Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Sued Freelancer Allegedly Turns Over Contractee Source Code In Settlement 129

FriendlySolipsist writes: Blizzard Entertainment has been fighting World of Warcraft bots for years. TorrentFreak reports that Bossland, a German company that operates "buddy" bots, alleges Blizzard sued one of its freelancers and forced a settlement. As part of that settlement, the freelancer allegedly turned over Bossland's source code to Blizzard. In Bossland's view, their code was "stolen" by Blizzard because it was not the freelancer's to disclose. This is a dangerous precedent for freelance developers in the face of legal threats: damned if you do, damned if you don't.

Comcast Xfinity Wi-Fi Discloses Customer Names and Addresses ( 47

itwbennett writes: Despite assurances that only business listings and not customer names and home addresses would appear in the public search results when someone searches for an Xfinity Wi-Fi hotspot, that is exactly what's happened when the service was initiated 2 years ago — and is still happening now, writes CSO's Steve Ragan. And that isn't the only security issue with the service. Another level of exposure centers on accountability. Ken Smith, senior security architect with K Logix in Brookline, Ma., discovered that Comcast is relying on the device's MAC address as a key component of authentication.

FTC Amends Telemarketing Rule To Ban Payment Methods Used By Scammers 48

An anonymous reader writes: The Federal Trade Commission has approved final amendments to its Telemarketing Sales Rule (TSR), including a change that will help protect consumers from fraud by prohibiting four discrete types of payment methods favored by scammers. The TSR changes will stop telemarketers from dipping directly into consumer bank accounts by using certain kinds of checks and "payment orders" that have been "remotely created" by the telemarketer or seller. In addition, the amendments will bar telemarketers from receiving payments through traditional "cash-to-cash" money transfers – provided by companies like MoneyGram, Western Union, and RIA.

Ex-CIA Director Says Snowden Should Be 'Hanged' For Paris Attacks ( 484

SonicSpike writes with this excerpt from The HIll: A former CIA director says leaker Edward Snowden should be convicted of treason and given the death penalty in the wake of the terrorist attack on Paris. "It's still a capital crime, and I would give him the death sentence, and I would prefer to see him hanged by the neck until he's dead, rather than merely electrocuted," James Woolsey told CNN's Brooke Baldwin on Thursday. Woolsey said Snowden, who divulged classified information in 2013, is partly responsible for the terrorist attack in France last week that left at least 120 dead and hundreds injured. "I think the blood of a lot of these French young people is on his hands," he said.

Donald Trump Obliquely Backs a Federal Database To Track Muslims 570 writes: Philip Bump reports at the Washington Post that Donald Trump confirmed to NBC on Thursday evening that he supports a database to track Muslims in the United States. The database of Muslims arose after an interview Yahoo News's Hunter Walker conducted with Trump earlier this week, during which he asked the Republican front-runner to weigh in on the current debate over refugees from Syria. "We're going to have to do things that we never did before," Trump told Walker. "Some people are going to be upset about it, but I think that now everybody is feeling that security is going to rule." When pressed on whether these measures might include tracking Muslim Americans in a database or noting their religious affiliations on identification cards, Trump would not go into detail — but did not reject the options. Trump's reply? "We're going to have to — we're going to have to look at a lot of things very closely," he said. "We're going to have to look at the mosques. We're going to have to look very, very carefully." After an event on in Newton, Iowa, on Thursday night, NBC's Vaughn Hillyard pressed the point. "Should there be a database system that tracks Muslims here in this country?," Hillyard asked. "There should be a lot of systems, beyond databases" Trump said. "We should have a lot of systems." Hillyard asked about implementation, including the process of adding people to the system. "Good management procedures," Trump said. Sign people up at mosques, Hillyard asked? "Different places," Trump replied. "You sign them up at different places. But it's all about management."
The Courts

Judge: Stingrays Are 'Simply Too Powerful' Without Adequate Oversight ( 111

New submitter managerialslime sends news that an Illinois judge has issued new requirements the government must meet before it can use cell-site simulators, a.k.a. "stingrays," to monitor the communications of suspected criminals. While it's likely to set precedent for pushing back against government surveillance powers, the ruling is specific to the Northern District of Illinois for now. What is surprising is Judge Johnston’s order to compel government investigators to not only obtain a warrant (which he acknowledges they do in this case), but also to not use them when "an inordinate number of innocent third parties’ information will be collected," such as at a public sporting event. This first requirement runs counter to the FBI’s previous claim that it can warrantlessly use stingrays in public places, where no reasonable expectation of privacy is granted. Second, the judge requires that the government "immediately destroy" collateral data collection within 48 hours (and prove it to the court). Finally, Judge Johnston also notes: "Third, law enforcement officers are prohibited from using any data acquired beyond that necessary to determine the cell phone information of the target. A cell-site simulator is simply too powerful of a device to be used and the information captured by it too vast to allow its use without specific authorization from a fully informed court."

File Says NSA Found Way To Replace Email Program ( 93

schwit1 writes: Newly disclosed documents show that the NSA had found a way to create the functional equivalent of programs that had been shut down. The shift has permitted the agency to continue analyzing social links revealed by Americans' email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.

The disclosure comes as a sister program that collects Americans' phone records in bulk is set to end this month. Under a law enacted in June, known as the USA Freedom Act, the program will be replaced with a system in which the NSA can still gain access to the data to hunt for associates of terrorism suspects, but the bulk logs will stay in the hands of phone companies.

The newly disclosed information about the email records program is contained in a report by the NSA's inspector general that was obtained through a lawsuit under the Freedom of Information Act. One passage lists four reasons the NSA decided to end the email program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that "other authorities can satisfy certain foreign intelligence requirements" that the bulk email records program "had been designed to meet."


Nation-backed Hackers Using Evercookie and Web Analytics To Profile Targets ( 47

chicksdaddy writes: There's such a fine line between clever and criminal. That's the unmistakable subtext of the latest FireEye report on a new "APT" style campaign that's using methods and tools that are pretty much indistinguishable from those used by media websites and online advertisers. The difference? This time the information gathered from individuals is being used to soften up specific individuals with links to international diplomacy, the Russian government, and the energy sector.

The company released a report this week that presented evidence of a widespread campaign (PDF) that combines so-called "watering hole" web sites with a tracking script dubbed "WITCHCOVEN" and Samy Kamkar's Evercookie, the super persistent web tracking cookie. The tools are used to assemble detailed profiles on specific users including the kind of computer they use, the applications and web browsers they have installed, and what web sites they visit.

While the aims of those behind the campaign aren't known, FireEye said the use of compromised web sites and surreptitious tracking scripts doesn't bode well. "While many sites engage in profiling and tracking for legitimate purposes, those activities are typically conducted using normal third-party browser-based cookies and commercial ad services and analytics tools," FireEye wrote in its report. "In this case, while the individuals behind the activity used publicly available tools, those tools had very specific purposes....This goes beyond 'normal' web analytics," the company said.


EU Set To Crack Down On Bitcoin and Anonymous Payments After Paris Attack ( 274

An anonymous reader writes: Home affairs ministers from the European Union are set to gather in Brussels for crisis talks in the wake of the Paris attacks, and a crackdown on Bitcoin, pre-paid credit card and other forms of 'anonymous' online payments are on the agenda. From the article: "According to draft conclusions of the meeting, European interior and justice ministers will urge the European Commission (the EU executive arm) to propose measures to strengthen the controls of non-banking payment methods. These include electronic/anonymous payments, virtual currencies and the transfers of gold and precious metals by pre-paid cards."

FDA Signs Off On Genetically Modified Salmon Without Labeling ( 513

kheldan writes: Today, in a historic decision, the FDA approved the marketing of genetically-engineered salmon for sale to the general public, without any sort of labeling to indicate to consumers they've been genetically altered. According to the article: "Though the Federal Food, Drug, and Cosmetic Act (FD&C Act) gives the FDA the authority to require mandatory labeling of foods if there is a material difference between a GE product and its conventional counterpart, the agency says it is not requiring labeling of these GE fish 'Because the data and information evaluated show that AquAdvantage Salmon is not materially different from other Atlantic salmon.' In this case, the GE salmon use an rDNA construct composed of the growth hormone gene from Chinook salmon under the control of a promoter from another type of fish called an 'ocean pout.' According to the FDA, this tweak to the DNA allows the salmon to grow to market size faster than non-GE farm-raised salmon."
Social Networks

EFF launches Site To Track Censored Content On Social Media ( 39

Mark Wilson writes: There are many problems with the censoring of online content, not least that it can limit free speech. But there is also the question of transparency. By the very nature of censorship, unless you have been kept in the loop you would simply not know that anything had been censored. This is something the Electronic Frontier Foundation wants to change, and today the digital rights organization launches to blow the lid off online censorship. The site, run by EFF and Visualizing Impact, aims to reveal the content that is censored on Facebook, Google+, Twitter, Instagram, Flickr, and YouTube — not just the 'what' but the 'why'. If you find yourself the subject of censorship, the site also explains how to lodge an appeal.
The Media

Reuters Bans RAW Photo Format ( 206

grcumb writes: Reuters is the latest agency to join the ranks of the technically clueless who think that ethical problems can be solved using technical means. They recently issued a circular to their contributors, stating in part: "In future, please don't send photos to Reuters that were processed from RAW or CR2 files. If you want to shoot raw images that's fine, just take JPEGs at the same time. Only send us the photos that were originally JPEGs, with minimal processing...." The problem they claim to be addressing is doctored images, but they don't explain how they plan to ensure that the JPEGs weren't simply exported from RAW files with their EXIF data altered, or heck, just altered as JPEG. They also assert that getting JPEG files straight from the camera is quicker, which is fair enough. Lots of professionals shoot with RAW+JPEG at newsworthy events. They can send the JPEGs off quickly to meet the first deadline, then process the RAW files at leisure for higher quality publications.

YouTube Defending Select Videos Against DMCA Abuse 56

Galaga88 writes: It's not a complete solution, but YouTube is going to begin stepping up to defend select videos in court on fair use terms, including covering court costs. Will this help stem the tide of bad DMCA takedown requests, or just help the select few YouTube doesn't want to lose? From the blog post linked: We are offering legal support to a handful of videos that we believe represent clear fair uses which have been subject to DMCA takedowns. With approval of the video creators, we’ll keep the videos live on YouTube in the U.S., feature them in the YouTube Copyright Center as strong examples of fair use, and cover the cost of any copyright lawsuits brought against them. ... In addition to protecting the individual creator, this program could, over time, create a “demo reel” that will help the YouTube community and copyright owners alike better understand what fair use looks like online and develop best practices as a community.

Chicago Sends More Than 100,000 "Bogus" Camera-Based Speeding Tickets 200

Ars Technica, based on an in-depth report (paywalled) at the Chicago Tribune, says that the city of Chicago has been misusing traffic cameras to trigger automated speeding tickets. In particular, these cameras are placed in places where there are enhanced penalties for speeding, putatively intended to increase child safety. The automated observation system, though, has been used to send well over 100,000 tickets that the Tribune analysis deems "questionable," because they lack the evidence which is supposed to be required -- for instance, many of these tickets are unbacked by evidence of the presence of children, or were issued when the speeding rules didn't apply (next to a park when that park was closed).
The Internet

New Anti-Piracy Law In Australia Already Being Abused ( 73

Gumbercules!! writes: A small Australian ISP has received a demand that it block access to an overseas website or face legal action in the Federal Court, in a case in which a building company is demanding the ISP block access to an overseas site with a similar name. This case is being seen as a test case, potentially opening the way for companies and aggregated customers to use the new anti-piracy laws to block access to companies or their competition. The ISP in question has obviously been selected because they're very small and have limited financial capacity to fight a legal case.

Manhattan DA Pressures Google and Apple To Kill Zero Knowledge Encryption ( 291

An anonymous reader writes: In a speech to the 6th Annual Financial Crimes and Cybersecurity Symposium, New York County District Attorney for Manhattan Cyrus Vance Jr. has appealed to the tech community — specifically citing Google and Apple — to "do the right thing" and end zero-knowledge encryption in mobile operating systems. Vance Jr. praised FBI director James Comey for his 'outspoken' and 'fearless' advocacy against zero knowledge encryption, and uses the recent attacks on Paris as further justification for returning encryption keys to the cloud, so that communications providers can once again comply with court orders.

Georgia Gives Personal Data of 6 Million Voters To Georgia GunOwner Magazine ( 108

McGruber writes: A class action lawsuit alleges that Georgia Secretary of State Brian Kemp's office released the personal identifying information of Georgia voters to twelve organizations, "including statewide political parties, news media organizations and Georgia GunOwner Magazine".

According to Kemp, his office shares "voter registration data every month with news media and political parties that have requested it as required by Georgia law. Due to a clerical error where information was put in the wrong file, 12 recipients received a disc that contained personal identifying information that should not have been included."

The Atlanta Journal-Constitution independently confirmed the inclusion of the personal data in the October file. The AJC did so by accessing the October data disc, looking up information for an AJC staffer and confirming his Social Security number and driver's license information was included. The AJC has returned its copy of the disc to the state.


The War On Campus Sexual Assault Goes Digital 399 writes: According to a recent study of 27 schools, about one-quarter of female undergraduates said they had experienced nonconsensual sex or touching since entering college, but most of the students said they did not report it to school officials or support services. Now Natasha Singer reports at the NYT that in an effort to give students additional options — and to provide schools with more concrete data — a nonprofit software start-up in San Francisco called Sexual Health Innovations has developed an online reporting system for campus sexual violence. One of the most interesting features of Callisto is a matching system — in which a student can ask the site to store information about an assault in escrow and forward it to the school only if someone else reports another attack identifying the same assailant. The point is not just to discover possible repeat offenders. In college communities, where many survivors of sexual assault know their assailants, the idea of the information escrow is to reduce students' fears that the first person to make an accusation could face undue repercussions.

"It's this last option that makes Callisto unique," writes Olga Khazan. "Most rapes are committed by repeat offenders, yet most victims know their attackers. Some victims are reluctant to report assaults because they aren't sure whether a crime occurred, or they write it off as a one-time incident. Knowing about other victims might be the final straw that puts an end to their hesitation—or their benefit of the doubt. Callisto's creators claim that if they could stop perpetrators after their second victim, 60 percent of campus rapes could be prevented." This kind of system is based partly on a Michigan Law Review article about "information escrows," or systems that allow for the transmitting of sensitive information in ways that reduce "first-mover disadvantage" also known to economists as the "hungry penguin problem". As game theorist Michael Chwe points out, the fact that each person creates her report independently makes it less likely they'll later be accused of submitting copycat reports, if there are similarities between the incidents.

Carnegie Mellon Denies FBI Paid For Tor-Breaking Research ( 79

New submitter webdesignerdudes writes with news that Carnegie Mellon University now implies it may have been subpoenaed to give up its anonymity-stripping technique, and that it was not paid $1 million by the FBI for doing so. Wired reports: "In a terse statement Wednesday, Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder. But it instead implied that the research may have been accessed by law enforcement through the use of a subpoena. 'In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed,' the statement reads. 'The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.'"
The Courts

Taxi Owners Sue NYC Over Uber, While Court Overrules Class-Action Appeal ( 210

An anonymous reader writes: Taxi owners in New York have filed a lawsuit against cab-hailing app giant Uber, citing damaged revenues and a hefty fall in value of NYC's 'medallion' business. The case against the city and its Taxi and Limousine Commission claims that the regulators have unfairly permitted Uber to steal away business from the regulated cab industry. Getting away without regulation has enabled Uber drivers to compete directly, and drown out official taxi companies. A further lawsuit case hovering over Uber this week, is its request to immediately appeal an order approving class certification filed by its own drivers. The appeal was denied by a U.S. court yesterday.