Amazon is offering up to $100 off Sonos speakers right now

One of our favorite deals is available ahead of Friday!

Right now you can score up to $100 off select Sonos speakers at Amazon. This deal includes the first discount on the Sonos One, dropping it down to just $174.99. The Sonos One is the company’s first speaker that builds Alexa right into the speaker, and we had good things to say about it in our review.

• Sonos One – $174 (Normally $199)
• Sonos Play:1 – $149 (Normally $199)
• Sonos Play:3 – $249 (Normally $299)
• Sonos Playbase – $599 (Normally $699)
• Sonos 5.1 Home Theater System – $1,596 (Normally $1,792)

Best Buy also has these discounts available as part of its Early Access Black Friday sale.

TL;DR

• What makes this deal worth considering? – Sonos discounts are rather rare, and this is the first discount that we have seen on the Sonos One.
• Things to know before you buy! – The Sonos One is the newest speaker from the company, and has Amazon’s Alexa built right into it. All of the speakers are great and worth buying, but the Sonos One is what you will most likely be interested in right now.

Uber covered up a hack that compromised 57 million accounts

Uber was hacked. 50 million rider accounts were accessed. 7 million driver accounts as well. And Uber paid $100,000 to cover it all up.

Uber has revealed that, in late 2016, two hackers stole email addresses and phone numbers from Uber rider accounts, and the license numbers from U.S. driver accounts. Uber claims no credit card information, location data, or social security numbers were compromised. Yet, instead of disclosing the attack when it happened, Uber paid the hackers $100,000 to delete the data and keep it quiet.

From Bloomberg:

Uber said it believes the information was never used but declined to disclose the identities of the attackers.

“None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. “We are changing the way we do business.”

Uber’s co-founder and former CEO, Travis Kalanick, learned of the attack a year ago.

Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

The company claims it took steps to lock down its data and prevent any further unauthorized access.

Khosrowshahi has fired chief security officer Joe Sullivan and Craig Clark, a senior lawyer that reported to Sullivan.

Uber as also posted a statement to its company website which, along with an apology, reads:

You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it. What I learned, particularly around our failure to notify affected individuals or regulators last year, has prompted me to take several actions:

• I’ve asked Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help me think through how best to guide and structure our security teams and processes going forward. Effective today, two of the individuals who led the response to this incident are no longer with the company.
• We are individually notifying the drivers whose driver’s license numbers were downloaded.
• We are providing these drivers with free credit monitoring and identity theft protection.
• We are notifying regulatory authorities.
• While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection.

This is a complete and utter cluster. The breach was bad enough. The cover-up, a potential show-stopper.

Uber was at the forefront of a logistical revolution. They completely transformed the way people arranged for, paid for, and engaged with transportation services. But under its original leadership, it also accumulated a startling number of scandals. And the number of times it violated customer trust and good faith is staggering. This is just the garbage cherry on top of the unacceptable sundae.

If the new leadership had a lot of rebuilding to do before, it has even more now. The question is, how many of us will give them yet another chance?

How to delete your Uber account

Google has been secretly collecting Android users’ cell tower locations, risking a hit to its reputation

Google failed to disclose a pretty severe privacy violation and that’s bad for everyone, especially Android users.

Google makes no secret of the amount of user data it collects when someone signs up for its services. More so when he or she uses an Android phone. Given that Google is predominantly an advertising company, the more data accrued, the more targeted it can help its advertising partners be.

In the case of Android, Google makes the argument that by allowing it to collect location data, it can enhance services from Google Maps to Assistant, creating a web of context. It’s why using an Android phone feels so magical, because Google is doing so many things behind the scenes with all the data being shared.

But according to Quartz, the company has gone a bit too far this time.

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.

The upside is this: not only has Google collected the location data for nearby cellular towers of any Android device that connects to its notification service powered by Firebase Cloud Messaging (FCM), a cross-platform and more advanced version of Google Cloud Messaging that many apps use to send notifications, but it’s done so even when the user has no SIM card in his or her phone.

Companies like Google have no business collecting cell tower location data. Leave that to the cellular providers.

Google claims that the feature was enabled to “further improve the speed and performance of message delivery,” but the data was never incorporated into any notification enhancements. A Google spokesperson said, “we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”

Still, Quartz found this activity recently, on a current-generation Android phone; Google now says it will release an update later in the month to disable the practice altogether, but you have to wonder how long it would have taken to do so were it not caught.

Cell ID, or cell tower location data, is not something manufacturers or platform owners typically collect. Instead, the data is stored by the provider, such as T-Mobile or Verizon, and is rarely shared with outside vendors. Occasionally, the information is subpoenaed as part of a criminal investigation — remember the first season of Serial? — but it is understood that a person’s cell tower data because it is so valuable, is never to be shared with third-party advertisers.

Even though Google has assured us that the data was never stored, nor used for anything, this revelation could be a hit to Google’s already-fragile reputation when it comes to user privacy. The company has gone a long way to improve communication with its users over the past few years, making it fairly easy to opt-out of or remove location data or tune one’s cross-account privacy with a simple check-up.

Google has found itself in a position of having to defend a practice that is largely indefensible: it should never have been collection Cell ID data in the first place; it should never have done so without a SIM card present; and it should never have kept it a secret.

While this storm is likely to pass quickly, it’s sure to leave a sour taste in the mouths of Android users already worried about giving Google too much of their selves, willingly or otherwise.

Google Lens now available via Assistant on Pixel phones

Lens is rolling out now and will be available for everyone in a few weeks’ time.

When the Pixel 2 launched this past October, one of its new software tricks was Google Lens. Up until this point, the only way to actually use Lens was by taking a picture, going to Google Photos, and then tapping the Lens icon so it could scan whatever you’d captured. It worked, but it wasn’t the most graceful process in the world.

Thankfully, Lens is about to get a lot more useful now that it’s finally being integrated within Google Assistant. A couple of employees at Google confirmed that this would be happening soon late last month, and the final product is pretty much everything we were expecting.

When you bring up Google Assistant, you’ll now see a Lens icon near the bottom right of your screen. Tapping this will bring up a viewfinder for Google Lens, and tapping on something of interest will have Lens scan it and then provide you with any info it finds on that subject.

In its current form, you can use Google Lens to identify landmarks, look up movies, books, and art, scan barcodes/QR codes, save contact information from a business card, navigate to addresses, and more.

Google Lens is rolling out to all Pixel phones that are using Assistant in the English language in the United States, United Kingdom, Australia, Canada, India, and Singapore. It may take some time for Lens to hit your phone, but Google says the rollout should be complete within the coming weeks.

Google Lens: Everything you need to know

Google Pixel 2 and Pixel 2 XL

• Pixel 2 FAQ: Everything you need to know!
• Google Pixel 2 and 2 XL review: The new standard
• Google Pixel 2 specs
• Google Pixel 2 vs. Pixel 2 XL: What’s the difference?
• Join our Pixel 2 forums

Google Store
Project Fi
Verizon
Best Buy

Uber hid data breach that exposed info for 57 million users

Uber’s new CEO Dara Khosrowshahi has inherited yet another scandal from Travis Kalanick. The ridesharing firm has revealed to Bloomberg that it hid an extortion-oriented cyberattack which exposed the personal info for roughly 57 million customers and drivers in October 2016, including names, email addresses and phone numbers. Instead of reporting the hack to the government and users, it paid hackers $100,000 to delete the info and keep quiet for more than a year.

There’s no evidence the data was abused, Uber said. However, Khosrowshahi isn’t about to defend his company’s past behavior. “I will not make excuses for it,” he said in a statement. Accordingly, Uber has fired chief security officer Joe Sullivan and one of his deputies, senior lawyer Craig Clark, for playing key roles in covering up the truth. It’s also asking former National Counterterrorism Center director Matt Olsen for help structuring Uber’s security processes and has stepped up its fraud monitoring for the affected accounts. Drivers in particular are getting free credit monitoring and identity theft protection.

News of the data breach underscores just how much of a challenge Khosrowshahi faces in rethinking Uber’s toxic corporate culture. The company was continuing its longstanding habit of ignoring the law even after it had just settled a New York state lawsuit over data security disclosures, and was entering talks with the FTC that would lead to a settlement over data handling. If it could face those kinds of legal threats and still decide that concealing an attack was more important than protecting users, it clearly needs major reforms.

Source: Bloomberg, Uber

MIT’s DIY muon detector sniffs out cosmic particles

Scientists at MIT have designed a pocket-sized muon detector that can be easily made with common electrical parts, meaning anyone can kit themselves out with legitimately-functional Ghostbusters-esque gear for less than $100. The device detects the charged particles — muons — that come from the high-energy cosmic rays blasted from supernovae beyond the solar system. These particles last only a fraction of a second but can be found in every layer of the planet’s atmosphere, with some even penetrating the Earth’s surface and burrowing into rock and ice.

The device was originally intended as a miniature add-on to IceCube, the enormous particle detector buried deep in the South Pole, to help scientists sift out muons in their hunt for neutrinos, but the research team quickly realised its potential as a learning tool. The team has helped supply nearly 100 detectors to high school and college students, and has set up outreach program CosmicWatch, which lists the parts needed for the detector as well as instructions on how to build it, which should take an average high school student about four hours.

The team says it has plans to develop the device for use in muon tomography, which uses the distribution of muons to create 3D images of material surrounding the detector. This technique was famously used to search for hidden chambers in the Pyramid of Chephren, in Giza. Until then, though, would-be scientists can just have fun learning about esoteric physics while looking really cool.

Source: MIT

New York AG blasts FCC for refusing to help fight net neutrality spam

Were you frustrated that the FCC did nothing to look into bots flooding its public comment system with anti-net neutrality spam before deciding to kill net neutrality? So was New York. State Attorney General Eric Schneiderman has posted an open letter chastising the FCC for refusing to help investigate this “illegal conduct.” New York made requests for records “at least 9 times” between June and November, and asked key FCC officials (including Chairman Ajit Pai) for help, all to no avail — there was “no substantive response” to any of the inquiries, Schneiderman said.

This comes despite the scale of the apparent crime. There may have been “tens of thousands” of New York residents whose names were fraudulently used in the comments to oppose net neutrality, Schneiderman said, let alone those from other states. Impersonation is an issue that “should concern everyone” regardless of where they live or their political affiliation, he added, pointing out the similarities between this and Russia’s election influence campaign.

Schneiderman might not want to stay up all night anticipating a response. As we’ve seen in the past, the FCC under Pai has rejected any requests to look into attempts to skew net neutrality comments, whether it’s bot spam or the alleged cyberattack that made it difficult for net neutrality advocates to have their voices heard. Many critics have accused Pai of railroading the net neutrality repeal through the FCC, public opposition be damned, and one official’s letter is unlikely to make him change his mind.

Source: Eric Schneiderman (Medium)

First observed interstellar object is a speedy, cigar-shaped asteroid

Last month, astronomers running the Pan-STARRS 1 telescope in Hawaii spotted an intriguing object moving through our solar system and it became clear pretty quickly that the object, whether it was a comet or an asteroid, had come from outside of our solar system. Now, in a paper published this week in the journal Nature, researchers have described the interstellar visitor, dubbed ‘Oumuamua, including its peculiarities as well as its similarities to objects originating in our own solar system.

First, it turns out ‘Oumuamua, which is Hawaiian for “messenger from afar arriving first,” is most likely an asteroid, not a comet, because it lacks a comet’s hallmark coma — the cloud of gas that surrounds and trails a comet. Secondly, it has a super weird shape. It’s very long and skinny, about 1,300 feet long and around 130 feet wide, which was discovered because of the asteroid’s massive change in brightness as astronomers observed it moving away from Earth. “This unusually large variation in brightness means that the object is highly elongated: about ten times as long as it is wide, with a complex, convoluted shape,” Karen Meech, who led the international effort to observe the asteroid, said in a statement. Additionally, ‘Oumuamua is dark red in color, which is likely due to all of the cosmic rays that have hit it during the hundreds of millions of years it has been traveling through space.

The asteroid entered our solar system from above and made its closest pass by Earth on October 14th. Once Pan-STARRS 1 spotted it, a number of other observatories, including the European Southern Observatory’s (ESO) Very Large Telescope, put their sights on it too in hopes of getting as much information about the asteroid as possible during its short visit. ‘Oumuamua is now on a path that will eventually take it back out of our solar system. It passed Mars’ orbit on November 1st and is set to pass Jupiter’s next May and Saturn’s in January of 2019. Some ground-based telescopes are continuing to track the asteroid, as are are two of NASA’s space telescopes — Hubble and Spitzer, — until it fades from view, which will probably be sometime in mid-December.

While astronomers estimate that interstellar objects pass through our solar system around once per year, this is the first time one has been spotted, which is thanks to powerful telescopes like Pan-STARRS 1. Interestingly, though its shape is wildly different from our own asteroids’, ‘Oumuamua’s composition is quite similar, and both of those observations could help astronomers learn more about other solar systems and how they’re formed. “We are continuing to observe this unique object,” ESO researcher Olivier Hainaut said in a statement, “and we hope to more accurately pin down where it came from and where it is going next on its tour of the galaxy. And now that we have found the first interstellar rock, we are getting ready for the next ones!”

Image: NASA/JPL-Caltech

Via: Space.com

Source: Nature

Steam tweaks community reviews to fight spam

Valve has known that its platform Steam, the biggest marketplace for PC titles, has had a review problem for years. Groups of users abuse a game’s rating by ‘review bombing’ them, propping up negative feedback with far more ‘this was helpful’ votes than is humanly possible. While Valve tried a passive solution two months ago, but it didn’t fix the problem. So the company is trying a couple more changes: Diluting the effects of likely review-manipulators and making sure a game’s top ten reflect the title’s overall approval rating.

In other words, if 80% of a game’s players left a favorable review, eight out of its top ten reviews will be positive. That will help keep the small amount of artificially-inflated ‘bombed’ posts from drowning out feedback that’s representative of the community’s opinion.

The other fix tracks how many times an account votes that reviews are ‘helpful’ for a single game. Most users just mark a few reviews as helpful or not, and that feedback will continue to be counted normally. Those that blatantly mass-downvote other reviews — typically around 10,000 times on a single game, the Steam blog noted — will see each additional vote diluted more and more.

It’s continual tinkering that reflects how difficult it is to provide democratic and current feedback for a game to prospective buyers. Recently, Steam implemented a change that heavily weighted recent reviews to reflect the current state of the game and highlighted those with the highest percentage of ‘helpful’ votes; This unintentionally enabled ‘review bombing.’

This won’t be the last fix coming to Steam’s review system, either: Future tweaks will address how players feel about a game now after updates and changes, as well as filtering to account for issues that only affect players in certain regions.

Via: Gamasutra

Source: Steam

Hackers Stole Data From 57 Million Uber Drivers and Customers, Uber Paid $100K to Hide Attack

Uber suffered a massive data breach last year that exposed the personal data of 57 million customers and drivers, reports Bloomberg. The attack occurred in October of 2016 and included personal information from 50 million Uber riders and 7 million Uber drivers.

Two hackers reportedly accessed a private GitHub repository used by Uber’s software engineers and then used those credentials to breach an Amazon Web Services account that contained an archive of rider and driver information.

Email addresses and phone numbers were stolen from riders, while hackers were able to obtain email addresses, phone numbers, and driver’s license numbers from drivers. Uber says social security numbers and trip location data were not accessed in the attack.

Rather than disclosing the attack when Uber learned of it in November of 2016, the company instead paid hackers $100,000 to delete the data and keep quiet about the breach. Uber did not disclose the identity of the hackers, but did say it believes the information was not used or otherwise sold.

Uber’s new CEO, Dara Khosrowshahi, says the attack and the coverup should not have happened, and that Uber is “changing the way we do business.” Khosrowshahi says he is aiming to change the way Uber operates, and as part of that effort, Uber informed the FTC and attorney general about the attack this morning.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

Uber’s efforts to conceal the hack were led by chief security officer Joe Sullivan, who has been ousted from the company. Uber also let go of Craig Clark, a senior lawyer who worked with Sullivan.

In light of the attack, Uber has hired Matt Olsen, who previously served as general counsel at the National Security Agency. Uber says Olsen will help the company restructure its security teams.

Tag: Uber
Discuss this article in our forums