Saturday, September 15, 2018

Tech companies like Salesforce, now the biggest private employer in San Francisco, are reacting to the city's limits by expanding and hiring faster elsewhere (Owen Thomas/San Francisco Chronicle)

Owen Thomas / San Francisco Chronicle:
Tech companies like Salesforce, now the biggest private employer in San Francisco, are reacting to the city's limits by expanding and hiring faster elsewhere  —  Politics, economics and real estate could make jobs boom elsewhere  —  Politics, economics and real estate could make jobs boom elsewhere



from Techmeme https://ift.tt/2MztWPL

Apple responds to viral customer complaint about deleting movies from his iTunes library, says it does not delete movies that users have already downloaded (Sean Hollister/CNET)

Sean Hollister / CNET:
Apple responds to viral customer complaint about deleting movies from his iTunes library, says it does not delete movies that users have already downloaded  —  Perhaps you've heard a story that goes like this:  —  “Apple's ‘buy’ button is a sham, because Apple has the right to remove movies …



from Techmeme https://ift.tt/2MByW6u

Twitter now puts live broadcasts started by accounts users follow, including breaking news, personalities, and sports, at the top of their timelines in its app (Zack Whittaker/TechCrunch)

Zack Whittaker / TechCrunch:
Twitter now puts live broadcasts started by accounts users follow, including breaking news, personalities, and sports, at the top of their timelines in its app  —  Twitter will now put live streams and broadcasts started by accounts you follow at the top of your timeline, making it easier to see what they're doing in realtime.



from Techmeme https://ift.tt/2xde00X

SurveyMonkey sets IPO range to $9 to $11/share, plans to raise $135M at the midpoint of the range and additional $40M via private placement at $1.3B valuation (NASDAQ.com)

NASDAQ.com:
SurveyMonkey sets IPO range to $9 to $11/share, plans to raise $135M at the midpoint of the range and additional $40M via private placement at $1.3B valuation  —  SurveyMonkey, which operates a freemium online survey service, announced terms for its IPO on Thursday.



from Techmeme https://ift.tt/2xmZItQ

After receiving "increased level of interest", DOJ has invited a bipartisan group of 24 state AGs to upcoming meeting on alleged speech stifling by tech firms (John D. McKinnon/Wall Street Journal)

John D. McKinnon / Wall Street Journal:
After receiving “increased level of interest”, DOJ has invited a bipartisan group of 24 state AGs to upcoming meeting on alleged speech stifling by tech firms  —  Late-September meeting, announced last week, to focus on antitrust issues and stifling of conservative speech



from Techmeme https://ift.tt/2MD87Pg

Inside the paid courses where deactivated NYC Uber drivers try to learn how to get back in, while critics say tutors are squeezing yet another fee from drivers (Molly Taft/The Outline)

Molly Taft / The Outline:
Inside the paid courses where deactivated NYC Uber drivers try to learn how to get back in, while critics say tutors are squeezing yet another fee from drivers  —  One of the only ways for drivers whose rating falls below about 4.5 stars to get reinstated is to take a class, where they get a side of labor organizing.



from Techmeme https://ift.tt/2MuteDv

What Is Cryptojacking? How Websites Secretly Use Your CPU to Mine Cryptocurrency

cryptojacking-avoid

The rise of cryptojacking didn’t take those in the crypto-and-security worlds by surprise. In fact, the only surprising thing was perhaps the length of time it took malicious actors to use cryptojacking to mine for cryptocurrency.

As the cryptocurrency boom took hold at the end of 2017, so did a sudden surge in malicious cryptojacking incidents.

The phenomenal peaks of the cryptocurrency boom are long gone; cryptocurrency markets are somewhat stable, albeit still unpredictable. Has the decreased price correlated with a reduction in cryptojacking incidents? Do they relate at all? Here’s what you need to know.

What Is Cryptojacking?

Cryptojacking is the coverall term given to a malicious attack where unsuspecting users have their system hardware hijacked to mine cryptocurrency. The basic premise of a cryptojacking browser attack is:

  • An unsuspecting user lands on a compromised webpage.
  • The webpage has a small piece of JavaScript containing the cryptojacking code.
  • The cryptojacking code hijacks the system CPU and puts it use mining cryptocurrency, usually Monero.
  • In some cases, the JavaScript opens a minimized, hidden browser window. When the user leaves the site, the illicit crypto-mining continues.
  • However, most cryptojacking attacks end when the website tab closes.

Cryptojacking isn’t just browser-based. There are several types of malware out there that will mine cryptocurrency after infecting your system. Most malware attempts to stay silent, but cryptojacking malware is more silent than most. The longer a cryptojacking malware variant can remain silent, the larger the potential reward for the attacker.

Cryptojacking, then, is theft. The unsuspecting users aren’t directly losing money, but they are losing system resources to power someone else’s financial gain. And while cryptojacking is malicious, it doesn’t leave any long-term damage to the target system, despite running the CPU at maximum or near-maximum capacity for a short amount of time.

Why Does Cryptojacking Use System Resources?

Cryptocurrency doesn’t grow on trees. No, it grows on servers, waiting for the right miners to come along and release it. Cryptojacking scripts primarily use the system CPU to do this.

Crypto-networks manage transactions through the blockchain. Each network transaction is added to a block. The block is distributed to a network of connected miners for verification. Each miner has a copy of the cryptocurrency specific blockchain and can validate and process transactions for that network.

When the new block arrives, the miner’s system processes complex equations to verify the block contents. On verification, the block adds to the blockchain, and the miners receive a pay-out reward for their efforts. In the case of Bitcoin, the reward is 12.5 BTC, shared between whoever contributes.

The key to crypto-mining success is speed and processing power. How quickly can your system verify the transactions within the block? Bitcoin mining is essentially useless for anyone not using specialized crypto-mining hardware. The sheer volume of mining power simply drowns out a tiny home desktop computer.

If Not Bitcoin, What Are They Mining?

Even as the Bitcoin price dropped from the heady $19,000+ mark back toward its current peaks and troughs, Bitcoin mining is inaccessible. Furthermore, Ethereum and ERC-20-based tokens use GPUs to mine cryptocurrencies. So just what are the cryptojackers attempting to mine?

For the most part, browser cryptojacking scripts and cryptojacking malware are mining Monero. The lightweight, privacy, and anonymity-focused cryptocurrency is easier to mine that Bitcoin and theoretically provides the crypto-mining thieves with protection after the fact. But not all. As you’ll read further down the article, several advanced cryptojacking threats mine Bitcoin.

But even though Monero is infinitely easier to mine than Bitcoin, it still requires raw computing power. Raw computing power requires investment in hardware. And let’s face it, if the mining thieves can steal the hardware with a tiny piece of JavaScript, why wouldn’t they try to maximize the profits?

JavaScript Cryptojacking

The first widespread cryptojacking JavaScript came from CoinHive, a company that wants to alter how we interact with the internet and the advertising profits that essentially underpin everything that takes place.

CoinHive’s vision was for authorized crypto-mining to replace advertising. Websites could still make an income based upon page views and the time spent on the site and users could avoid adverts without feeling awful for using an adblocker (and thus essentially robbing content creators of their fair dues).

Infamous content pirating and torrenting site, The Pirate Bay, was one of the first to experiment with the CoinHive model.

Unfortunately, it wasn’t long before malicious actors realized they could easily repurpose CoinHive’s mining script for more nefarious means. The original script has a CPU mining use percentage command. Originally set to 30% so users could happily continue using their browser, cryptojackers bumped this up to the full 100% on all cores, to maximize profits for the presumably short time most users linger on a malicious landing page.

To be fair to CoinHive, they realized what was going on and issued an update to their script. The newer version, known as AuthedMine, offers users the chance to opt-in to the crypto-mining process, regaining its peaceful-and-original purpose as an advertising alternative. That said, the opt-out is still opt-out. That is to say, website owners don’t have to use AuthedMine, and they’re under no obligation to inform you as to what is eating your CPU alive.

Cryptojacking Evolution

Cryptojacking is evolving. Like all profitable and largely risk-free cyber-attacks, malicious actors always want bigger gains for their investments and are prepared to shift cryptojacking forward to do so.

  • In the early days of cryptojacking, one of the easiest methods to boost profits was to use a redirect loop. Unsuspecting victims are sent through a number of web pages before landing on one that has a crypto-mining script installed.
  • Another already-mentioned technique is opening a new browser window that is minimized and hidden behind the taskbar. The minute browser window is hidden behind the system clock and is then “free” to run until the user notices something is afoot.
  • Some browser extensions were found to conceal crypto-mining scripts without notifying the user. Some extensions were stolen from their developers, had the cryptojacking script injected, then were reuploaded or updated to the extension store. (In fact, Google swiftly banned all Chrome extensions abusing cryptojacking scripts.)

But that’s not all. Home users have relatively low power computers. Those running cryptojacking campaigns quickly realized there are bigger cryptojacking fish to fry: enterprises with powerful super-computers.

In February 2018, electric vehicle manufacturer Tesla announced they were the victims of a cryptojacking attack. RedLock Cloud Security Intelligence revealed that a vulnerable Kubernetes administration console exposed login credentials for a Tesla Amazon Web Service environment, and the hackers immediately turned the massive computing power to crypto-mining. British insurance provider, Aviva, and international digital security firm, Gemalto, also fell foul to the same cryptojacking vulnerability.

Other reports suggest that already vulnerable Internet of Thing devices are a prime target for cryptojacking, too. The Fortinet Threat Landscape Report [sign-up, PDF] found that 23 percent of its respondents were exposed to cryptojacking malware. IoT devices make an attractive, easy target due to their poor security, huge volume, and always-on status.

Cryptojacking Malware Explosion

However, other security leaks also contribute to the cryptojacking landscape. Remember the massive WannaCry ransomworm of 2017? WannaCry was the direct result of a liberated trove of previously unknown zero-day exploits that the NSA developed and amassed covertly. The Shadow Brokers, a hacking group with alleged ties to the Russian government, leaked numerous exploits, including EternalBlue (also styled ETERNALBLUE) which was crucial in spreading the WannaCry ransomworm at such a rapid pace.

Hackers around the world take notice when a tool causes such devastation (only saved by security researcher Marcus Hutchins, aka MalwareTech, who now faces a string of hacking allegations in the US). Combine EternalBlue with a malware payload that mines cryptocurrency and viola: suddenly we have WannaMine. WannaMine was first picked up by Panda Security and, like its ransomworm cousin, is extremely difficult to detect and block.

Nation-State Cryptojacking Malware Campaigns

But it isn’t just “regular” hackers putting cryptojacking malware to use. The North Korean state-sponsored hacking group, Lazarus (of Sony hack infamy), put a cryptojacking trojan to work against several high-profile banking institutions. Aside from the notable direct targeting of banking and financial organizations, the Lazarus “AppleJeus” attack almost uniquely targeted macOS systems, with a Linux exploit said to be in development.

Furthermore, since the presumably moderately successful AppleJeus attack, Lazarus is directly linked to the Ryuk cryptojacking malware which, at the time of writing, had stolen over $600,000. It isn’t just outlandish speculation; the Ryuk cryptojacking malware bears hallmarks of the Lazarus group Hermes malware variant (the same variant used to distract security services during the attempted $60 million heist on Taiwan’s Far Eastern International Bank). The Ryuk malware is interesting in that the targets appear to be hand-picked. That is to say, each ransom-note is different, makes a different demand, and so on. A personal service, almost.

Will Cryptojacking Get Worse?

Well, the rate of cryptojacking directly relates to the price of cryptocurrencies, as you might expect. The Fortinet Threat Landscape Report (linked above) illustrates this with the following chart:

As the price of Bitcoin dropped, so did the incidents of cryptojacking.

Other reports don’t offer the same borderline positive information, though. The McAfee Labs Threats Report June 2018 [PDF] state that the “count of total coin miner malware rose by 629% in Q1, to more than 2.9 million samples.” The report elaborates further, confirming that in comparison with “well-established cybercrime activities such as data theft and ransomware, cryptojacking is simpler, more straightforward, and less risky.”

In that, you can see the appeal of browser-based cryptojacking and cryptojacking malware variants, especially in comparison to other financially motived attacks. Ransomware requires initial investment to spread the infection to enough victims, while victims still have the option to ignore the ransom and not pay, especially if the victim frequently takes system backups.

Cryptojacking isn’t going anywhere. And if cryptocurrency prices begin to rise in earnest, expect more malware to appear rapidly.

Read the full article: What Is Cryptojacking? How Websites Secretly Use Your CPU to Mine Cryptocurrency



from MakeUseOf https://ift.tt/2lNUmCU

Twitter now puts live broadcasts at the top of your timeline

Twitter will now put live streams and broadcasts started by accounts you follow at the top of your timeline, making it easier to see what they’re doing in realtime.

In a tweet, Twitter said that that the new feature will include breaking news, personalities and sports.

The social networking giant included the new feature in its iOS and Android apps, updated this week. Among the updates, Twitter said it’s now also supporting audio-only live broadcasts, as well as through its sister broadcast service Periscope.

Last month, Twitter discontinued its app for iOS 9 and lower versions, which according to Apple’s own data still harbors some 5 percent of all iPhone and iPad users.



from TechCrunch https://ift.tt/2CY6GeY

A new CSS-based web attack will crash and restart your iPhone

A security researcher has found a new way to crash and restart any iPhone — with just a few lines of code.

Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of code which, if visited, will crash and restart an iPhone or iPad. Those on macOS may also see Safari freeze.

The code exploits a weakness in iOS’ web rendering engine WebKit, which Apple mandates all apps and browsers use, Haddouche told TechCrunch. He explained that nesting a ton of elements — such as <div> tags — inside a backdrop filter property in CSS, you can use up all of the device’s resources and cause a kernel panic, which shuts down and restarts the operating system to prevent damage.

“Anything that renders HTML on iOS is affected,” he said. That means anyone sending you a link on Facebook or Twitter, or if any webpage you visit includes the code, or anyone sending you an email, he warned.

TechCrunch tested the exploit running on the most recent mobile software iOS 11.4.1, and confirm it crashes and restarts the phone. Thomas Reed, director of Mac & Mobile at security firm Malwarebytes confirmed that  the most recent iOS 12 beta also froze when tapping the link.

The lucky whose devices won’t crash may just see their device restart (or “respring”) the user interface instead.

For those curious, you can see how it works without it running the crash-inducing code.

The good news is that as annoying as this attack is, it can’t be used to run malicious code, he said, meaning malware can’t run and data can’t be stolen using this attack. But there’s no easy way to prevent the attack from working. One tap on a booby-trapped link sent in a message or opening an HTML email that renders the code can crash the device instantly.

Haddouche contacted Apple on Friday about the attack, which is said to be investigating. A spokesperson did not immediately respond to a request for comment.



from TechCrunch https://ift.tt/2xgVhBq

E-sports companies like Blizzard are growing by replicating traditional sports leagues like NBA that are structured around local franchises and fanfare (Jason M. Bailey/New York Times)

Jason M. Bailey / New York Times:
E-sports companies like Blizzard are growing by replicating traditional sports leagues like NBA that are structured around local franchises and fanfare  —  Jay Goldthwaite had never felt passion for a Boston sports team, no matter how often his neighbors' cheers pierced the walls …



from Techmeme https://ift.tt/2QvLyzg

10 Sites and Games to Teach Kids Typing the Fun Way

sites-teach-kids-type

Technology has taken us to a place where computer usage in elementary school is now the norm. So to help your kids get a head start on their typing skills, why not make it enjoyable for them?

These 10 websites include free typing games that are great for kids of all ages. So, your children can have fun while they learn and practice their keyboarding skills.

1. FreeTypingGame

FreeTypingGame

FreeTypingGame is a nice option because it has three clear sections for lessons, games, and tests. This way, your kids can learn from the lessons, practice their skills with nifty games, and then take a quick test to see how well they are progressing.

The lessons let you choose from 30 options based on the keys to be learned. Plus, you can pick a goal such as achieving 20 words per minute. Cool games themes include everything from frogs on a diet to saving sailboats and allow you to choose the related lesson as well as the difficulty level.

2. KidzType

KidzType

For another site that has a good selection, KidzType offers lessons, exercises, practices, and games. The website is dedicated to helping kids learn and practice their typing skills. The lessons, exercises, and practice activities are divided by keyboard section, which is handy for tackling trouble spots.

The game options are lively and fun with gliding cats, juicy apples, and powerful ninjas. Some games allow you to choose a difficulty level or school grade, like Bull Spell. While others jump right into complete words, like Car Rider. This is not indicated on the main game page, so you may need to check out a few to see which is best for your child’s skill level.

3. Learning Games for Kids

Learning Games for Kids

With over 20 options, Learning Games for Kids has a great selection of typing (keyboarding) games and challenges. Kids can start with learning the home row keys and then move on to typing adventures with spooky ghosts, monstrous meteors, and silly foods.

Learning Games for Kids offers a few tough typing challenges to hone those skills. Your kids can also check out a lesson-based course with 10 levels and then finish up with a speed and accuracy test. When it comes to free and fun typing games for kids, this is one to check out.

4. TurtleDiary

TurtleDiary

TurtleDiary has almost 20 games with the majority for kindergarten-aged children and up. The game themes are truly enjoyable with Underwater Typing, Balloon Typing, and Keyracer. So there is definitely a game for almost any interest. plus you can select the difficulty level and keyboard area to practice.

In addition to fun typing games, the site offers a set of lessons. There are three skill levels with several lessons in each: Beginner has 25, Intermediate has 9, and Advanced has 17, for a full learning experience.

5. SlimeKids

SlimeKids

With almost a dozen games, SlimeKids provides several enjoyable options. Your kids can run from the ghosts in a Pac Man style game called Keyman or shoot alien letters to protect the planet in Type ‘Em Up.

SlimeKids may not offer lessons or tests, but the games are cute and challenging at the same time. This makes it a great option for your children to enjoy learning and practicing their typing skills.

6. Typing

Typing

Typing is a site aimed at both teachers and their students. You can access lessons and typing tests along with several entertaining games. Some games allow you to choose the level of difficulty such as Keyboard Jump. Other games require your skills to be quite accurate like Ninja Cat vs. Zombie Dinosaurs.

The lessons offered by Typing cover all areas of the keyboard, broken up into sections. Your kids can learn and practice typing special characters, punctuation, and sentences. Plus, there is a lesson for the numeric keypad, which is helpful when your child is ready to move on.

7. ABCya

ABCya

For a site with another variety of free typing game options, ABCya is a terrific choice. When you arrive on the website, just enter the word Type into the search box and you will see your game results below. Each game has an indicator with the school grade range it is intended for, making it easier to pick one.

Kids can stack and unstack with letters in Cup Stack Typing, fly through the sky in Keyboarding Chase, or visit the animals in Keyboard Zoo. Each game has an upbeat theme with colorful graphics and silly sounds making them a ton of fun.

8. Dance Mat Typing

Dance Mat Typing

If you prefer just one option for your kids to learn typing skills, check out Dance Mat Typing from BBC. This teaching tool has four levels with three stages each which are divided by letters and rows on the keyboard.

What makes Dance Mat Typing neat is that it is not really a game so much as it is an entertaining, animated, colorful typing teacher. Kids follow along with the instructions and then practice what they learn all in one spot.

And, if your child practices on different days, they can directly access the level without starting over. For example, if they complete level one, they can start right off with level two the next day. This makes typing practice for kids flexible and simple to progress.

9. Nitro Type

Nitro Type

Nitro Type is a cool typing game from Teaching.com. This is a self-contained, competitive, typing challenge website. Signing up for an account is free, but kids can also play as a guest to give it a try.

Players race against others by typing the paragraphs displayed. Speed and accuracy both count in Nitro Type. The faster you type, the faster you race, but make a mistake and your car lags a bit. The game has achievements, leaderboards, teams, and stats. It is ideal for practice and honing typing skills, so it is suited for children already experienced with the keyboard.

10. TypeTastic

TypeTastic

From Typing Master comes TypeTastic, a terrific typing tool for kids. The adventure starts with the keyboard builder which gets you used to where the keys are located. You can then move onto basic word typing with games like Astro Bubbles and Letter Trucks.

Finally, the games finish with All Fingers Aboard! which lets you practice everything they’ve learned. TypeTastic offer 13 fun games through its three-level journey. And, each game is colorful, enjoyable, and helps kids learn to type in an upbeat environment.

Do Your Kids Enjoy Learning Games?

While many times we want to limit game-time for our kids, there are some occasions where games really are educational for them. And when it comes to learning typing skills, a colorful animation or challenging game might be just the nudge to make that keyboard more interesting for them.

And if your kids have an interest in programming, take a look at how they can learn to code with Microsoft’s Kudo or fun activities they can learn with Raspberry Pi.

Read the full article: 10 Sites and Games to Teach Kids Typing the Fun Way



from MakeUseOf https://ift.tt/2CmUSim

Original Content podcast: Netflix’s ‘Insatiable’ is even worse than you’ve heard

“Insatiable,” the Netflix comedy about an overweight high school girl who suddenly becomes slim and beautiful thanks to having her jaw wired shut for a summer, has been drawing controversy ever since its first trailer went online.

The reviews for the show were almost uniformly negative, yet they didn’t quite prepare me for the terribleness of the initial episodes, which alternate between feeble attempts to mine humor from hot-button issues like sexual assault and suicide, and even feebler attempts to treat those issues seriously.

To help me figure out just what makes this show so bad, I was joined by Original Content‘s original co-host, Darrell Etherington. Our ultimate question: Is this the worst thing we’ve watched for the podcast? (Yes.)

We also discuss the fact that Henry Cavill has been cast as the lead in Netflix’s adaptation of the “Witcher” video game franchise.

This episode was actually recorded more than a week ago, but I didn’t get time to edit it until after Disrupt SF. So much has happened since then — like “The Witcher”‘s showrunner leaving Twitter and Cavill apparently departing the role of Superman. (Plus, somehow, “Insatiable” has been renewed for a second season.) Still, the initial news gave us an opportunity to weigh the relative merits of the “Mission Impossible” movies, and to discuss my favorite subject, Superman’s invisible mustache in “Justice League”.

You can listen in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You also can send us feedback directly. (Or suggest shows and movies for us to review!)



from TechCrunch https://ift.tt/2D26FGE