Businesses

US Law Allows Low H-1B Wages; Just Look At Apple (networkworld.com) 237

An anonymous reader writes: If you work at Apple's One Infinite Loop headquarters in Cupertino as a computer programmer on an H-1B visa, you can can be paid as little as $52,229. That's peanuts in Silicon Valley. Average wages for a programmer in Santa Clara County are more than $93,000 a year, according to the U.S. Bureau of Labor Statistics. However, the U.S. government will approve visa applications for Silicon Valley programmers at $52,229 -- and, in fact, did so for hundreds of potential visa holders at Apple alone. To be clear, this doesn't mean there are hundreds of programmers at Apple working for that paltry sum. Apple submitted a form to the U.S. saying it was planning on hiring 150 computer programmers beginning June 14 at this wage. But it's not doing that. Instead, this is a paperwork exercise by immigration attorneys to give an employer -- in this case, Apple -- maximum latitude with the H-1B laws. The forms-submittal process doesn't always reflect actual hiring goals or wage levels. Apple didn't want to comment for the story, but it did confirm some things. It says it hires on the basis on qualifications and that all employees -- visa holders and U.S. workers alike -- are paid equitably and it conducts internal studies to back this up. There are bonuses on top of base pay. Apple may not be paying low wages to H-1B workers, but it can pay low wages to visa workers if it wanted. This fact is at the heart of the H-1B battle.
Canada

1.9 Million Bell Customer Email Addresses Stolen By 'Anonymous Hacker' (www.cbc.ca) 32

Bell, Canada's largest telecommunications company, said a hacker had accessed customer information containing about 1.9 million active email addresses and about 1,700 names and active phone numbers. The breach was not connected to the recent global WannaCry malware attacks, the company added. From a report: The information appears to have been posted online, but the company could not confirm the leaked data was one and the same. "There is no indication that any financial, password or other sensitive personal information was accessed," the company wrote in a statement. Bell said the incident was unrelated to the massive spike in ransomware infections that affected an estimated 200,000 computers in more than 150 countries late last week. It is not clear when the breach occurred, how the data was accessed, or how long the attacker had access to Bell's systems.
Security

Group Linked To NSA Spy Leaks Threatens Sale of New Tech Secrets (reuters.com) 105

Hacker group Shadow Brokers, which has taken credit for leaking NSA cyber spying tools -- including ones used in the WannaCry global ransomware attack -- has said it plans to sell code that can be used to hack into the world's most used computers, software and phones. From a report on Reuters: Using trademark garbled English, the Shadow Brokers group said in an online statement that, from June, it will begin releasing software to anyone willing to pay for access to some of the tech world's biggest commercial secrets. In the blog post, the group said it was setting up a "monthly data dump" and that it could offer tools to break into web browsers, network routers, phone handsets, plus newer exploits for Windows 10 and data stolen from central banks. It said it was set to sell access to previously undisclosed vulnerabilities, known as zero-days, that could be used to attack Microsoft's latest software system, Windows 10. The post did not identify other products by name. It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs, without providing further details.
Security

Hackers Aligned With Vietnam Government Are Attacking Foreign Companies (cnbc.com) 19

A hacker group "aligned with Vietnamese government interests" carried out attacks on corporate companies, journalists and overseas governments over the past three years, according to a report from cyber security firm FireEye. FireEye, which works with large companies to secure their assets from cyber threats, said it has tracked at least 10 separate attacks from the group -- referred to as OceanLotus, or APT32 -- since 2014. Targets included members of the media, and private and public sector organizations from across Germany, China, the U.S., the Philippines, the UK and Vietnam itself, according to the report. From an article: APT refers to advanced persistent threat -- one that involves a continuous hacking process using sophisticated techniques that exploit vulnerabilities within a network. Nick Carr, a senior manager at FireEye's Mandiant team that responds to threats and incidents, told CNBC what set APT32 apart from other groups was the kind of information the hackers were looking for within a company's breached network. "Several cases here, it appears APT32 was conducting intrusions to investigate the victims' operations and assess their adherence to regulations," Carr said. "That's where it starts to be really unusual and is a significant departure from the wide-scale intellectual property theft and espionage that you see from a Chinese group, or political espionage or information operations from a Russian group." To be clear, the attacks carried out by APT32 are unrelated to the WannaCry ransomware that has hit 200,000 victims in at least 150 countries since Friday.
Security

Breach at DocuSign Led To Targeted Email Malware Campaign (krebsonsecurity.com) 20

Digital signature service DocuSign said Monday that an unnamed third-party had got access to email addresses of its users after hacking into its systems. From a report: DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign. [...] In an update late Monday, DocuSign confirmed that this malicious third party was able to send the messages to customers and users because it had broken in and stolen DocuSign's list of customers and users.
Music

MP3 Is Not Dead, It's Finally Free (marco.org) 415

The commentary around IIS Fraunhofer and Technicolor terminating their MP3 licensing program for certain MP3 related patents and software has been amusing. While some are interpreting this development as the demise of the MP3 format, others are cheering about MP3s finally being free. Developer and commentator Marco Arment tries to prevail sense: MP3 is no less alive now than it was last month or will be next year -- the last known MP3 patents have simply expired. So while there's a debate to be had -- in a moment -- about whether MP3 should still be used today, Fraunhofer's announcement has nothing to do with that, and is simply the ending of its patent-licensing program (because the patents have all expired) and a suggestion that we move to a newer, still-patented format. MP3 is supported by everything, everywhere, and is now patent-free. There has never been another audio format as widely supported as MP3, it's good enough for almost anything, and now, over twenty years since it took the world by storm, it's finally free.
Software

WikiLeaks Dump Reveals CIA Malware That Can Sabotage User Software (bleepingcomputer.com) 116

An anonymous reader writes: "While the world was busy dealing with the WannaCry ransomware outbreak, last Friday, about the time when we were first seeing a surge in WannaCry attacks, WikiLeaks dumped new files part of the Vault 7 series," reports BleepingComputer. This time, the organization dumped user manuals for two hacking tools named AfterMidnight and Assassin. Both are malware frameworks, but of the two, the most interesting is AfterMidnight -- a backdoor trojan for stealing data from infected PCs. According to its leaked manual, AfterMidnight contains a module to "subvert" user software by killing processes and delaying the execution of user software. Examples in this manual show CIA operatives how to kill browsers every 30 seconds to keep targets focused on their work, how to delay the execution of PowerPoint software with 30 seconds just to mess with their targets, or how to lock up 50% of PC resources whenever the user starts certain software. Basically, the CIA created nagware.
Security

Access Codes For United Cockpit Doors Accidentally Posted Online (techcrunch.com) 109

According to the Wall Street Journal, the access codes to United's cockpit doors were accidentally posted on a public website by a flight attendant. "[United Continental Holdings], which owns United Airlines and United Express, asked pilots to follow security procedures already in use, including visually confirming someone's identity before they are allowed onto the flight deck even if they enter the correct security code into the cockpit door's keypad," reports TechCrunch. From the report: The Air Line Pilots Association, a union that represents 55,000 pilots in the U.S. and Canada, told the WSJ on Sunday that the problem had been fixed. The notable thing about this security breach is that it was caused by human error, not a hack, and illustrates how vulnerable cockpits are to intruders despite existing safety procedures. The Air Line Pilots Association has advocated for secondary barriers made from mesh or steel cables to be installed on cockpits doors to make it harder to break into, but airlines have said that they aren't necessary.

Slashdot Top Deals