News

Hackers Can Break Into an iPhone Just by Sending a Text originally published on Wired

When you think about how hackers could break into your smartphone, you probably start with clicking a malicious link in a text, downloading a fraudulent app, or some other way you accidentally let them in. It turns out that’s not necessarily so—not even on the iPhone, where simply receiving an iMessage could be enough to get yourself hacked.

At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called “interaction-less” bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. And while Apple has already patched five of them, a few have yet to be patched.

“These can be turned into the sort of bugs that will execute code and be able to eventually be used for weaponized things like accessing your data,” Silvanovich says. “So the worst-case scenario is that these bugs are used to harm users.”

Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.

Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.

But when she looked for similar issues in SMS, MMS, and visual voicemail, she came up empty. Silvanovich had assumed that iMessage would be a more scrutinized and locked down target, but when she started reverse-engineering and looking for flaws, she quickly found multiple exploitable bugs.

This may be because iMessage is such a complex platform that offers an array of communication options and features. It encompasses Animojis, rendering files like photos and videos, and integration with other apps—everything from Apple Pay and iTunes to Fandango and Airbnb. All of these extensions and interconnections make mistakes and weaknesses more likely.

One of the most interesting interaction-less bugs Silvanovich found was a fundamental logic issue that could have allowed a hacker to easily extract data from a user’s messages. An attacker could send a specially crafted text message to a target, and the iMessage server would send specific user data back, like the content of their SMS messages or images. The victim wouldn’t even have to open their iMessage app for the attack to work. iOS has protections in place that would usually block an attack like this, but because it takes advantage of the system’s underlying logic, iOS’s defenses interpret it as legitimate and intended.

Other bugs Silvanovich found could lead to malicious code being placed on a victim’s device, again from just an incoming text.

Interaction-less iOS bugs are highly coveted by exploit vendors and nation-state hackers, because they make it so easy to compromise a target’s device without requiring any buy-in from the victim. The six vulnerabilities Silvanovich found—with more yet to be announced—would potentially be worth millions or even tens of millions of dollars on the exploit market.

“Bugs like this haven’t been made public for a long time,” Silvanovich says. “There’s a lot of additional attack surface in programs like iMessage. The individual bugs are reasonably easy to patch, but you can never find all the bugs in software, and every library you use will become an attack surface. So that design problem is relatively difficult to fix.”

Silvanovich emphasizes that the security of iMessage is strong overall, and that Apple is far from the only developer that sometimes make mistakes in grappling with this conceptual issue. Apple did not return a request from WIRED for comment.

“It doesn’t matter how good your crypto is if the program has bugs on the receiving end.”

Natalie Silvanovich, Google Project Zero

Silvanovich says she also looked for interaction-less bugs in Android, but hasn’t found any so far. She notes, though, that it’s likely that such vulnerabilities exist in almost any target. Over the past year she’s found similar flaws in WhatsApp, FaceTime, and the video conferencing protocol webRTC.

“Maybe this is an area that gets missed in security,” Silvanovich says. “There’s a huge amount of focus on implementation of protections like cryptography, but it doesn’t matter how good your crypto is if the program has bugs on the receiving end.”

The best thing you can do to protect yourself against interaction-less attacks is keep your phone operating system and apps updated; Apple patched all six of the iMessage bugs Silvanovich is presenting in the recently released iOS 12.4, and in macOS 10.14.6. But beyond that, it’s up to developers to avoid introducing these types of bugs in their code, or spot them as quickly as possible. Given how inexorable interaction-less attacks can be, there’s not a lot users can do to stop them once malicious messages or calls start pouring in.

---

More Great WIRED Stories

Why banning hate sites is so hard originally published on The Verge

After last weekend’s mass shooting in El Paso, Texas, companies are struggling again with the problem of supporting sites associated with white supremacy. In this case, it’s the forum 8chan, where the killer apparently posted a racist rant justifying his attack. Cloudflare terminated its relationship with 8chan, and when the site began working with competitor Epik, web services company Voxility also banned Epik from renting server space.

Cloudflare also emphasized that 8chan likely isn’t going anywhere. Keeping a website online can be a delicate business; there are lots of ways to make a domain temporarily inaccessible or stop it from making money. In the long term, however, keeping a site completely offline can be harder. That’s one of the web’s major virtues. As Electronic Frontier Foundation co-founder John Gilmore once put it, “the internet interprets censorship as damage and routes around it.” But it means that sites like 8chan or the neo-Nazi blog Daily Stormer can find new homes even after being widely condemned and dropped by numerous service providers.

Meanwhile, some companies are protesting their role as de facto online gatekeepers. Cloudflare CEO Matthew Prince called it “dangerous” for infrastructure providers to be put in charge of editorial decisions. “Questions around content are real societal issues that need politically legitimate solutions,” he wrote.

But Prince suggested that, right now, the law may not even be equipped to deal with these questions. “Where platforms have been designed to be lawless and unmoderated, and where the platforms have demonstrated their ability to cause real harm, the law may need additional remedies.” Government institutions are failing to respond to online radicalization and domestic terrorism — so for people who want to fight hate, companies like Cloudflare can seem like the only solution.

The Looser a State’s Gun Laws, the More Mass Shootings It Has originally published on Wired

It happened again. This time, gunmen in El Paso, Texas and Dayton, Ohio murdered 31 people and injured at least 50 more in separate mass shooting attacks within 13 hours of each other Saturday night and Sunday morning. It was, in many ways, just another weekend in America, the only nation in the developed world where horrific gun massacres regularly occur. Though nothing new, the frequency of such public mass shootings appears to have accelerated over the past five years, along with larger and more tragic death tolls. According to one recent analysis by The Washington Post, a mass shooting event has claimed the lives of four or more people every 47 days since June 2015. In the mid-’90s, such attacks happened just twice a year, on average.

But this surge in public executions has not swept across all corners of the country equally. Hawaii, for instance, hasn’t seen a mass shooting since 1999. Florida, on the other hand, has had six such incidents, defined by the US government as four or more people killed by a single individual, in the last three years alone, according to data from the nonprofit Gun Violence Archive. And like other forms of gun violence—including homicide, suicide, and unintended accidents—researchers are finding that mass shooting events happen more often in states with looser gun laws.

Because while Congress may not have passed any national gun laws in the aftermath of past mass shootings, individual state legislatures have. And as the disparity between states with weak gun laws and those with tough ones has widened, so too has the gap in mass shootings. Which means that terrorist acts like those committed in El Paso and Dayton over the weekend are more likely to keep happening to people who live in places where it’s easy to buy, sell, and carry guns. The country is splitting into the gun law-haves, and the gun law have-nots, and deadly statistics are now revealing the impact those policy decisions have on people’s lives.

Studying mass shootings, which make up only a tiny fraction of all gun deaths, has long been tricky, because of their historical rarity and a general dearth of data on guns or gun deaths. (That’s because of research-stifling federal legislation that was only recently overturned.) But one ironic effect of there being more mass shootings lately is scientists now have enough data to start to see trends emerging.

In a paper published earlier this year in BMJ (previously the British Medical Journal), epidemiologists at Columbia University looked back at the Federal Bureau of Investigation’s crime database from 1998-2015 to calculate annual rates of mass shootings in each state. Then they matched that up against each year’s edition of the Traveler’s Guide to the Firearms Laws of the Fifty States—an annual report that tracks any changes to gun laws in all 50 states and rates each one on their permissiveness. Published by a Kentucky attorney-slash-arms dealer for a gun-toting audience, the guide is frequently promoted by the National Rifle Association. States are scored zero (for completely restrictive) to 100 (for completely permissive) based on 13 factors, including the right to carry guns in the open, limitations on the types of guns state residents can own, and whether out-of-state gun permits are recognized.

What the researchers found was that over time states have dug themselves into a bimodal distribution. That is, they’ve self-clumped into two distinct groups—a smaller one made up of eight states scoring between five and 25 and the other, much larger one, clustered around scores from 70 to 100. “One of the most interesting things about this data is that we aren’t seeing a full spectrum, because there just aren’t that many states directly in the middle,” says Paul Reeping, the study’s lead author.

When they compared those scores to mass shootings per million residents, they found that for every 10-point relaxation in a state’s gun laws, the rates of mass shootings in that state increased by 11.5 percent. This trend showed up even after the models were adjusted for population demographics like household income, unemployment, poverty, education, incarceration rates, and race. The eight most restrictive states include Hawaii, Massachusetts, New Jersey, Connecticut, Maryland, California, Illinois, and New York. Leading the pack in both permissive laws and mass shooting rate were Vermont, South Carolina, Louisiana, and Arizona. (Florida, where the Parkland shooting took place last year, was the only state not included in the analysis because it doesn’t participate in the FBI’s Uniform Crime Reporting program.)

Both Texas and Ohio, where the latest terror attacks were carried out, also scored high on gun law permissibility. In both states it’s legal to carry concealed weapons in public, provided the gun owner has the proper permits to own it. In Texas, permits are issued to applicants over the age of 21 who pass a four-to-six-hour training course and don’t have any pending criminal charges. According to Ohio’s gun laws, residents 21 years and older must complete an eight-hour training course, not be addicted to any controlled substances, and be able to pass a criminal background check.

Most relevant to the recent killings in El Paso and Dayton though, is the fact that the semi-automatic weapons used to carry out the attacks can be purchased legally. Only six states and the District of Columbia have enacted bans on these types of military-style firearms. Texas and Ohio are not among them. Both states also allow large-capacity magazines like those the gunmen in both El Paso and Dayton appear to have used to fire dozens of rounds in seconds without having to reload.

It’s worth noting here that while living in a state with strict gun laws does appear to confer some significant public health advantages—fewer gun-related suicides and homicides, one recent study found it cut rates of premature deaths in half—those laws only go so far. Motivated individuals will find ways around them, either over the internet or across porous state borders. The gunman who killed three people in Gilroy, California, in July, for example, traveled to Nevada to buy a military-style rifle configured in a way that was illegal in his home state.

And this type of thing happens a lot. Second Amendment activists often point to Chicago, a city with rampant gun violence in a state that has some of the nation’s strongest gun laws. But most of the guns recovered in Chicago were purchased outside Illinois, in neighboring states with laxer laws, according to a 2017 report by the Chicago Mayor’s Office.

But at least according to Reeping’s analysis, the trend of more permissive laws being linked to more mass shootings is actually gaining momentum. Starting around 2010, the data begins really diverging—mass shooting rates dropped in states with restrictive laws as they accelerated in states with more lax ones.

Reeping says this could be related to polarizing trends in gun policy-making, as generally permissive states make their laws more relaxed and restrictive states clamp down tighter and tighter in the face of rising violence. In Texas, for instance, where four of the ten deadliest mass shootings in US history have taken place, ten new pro-gun laws are set to take effect before the end of the month. The associations are strong, though Reeping shies away from suggesting any causality in the data. “There’s so much going on and we can’t control for everything,” he says. But as an epidemiologist he gets frustrated that the American public is willing to believe every study that suggests coffee is associated with living longer or that eating chocolate is linked to lower rates of depression but view the data linking gun laws to gun violence with suspicion.

“Right now we can only do associational studies because there isn’t the money to do the larger, more prospective studies that could answer these questions definitively,” he says. “But even now we have very, very strong indicators based off the number of studies published that more permissive gun laws really do have an effect.”

---

More Great WIRED Stories

Disney announces $12.99 bundle for Disney+, Hulu, and ESPN+ originally published on The Verge

Disney will offer a bundle package of its three streaming services — Disney+, Hulu, and ESPN+ — for $12.99 a month starting on November 12th, the company announced today.

The company previously hinted at a bundle for all three services, but CEO Bob Iger made it official during the company’s investors call today. At $12.99, the bundle is cheaper than or on par with competitive streaming services, including Netflix and Amazon Prime Video. It’s also significantly cheaper than HBO Max’s rumored streaming price of $16-$17 a month. Hulu is currently available for $5.99 a month (with ads), and ESPN+ costs $4.99 a month. ESPN+ is the Disney-owned sports streaming platform, which carries “hundreds of MLB, NHL and MLS games, Grand Slam tennis, Top Rank boxing, PGA Tour golf, college sports, international rugby, cricket, the full library of ESPN Films including 30 for 30, and more.” It’s also now the streaming destination for UFC fights, which Disney no doubt hopes can make up for the lack of SportsCenter and other banner shows from ESPN the cable network.

There are a few questions that did not get addressed on the call. Disney+, for example, will eventually launch in international markets. It’s unclear if that will be the same for the bundle because of regional issues with content. Hulu, for example, is not available in Canada, but Disney wants to bring Hulu to international markets, too. The big question is ESPN+, again because of regional licensing issues. Iger told investors the company doesn’t have “anything to announce right now in terms of markets.”

Most of the interest from investors, however, was still on Disney+. Iger spoke quite a bit about Disney+ during the investors call, referring to the service as “the most important product the company has launched in my tenure.”

“The positive response to our direct-to-consumer strategy has been gratifying, and the integration of the businesses we acquired from 21st Century Fox only increases our confidence in our ability to leverage decades of iconic storytelling and the powerful creative engines across the entire company to deliver an extraordinary value proposition to consumers,” Iger said in a press release.

The streaming services is likely to be available through “Amazon, Apple, and other distributors,” according to Iger. Disney has not finalized any deals with the aforementioned companies, but told investors “we feel it’s important for us to achieve scale quickly, and we think it’s going to be an important part of that. They’re all interested in distributing the product.”

Disney’s goal heading into the direct-to-consumer space is ultimately to provide a ton of content in three distinct areas: general entertainment, family, and sports. The bundle is a way for Disney to offer consumers, many of whom are about to be inundated with multiple streaming services to choose from in the coming months, on top of free online entertainment (YouTube, Twitch), a low-priced option.

“That $12.99 bundle offers consumers tremendous volume, trememdous quality, and tremendous variety for a good price.”

Apple subsidiary FileMaker returns to its original name from the ’80s originally published on The Verge

After two decades of operating under the name FileMaker, the Apple-owned software company has decided to return to its original name: Claris.

Apple first created Claris in 1986 when it was under the leadership of John Sculley. Claris was meant to become an independent company focused on making software for the Mac, but three years later, Sculley changed course and bought back a minority ownership that had been sold off. Claris originally worked on programs like MacDraw, MacWrite, and MacPaint, but FileMaker became its leading product in the ’90s, selling 3 million copies a year across Mac and Windows.

In 1998, Apple gutted Claris and renamed it FileMaker, laying off around 300 employees and bringing most of its software back in-house. At the time, Apple was regularly seeing steep quarterly losses and had laid off thousands of employees of its own. Given Claris’ success, though, the change was unexpected. Wired called it “the most recent in an ongoing and bizarre series of moves for Apple and its software subsidiary.”

FileMaker has continued to develop its custom database software since then, and it’s been successful: the 300-person company has been profitable for two decades and says it has 50,000 business entities with more than 1 million users on its products. Its core product can be used to build apps that run on macOS, Windows, iOS, or in the cloud; some coding experience is required, but it’s supposed to offer companies or departments the ability to create custom software that’s a better fit than off-the-shelf products.

Now, the company wants to branch out beyond its one and only app. Today, it’s announcing the acquisition of Stamplay, an Italian startup that made software to automate business processes, with a focus on web tools that FileMaker has lacked. The acquisition was first reported in March (though Apple was seen as the buyer), with Italian media pegging the price at around 5 million euros (about $5.55 million USD). Stamplay will be rebranded Claris Connect, with Stamplay’s CEO remaining in charge of the app.

After 20 years under one leader, FileMaker got a new CEO in March. Its new CEO, Brad Freitag, tells The Verge that with people becoming “increasingly comfortable” with tech in the workplace, there’s a growing opportunity to provide software that helps that “digital transformation.” That means there are more products to come from Claris, rather than another two decades focused on the same app. “Our vision is to enhance the number of services we offer to the market,” Freitag said.

As for the name change, Freitag says the company hired a branding agency and looked at around a thousand possible names. Ultimately, the team just liked what it already had. “We’re proud of our legacy,” Freitag said. “We want to bring that along.”

Apple Card Available Today in Phased Rollout, Full Launch Coming Later in August

https://ift.tt/2GNMz2m

(View full size)

Today Apple is officially launching its latest service, Apple Card, but only to a subset of users ahead of a broader rollout later this month. The new credit card is limited to US users running at least iOS 12.4, and today it will only be available to certain people who signed up on Apple’s website to be notified about Apple Card. If you’re part of that chosen group, applying for Apple Card can be done right inside the Wallet app, where the card will be added for immediate use upon credit approval; a physical credit card is also mailed out if you choose to receive one, built from titanium. For those who don’t get invited for early access, the full Apple Card launch will arrive before the end of August.

Apple Card is the company’s first official entry into the personal finance sector. In partnership with Goldman Sachs, Apple is positioning Apple Card as the kind of tech-native, user-friendly, hassle- and fee-free card that you can’t get anywhere else – at least not with the same level of Apple device integration. Once you’re an Apple Card customer, then inside the Wallet app in iOS 12.4, you’ll be able to find all your transactions, current balance, tools to help you avoid or minimize accruing interest, and more. Some of Apple Card’s features are common among competing credit cards and banking apps, while others are more rare. Even with something common though, like a transaction list, Apple is putting its own spin on the feature: using machine learning and location information from Apple Maps, Apple makes transaction data more informative for Apple Card purchases, so that rather than an obscure line item like ‘3519 N Clark, C101’ you’ll see ‘7-Eleven, Chicago, IL’ and even the 7-Eleven logo. The use of business logos next to transactions is a small, but impactful differentiator.

(View full size)

Like other credit cards, Apple Card offers its own reward system in the form of Daily Cash. As you make charges on the card, you’ll accrue cash back that can be withdrawn daily via the Apple Cash card in iOS, which previously debuted as a way to send cash to friends over iMessage using Apple Pay. Daily Cash rewards earned from Apple Card can be accessed at any time by managing your Apple Cash balance, which you can transfer to a bank account at no charge. 2% Daily Cash is earned for Apple Pay transactions, 3% for purchases from Apple (including the App Store), and 1% for everything else.

Select journalists received hands-on time with Apple Card ahead of its soft rollout today, such as Matthew Panzarino at TechCrunch and Nilay Patel at The Verge, and their early impressions indicate Apple has successfully delivered the kind of experience it promised for Apple Card – simple, iPhone-native, and with a touch of Apple whimsy.

Apple first debuted Apple Card at its services-oriented event this March, and it now becomes the second service announced at that event to launch publicly, following Apple News+ and preceding Apple Arcade and Apple TV+. It’s very different from all the other services announced in March, and indeed stands apart from any other product offered by the company, so perhaps it’s fitting that the service’s rollout is different too. Initial interest in Apple Card was high, so it will be interesting to see whether a successful rollout might lead to more finance-related services in the future.

Support MacStories Directly

Club MacStories offers exclusive access to extra MacStories content, delivered every week; it’s also a way to support us directly.

Club MacStories will help you discover the best apps for your devices and get the most out of your iPhone, iPad, and Mac. Plus, it’s made in Italy.
Join Now

Tech News

via MacStories https://ift.tt/1IWqw00

August 6, 2019 at 07:14AM

Why Street Sharks is the Most Underrated Cartoon of the ’90s

https://ift.tt/2Kr8CwQ

The ’90s gave rise to numerous "too cool for school" cartoons with tubular protagonists, almost all of which tried to capitalize on the success of Teenage Mutant Ninja Turtles and, later, Sonic the Hedgehog. Most of these shows came and went, becoming nothing more than the answer to a particularly difficult Saturday Morning Cartoon trivia question.

While most of this was deserved, some of these shows were definitely diamonds in the rough. Chief among these was Street Sharks, which was possibly the most blatant TMNT ripoff on paper. Despite this, the show used this to its advantage, featuring many of the same strengths as that franchise. As it reaches its 25th anniversary, let’s look back at one of the forgotten gems of the ’90s.

The basic premise of Street Sharks is that four brothers (John, Bobby, Coop and Clint) are mutated into humanoid sharks after being kidnapped by their father’s evil lab partner, Dr. Paradigm. Dubbing themselves the Street Sharks, they take on the tubular new nicknames Ripster (a great white shark), Jab (a hammerhead), Streex (a tiger shark) and Big Slammu (a whale shark). Together, they fight the monstrous mutant threats that Paradigm sends and defend the people of Fission City, despite being hated and feared by them.

The show had a basic monster of the week format more befitting cartoons of the ’80s. Many of the mutants, including the sharks, feel barely developed, if at all. Conversely, Dr. Paradigm is the quintessential Saturday Morning Cartoon villain, consistently embarking on inane, meandering quests and speaking in a bad accent that lands somewhere between German and Caribbean.

RELATED: Nostalg-ICK: 15 Classic 90s Cartoons That Are Unwatchable Today

When the show wasn’t by the numbers, it was outright weird. Episodes featured storylines involving underground crocodile societies, Cold War allegories in a country called Chernosium and a character named Moby Lick. There were also wolverine/centipede hybrids called wolverinepedes. What else made it stick out among the sea of Turtles wannabes? The fact that it ripped off the TMNT so well, of course.

Much like the 1980s Teenage Mutant Ninja Turtles cartoon, Street Sharks was littered with colorful characters that begged to be bought in toy form. There were monsters like Slobster (a mutant lobster that had Genghis Kahn and Thomas Blood’s DNA), the poisonous squid Killamari and the mobster Maximillian Greco, who is a combination of a rhino and a tortoise. The similarities to Splinter, Bebop, Rocksteady and Baxter Stockman were obvious. Both shows even featured alien dinosaurs!

There was also the unique slang that both shows employed. The TMNT used surfer slang, namely "cowabunga." Meanwhile, the Street Sharks would shout out fish puns such as "Jawsome," or the ever clever "fintastic!" It was ironically a foreshadowing of the 2003 Teenage Mutant Ninja Turtles revamp and its predilection for using the word shell as a euphemism.

Both shows, even more than other cartoons of the time, were blatant vehicles for some jawsome action figures. The show came after the toys in Street Sharks’ case, and one of the promotional videos used to sell the concept to Mattel even featured a then unknown Vin Diesel!

Like most cartoons of the time, especially of the TMNT ripoff variety, Street Sharks was sure to inject a healthy bit of poorly done environmentalism. Season 1’s unseen narrator constantly mentions the planet’s worsening environmental conditions, with all of the unintended irreverence that viewers should expect from a contemporary of Captain Planet. It also makes some behind the scenes sense, as one of the series’ creators would use his royalties to become an environmental activist.

RELATED: 20 Incredible Cartoons That Only 90s Kids Will Remember

Despite this poor discussion of pollution and the psychedelic by way of MTV color scheme, the show did have some darker elements. This is namely seen in the sheer body horror of its constant mutations. The allusions to the damage being done to the Earth through man’s arrogance can also put a dour spin on what is usually a rather wacky show. There was also an episode that dealt with steroids hitting the streets, an obvious attempt to tell kids to just say no.

Given that the TMNT franchise was the obvious inspiration for Street Sharks, and that franchise has seen numerous reboots and relaunches, why hasn’t Street Sharks? For one thing, the TMNT franchise featured a lot more pliability, even in the ’90s. The original comics were notably darker than the toy commercial that it spawned, and the live-action movies that came out after the cartoon were a thematic halfway point between the two.

Conversely, as cheesy as the ’80s cartoon may have been, the 2003 Turtles cartoon was far more serious, and hued closer to the comics. Meanwhile, the Street Sharks only had their cartoon, which lasted 40 episodes. While the toys were very popular, this lack of media presence meant that the Sharks would be absorbed by the TMNT whirlpool like other would-be franchises.

When ’90s nostalgia takes off, and the inevitable Street Sharks live-action movie is made, let’s just hope that Michael Bay isn’t involved.

NEXT: Whatever Happened to… TMNT Cards and Turtle Pies?

comics

via ComicBookResources https://www.cbr.com

August 5, 2019 at 08:50PM

Why Banning 8chan Was So Hard for Cloudflare: ‘No One Should Have That Power’

https://ift.tt/2ZvQCI8

Early Monday, 8chan, the anonymous message board where the man accused of carrying out the El Paso massacre posted his manifesto, went offline.

The man most responsible for the outage wasn’t Jim Watkins, 8chan’s owner, or his son Ronald, the message board’s administrator.

Instead, the decision to take 8chan offline, at least temporarily, fell largely to Matthew Prince, the chief executive of the little-known San Francisco company Cloudflare.

Cloudflare provides tools that protect websites from cyberattacks and allows sites to load content more quickly. It is a critical tool for sites like 8chan where extremists gather. Without the kind of protection that Cloudflare offers, 8chan can be barraged by automated, hard-to-prevent attacks from its critics, making it nearly impossible to stay online.

Mr. Prince has become an unlikely focal point for critics of 8chan and other vile parts of the internet. Cloudflare’s service protects a large chunk of the internet, and for years, the decade-old company avoided making decisions about which sites deserved protection and which did not.

That changed in 2017, after white nationalists held a violent rally in Charlottesville, Va. After the rally, Mr. Prince was pressured to remove The Daily Stormer, a neo-Nazi hate site, from Cloudflare’s service. He eventually agreed to do so. It was a break from the company’s content-neutral stance, and Mr. Prince expressed reservations about his choice.

“I woke up in a bad mood and decided someone shouldn’t be allowed on the internet,” he said at the time. “No one should have that power.”

[8chan is a megaphone for gunmen. ‘Shut the site down,’ says its creator.]

But as one of several internet executives with control over the web’s most basic infrastructure, Mr. Prince does have that power. And in the wake of the El Paso shooting, the calls for him to exercise it by revoking 8chan’s security protections grew louder. I wanted to talk to him about how he thought through the decision, and about how he eventually chose to effectively kick 8chan off the internet, if only temporarily.

In two interviews on Sunday, Mr. Prince expressed a range of views about Cloudflare’s responsibility with regard to 8chan.

In a phone conversation in the early afternoon, Mr. Prince sounded torn: On one hand, 8chan was clearly reprehensible, and depriving it of the protection Cloudflare provides would rid him of a troublesome customer and a huge headache. On the other hand, banning 8chan could set a bad precedent, and it could make it harder for law enforcement authorities to monitor violent extremists. Cloudflare, like other tech companies with a window onto dark internet activity, can share information about crimes with investigators.

Banning 8chan “would make our lives a lot easier,” Mr. Prince said, “but it would make the job of law enforcement and controlling hate groups online harder.”

[Read the latest updates on the shootings in El Paso and Dayton, Ohio.]

Among Cloudflare employees, there was disagreement. Some thought that banning 8chan was a clear-cut moral imperative; others thought it could create a slippery slope to censorship. Douglas Kramer, Cloudflare’s general counsel, spent much of Sunday afternoon telling news outlets that Cloudflare would not ban 8chan because of its content, saying, “We’re largely a neutral utility service.”

Hours later, Mr. Prince called me back. He had decided to cut off 8chan. He characterized the site as a “lawless” platform that had willfully ignored warnings about violent extremism. Its tolerance for hate, he said, made 8chan different from other sites where extremists gather, like Facebook or Twitter.

“They’ve been not only actively ignoring complaints they receive, but sometimes weaponizing those complaints against people who are complaining about them,” Mr. Prince said. “That lawlessness feels like a real distinction from the Facebooks of the world.”

Removing 8chan was not a straightforward decision, Mr. Prince said, in part because Cloudflare does not host or promote any of the site’s content. Most people would agree, he said, that a newspaper publisher should be responsible for the stories in the paper. But what about the person who operates the printing press, or the ink supplier? Should that person be responsible, too?

Image

“It’s dangerous for infrastructure companies to be making what are editorial decisions,” he said. “The deeper you get into the technology stack, the harder it becomes to make those decisions.”

Ultimately, Mr. Prince said, he decided that 8chan was too centrally organized around hate, and more willing to ignore laws against violent incitement in order to avoid moderating its platform. The realization, along with the multiple mass murders that the authorities have connected to 8chan, tipped the scale in favor of a ban.

“If we see a bad thing in the world and we can help get in front of it, we have some obligation to do that,” he said.

Mr. Prince, who announced the removal of 8chan from Cloudflare in a 1,300-word blog post on Sunday night, still worries about setting a bad precedent. He theorized that a repressive Middle Eastern government could cite the 8chan example when asking Cloudflare to remove security protections for an L.G.B.T. group inside its borders, since it might technically be “lawless” to promote homosexuality in that country.

“We have to make sure we’re setting policies where we can push back on those things,” he said.

He added that even if a hacker took advantage of 8chan’s lack of defenses, he did not expect the site to stay offline for long. Many companies now offer security services similar to Cloudflare’s, and it might be possible for 8chan to find another provider in short order. (8chan was down for hours on Monday morning, although its administrator said on Twitter that the site would soon be back up after moving to another security provider, BitMitigate.)

It is undeniably true that the underlying problem of online hate is bigger than one website, and that taking 8chan offline, even permanently, would not stop violent hatred from leaping off the internet and onto America’s streets. There will always be another message board, another hosting provider, another security service willing to give harbor to extremists.

But as he prepared to serve 8chan with an eviction notice, Mr. Prince sounded sure of his choice.

“We’ll see how this turns out,” he said. “I don’t think I’m going to regret this for a second.”

US News

via nytimes https://nytimes.com

August 5, 2019 at 10:45AM

Alejandro Bedoya Spoke Out on Gun Violence. Now He Is M.L.S.’s Player of the Week.

https://ift.tt/2YK9j9N

Major League Soccer officials will not punish the Philadelphia Union midfielder Alejandro Bedoya for grabbing a field microphone during a national television broadcast on Sunday night and urging Congress to act to end gun violence.

The shouted statement, which came moments after Bedoya scored the opening goal in a Union victory, was not out of character for the player, who had expressed — in more explicit terms — a similar call to action on social media in the hours before the match. But it created a potentially uncomfortable situation for M.L.S., which has striven, often in opposition with its own fans, to keep political signs and banners out of its stadiums.

An M.L.S. official, speaking after a league meeting on the incident Monday morning, said Bedoya would not face a fine or a suspension. Hours later, the league issued a brief statement that acknowledged the right of players to express their opinions. The statement made no mention of Bedoya specifically, or his action on Sunday.

“The Major League Soccer family joins everyone in grieving for the loss of lives in Texas and Ohio, and we understand that our players and staff have strong and passionate views on this issue,” the statement said.

Bedoya, a former member of the United States national team, scored the opening goal in the Union’s 5-1 win over D.C. United on Sunday night and then peeled off toward the sideline, where he celebrated with his teammates. But as the gathering broke up, Bedoya headed to a microphone placed on the grass in the corner of the field and shouted: “Congress, do something now. End gun violence. Let’s go.”

The game was broadcast on Fox Sports 1, and Bedoya’s message into the microphone, several of which are positioned around the field at every game to pick up the sounds of the action, could clearly be heard by viewers. It could not be heard in the stadium however.

The message was vague, understandable given its brevity. But Bedoya’s social media made clear what kind of action he was seeking. Bedoya, the team captain, had tweeted earlier in the day about the weekend mass shootings that killed 29 people in El Paso and Dayton, Ohio, saying “We can start with stricter background checks, red flag laws, making a registry for gun purchases, closing gun show loopholes, and taxing ammunition.”

Though his on-field message was brief, it nonetheless caused a stir. While some athletes have been outspoken on political issues, and have taken actions as varied as kneeling during the anthem and wearing shirts with printed messages during pregame warm-ups, that activity has seldom taken place on the field of play during a game.

In extended postgame remarks, Bedoya said: “It’s absurd man. I’m not going to sit idly and watch this stuff happen and not say something. Before I’m an athlete, a soccer player, I’m a human being first.”

His coach, Jim Curtin, and his team expressed their full support for Bedoya after the game.

“The Philadelphia Union support Alejandro Bedoya,” the team said in a statement. “He is taking a stand. The events that transpired this weekend across the country are deplorable. Our hearts go out to everyone affected.”

Curtin said after the game, “I’m on Alejandro’s team on the Philadelphia Union and I’m on Alejandro’s team in support of his comments on gun control.” Curtin called the number of mass shootings in the United States “outrageous.”

Bedoya, 32, is of Colombian heritage but was born in New Jersey and played college soccer in the United States. After spells in Sweden, Scotland and France, he joined the Union in 2016. He was a regular with the United States national team earlier in the decade and represented it at the 2014 World Cup in Brazil.

Last year, after a shooting at a school in Parkland, Fla., near where he grew up, he expressed solidarity with victims of that attack.

In the hours after the game, M.L.S. fans created several crowdfunding campaigns to raise money to pay any potential fine Bedoya received.

The league has sometimes struggled this year to deal with political statements by its fans, juggling supporting a right to free speech with taking action against hateful comments.

After news emerged that right-wing extremists had been attending New York City F.C. games, M.L.S. Commissioner Don Garber said the league would not bar them pre-emptively because “our job is not to judge and profile any fan.” His position was that the league would only attempt to police political behavior and fan misconduct inside stadiums, but after the comments drew widespread criticism Garber clarified his remarks, saying, “Major League Soccer condemns hateful groups, hateful actions and speech.”

The incident did little to cool a simmering feud between the league and the fan groups it has cultivated as the core of its matchday experience. Before this season, the Independent Supporters Council, a coalition of fan groups, and groups devoted to individual teams took exception to changes to the league’s code of conduct. The code barred using “political, threatening, abusive, insulting, offensive language and/or gestures.”

The supporters objected to the word “political,” and the council said in a statement, “We, as an organization, feel strongly on ensuring that displays of human rights are not mistaken for political statements.”

Fans in Seattle were barred in July from displaying a flag of the Iron Front, a group that fought the Nazis before World War II. The team said the flag was prohibited political imagery. It later apologized.

Many fans voiced their support for Bedoya. In response to a tweet from the league asking fans to choose a player of the week, the replies were nearly unanimous. Though he wasn’t one of the listed candidates, by far the most common response was a hashtag: “#VoteBedoya.”

More Coverage From The Times

Mass Shootings in Dayton and El Paso: Live Updates

Aug. 5, 2019

Acrimony F.C.: M.L.S. Teams and Fan Groups Navigate a Rocky Marriage

March 2, 2018

US News

via nytimes https://nytimes.com

August 5, 2019 at 07:03PM

A design firm is hosting a contest to encourage people to reimagine cybersecurity stock images

https://ift.tt/2KnCI4f

Cybersecurity stock images are predictable at this point: a hooded man with a shadowy face in front of a keyboard or a mysterious person in front of binary code. A design firm called OpenIDEO thinks these images can be better, so it’s hosting a contest to entice visual creators to make images that are eye-catching, informative, and clear. “Cybersecurity,” which could mean data breaches, hacks, or policy changes, is a difficult concept to visually represent, so OpenIDEO is going to reward creators for their work. The group, in association with a private organization called the William and Flora Hewlett Foundation, issued an open call late last month for cybersecurity-related image submissions with plans to award $7,000 to up to five people.

Contestants can submit their ideas until August 16th, and once that date passes, the organization will review submissions. A shortlist of winners will be announced on September 4th. Each of them will receive $500 and a mentorship period to finish up their plans and design a final submission. From there, the top ideas will be announced on October 24th, and the $7,000 prizes will be awarded. The images could show up in technical or policy reports, presentations, or news pieces. All winning submissions have to consent to free licensure through Creative Commons, which means anyone would have permission to use them. Here’s hoping someone submits incredible imagery, so we can move beyond the “hooded man behind a keyboard” trope.

Tech News

via The Verge https://ift.tt/1jLudMg

August 4, 2019 at 09:02AM