Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Displays

Some Recyclers Give Up On Recycling Old Monitors And TVs (vice.com) 104

An anonymous reader writes: "In many cases, your old TV isn't recycled at all and is instead abandoned in a warehouse somewhere, left for society to deal with sometime in the future," reports Motherboard, describing the problem of old cathode-ray televisions and computer monitors with "a net negative recycling value" (since their component parts don't cover the cost of dismantling them). An estimated 705 million CRT TVs were sold in the U.S. since 1980, and many now sit in television graveyards, "an environmental and economic disaster with no clear solution." As much as 100,000 tons of potentially hazardous waste are stockpiled in two Ohio warehouses of the now-insolvent recycler Closed Loop, plus "at least 25,000 tons of glass and unprocessed CRTs in Arizona...much of it is sitting in a mountainous pile outside one of the warehouses."
One EPA report found 23,000 tons of lead-containing CRT glass abandoned in four different states just in 2013.
Privacy

Krebs: 'Men Who Sent SWAT Team, Heroin to My Home Sentenced' (krebsonsecurity.com) 88

An anonymous reader quotes KrebsOnSecurity: On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation.

Sergey Vovnenko, a.k.a. "Fly," "Flycracker" and "MUXACC1," pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information... A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368.

Separately, a judge in Washington, D.C. handed down a sentence of three year's probation to Eric Taylor, a hacker probably better known by his handle "Cosmo the God." Taylor was among several men involved in making a false report to my local police department at the time about a supposed hostage situation at our Virginia home. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as "swatting"... Taylor and his co-conspirators were able to dox so many celebrities and public officials because they hacked a Russian identity theft service called ssndob[dot]ru. That service in turn relied upon compromised user accounts at data broker giant LexisNexis to pull personal and financial data on millions of Americans.

Privacy

Used Cars Can Still Be Controlled By Their Previous Owners' Apps (wtkr.com) 81

An IBM security researcher recently discovered something interesting about smart cars. An anonymous reader quotes CNN: Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone... "The car is really smart, but it's not smart enough to know who its owner is, so it's not smart enough to know it's been resold," Henderson told CNNTech. "There's nothing on the dashboard that tells you 'the following people have access to the car.'" This isn't an isolated problem. Henderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device. At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them.

Manufacturers create apps to control smart cars -- you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years. That's because only the dealership that originally sold the car can see who has access and manually remove someone from the app.

It's also something to consider when buying used IoT devices -- or a smart home equipped with internet-enabled devices.
The Courts

Techdirt Asks Judge To Dismiss Another Lawsuit By That Guy Who Didn't Invent Email (arstechnica.com) 64

Three months ago Shiva Ayyadurai won a $750,000 settlement from Gawker (after they'd already gone bankrupt). He'd argued Gawker defamed him by mocking Ayyadurai's claim he'd invented email, and now he's also suing Techdirt founder Michael Masnick -- who is not bankrupt, and is fighting back. Long-time Slashdot reader walterbyrd quotes Ars Technica: In his motion, Masnick claims that Ayyadurai "is seeking to use the muzzle of a defamation action to silence those who question his claim to historical fame." He continues, "The 14 articles and 84 allegedly defamatory statements catalogued in the complaint all say essentially the same thing: that Defendants believe that because the critical elements of electronic mail were developed long before Ayyadurai's 1978 computer program, his claim to be the 'inventor of e-mail' is false"...

The motion skims the history of e-mail and points out that the well-known fields of e-mail messages, like "to," "from," "cc," "subject," "message," and "bcc," were used in ARPANET e-mail messages for years before Ayyadurai made his "EMAIL" program. Ayyadurai focuses on statements calling him a "fake," a "liar," or a "fraud" putting forth "bogus" claims. Masnick counters that such phrases are "rhetorical hyperbole" meant to express opinions and reminds the court that "[t]he law provides no redress for harsh name-calling."

The motion calls the lawsuit "a misbegotten effort to stifle historical debate, silence criticism, and chill others from continuing to question Ayyadurai's grandiose claims." Ray Tomlinson has been dead for less than a year, but in this fascinating 1998 article recalled testing the early email protocols in 1971, remembering that "Most likely the first message was QWERTYIOP."
Cellphones

Should International Travelers Leave Their Phones At Home? (freecodecamp.com) 399

Long-time Slashdot reader Toe, The sums up what he learned from freeCodeCamp's Quincy Larson: "Before you travel internationally, wipe your phone or bring/rent/buy a clean one." Larson's article is titled "I'll never bring my phone on an international flight again. Neither should you." All the security in the world can't save you if someone has physical possession of your phone or laptop, and can intimidate you into giving up your password... Companies like Elcomsoft make 'forensic software' that can suck down all your photos, contacts -- even passwords for your email and social media accounts -- in a matter of minutes.... If we do nothing to resist, pretty soon everyone will have to unlock their phone and hand it over to a customs agent while they're getting their passport swiped... And with this single new procedure, all the hard work that Apple and Google have invested in encrypting the data on your phone -- and fighting for your privacy in court -- will be a completely moot point.
The article warns Americans that their constitutional protections don't apply because "the U.S. border isn't technically the U.S.," calling it "a sort of legal no-man's-land. You have very few rights there." Larson points out this also affects Canadians, but argues that "You can't hand over a device that you don't have."
Security

RSA Conference Attendees Get Hacked (esecurityplanet.com) 52

The RSA Conference "is perhaps the world's largest security event, but that doesn't mean that it's necessarily a secure event," reports eSecurityPlanet. Scanning the conference floor revealed rogue access points posing as known and trusted networks, according to security testing vendor Pwnie Express. storagedude writes: What's worse, several attendees fell for these dummy Wi-Fi services that spoof well-known brands like Starbucks. The company also found a number of access points using outdated WEP encryption. So much for security pros...
At least two people stayed connected to a rogue network for more than a day, according to the article, and Pownie Express is reminding these security pros that connecting to a rogue network means "the attacker has full control of all information going into and out of the device, and can deploy various tools to modify or monitor the victim's communication."
Toys

German Government Tells Parents: Destroy This WiFi-Connected Doll (theverge.com) 109

It's illegal in Germany now to sell a talking doll named "My Friend Cayla," according to a story shared by Slashdot reader Bruce66423. And that's just the beginning. The Verge reports: A German government watchdog has ordered parents to "destroy" an internet-connected doll for fear it could be used as a surveillance device. According to a report from BBC News, the German Federal Network Agency said the doll (which contains a microphone and speaker) was equivalent to a "concealed transmitting device" and therefore prohibited under German telecom law... In December last year, privacy advocates said the toy recorded kids' conversations without proper consent, violating the Children's Online Privacy Protection Act.

Cayla uses a microphone to listen to questions, sending this audio over Wi-Fi to a third-party company that converts it to text. This is then used to search the internet, allowing the doll to answer basic questions, like "What's a baby kangaroo called?" as well as play games. In addition to privacy concerns over data collection, security researchers found that Cayla can be easily hacked. The doll's insecure Bluetooth connection can be compromised, letting a third party record audio via the toy, or even speak to children using its voice.

The Electronic Privacy Information Center has said toys like this "subject young children to ongoing surveillance...without any meaningful data protection standards." One researcher pointed out that the doll was accessible from up to 33 feet away -- even through walls -- using a bluetooth-enabled device.
The Courts

SAP License Fees Also Due For Indirect Users, Court Rules (networkworld.com) 111

SAP's licensing fees "apply even to related applications that only offer users indirect visibility of SAP data," according to a Thursday ruling by a U.K. judge. Slashdot reader ahbond quotes Network World: The consequences could be far-reaching for businesses that have integrated their customer-facing systems with an SAP database, potentially leaving them liable for license fees for every customer that accesses their online store. "If any SAP systems are being indirectly triggered, even if incidentally, and from anywhere in the world, then there are uncategorized and unpriced costs stacking up in the background," warned Robin Fry, a director at software licensing consultancy Cerno Professional Services, who has been following the case...

What's in dispute was whether the SAP PI license fee alone is sufficient to allow Diageo's sales staff and customers to access the SAP data store via the Salesforce apps, or whether, as SAP claims, those staff and customers had to be named as users and a corresponding license fee paid. On Thursday, the judge sided with SAP on that question.

Android

Congressman Calls For Probe Into Trump's Unsecured Android Phone (cnet.com) 464

An anonymous reader quotes a report from CNET: President Donald Trump regularly makes news because of his tweets. Now a congressman is making news because of the device the president reportedly uses to tweet. On Friday, Congressman Ted Lieu, a Democrat from Los Angeles, wrote a letter to the House Oversight Committee requesting an investigation into Trump's cybersecurity practices. In particular, he calls out Trump's apparent decision to keep using his personal Android phone instead of a secured phone the Secret Service issued him for his inauguration. The letter is also signed by 14 other members of Congress and calls for a public hearing to discuss the issues. "The device President Trump insists on using -- most likely the Samsung Galaxy S3 -- has particularly well documented vulnerabilities," the letter says. "The use of an unsecured phone risks the president of the United States being monitored by foreign or domestic adversaries, many of whom would be happy to hijack the president's prized Twitter account causing disastrous consequences for global security. Cybersecurity experts universally agree that an ordinary Android smartphone, which the president is reportedly using despite repeated warnings from the Secret Service, can be easily hacked."
Microsoft

Bill Gates: The Robot That Takes Your Job Should Pay Taxes (qz.com) 369

In a recent interview with Quartz, Bill Gates said he believes that governments should tax companies that use robots who are taking human jobs, as a way to at least temporarily slow the spread of automation and to fund other types of employment. The money gained from taxing robots could then be used to finance jobs taking care of elderly people or working with kids in schools -- jobs which humans are particularly well suited for. Quartz reports: [Gates] argues that governments must oversee such programs rather than relying on businesses, in order to redirect the jobs to help people with lower incomes. The idea is not totally theoretical: EU lawmakers considered a proposal to tax robot owners to pay for training for workers who lose their jobs, though on Feb. 16 the legislators ultimately rejected it. "You ought to be willing to raise the tax level and even slow down the speed" of automation, Gates argues. That's because the technology and business cases for replacing humans in a wide range of jobs are arriving simultaneously, and it's important to be able to manage that displacement. "You cross the threshold of job replacement of certain activities all sort of at once," Gates says, citing warehouse work and driving as some of the job categories that in the next 20 years will have robots doing them. You can watch Gates' remarks in a video here, or read the transcript embedded in Quartz' report.
Encryption

Researchers Discover Security Problems Under the Hood of Automobile Apps (arstechnica.com) 27

An anonymous reader quotes a report from Ars Technica: Malware researchers Victor Chebyshev and Mikhail Kuzin examined seven Android apps for connected vehicles and found that the apps were ripe for malicious exploitation. Six of the applications had unencrypted user credentials, and all of them had little in the way of protection against reverse-engineering or the insertion of malware into apps. The vulnerabilities looked at by the Kaspersky researchers focused not on vehicle communication, but on the Android apps associated with the services and the potential for their credentials to be hijacked by malware if a car owner's smartphone is compromised. All seven of the applications allowed the user to remotely unlock their vehicle; six made remote engine start possible (though whether it's possible for someone to drive off with the vehicle without having a key or RFID-equipped key fob present is unclear). Two of the seven apps used unencrypted user logins and passwords, making theft of credentials much easier. And none of the applications performed any sort of integrity check or detection of root permissions to the app's data and events -- making it much easier for someone to create an "evil" version of the app to provide an avenue for attack. While malware versions of these apps would require getting a car owner to install them on their device in order to succeed, Chebyshev and Kuzin suggested that would be possible through a spear-phishing attack warning the owner of a need to do an emergency app update. Other malware might also be able to perform the installation.
AI

EU Moves To Bring In AI Laws, But Rejects Robot Tax Proposal (newatlas.com) 71

An anonymous reader quotes a report from New Atlas: The European Parliament has voted on a resolution to regulate the development of artificial intelligence and robotics across the European Union. Based on a raft of recommendations drafted in a report submitted in January to the legal affairs committee, the proposed rules include establishing ethical standards for the development of artificial intelligence, and introducing an insurance scheme to cover liability for accidents involving driverless cars. Not every element in the broad-ranging report was accepted by the Parliament though, with a recommendation to institute a "robot tax" roundly rejected. The robot tax proposal was designed to create a fund that manages the repercussions and retraining of workers made redundant through the increased deployment of industrial and service robots. But those in the robotics industry were supportive of the Parliamentary rejection, with the International Federation of Robotics suggesting to Reuters a robot tax would have been harmful to the burgeoning industry, stifling innovation and competitiveness. The European Parliament passed the resolution comfortably with 396 votes to 123, with 85 abstentions.
Piracy

70 Percent of Young Swedish Men Are Video Pirates, Study Says (torrentfreak.com) 160

A new study from Sweden has found that just over half of all young people admit to obtaining movies and TV shows from the Internet without paying, a figure that rockets to 70 percent among young men, reports TorrentFreak, citing a study. From the report: According to figures just released by media industry consultants Mediavision, in January 2017 almost a quarter of all Swedes aged between 15 and 74 admitted either streaming or downloading movies from 'pirate' sites during the past month. Perhaps unsurprisingly, the tendency to do so is greater among the young. More than half of 15 to 24-year-olds said they'd used a torrent or streaming site during December. When concentrating that down to only young men in the same age group, the figure leaps to 70 percent.
The Courts

Your Personal Facebook Live Videos Can Legally End Up on TV (thememo.com) 141

Kitty Knowles, reporting for the Memo: Think you control what happens to your personal videos? Think again. One father who live-streamed his partner's labour on Facebook last May, has found out the hard way: he saw the birth of his son replayed on Good Morning America and numerous other media outlets. This week, he lost a high-profile court battle against the broadcasters. If you don't want this to happen to you, don't make the same mistakes. It's one thing wanting to share a life-changing moment with friends and family. But most would understand why Kali Kanongataa didn't want his child's birth aired for all to see. That hasn't however, stopped a US judge throwing out Kanongataa's copyright infringement case against the likes of the ABC, Yahoo, and Rodale, the company that publishes Women's Health. Apparently, the father-to-be realised his film was streaming publicly on social media about 30 minutes into recording, but decided to leave it that way. Media outlets broadcasting the clips have defended doing so on the terms of "fair use." Legally, "fair use" means that when pictures or videos are the focus of a major news story, selected footage can be used.Heads up, Facebook will soon release a video app for set-top boxes by Apple and Amazon to broadcast Live videos on the big screen.
Blackberry

BlackBerry Sued By Over 300 Former Employees (mobilesyrup.com) 72

An anonymous reader shares a report: BlackBerry is facing a class-action lawsuit from more than 300 former employees across Canada, according to a news release from law firm Nelligan O'Brien Payne LLP. The Waterloo, Ontario-based tech company is accused of denying employees their termination entitlements by transferring them to a partner company and, once they had accepted employment there, handed them resignation letters. The former employees were then allegedly given their final date of work. "BlackBerry's actions amount to a termination of the employees' employment," the law firm said. "This entitles these employees to statutory, common law, and/or contractual entitlements on termination."

Slashdot Top Deals