21/01/2020 ~ 11:20
Início Tech

Tech

As últimas noticias do Mundo da Tecnologia

Activists Build a Grass-Roots Alliance Against Amazon

Credit…Philip Cheung for The New York Times

As groups join a coalition against the internet giant, a new report underlines its troubling impact in warehouse towns.

The loading area of an Amazon warehouse in Eastvale, Calif. On Tuesday, the Economic Roundtable released a report looking at the local impact of Amazon’s warehouses.Credit…Philip Cheung for The New York Times

SAN FRANCISCO — Amazon flourished over its first two decades with little opposition and less scrutiny. A new coalition and a report unveiled on Tuesday make clear that era is over.

The coalition, Athena, comprises three dozen grass-roots groups involved in issues like digital surveillance, antitrust and working conditions in warehouses. The goal is to encourage and unify the resistance to Amazon that is now beginning to form.

The report, from the Economic Roundtable, a nonprofit research group that focuses on social and economic issues in Southern California, delves into the largely unexplored topic of what Amazon is costing the communities where it has warehouses. The short answer: a lot.

While the simultaneous arrival of Athena and the report are a coincidence, they are linked by their attempts to understand and ultimately influence Amazon’s push into almost every aspect of modern life. The internet conglomerate hired 97,000 employees over the summer, nearly the total employment of Google. The report is bluntly titled “Too Big to Govern.”

“This is a company functioning at a scale that was previously left to government,” said Tom Perriello of the Open Society Foundations. Founded by the billionaire George Soros, Open Society is providing some of the seed funding for Athena. The coalition is raising $15 million to cover its first three years.

“It has incredible impact,” Mr. Perriello said of Amazon. “Who could possibly shape its future and direction?”

Amazon, like Facebook, Apple and Google, has drawn the attention of Washington regulators, state attorneys general and at least a few politicians in the last year. The central question being asked about all of the companies: When does a tech platform become too big and powerful, ultimately hurting the society it once dazzled?

Image
Credit…Demetrius Freeman for The New York Times

In Amazon’s case, the situation is particularly complicated. Its aspirations long ago exceeded online retail to encompass fresh groceries, devices that connect your home to the internet, front-door and neighborhood surveillance, professional services like plumbing and contracting, health care, government procurement, internet infrastructure and Hollywood entertainment. Just about everything, really.

Amazon declined to comment for this article.

Athena springs out of several unexpectedly successful grass-roots efforts to rein in Amazon’s power.

Last fall, the retailer was forced to begin paying a $15 hourly minimum wage nationwide. In February, it abandoned plans to establish a new headquarters in New York after opponents mobilized against Amazon and the politicians who had approved the deal. This month, an attempt to stack the City Council in Seattle, the company’s hometown, with members more acceptable to Amazon backfired with voters.

These setbacks could be attributed to many factors, but one of them was the influence of labor and immigrant organizations. Now some of those groups are joining together under Athena.

“We’re learning from what makes Amazon back down, and looking to replicate that as much as possible with as many people as possible,” said Dania Rajendra, the Athena director.

Athena will be run from New York, but the real work will be done out in the field where most of the member organizations are. They include the Awood Center, a Minneapolis nonprofit that has organized Amazon workers from East Africa; Warehouse Workers for Justice, which is based in Chicago; and Fight for the Future, a group that focuses on digital issues, in Massachusetts.

In a separate move on Monday, Fight for the Future and other groups called on Congress to investigate Amazon’s surveillance products, including the Ring front-door monitor and Rekognition facial tracking software. The products threaten “our privacy and civil liberties, especially in brown and black communities,” the groups said.

The effort against Amazon will not be easy, said Lauren Jacobs of the Partnership for Working Families, a coalition member in Oakland. Amazon is projected to have $238 billion in sales this year with 750,000 employees.

“This is a David and Goliath story,” she said. “David took what he had and turned it into a winning strategy. We’re taking what we have — the voices of the members of our various organizations, our collective knowledge and experience and deep understanding of the economy around Big Tech, and the experience we’ve had with making this company shift its behavior — and trying to build a more humane economy.”

Athena’s $15 million budget is modest for the scale of change it hopes to bring about. “This is grass-roots democracy,” said Barry Lynn of Open Markets Institute, a Washington think tank and coalition member focused on antitrust issues. “There’s no money in it. Just people.”

Mr. Perriello of the Open Society Foundations said updating protest movements for the digital era was an interesting challenge.

“Uncertainty is now baked into the model,” he said. “You don’t know where the fight is going to be two months from now or two years from now. So you need the ability to organize citizens of very different political stripes across geographies and across demographics, where traditionally you had to organize in place.”

The name Athena is associated with democracy, freedom and wisdom. But it has another advantage for the coalition.

“We didn’t want to have Amazon in the name — People Against Amazon or whatever — because part of the strategy is to offer a better vision for how the economy could work,” said Stacy Mitchell of the Institute for Local Self-Reliance, a nonprofit in Maine that opposes corporate concentration and advocates local community development. “To be for something, not just against.”

Sheheryar Kaoosji of another coalition member, the Warehouse Worker Resource Center in Ontario, east of Los Angeles, said Athena was not planning a boycott of Amazon but more interested in trying to sway it — including its employees and customers.

“Half the households in America have an Amazon Prime account,” Mr. Kaoosji said. “That gives them a huge amount of power to change the company.” His group is dedicated to improving conditions in what is sometimes called “the goods movement sector.”

The resource center is in California’s Inland Empire, where the work gets done to process those packages that appear on porches in Santa Monica and Newport Beach as if by magic.

Amazon workers and Amazon customers exist in two different worlds, the Economic Roundtable said. The report calculates that a little over half of Amazon warehouse workers in Southern California live in substandard housing. And for every $1 in wages, they receive 24 cents in public assistance.

“Every day, ships, trucks, trains and airplanes bring an estimated 21,500 diesel truckloads of merchandise to 21 Amazon warehouses in the four-county region,” the Economic Roundtable report said. It calculated that Amazon trucks last year created $642 million in “uncompensated public costs” for noise, road wear, accidents and harmful emissions.

Almost as an aside, the report indicated how adept Amazon, with a stock market value of nearly $900 billion, is at getting funding from California and local communities. This included $25 million from the California Film Commission to subsidize six productions, including the third season of “Sneaky Pete,” an Amazon crime drama, and $1.2 million from the California Office of Business and Economic Development toward an office building in Irvine for programmers.

The report noted on its title page that it was underwritten by the Los Angeles County Federation of Labor, which represents more than 800,000 members of 300 unions. The Economic Roundtable said that did not affect the results.

Among the report’s suggestions: that Amazon raise its minimum wage to $20 an hour, that it require its logistics subcontractors to do the same, that it provide child care at its warehouses and that it build affordable housing in its logistics communities.

The report draws on California Public Records Act requests filed with communities with Amazon facilities. Many of them nevertheless came up empty. The report noted that very little of Amazon’s business was known to anyone but Amazon. Communities are in the dark.

“Our conclusion is that it’s time for Amazon to come of age and pay its own way,” said Daniel Flaming, a co-author of the report. “This means paying its full costs to the communities that host it and the workers who create its profits.”

Source: Activists Build a Grass-Roots Alliance Against Amazon

Brasil está na lista de alvos do grupo hacker chinês Calypso

Um relatório produzido pela empresa de segurança Positive Technologies aponta que um grupo conhecido como Calypso tem provocado dores de cabeça em instituições governamentais de todo o mundo — e isso inclui o Brasil.

O tal grupo hacker já teria provocado danos e realizou invasões em sistemas de Índia, Brasil, Cazaquistão, Rússia e Tailândia. Todos tiveram danos graças às invasões, mas não há detalhes sobre o nível de acess obtido pelos criminosos. O Brasil foi alvo de 18% dos golpes, enquanto os mais atingidos foram os indianos, com quase o dobro de atentados virtuais.

Leia mais…

Fonte: Tec Mundo

WhatsApp caiu? Mensageiro passa por instabilidade nesta segunda-feira (11)

O WhatsAppenfrenta instabilidades nesta segunda-feira (11), de acordo com usuários do mensageiro que reportam o problema em redes sociais como o Twitter.

A plataforma que monitora a estabilidade de serviços online Down Detector também recebeu centenas de reportes acerca do WhatsApp. Os problemas começaram a aparecer logo cedo, a partir das 8h, mas só se intensificaram entre 10h e 12h de hoje.

Leia mais…

Fonte: Tec Mundo

What’s New on Netflix Canada This Week: January 3rd, 2020

The first 2 seasons of Vikings are available to stream on Netflix Canada

Happy new year to all Canadian subscribers! As we celebrate the start of 2020, let’s kickstart your new watch list for the year with the addition of 173 new titles on the Netflix Canada library! Here’s what’s new on Netflix Canada for January 3rd, 2020.

First of all, here’s the past week’s top highlights:

Vikings: 2 Seasons

Fans of the beloved History Channel drama Vikings will be delighted to learn the first two seasons are now available to stream on Netflix Canada! Hopefully, we’ll be seeing the remaining seasons arrive in the near future.

Ragnar Lothbrok, farmer, father, and warrior discovers how to travel to the lands of western Europe, kickstarting the Viking age with bloody results.

Gotham: Season 5

After five excellent seasons, Gotham has come to a conclusive end. With a huge rogue’s gallery to play with, Gotham has been one of the most intriguing Origin stories for the tremendous number of characters in Batman’s universe.

War hero Jim Gordon has recently been promoted to detective, and with his new position is determined to clean up the streets of Gotham City.

Maze Runner: Death Cure (2018)

The 2010s will be remembered for its teenage dystopian world dramas with franchises such as The Hunger Games, Divergent and The Maze Runner. Concluding the series in a climactic finale was Maze Runner: Death Cure. Thoroughly entertaining, your kids will love it.

When the destructive disease “the Flare” breaks out, it’s up to the Glader escapees to break into the last city, steal the cure and save their friends.

Here Are the Latest Additions to Netflix Canada This Week

139 New Movies Added to Netflix Canada This Week:

13 Going on 30 (2004)
3 Deewarein (2003)
50 First Dates (2004)
Aarkshan (2011)
Aaviri (2019)
Adrishya (2017)
Ahista Ahista (2006)
Albert Pinto Ko Gussa Kyun Aata Hai? (2019)
All the Freckles in the World (2020) N
Alpha and Omega: The Legend of Saw Tooth Cave (2014)
Amar Akbar Anthony (1977)
American Assassin (2017)
American Graffiti (1973)
Anwar (2007)
Aruna & Her Palate (2018)
As Above, So Below (2014)
Babe: Pig in the City (1998)
Barah Aana (2009)
Bawarchi (1972)
Bazaar (1982)
Bhagam Bhag (2006)
Bhoot (2003)
Big Miracle (2012)
Bobby (1973)
Brewster’s Millions (1985)
Chal Mere Bhai (2000)
Chicken Run (2000)
Chupke Chupke (1975)
Click (2006)
Curious George (2006)
Daddy’s Home (2015)
Deadline: Sirf 24 Ghante (2006)
Deewangee (2002)
Definitely, Maybe (2008)
Dhamaal (2007)
Don (1978)
Encounter: The Killing (2002)
Endless Love (2014)
Eye See You (2002)
Fall Girls (2019)
Ffolkes (1980)
Georgia Rule (2007)
Get on Up (2014)
Ghayal (1990)
Ghost Stories (2020) N
Ghostbusters 2 (1989)
Ghulam-E-Musthafa (1997)
Gol Maal (1979)
Golmaal: Fun Unlimited (2006)
Goon: Last of the Enforcers (2016)
Hachi: A Dog’s Tale (2009)
Half Girlfriend (2017)
Happy Death Day (2017)
Hera Pheri (1976)
Hitch (2005)
Hot Gimmick: Girl Meets Boy (2019) N
How to Train Your Dragon (2014)
In My Dreams (2014)
Jaan-E-Mann: Let’s Fall in Love… Again (2006)
Jail (2009)
Jis Desh Men Ganga Behti Hai (1960)
John Day (2013)
Jojo Siwa: My World (2017)
Judwaa (1997)
Jurassic Park III (2001)
Jurassic World (2015)
Kaalia (1981
Katha (1982)
Katy Perry. Part of Me (2012)
Khubsoorat (1980)
Koshish (1972)
Kuldip Patwal: I Didn’t Do It! (2017)
Luccas Neto in: Children’s Day (2019)
Made of Honor (2008)
Maine Pyaar Kyun Kiya (2005)
Mamma Mia! (2008)
Manhattan Murder Mystery (1993)
Masoom (1983)
Maze Runner: Death Cure (2018)
Mercury Rising (1998)
Miami Vice (2006)
Molly’s Game (2017)
Mom’s Night Out (2014)
Monster-in-Law (2005)
Muhse Shaadi Karogi (2004)
Namak Halaal (1982)
Observe & Report (2009)
Phamous (2018)
Phullu (2017)
Pokemon the Movie: Power of Us (2018)
Posesif (2017)
R.I.P.D. (2013)
Rajnigandha (1974)
Ram Teri Ganga Maili (1985)
Ramji Londonwaley (2005)
Road to Sangam (2010)
Running with the Devil (2019)
Saath Saath (1982)
Sadma (1983)
Sangam (1964)
Satte Pe Satta (1982)
Seventh Son (2014)
Shiva (1990)
Sniper Ghost Warrior (2016)
Sonic Boom (2014)
Swami (1977)
The 15:17 to Paris (2018)
The Adventures of Elmo in Grouchland (1999)
The Adventures of Milo and Otis (1986)
The Baby Sitters Club (1995)
The Dark Side of Life: Mumbai City (2018)
The Dream Team (1989)
The Family Man (2000)
The Fifth Element (1997)
The Great Gambler (1979)
The Holiday (2006)
The Imitation Game (2014)
The Interview (2014)
The Last House on the Left (2009)
The Longest Yard (2015)
The Man with the Iron Fists (2012)
The Patriot (2000)
The Post (2017)
The Pursuit of Happyness (2006)
The Snowman (2017)
The Throwaways (2015)
The Unborn (2009)
The Young Victoria (2009)
Traffic Signal (2007)
Trikal (1985)
Union Leader (2017)
Veerey Ki Wedding (2018)
Victoria & Abdul (2017)
Vodka Diaries (2018)
We Were Soldiers (2002)
Wet Hot American Summer (2001)
You Don’t Mess with the Zohan (2008)
Zed Plus (2014)
Zoom: Academy for Superheroes (2006)

28 New TV Shows Added to Netflix Canada This Week:

Alexa & Katie: Season 1
Because This Is My First Life: Season 1
Cells at Work!: Season 1
Chhota Bheem Kung Fu Dhamaka: Season 1
Gotham: Season 5
Impractical Jokers: Season 4
Live Up To Your Name: Season 1
Max & Ruby: Season 3
Messiah: Season 1 N
Nicky, Ricky, Dicky & Dawn: Season 1
Nisman: The Prosecutor, the President, and the Spy: Season 1 N
Occupied: 3 Seasons
Oddbods: Season 2
Pucca: Love Recipe: Season 1
Reply 1988: Season 1
Robot Trains: 2 Seasons
Rurouni Kenshin: 2 Seasons
Saint Seiya: Season 4
Save Me: Season 1
Spinning Out: Season 1 N
Spongebob Squarepants: 1 Season
Suits: Season 9
The Bride of Habeak: Season 1
The Disastrous Life of Saiki K Reawakened: Season 1 N
The Neighbour: Season 1 N
Thieves of the Wood: Season 1 N
Vikings: 2 Seasons
Yanxi Palace: Princess Adventures: Season 1 N

3 New Documentaries and Docuseries Added to Netflix Canada This Week:

ARASHI’s Diary -Voyage- (2019) N
Drugs, In: 2 Seasons
Sex, Explained: Limited Series N

1 New Reality Series Added to Netflix Canada This Week:

The Circle: Season 1 N

2 New Stand Up Specials Added to Netflix Canada This Week:

Jeff Dunham: Unhinged in Hollywood (2015)
The Degenerates: Season 2 N

What are you going to be watching on Netflix Canada? Let us know in the comments below!

Source: What’s New on Netflix Canada This Week: January 3rd, 2020

On Migrant Journeys With WhatsApp and Google Translate

How do New York Times journalists use technology in their jobs and in their personal lives? Miriam Jordan, a national immigration correspondent based in Los Angeles, discussed the tech she’s using.

What tech tools do you use most on the job?

My Lenovo laptop, printer and iPhone are the main tools of my trade. And I use the Voice Memos app exclusively to record news conferences.

But let me step back. While technology is great, there’s no substitute for building a rapport with someone, especially as an immigration reporter. I prefer face-to-face conversations, whenever possible.

Because I am frequently in the field talking to Spanish speakers in sometimes precarious situations, I find that just jotting down what people say in a notebook is more discreet than using the Notes app or recording a conversation. There is a formality inherent in recording that I feel inhibits folks from speaking freely, and many of the people I interview are undocumented. Keeping a record of what they tell me in a device makes them worry about being exposed to immigration authorities, especially in the current political climate.

You travel a lot for work then. What gadgets help with that?

I always carry an extra battery pack for my mobile phone. Especially if I am in a remote location, I want to know that I can reach the photographer with whom I am traveling (sometimes we end up separated), as well as my editor and family.

When I am driving just about anywhere that is new, I rely on the Waze app to guide me. I wonder how I would manage without it! If I am somewhere without a car, then a ride-sharing app like Uber or Lyft does the trick.

CreditRozette Rago for The New York Times
CreditRozette Rago for The New York Times

How about social media?

Twitter enables me to stay abreast of the conversation surrounding my immigration beat, as well as to be a part of it, if I desire. I have also been contacted by readers on Twitter with tips — or complaints. Twitter is also indispensable to promote my pieces and to amplify them, if I write threads that include aspects that didn’t make it into the story.

Facebook Groups can be treasure troves of information about what activists are doing, and they help me find ideas as well as sources for stories. For example, after a judge ordered the government last year to reunite families who had been separated at the border, volunteer groups helping parents and children converged on Facebook to discuss their observations.

I also often use WhatsApp to talk with sources on sensitive topics, because all communication is encrypted.

What technology do migrants use?

Like most families from the Spanish-speaking Caribbean and Latin America, as well as other parts of the developing world, migrants crossing the border use WhatsApp to communicate with their loved ones back home and among their family in the United States.

WhatsApp can be used to transmit photos of police reports, birth certificates and other documents that migrants may need their relatives to send them after they have arrived in the United States to help build their asylum case. Once upon a time, people in far-flung areas would have to find an internet cafe to email material from their home country to the United States. WhatsApp is also invaluable because you can send voice memos to people who are illiterate.

Some migrants arrive at the border with smartphones, but not all of them. The greater the distance they have traveled, the more likely they are to carry one. Brazilians, Indians and Africans tend to have smartphones more than Central Americans do. Once they are settled and working in the United States, they often use their smartphones to send money to their family back home.

And migrant children are as addicted to video games and entertainment on cellphones as other kids.

Image
CreditRozette Rago for The New York Times

How is technology used by Americans communicating with migrants?

I was recently at a respite center in Tucson, which on some nights sleeps more than 300 Central American migrants who have just been released by the Border Patrol. It is staffed by an army of well-intentioned volunteers, who provide food, clothing and medical care to the migrant families.

But often they don’t speak Spanish, and rely on Google Translate. The funny way that things get so literally translated often breaks the ice between migrants and their helpers as they erupt in laughter.

Outside of work, what tech do you love to use or to avoid?

I use my iPhone to listen to music when I run and when I walk the dog. I also use it to tune in to the Times podcast “The Daily” as well as other podcasts. I have an internet-connected exercise bike.

CreditRozette Rago for The New York Times

How do your kids help you with digital tools and the internet?

My 22-year-old twins, Maya and Danny, are definitely my tech-support team when they are around.

Danny helps me with basic functions on Microsoft Word, Outlook and Facebook. I have a knack for accidentally deleting sections or material in my files, which he helps me restore (Alt Z?). My computer also seems to freeze not infrequently, and he comes to the rescue.

Maya helps me buy music on iTunes and download music onto my phone. She helped me to discover new text actions, such as “laughing” or “loving.” She has helped me post certain things to Facebook and keep my profile picture more or less current.

Neither seems interested in pricey wearable tech, like smart watches. Thankfully!

Fonte: New York Times >> Personal Technology

It’s Back: 8chan Returns Online

The anonymous message board went back online over the weekend as 8kun, three months after being booted off the internet.

Credit…

SAN FRANCISCO — 8chan is back.

The anonymous message board began flickering back online on Saturday and was fully visible and available on Monday, three months after it had gone dark.

The site, which has served as a megaphone for violent extremists, was knocked offline in August after several tech companies refused to provide it with critical services such as a functioning web address. At the time, the tech companies said they would not work with 8chan because it provided mass killers with a place to air and spread their violent and often racist messages.

The shooting at a Walmart in El Paso in early August, along with attacks at mosques in Christchurch, New Zealand, and at a synagogue in Poway, Calif., this year were all announced on 8chan before they began. The attackers posted screeds to a section of 8chan that was ostensibly dedicated to politics, and does not appear on the new site.

After the El Paso shooting, one of the 8chan founders, Fredrick Brennan, said, “Shut the site down.” In September, the site’s owner, Jim Watkins, testified in front of Congress about 8chan’s operation and policies. The site had been operating out of the Philippines.

Over the weekend, 8chan re-emerged under a new name, 8kun. Ron Watkins, an administrator for the site and the son of Jim Watkins, said that it was somewhat inaccessible because it was being hit with overwhelming traffic.

Ron Watkins did not respond to a request for comment.

The message board went offline in August after Cloudflare, a company that protects websites from cyberattacks, said it would no longer provide its services to 8chan because of the site’s willingness to incite violence. Tucows, which helps companies register their website addresses, also booted 8chan from its platform.

Administrators of 8chan scrambled to find alternatives, but were unsuccessful for weeks. Now Tucows appears to be working with the message board again. 8chan’s new web address, 8kun, is registered with Tucows.

Tucows and its chief executive, Elliot Noss, did not immediately respond to requests for comment.

It was only a matter of time before 8chan found a new home online, internet experts said.

Like spammers, malware sellers and hackers who swap stolen personal data online, 8chan was expected to seek out web hosting from overseas providers or on the dark web. Other fringe sites, such as the neo-Nazi website The Daily Stormer, have also pieced together internet presences after mainstream providers terminated their services.

Source: It’s Back: 8chan Returns Online

CES 2020 | Teslasuit lançará luvas hápticas que permitem sentir objetos virtuais

A Teslasuit anunciou que lançará uma luva que permite que os usuários sintam texturas virtuais e coletem dados biométricos. O dispositivo é chamado de “Teslasuit Glove” e será lançado na CES 2020 em janeiro, com sua chegada ao mercado prevista para o segundo semestre do ano que vem.

As Teslasuit Glove foram pensadas para a execução de treinamentos, reabilitação médica e outras aplicações profissionais. Elas combinam várias tecnologias diferentes para criar simultaneamente a impressão de tocar e segurar objetos, capturar o movimento das mãos dos usuários, registrar pulso e outras informações biométricas. As luvas também podem ser combinadas com o traje Teslasuit ao serem conectadas na mesma rede Wi-Fi para oferecer captura de movimento de praticamente o corpo todo, além de proporcionar feedback tátil em realidade virtual. 

As luvas incluem recursos hápticos básicos e de force feedback graças a uma série de nove eletrodos presentes em cada dedo, que produzem a sensação de tocar uma superfície inexistente, enquanto um exoesqueleto de plástico cria resistência e vibração para simular a interação com objetos sólidos no ambiente virtual. Elas incluem, também, um marcador de pulso que reúne informações como a frequência cardíaca do usuário que pode ajudar, além de medir indiretamente o estresse, ajudar na identificação de outras reações físicas às experiências.

-Siga o Canaltech no Twitter e seja o primeiro a saber tudo o que acontece no mundo da tecnologia.-

Imagem: Teslasuit

As Teslasuit Glove competirão diretamente com produtos existentes de empresas como Manus VR e HaptX. Embora este produto não supere a sensação háptica ultrafina das luvas HaptX, sua variedade de recursos pode ser um atrativo a mais. O preço estimado será de US$ 5 mil, o que, no fim das contas entrega que o alvo deste aparelho não é o consumidor final.

Segundo a Teslasuit, as luvas serão apenas mostradas na CES e não poderão ser testadas, ao contrário do traje, que estará à disposição.

Leia a matéria no Canaltech.

Trending no Canaltech:

Gravador do Google já pode ser baixado e instalado em quase qualquer Android TV paga está sentenciada à morte, afirma Anatel sobre caso Fox Conheça a história por trás das armas e armaduras da série The Witcher Netflix revela quais foram as séries e filmes mais assistidos no Brasil em 2019 Fatos desconhecidos sobre o Google Maps que você nunca desconfiou

Source: CES 2020 | Teslasuit lançará luvas hápticas que permitem sentir objetos virtuais

Vazamento de dados no site da CAIXA permitia golpe hacker

Uma vulnerabilidade no site da instituição financeira Caixa Econômica Federal permitia o vazamento do token de sessão de usuários. Segundo denúncia do pesquisador de segurança Heitor Gouvêa, recebida pelo TecMundo, o site poderia ser atacado via “open redirect” e até redirecionar o cliente do banco para um ambiente malicioso com URL e sessão genuínas dentro da própria Caixa.

Dados acessíveis envolviam CPF, nome completo, FGTS e extrato bancário 

Por meio deste ataque, um cibercriminoso ainda obtém informações privadas de clientes, como: CPF, nome completo, empresa associada, carteira de trabalho, conta FGTS, número PIS/PASEP, data de admissão e extrato bancário do FGTS. O endereço residencial, com número, complemento, bairro, localidade, UF e CEP também poderia ser acessado.

“Um atacante determinado pode explorar as vulnerabilidades mencionadas com muita facilidade e assim violar a confidencialidade de diversas contas de usuários legítimos, acessando informações confidenciais e em alguns casos também violar a integridade de algumas informações específicas”, comentou o pesquisador Gouvêa ao TecMundo. “O esforço para realizar essa exploração é relativamente pequeno e simples, porém a superfície de alcance deste ataque é extremamente grande”.

Contatada na última terça-feira (07), a Caixa respondeu em nota via assessoria que a vulnerabilidade já foi corrigida: “A CAIXA agradece pela colaboração e esclarece que a vulnerabilidade identificada foi corrigida. O banco reafirma o seu compromisso em garantir a segurança e confiabilidade dos serviços prestados”.

vulnVulnerabilidade

A vulnerabilidade

Na página de autenticação da Caixa — em que as credenciais de usuário eram solicitadas — um parâmetro na URL (&redirect_uri=), se alterado, permitia levar um cliente para outro site

“Para minha surpresa, não fui apenas redirecionado para a página durante meu teste, além disso, durante o redirecionamento, foi enviado um outro parâmetro. Podemos ver isso na URL: https://google.com/?code=e629bd01-00cd-4b67-8f5d-f7fc50c2a9c7. Esse conteúdo no parâmetro “?code=” despertou minha curiosidade. Entendendo um pouco mais da solicitação original, consegui concluir que o valor desse parâmetro se trata de um Token de Sessão”, comentou Heitor Gouvêa. “Quando entendi isso, ficou evidente que essa vulnerabilidade era ainda mais crítica do que aparentava, afinal, o usuário poderia ser redirecionado para uma URL maliciosa, onde um atacante tivesse total controle sobre ela e capturar o Token de Sessão. Com isso poderia acessar a conta desse usuário, e assim, violar a confidencialidade dos seus dados e a integridade dos mesmos”.

O pesquisador deixou claro que não era necessária uma habilidade técnica alta e que a exploração era “relativamente pequena e simples”

A ideia do pesquisador, desde o primeiro contato com o TecMundo, foi a resolução do problema. Por isso, foi desenvolvido um código teste responsável por capturar e armazenar os tokens de sessão enviados para a URL maliciosa como demonstração. Segundo o pesquisador, o código provou que era possível “capturar o Token de Sessão e armazenar em um arquivo de log, além do script redirecionar o usuário mais uma vez, sendo que desta vez ele vai para a URL verídica e tem uma sessão genuína no sistema da Caixa Federal. Sendo assim, dificilmente um usuário comum vai conseguir saber que está sendo enganado”.

[embedded content]

Por desde código, ainda, outras informações do cliente poderiam acabar expostas. No caso, o IP do usuário e o UserAgent do navegador, oferecendo detalhes como sistema operacional utilizado, tamanho de tela etc.

De acordo com Heitor Gouvêa, um cibercriminoso teria a capacidade de explorar as vulnerabilidades com “muita facilidade” e assim violar a confidencialidade de diversas contas de usuários legítimos, “acessando informações confidenciais e em alguns casos também violar a integridade de algumas informações específicas”.

O pesquisador deixou claro que não era necessária uma habilidade técnica alta e que a exploração era “relativamente pequena e simples, porém a superfície de alcance deste ataque é extremamente grande”.

caixaExtrato

Especialista comenta

O TecMundo entrou em contato com a equipe da empresa de cibersegurança ESET para analisar o problema. O especialista Daniel Barbosa recriou o cenário e fez alguns comentários: “Li toda a documentação descrita pelo pesquisador e de fato há um redirecionamento explicito na URL do site em questão. Como não possuo conta na caixa não foi possível seguir todos os passos, mas em testes iniciais que fiz, ao alterar a URL oficial do banco para uma URL maliciosa e enviar para um outro destino, no caso um outro computador de teste ou até mesmo outro browser, o acesso a URL maliciosa gera um erro”.

Barbosa continua: “Pelo que analisei, a URL original tem que ser acessada, depois do acesso inicial a alteração do parâmetro redirect_uri pode ser feita para que após a autenticação o redirecionamento para o site malicioso aconteça. Antes disso a parte de autenticação da caixa não abriu adequadamente (…) Como nos testes que executei, o acesso ao site da caixa não funcionou quando o parâmetro redirect_uri é alterado desde o início para uma URL maliciosa, e para o reset de senha são necessários dados válidos de um correntista Caixa, não consegui validar as informações”.

Clientes da Caixa e de outros bancos ainda podem seguir essas dicas enviadas pelo especialistas da ESET:

  • Desconfie de links recebidos – Criminosos enviam links as suas vítimas de diversas formas, Whatsapp, SMS, e-mail, mensagens em redes sociais, e o intuito costuma ser sempre o mesmo, fazer com que as vítimas sigam determinados passos. Desconfie sempre de links recebidos. Por exemplo, se você recebe um e-mail solicitando que atualize ou refaça sua senha, ou que faça alguma alteração em sua conta, acesse diretamente o site que está pedindo essa alteração e veja se realmente é necessário realizar algum procedimento, não clique nos links!
  • Proteja-se sempre – Boa parte das campanhas maliciosas que circulam pela internet tem em seu processo o download de um arquivo que se diz ser inofensivo, ter soluções de segurança que protejam tanto notebooks e computadores quanto smartphones é essencial para que esses arquivos não consigam disseminar sua infecção. Para que haja uma maior eficiência na proteção de ameaças o antivírus deve sempre estar ativo, atualizado e configurado para bloquear ameaças, se possível também com recursos de antiphishing habilitados.
  • Mantenha softwares e aplicativos atualizados – Muitas das ameaças se aproveitam de versões desatualizadas de softwares presentes nos dispositivos de suas vítimas para executar atividades maliciosas, manter estes softwares atualizados permite que falhas conhecidas pelo fabricante sejam corrigidas.

Faça denúncias ao TecMundo

Aceitamos denúncias nos seguintes canais:

Cupons de desconto TecMundo:

Fonte: Tec Mundo

EUA e China assinam acordo de Fase 1 — várias taxas foram mantidas

Na quarta-feira (15), a China e os Estados Unidos assinaram a Fase 1 de um acordo que visa resolver as pendências da guerra comercial entre os dois países, que já dura 2 anos. Essa etapa cobre assuntos relacionados a roubo de propriedade intelectual, política governamental e importação de produtos agrícolas. O setor tecnológico enxerga o acordo com bons olhos, mas o fato é que a maioria das taxas contra produtos chineses foi mantida.

Proteção de propriedade intelectual

Ambas as nações concordaram em parar de exigir que as empresas do país oposto tenham que transferir suas tecnologias como condição para operar no mercado-alvo. Mas, ao que tudo indica, essa era uma preocupação muito maior dos norte-americanos do que dos chineses, já que os EUA afirmam que essa prática é uma das formas de a China se apossar da propriedade intelectual das empresas para desenvolver produtos concorrentes.

(Fonte: Wccftech/Reprodução)

A China ainda foi obrigada a combater com maior rigor a violação de patentes e direitos autorais online, além do comércio de produtos falsificados.

Fase 1 está longe de resolver todos os problemas

Para Gary Shapiro, da Associação de Tecnologia do Consumidor, a Fase 1 é um passo importante para terminar a guerra comercial, mas “a incerteza do mercado permanece até a remoção permanente das tarifas — ou devolução dos bilhões de dólares que nosso país pagou por causa dessas tarifas”.

Leia tambémAcordo EUA-China alivia a Apple, mas não outras empresas americanas

Tarifas

Para forçar a China a mudar seu modelo de fazer negócios, os EUA têm cobrado tarifas de diversos produtos chineses nos últimos 18 meses. Em resposta, a China também começou a cobrar tarifas sobre produtos norte-americanos. O resultado dessa equação impactou todo o setor de tecnologia.

O acordo reverteu algumas das tarifas adotadas pelos EUA no início deste ano e reduziu o valor da taxa (para 7,5%) sobre as tarifas que começaram a ser cobradas em 1º de setembro de 2019, avaliadas em US$ 120 bilhões em produtos. Já as tarifas que deveriam ser cobradas a partir de 15 de dezembro foram adiadas por tempo indeterminado. No entanto, a taxa de 25% aplicada a US$ 250 bilhões em outras mercadorias chinesas, como PCs, carregadores, adaptadores e outros eletrônicos, ainda permanece.

Cupons de desconto TecMundo:

Fonte: Tec Mundo

Posts

HOT NEWS