An anonymous reader quotes a report from Ars Technica: Researchers from IBM Trusteer say they've uncovered a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in a matter of days. The scale of the operation was unlike anything the researchers have seen before. In one case, crooks used about 20 emulators to mimic more than 16,000 phones belonging to customers whose mobile bank accounts had been compromised. In a separate case, a single emulator was able to spoof more than 8,100 devices. The thieves then entered usernames and passwords into banking apps running on the emulators and initiated fraudulent money orders that siphoned funds out of the compromised accounts. Emulators are used by legitimate developers and researchers to test how apps run on a variety of different mobile devices. To bypass protections banks use to block such attacks, the crooks used device identifiers corresponding to each compromised account holder and spoofed GPS locations the device was known to use. The device IDs were likely obtained from the holders' hacked devices, although in some cases, the fraudsters gave the appearance they were customers who were accessing their accounts from new phones. The attackers were also able to bypass multi-factor authentication by accessing SMS messages.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Researchers from IBM Trusteer say they've uncovered a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in a matter of days. The scale of the operation was unlike anything the researchers have seen before. In one case, crooks used about 20 emulators to mimic more than 16,000 phones belonging to customers whose mobile bank accounts had been compromised. In a separate case, a single emulator was able to spoof more than 8,100 devices. The thieves then entered usernames and passwords into banking apps running on the emulators and initiated fraudulent money orders that siphoned funds out of the compromised accounts. Emulators are used by legitimate developers and researchers to test how apps run on a variety of different mobile devices. To bypass protections banks use to block such attacks, the crooks used device identifiers corresponding to each compromised account holder and spoofed GPS locations the device was known to use. The device IDs were likely obtained from the holders' hacked devices, although in some cases, the fraudsters gave the appearance they were customers who were accessing their accounts from new phones. The attackers were also able to bypass multi-factor authentication by accessing SMS messages.

Read more of this story at Slashdot.

The huge iceberg bumps into shallow seafloor off South Georgia island and knocks off a corner.

The socialist regime once cracked down on bitcoin miners. Now it's mining the digital asset itself. From a report: At a military base outside Caracas, Venezuela, state video footage shows officers in green fatigues cut a blue ribbon donned with a cluster of glossy balloons. Then, the men pry open the doors of a narrow, dimly-lit bunker. But the balloons weren't inaugurating a new weapons factory or training facility. They marked the opening of a new bitcoin mining farm. Venezuela's President Nicolas Maduro needs cash to sustain his grip on power after muddling through one of the worst economic implosions seen in recent modern history in the Western Hemisphere. It appears that Maduro's last ditch effort to buoy Venezuela's shriveling economy is to dig deep for this digital asset and sell it for hard cash. "In a strategic alliance with private capital, the Bolivarian army inaugurated the first center for the production of digital assets at the Fuerte Tiuna facilities," said a spokesperson in footage published by state television in late November. Venezuelan General Domingo Antonio Hernandez Larez details the project in a cramped conference room, then he and other officers fondle a few S9 AntMiners, a type of specialized computer used to mine bitcoin, the volatile cryptocurrency whose price is scraping all-time-highs of just under $20,000 per coin. "This center of digital asset production will ensure self-financing sufficiency within the military," the Venezuelan state TV official explains. "These mining activities will be key for increasing revenues for the country."

Read more of this story at Slashdot.

An international mission led by the World Health Organization (WHO) is expected to go to China in the first week of January to investigate the origins of the virus that sparked the COVID-19 pandemic, a member and diplomats told Reuters this week. From a report: The United States, which has accused China of having hidden the outbreak's extent, has called for a "transparent" WHO-led investigation and criticised its terms, which allowed Chinese scientists to do the first phase of preliminary research. China reported the first cases of a pneumonia of unknown cause in Wuhan, central China, to the WHO on Dec. 31 and closed a market where the novel coronavirus is believed to have emerged. Health ministers called on the WHO in May to identify the source of the virus and how it crossed the species barrier. Now a team of 12-15 international experts is finally preparing to go to Wuhan to examine evidence, including human and animal samples collected by Chinese researchers, and to build on their initial studies. Thea Fischer, a Danish member, said that the team would leave "just after New Year's" for a six-week mission, including two weeks of quarantine on arrival.

Read more of this story at Slashdot.

A judge has ordered Apple to produce Tim Cook and Craig Federighi to testify for the Apple versus Epic lawsuit, and they must produce required documents before the next hearing. From a report: The Apple versus Epic lawsuit continues as publicly filed court documents tell us a bit more about the upcoming trial. Epic wants Apple to produce extensive documentation surrounding the App Store and its operations, but there has been some deliberation as to how extensive this data needs to be, and who will present it. The document filed states that Apple will have a large burden placed on them to gather much of what Epic is asking for. The court sides with Apple here stating that Epic need not ask for more amplifying data unless absolutely necessary. The most important part of the court filing is who's going to be made available to represent Apple. Epic has requested that Tim Cook and Craig Federighi be made available for the hearing. Apple says that Tim Cook will be available, but requests his deposition be limited to four hours. Apple also requested that Eric Neuenshwander, who runs the App Store and reports to Craig Federighi, be present instead.

Read more of this story at Slashdot.

My friend and former colleague John Palfrey just announced that his parents are retiring as deans at Adams House at Harvard. I had heard of this role, and wondered what it was about. They have a great description. Sounds like a good way to bring a bit of home into a young person's college experience.

Trump wants to be "president" not president. This came out during the 2016 campaign when he offered the job of real president to Kasich. So he'll go to Mar a Lago, take the "presidential" oath of office while Biden takes the actual oath of office, and everyone is happy.

YouTube TV does something smart that all TV services should do. They have a web interface. So you can go there and edit your preferences, menus, program your DVR, whatever. Roku should do that too, as should HBO Mess, or the arcane UI of LG-land. Set up your watch list. Integrate with BingeWorthy! (i.e. have an API). Connect your world to mine. It's amazing how much of the design of the LG television assumes their TV is the center of our world. It's for watching. Not controlling. Relaxing, meditating, self-medicating with boredom. Not a place where you get big ideas, and if you do it's a lost cause because the UI tools are limited to what a remote can do.

Should the “paper of record” be behind a paywall?

A bipartisan coalition of states sued Alphabet's Google Thursday alleging broad antitrust violations in the online search market, marking the third U.S. case against the search giant in two months. From a report: The lawsuit, led by Colorado, Iowa and other states, marks the latest escalation of the antitrust battle against Google. It comes a day after 10 Republican state attorneys general led by Texas sued the company for anticompetitive practices, and follows an October complaint by the Justice Department. "Combined with the other recent lawsuits filed against Google, never before have so many states and the federal government come together to challenge a company with such power," Iowa Attorney General Tom Miller said a statement. "Google has more data on consumers, and more variety of information, than perhaps any entity in history." The lawsuit, filed by 38 attorneys general, accuses Google of illegally monopolizing internet search and search advertising through a series of anticompetitive contracts and conduct, hurting consumers and advertisers in the process.

Read more of this story at Slashdot.

Makers of cars and electronic devices from TVs to smartphones are sounding alarm bells about a global shortage of chips, which is causing manufacturing delays as consumer demand bounces back from the coronavirus crisis. From a report: The problem has several causes, industry executives and analysts say, including bulk-buying by U.S. sanctions-hit Chinese tech giant Huawei Technologies, a fire at a chip plant in Japan, coronavirus lockdowns in Southeast Asia, and a strike in France. More fundamentally, however, there has been under-investment in 8-inch chip manufacturing plants owned mostly by Asian firms, which means they have struggled to ramp up production as demand for 5G phones, laptops and cars picked up faster than expected. "For the whole electronics industry, we've been experiencing a shortage of components," said Donny Zhang, CEO of Shenzhen-based sourcing company Sand and Wave, who said he faced delays in obtaining a microcontroller unit that was key to a smart headphone product he was working on. "We were originally planning to complete production in one month, but now it looks like we'll need to do it in two." A source at a Japanese electronics component supplier said it was seeing shortages of WiFi and Bluetooth chips and was expecting delays of more than 10 weeks.

Read more of this story at Slashdot.

Computer programs that automate online tasks, called bots, have aligned with the coronavirus pandemic and low inventories of hot products to create a perfect storm of holiday disappointment -- or opportunity, depending on your perspective. From a report: On Black Friday, when it launched a deal on the console, Walmart.com says it blocked more than 20 million bot attempts in the sale's first 30 minutes. Target says it's constantly tracking and blocking bots, focusing on high-demand products such as the PS5. One British retailer called Very said it canceled at least 1,000 game console orders after it realized they were placed by bots. Using shopping bots to buy these products is perfectly legal in the United States, despite flustering retailers and stoking annoyance for customers like Coleman. Some bot operators are modern scalpers, in it to make money by forcing Santa to pay market prices. Others are computer-savvy shoppers now turning to bots out of desperation to fill their own gift lists. Shopping bots aren't new, but their use is growing fast. Deployed by people who buy and resell tickets, high-end sneakers and designer fashion, they're now expanding into other categories where demand outstrips supply -- including grocery delivery slots at the height of the pandemic. Imperva, a cybersecurity firm, says that among its clients, "bad bots" accounted for 24.1 percent of all traffic in 2019 -- up from 20.4 percent in 2018. Bots are only one part of the PS5 crunch -- there have even been daring heists. But stopping the use of bots is easier said than done in an Internet economy that connects so many different interests: companies that want to make highly sought-after products and early adopters who will do anything to get them.

Read more of this story at Slashdot.

Google won European Union approval for its $2.1 billion takeover of health tracker Fitbit, days after regulators proposed tougher rules to curb powerful technology firms' push into new services. From a report: The European Commission said Google's pledge to maintain access for rival health and fitness apps and device makers for 10 years removed its concerns about the U.S. tech giant's move into health data and devices. Smaller rivals previously complained that the company's promises might not go far enough to stop Google shutting off access in future to rival products or services. "The commitments will determine how Google can use the data collected for ad purposes, how interoperability between competing wearables and Android will be safeguarded and how users can continue to share health and fitness data, if they choose to," Margrethe Vestager, the EU's antitrust chief, said in a statement Thursday. Approval comes in a harsh climate when Google and others are facing mounting scrutiny of acquisitions that help them push into new areas. Google announced its plans to buy Fitbit in November 2019, describing the bid for the smartwatch maker as a boost to its lagging hardware business.

Read more of this story at Slashdot.

I expect there won;t be much blogging today with the snow and development projects. But I was having a talk with a friend about tech stuff and mentioned a few things worth looking at. 1. Fat Web Pages, which were a way of distributing script bits via the web in the 90s. 2. Postel's Robustness Principle, a cornerstone of web interop. 3. Simple Cross-Network Scripting, another development project in the 90s, that made it almost as easy to call a procedure over the net as it was to call one on your own machine. I really should write a book with some of these projects and the philosophy behind them.