Month: January 2018

Enlarge / Maybe Twitter should try this approach for the 677,775 emails it says it will soon send to affected users. (credit: Warner Bros. / Sam Machkovech)

On Friday, Twitter took an end-of-the-week opportunity to dump some better-late-than-never news onto its userbase. For anybody who followed or engaged with a Twitter account that faked like an American during the 2016 election season but was actually linked to a major Russian propaganda campaign, you're about to get an email.

Twitter announced that it would contact a massive number of users with that news: 677,775 users to be exact. This count includes those who interacted with the 3,814 accounts that Twitter has directly linked to the Internet Research Agency (IRA), the Russian troll farm whose election-related meddling was exposed in 2017.

That number of accounts, Twitter noted, is a jump from Twitter's prior count of 2,812 IRA-linked trolls, which it had disclosed as part of an October 2017 hearing in Congress. Twitter says that this specific pool of troll accounts generated 175,993 posts during the 2016 period of activity that Twitter has been analyzing, and the service noted that 8.4 percent of those posts were "election-related." In its Friday disclosure, Twitter did not take the opportunity to acknowledge how the remaining percentage of these posts, which included anything from "I'm a real person" idle banter to indirect and divisive messaging, may have ultimately contributed to the troll farm's impact. (For example: Twitter CEO Jack Dorsey bit, and bit hard, on a known IRA account by retweeting two of its 2016 posts.)

Enlarge / If you bought directly from OnePlus in the last two months or so, double-check your credit statements.

Earlier this week, numerous reports of credit card fraud started pouring in from OnePlus users. On the company's forums, customers said that credit cards used to purchase a OnePlus smartphone recently were also seeing bogus charges, so OnePlus launched an investigation into the reports. It's now a few days later, and the company has admitted that its servers were compromised—"up to 40k users" may have had their credit card data stolen.

OnePlus has posted an FAQ on the incident. "One of our systems was attacked," the post reads. "A malicious script was injected into the payment page code to sniff out credit card info while it was being entered." OnePlus believes the script was functional from "mid-November 2017" to January 11, 2018, and it captured credit card numbers, expiration dates, and security codes that were typed into the site during that time. Users that paid via PayPal or a previously-entered credit card information are not believed to be affected.

OnePlus says it "cannot apologize enough for letting something like this happen." The company is contacting accounts it believes to have been affect via email, and OnePlus says it is "working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit."

Enlarge (credit: Kristin Andrus)

If it were easy to pin down the exact value for our planet’s sensitivity to greenhouse gas emission, it would have been done a long time ago—and you wouldn’t be reading yet another news story about it. It's not like we have no idea how sensitive the climate is. The range of possible values that scientists have been able to narrow it down to only spans from “climate change is very bad news” to “climate change is extremely bad news.”

But the difference between “very bad” and “extremely bad” is pretty important, so climate scientists aren’t throwing up their hands any time soon—as two new studies published this week show.

There are several basic strategies available for calculating the climate's sensitivity. These range from studying climate changes in the distant past to building and evaluating climate models to analyzing the warming over the last century or so. Each strategy has pros and cons. A handful of studies looking at the last century made waves a few years ago for yielding oddly lowball estimates of the impact of CO₂ on warming, for example. Later studies have found problems that push those estimates upward when corrected, but one of this week’s studies demonstrates that the entire strategy is inherently problematic.

Amazon founder and CEO Jeff Bezos. (credit: Steve Jurvetson)

Amazon on Friday announced that it has raised the price of its Prime membership program for those who subscribe on a month-to-month basis.

The plan previously cost $10.99 a month, but it will now cost $12.99 a month. That means the price of subscribing to the monthly Prime plan for a full year has jumped 18 percent, from $131.88 to $155.88. Those who currently subscribe to the monthly plan will see the price hike take effect on their first payment after February 18.

The e-commerce giant said it has also raised the rate of its cheaper Prime plan for students from $5.49 a month to $6.49 a month. The Prime Student plan launched this past October.

(credit: Malwarebytes)

Proving once again that Google Chrome extensions are the Achilles heel of what's arguably the Internet's most secure browser, a researcher has documented a malicious add-on that tricks users into installing it and then is nearly impossible for most to manually uninstall. It was available for download on Google servers until Wednesday, 19 days after it was privately reported to Google security officials, a researcher said.

Once installed, an app called "Tiempo en colombia en vivo" prevents users from accessing the list of installed Chrome extensions by redirecting requests to chrome://apps/?r=extensions instead of chrome://extensions/, the page that lists all installed extensions and provides an interface for temporarily disabling or uninstalling them. Malwarebytes researcher Pieter Arntz said he experimented with a variety of hacks—including disabling JavaScript in the browser, starting Chrome with all extensions disabled, and renaming the folder where extensions are stored—none of them worked. Removing the extension proved so difficult that he ultimately advised users to run the free version of Malwarebytes and let it automatically remove the add-on.

When Arntz installed the extension on a test machine, Chrome spontaneously clicked on dozens of YouTube videos, an indication that inflating the number of views was among the things it did. The researcher hasn't ruled out the possibility that the add-on did more malicious things because the amount of obfuscated JavaScript it contained made a comprehensive analysis too time consuming. The researcher provided additional details in a blog post published Thursday.

Enlarge (credit: Oak Ridge National Lab)

By law, the National Science Foundation is required to do a biennial evaluation of the state of science research and innovation. This is one of the years it's due, and the NSF has gotten its Science and Engineering Indicators report ready for delivery to Congress and the president. The report is generally optimistic, finding significant funding for science and a strong return on that investment in terms of jobs and industries. But it does highlight how the global focus is shifting, with China and South Korea making massive investments in research and technology.

Science isn't a monolithic endeavor, so there's no way to create a single measure that captures global scientific progress. Instead, the NSF looked at 42 different indicators that track things like research funding, business investments, training of scientists, and more. All of these measures were evaluated for the globe, in order to put the US' scientific activity in perspective.

Show me the money

Overall, science funding is on a good trajectory. In 2005, global R&D spending was just under a trillion dollars; by 2015, it had cleared $2 trillion. In total, 75 percent of that is spent in 10 nations; in order of spending, these are the United States, China, Japan, Germany, South Korea, France, India, and the United Kingdom. The US alone spends about $500 billion. China, which was at roughly $100 billion a decade ago, has now cleared $400 billion.