Internet firms expected to boost Brazilian public treasuries in 2018

Subscription-based Internet streaming services operating in Brazil are expected to bring a substantial boost to city treasuries as new taxation changes are introduced.

The Brazilian service tax, ISS (which can only be implemented by the municipalities, with revenue going to them rather than to the federal government’s bottom line) will see a 2-5 percent increase on online on-demand entertainment services such as those provided by Netflix and Spotify.

The “Netflix tax” levy as it is known elsewhere, was approved by president Michel Temer in the last few days of December will be effective from 2018.

Home to most online services companies operating in Brazil. the city of São Paulo should be the main beneficiary from the changes, with some R$22.3m ($6.9m) in additional tax revenue expected to be generated annually, according data from the São Paulo Mayor’s office.

Out of the projected total, about R$22m ($6.8m) is expected to come from video subscription services such as Netflix and its Brazilian competitor Looke. ISS revenue for São Paulo across all sectors currently sits at R$12bn ($3.7bn) annually.

Some US states and New Zealand have already introduced a so-called “Netflix tax”.

Twitter kills the buy button, ends focus on ecommerce

It appears that Twitter’s ecommerce efforts have finally come to a close. According to an email sent to users of the ecommerce platform Shopify, which was obtained by TechCrunch, the Twitter sales channel is shutting down “as a result of the Twitter team pivoting way from their ecommerce focus.”

Twitter disbanded its commerce team working on buy buttons last May, with some members getting absorbed into other teams and others leaving the company altogether. At the time the company insisted that it was actually increasing its investment in commerce by reallocating buy button resources into dynamic product ads.

This latest development signals that any ecommerce ambitions at Twitter are effectively dead.

Twitter began its buy button endeavor under former CEO Dick Costolo, and at the time the company championed the concept as a way for brands to turn their Twitter followers into paying customers.

But after Jack Dorsey took over in October 2015, the company made it clear that it would be focusing on its core strengths going forward. Plus it turns out no one was going to Twitter to buy stuff.

Yet even as Dorsey works to refine Twitter’s user experience, the network has struggled to attract new users and appease the ones it already has.

As for the buy button, the concept is seen as a way to close the gap between social media and online retail, leading merchants, tech providers, and social media companies to experiment with how to use the technology to increase digital sales.

The technology isn’t exactly new anymore, but its staying power and the longterm impact it could have on ecommerce is unclear.

Here’s when the Moto Z, Moto Z Play will receive Android Nougat

moto-z-review-5.jpg

Motorola updated the Verizon Wireless Moto Z Force Droid Edition to Android Nougat in December, yet its unlocked counterparts are left behind. There is hope, however.

Motorola on Wednesday confirmed to Android Central the phone manufacturer will update the unlocked Moto Z and Moto Z Play to Android Nougat in February and March, respectively.

The delay is odd, given that both devices are unlocked and void of extraneous testing procedures and requirements before a wireless carrier will approve the update.

ZDNet’s Matthew Miller fell in love with the Moto Z Force Droid after it received Android Nougat, opting to use it over the Google Pixel XL.

As Miller pointed out in his story, Motorola used to be known for quickly updating its unlocked phones to the latest release of Android. After the company as purchased by Lenovo, those updates users had come to expect from Motorola have slowly trickled out, with little or no public commitment from either company.

U.S. Department of Labor files employee pay discrimination suit vs. Oracle

The U.S. Department of Labor said it has filed a lawsuit against Oracle alleging pay discrimination practices against female, African American and Asian employees.

In addition, the department alleges that Oracle had a “systemic practice of favoring Asian workers in its recruiting and hiring practices for product development and other technical roles.”

Oracle spokeswoman Deborah Hellinger said:

The complaint is politically motivated, based on false allegations, and wholly without merit. Oracle values diversity and inclusion, and is a responsible equal opportunity and affirmative action employer. Our hiring and pay decisions are non-discriminatory and made based on legitimate business factors including experience and merit.

The Department of Labor said that it reviewed Oracle’s equal employment opportunity practices starting in 2014. Oracle also didn’t reply to the agency’s routine requests.

According to the Department of Labor (complaint):

Oracle refused to provide prior-year compensation data for all employees, complete hiring data for certain business lines, and employee complaints of discrimination. OFCCP (Office of Federal Contract Compliance Programs) attempted for almost a year to resolve Oracle’s alleged discrimination violations before filing the suit.

For Oracle, the lawsuit could turn out to be costly. The Department of Labor noted that Oracle has a bevy of government contracts that could be at risk. “Oracle has received hundreds of millions in federal government contracts. If Oracle fails to provide relief as ordered in the lawsuit, OFCCP requests that all its government contracts be canceled and that it be debarred from entering into future federal contracts,” said the Department of Labor.

Twitter sells its developer platform Fabric to Google

Google is acquiring Twitter’s mobile developer platform Fabric, the companies announced Wednesday.

The terms of the deal were not disclosed, but the move should help Twitter develop a leaner business as it tries to find more longterm stability. The micro-blogging platform has had some rough months, undergoing a leadership shuffle and failed acquisition talks. Some have suggested Google would be well-suited buyer for Twitter — now Google will take just its developer platform.

The Fabric team will join Google’s Developer Products Group and merge with its Firebase team. “Fabric and Firebase operate mobile platforms with unique strengths in the market today,” Rich Paret, VP of engineering and GM of Fabric, wrote in a blog post.

Firebase product manager Francis Ma noted that the acquisition is part of Firebase’s larger, longterm effforts to build up its comprehensive suite features for web and mobile app development.

Fabric, launched in 2014, was part of Twitter’s efforts to woo developers and now reaches 2.5 billion active mobile devices and serves more than 580,000 mobile developers. Fabric’s Crashlytics and Answers kits are among the most-used SDKs for app stability and analytics.

“As a popular, trusted tool over many years, we expect that Crashlytics will become the main crash reporting offering for Firebase and will augment the work that we have already done in this area,” Ma wrote.

Current Fabric users don’t have to do anything to keep using the products. Before the acquisition closes, Twitter will continue to maintain Fabric’s SMS authentication service Digits. Once it’s complete, Google will begin providing Fabric, Crashlytics, Answers and associated beta products under terms available here.

More on Twitter:

Clear Linux OS now available on Azure

clearlinuxonazure.jpg

Microsoft is adding support for yet another Linux distribution on Azure.

On January 18, Microsoft announced Clear Linux OS for Intel Architecture is available in the Azure Marketplace.

Clear Linux OS is free, open-source Linux distribution built for cloud and data center environments that is tuned to maximize performance of Intel systems.

Microsoft currently supports a number of Linux distributions on Azure, including Red Hat Enterprise Linux, Ubuntu, CentOS, Oracle Linux, SUSE Linux Enterprise, and openSUSE.

Last year, company officials said nearly one out of three virtual machines on Azure are running Linux, rather than Windows Server.

Microsoft is making Clear Linux available as a bare-bones virtual machine; a container image that supports the Docker container runtime; and a sample solution image with open source tools for developing machine-learning applications.

Speaking of Linux, in case you missed it, SUSE is now providing a tutorial for running openSUSE Leap 42.2 on the Windows Subsystem for Linux that is built into Windows 10 as of the Anniversary Update.

Microsoft currently officially supports running Ubuntu and Bash natively on Windows 10. SUSE’s distribution, as well as Fedora, can run but are not officially supported by Microsoft at this time.

Microsoft is building a ‘world graph’ for geographic data:

Intelligence bill drops FBI bid to read Americans’ browser history, email records

(Image: file photo)

An expansion of powers that would have allowed the government access to Americans’ browsing history and email records has been dropped from the latest intelligence authorization bill.

The controversial provision would give the FBI greater powers to issue national security letters (NSLs) for communications records — without needing a court order.

Currently, these letters can compel internet providers and tech companies to turn over a limited set of records associated with Americans’ online communications, but the FBI wanted greater access to email records and browsing histories of recently visited websites.

NSLs are still shrouded in secrecy because of their gagging provisions, but more details about the subpoena-like power have come to light since the passing of the Freedom Act in 2015, which replaced parts of the controversial Patriot Act that were sunsetted in the wake of the Edward Snowden disclosures.

This in part led to a relaxation of secrecy surrounding the letters, which resulted in details of the letters becoming public for the first time.

More companies have since challenged the secret letters they received — including Facebook, Yahoo, and Cloudflare. Microsoft went further by suing the Justice Dept. over its use of NSLs because tech companies are disallowed from informing their customers if their data was turned over.

This isn’t the first time the government has pushed for the expansion in powers.

Last year, the Senate narrowly rejected a bid for the FBI to get warrant access to browsing data. It was said to prevent “lone wolves” in the wake of the Orlando massacre, in which 49 people were killed.

With a new session under way, the measures were floated again, but failed to make it into the final bill.

Sen. Ron Wyden (D-OR), who led the push to remove the section, said he was “glad” the committee agreed.

“Spying on a person’s browsing history is incredibly invasive – almost like a window into their thoughts,” said Wyden in a statement. “Furthermore, this change would have done nothing to make Americans safer, since the government can already obtain these records with a court order.”

The bill sans provision has since been passed by the Senate Intelligence Committee, and will go before the full chamber for a vote in the near future.

Cybercrime gang uses Google services for malware command and control

istock71194473medium-alexkalina-1.jpg
Getty Images/iStockphoto

An organised cybercriminal gang is is using Google services to issue command and control (C&C) communications to help monitor and control the machines of unsuspecting malware victims.

The Carbanak hacking group is one of the most successful cybercriminal operations in the world. Since it started operating in 2013, the gang has attacked banks, e-payment systems and financial institutions across the globe using Trojan malware in a stealthy and continuous campaign, making off with a suspected total of over $1 billion in stolen funds.

Carbanak – also known as Anunak – is a highly organised group and continually evolves its tactics in order to continue to carry out cybercrime while avoiding detection by potential targets and the authorities.

The latest malicious scheme by the group – dubbed Digital Plagiarist – sees the group using office documents hosted on mirrored domains in order to distribute the malware.

This instance of malware is distributed using the common method of hiding a malicious document – this time disguised as an RTF file – inside a phishing email. However, what that malicious file executes code to do is what’s new.

Cybersecurity researchers at Forcepoint have pointed out that the Carbanak group’s VBScript malware contains additional script – ‘ggldr’ – which is capable of using Google services as a command and control channel. This allows hackers to send and receive commands to and from Google Apps Script, Google Sheets, and Google Forms services.

A unique Google Sheets spreadsheet is dynamically created, allowing systems to easily manage each infected victim, like checking on the status of the infected machine or sending command and control check ins. The cycle uses the Google script to continuously repeat, as demonstrated in the image below.

carbanakvbscriptggldrc2flow3.pngcarbanakvbscriptggldrc2flow3.png

How Carbankak’s script exploits Google services.

Image: Forcepoint Security Labs

Forcepoint researchers warn that using Google as an independent C&C channel is likely to be more successful than using newly created domains or domains with no reputation.

The cybersecurity researchers say they’ve notified Google of the issue – ZDNet asked Google for comment, but hadn’t received a reply at the time of publication.

READ MORE ON CYBERCRIME

Samsung SmartCam can be easily hacked and hijacked, researchers find

(Image: CNET/CBS Interactive)

Security researchers have found a severe vulnerability that could allow hackers to hijack a Samsung SmartCam.

The bug, discovered by the Exploitee.rs (formerly the GTVHacker group), can be easily remotely executed by an unprivileged user — effectively meaning anyone with the camera’s IP address can exploit the bug.

The vulnerability was found in the camera’s web server, which runs as root. A flaw in how the code filters out malicious commands allows an attacker to inject their own privileged code.

The group published proof-of-concept code on its wiki.

The researchers say that though the bug was tested on the SNH-1011 mode, the bug is “believed to affect the entire Samsung SmartCam series of devices.”

It’s the second bug that the group has found over the past few years.

The security researchers said it was motivated to look at the SmartCam again after a similar set of bugs were removed instead of fixed.

As a result, Samsung camera owners were forced to use the company’s hosted cloud-based service instead.

“This angered a number of users and crippled the device from being used in any DIY monitoring solutions,” said the group in its write-up. “So, we decided to audit the device once more to see if there is a way we can give users back access to their cameras while at the same time verifying the security of the devices new firmware.”

The flaw may cause a significant security and privacy risk to its owners, but the bug is not said to allow botnet-like activity, such as in the recent Mirai-based attacks that brought much of the US east coast offline late last year, according to one report.

Samsung did not respond to a request for comment.