An anonymous reader writes "A new malware scheme has been discovered that pushes fake antivirus software to Android users via in-app advertising. Once installed, the trojan informs the victims they need to pay up to remove threats on their device. The malware in question, detected as "Android.Fakealert.4.origin" by Russian security firm Doctor Web, has been around since at least October 2012 according to the company. While Android malware that masks itself as an antivirus for Google's platform is nothing new, and neither are ads in Android apps pushing malware, but putting the two together can certainly be effective. This is naturally a practice that Windows users are all too familiar with."

New submitter LeadSongDog writes with news that Apple has provided information on how long it holds onto voice search data used by its digital assistant software Siri. Speaking to Wired, an Apple representative said the data is kept for two years after the initial query. "Here’s what happens. Whenever you speak into Apple’s voice activated personal digital assistant, it ships it off to Apple’s data farm for analysis. Apple generates a random numbers to represent the user and it associates the voice files with that number. This number — not your Apple user ID or email address — represents you as far as Siri’s back-end voice analysis system is concerned. Once the voice recording is six months old, Apple “disassociates” your user number from the clip, deleting the number from the voice file. But it keeps these disassociated files for up to 18 more months for testing and product improvement purposes." This information came in response to requests for clarification of Siri's privacy policy, which was not very clear as written. The director of privacy group Big Brother Watch said, "There needs to be a very high justification for retaining such intrusive data for longer than is absolutely necessary to provide the service."

Sparrowvsrevolution writes "Bitcoin's recent spike and then collapse in value has convinced many that it's too unstable to use as a practical currency. But not the founder of Silk Road, the black market drug site that exclusively accepts Bitcoin in exchange for heroin, cocaine and practically every other drug imaginable. Silk Road's creator, who calls himself the Dread Pirate Roberts, broke his usual media silence to issue a short statement that Silk Road will survive Bitcoin's bubble and bust. The market's prices are generally pegged to the dollar, with prices in Bitcoin fluctuating to account for movements in the exchange rate. And Roberts explained that vendors on the site have the option to also hedge the Bitcoins that buyers place in escrow for their products, so that they can't lose money due to Bitcoin's volatility while the drugs are in the mail. As a result, only about 1,000 of the site's more than 11,000 product listings were taken down during the recent crash."

theodp writes "During the night, The Tech broke news that gunshots were reported at MIT near 32 Vassar Street (the Ray and Maria Stata Center for Computer, Information, and Intelligence Sciences), and one officer was shot and taken to Mass General Hospital. MIT's Emergency Information page also reports that injuries have been reported. Sadly, CNN is now reporting that the university police officer has died. Look for updates on Twitter." The two suspects identified earlier as being behind the Boston Marathon bombings are believed to be responsible for this. They were found by police. One suspect, 26-year-old Tamerlan Tsarnaev, was killed in a shootout. The other suspect, 19-year-old Dzhokhar Tsarnaev, is still being pursued. The Associated Press reports that the two are believed to be from the Russian region near Chechnya. During the firefight, the suspects threw explosive devices at police. Public transit in Boston has been shut down, and hundreds of thousands of people have been asked to not leave their homes. Here are live feed for local TV news and emergency services audio. Police have been warned that the remaining suspect may have a suicide vest.

Reader Okian Warrior points out a related story worthy of notice: "The 4chan crowd, poring over images of the Boston marathon, identified two dark-skinned and bag-carrying suspects (among others). This was then picked up by The New York Post, who ran the image on Thursday's front page with the headline 'Feds seek these two pictured at Boston Marathon.' And now, a completely innocent teen now finds himself scared to leave his home."

An anonymous reader writes "Google received an ultimatum Thursday from German consumer organizations that want it to start answering questions from its users via email. The Federation of German Consumer Organizations (VZBV) has asked Google to sign an undertaking that it will provide customer service by responding individually to users questions sent by email, said Carola Elbrecht, VZBV's project manager for consumer rights in the digital world at the VZBV. Signing such a document would expose Google to fines if it breached the undertaking. On the other hand, said Elbrecht, 'If Google does not sign it, we're going to court.'"

An anonymous reader writes "The FBI has released images of what they say are two suspects with backpacks and ball caps. 'Somebody out there knows these individuals as friends, neighbors, co-workers or family members of the suspects,' Special Agent Rick DesLauriers, the head of the FBI's Boston office said. 'And though it may be difficult, the nation is counting on those with information to come forward and provide it to us.'"

NewYorkCountryLawyer writes "Once again YouTube has defeated Viacom and other members of the content cartel; once again the Court has held that the Digital Millennium Copyright Act actually does mean what it says. YouTube had won the case earlier, at the district court level, but the US Court of Appeals for the Second Circuit, although ruling in YouTube's favor on all of the general principles at stake, felt that there were several factual issues involving some of the videos and remanded to the lower court for a cleanup of those loose ends. Now, the lower court — Judge Louis L. Stanton to be exact — has resolved all of the remaining issues in YouTube's favor, in a 24-page opinion. Among other things Judge Stanton concluded that YouTube had not had knowledge or awareness of any specific infringement, been 'willfully blind' to any specific infringement, induced its users to commit copyright infringement, interacted with its users to a point where it might be said to have participated in their infringements, or manually selected or delivered videos to its syndication partners. Nevertheless, 5 will get you 10 that the content maximalists will appeal once again."

An anonymous reader links to an article at Ars explaining the dropping inventory of bridges available to users of the Tor project's encrypted messaging system. They're looking for more bridges, but that doesn't necessarily mean buying new hardware per se. From the article: "After campaigning successfully last year to get more volunteers to run obfuscated Tor bridges to support users in Iran trying to evade state monitoring, the network has lost most of those bridges, according to a message to the Tor relays mailing list by Tor volunteer George Kadiankakis. 'Most of those bridges are down, and fresh ones are needed more than ever,' [Tor volunteer George] Kadiankakis wrote in an e-mail, 'since obfuscated bridges are the only way for people to access Tor in some areas of the world (like China, Iran, and Syria).' For those who want to donate bridges to the Tor network, the easiest route is to use Tor Cloud, an Amazon Web Service Elastic Compute Cloud image created by the Tor Project that allows people to leverage Amazon's free usage tier to deploy a bridge."

An anonymous reader writes with a story at the Daily Dot: "Despite the protests of Internet privacy advocates, the controversial Cyber Intelligence Sharing and Protection Act (CISPA) passed the House of Representatives Thursday. The vote was 288-127. ... CISPA saw a handful of minor amendments soon before passage. A representative for the EFF told the Daily Dot that while they were still analyzing the specifics, none of the actual changes to the bill addressed their core criticisms. ... But also as was the case the year before, on Tuesday the Obama administration issued a promise to veto the bill if it reaches the president’s desk without significant changes." Techdirt has a short report on the vote, too — and probably more cutting commentary soon to follow.

sholto writes "An aggressive expansion strategy by LinkedIn has backfired spectacularly amid accusations of identity fraud. Users complained the social network sent unrequested invites from their accounts to contacts and complete strangers, often with embarrassing results. One man claimed LinkedIn sent an invite from his account to an ex-girlfriend he broke up with 12 years ago who had moved state, changed her surname and her email address. ... 'This ex-girlfriend's Linked in profile has exactly ONE contact, ME. My wife keeps getting messages asking 'would you like to link to (her)? You have 1 contact in common!,' wrote Michael Caputo, a literary agent from Massachussetts."

First time accepted submitter Trajan Przybylski writes "Google has just implemented new changes to its search pages in order to comply with the EU's Cookie Law, which aims to improve user privacy. Google is now showing a conspicuous banner with information about its use of cookies to all EU visitors accessing the site. This is despite the legislation attracting strong words of criticism from web developers, who believe the regulation to be harmful to the economy while offering no real improvement to online privacy and security problems. Google's move comes only 3 months after online activists announced the Cookie Law to be "dead" and is likely to reignite the heated debate about the controversial legislation."

gale the simple writes "Mike Rodgers made a minor splash Tuesday when he decided to liken CISPA opponents to 14-year-old basement dwellers. The EFF, naturally, picked up on this generalization and asked everyone to let the representative know that it is not just the 14-year-olds that care about privacy."

An anonymous reader writes "Amid rumors of an impending arrest in the Boston Marathon bombing, Xconomy has a rundown of local companies working on technologies relevant to the investigation and aftermath. The approaches include Web analytics to identify communication patterns, image and video analysis of the crime scene, surveillance camera hardware and software, and smart prosthetic devices for amputees. A big challenge the authorities face is the sheer volume and different proprietary formats of video from security cameras, mobile devices, and media groups. Ultimately this will be a case study in whether an individual bent on destruction can remain anonymous in an era of digital surveillance, social media, and crowdsourcing."

GovTechGuy writes "The House Energy and Commerce Committee passed legislation on Wednesday once again affirming the current management structure of the Web. In doing so, the lawmakers made one thing clear: the only government that should have its hands on the underpinnings of the Internet is the U.S. ' It affirms the importance of an Internet free from censorship and government control and codifies the existing management structure of the Internet. ... Notably, however, lawmakers dropped from the legislation the phrase “free from government control,” which had threatened to derail the April 11 markup by the Subcommittee on Communications and Technology. ... [Democrats argued] it could undermine the U.S. government’s ability to enforce existing — or future — laws online.'"

chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."

New submitter zayyd writes "The CBC reports that publicly-elected Gerry Rogers, member of the Provincial Government for Newfoundland and Labrador, 'has been removed from the house of assembly for refusing to apologize for comments made by other users on a Facebook group of which she had been added to as a member.' Rogers was unwillingly added to a Facebook Group which included comments of death threats aimed at Premier Kathy Dunderdale from other users. From the article: 'Dunderdale said her government understands how Facebook groups work, and she said it is up to every MHA to monitor the comments posted on Facebook groups to which they belong.' Facebook's policies for Groups are somewhat clear, even if they don't actually answer the question of 'Can I prevent people from adding me to a new group?'"

Pikoro writes with news that Foxconn's parent company has entered into an agreement to pay Microsoft royalties for every Android device they manufacture, joining a rather long list of companies licensing patents for Android/Linux from Microsoft. From the BBC: "Microsoft has secured a patent deal with the world's biggest consumer electronics manufacturer to receive fees for devices powered by Google's Android and Chrome operating systems. Hon Hai — the parent company of Foxconn — said the deal would help prevent its clients being caught up in an ongoing intellectual property dispute. Microsoft says that Google's code makes use of innovations it owns. Google alleges its rival's claims are based on 'bogus patents.' 'The patents at issue cover a range of functionality embodied in Android devices that are essential to the user experience, including: natural ways of interacting with devices by tabbing through various screens to find the information they need; surfing the web more quickly, and interacting with documents and e-books.'"

An anonymous reader sent in word that the Obama administration is threatening to veto CISPA in its current form because "The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information (PDF) when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable — and not granted immunity — for failing to safeguard personal information adequately. The Administration is committed to working with all stakeholders to find a workable solution to this challenge." Ars has a few more details, the EFF urges U.S. citizens to oppose the bill, and one of the sponsors tweeted that those opposed to the bill are basement dwelling fourteen-year-olds. Note that the Administration still wants there to be some kind of comprehensive data sharing law in the name of cybersecurity, so this may very well rear its head again in the coming months.

dcblogs writes "The U.S. Senate comprehensive immigration bill, due Tuesday, will allow the H-1B cap to rise from 65,000 to as high as 180,000. The bill, overall, contains some interesting provisions. It will require the U.S. Labor Dept. to create a website of H-1B job openings that employers must post to. The jobs must be posted least 30 calendar days before hiring an H-1B applicant to fill that position. The bill also raises wages for H-1B workers to make them more competitive, although the amount wasn't specified. One provision that will affect India, in particular, limits H-1B visa use to 50% of a firm's U.S. workforce. The provision may prompt India firms to buy U.S. companies to expand their U.S. presence."

ndogg writes "Mozilla is considering pulling TeliaSonera from its list of root certificate SSL providers. They have asked for comments on this on their mailing list. They're concerned about the use of the certificates by those governments for spying on its citizens, particularly in Azerbaijan, Kazakhstan, Georgia, Uzbekistan and Tajikistan — where TeliaSonera operates subsidiaries or is heavily invested. Mozilla's concern is that TeliaSonera has possibly issued certificates that allow hardline government servers to masquerade as legitimate websites — so-called man-in-the-middle attacks — and decrypt web traffic. This alleged activity would contradict Mozilla's policy against 'knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates.'"