NASA

Getting NASA To Comply With Simple FOIA Requests Is a Nightmare (vice.com) 2

From a report on Motherboard: Freedom of Information Act requests are used by journalists, private citizens, and government watchdogs to acquire public documents from government agencies. FOIAing NASA, however, can be an exercise in futility. In one recent case, Motherboard requested all emails from a specific NASA email address with a specific subject line. Other government agencies have completed similar requests with no problems. NASA, however, said it was "unclear what specific NASA records you are requesting." Possibly the only way to be more specific is to knock on NASA's door and show them a printout of what an email is. JPat Brown, executive editor of public records platform MuckRock, explained similarly frustrating experiences with NASA. "Even in cases where we've requested specific contracts by name and number, NASA has claimed that our request was too broad, and added insult to injury with a form letter rejection that includes the sentence 'we are not required to hunt for needles in bureaucratic haystacks,'" Brown told Motherboard in an email. Brown added that NASA has refused to process records unless presented with a requester's home address, something that is not included in the relevant code; and makes it more difficult for requests to obtain 'media' status.
The Courts

Let Consumers Sue Companies (nytimes.com) 36

Richard Cordray, the director of the Consumer Financial Protection Bureau, writes: When a data breach at Home Depot in 2014 led to losses for banks nationwide, a group of banks filed a class-action lawsuit seeking compensation. Companies have the choice of taking legal action together. Yet consumers are frequently blocked from exercising the same legal right when they believe that companies have wronged them. That's because many contracts for products like credit cards and bank accounts have mandatory arbitration clauses that prevent consumers from joining group lawsuits, forcing them to go it alone. For example, a group lawsuit against Wells Fargo for secretly opening phony bank accounts was blocked by arbitration clauses that pushed individual consumers into closed-door proceedings. In 2010, the Consumer Financial Protection Bureau was authorized to study mandatory arbitration and write rules consistent with the study. After five years of work, we recently finalized a rule to stop companies from denying groups of consumers the option of going to court when they are treated unfairly. Opponents have unleashed attacks to overturn the rule, and the House just passed legislation to that end. Before the Senate decides whether to protect companies or consumers, it's worth correcting the record. First, opponents claim that plaintiffs are better served by acting individually than by joining a group lawsuit. This claim is not supported by facts or common sense. Our study contained revealing data on the results of group lawsuits and individual actions. We found that group lawsuits get more money back to more people. In five years of group lawsuits, we tallied an average of $220 million paid to 6.8 million consumers per year. Yet in the arbitration cases we studied, on average, 16 people per year recovered less than $100,000 total. It is true that the average payouts are higher in individual suits. But that is because very few people go through arbitration, and they generally do so only when thousands of dollars are at stake, whereas the typical group lawsuit seeks to recover small amounts for many people. Almost nobody spends time or money fighting a small fee on their own. As one judge noted, "only a lunatic or a fanatic sues for $30."
Bitcoin

Estonia Proposes Estcoin, a Government Backed Cryptocurrency, Issued Via an Initial Coin Offering After e-Residency Success (cityam.com) 18

Estonia is living up to its digital reputation and setting tongues wagging with its latest idea: its very own digital currency issued via an initial coin offering (ICO). From a report: The buzz word of the moment in the heady world of cyptocurrencies, ICOs, are being used to raise cash via a digital token that's issued to investors. What investors get back in return depends what the company offers, much like crowdfunding, but can be some sort of stake in the company or merely being able to use the blockchain-based software it's building. But what's on offer in a potential ICO of a nation state? That's exactly what Estonia wants to work out. The head of its innovative e-residency programme has said the country is considering what the issuance of "estcoin", the country's very own digital currency, would look like. In a blog post, Kaspar Korjus said: "Estcoins could be managed by the Republic of Estonia, but accessed by anyone in the world through its e-Residency programme and launched through an Initial Coin Offering (ICO)."
IOS

Popular Weather App AccuWeather Caught Sending User Location Data, Even When Location Sharing is Off (zdnet.com) 69

Zack Whittaker, reporting for ZDNet: Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing. AccuWeather is one of the most popular weather apps in Apple's app store, with a near perfect four-star rating and millions of downloads to its name. But what the app doesn't say is that it sends sensitive data to a firm designed to monetize user locations without users' explicit permission. Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn't have permission to access the device's precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours. That data can be correlated with public data to reveal an approximate location of a user's device. We independently verified the findings, and were able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router's MAC address and public data.
Privacy

Sonos Says Users Must Accept New Privacy Policy Or Devices May Cease To Function (zdnet.com) 225

An anonymous reader writes: Sonos has confirmed that existing customers will not be given an option to opt out of its new privacy policy, leaving customers with sound systems that may eventually "cease to function". It comes as the home sound system maker prepares to begin collecting audio settings, error data, and other account data before the launch of its smart speaker integration in the near future. A spokesperson for the home sound system maker told ZDNet that, "if a customer chooses not to acknowledge the privacy statement, the customer will not be able to update the software on their Sonos system, and over time the functionality of the product will decrease. The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function."
Bitcoin

Two-Factor Authentication Fail: Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency (nytimes.com) 64

Reader Cludge shares an NYT report: Hackers have discovered that one of the most central elements of online security -- the mobile phone number -- is also one of the easiest to steal. In a growing number of online attacks, hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim's phone number to a device under the control of the hackers. Once they get control of the phone number, they can reset the passwords on every account that uses the phone number as a security backup -- as services like Google, Twitter and Facebook suggest. "My iPad restarted, my phone restarted and my computer restarted, and that's when I got the cold sweat and was like, 'O.K., this is really serious,'" said Chris Burniske, a virtual currency investor who lost control of his phone number late last year. A wide array of people have complained about being successfully targeted by this sort of attack, including a Black Lives Matter activist and the chief technologist of the Federal Trade Commission. The commission's own data shows that the number of so-called phone hijackings has been rising. In January 2013, there were 1,038 such incidents reported; by January 2016, that number had increased to 2,658. But a particularly concentrated wave of attacks has hit those with the most obviously valuable online accounts: virtual currency fanatics like Mr. Burniske. Within minutes of getting control of Mr. Burniske's phone, his attackers had changed the password on his virtual currency wallet and drained the contents -- some $150,000 at today's values. Most victims of these attacks in the virtual currency community have not wanted to acknowledge it publicly for fear of provoking their adversaries. But in interviews, dozens of prominent people in the industry acknowledged that they had been victimized in recent months.
China

China Relaunches World's Fastest Train (fortune.com) 101

China has decided to relaunch the world's fastest train service following a fatal crash in 2011, where the high speed train service reduced its upper limit from its then-record holding 350 km/h (217 miles/hour) to 250-300 km/h (155-186 miles/hour). Fortune reports: Government-controlled website Thepaper.cn reported that seven pairs of bullet trains will be operating under the name "Fuxing," meaning rejuvenation, according to the South China Morning Post. The trains will once again run at 350 km/h, with a maximum speed of 400 km/h (248 mph). It is reported that the train service will boast a monitoring system that will automatically slow the trains in case of emergency. The Beijing-Shanghai line will begin operating on 21 September and will shorten the nearly 820 mile journey by an hour, to four hours thirty minutes. Nearly 600 million people use this route each year, providing a reported $1 billion in profits . Other routes include Beijing-Tianjin-Hebei, which will begin operation today.
Iphone

iPhone 8's 3D Face Scanner Will Work In 'Millionths of a Second' (phonearena.com) 146

According to a report by the Korea Herald, Apple's upcoming iPhone 8 will ditch the fingerprint identification in favor of 3D face recognition, which will work "in the millionths of a second." PhoneArena reports: The Samsung Galaxy series were among the first mainstream devices to feature iris recognition, but the speed and accuracy of the current technology leave a lot to be desired, and maybe that is why current phones ship with an eye scanner AND a fingerprint reader. The iPhone 8, on the other hand, is expected to make a full dive into 3D scanning. Both Samsung and Apple are rumored to have tried to implement a fingerprint scanner under the display glass, but failed as the technology was not sufficiently advanced. The new iPhone will also introduce 3D sensors on both its front and back for Apple's new augmented reality (AR) platform. This latest report also reveals that Apple will not use curved edges for its iPhone 8 screen, but will instead use a flat AMOLED panel. The big benefit of using AMOLED for Apple thus is not the curve, but its thinner profile compared to an LCD screen.
Bitcoin

Third Party Trackers On Web Shops Can Identify Users Behind Bitcoin Transactions (helpnetsecurity.com) 60

An anonymous reader quotes a report from Help Net Security: More and more shopping websites accept cryptocurrencies as a method of payment, but users should be aware that these transactions can be used to deanonymize them -- even if they are using blockchain anonymity techniques such as CoinJoin. Independent researcher Dillon Reisman and Steven Goldfeder, Harry Kalodner and Arvind Narayanan from Princeton University have demonstrated that third-party online tracking provides enough information to identify a transaction on the blockchain, link it to the user's cookie and, ultimately, to the user's real identity. "Based on tracking cookies, the transaction can be linked to the user's activities across the web. And based on well-known Bitcoin address clustering techniques, it can be linked to their other Bitcoin transactions," they noted. "We show that a small amount of additional information, namely that two (or more) transactions were made by the same entity, is sufficient to undo the effect of mixing. While such auxiliary information is available to many potential entities -- merchants, other counterparties such as websites that accept donations, intermediaries such as payment processors, and potentially network eavesdroppers -- web trackers are in the ideal position to carry out this attack," they pointed out.
Privacy

Meeting and Hotel Booking Provider's Data Found in Public Amazon S3 Bucket (threatpost.com) 37

Leaks of personal and business information from unsecured Amazon S3 buckets are piling up. From a report: The latest belongs to Groupize, a Boston-area business that sells tools to manage small group meetings as well as a booking engine that handles hotel room-block reservations. Researchers at Kromtech Security found a publicly accessible bucket containing business and personal data, including contracts and agreements between hotels, customers and Groupize, Kromtech said. The data included some credit card payment authorization forms that contained full payment card information including expiration data and CVV code. The researchers said the database stored in S3 contained numerous folders, below; one called "documents" held close to 3,000 scanned contracts and agreements, while another called all_leads had more than 3,100 spreadsheets containing critical Groupize business data including earnings. There were 37 other folders in the bucket containing tens of thousands of files, most of them storing much more benign data.
Google

Supreme Court Asked To Nullify the Google Trademark (arstechnica.com) 190

Is the term "google" too generic and therefore unworthy of its trademark protection? That's the question before the US Supreme Court. From a report: What's before the Supreme Court is a trademark lawsuit that Google already defeated in a lower court. The lawsuit claims that Google should no longer be trademarked because the word "google" is synonymous to the public with the term "search the Internet." "There is no single word other than google that conveys the action of searching the Internet using any search engine," according to the petition to the Supreme Court. It's perhaps one of the most consequential trademark case before the justices since they ruled in June that offensive trademarks must be allowed. The Google trademark dispute dates to 2012 when a man named Chris Gillespie registered 763 domain names that combined "google" with other words and phrase, including "googledonaldtrump.com."
Security

UK.gov To Treat Online Abuse as Seriously as Hate Crime in Real Life (theregister.co.uk) 283

The UK's Crown Prosecution Service has pledged to tackle online abuse with the same seriousness as it does hate crimes committed in the flesh. From a report: Following public concern about the increasing amount of racist, anti-religious, homophobic and transphobic attacks on social media, the CPS has today published a new set of policy documents on hate crime. This includes revised legal guidance for prosecutors on how they should make decisions on criminal charges and handle cases in court. The rules officially put online abuse on the same level as offline hate crimes -- defined as an action motivated by hostility or prejudice -- like shouting abuse at someone face-to-face. They commit the CPS to prosecuting complaints about online material "with the same robust and proactive approach used with online offending." Prosecutors are told to consider the effect on the wider community and whether to identify both the originators and the "amplifiers or disseminators."
Businesses

The Windows App Store is Full of Pirate Streaming Apps (torrentfreak.com) 96

Ernesto Van der Sar, reporting for TorrentFreak: When we were browsing through the "top free" apps in the Windows Store, our attention was drawn to several applications that promoted "free movies" including various Hollywood blockbusters such as "Wonder Woman," "Spider-Man: Homecoming," and "The Mummy." Initially, we assumed that a pirate app may have slipped past Microsoft's screening process. However, the 'problem' doesn't appear to be isolated. There are dozens of similar apps in the official store that promise potential users free movies, most with rave reviews. Most of the applications work on multiple platforms including PC, mobile, and the Xbox. They are pretty easy to use and rely on the familiar grid-based streaming interface most sites and services use. Pick a movie or TV-show, click the play button, and off you go. The sheer number of piracy apps in the Windows Store, using names such as "Free Movies HD," "Free Movies Online 2020," and "FreeFlix HQ," came as a surprise to us. In particular, because the developers make no attempt to hide their activities, quite the opposite.
Television

Plex Responds, Will Allow Users To Opt Out Of Data Collection (www.plex.tv) 86

stikves writes: This weekend Plex had announced they were implementing a new privacy policy, including removing the ability for opting out of data collection and sharing. Fortunately the backlash here, on their forums, Reddit, and other placed allowed them to offer a more sensible state, including bringing back opt-out, and anonymity of some of the data.
Plex CEO Keith Valory wrote Saturday that some information must be transferred just to provide the service -- for example, servers still check for updates, they have to determine whether a user has a premium Plex Pass, and "we have to provide accurate reporting to licensors for things like trailers and extras, photo tagging, lyrics, licensed codecs and so on... [W]e came to the conclusion that providing an 'opt out' in the set-up gives a false sense of privacy and feels disingenuous on our part. That is, even if you opted out, there is still a bunch of data we are collecting that we tried to call out as exceptions." But to address concerns about data collection, Plex will make new changes to their privacy policy: [I]n addition to providing the ability to opt out of crash reporting and marketing communications, we will provide you the ability to opt out of playback statistics for personal content on your Plex Media Server, like duration, bit rate, and resolution in a new privacy setting... we are going to "generalize" playback stats in order to make it impossible to create any sort of "fingerprint" that would allow anyone to identify a file in a library... Finally, in the new privacy tab in the server settings we will provide a full list of all product events data that we collect... Our intention here is to provide full transparency. Users will have one place where they can see what data is being collected and where they can opt out of playback data that they are not comfortable with."
And he emphasized that "we will never sell or share data related to YOUR content libraries."
Yahoo!

Alleged Yahoo Hacker Will Be Extradited To The US (tucson.com) 45

An anonymous reader quotes the AP: A Canadian man accused in a massive hack of Yahoo emails agreed Friday to forgo his extradition hearing and go face the charges in the United States. Karim Baratov was arrested in Hamilton, Ontario, in March under the Extradition Act after U.S. authorities indicted him and three others, including two alleged officers of Russia's Federal Security Service. They are accused of computer hacking, economic espionage and other crimes.

An extradition hearing for the 22-year-old Baratov had been scheduled for early September, but he signed documents before a Canadian judge Friday agreeing to waive it. His lawyer, Amedeo DiCarlo, said that does not amount to an admission of guilt... U.S. law enforcement officials call Baratov a "hacker-for-hire" paid by members of the Federal Security Service, or FSB, considered the successor to the KGB of the former Soviet Union.

Yahoo also believes that attack -- which breached at least 500 million Yahoo accounts in 2014 -- was perpetrated by "a state-sponsored actor." The CBC reports that Baratov lives alone in a large, new house in an expensive subdivision. "His parents either bought him the house," one neighbor told the CBC, "or he's getting money somewhere else, because he doesn't seem to work all day; he just drives up and down the street."

The CBC also reports that Baratov's Facebook page links to a Russian-language site "which claims to offer a number of services, including servers for rent in Russia, protection from distributed denial of service (DDoS) attacks, and domain names in China."

Slashdot Top Deals