Slashdot

An anonymous reader quotes a report from ZDNet: Users of Kodi, a popular media player and platform designed for TVs and online streaming, have been the targets of a malware campaign, ZDNet has learned from cyber-security firm ESET. According to a report that will be published later today and shared with ZDNet in advance, the company’s malware analysts have uncovered that at least three popular repositories of Kodi add-ons have been infected and helped spread a malware strain that secretly mined cryptocurrency on users’ computers. ESET researchers say they found malicious code hidden in some of the add-ons found on three add-on repositories known as Bubbles, Gaia, and XvBMC, all offline at the time of writing, after receiving copyright infringement complaints. Researchers said that some of the add-ons found on these repositories would contain malicious code that triggered the download of a second Kodi add-on, which, in turn, would contain code to fingerprint the user’s OS and later install a cryptocurrency miner. While Kodi can run on various platforms, ESET says that the operators of this illicit cryptocurrency mining operation only delivered a miner for Windows and Linux users. The crooks reportedly mined for Monero, infecting over 4,700 victims and generating over 62 Monero coins, worth today nearly $7,000.

Zorro shares a report from BloombergQuint: The Great Crypto Crash of 2018 looks more and more like one for the record books. As virtual currencies plumbed new depths on Wednesday, the MVIS CryptoCompare Digital Assets 10 Index extended its collapse from a January high to 80 percent. The tumble has now surpassed the Nasdaq Composite Index’s 78 percent peak-to-trough decline after the dot-com bubble burst in 2000. Like their predecessors during the Internet-stock boom almost two decades ago, cryptocurrency investors who bet big on a seemingly revolutionary technology are suffering a painful reality check, particularly those in many secondary tokens, so-called alt-coins. “It just shows what a massive, speculative bubble the whole crypto thing was — as many of us at the time warned,” said Neil Wilson, chief market analyst in London for Markets.com, a foreign-exchange trading platform. “It’s a very likely a winner takes all market — Bitcoin currently most likely.” Wednesday’s losses were led by Ether, the second-largest virtual currency. It fell 6 percent to $171.15 at 7:50 a.m. in New York, extending this month’s retreat to 40 percent. Bitcoin was little changed, while the MVIS CryptoCompare index fell 3.8 percent. The value of all virtual currencies tracked by CoinMarketCap.com sank to $187 billion, a 10-month low. “Crypto bulls dismiss negative comparisons to the dot-com era by pointing to the Nasdaq Composite’s recovery to fresh highs 15 years later, and to the internet’s enormous impact on society,” reports BloombergQuint. “They also note that Bitcoin has rebounded from past crashes of similar magnitude. But even if the optimists prove right and cryptocurrencies eventually transform the world, this year’s selloff has underscored that progress is unlikely to be smooth.”

Jack Wallen, writing for TechRepublic: For a company to support Linux, they have to consider supporting: Multiple file systems, multiple distributions, multiple desktops, multiple init systems, multiple kernels. If you’re an open source developer, focusing on a single distribution, that’s not a problem. If you’re a company that produces a product (and you stake your living on that product), those multiple points of entry do become a problem. Let’s consider Adobe (and Photoshop). If Adobe wanted to port their industry-leading product to Linux, how do they do that? Do they spend the time developing support for ext4, btrfs, Ubuntu, Fedora, GNOME, Mate, KDE, systemd? You see how that might look from the eyes of any given company? It becomes even more complicated when companies consider how accustomed to the idea of “free” (as in beer) Linux users are. Although I am very willing to pay for software on Linux, it’s a rare occasion that I do (mostly because I haven’t found a piece of must-have software that has an associated cost). Few companies will support the Linux desktop when the act of supporting means putting that much time and effort into a product that a large cross-section of users might wind up unwilling to pay the price of admission. That’s not to say every Linux user is unwilling to shell out the cost for a piece of software. But many won’t.

The economy continues to be a friendly place for job seekers today, and not just for the ultra-educated — economists are predicting ever-improving prospects for workers without a degree as well. From a report: Recently, job-search site Glassdoor compiled a list of 15 top employers that have said they no longer require applicants to have a college degree. Companies like Google, Apple, IBM and EY are all in this group. In 2017, IBM’s vice president of talent Joanna Daley told CNBC Make It that about 15 percent of her company’s U.S. hires don’t have a four-year degree. She said that instead of looking exclusively at candidates who went to college, IBM now looks at candidates who have hands-on experience via a coding boot camp or an industry-related vocational class.

An anonymous reader quotes a report from Motherboard: A new survey by Consumer Reports once again highlights how consumers are responding positively to [community-run broadband networks]. The organization surveyed 176,000 Consumer Reports readers on their experience with their pay TV and broadband providers, and found that the lion’s share of Americans remain completely disgusted with most large, incumbent operators. The full ratings are paywalled but available here to those with a Consumer Reports subscription. All the usual suspects including Comcast, Charter (Spectrum), AT&T, Verizon, and Optimum once again fell toward the bottom of the barrel in terms of overall satisfaction, reliability, and value, largely mirroring similar studies from the American Customer Satisfaction Index.

One of the lone bright spots for broadband providers was Chattanooga’s EPB, a city-owned and utility operated broadband provider we profiled several years back as an example of community broadband done well. The outfit, which Comcast attempted unsuccessfully to sue into oblivion, was the only ISP included in the study that received positive ratings for value. “EPB was the top internet service provider in our telecom ratings two times in the past three years,” Christopher Raymond, electronics editor at Consumer Reports told Motherboard. “Consumer Reports members have given it high marks for not only reliability and speed, but also overall value — and that’s a rare distinction in an arena dominated by the major cable companies,” he said.

From border crossings to hacking conferences, that Bitcoin or political sticker may be worth leaving on a case at home. From a report: Plenty of hackers, journalists, and technologists love to cover their laptop in all manner of stickers. Maybe one shows off their employer, another flaunts that local cryptoparty they attended, or others may display the laptop owner’s interest in Bitcoin. That’s all well and good, but a laptop lid full of stickers also arguably provides something of a red flag to authorities or hackers who may want to access sensitive information stored on that computer, or otherwise cause the owner hassle. “Conferences, border crossing[s], airports, public places — stickers will/can get you targeted for opposition research, industrial espionage, legal or investigative scrutiny,” Matt Mitchell, director of digital safety and privacy for technology and activism group Tactical Tech, told Motherboard in an online chat. Mitchell said political stickers, for instance, can land you in secondary search or result in being detained while crossing a border. In one case, Mitchell said a hacker friend ended up missing a flight over stickers.

An anonymous reader quotes a report from TorrentFreak: Facebook previously banned the sale of fully-loaded pirate streaming devices, as did Amazon and eBay, but the social network appears to have expanded this to all Kodi-powered hardware now. This is made clear in the prohibited content section of the company’s commerce policies, as shown below. Facebook states that users are no longer allowed to promote “the sale or use of streaming devices with KODI installed.” In addition, jailbroken or loaded devices are also banned from the platform. The issue was first noticed by CordCuttersNews which notes that sellers who violate the policy may have their Facebook accounts banned. Interestingly, Facebook will still permit the sale of “add-on equipment for KODI devices,” including keyboards and remotes. However, selling any devices with the software itself is no longer allowed.

Let’s Encrypt has announced that it is now directly trusted by all major root certificates including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. With this announcement, Let’s Encrypt is now directly trusted by all major browsers and operating systems. From a report: While Let’s Encrypt has already been trusted by almost all browsers, it was done so through intermediate certificate that were cross-signed by IdenTrust. As IdenTrust was directly trusted by all major browser vendors and operating systems, it also allowed Let’s Encrypt to be trusted as well. With Let’s Encrypt now being directly trusted, if there is ever a problem with IdenTrust and they themselves become untrusted, Let’s Encrypt users will still be able to function properly.

Brian Krebs reports: Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses. According to a lawsuit filed last month in the Western District of Virginia, the first heist took place in late May 2016, after an employee at The National Bank of Blacksburg fell victim to a targeted phishing email. The email allowed the intruders to install malware on the victim’s PC and to compromise a second computer at the bank that had access to the STAR Network, a system run by financial industry giant First Data that the bank uses to handle debit card transactions for customers. That second computer had the ability to manage National Bank customer accounts and their use of ATMs and bank cards.

An anonymous reader shares a report: If your PC doesn’t run Streaming Single Instructions Multiple Data (SIMD) Extensions 2, you apparently won’t be getting any more Win7 patches. At least, that’s what I infer from some clandestine Knowledge Base documentation changes made in the past few days. Even though Microsoft says it’s supporting Win7 until January 14, 2020, if you have an older machine — including any Pentium III — you’ve been blocked, and there’s nothing you can do about it.