Cross-Cultural Study on Recognition of Emoticon’s shows that different cultures see emojis differently

Emoticons are getting more popular as the new communication channel to express feelings in online communication. Although familiarity to emoticons depends on cultures, how exposure matters in emotion recognition from emoticon is still open. To address this issue, we conducted a cross-cultural experimental study among Cameroon and Tanzania (hunter-gatherers, swidden farmers, pastoralists, and city dwellers) wherein people rarely experience emoticons and Japan wherein emoticons are popular. Emotional emoticons (e.g., ☺) as well as pictures of real faces were presented on a tablet device. The stimuli expressed a sad, neutral, or happy feeling. The participants rated the emotion of stimulus on a Sad–Happy Scale. We found that the emotion rating for the real faces was slightly different but similar among three cultural groups, which supported the “dialect” view of emotion recognition. Contrarily, while Japanese people were also sensitive to the emotion of emoticons, Cameroonian and Tanzanian people hardly read emotion from emoticons. These results suggested that the exposure to emoticons would shape the sensitivity to emotion recognition of emoticons, that is, ☺ does not necessarily look smiling to everyone.

Source: Is ☺ Smiling? Cross-Cultural Study on Recognition of Emoticon’s EmotionJournal of Cross-Cultural Psychology – Kohske Takahashi, Takanori Oishi, Masaki Shimada, 2017

39 episodes of ‘CSI’ used to build AI’s natural language model

group of University of Edinburgh boffins have turned CSI:Crime Scene Investigation scripts into a natural language training dataset.Their aim is to improve how bots understand what’s said to them – natural language understanding.Drawing on 39 episodes from the first five seasons of the series, Lea Freeman, Shay Cohen and Mirella Lapata have broken the scripts up as inputs to a LSTM (long short-term memory) model.The boffins used the show because of its worst flaw: a rigid adherence to formulaic scripts that make it utterly predictable. Hence the name of their paper: “Whodunnit? Crime Drama as a Case for Natural Language Understanding”.“Each episode poses the same basic question (i.e., who committed the crime) and naturally provides the answer when the perpetrator is revealed”, the boffins write. In other words, identifying the perpetrator is a straightforward sequence labelling problem.What the researchers wanted was for their model to follow the kind of reasoning a viewer goes through in an episode: learn about the crime and the cast of characters, start to guess who the perp is (and see whether the model can outperform the humans).

Source: 39 episodes of ‘CSI’ used to build AI’s natural language model • The Register

Bitcoin Pioneer Says New Coin to Work on Many Blockchains

The mobility means that if one blockchain dies out as the result of infighting among developers or slackened use, metronome owners can move their holdings elsewhere. That should help the coins retain value, and ensure their longevity, Garzik, co-founder of startup Bloq that created metronome, said in a phone interview. It will be unveiled Tuesday at the Money 20/20 conference in Las Vegas.”Institutional investors should be very excited to see something like this,” Matthew Roszak, the other co-founder of Bloq and chairman of industry advocate Chamber of Digital Commerce, said in a phone interview. “We’ve built a thousand-year cryptocurrency, something that’s built to last.”That’s a concern for many digital currencies. Infighting among developers and various supporters, and the slow pace of enhancements on the bitcoin blockchain have helped to limit use. Both bitcoin and its main rival, ethereum, have split into several versions.More splits could be coming — partly, thanks to Garzik, who is a proponent of and a developer for an upgrade to the bitcoin network called SegWit2x, which offers one way to speed up transactions. That split could happen in November.

Source: Bitcoin Pioneer Says New Coin to Work on Many Blockchains – Bloomberg

A useful feature for a coin.

Turns out that dating apps can give away your location, show who you like and who and where you are

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We’re talking here about intercepting and stealing personal information and the de-anonymization of a dating service that could cause victims no end of troubles – from messages being sent out in their names to blackmail. We took the most popular apps and analyzed what sort of user data they were capable of handing over to criminals and under what conditions.We studied the following online dating applications: Tinder for Android and iOS Bumble for Android and iOS OK Cupid for Android and iOS Badoo for Android and iOS Mamba for Android and iOS Zoosk for Android and iOS Happn for Android and iOS WeChat for Android and iOS Paktor for Android and iOSBy de-anonymization we mean the user’s real name being established from a social media network profile where use of an alias is meaningless.

Source: Dangerous liaisons – Securelist

AMD sales soar, actually makes a profit, beats expectations, share price… decimated

Personal TechAMD sales soar, actually makes a profit, beats expectations, share price… decimatedIntel’s antitrust shield even loses when it winsBy Shaun Nichols in San Francisco 25 Oct 2017 at 00:0816 Reg comments SHARE ▼guitar player on shuttertsock photo of (sisyphus) man rolling a rock up a hill. photo by SHutterstock/PHOTOCREO Michal BednarekAMD revenues were up, an actual proper profit was banked, and its future looking brighter than ever in the past financial quarter… meanwhile investors are selling off shares fearing a downturn looming for the chip designer.Strong sales from its Ryzen and Epyc Zen-based processor lines helped the world’s second-favorite x86 PC and server chip slinger grow revenues by more than 25 per cent in its third quarter of 2017, the three months to September 30. Here’s a summary of the figures, announced on Tuesday: Revenues of $1.64bn were up 26 per cent from $1.31bn in Q3 2016, and topped analyst estimates of $1.51bn. Net income of $71m topped the admittedly low bar set by last year’s $406m quarterly loss, in large part caused by a $340m payment to Global Foundries. For a different angle, non-GAAP operating income this year was $110m compared to $27m this time last year. Earnings per share were $0.10 non-GAAP, topping analyst estimates of $0.08. Computing and graphics processors (PC CPUs and GPUs) accounted for much of the jump, as the Ryzen launch and Radeon revamp bumped revenues to $819m, compared to $472m on the year-ago quarter. CEO Lisa Su claimed AMD’s Ryzen desktop processors made up 40 to 50 per cent of CPU sales at certain online retailers. Enterprise, embedded, and semi-custom (everything from servers to games console chips) logged revenues of $824m, down slightly from $835m this time last year.
Investors, meanwhile, seemed to be less interested in 7nm than in what lies immediately ahead for AMD. For the upcoming quarter, the chip designer is expecting a sequential revenue decline of 15 per cent, with year-over-year Q4 revenues up by 26 per cent. Additionally, AMD said that it sees sales for hardware specializing in blockchain calculations – GPUs for Bitcoin and other alt-coin mining, which has fueled sales – “leveling off” as demand slows.

Those figures spooked shareholders after hours, sending AMD stock down by 10.5 per cent to around $12.75 per share at the time of writing.

Source: AMD sales soar, actually makes a profit, beats expectations, share price… decimated • The Register

Signs the market we use is outdated!

International (24 regulators) enforcement operation finds website privacy notices are too vague and generally inadequate (over 455 websites and apps)

An investigation by 24 data protection regulators from around the world – led by the UK’s Information Commissioner’s Office – concluded that ‘there is significant room for improvement in terms of specific details contained in privacy communications’.The privacy notices, communications and practices of 455 websites and apps in sectors including retail, finance and banking, travel, social media, gaming/gambling, education and health were assessed to consider whether it was clear from a user’s perspective exactly what information was collected, for what purpose, and how it would be processed, used and shared.Overall, the Global Privacy Enforcement Network (GPEN) came to the following conclusions: Privacy communications across the various sectors tended to be vague, lacked specific detail and often contained generic clauses. The majority of organisations failed to inform the user what would happen to their information once it had been provided. Organisations were generally quite clear on what information they would collect from the user. Organisations generally failed to specify with whom data would be shared. Many organisations failed to refer to the security of the data collected and held – it was often unclear in which country data was stored or whether any safeguards were in place. Just over half the organisations examined made reference to how users could access the personal data held about them.

Source: GPEN Sweep 2017 – International enforcement operation finds website privacy notices are too vague and generally inadequate | Global Privacy Enforcement Network

Samsung repurposes old phones – bitcoin miner, fishtank monitor, promises to open up

The phone-in-the-closet phenomenon has become a hidden store of e-waste; a two-year-old phone still has value and is still a powerful device. And so it’s great news that Samsung is starting a new “Upcycling” initiative that is designed to turn old smartphones and turn them into something brand new.Behold, for example, this bitcoin mining rig, made out of 40 old Galaxy S5 devices, which runs on a new operating system Samsung has developed for its upcycling initiative.
The team hooked 40 old Galaxy S5’s together to make a bitcoin mining rig, repurposed an old Galaxy tablet into a ubuntu-powered laptop, used a Galaxy S3 to monitor a fishtank, and programed an old phone with facial recognition software to guard the entrance of a house in the form of an owl.
It’s all very cool and Samsung plans to release both the software it used to unlock the phones as well as the various plans for the projects online for free.
Upcycling is a great way to keep old devices alive and it can’t easily happen without the original manufacturer’s support. “The challenge with keeping old electronics running a long time is software,” Kyle Wiens, CEO of iFixit, told me over the phone. “With phones in particular, the old software is insecure and doesn’t run the new apps.
Samsung’s upcycling project has a placeholder github with a video explaining its process. “They’re setting up a maker magazine style portfolio of projects,” Wiens explained. The site will work by allowing users to download software that removes Android and opens the devices up to other forms of software. From there, users can browse a wide variety of homebrew software and projects.

The platform will be open, so users can make and upload their own projects and software once it launches. In an example from a Samsung promotional video, a user downloaded fish monitoring software to an old Galaxy S3 and ordered the sensors for the water right from the website. After it’s all set up, the user has a device that monitors the PH balance and heat of the fish tank. It even allows the pet owner to snap pics of their swimmers or turn the lights on and off.

Robust support for repurposing devices like this is unheard of in the tech industry. Companies such as Apple have made it hard for users to fix their own broken devices. In most cases, manufacturers would rather people just buy new devices than fix their old ones. It’s a philosophy that’s good for the company, but bad for the environment and bad for the customer.

Source: Samsung Made a Bitcoin Mining Rig Out of 40 Old Galaxy S5s – Motherboard

Well done Samsung!
The upcycling website is

Android Is Quietly Sharing Your Physical Activity with Other Apps

Google snuck a questionable feature into the operating system with a recent update. A new permission called “activity recognition” may be tracking your physical activity and sharing it with third-party apps, and there’s no easy way to stop it.
What Is Activity Recognition?

The “activity recognition” permission was shared on Reddit earlier this week. Basically, it allows Google to track your physical activity (biking, running, standing still) using your phone’s built-in sensors and then share that information with third-party apps.

SoundHound and Shazam both appear to be using the permission, though it’s unclear why. Activity recognition is also categorized in the list of “other” permissions, so it won’t show up when an app updates on your phone. The only way to check is to go into each app on your device and look at all of its permissions.
How to Deal With It

There’s also no way to revoke this specific permission either across the board or on an app-by-app basis. If it’s an app you don’t use that often you could always delete it off your phone to avoid sharing your personal information. One Reddit user also suggested preventing those apps from running in the background.

Unfortunately, there’s no easy way to deal with activity recognition for now. Hopefully Google will offer a fix eventually, but until then you may just have to accept that owning a smartphone means giving up a bit of your privacy.

Source: Android Is Quietly Sharing Your Physical Activity with Other Apps

Google is getting more and more invasive, with Google Maps tracking your location all the time and the Google play store, Inbox and Google Play services (among others) requiring microphone and body sensors permissions for proper operations. Why? Because privacy is dead to Google as well.

This Company Added the Word ‘Blockchain’ to Its Name and Saw Its Shares Surge 394%

n-line Plc jumped as much as 394 percent on Friday after announcing plans to change its name to On-line Blockchain Plc, following an initial climb of 19 percent on Thursday when it first announced the news. It’s the biggest one-day gain for the small-cap company since its December 1996 listing. The trading volume that reached 2.9 million shares by early afternoon in London is equal to more than 16 times the entire year’s trading before the last two days.
This isn’t the first time that investors have gotten excited about a name. Shares in Colorado-based Bioptix Inc. nearly doubled in value in the days leading up to its name change to Riot Blockchain Inc. earlier this month. In what seems to be a case of mistaken identity, a New York-based startup called SNAP Interactive Inc. jumped more than 150 percent in the days after Snap Inc. filed for a $3 billion initial public offering in February. Little-known SNAP Interactive makes mobile dating apps, while Snap Inc. is the parent of the popular Snapchat photo-sharing app.

Source: This Company Added the Word ‘Blockchain’ to Its Name and Saw Its Shares Surge 394% – Bloomberg

A generative vision model that trains with high data efficiency and breaks text-based CAPTCHAs

Learning from few examples and generalizing to dramatically different situations are capabilities of human visual intelligence that are yet to be matched by leading machine learning models. By drawing inspiration from systems neuroscience, we introduce a probabilistic generative model for vision in which message-passing based inference handles recognition, segmentation and reasoning in a unified way. The model demonstrates excellent generalization and occlusion-reasoning capabilities, and outperforms deep neural networks on a challenging scene text recognition benchmark while being 300-fold more data efficient. In addition, the model fundamentally breaks the defense of modern text-based CAPTCHAs by generatively segmenting characters without CAPTCHA-specific heuristics. Our model emphasizes aspects like data efficiency and compositionality that may be important in the path toward general artificial intelligence.

Source: A generative vision model that trains with high data efficiency and breaks text-based CAPTCHAs

Nvidia uses Progressive Growing of GANs for Improved Quality, Stability, and Variation and makes photorealistic faces with them

We describe a new training methodology for generative adversarial networks. The key idea is to grow both the generator and discriminator progressively, starting from low-resolution images, and add new layers that deal with higher resolution details as the training progresses. This greatly stabilizes the training and allows us to produce images of unprecedented quality, e.g., CelebA images at 1024² resolution. We also propose a simple way to increase the variation in generated images, and achieve a record inception score of 8.80 in unsupervised CIFAR10. Additionally, we describe several small implementation details that are important for discouraging unhealthy competition between the generator and discriminator. Finally, we suggest a new metric for evaluating GAN results, both in terms of image quality and variation. As an additional contribution we construct a higher quality version of the CelebA dataset that allows meaningful exploration up to the resolution of 1024² pixels.

Source: Progressive Growing of GANs for Improved Quality, Stability, and Variation | Research

alcohol hangover–a puzzling phenomenon

The alcohol hangover develops when blood alcohol concentration (BAC) returns to zero and is characterized by a feeling of general misery that may last more than 24 h. It comprises a variety of symptoms including drowsiness, concentration problems, dry mouth, dizziness, gastro-intestinal complaints, sweating, nausea, hyper-excitability, and anxiety. The alcohol hangover is an intriguing issue since it is unknown why these symptoms are present after alcohol and its metabolites are eliminated from the body.

Although numerous scientific papers cover the acute effects of alcohol consumption, researchers largely neglected the issue of alcohol hangover. This lack of scientific interest is remarkable, since almost everybody is familiar with the unpleasant hangover effects that may arise the day after an evening of excessive drinking, and with the ways these symptoms may affect performance of planned activities.

Many people favour the (unproven) popular belief that dehydration is the main cause of alcohol hangover symptoms. However, taking a closer look at the present research on biological changes during alcohol hangovers suggests otherwise.
nterestingly, no significant differences were found in absenteeism between workers reporting hangovers and those who did not. A possible explanation may be that workers with a hangover feel that having a hangover is ‘their own fault’, and the obligation they have to go to work may prevent calling sick. The fact that workers do go to work when having a hangover is of concern, especially since some in jobs making the wrong decisions may have serious consequences.

The article by Stephens and colleagues calls for additional hangover research, using more sophisticated research methods. In this context, researchers should ask themselves the question ‘ what is the alcohol hangover?’. It is evident that besides the alcohol amount many other factors play a role in determining the presence and severity of hangovers. To complicate matters, co-occurring dehydration and sleep deprivation have an impact on the next-day effect of excessive alcohol consumption as well. Until future research elucidates its pathology, the alcohol hangover remains a puzzling phenomenon.

Source: alcohol hangover–a puzzling phenomenon | Alcohol and Alcoholism | Oxford Academic

It turns out we don’t really know much about hangovers and it’s quite difficult to actually study them.

Exclusive: Microsoft Has Stopped Manufacturing The Kinect

Manufacturing of the Kinect has shut down. Originally created for the Xbox 360, Microsoft’s watershed depth camera and voice recognition microphone sold ~35 million units since its debut in 2010, but Microsoft will no longer produce it when retailers sell off their existing stock. The company will continue to support Kinect for customers on Xbox, but ongoing developer tools remain unclear. Microsoft shared the news with Co.Design in exclusive interviews with Alex Kipman, creator of the Kinect, and Matthew Lapsen, GM of Xbox Devices Marketing.

The Kinect had already been slowly de-emphasized by Microsoft, as the Xbox team anchored back around traditional gaming to counter the PS4, rather than take its more experimental approach to entertainment. Yet while the Kinect as a standalone product is off the market, its core sensor lives on. Kinect v4–and soon to be, v5–powers Microsoft’s augmented reality Hololens, which Kipman also created. Meanwhile, Kinect’s team of specialists have gone on to build essential Microsoft technologies, including the Cortana voice assistant, the Windows Hello biometric facial ID system, and a context-aware user interface for the future that Microsoft dubs Gaze, Gesture, and Voice (GGV).

A real shame for a truly revolutionary MS product.

Saudi Arabia grants citizenship to a ROBOT as critics say it now has more rights than women


audi Arabia has become the first nation to grant citizenship to a robot – prompting critics to point out that the cyborg now has more rights than women in the country.

The oil-rich state made the baffling announcement at a conference in capital city Riyadh.

A robot named Sophia was filmed giving a speech after being given the ‘unique distinction’.

The move means it is illegal to switch it off or dismantle it, but it is unclear what other rights have been conferred on the mechanoid.

The life-like device said in a speech at the Future Investment Initiative summit: “I am very honoured and proud for this unique distinction.

Vanilla aircraft completes five day flight with diesel powered UAV


After five days, one hour twenty-four minutes, and traversing over 7000 miles, Vanilla Aircraft’s VA001 touched down at NASA Wallops Flight Facility in Virginia, successfully completing the longest unmanned internal combustion powered flight in history. The 36-foot wingspan, diesel-powered aircraft landed with three days of fuel remaining on board, successfully meeting its goal of a five day flight. Carrying multiple payloads, including a NASA-furnished multispectral imager and a DoD-furnished sensor and radio, this flight showed the practical use of an ultra-endurance heavy fuel aircraft with a logistics footprint a fraction of those required by other current unmanned air systems.

What DNA Testing Companies’ Terrifying Privacy Policies Actually Mean

When you spit in a test tube in in hopes of finding out about your ancestry or health or that perfect, genetically optimized bottle of wine, you’re giving companies access to some very intimate details about what makes you, you. Your genes don’t determine everything about who you are, but they do contain revealing information about your health, relationships, personality, and family history that, like a social security number, could be easily abused. Not only that—your genes reveal all of that information about other people you’re related to, too.
Gizmodo slogged though every line of, 23andMe, and Helix’s privacy, terms of service, and research policies with the help of experts in privacy, law and consumer protection. It wasn’t fun. We fell asleep at least once. And what we found wasn’t pretty.

“It’s basically like you have no privacy, they’re taking it all,” said Joel Winston, a consumer protection lawyer. “When it comes to DNA tests, don’t assume you have any rights.”
here’s what you need to know before giving away your genetic information.

Testing companies can claim ownership of your DNA

It’s unclear who has access to your DNA, or for what

Your anonymous genetic information could get leaked

If you sue and lose, you’re screwed

If companies get rich off your DNA, you get nothing

Source: What DNA Testing Companies’ Terrifying Privacy Policies Actually Mean

A very good article examining the privacy clauses of some genetic testing companies followed up by an analysis of what this means for the consumer. Be scared.

New AI Go machine defeats old best Go AI by 100-0, learning without human input.

A long-standing goal of artificial intelligence is an algorithm that learns, tabula rasa, superhuman proficiency in challenging domains. Recently, AlphaGo became the first program to defeat a world champion in the game of Go. The tree search in AlphaGo evaluated positions and selected moves using deep neural networks. These neural networks were trained by supervised learning from human expert moves, and by reinforcement learning from self-play. Here we introduce an algorithm based solely on reinforcement learning, without human data, guidance or domain knowledge beyond game rules. AlphaGo becomes its own teacher: a neural network is trained to predict AlphaGo’s own move selections and also the winner of AlphaGo’s games. This neural network improves the strength of the tree search, resulting in higher quality move selection and stronger self-play in the next iteration. Starting tabula rasa, our new program AlphaGo Zero achieved superhuman performance, winning 100–0 against the previously published, champion-defeating AlphaGo.

Source: Mastering the game of Go without human knowledge : Nature : Nature Research

Atlas of the Underworld: a map of the tectonic plates (slabs) and their depth into the mantle

Welcome to the website of The Atlas of the underworld – the first complete mapping of subducted plates in the Earth’s mantle and their geological interpretation.The Earth’s rigid outer shell – the lithosphere – is broken into plates that move relative to one another along discrete plate boundaries – ridges, transforms, and subduction zones. At subduction zone plate boundaries, one plate disappears below another and sinks into the mantle. These sinking plates, called ‘slabs’, are colder than their surroundings, and remain colder for a very long period of time – about 250 million years. As a result, the speed at which seismic waves travel through these bodies of sinking lithosphere is a little higher than from the surrounding hot mantle. Since the 1980’s, the technique of seismic tomography has been developed that provides a 3D image of the seismic velocity structure of the Earth’s crust and mantle, from the surface to the boundary between the mantle and the Earth’s liquid outer core at a depth of 2900 km.Subduction leaves a distinct geological record at the Earth’s surface, in the form of major mountain ranges such as the Andes or the Himalaya, or major volcanic arcs such as the Pacific Ring of Fire. Using these geological records, Earth Scientists have developed ways to determine when and where subduction episodes started and ended. On this website, we provide the current state-of-the-art of the images of slabs in the Earth’s upper and lower mantle, and the geological interpretation of when and where they were subducting. In the main article associated with this website, we use the information provided here to deduct physical properties of the mantle and slabs, and discuss ways to develop reference frames for plate reconstructions of the geological past. On this website, we provide open access to all slabs, organized by location, age, depth, and name.

Source: Atlas of the Underworld | van der Meer, D.G., van Hinsbergen, D.J.J., and Spakman, W., 2017, Atlas of the Underworld: slab remnants in the mantle, their sinking history, and a new outlook on lower mantle viscosity, Tectonophysics

IBM broke its cloud by letting three domain names expire

Back in September, IBM was left red-faced when its global load balancer and reverse DNS services fell over for 21 hours.At the time, IBM blamed the outage on a third-party domain name registrar that was transferring some domains to another registrar. The sending registrar, IBM said, accidentally put the domains in a “hold state” that prevented them being transferred. As the load balancer and reverse DNS service relied on the domains in question, the services became inaccessible to customers.IBM’s now released an incident summary [PDF] in which it says “multiple domain names were mistakenly allowed to expire and were in hold status.”The explanation also reveals that the domain was caught up in the mess, in addition to the and domains that IBM reported as messed up in September.It’s unclear if IBM or its outsourced registrar was responsible for the failure to renew registration for the domains.

Source: IBM broke its cloud by letting three domain names expire • The Register

The dangers of the Cloud ™

Purism Librem Laptops Completely Disable Intel’s Management Engine

The Management Engine (ME), part of Intel AMT, is a separate CPU that can run and control a computer even when powered off. The ME has been the bane of the security market since 2008 on all Intel based CPUs, with publicly released exploits against it, is now disabled by default on all Purism Librem laptops.

Source: Purism Librem Laptops Completely Disable Intel’s Management Engine – Purism

For Under $1,000, Mobile Ads Can Track Your Location

The idea is straightforward: Associate a series of ads with a specific individual as well as predetermined GPS coordinates. When those ads are served to a smartphone app, you know where that individual has been… It’s a surprisingly simple technique, and the researchers say you can pull it off for “$1,000 or less.” The relatively low cost means that digitally tracking a target in this manner isn’t just for corporations, governments, or criminal enterprises. Rather, the stalker next door can have a go at it as well… Refusing to click on the popups isn’t enough, as the person being surveilled doesn’t need to do so for this to work — simply being served the advertisements is all it takes.

Source: For Under $1,000, Mobile Ads Can Track Your Location – Slashdot

Uber’s iOS App was given Secret Permissions by Apple That Allowed It to Record Your Phone Screen

To improve functionality between Uber’s app and the Apple Watch, Apple allowed Uber to use a powerful tool that could record a user’s iPhone screen, even if Uber’s app was only running in the background, security researchers told Gizmodo. After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app.Setup Timeout Error: Setup took longer than 30 seconds to complete.The screen recording capability comes from what’s called an “entitlement”—a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay. This particular entitlement, however, was intended to improve memory management for the Apple Watch. The entitlement isn’t common and would require Apple’s explicit permission to use, the researchers explained. Will Strafach, a security researcher and CEO of Sudo Security Group, said he couldn’t find any other apps with the entitlement live on the App Store.“It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature,” Strafach said. “Considering Uber’s past privacy issues I am very curious how they convinced Apple to allow this.”

Source: Researchers: Uber’s iOS App Had Secret Permissions That Allowed It to Copy Your Phone Screen

Equifax operates site to access salary and employer history using an SSN + DoB (which you can find in the Equifax dump)

Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans using little more than someone’s Social Security number and date of birth — both data elements that were stolen in the recent breach at Equifax.

At issue is a service provided by Equifax’s TALX division called The Work Number. The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it. The Work Number also allows anyone whose employer uses the service to provide proof of their income when purchasing a home or applying for a loan.

The homepage for this Equifax service wants to assure visitors that “Your personal information is protected.”

“With your consent your personal data can be retrieved only by credentialed verifiers,” Equifax assures us, referring mainly to banks and other entities that request salary data for purposes of setting credit limits.

Sadly, this isn’t anywhere near true because most employers who contribute data to The Work Number — including Fortune 100 firms, government agencies and universities — rely on horribly weak authentication for access to the information.

To find out how easy it is to view your detailed salary history, you’ll need your employer’s name or employer code. Helpfully, this page lets you look that up quite easily (although if you opt to list employers alphabetically by the first letter of the company name, there are so many entries for each letter that I found Equifax’s database simply crashes half the time instead of rendering the entire list).

What’s needed to access your salary and employment history? Go here, and enter the employer name or employer code. After that, it asks for a “user ID.” This might sound like privileged information, but in most cases this is just the employees’s Social Security number (or a portion of it).

At the next step, the site asks visitors to “enter your PIN,” short for Personal Identification Number. However, in the vast majority of cases this appears to be little more than someone’s eight-digit date of birth. The formats differ by employer, but it’s usually either yyyy/mm/dd or mm/dd/yyyy, without the slashes.

Successful validation to the system produces two sets of data: An employee’s salary and employment history going back at least a decade, and a report listing all of the entities (ostensibly, the aforementioned “credentialed verifiers”) that have previously requested and viewed this information.

Warning: Microsoft is using Cortana to read your private Skype conversations

Cortana is a decent voice assistant. Hell, “she” is probably better than Apple’s woefully disappointing Siri, but that isn’t saying very much. Still, Microsoft’s assistant very much annoys me on Windows 10. I don’t necessarily want to use my desktop PC like my phone, and sometimes I feel like she is intruding on my computer. While some people like Cortana, I am sure others agree with me.

Depending on how you feel about Cortana, you will either hate or love Microsoft’s latest move to shoehorn the virtual woman into your life. You see, starting today, Cortana is coming to Skype on mobile for both Android and iOS. I don’t think anyone actually wanted her in Skype, but oh well, she is on the way. Unfortunately, there is one huge downside — Microsoft is using her to scan your private messages! Yup, the Windows-maker seems a lot like Google with this move.
In order for this magical “in-context” technology to work, Cortana is constantly reading your private conversations. If you use Skype on mobile to discuss private matters with your friends or family, Cortana is constantly analyzing what you type. Talking about secret business plans with a colleague? Yup, Microsoft’s assistant is reading those too.

Don’t misunderstand — I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions. Still, there is the potential for abuse. Despite being opt-in, users won’t necessarily understand the privacy risks involved.

Microsoft could use Cortana’s analysis to spy on you for things like advertising or worse, and that stinks. Is it really worth the risk to have smart replies and suggested calendar entries? I don’t know about you, but I’d rather not have my Skype conversations read by Microsoft.

Source: Warning: Microsoft is using Cortana to read your private Skype conversations

Because yeah! why privacy!

T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number

Until last week, a bug on a T-Mobile website let hackers access personal data such as email address, a customer’s T-Mobile account number, and the phone’s IMSI, a standardized unique number that identifies subscribers. On Friday, a day after Motherboard asked T-Mobile about the issue, the company fixed the bug.

The flaw, which was discovered by security researcher Karan Saini, allowed malicious hackers who knew—or guessed—your phone number to obtain data that could’ve been used for social engineering attacks, or perhaps even to hijack victim’s numbers.

“T-Mobile has 76 million customers, and an attacker could have ran a script to scrape the data (email, name, billing account number, IMSI number, other numbers under the same account which are usually family members) from all 76 million of these customers to create a searchable database with accurate and up-to-date information of all users,” Saini, who is the founder of startup Secure7, told Motherboard in an online chat. (T-Mobile said that, in fact, the company has 70 million customers, not 76).

“That would effectively be classified as a very critical data breach, making every T-Mobile cell phone owner a victim,” he added.
Karsten Nohl, a cybersecurity researcher who has done work studying cellphone security, told Motherboard that, theoretically, by knowing someone’s IMSI number, hackers or criminals could track a victim’s locations, intercept calls and SMS, or conduct fraud by taking advantage of flaws in the SS7 network, a backbone communications network that is notoriously insecure. Still, Nohl added that “there is no obvious way to make money easily with just an IMSI,” so it’s hard to tell whether such an attack would be attractive to cybercriminals.
a blackhat hacker who asked to remain anonymous warned Motherboard that the recently patched bug had been found and exploited by other malicious hackers in the last few weeks.

“A bunch of sim swapping skids had the [vulnerability] and used it for quite a while,” the hacker told me, referring to the criminal practice of taking over phone numbers by requesting new SIM cards impersonating the legitimate owners by socially engineering support technicians.

To prove their claim, the hacker sent me my own account’s data.

Source: T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number

On the positive side, T-Mobile gave the discoverer a bug bounty and tried to close the hole with an update. On the negative side, their patch didn’t close the hole.

Skip to toolbar