Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

With $160 Billion Merger, Pfizer Moves To Ireland and Dodges Taxes (arstechnica.com) 364

ourlovecanlastforeve writes: In a $160 billion dollar acquisition, drug company Allergan, a small company based in Ireland, "purchased" Pfizer, allowing the drug producing giant to move to Ireland and lower its tax rate from about 25 percent to 17-18 percent. Ars reports: "Such inversions, which are said to cost the American government billions in lost tax revenue, have drawn scorn from the Obama Administration and the Treasury Department. Last year, President Obama referred to the deals as 'unpatriotic' loopholes and proposed to close them. And last week, the Treasury announced new rules to make such deals more difficult. But Pfizer’s reverse-inversion skirts the rules, in part by keeping ownership split somewhat evenly between the two companies. After the deal is complete, current shareholders of Allergan, which has the majority of its operations in the US, will own 44 percent of the mega company. The remaining 56 percent will be owned by current Pfizer shareholders."

FAA To Drone Owners: Get Ready To Register To Fly (networkworld.com) 192

coondoggie writes: While an actual rule could be months away, drones weighing about 9 ounces or more will apparently need to be registered with the Federal Aviation Administration going forward. The registration requirement and other details came form the government’s UAS Task Force which was created by the FAA last month and featured all manner of associates from Google, the Academy of Model Aeronautics and Air Line Pilots Association to Walmart, GoPro and Amazon. “By some estimates, as many as 400,000 new unmanned aircraft will be sold during the holiday season. Pilots with little or no aviation experience will be at the controls of many of these aircraft. Many of these new aviators may not even be aware that their activities in our airspace could be dangerous to other aircraft -- or that they are, in fact, pilots once they start flying their unmanned aircraft,” said FAA Administrator Michael Huerta in announcing the task force’s results.

Dell Accused of Installing 'Superfish-Like' Rogue Certificates On Laptops (theregister.co.uk) 92

Mickeycaskill writes: Dell has been accused of pre-installing rogue self-signing root certificate authentications on its laptops. A number of users discovered the 'eDellRoot' certificate on their machines and say it leaves their machines, and any others with the certificate, open to attack. "Anyone possessing the private key which is on my computer is capable of minting certificates for any site, for any purpose and the computer will programmatically and falsely conclude the issued certificate to be valid," said Joe Nord, a Citrix product manager who found the certificate on his laptop. It is unclear whether it is Dell or a third party installing the certificate, but the episode is similar to the 'Superfish' incident in which Lenovo was found to have installed malware to inject ads onto users' computers.
The Almighty Buck

"Clock Boy" Ahmed Mohamed Seeking $15 Million In Damages 803

phrackthat writes: The family of Ahmed Mohamed, the boy who was arrested in Irving, Texas has threatened to sue the school and the city of Irving if they do not pay him $15 million as compensation for his arrest. To refresh the memories of everyone, Ahmed's clock was a clock he disassembled then put into a pencil case that looked like a miniature briefcase. He was briefly detained by the Irving city police to interview him and determine if he intended for his clock to be perceived as a fake bomb. He was released to his parents later on that day and they publicized the matter and claimed Ahmed was arrested because of "Islamophobia".

New IBM Tech Lets Apps Authenticate You Without Personal Data (csoonline.com) 27

itwbennett writes: IBM's Identity Mixer allows developers to build apps that can authenticate users' identities without collecting personal data. Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. IBM announced on Friday that Identity Mixer is now available to developers on its Bluemix cloud platform.

Nearly 35,000 Comment On New Federal STEM OPT Extension Rule (computerworld.com) 55

theodp writes: Computerworld reports that the comments are in on the Department of Homeland Security's new proposed rule to extend OPT for international STEM students from 29 months to at least 36 months. The majority of the comments received by DHS support extending the program, CW notes, which is probably not surprising. Rather than choosing to "avoid the appearance of improper influence" by declining to respond to a "We the People" petition protesting a pending U.S. Federal judge's ruling that threatens to eliminate OPT STEM extensions altogether in February, the White House informed the 100k petition signers that they had the President's support, and pointed to the comment site for the proposed DHS OPT STEM rule workaround. Like the "We the People" petitioners, it's unclear whether the DHS commenters might represent corporate, university, and/or student interests, although a word cloud of the top 100 names of commenters (which accounted for 17,000+ comments) hints that international students are well-represented. By the way, in rejecting the 'emergency changes' that were enacted by DHS in 2008 to extend OPT for STEM students without public comment, Judge Ellen Huvelle said, "the 17-month duration of the STEM extension appears to have been adopted directly from the unanimous suggestions by Microsoft and similar industry groups."

Australian State Bans Possession of Blueprints For 3D Printing Firearms (computerworld.com.au) 311

angry tapir writes: Possessing files that can be used to 3D print firearms will soon be illegal in the Australian state of New South Wales after new legislation, passed last week by state parliament, comes into effect. Possessing files for 3D printing guns will be punishable by up to 14 years in prison. The provisions "are targeted at criminals who think they can steal or modify firearms or manufacture firearms from 3D blueprints," NSW's justice minister, Troy Grant, said when introducing the bill in the state's lower house on 27 October. "Those who think they can skirt the law will find themselves facing some of the toughest penalties for firearms offences in this country," Grant said.

How Anonymous' War With Isis Is Actually Harming Counter-Terrorism (metro.co.uk) 391

retroworks writes: According to a recent tweet from the #OpParis account, Anonymous are delivering on their threat to hack Isis, and are now flooding all pro-Isis hastags with the grandfather of all 2007 memes — Rick Astley's "Never Gonna Give You Up" music video. Whenever a targeted Isis account tries to spread a message, the topic will instead be flooded with countless videos of Rick Astley circa 1987. Not all are praising Anonymous methods, however. While Metro UK reports that the attacks have been successful, finding and shutting down 5,500 Twitter accounts, the article also indicates that professional security agencies have seen sources they monitor shut down. Rick Astley drowns out intelligence as well as recruitment.

Whistleblowers: How NSA Created the 'Largest Failure' In Its History (zdnet.com) 118

An anonymous reader writes: Former NSA whistleblowers contend that the agency shut down a program that could have "absolutely prevented" some of the worst terror attacks in memory. According to the ZDNet story: "Weeks prior to the September 11 terrorist attacks, a test-bed program dubbed ThinThread was shut down in favor of a more expensive, privacy-invasive program that too would see its eventual demise some three years later -- not before wasting billions of Americans' tax dollars. Four whistleblowers, including a congressional senior staffer, came out against the intelligence community they had served, after ThinThread. designed to modernize the agency's intelligence gathering effort, was cancelled. Speaking at the premier of a new documentary film A Good American in New York, which chronicles the rise and demise of the program, the whistleblowers spoke in support of the program, led by former NSA technical director William Binney."
United States

US and China Setting Up "Space Hotline" (ft.com) 15

Taco Cowboy writes: Washington and Beijing have established an emergency 'space hotline' to reduce the risk of accidental conflict. Several international initiatives are already in train to seal a space treaty to avoid a further build-up of weapons beyond the atmosphere. However, security experts say the initiatives have little chance of success. A joint Russia-China proposal wending its way through the UN was not acceptable to the US. An EU proposal, for a "code of conduct" in space, was having diplomatic "difficulties" but was closer to Washington's position.

Blackberry Offers 'Lawful Device Interception Capabilities' (itnews.com.au) 137

An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" for government surveillance. BlackBerry COO Marty Beard as much at a recent IT summit. He declined to explain how the interception works, but he denied the phones would contain "backdoors" and said governments would have no direct access to BlackBerry servers. The company may see this as a way to differentiate themselves from the competition.

Florida Group Wants To Make Space a 2016 Presidential Campaign Issue (examiner.com) 118

MarkWhittington writes: According to a story on News 13, an Orlando TV station, Space Florida is working to make space a political issue in the 2016 presidential election. Thus far the campaign for the presidency has been dominated by more mundane issues such as the economy, illegal immigration, and the threat of terrorism. Space Florida, which is "the State of Florida's aerospace economic development agency," is said to be "working with three other battleground states to make sure America's space program is a part of the campaign for president." Presumably one of those states is Texas, which has lots of electoral votes

Sued Freelancer Allegedly Turns Over Contractee Source Code In Settlement 130

FriendlySolipsist writes: Blizzard Entertainment has been fighting World of Warcraft bots for years. TorrentFreak reports that Bossland, a German company that operates "buddy" bots, alleges Blizzard sued one of its freelancers and forced a settlement. As part of that settlement, the freelancer allegedly turned over Bossland's source code to Blizzard. In Bossland's view, their code was "stolen" by Blizzard because it was not the freelancer's to disclose. This is a dangerous precedent for freelance developers in the face of legal threats: damned if you do, damned if you don't.

Comcast Xfinity Wi-Fi Discloses Customer Names and Addresses (csoonline.com) 47

itwbennett writes: Despite assurances that only business listings and not customer names and home addresses would appear in the public search results when someone searches for an Xfinity Wi-Fi hotspot, that is exactly what's happened when the service was initiated 2 years ago — and is still happening now, writes CSO's Steve Ragan. And that isn't the only security issue with the service. Another level of exposure centers on accountability. Ken Smith, senior security architect with K Logix in Brookline, Ma., discovered that Comcast is relying on the device's MAC address as a key component of authentication.

FTC Amends Telemarketing Rule To Ban Payment Methods Used By Scammers 48

An anonymous reader writes: The Federal Trade Commission has approved final amendments to its Telemarketing Sales Rule (TSR), including a change that will help protect consumers from fraud by prohibiting four discrete types of payment methods favored by scammers. The TSR changes will stop telemarketers from dipping directly into consumer bank accounts by using certain kinds of checks and "payment orders" that have been "remotely created" by the telemarketer or seller. In addition, the amendments will bar telemarketers from receiving payments through traditional "cash-to-cash" money transfers – provided by companies like MoneyGram, Western Union, and RIA.

Ex-CIA Director Says Snowden Should Be 'Hanged' For Paris Attacks (thehill.com) 485

SonicSpike writes with this excerpt from The HIll: A former CIA director says leaker Edward Snowden should be convicted of treason and given the death penalty in the wake of the terrorist attack on Paris. "It's still a capital crime, and I would give him the death sentence, and I would prefer to see him hanged by the neck until he's dead, rather than merely electrocuted," James Woolsey told CNN's Brooke Baldwin on Thursday. Woolsey said Snowden, who divulged classified information in 2013, is partly responsible for the terrorist attack in France last week that left at least 120 dead and hundreds injured. "I think the blood of a lot of these French young people is on his hands," he said.

Donald Trump Obliquely Backs a Federal Database To Track Muslims 589

HughPickens.com writes: Philip Bump reports at the Washington Post that Donald Trump confirmed to NBC on Thursday evening that he supports a database to track Muslims in the United States. The database of Muslims arose after an interview Yahoo News's Hunter Walker conducted with Trump earlier this week, during which he asked the Republican front-runner to weigh in on the current debate over refugees from Syria. "We're going to have to do things that we never did before," Trump told Walker. "Some people are going to be upset about it, but I think that now everybody is feeling that security is going to rule." When pressed on whether these measures might include tracking Muslim Americans in a database or noting their religious affiliations on identification cards, Trump would not go into detail — but did not reject the options. Trump's reply? "We're going to have to — we're going to have to look at a lot of things very closely," he said. "We're going to have to look at the mosques. We're going to have to look very, very carefully." After an event on in Newton, Iowa, on Thursday night, NBC's Vaughn Hillyard pressed the point. "Should there be a database system that tracks Muslims here in this country?," Hillyard asked. "There should be a lot of systems, beyond databases" Trump said. "We should have a lot of systems." Hillyard asked about implementation, including the process of adding people to the system. "Good management procedures," Trump said. Sign people up at mosques, Hillyard asked? "Different places," Trump replied. "You sign them up at different places. But it's all about management."
The Courts

Judge: Stingrays Are 'Simply Too Powerful' Without Adequate Oversight (arstechnica.com) 111

New submitter managerialslime sends news that an Illinois judge has issued new requirements the government must meet before it can use cell-site simulators, a.k.a. "stingrays," to monitor the communications of suspected criminals. While it's likely to set precedent for pushing back against government surveillance powers, the ruling is specific to the Northern District of Illinois for now. What is surprising is Judge Johnston’s order to compel government investigators to not only obtain a warrant (which he acknowledges they do in this case), but also to not use them when "an inordinate number of innocent third parties’ information will be collected," such as at a public sporting event. This first requirement runs counter to the FBI’s previous claim that it can warrantlessly use stingrays in public places, where no reasonable expectation of privacy is granted. Second, the judge requires that the government "immediately destroy" collateral data collection within 48 hours (and prove it to the court). Finally, Judge Johnston also notes: "Third, law enforcement officers are prohibited from using any data acquired beyond that necessary to determine the cell phone information of the target. A cell-site simulator is simply too powerful of a device to be used and the information captured by it too vast to allow its use without specific authorization from a fully informed court."

File Says NSA Found Way To Replace Email Program (nytimes.com) 93

schwit1 writes: Newly disclosed documents show that the NSA had found a way to create the functional equivalent of programs that had been shut down. The shift has permitted the agency to continue analyzing social links revealed by Americans' email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.

The disclosure comes as a sister program that collects Americans' phone records in bulk is set to end this month. Under a law enacted in June, known as the USA Freedom Act, the program will be replaced with a system in which the NSA can still gain access to the data to hunt for associates of terrorism suspects, but the bulk logs will stay in the hands of phone companies.

The newly disclosed information about the email records program is contained in a report by the NSA's inspector general that was obtained through a lawsuit under the Freedom of Information Act. One passage lists four reasons the NSA decided to end the email program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that "other authorities can satisfy certain foreign intelligence requirements" that the bulk email records program "had been designed to meet."


Nation-backed Hackers Using Evercookie and Web Analytics To Profile Targets (securityledger.com) 47

chicksdaddy writes: There's such a fine line between clever and criminal. That's the unmistakable subtext of the latest FireEye report on a new "APT" style campaign that's using methods and tools that are pretty much indistinguishable from those used by media websites and online advertisers. The difference? This time the information gathered from individuals is being used to soften up specific individuals with links to international diplomacy, the Russian government, and the energy sector.

The company released a report this week that presented evidence of a widespread campaign (PDF) that combines so-called "watering hole" web sites with a tracking script dubbed "WITCHCOVEN" and Samy Kamkar's Evercookie, the super persistent web tracking cookie. The tools are used to assemble detailed profiles on specific users including the kind of computer they use, the applications and web browsers they have installed, and what web sites they visit.

While the aims of those behind the campaign aren't known, FireEye said the use of compromised web sites and surreptitious tracking scripts doesn't bode well. "While many sites engage in profiling and tracking for legitimate purposes, those activities are typically conducted using normal third-party browser-based cookies and commercial ad services and analytics tools," FireEye wrote in its report. "In this case, while the individuals behind the activity used publicly available tools, those tools had very specific purposes....This goes beyond 'normal' web analytics," the company said.