Compare cell phone plans using Wirefly's innovative plan comparison tool ×
EU

EU Copyright Reform Proposes Search Engines Pay For Snippets (thestack.com) 58

An anonymous Slashdot reader reports that the European Commission "is planning reforms that would allow media outlets to request payment from search engines such as Google, for publishing snippets of their content in search results." The Stack reports: The working paper recommends the introduction of an EU law that covers the rights to digital reproduction of news publications. This would essentially make news publishers a new category of rights holders under copyright law, thereby ensuring that "the creative and economic contribution of news publishers is recognized and incentivized in EU law, as it is today the case for other creative sectors."
Iphone

Apple Fixes Three Zero Days Used In Targeted Attack (onthewire.io) 47

Trailrunner7 quotes a report from On The Wire: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them.

The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab, who recognized what they were looking at. "On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising ;new secrets' about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based 'cyber war' company that sells Pegasus, a government-exclusive "lawful intercept" spyware product," Citizen Lab said in a new report on the attack and iOS flaws.

Japan

Japanese Government Plans Cyber Attack Institute (thestack.com) 8

An anonymous reader quotes a report from The Stack: The government of Japan will create an institute to train employees to counter cyber attacks. The institute, which will be operational early next year, will focus on preventing cyber attacks on electrical systems and other infrastructure. The training institute, which will operate as part of Japan's Information Technology Promotion Agency (IPA), is the first center for training in Japan to focus on preventing cyber attacks.

A government source said that the primary aims will be preventing a large-scale blackout during the Tokyo Olympics and Paralympics in 2020, and stopping leaks of sensitive power plant designs. The source also stated that there is potential for a joint exercise in cyber awareness between the Japanese group and foreign cybersecurity engineers in the future.

Social Networks

'Social Media ID, Please?' Proposed US Law Greeted With Anger (computerworld.com) 145

The U.S. government announced plans to require some foreign travelers to provide their social media account names when entering the country -- and in June requested comments. Now the plan is being called "ludicrous," an "all-around bad idea," "blatant overreach," "desperate, paranoid heavy-handedness," "preposterous," "appalling," and "un-American," reports Slashdot reader dcblogs: That's just a sampling of the outrage. Some 800 responded to the U.S. request for comments about a proposed rule affecting people traveling from "visa waiver" countries to the U.S., where a visa is not required. This includes most of Europe, Singapore, Chile, Japan, South Korea, Australia and New Zealand... In a little twist of irony, some critics said U.S. President Obama's proposal for foreign travelers is so bad, it must have been hatched by Donald Trump.
"Travelers will be asked to provide their Twitter, Facebook, Instagram, LinkedIn, Google+, and whatever other social ID you can imagine to U.S. authorities," reports Computer World. "It's technically an 'optional' request, but since it's the government asking, critics believe travelers will fear consequences if they ignore it..."
DRM

BitTorrent Cases Filed By Malibu Media Will Proceed, Rules Judge 48

Long-time Slashdot reader NewYorkCountryLawyer writes: In the federal court for the Eastern District of New York, where all Malibu Media cases have been stayed for the past year, the Court has lifted the stay and denied the motion to quash in the lead case, thus permitting all 84 cases to move forward.

In his 28-page decision (PDF), Magistrate Judge Steven I. Locke accepted the representations of Malibu's expert, one Michael Patzer from a company called Excipio, that in detecting BitTorrent infringement he relies on "direct detection" rather than "indirect detection", and that it is "not possible" for there to be misidentification.
United States

HAARP Holds Open House To Dispel Rumors Of Mind Control (adn.com) 131

An anonymous Slashdot reader writes: HAARP -- the former Air Force/Navy/DARPA research program in Alaska -- will host an open house Saturday where "We hope to show people that it is not capable of mind control and not capable of weather control and all the other things it's been accused of..." said Sue Mitchell, spokesperson for the geophysical institute at the University of Alaska. "We hope that people will be able to see the actual science of it." HAARP, which was turned over to The University of Alaska last August, has been blamed for poor crop yields in Russia, with conspiracy theorists also warning of "a super weapon capable of mind control or weather control, with enough juice to trigger hurricanes, tornadoes and earthquakes."

The facility's 180 high-frequency antennas -- spread across 33 acres -- will be made available for public tours, and there will also be interactive displays and an unmanned aircraft 'petting zoo'. The Alaska Dispatch News describes it as "one of the world's few centers for high-power and high-frequency study of the ionosphere... important because radio waves used for communication and navigation reflect back to Earth, allowing long-distance, short-wave broadcasting."

Privacy

Eavesdropping On Tinder: Researcher Demonstrates Man-in-the-Middle Attacks (hert.org) 16

An anonymous Slashdot reader writes: Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, "Not only we can eavesdrop on the conversation of two strangers, we can also change their reality." The attack can easily be extended to SMS, Whatsapp, iMessage and voice.
"At some point people exchange phone numbers and the Tinder convo stops. That's not a problem..." Zboralski explains, suggesting more ways to continue the man-in-the-middle exploits..

His article drew a response from Tinder, arguing they "employ several manual and automated mechanisms" to deter fake and duplicate profiles. But while they're looking for ways to improve, "ultimately, it is unrealistic for any company to positively validate the real-world identity of millions of users while maintaining the commonly expected level of usability."
Microsoft

Apple, Facebook, IBM, and Microsoft Sign White House Pledge For Equal Pay (fortune.com) 263

In honor of Women's Equality Day, an anonymous reader shares with us a festive report from Fortune: More than two months after the White House first announced its Equal Pay Pledge for the private sector, Facebook, Apple, Microsoft and other major industry players have signed on. By taking the pledge, which was first introduced at the United State of Women Summit in June of this year, companies promise to help close the national gender pay gap, conduct annual, company-wide pay analyses, and review hiring and promotion practices. The new signees were announced in a White House statement on Friday -- which also happens to be Women's Equality Day, the anniversary of the ratification of the 19th amendment, which gave women the right to vote. Apple, which announced earlier this year that it has no pay gap, released a statement promising to dig even deeper into compensation. "We're now analyzing the salaries, bonuses, and annual stock grants of all our employees worldwide. If a gap exists, we'll address it," the company said in a statement. Twenty-nine companies signed the pledge on Friday, bringing the total number of signatories to 57. The pledge is part of a $50-million, White House-led initiative to expand opportunities for and improve the lives of women and girls. The consortium members issued a statement via Whitehouse.gov's press release: "The Employers for Pay Equity consortium is comprised of companies that understand the importance of diversity and inclusion, including ensuring that all individuals are compensated equitably for equal work and experience and have an equal opportunity to contribute and advance in the workplace. We are committed to collaborating to eliminate the national pay and leadership gaps for women and ethic minorities. Toward that end, we have come together to share best practices in compensation, hiring, promotion, and career development as well as develop strategies to support other companies' efforts in this regard. By doing so, we believe we can have a positive effect on our workforces that, in turn, makes our companies stronger and delivers positive economic impact." The consortium members include: Accenture, Airbnb, BCG, Care.com, CEB, Cisco, Deloitte, Dow, Expedia, EY, Glassdoor, GoDaddy, Jet.com, L'Oreal USA, Mercer, PepsiCo, Pinterest, Rebecca Minkoff, Salesforce, Spotify, Staples, Stella McCartney, and Visa.
United Kingdom

British Companies Are Selling Advanced Spy Tech To Authoritarian Regimes (vice.com) 56

An anonymous reader quotes a report from Motherboard: Since early 2015, over a dozen UK companies have been granted licenses to export powerful telecommunications interception technology to countries around the world, Motherboard has learned. Many of these exports include IMSI-catchers, devices which can monitor large numbers of mobile phones over broad areas. Some of the UK companies were given permission to export their products to authoritarian states such as Saudi Arabia, the United Arab Emirates, Turkey, and Egypt; countries with poor human rights records that have been well-documented to abuse surveillance technology. In 2015, the UK's Department for Business, Innovation and Skills (BIS) started publishing basic data about the exportation of telecommunications interception devices. Through the Freedom of Information Act, Motherboard obtained the names of companies that have applied for exportation licenses, as well as details on the technologies being shipped, including, in some cases, individual product names. The companies include a subsidiary of defense giant BAE Systems, as well as Pro-Solve International, ComsTrac, CellXion, Cobham, and Domo Tactical Communications (DTC). Many of these companies sell IMSI-catchers. IMSI-catchers, sometimes known as "Stingrays" after a particularly popular brand, are fake cell phone towers which force devices in their proximity to connect. In the data obtained by Motherboard, 33 licenses are explicitly marked as being for IMSI-catchers, including for export to Turkey and Indonesia. Other listings heavily suggest the export of IMSI-catchers too: one granted application to export to Iraq is for a "Wideband Passive GSM Monitoring System," which is a more technical description of what many IMSI-catchers do. In all, Motherboard received entries for 148 export license applications, from February 2015 to April 2016. A small number of the named companies do not provide interception capabilities, but defensive measures, for example to monitor the radio spectrum.
Android

Facebook's WhatsApp Data Gambit Faces Federal Privacy Complaint (vice.com) 92

Sam Gustin, writing for Motherboard: Facebook's decision to begin harvesting data from its popular WhatsApp messaging service provoked a social media uproar on Thursday, and prompted leading privacy advocates to prepare a federal complaint accusing the tech titan of violating US law. On Thursday morning, WhatsApp, which for years has dined out on its reputation for privacy and security, announced that it would begin sharing user phone numbers with its Menlo Park-based parent company in an effort "to improve your Facebook ads and products experiences." Consumer privacy advocates denounced the move as a betrayal of WhatsApp's one billion users -- users who had been assured by the two companies that "nothing would change" about the messaging service's privacy practices after Facebook snapped up the startup for a whopping $19 billion in 2014. "WhatsApp users should be shocked and upset," Claire Gartland, Consumer Protection Counsel at the Electronic Privacy Information Center, a leading US consumer advocacy group, told Motherboard. "WhatsApp obtained one billion users by promising that it would protect user privacy. Both Facebook and WhatsApp made very public promises that the companies would maintain a separation. Those were the key selling points of the deal."
AI

Amazon, NVIDIA and The CIA Want To Teach AI To Watch Us From Space (technologyreview.com) 59

An anonymous reader quotes a report from MIT Technology Review: Satellite operator DigitalGlobe is teaming up with Amazon, the venture arm of the CIA, and NVIDIA to make computers watch the Earth from above and automatically map our roads, buildings, and piles of trash. MIT Technology Review reports: "In a joint project, DigitalGlobe today released satellite imagery depicting the whole of Rio de Janeiro to a resolution of 50 centimeters. The outlines of 200,000 buildings inside the city's roughly 1,900 square kilometers have been manually marked on the photos. The SpaceNet data set, as it is called, is intended to spark efforts to train machine-learning algorithms to interpret high-resolution satellite photos by themselves. DigitalGlobe says the SpaceNet data set should eventually include high-resolution images of half a million square kilometers of Earth, and that it will add annotations beyond just buildings. DigitalGlobe's data is much more detailed than publicly available satellite data such as NASA's, which typically has a resolution of tens of meters. Amazon will make the SpaceNet data available via its cloud computing service. Nvidia will provide tools to help machine-learning researchers train and test algorithms on the data, and CosmiQ Works, a division of the CIA's venture arm In-Q-Tel focused on space, is also supporting the project." "We need to develop new algorithms for this data," says senior vice president at DigitalGlobe, Tony Frazier. He goes on to say that health and aid programs are to benefit from software that is able to map roads, bridges and various other infrastructure. The CEO of Descartes Labs, Mark Johnson, a "startup that predicts crop yields from public satellite images," says the data that is collected "should be welcome to startups and researchers," according to MIT Technology Review. "Potential applications could include estimated economic output from activity in urban areas, or guiding city governments on how to improve services such as trash collections, he says."
Crime

US Unveils Charges Against KickassTorrents, Names Two More Defendants (arstechnica.com) 110

A total of three men are said to be operators of file-sharing site KickassTorrents (KAT), according to U.S. prosecutors. Last month, federal authorities arrested the 30-year-old Ukrainian mastermind of KAT, Artem Vaulin, and formally charged him with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Two other Ukrainians were named in the new indictment (PDF): Levgen (Eugene) Kutsenko and Oleksander (Alex) Radostin. While only Vaulin has been arrested, bench warrants have been issue for the arrest of all three men. Ars Technica reports: "Prosecutors say the three men developed and maintained the site together and used it to 'generate millions of dollars from the unlawful distribution of copyright-protected media, including movies, [...] television shows, music, video games, computer software, and electronic books.' They gave out 'Reputation' and 'User Achievement' awards to users who uploaded the most popular files, including a special award for users who had uploaded more than 1,000 torrents. The indictment presents a selection of the evidence that the government intends to use to convict the men, and it isn't just simple downloads of the copyrighted movies. The government combed through Vaulin's e-mails and traced the bitcoins that were given to him via a 'donation' button."
Patents

Apple Patenting a Way To Collect Fingerprints, Photos of Thieves (appleinsider.com) 90

An anonymous reader quotes a report from Apple Insider: As published by the U.S. Patent and Trademark Office, Apple's invention covering "Biometric capture for unauthorized user identification" details the simple but brilliant -- and legally fuzzy -- idea of using an iPhone or iPad's Touch ID module, camera and other sensors to capture and store information about a potential thief. Apple's patent is also governed by device triggers, though different constraints might be applied to unauthorized user data aggregation. For example, in one embodiment a single failed authentication triggers the immediate capture of fingerprint data and a picture of the user. In other cases, the device might be configured to evaluate the factors that ultimately trigger biometric capture based on a set of defaults defined by internal security protocols or the user. Interestingly, the patent application mentions machine learning as a potential solution for deciding when to capture biometric data and how to manage it. Other data can augment the biometric information, for example time stamps, device location, speed, air pressure, audio data and more, all collected and logged as background operations. The deemed unauthorized user's data is then either stored locally on the device or sent to a remote server for further evaluation.
Communications

FCC Proposes 5G Cybersecurity Requirements, Asks For Industry Advice (fedscoop.com) 29

Presto Vivace quotes a report from FedScoop: "Cybersecurity issues must be addressed during the design phase for the entire 5G ecosystem, including devices. This will place a premium on collaboration among all stakeholders," said FCC chairman Tom Wheeler during a National Press Club event on June 20. "We continue to prefer an approach that emphasizes that industry develop cybersecurity standards just as we have done in wired networks." The FCC published a request Wednesday for comment on a new set of proposed 5G rules to the Federal Register focused on adding specific "performance requirements" for developers of example internet-connected devices. If a company hopes to secure a license to access higher-frequency 5G spectrum in the future then they will need to adhere to these specific requirements -- in other words, compliance is non-negotiable. Notably, these FCC "performance requirements" now include the submission of a network security plan. The report adds: "A quick review of the FCC's proposed 5G cybersecurity plan shows a six category split, organized by a companies' security approach, coordination efforts, standards and best practices, participation with standards bodies, other security approaches and plans with information sharing organizations. Security plans must be submitted to the commission at least six months before a 5G-ready product enters the market, according to the notice."
Government

Malware Sold To Governments Helped Them Spy on iPhones (washingtonpost.com) 31

One of the world's most evasive digital arms dealers is believed to have been taking advantage of three security vulnerabilities in popular Apple products in its efforts to spy on dissidents and journalists, reports The New York Times. (Editor's note: the link could be paywalled, here's an alternate source). From the report: Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target's mobile phone, was responsible for the intrusions. The NSO Group's software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user. In response, Apple on Thursday released a patched version of its mobile software, iOS 9.3.5. Users can get the patch through a normal software update.The Washington Post reports that these "zero-day" flaws were previously used by the governments to take over victims' phones by tricking them into clicking on a link to a text message. Motherboard says that this is the first time anyone has uncovered such an attack in the wild. "Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars."

Slashdot Top Deals