For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Security

Stanford Starts the 'Secure Internet of Things Project' 76 76

An anonymous reader writes: The internet-of-things is here to stay. Lots of people now have smart lights, smart thermostats, smart appliances, smart fire detectors, and other internet-connect gadgets installed in their houses. The security of those devices has been an obvious and predictable problem since day one. Manufacturers can't be bothered to provide updates to $500 smartphones more than a couple years after they're released; how long do you think they'll be worried about security updates for a $50 thermostat? Security researchers have been vocal about this, and they've found lots of vulnerabilities and exploits before hackers have had a chance to. But the manufacturers have responded in the wrong way.

Instead of developing a more robust approach to device security, they've simply thrown encryption at everything. This makes it temporarily harder for malicious hackers to have their way with the devices, but also shuts out consumers and white-hat researchers from knowing what the devices are doing. Stanford, Berkeley, and the University of Michigan have now started the Secure Internet of Things Project, which aims to promote security and transparency for IoT devices. They hope to unite regulators, researchers, and manufacturers to ensure nascent internet-connected tech is developed in a way that respects customer privacy and choice.
DRM

Cory Doctorow Talks About Fighting the DMCA (2 Videos) 48 48

Wikipedia says, 'Cory Efram Doctorow (/kri dktro/; born July 17, 1971) is a Canadian-British blogger, journalist, and science fiction author who serves as co-editor of the blog Boing Boing. He is an activist in favour of liberalising copyright laws and a proponent of the Creative Commons organization, using some of their licenses for his books. Some common themes of his work include digital rights management, file sharing, and post-scarcity economics.' Timothy Lord sat down with Cory at the O'Reilly Solid Conference and asked him about the DMCA and how the fight against it is going. Due to management-imposed restraints on video lengths, we broke the ~10 minute interview into two parts, both attached to this paragraph. The transcript covers both videos, so it's your choice: view, read or listen to as much of this interview as you like.
Government

White House Lures Mudge From Google To Launch Cyber UL 23 23

chicksdaddy writes: The Obama Whitehouse has tapped famed hacker Peiter Zatko (aka "Mudge") to head up a new project aimed at developing an "underwriters' lab" for cyber security. The new organization would function as an independent, non-profit entity designed to assess the security strengths and weaknesses of products and publishing the results of its tests.

Zatko is a famed hacker and security luminary, who cut his teeth with the Boston-based hacker collective The L0pht in the 1990s before moving on to work in private industry and, then, to become a program manager at the DARPA in 2010. Though known for keeping a low profile, his scruffy visage (circa 1998) graced the pages of the Washington Post in a recent piece that remembered testimony that Mudge and other L0pht members gave to Congress about the dangers posed by insecure software.
The Military

Test Pilot: the F-35 Can't Dogfight 819 819

schwit1 sends this report from the War Is Boring column: A test pilot has some very, very bad news about the F-35 Joint Strike Fighter. The pricey new stealth jet can't turn or climb fast enough to hit an enemy plane during a dogfight or to dodge the enemy's own gunfire, the pilot reported following a day of mock air battles back in January. And to add insult to injury, the JSF flier discovered he couldn't even comfortably move his head inside the radar-evading jet's cramped cockpit. "The helmet was too large for the space inside the canopy to adequately see behind the aircraft." That allowed the F-16 to sneak up on him. The test pilot's report is the latest evidence of fundamental problems with the design of the F-35 — which, at a total program cost of more than a trillion dollars, is history's most expensive weapon. Your tax dollars at work.
Security

UK Researchers Find IPv6-Related Data Leaks In 11 of 14 VPN Providers 65 65

jan_jes writes: According to researchers at Queen Mary University of London, services used by hundreds of thousands of people in the UK to protect their identity on the web are vulnerable to leaks. The study of 14 popular VPN providers found that 11 of them leaked information about the user because of a vulnerability known as 'IPv6 leakage'. The leakage occurs because network operators are increasingly deploying a new version of the protocol used to run the Internet called IPv6. The study also examined the security of various mobile platforms when using VPNs and found that they were much more secure when using Apple's iOS, but were still vulnerable to leakage when using Google's Android. Similarly Russian researchers have exposed the breakthrough U.S. spying program few months back. The VPNs they tested certainly aren't confined to the UK; thanks to an anonymous submitter, here's the list of services tested: Hide My Ass, IPVanish, Astrill, ExpressVPN, StrongVPN, PureVPN, TorGuard, AirVPN, PrivateInternetAccess, VyprVPN, Tunnelbear, proXPN, Mullvad, and Hotspot Shield Elite.
The Courts

8 Yelp Reviewers Hit With $1.2 Million Defamation Suits 210 210

New submitter goodboi writes: A Silicon Valley building contractor is suing 8 of its critics over the reviews they posted on Yelp. The negative reviews were filtered out by Yelp's secretive ranking system, but in court documents filed earlier this month, Link Corporation claims that the bad publicity cost over $165,000 in lost business.
Communications

European Government Agrees On Net Neutrality Rules, With Exemptions 37 37

An anonymous reader writes: The European Union's three main legislative bodies, the European Council, the European Parliment, and the European Commision, have reached an agreement on "Open Internet" rules that establish principles similar to Net Neutrality in the EU. The rules require that all internet traffic and users be treated equally, forbidding paid-for prioritisation of traffic. However, exemptions are permitted for particular "specialised services" where the service is not possible under the open network's normal conditions, provided that the customer using the service pays for the privilege. (The examples given are IPTV, teleconferencing, and telepresence surgery.) Zero-rating — exempting particular data from traffic caps — is also permitted, but will be subject to oversight. Notably, this means (if all goes as promised) the elimination of cellphone roaming fees within the EU; however, that's been promised and delayed before.
The Courts

Lawsuit Filed Over Domain Name Registered 16 Years Before Plaintiff's Use 190 190

HughPickens.com writes: Cybersquatting is registering, selling or using a domain name with the intent of profiting from the goodwill of someone else's trademark. It generally refers to the practice of buying up domain names that use the names of existing businesses with the intent to sell the names for a profit to those businesses. Now Andrew Allmann writes at Domain Name Wire that New York company Office Space Solutions, Inc. has filed a cybersquatting lawsuit against Jason Kneen over the domain name WorkBetter.com that Kneen registered in 1999 although Office Space Solutions didn't use the term "Work Better" in commerce until 2015. "Workbetter.com is virtually identical to, and/or confusingly similar to the WORK BETTER Service Mark, which was distinctive at the time that the Defendant renewed and/or updated the registration of workbetter.com," says the lawsuit. But according to an Office Space Solutions' filing with the USPTO, it didn't use the term "Work Better" in commerce until 2015. Office Space Solutions is making the argument that the domain name was renewed in bad faith. According to Kneen, Office Space previously tried to purchase the domain name from him and after it failed to acquire the domain name, is now trying to take it via a lawsuit.
Crime

Uber France Leaders Arrested For Running Illegal Taxi Company 329 329

An anonymous reader writes: Two Uber executives were arrested by French authorities for running an illegal taxi company and concealing illegal documents. This is not the first time Uber has run into trouble in France. Recently, taxi drivers started a nation-wide protest, blocking access to Roissy airport and the nation's interior minister issued a ban on UberPop. A statement from an Uber spokesperson to TechCrunch reads: "Our CEO for France and General Manager for Western Europe were invited to a police hearing this afternoon; following this interview, they were taken into custody. We are always available to answer all the questions on our service, and available to the authorities to solve any problem that could come up. Talks are in progress. In the meantime, we keep working in order to make sure that both our customers and drivers are safe following last week’s turmoils."
Security

Malwarebytes Offers Pirates Its Premium Antimalware Product For Free 111 111

An anonymous reader writes: If you have a cracked or pirated version of Malwarebytes Anti-Malware (MBAM) product the company has debuted an Amnesty program for you. Venturebeat reports: "If you pirated Malwarebytes Anti-Malware, purchased a counterfeit version of the software, or are having problems with your key in general, the company is offering a free replacement key." CEO Marcin Kleczynski explained the program and his statement reads in part: "When I started Malwarebytes, I absolutely had no idea how successful we would be today. I am extremely grateful for all of the support from everyone and how fast we’ve grown. That being said, I picked a very insecure license key algorithm and as such, generating a pirated key was, and is, very simple.

The problem with pirated keys is that they may collide with a legitimate key just by the sheer numbers. For example, Larry may generate a pirated key that matches the exact key that I already bought. Yes, this is silly, and yes, this is literally the first thing a professional software company thinks of when building license key generation, but when you think you’re building a product for just a few people you don’t hash out these details.

Now we’ve grown up, and we’ve got a new licensing system that we’ve rolled out in stages. The only problem is that we have millions of users that we’ve sold keys to, or a reseller has sold keys to, or we’ve given out keys to without keeping track. It is a mess, and you as a consumer have every right to be upset.
Google

SCOTUS Denies Google's Request To Appeal Oracle API Case 181 181

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google's request to appeal against the Court of Appeals for the Federal Circuit's ruling (PDF) that the structure, sequence and organization of 37 of Oracle's APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google can now seek to argue that, despite the APIs being restricted by copyright, its handling amounts to "fair use". Professor Pamela Samuelson has previously commented (PDF) on the implications if SCOTUS declined to hear the appeal. The Verge reports: "A district court ruled in Google's favor back in 2012, calling the API "a utilitarian and functional set of symbols" that couldn't be tied up by copyrights. Last May, a federal appeals court overturned that ruling by calling the Java API copyrightable. However, the court said that Google could still have lawfully used the APIs under fair use, sending the case back to a lower court to argue the issue. That's where Google will have to go next, now that the Supreme Court has declined to hear the issue over copyright itself.
Classic Games (Games)

Interviews: Ask Steve Jackson About Designing Games 111 111

Since starting his own company in 1980, Steve Jackson, founder and editor-in-chief of Steve Jackson Games, has created a number of hits, starting with Car Wars . . . followed shortly by Illuminati, and later by GURPS, the "Generic Universal Roleplaying System." In 1983, he was elected to the Adventure Gaming Hall of Fame - the youngest person ever so honored. He has personally won 11 Origins Awards. In the early 90's, Steve got international press due to the Secret Service's invasion of his office. The EFF helped make it possible for SJ Games to bring suit against the Secret Service and the U.S. government and win more than $50,000 in damages. His Ogre kickstarter a couple of years ago brought in close to a million dollars. His current hits are Munchkin, a very silly card game about killing monsters and taking their stuff, and Zombie Dice, in which you eat brains and try not to get shotgunned. His current projects include a variety of Munchkin follow-ups, and the continuing quest to get his games translated into digital form. Steve has agreed to put down the dice and answer any questions you may have. As usual, ask as many as you'd like, but please, one per post.
Privacy

When a Company Gets Sold, Your Data May Be Sold, Too 92 92

An anonymous reader writes: A new report points out that many of the top internet sites have language in their privacy policies saying that your private data might be transferred in the event of an acquisition, bankruptcy sale, or other transaction. They effectively say, "We won't ever sell your information, unless things go bad for us." 85 of the top 100 websites in the U.S. (ranked by Alexa), had this sort of language, including Amazon, Apple, Facebook, Google, Hulu, and LinkedIn. (RadioShack did this recently.) "The potential ramifications of the fire sale provisions became clear two years ago when True.com, a dating site based in Plano, Tex., that was going through a bankruptcy proceeding, tried to sell its customer database on 43 million members to a dating site based in Canada. The profiles included consumers' names, birth dates, sexual orientation, race, religion, criminal convictions, photos, videos, contact information and more. Because the site's privacy policy had promised never to sell or share members' personal details without their permission, Texas was able to intervene to stop the sale of customer data, including intimate details on about two million Texans." But with this new language, users no longer enjoy that sort of protection. Only 17 of the top 100 sites even say they will notify customers of the data transfer. Only a handful allow users to opt out.
Space

The Underfunded, Disorganized Plan To Save Earth From the Next Giant Asteroid 88 88

New submitter citadrianne sends a story about the beginnings of our asteroid defense efforts, and how initial concern over an asteroid strike wasn't sustained long enough to establish consistent funding: Until a few decades ago, the powers that be didn't take the threat of asteroids very seriously. This changed on March 23, 1989, when an asteroid 300 meters in diameter called 1989FC passed within half a million miles of Earth. As the New York Times put it, "In cosmic terms, it was a close call." After this arguably close brush with total annihilation, Congress asked NASA to prepare a report on the threat posed by asteroids. The 1992 document, "The Spaceguard Survey: Report of the NASA International Near-Earth-Object Detection Workshop," was, suffice it to say, rather bleak.

If a large NEO were to hit Earth, the report said, its denizens could look forward to acid rain, firestorms, and an impact winter induced by dust being thrown miles into the stratosphere. ... After reports from the National Research Council made it clear that meeting the discovery requirement outlined in the Congressional mandate was impossible given the lack of program funding, NEOO got a tenfold budget increase from 2009 to 2014. Yet it still faces a number of difficulties. A program audit released last September described the NEOO program as a one-man operation that is poorly integrated and lacking in objectives and oversight.
Government

How Uber Takes Over a City 227 227

schwit1 suggests Bloomberg's story on one aspect of Uber's corporate behavior that may leave a sour taste in the mouth of anyone who'd like to believe the Uber-vs.-the-Cartels narrative. The company hired David Plouffe, known for managing Barack Obama's rise to fame, and many others as well, to help them navigate inevitable and ongoing moves for regulation. The scale is impressive; according to the article: Over the past year, Uber built one of the largest and most successful lobbying forces in the country, with a presence in almost every statehouse. It has 250 lobbyists and 29 lobbying firms registered in capitols around the nation, at least a third more than Wal-Mart Stores. That doesn't count municipal lobbyists. In Portland, the 28th-largest city in the U.S., 10 people would ultimately register to lobby on Uber's behalf. And while the article focuses mostly on the example of Portland, the effort is ongoing and nationwide.
Censorship

BBC Curates The "Right To Be Forgotten" Links That Google Can't 146 146

An anonymous reader writes, quoting the BBC's Internet Blog: "Since a European Court of Justice ruling last year, individuals have the right to request that search engines remove certain web pages from their search results. Those pages usually contain personal information about individuals." The BBC, however, is not obligated to completely censor the results, and so has taken an approach that other media outlets would do well to emulate: they're keeping a list of those pages delisted by the search engines, and making them easy to find through the BBC itself. Why? The BBC has decided to make clear to licence fee payers which pages have been removed from Google's search results by publishing this list of links. Each month, we'll republish this list with new removals added at the top. We are doing this primarily as a contribution to public policy. We think it is important that those with an interest in the “right to be forgotten” can ascertain which articles have been affected by the ruling. We hope it will contribute to the debate about this issue. We also think the integrity of the BBC's online archive is important and, although the pages concerned remain published on BBC Online, removal from Google searches makes parts of that archive harder to find.
Advertising

Google Will Reduce Accidental Mobile Ad Clicks, With Mandatory Borders and More 70 70

Mark Wilson submits news that Google is throwing a bone to mobile users annoyed by ads that (accidentally, or accidentally-on-purpose) make it too easy to accidentally click, breaking your browsing flow, by making those ads a bit less clickable. Writes Beta News: The company is taking steps to make the 'user experience' of ads a little better. It recognizes that advertisements that get clicked accidentally don't benefit anybody. They end up irritating the clicker, and are unlikely to be of value to the company that placed the ad. With around half of ad clicks being made by mistake, Google is now taking steps to stop this from happening — great news for users advertisers alike. In all, Google is making three key changes to ads that appear on smartphones and tablets, starting off by adding an unclickable border to the outer edges of advertisements.
Government

Despite Regulatory Nod, Cheap Ebola Test Still Undeployed 24 24

According to an article in Nature, the researchers who developed an inexpensive, reliable field test for the Ebola virus are frustrated by the delay they've seen in actually having that test deployed. Known as the Corgenix test after the company which developed it, this diagnostic tool "could not replace lab confirmation, but it would allow workers to identify infected people and isolate them faster, greatly reducing the spread of disease," according to infectious-diseases physician Nahid Bhadelia. However, though it's been approved both by the US FDA (for emergency use) and the World Health Organization, its practical use has been hampered by country-level regulations. Just why is unclear; the test seems to be at least as effective as other typical tests, and in some ways better. One concern was that the test might fail to detect the virus in some cases of Ebola. But the independent field-validation1 (in Sierra Leone) shows that the kit was as sensitive at catching cases as the gold-standard comparison — a real-time polymerase chain reaction (RT-PCR) test that amplifies and detects genetic sequences that are specific to Ebola in blood and other bodily fluids.
Government

79% of Airbnb Listings In Barcelona Are Illegal 104 104

dkatana writes: Barcelona has more than 16,000 Airbnb listings and, according to reports on Cities of the Future, 79% could be illegal. "In April, Airbnb's European General Manager Jeroen Merchiers confirmed, during the Student Tourism Congress in Barcelona, that the platform has more than 85,000 listings in Spain alone." But most Airbnb hosts do not apply for a permit, fail to pay insurance and tourist tax, and ignore Catalonian law that forbids short-term rentals of rooms in private homes. "Residents," says the article, "had been complaining about the rising number of tourist apartments and the conduct of the mostly student-age renters. The majority from Italy, Germany and the UK were partying all night, some running around naked, and generally trashing their neighborhoods."