Google

Google Zooms By Amazon In Smart Speaker Shipments, Report Says (arstechnica.com) 2

A new report released this week says that Google has surpassed Amazon in global smart speaker shipments in the first quarter of 2018. "[Research firm Canalys] says Google shipped 3.2 million Google Home and Home Mini speakers over the course of the quarter," reports Ars Technica. "Amazon, meanwhile, is said to have shipped 2.5 million Echo speakers." From the report: According to the report, Google jumped from taking 19.3 percent of smart speaker shipments in Q1 2017 to 36.2 percent this past quarter. Amazon accounted for a whopping 79.6 percent of shipments in the year-ago quarter but fell to 27.7 percent in Q1 2018, the report says. Now, it appears the Home has reached a point of parity with the Echo; this report would mark the first time Google has overtaken Amazon in total shipments. Canalys credits Google's rise in part to retailers and channel operators "prioritizing" the Home over the Echo, given that Amazon is one of its biggest competitors in retail at large. A couple of caveats: neither Amazon nor Google breaks out quarterly sales figures for each device family, so Canalys' figures likely aren't 100-percent exact. It's also worth noting that "shipments" are not the same as "sales," so it's possible that deals and discounts on the devices have affected the figures to an extent.
Businesses

All Major ISPs Have Declined In Customer Satisfaction, Says Study (dslreports.com) 19

The latest American Customer Satisfaction Index survey finds that Verizon FiOS has been rated the highest in customer satisfaction with a score of 70 out of 100. But, as DSLReports notes, that's nothing to write home about since that score was a one point decline from one year earlier. Furthermore, the industry average was 64 points, which is not only a decline from last year but lower than most of the other industries the group tracks. From the report: According to the ACSI, high prices and poor customer service continues to plague an U.S. broadband industry with some very obvious competitive shortcomings. "According to users, most aspects of ISPs are getting worse," the ACSI said. "Courtesy and helpfulness of staff has waned to 76 and in-store service is slower (74). Bills are more difficult to understand (-3 percent to 71), and customers aren't happy with the variety of plans available (-3 percent to 64)." Not a single ISP tracked by the firm saw an improvement in customer satisfaction scores.

The worst of the worst according to the ACSI is Mediacom, which saw a 9% plummet year over year to a score of 53, which is lower than most airlines, banks, and even the IRS according to the report. Charter Spectrum and Suddenlink also saw 8% declines in satisfaction year over year, and despite repeated claims that customer service is now its top priority, Comcast saw zero improvement in broadband satisfaction and a slight decline in pay TV satisfaction.

The Courts

Tesla Agrees To Settle Class Action Over Autopilot Billed As 'Safer' (reuters.com) 29

An anonymous reader quotes a report from Reuters: Tesla on Thursday reached an agreement to settle a class action lawsuit with buyers of its Model S and Model X cars who alleged that the company's assisted-driving Autopilot system was "essentially unusable and demonstrably dangerous." The lawsuit said Tesla misrepresented on its website that the cars came with capabilities designed to make highway driving "safer." The Tesla owners said they paid an extra $5,000 to have their cars equipped with the Autopilot software with additional safety features such as automated emergency braking and side collision warning. The features were "completely inoperable," according to the complaint. Under the proposed agreement, class members, who paid to get the Autopilot upgrade between 2016 and 2017, will receive between $20 and $280 in compensation. Tesla has agreed to place more than $5 million into a settlement fund, which will also cover attorney fees.
Wireless Networking

FBI Tells Router Users To Reboot Now To Kill Malware Infecting 500,000 Devices (arstechnica.com) 28

The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices. Ars Technica reports: Researchers from Cisco's Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot. Later in the day, The Daily Beast reported that VPNFilter was indeed developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm. The Daily Beast also said the FBI had seized an Internet domain VPNFilter used as a backup means to deliver later stages of the malware to devices that were already infected with the initial stage 1. The seizure meant that the primary and secondary means to deliver stages 2 and 3 had been dismantled, leaving only a third fallback, which relied on attackers sending special packets to each infected device.

The redundant mechanisms for delivering the later stages address a fundamental shortcoming in VPNFilter -- stages 2 and 3 can't survive a reboot, meaning they are wiped clean as soon as a device is restarted. Instead, only stage 1 remains. Presumably, once an infected device reboots, stage 1 will cause it to reach out to the recently seized ToKnowAll.com address. The FBI's advice to reboot small office and home office routers and NAS devices capitalizes on this limitation. In a statement published Friday, FBI officials suggested that users of all consumer-grade routers, not just those known to be vulnerable to VPNFilter, protect themselves.
The Justice Department and U.S. Department of Homeland Security have also issued statements advising users to reboot their routers as soon as possible.
Privacy

Zimbabwe is Introducing a Mass Facial Recognition Project With Chinese AI Firm CloudWalk (qz.com) 15

An anonymous reader shares a report: In March, the Zimbabwean government signed a strategic partnership with the Gunagzhou-based startup CloudWalk Technology to begin a large-scale facial recognition program throughout the country. The agreement, backed by the Chinese government's Belt and Road initiative, will see the technology primarily used in security and law enforcement and will likely be expanded to other public programs.

[...] Zimbabwe may be giving away valuable data as Chinese AI technologists stand to benefit from access to a database of millions of Zimbabwean faces Harare will share with CloudWalk. [...] CloudWalk has already recalibrated its existing technology through three-dimensional light technology in order to recognize darker skin tones. In order to recognize other characteristics that may differ from China's population, CloudWalk is also developing a system that recognizes different hairstyles and body shapes, another representative explained to the Global Times.

Government

Apple Will Report Government Requests To Remove Apps From the App Store (theverge.com) 13

In its bi-annual transparency report today, Apple said that it will soon start reporting government requests to take down apps from the App Store. These requests will relate to alleged legal and/or policy provision violations, Apple says. The Verge reports: These numbers will tell us just how often governments are trying to block access to certain apps, and how many of those orders are actually obeyed. Google doesn't yet report these numbers specifically for the Play Store. As for takedown requests over the last year, governments around the world sent requests for information on 29,718 devices. Data was provided in 79 percent of cases. Governments also requested information on 3,358 Apple accounts, and data was provided in 82 percent of cases.
Earth

Birds Had To Relearn Flight After Meteor Wiped Out Dinosaurs, Fossil Records Suggest (theguardian.com) 26

An anonymous reader quotes a report from The Guardian: Birds had to rediscover flight after the meteor strike that killed off the dinosaurs, scientists say. The cataclysm 66 million years ago not only wiped out Tyrannosaurus rex and ground-dwelling dinosaur species, but also flying birds, a detailed survey of the fossil record suggests. As forests burned around the world, the only birds to survive were flightless emu-like species that lived on the ground. The six to nine-mile-wide meteor struck the Earth off the coast of Mexico, releasing a million times more energy than the largest atomic bomb. Hot debris raining from the sky is thought to have triggered global wildfires immediately after the impact. It took hundreds or even thousands of years for the world's forests of palms and pines to recover. Fossil records from New Zealand, Japan, Europe and North America, all show evidence of mass deforestation. They also reveal that birds surviving the end of the Cretaceous period had long sturdy legs made for living on the ground. They resembled emus and kiwis, said the researchers whose findings are reported in the journal Current Biology.
Chrome

Edge Beats Chrome in Battery Test, Says Microsoft (zdnet.com) 61

The latest installment of Microsoft's browser battery challenge shows once again that Edge consumes less energy than Chrome and Firefox. From a report: With the Windows 10 April 2018 Update rolling out across the globe, Microsoft thinks it's once again time to square Edge up against Chrome and Firefox in a new battery-life test. Microsoft's browser experiment shows a time-lapse of "three identical devices, three different browsers, streaming one video." Firefox, Edge, and Chrome play what appears to be a Netflix video on three Surface Books. As usual, the Edge device lasts the longest, depleting the battery after 14 hours and 20 minutes. The Chrome device lasted 12 hours and 32 minutes, while the Firefox laptop ran out of steam after just seven hours and 15 minutes.
AMD

Researchers Crack Open AMD's Server VM Encryption (theregister.co.uk) 27

Shaun Nichols, reporting for The Register: A group of German researchers have devised a method to thwart the VM security in AMD's server chips. Dubbed SEVered (PDF), the attack would potentially allow an attacker, or malicious admin who had access to the hypervisor, the ability to bypass AMD's Secure Encrypted Virtualization (SEV) protections.

The problem, say Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that SEV, which is designed to isolate VMs from the prying eyes of the hypervisor, doesn't fully isolate and encrypt the VM data within the physical memory itself.

Businesses

US Reaches Deal To Keep Chinese Telecom ZTE in Business (reuters.com) 67

The Trump administration told lawmakers the U.S. government has reached a deal to put Chinese telecommunications company ZTE Corp back in business, a senior congressional aide said on Friday. From a report: The deal, communicated to officials on Capitol Hill by the Commerce Department, requires ZTE to pay a substantial fine, place U.S. compliance officers at the company and change its management team, the aide said. The Commerce Department would then lift an order preventing ZTE from buying U.S. products.

ZTE was banned in April from buying U.S. technology components for seven years for breaking an agreement reached after it violated U.S. sanctions against Iran and North Korea. The Commerce Department decision would allow it to resume business with U.S. companies, including chipmaker Qualcomm Inc.

Games

Valve Slammed Over 'Horrendous' Steam School-Shooting Game (eurogamer.net) 219

Several readers have shared an EuroGamer report: Just a week after the Santa Fe High School shooting in Texas that saw 10 people fatally shot and 13 others were wounded, Valve has come under fire for a Steam school-shooting game that encourages you to "hunt and destroy" children. Active Shooter, which at the time of publication is live on Steam and due for release on 6th June, is described by its developer as "a dynamic S.W.A.T. simulator." The idea is you're sent in to deal with a shooter at a school, but you can also play as the actual shooter, gunning down school children.

Now, an anti-gun violence charity has called on Valve to pull the game from Steam. The developer of Active Shooter is called Revived Games, the publisher Acid. Revived Games' credits include White Power: Pure Voltage and Dab, Dance & Twerk. "Acid", who plans to add a survival mode in which you play as a civilian and have to "escape or perform a heroic action such as fight against the shooter itself," took to Active Shooter's Steam page to defend the game. "First of all, this game does not promote any sort of violence, especially any soft [sic] of a mass shooting," Acid said.

Security

In Apple Mail, There's No Protecting PGP-Encrypted Messages (theintercept.com) 24

It has been nearly two weeks since researchers unveiled "EFAIL," a set of critical software vulnerabilities that allow encrypted email messages to be stolen from within the inbox. The Intercept reports that developers of email clients and encryption plugins are still scrambling to come up with a permanent fix. From the report: Apple Mail is the email client that comes free with every Mac computer, and an open source project called GPGTools allows Apple Mail to smoothly encrypt and decrypt messages using the 23-year-old PGP standard. The day the EFAIL paper was published, GPGTools instructed users to workaround EFAIL by changing a setting in Apple Mail to disable loading remote content. Similarly, the creator of PGP, Phil Zimmermann, co-signed a blog post Thursday stating that EFAIL was "easy to mitigate" by disabling the loading of remote content in GPGTools. But even if you follow this advice and disable remote content, Apple Mail and GPGTools are still vulnerable to EFAIL.

I developed a proof-of-concept exploit that works against Apple Mail and GPGTools even when remote content loading is disabled (German security researcher Hanno Bock also deserves much of the credit for this exploit, more on that below). I have reported the vulnerability to the GPGTools developers, and they are actively working on an update that they plan on releasing soon.

Medicine

Gut Sensor Could Monitor Health -- and Beam Results to a Smartphone (scientificamerican.com) 24

Doctors are now one step closer to deploying sensors that can travel to parts of a patient's body to diagnose hard-to-detect conditions. From a report: Researchers have devised a new way to get a sneak peek into what's going on deep in your digestive system, creating a swallowable sensor that, with the help of engineered bacteria and a tiny electrical circuit, can detect the presence of molecules that might be signs of disease and then beam the results to a smartphone app. The device, which scientists validated in pigs, remains a prototype and needs to be refined before it could be used in people. But the researchers, who reported their work Thursday in the journal Science, combined innovations in synthetic biology and microelectronics to create a modular platform that could be adapted to identify a wide range of molecules. "We want to try to illuminate and provide understanding into areas that are not easily accessible," said Dr. Timothy Lu, a bioengineer at the Massachusetts Institute of Technology and senior author of the paper.
Businesses

Vermont Wants To Pay Companies To Let Employees Work Remotely (fastcompany.com) 72

A proposal for an act in the Vermont legislature is actively trying to give grants to small companies to employ remote workers. From a report: Under the terms of S-0094, a $10,000 micro-grant will be given to a business that will "establish or enhance a facility that attracts small companies or remote workers, or both, including generator and maker spaces, co-working spaces, remote work hubs, and innovation spaces, with special emphasis on facilities that promote colocation of nonprofit, for-profit, and government entities."
Security

Vulnerability in Z-Wave Wireless Communications Protocol, Used By Some IoT and Smart Devices, Exposes 100 Million Devices To Attack (bleepingcomputer.com) 56

An anonymous reader writes: The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. The attack -- codenamed Z-Shave -- relies on tricking two smart devices that are pairing into thinking one of them does not support the newer S-Wave S2 security features, forcing both to use the older S0 security standard.

The Z-Shave attack is dangerous because devices paired via an older version of Z-Wave can become a point of entry for an attacker into a larger network, or can lead to the theft of personal property. While this flaw might prove frivolous for some devices in some scenarios, it is a big issue for others -- such as smart door locks, alarm systems, or any Z-Wave-capable device on the network of a large corporation. The company behind the Z-Wave protocol tried to downplay the attack's significance, but its claims were knocked down by researchers in a video.

Slashdot Top Deals