a forced sale of TikTok to U.S. buyer is "unreasonable", it is still part of a legal process and the company has no choice but to abide by the law, Zhang said. "But this is not their goal, or even what they want. Their real objective is to achieve a comprehensive ban," he wrote.

Read more of this story at Slashdot.

An anonymous reader shares a report: In the future, deepfake videos and audiofakes may well be used to create distinct, sensational moments that commandeer a press cycle, or to distract from some other, more organic scandal. But undetectable textfakes -- masked as regular chatter on Twitter, Facebook, Reddit, and the like -- have the potential to be far more subtle, far more prevalent, and far more sinister. The ability to manufacture a majority opinion, or create a fake-commenter arms race -- with minimal potential for detection -- would enable sophisticated, extensive influence campaigns. Pervasive generated text has the potential to warp our social communication ecosystem: algorithmically generated content receives algorithmically generated responses, which feeds into algorithmically mediated curation systems that surface information based on engagement. Our trust in each other is fragmenting, and polarization is increasingly prevalent. As synthetic media of all types -- text, video, photo, and audio -- increases in prevalence, and as detection becomes more of a challenge, we will find it increasingly difficult to trust the content that we see. It may not be so simple to adapt, as we did to Photoshop, by using social pressure to moderate the extent of these tools' use and accepting that the media surrounding us is not quite as it seems. This time around, we'll also have to learn to be much more critical consumers of online content, evaluating the substance on its merits rather than its prevalence.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: You won't be able to use Sony's DualShock 4 or other third-party PS4 gamepads to play PlayStation 5 games, Sony confirmed in a blog post today. Those older gamepads will still work with "supported PS4 games" running on the PS5, Sony said, and PS5 software will work with "specialty peripherals" designed for the PS4 -- including "officially licensed racing wheels, arcade sticks, and flight sticks." Those caveats highlight the fact that there's no technical limitation or communication protocol mismatch stopping the upcoming hardware from communicating with legacy controllers. But Sony says it "believe[s] that PS5 games should take advantage of the new capabilities and features we're bringing to the platform, including the features of DualSense wireless controller." Those features include what Sony is calling "haptic feedback and dynamic trigger effects" and a built-in microphone (last month, Geoff Keighley hosted what is, thus far, the only public hands-on impressions of these new controller features). The DualSense compatibility decision casts Sony in contrast to Microsoft, which is promising that "your Xbox One gaming accessories come into the future with you, too" with the coming Xbox Series X. While that promise doesn't extend to the defunct Kinect camera, it does include specialty pads like the Xbox Elite Controller and Xbox Adaptive Controller. "We believe that your investments in gaming should move with you into the next generation," Microsoft wrote in a blog post last month. PlayStation Move controllers -- first released in 2010 for use with the PS3—will continue to work with PlayStation VR games on the PS5, Sony said. The PS4's existing PlayStation Camera accessory will also work on the PS5, though it will require an adaptor that Sony says it will be providing to users for free.

Read more of this story at Slashdot.

schwit1 writes: President Trump announced the removal of Tennessee Valley Authority's chair James Thompson and board member Richard Howoth and called for the removal of their CEO Bill Johnson. This was in response to the company laying off employees and hiring H1-B visa holders. [TVA announced it would outsource 20% of its technology jobs to companies based in foreign countries, which could cause more than 200 highly skilled American tech workers in Tennessee to lose their jobs to foreign workers, according to the White House.] During the round table discussion, it was announced the company is willing to reverse course and rehire previously laid off employees. The president also said he would not ban the TikTok app if Microsoft or another company bought it before September 15th. "The TVA is a federally owned corporation created in 1933 to provide flood control, electricity generation, fertilizer manufacturing and economic development to the Tennessee Valley, a region that was hard hit by the Great Depression," reports The Associated Press. "The region covers most of Tennessee and parts of Alabama, Mississippi and Kentucky as well as small sections of Georgia, North Carolina and Virginia." Trump said the new chief executive officer must "[put] the interests of Americans first," adding: "The new CEO must be paid no more than $500,000 a year. We want the TVA to take action on this immediately. [...] Let this serve as a warning to any federally appointed board: If you betray American workers, you will hear two words: 'You're fired.'" The announcement was made as Trump signed an executive order to require all federal agencies to complete an internal audit to prove they are not replacing qualified American workers with people from other countries. According to the White House, the order will help prevent federal agencies from unfairly replacing American workers with lower cost foreign labor.

Read more of this story at Slashdot.

Christine Ro from the BBC writes about the private agents in Japan, called "wakaresaseya," that you can hire to seduce your spouse or their partner. From the report: The industry is still serving a niche market. One survey showed around 270 wakaresaseya agencies advertising online. Many are attached to private-detective firms, similar to private investigators in other countries (who can also become entangled in relationship dissolution). "Wakaresaseya service costs quite a lot of money," acknowledges [Yusuke Mochizuki, an agent of the "farewell shop" First Group], so clients tend to be well-off. Mochizuki, a former musician who has turned his lifelong interest in detective work into a career, says that he might charge 400,000 yen for a relatively straightforward case in which there's plenty of information about the target's activities, but more if the target is, for example, a recluse. Fees can go as high as 20 million yen if a client is a politician or a celebrity, requiring the highest level of secrecy. (While Mochizuki says that his firm has a high success rate, a consultancy that provides advice on the industry points out that potential clients should be sceptical of such claims, and prepared for possible failure.) Although some features of the wakaresaseya industry are unique to Japan, similar services exist around the world. They may be less formalized honeytrap or con-artist arrangements, or they may be part of the private-investigations industry. Conventionally "the Western perspective was to sensationalize the industry and almost exoticise it. There's this false exoticisation of Japan that occurs in the West quite frequently." It's difficult to gain a full understanding of the people affected by the wakaresaseya industry, because according to Scott, "people are very reluctant to be seen as associated with it, let alone a victim of it." The industry has a seedy reputation. As TV and radio producer Mai Nishiyama comments; "There's a market for everything in Japan." This includes a variety of relationship-based services like renting faux family members and the additional services offered by wakaresaseya firms, such as assistance with romantic reconciliation, separating a child from an unsuitable girlfriend or boyfriend or preventing revenge porn. Agents can also be hired to gather evidence that will help a wronged spouse collect consolation money, which is compensation for the dissolution of a relationship. Although the Yamagami International Law Office hasn't worked with wakaresaseya agents, lawyer Shogo Yamagami notes that some clients do work with private agents more generally to obtain evidence of adultery. The consolation payment system means that hiring wakaresaseya agents can be beneficial not just emotionally, but also in practical monetary terms.

Read more of this story at Slashdot.

The Federal Aviation Administration said on Monday that it is proposing requiring four key Boeing 737 MAX design changes to address safety issues seen in two crashes that killed 346 people and led to the plane's grounding in March 2019. Al Jazeera reports: The agency is issuing a proposed airworthiness directive to require updated flight-control software, revised display-processing software to generate alerts, revising certain flight-crew operating procedures, and changing the routing of some wiring bundles. The announcement is significant, but there are still other major steps, including finalizing pilot-training procedures, that must be completed before the 737 MAX can resume flights. The public has 45 days to comment on the changes, and it is still unclear if flights will resume before the end of 2020. The FAA said in a separate 96-page report released on Monday that it "has preliminarily determined that Boeing's proposed changes to the 737 MAX design, flight crew procedures and maintenance procedures effectively mitigate the airplane-related safety issues" in the two fatal crashes. The airworthiness directive seeks to require Boeing changes. The FAA said the changes minimize "dependence on pilot action and the effect of any potential single failure."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: As promised, popular weather app Dark Sky ended support for Android and Wear OS over the weekend. Android Dark Sky users report that the app is no longer working and that it presents the user with a message saying that the "app has shut down." The impending shutdown was first announced when Apple acquired the company in March of this year. Despite the end of support for the world's most popular mobile operating system, Dark Sky's developers wrote in a blog post announcing the acquisition that joining Apple means they could "reach far more people, with far more impact, than we ever could alone." The Dark Sky Android app is not the only popular service on the chopping block as a result of the acquisition. Several app developers on both iOS and Android have used Dark Sky's API for weather data for a while now, but like Android support, that's going away. There's a little more time in that case, though: developers have until the end of next year to find and implement alternative data sources. When the acquisition was first announced, Dark Sky was slated to stop working on Android on July 1. That deadline was extended by one month, but it went into effect as planned on August 1. The Web version of Dark Sky was scheduled to end today, but Apple has extended that deadline, though embeds have been disabled. A new date for the Web shutdown has not been specified. That version will remain an option for Android users for now until it, too, stops working.

Read more of this story at Slashdot.

PolygamousRanchKid shares a report from CNET: NASA's Doug Hurley and his crewmate Bob Behnken had a satellite phone at their disposal after splashdown on Sunday. At a press conference later that day, Hurley filled us in on what they did with their spare time as they floated around. "Five hours ago we were in a spaceship bobbing around making prank satellite phone calls to whoever we could get ahold of," Hurley said. "Which was kind of fun, by the way." Hurley suggested the satellite phone bill should go to SpaceX founder Elon Musk, who was sitting nearby. Hurley and Behnken didn't elaborate on the content of the prank calls, but here's hoping they tried to order a pizza for delivery to GO Navigator, the SpaceX recovery ship that fished them out of the water.

Read more of this story at Slashdot.

According to Bloomberg, attorneys general from New York and California are partnering with the FTC to investigate Amazon's online marketplace, in what may be the beginnings of a formal antitrust enforcement action. From a report: The agencies are going to interview witnesses jointly on conference calls over the next few weeks. The news comes after intense questioning over Amazon's Marketplace practices during [last week's landmark Big Tech antitrust hearing]. Rep. Lucy McBath (D-GA) asked CEO Jeff Bezos whether its actions toward Marketplace sellers was a pattern of behavior. She played testimony from a third-party bookseller who believed Amazon had blocked their store, without providing an explanation why, effectively destroying her business. Bezos responded that "third-party sellers in aggregate are doing extremely well on Amazon." The Marketplace platform allows third-party sellers to peddle their wares to Amazon's massive online customer base, accounting for more than half of all of the company's e-commerce sales. Marketplace products are often less expensive -- and sometimes of lower quality -- than other products sold on Amazon. But consumers don't always understand the difference between buying something from a third-party seller versus buying directly from Amazon or one of the company's private-label brands. Amazon's Marketplace has been in the spotlight over the past few months, following a bombshell report in The Wall Street Journal exposing how the e-commerce giant secretly used data it gathered from third-party sellers to launch its own branded products, a practice Amazon executives have denied in the past. At the hearing, Bezos said the company maintains a policy against using seller-specific data but said he could not guarantee that the policy had never been broken.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: Employees at Blizzard Entertainment, a division of Activision Blizzard Inc., began circulating a spreadsheet on Friday to anonymously share salaries and recent pay increases, the latest example of rising tension in the video game industry over wage disparities and executive compensation. Blizzard, based in Irvine, California, makes popular games including Diablo and World of Warcraft. In 2019, after an internal survey revealed that more than half of Blizzard workers were unhappy with their compensation, the company told staff it would perform a study to ensure fair pay, according to people familiar with the situation. Blizzard implemented the results of that study last month, which led to an outcry on the company's internal Slack messaging boards. One employee then created a spreadsheet and encouraged staff to share their compensation information. The anonymous document, reviewed by Bloomberg News, contains dozens of purported Blizzard salaries and pay bumps. Most of the raises are below 10%, significantly less than Blizzard employees said they expected following the study. "Our goal has always been to ensure we compensate our employees fairly and competitively," Activision Blizzard spokeswoman Jessica Taylor said. "We are constantly reviewing compensation philosophies to better recognize the talent of our highest performers and keep us competitive in the industry, all with the aim of rewarding and investing more in top employees." This year, Blizzard top performers received a salary increase that was 20% more than in prior years, and more people got promotions, Taylor added. "Our overall salary investment is consistent with prior years," she also said.

Read more of this story at Slashdot.