Crime

UK Wants To Criminalize Re-Identification of Anonymized User Data (bleepingcomputer.com) 120

An anonymous reader writes: European countries are currently implementing new data protection laws. Recently, despite leaving the European Union, the United Kingdom has expressed intent to implement the law called General Data Protection Regulation. As an extension, the UK wants to to ban re-identification (with a penalty of unlimited fines), the method of reversing anonymization, or pointing out the weakness of the used anonymisation process. One famous example was research re-identifying Netflix users from published datasets. By banning re-identification, UK follows the lead of Australia which is considering enacting similarly controversial law that can lead to making privacy research difficult or impossible. Privacy researchers express concerns about the effectiveness of the law that could even complicate security, a view shared by privacy advocates.
Movies

Disney Ditching Netflix Keeps Piracy Relevant (torrentfreak.com) 263

Yesterday, Disney announced its intent to pull its movies from Netflix and start its own streaming service. This upset many users across the web as the whole appeal of the streaming model becomes diluted when there are too many "Netflixes." TorrentFreak argues that "while Disney expects to profit from the strategy, more fragmentation is not ideal for the public" and that the move "keeps piracy relevant." From the report: Although Disney's decision may be good for Disney, a lot of Netflix users are not going to be happy. It likely means that they need another streaming platform subscription to get what they want, which isn't a very positive prospect. In piracy discussions, Hollywood insiders often stress that people have no reason to pirate, as pretty much all titles are available online legally. What they don't mention, however, is that users need access to a few dozen paid services, to access them all. In a way, this fragmentation is keeping the pirate ecosystems intact. While legal streaming services work just fine, having dozens of subscriptions is expensive, and not very practical. Especially not compared to pirate streaming sites, where everything can be accessed on the same site.
Privacy

Disney Sued For Allegedly Spying On Children Through 42 Gaming Apps (washingtonpost.com) 40

schwit1 shares a report from The Washington Post (Warning: may be paywalled; alternative source): The Walt Disney Co. secretly collects personal information on some of their youngest customers and shares that data illegally with advertisers without parental consent, according to a federal lawsuit filed late last week in California. The class-action suit targets Disney and three other software companies -- Upsight, Unity and Kochava -- alleging that the mobile apps they built together violate the law by gathering insights about app users across the Internet, including those under the age of 13, in ways that facilitate "commercial exploitation."

The plaintiffs argue that Disney and its partners violated COPPA, the Children's Online Privacy Protection Act, a federal law designed to protect the privacy of children on the Web. The lawsuit, filed in U.S. District Court for the District of Northern California, seeks an injunction barring the companies from collecting and disclosing the data without parental consent, as well as punitive damages and legal fees. The lawsuit alleges that Disney allowed the software companies to embed trackers in apps such as "Disney Princess Palace Pets" and "Where's My Water? 2." Once installed, tracking software can then "exfiltrate that information off the smart device for advertising and other commercial purposes," according to the suit. Disney should not be using those software development companies, said Jeffrey Chester, the executive director of the Center for Digital Democracy. "These are heavy-duty technologies, industrial-strength data and analytic companies whose role is to track and monetize individuals," Chester said. "These should not be in little children's apps."
Disney responded to the lawsuit, saying: "Disney has a robust COPPA compliance program, and we maintain strict data collection and use policies for Disney apps created for children and families. The complaint is based on a fundamental misunderstanding of COPPA principles, and we look forward to defending this action in court."
The Internet

Maybe Americans Don't Need Fast Home Internet Service, FCC Suggests (arstechnica.com) 377

An anonymous reader shares an excerpt from a report via Ars Technica: Americans might not need a fast home Internet connection, the Federal Communications Commission suggests in a new document. Instead, mobile Internet via a smartphone might be all people need. The suggestion comes in the FCC's annual inquiry into broadband availability. Section 706 of the Telecommunications Act requires the FCC to determine whether broadband (or more formally, "advanced telecommunications capability") is being deployed to all Americans in a reasonable and timely fashion. If the FCC finds that broadband isn't being deployed quickly enough to everyone, it is required by law to "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market."

The FCC found during George W. Bush's presidency that fast Internet service was being deployed in a reasonable and timely fashion. But during the Obama administration, the FCC determined repeatedly that broadband isn't reaching Americans fast enough, pointing in particular to lagging deployment in rural areas. These analyses did not consider mobile broadband to be a full replacement for a home (or "fixed") Internet connection via cable, fiber, or some other technology. Last year, the FCC updated its analysis with a conclusion that Americans need home and mobile access. Because home Internet connections and smartphones have different capabilities and limitations, Americans should have access to both instead of just one or the other, the FCC concluded under then-Chairman Tom Wheeler.
The report goes on to add that with Republican Ajit Pai as chairman of the FCC, "the FCC seems poised to change that policy by declaring that mobile broadband with speeds of 10Mbps downstream and 1Mbps upstream is all one needs." Furthermore, "In doing so, the FCC could conclude that broadband is already being deployed to all Americans in a reasonable and timely fashion, and thus the organization would take fewer steps to promote deployment and competition."
Privacy

Prison Time For Manager Who Hacked Ex-Employer's FTP Server, Email Account (bleepingcomputer.com) 37

Catalin Cimpanu, writing for BleepingComputer: Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company's FTP server and the email account of one of his former colleagues. Needham did all the hacking after he left his former employer, Allen & Hoshall (A&H), a design and engineering firm for which he worked until 2013. Needham left to create his own company named HNA Engineering together with a business partner. HNA is also a design and engineering firm. According to court documents obtained by Bleeping Computer, between May 2014 and March 2016, Needham hacked into the email account of one of his former co-workers. From this account, the FBI says Needham took sensitive business information, company fee structures, marketing plans, project proposals, and lists of credentials for A&H's FTP server. A&H rotated its FTP credentials every six months, but Needham acquired new logins from his former colleague's email account.
Privacy

In Less Than Five Years, 45 Billion Cameras Will Be Watching Us (fastcompany.com) 85

An anonymous reader writes: It was a big deal for many when Apple added a second camera to the back of the iPhone 7 Plus last year. In five years, that will be considered quaint. By then, smartphones could sport 13 cameras, allowing them to capture 360-degree, 3D video; create complex augmented reality images onscreen; and mimic with digital processing the optical zoom and aperture effects of an SLR. That's one of the far-out, but near-term, predictions in a new study by LDV Capital, a VC firm that invests in visual technologies such as computer vision. It polled experts at its own portfolio companies and beyond to predict that by 2022, the total number of cameras in the world will reach about 45 billion. Jaw-dropping as that figure is, it doesn't seem so crazy when you realize that today there are already about 14 trillion cameras in the world, according to data from research firms such as Gartner. Next to phones, other camera-hungry products will include robots (including autonomous cars), security cameras, and smart home products like the new Amazon Echo Show, according to LDV. UPDATE: Story has been updated to reflect the updates made to The Fast Company article. The outreach figures are 45 billion cameras by 2022, not trillion.
Canada

An Image Site Is Victimizing Countless Women and Little Can Be Done (vice.com) 271

Allison Tierney, reporting for Vice: An international anonymous photo-sharing site where people post explicit photos without consent is playing host to the victimization of countless women. In the Canadian section of Anon-IB alone, there are currently over a hundred threads -- often organized by region, city, or calling out for nudes of a specific woman to be posted publicly. "Hamilton hoes," "Nanaimo Thread!," and "Markham wins" are some titles of Canadian threads. (Language used on the site equates the word "win" with sexually explicit photos of women.) Many major Canadian cities are represented on the site, and some threads even focus on women from specific schools. While it's a crime to share an "intimate image" of a person without their consent in Canada, sites that host this kind of activity don't necessarily fall under this. "[In terms of organizing content], is it criminal? No. Is it illegal? No," Toronto-based lawyer Jordan Donich, of Donich Law, told VICE. "It's a newer version of an older problem -- sites like these have been around for a long time." Anon-IB is not a new site; its current domain was registered to a "private person" in 2015 and ends in an ".ru." However, the site was initially up several years before 2015, going offline briefly in 2014.
Google

Google May Be In Trouble For Firing James Damore (inc.com) 1016

Google fired engineer James Damore after he wrote a 10-page document about "Google's Ideological Echo Chamber." taustin writes from a report via Inc. about the potential legal trouble the company may face from firing the "anti-diversity" engineer: Whether Demore is right or wrong, whether one agrees with him or not, Google may have legal trouble for firing him. Employees are protected by federal law when they discuss working conditions with other employees (and this was an internal memo). His memo could be considered whistleblowing, which is also protected (and it is very clear that he was fired as retribution). And, in California, political opinions are protected in the work place as well. Just because one side is wrong doesn't mean the other side is right.
Earth

Leaked Federal Climate Report Finds Link Between Climate Change, Human Activity (washingtonpost.com) 450

An anonymous reader shares a report from The New York Times (Warning: source may be paywalled; alternative source): The average temperature in the United States has risen rapidly and drastically since 1980, and recent decades have been the warmest of the past 1,500 years, according to a sweeping federal climate change report awaiting approval by the Trump administration. The draft report by scientists from 13 federal agencies, which has not yet been made public, concludes that Americans are feeling the effects of climate change right now. It directly contradicts claims by President Trump and members of his cabinet who say that the human contribution to climate change is uncertain, and that the ability to predict the effects is limited. "Evidence for a changing climate abounds, from the top of the atmosphere to the depths of the oceans," a draft of the report states. A copy of it was obtained by The New York Times. The authors note that thousands of studies, conducted by tens of thousands of scientists, have documented climate changes on land and in the air. "Many lines of evidence demonstrate that human activities, especially emissions of greenhouse (heat-trapping) gases, are primarily responsible for recent observed climate change," they wrote. The report was completed this year and is a special science section of the National Climate Assessment, which is congressionally mandated every four years. The National Academy of Sciences has signed off on the draft report, and the authors are awaiting permission from the Trump administration to release it. "The report concludes that even if humans immediately stopped emitting greenhouse gases into the atmosphere, the world would still feel at least an additional 0.50 degrees Fahrenheit (0.30 degrees Celsius) of warming over this century compared with today," reports The New York Times. "The projected actual rise, scientists say, will be as much as 2 degrees Celsius." Given the Trump administration's stance on climate change, some of the scientists who worked on the report are concerned that the report will be suppressed.
Security

The Man Who Wrote the Password Rules Regrets Doing So (gizmodo.com) 239

New submitter cdreimer writes: According to a report in The Wall Street Journal (Warning: source may be paywalled, alternative source), the author behind the U.S. government's password requirements regrets wasting our time on changing passwords so often. From the report: "The man who wrote the book on password management has a confession to make: He blew it. Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of 'NIST Special Publication 800-63. Appendix A.' The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers -- and to change them regularly. The document became a sort of Hammurabi Code of passwords, the go-to guide for federal agencies, universities and large companies looking for a set of password-setting rules to follow. The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn't keep the hackers at bay. Also off the mark: demanding a letter, number, uppercase letter and special character such as an exclamation point or question mark -- a finger-twisting requirement." "Much of what I did I now regret," Bill Burr told The Wall Street Journal. "In the end, [the list of guidelines] was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree."
The Military

North Korea Now Making Missile-Ready Nuclear Weapons, US Analysts Say (washingtonpost.com) 338

schwit1 shares a report from The Washington Post: North Korea has successfully produced a miniaturized nuclear warhead that can fit inside its missiles, crossing a key threshold on the path to becoming a full-fledged nuclear power, U.S. intelligence officials have concluded in a confidential assessment. The new analysis completed last month by the Defense Intelligence Agency comes on the heels of another intelligence assessment that sharply raises the official estimate for the total number of bombs in the communist country's atomic arsenal. The U.S. calculated last month that up to 60 nuclear weapons are now controlled by North Korean leader Kim Jong Un. Some independent experts believe the number of bombs is much smaller. "The IC [intelligence community] assesses North Korea has produced nuclear weapons for ballistic missile delivery, to include delivery by ICBM-class missiles," the assessment states, in an excerpt read to The Washington Post. "It is not yet known whether the reclusive regime has successfully tested the smaller design, although North Korea officially last year claimed to have done so," reports The Washington Post.
Businesses

US To Review Qualcomm's Complaints About Apple iPhone Patents (reuters.com) 35

U.S. trade officials have agreed to investigate Qualcomm's allegations that Apple Inc infringed on patents with its iPhone7 and other devices, the U.S. International Trade Commission said on Tuesday. From a report: The ITC will make its decision "at the earliest practicable time" and will set a target date for completing its investigation within the next 45 days, the commission said in a statement. Qualcomm filed the complaint in early July, asking U.S. trade regulators to ban certain models of the iPhone that contain so-called broadband modem chips, which help phones connect to wireless data networks, that were not made by Qualcomm. Apple began using broadband modem chips made by Intel Corp in the iPhone 7. Qualcomm has not alleged that Intel chips violate its patents but says the way Apple uses them in the iPhone does.
Businesses

Top VPN Provider Accused of Sharing Customer Traffic With Online Advertisers (bleepingcomputer.com) 55

Catalin Cimpanu, reporting for BleepingComputer: On Monday, the Center for Democracy & Technology (CDT) -- a US-based privacy group -- filed a complaint with the US Federal Trade Commission (FTC) accusing one of today's largest VPN providers of deceptive trade practices. In a 14-page complaint, the CDT accuses AnchorFree -- the company behind the Hotspot Shield VPN -- of breaking promises it made to its users by sharing their private web traffic with online advertisers for the purpose of improving the ads shown to its users. In its complaint to the FTC, the CDT is not accusing Anchor Free of secretly injecting ads, as users are well aware of this practice, but of not respecting promises made to its customers. More specifically, the CDT says that AnchorFree does not respect a pledge made in marketing materials that it won't track or sell customer information.
The Internet

Indian ISPs Appear To Be Blocking Access To Internet Archive (bit.ly) 24

An anonymous reader writes: Several Internet service providers in India have blocked access to Internet Archive -- a non-profit organisation that runs Wayback Machine, a massive archive of webpages dating back to over a decade -- Indian outlet NDTV reported Tuesday. Some subscribers of Airtel, Aircel, and Act Internet, among other carriers, are seeing a DoT notification when they attempt to access Internet Archive. The notification reads, 'Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India.' Popularly known as time-warping tool, Internet Archive's Way Back Machine has made copies of over three billion pages over the years. In the age of ephemeral media, Way Back Machine has become a cultural phenomenon, serving as a permanent registrar of popular websites and other webpages.
Privacy

Game of Thrones Hackers Demand Ransom (bbc.com) 70

An anonymous reader shares a report: Hackers who have leaked Game of Thrones scripts and other data from entertainment company HBO have released a note demanding a ransom payment. In a new dump, they also published a script for the as yet unbroadcast fifth episode of the current series. Company documents and video episodes of other HBO shows were also shared. The hackers claim to have 1.5TB of data in total, but HBO has said it does not believe its email system has been compromised. Documents in the latest leak were marked "HBO is falling," according to the Wired news site, and included legal information, employment agreements and other company files. The Associated Press reports that some documents appeared to contain personal contact information for Game of Thrones actors.
Security

Forget the Russians: Corrupt, Local Officials Are the Biggest Threat To Elections (securityledger.com) 287

chicksdaddy writes: Do you think that shadowy Russian hackers are the biggest threat to the integrity of U.S. elections? Think again. It turns out the bad actors in U.S. elections may be a lot more "Senator Bedfellow" than "Fancy Bear," according to Bev Harris, the founder of Black Box Voting. "It's money," Harris told The Security Ledger. "There's one federal election every four years, but there are about 100,000 local elections which control hundreds of billions of dollars in contract signings." Those range from waste disposal and sanitation to transportation."There are 1,000 convictions every year for public corruption," Harris says, citing Department of Justice statistics. "Its really not something that's even rare in the United States." We just don't think that corruption is a problem, because we rarely see it manifested in the ways that most people associate with public corruption, like violence or having to pay bribes to receive promised services, Harris said. But it's still there.

How does the prevalence of public corruption touch election security? Exactly in the way you might think. "You don't know at any given time if the people handling your votes are honest or not," Harris said. "But you shouldn't have to guess. There should be a way to check." And in the decentralized, poorly monitored U.S. elections system, there often isn't. At the root of our current problem isn't (just) vulnerable equipment, it's also a shoddy "chain of custody" around votes, says Eric Hodge, the director of consulting at Cyber Scout, which is working with the Board of Elections in Kentucky and in other states to help secure elections systems. That includes where and how votes are collected, how they are moved and tabulated and then how they are handled after the fact, should citizens or officials want to review the results of an election. That lack of transparency leaves the election system vulnerable to manipulation and fraud, Harris and Hodge argue.

Patents

'Podcasting Patent' Is Totally Dead, Appeals Court Rules (arstechnica.com) 30

A federal appeals court affirmed the April 2015 inter partes review (IPR) ruling -- a process that allows anyone to challenge a patent's validity at the U.S. Patent and Trademark Office -- that invalidated the so-called "podcasting patent." "That process was held by a company called Personal Audio, which had threatened numerous podcasts with lawsuits in recent years," reports Ars Technica. From the report: Back in 2013, Personal Audio began sending legal demand letters to numerous podcasters and companies, like Samsung, in an apparent attempt to cajole them into a licensing deal, lest they be slapped with a lawsuit. Some of those efforts were successful: in August 2014, Adam Carolla paid about $500,000. As Personal Audio began to gain more public attention, the Electronic Frontier Foundation, however, stepped in and said that it would challenge Personal Audio's US Patent No. 8,112,504, which describes a "system for disseminating media content representing episodes in a serialized sequence." In the end, EFF raised over $76,000, more than double its initial target.

[T]he history of Personal Audio dates to the late 1990s, when founder Jim Logan created a company seeking to create a kind of proto-iPod digital music player. But his company flopped. Years later, Logan turned to lawsuits to collect money from those investments. He sued companies over both the "episodic content" patent, as well as a separate patent, which Logan and his lawyers said covered playlists. He and his lawyers wrung verdicts or settlements from Samsung and Apple.

Businesses

Can Elon Musk Be Weaned Off Government Support? (thehill.com) 269

mi shares an opinion piece written by Jenny Beth Martin via The Hill: A study published in 2015 by The Los Angeles Times revealed that just three of Musk's ventures -- SolarCity Corp. (which manufactured and installed solar energy systems before its 2016 merger with Tesla Motors Inc.), Tesla Motors Inc. (which manufactures electric vehicles), and Space Exploration Technologies Corp., known as SpaceX (which builds rocket ships) -- had received $4.9 billion in government subsidies to that point in time. By now, Musk's various ventures have sucked well over $5 billion from government coffers. Worse: in order to induce car buyers to spend their money on electric vehicles, the federal government offers a $7,500 rebate on the purchase price. Some states enhance that rebate with rebates of their own. In California, for instance, purchasers of electric vehicles get a state-funded rebate of $2,500 more.

Slashdot reader mi asks: "Why are you and I subsidizing Elon Musk's products and when will his businesses be able to compete on their own?"

Cellphones

Ask Slashdot: Are My Drone Apps Phoning Home? 132

Slashdot reader bitwraith noticed something suspicious after flying "a few cheap, ready-to-fly quadcopters" with their smartphone apps, including drones from Odyssey and Eachine. I often turn off my phone's Wi-Fi support before plugging it in to charge at night, only to discover it has mysteriously turned on in the morning. After checking the Wi-Fi Control History on my S7, it appears as though the various cookie-cutter apps for these drones wake up to phone home in the night after they are opened, while the phone is charging. I tried contacting the publisher of the Odyssey VR app, with no reply.

I would uninstall the app, but then how would I fly my drone? Why did Google grant permission to control Wi-Fi state implicitly to all apps, including these abusers? Are the apps phoning home to report my flight history?

The original submission asks about similar experiences from other drone-owning Slashdot users -- so leave your best answers in the comments. What's making this phone wake up in the night?

Are the drone apps phoning home?
United States

Net Neutrality Rollback Faces New Criticism From US Congress -- And 16 Million Comments (techcrunch.com) 147

An anonymous reader quotes TechCrunch's newest update on the FCC's attempt to gut net neutrality protections: 10 Representatives who helped craft the law governing the FCC itself have submitted an official comment on the proposal ruthlessly dismantling it... The FCC is well within its rights to interpret the law, and it doesn't have to listen to contrary comments from the likes of you and me. It does, however, have to listen to Congress -- "congressional intent" is a huge factor in determining whether an interpretation of the law is reasonable. And in the comment they've just filed, Representatives Pallon, Doyle et al. make it very clear that their intent was and remains very different from how the FCC has chosen to represent it.

"The law directs the FCC to look at ISP services as distinct from those services that ride over the networks. The FCC's proposal contravenes our intent... While some may argue that this distinction should be abandoned because of changes in today's market, that choice is not the FCC's to make. The decision remains squarely with those of us in Congress -- and we have repeatedly chosen to leave the law as it is."

In another letter Thursday, 15 Congressmen asked FCC Chairman Ajit Pai to extend the time period for comments. They note the proposed changes have received more than 16 million comments, more than four times the number of comments on any previous FCC item. The Hill reports that the previous record was 4 million comments -- during the FCC's last net neutrality proceeding in 2014 -- and "the lawmakers also noted that the comment period for approving net neutrality in 2014 was 60 days. Pai has only allowed a 30-day comment period for his plan to rollback the rules."
The Military

A US Spy Plane Has Been Flying Circles Over Seattle For Days (thedrive.com) 232

turkeydance shares Thursday's report from The Drive: A very unique U.S. Air Force surveillance aircraft has been flying highly defined circles over Seattle and its various suburbs for nine days now... The aircraft, which goes by the callsign "SPUD21" and wears a nondescript flat gray paint job with the only visible markings being a U.S. Air Force serial on its tail, is a CASA CN-235-300 transport aircraft that has been extensively modified... It is covered in a dizzying array of blisters, protrusions, humps and bumps. These include missile approach warning detectors and large fairings on its empennage for buckets of forward-firing decoy flares, as well as both microwave -- the dome antenna behind the wing and flat antenna modification in front of the wing -- and ultra high-frequency satellite communications -- the platter-like antenna behind the dome antenna. A communications intelligence suite also appears to be installed on the aircraft, with the antenna farm on the bottom of its fuselage being a clear indication of such a capability. But what's most interesting is the aircraft's apparent visual intelligence gathering installation...

This particular CN-235, with the serial 96-6042, is one of six that researchers commonly associated with the Air Force's top secret 427th Special Operations Squadron... The 427th occupies the same space with a host of other "black" U.S. military aviation elements, most of which are affiliated to some degree with Joint Special Operations Command and the Intelligence Community... [I]f the military placed the aircraft under civilian control to some degree and with an appropriate legal justification, the U.S. military could possibly fly it in support of a domestic operation or one focused on a foreign suspect or organization operating within the United States... It's also entirely possible, if not probable, that the aircraft could be involved in a realistic training exercise rather than an actual operation... The area could have simply provided a suitable urban area to test existing or new surveillance technologies, too, though this could spark serious privacy concerns if true.

Friday an Air Force Special Operations Command public affairs officer confirmed that the plane was one of theirs, describing its activity as "just a training mission," according to Russia Today.
Government

'Elon Musk's Hyperloop Is Doomed For the Worst Reason' (bloomberg.com) 304

schwit1 quotes a Bloomberg column by Virginia Postrel: What makes Musk's Hyperloop plan seem like fantasy isn't the high-tech part. Shooting passengers along at more than 700 miles per hour seems simple -- engineers pushed 200 miles-per-hour in a test this week -- compared to building a tunnel from New York to Washington. And even digging that enormously long tunnel -- twice as long as the longest currently in existence -- seems straightforward compared to navigating the necessary regulatory approvals... The eye-rolling comes less from the technical challenges than from the bureaucratic ones.

With his premature declaration, Musk is doing public debate a favor. He's reminding us of what the barriers to ambitious projects really are: not technology, not even money, but getting permission to try. "Permits harder than technology," Musk tweeted after talking with Los Angeles mayor Eric Garcetti about building a tunnel network. That's true for the public sector as well as the private... SpaceX and its commercial-spaceflight competitors can experiment because Congress and President Barack Obama agreed to protect them from Federal Aviation Administration standards. usk is betting that his salesmanship will have a similar effect on the ground. He's trying to get the public so excited that the political pressures to allow the Hyperloop to go forward become irresistible. He seems to believe that he can will the permission into being. If he succeeds, he'll upend not merely intercity transit but the bureaucratic process by which things get built. That would be a true science-fiction scenario.

The Courts

Who's Profiting From The WannaCry Ransoms? (cnn.com) 31

CNN reports: For months, the ransom money from the massive WannaCry cyberattack sat untouched in online accounts. Now, someone has moved it. More than $140,000 worth of digital currency bitcoin has been drained from three accounts linked to the ransomware virus that hit hundreds of thousands of computers around the world in May.
Meanwhile, a Ukrainian law firm wants NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, said to be the point of origin of the NotPetya ransomware outbreak. An anonymous reader quotes BleepingComputer: The NotPetya ransomware spread via a trojanized M.E.Doc update, according to Microsoft, Bitdefender, Kaspersky, Cisco, ESET, and Ukrainian Cyber Police. A subsequent investigation revealed that Intellect-Service had grossly mismanaged the hacked servers, which were left without updates since 2013 and were backdoored on three different occasions... The Juscutum Attorneys Association says that on Tuesday, Ukrainian Cyber Police confirmed that M.E.Doc servers were backdoor on three different occasions in an official document. The company is now using this document as the primary driving force behind its legal action.
The law firm says victims must pay all of the court fees -- and give them 30% of any awarded damages.
Censorship

Syrian Open Source Developer Bassel Khartabil Believed Executed (www.cbc.ca) 150

TheSync writes: The Syrian open source developer, blogger, entrepreneur, hackerspace founder, and free culture advocate Bassell Khartabil was swept up in a wave of military arrests in March 2012. A CBC report states that his wife wrote on Facebook late Tuesday that she has received confirmation that security services executed Khartabil in October 2015 after torturing him in prison. Before his arrest, his most recent work included a 3D virtual reconstruction of the ancient city of Palmyra in Syria.
At the time of his arrest, Khartabi was 30 years old -- after which he started a blog called "MeInSyrianJail" and a Twitter account called "Live from my cell." Though he spent the last three and half years of his life in prison, he once tweeted that "Jail is not walls, not the executioner and guards. It is the hidden fear in our hearts that makes us prisoners." The latest tweet on his feed says "Rest in power our friend."

Thursday the Creative Commons nonprofit described the developer as "our friend and colleague," and announced the Bassel Khartabil Memorial Fund, "which will support projects in the spirit of Bassel's work."
Chrome

Browser Extensions Are Undermining Privacy (vortex.com) 82

pizzutz writes: Chrome's popular Web Developer plugin was briefly hijacked on Wednesday when an attacker gained control of the author's Google account and released a new version (0.49) which injected ads into web pages of more than a million users who downloaded the update. The version was quickly replaced with an uncompromised version (0.5) and all users are urged to update immediately.
Lauren Weinstein has a broader warning: While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained. Ironically, some of these add-on extensions and apps claim to be providing more security, while actually undermining the intrinsic security of the browsers themselves. Others (and this is an extremely common scenario) claim to be providing additional search or shopping functionalities, while actually only existing to silently collect and sell user browsing activity data of all sorts.
Lauren also warns about sites that "push users very hard to install these privacy-invasive, data sucking extensions" -- and believes requests for permissions aren't a sufficient safeguard for most users. "Expecting them to really understand what these permissions mean is ludicrous. We're the software engineers and computer scientists -- most users aren't either of these. They have busy lives -- they expect our stuff to just work, and not to screw them over."
Bug

The NSA Intercepted Microsoft's Windows Bug Reports (schneier.com) 52

Bruce Schneier writes on his security blog: Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports... "When Tailored Access Operations selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft... this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer..."

The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit?

The Courts

Volkswagen Executive Faces Jail Time After Guilty Plea (arstechnica.com) 135

An anonymous reader quotes Ars Technica: A former Volkswagen executive has pleaded guilty to two charges related to the company's diesel emissions scandal. He is the second VW Group employee to do so, following retired engineer James Liang pleading guilty last summer. The VW Group executive, Oliver Schmidt, was based outside of Detroit and was in charge of emissions compliance for Volkswagen in the years before the company was caught using illegal software to cheat on federal emissions tests.

Schmidt, a German citizen who was 48 when he was arrested in Miami in January on vacation, was originally charged with 11 felony counts. In accepting a plea deal from US federal officials, Schmidt will only plead guilty to two charges: conspiracy to defraud the US government and violate the Clean Air Act, and making a false statement under the Clean Air Act. Schmidt will be sentenced in December. He could face up to seven years in prison, as well as fines from $40,000 to $400,000, according to the plea agreement. After that, Schmidt could also be required to serve four years of supervised release.

Businesses

Wells Fargo Sued Again For Misbilling Car Owners And Veterans (reuters.com) 75

UnknowingFool writes: A new class action lawsuit from a former Wells Fargo customer claimed the bank charged loan customers for auto insurance they did not need. With auto loans, the bank often requires that full coverage auto insurance be bought when the loan is made. However, lead plaintiff Paul Hancock says that Wells Fargo charged him for auto insurance even though he informed them he already had an insurance policy with another company. Wells Fargo also charged him a late fee when he disputed the charge. Wells Fargo does not dispute that it did this to customers and has offered to refund $80 million to 570,000 customers who were charged for insurance. The lawsuit however is to recoup late fees, delinquency charges, and other fees that the refund would not cover.
NPR describes Wells Fargo actually repossessing the car of a man who was "marked as delinquent for not paying this insurance -- which he didn't want or need or even know about." Friday the bank also revealed the number of "potentially unauthorized accounts" from its earlier fake accounts scandal could be much higher than previous estimates -- and that they're now expecting their legal costs to exceed the $3.3 billion they'd already set aside.

And Reuters reports that the bank will also be paying $108 million "to settle a whistleblower lawsuit claiming it charged military veterans hidden fees to refinance their mortgages, and concealed the fees when applying for federal loan guarantees."
Communications

Is Microsoft Hustling Us With 'White Spaces'? (wired.com) 65

rgh02 writes: Microsoft recently announced their plan to deploy unused television airwaves to solve the digital divide in America. And while the media painted this effort as a noble one, at Backchannel, Susan Crawford reveals the truth: "Microsoft's plans aren't really about consumer internet access, don't actually focus on rural areas, and aren't targeted at the US -- except for political purposes." So what is Microsoft really up to?
The article's author believes Microsoft's real game is "to be the soup-to-nuts provider of Internet of Things devices, software, and consulting services to zillions of local and national governments around the world. Need to use energy more efficiently, manage your traffic lights, target preventative maintenance, and optimize your public transport -- but you're a local government with limited resources and competence? Call Microsoft."

The article argues Microsoft wants to bypass mobile data carriers who "will want a pound of flesh -- a percentage -- in exchange for shipping data generated by Microsoft devices from Point A to Point B... [I]n many places, they are the only ones allowed to use airwave frequencies -- spectrum -- under licenses from local governments for which they have paid hundreds of millions of dollars."
Social Networks

FBI Tracked 'Fake News' Believed To Be From Russia On Election Day (cnn.com) 352

An anonymous reader quotes a report from CNN: The FBI monitored social media on Election Day last year in an effort to track a suspected Russian disinformation campaign utilizing "fake news," CNN has learned. In the months leading up to Election Day, Twitter and Facebook were the feeding grounds for viral "news" stories floating conspiracies and hoaxes, many aimed at spreading negative false claims about Hillary Clinton. On Election Day, dozens of agents and analysts huddled at a command center arrayed with large monitoring screens at the FBI headquarters in Washington watching for security threats, according to multiple sources. That included analysts monitoring cyber threats, after months of mounting Russian intrusions targeting every part of the US political system, from political parties to policy think-tanks to state election systems. On this day, there was also a group of FBI cyber and counterintelligence analysts and investigators watching social media. FBI analysts had identified social media user accounts behind stories, some based overseas, and the suspicion was that at least some were part of a Russian disinformation campaign, according to two sources familiar with the investigation.
Open Source

Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk) 306

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Android

BLU Claims Innocence, Gets Phones Reinstated On Amazon (slashgear.com) 43

Earlier this week, Amazon suspended budget phone maker BLU from selling its phones on the site, citing a "potential security issue." A few days have passed and BLU has made its defense. SlashGear reports: AdUps, the Chinese company that provides affordable firmware update software to countless budget Android phones, is not spyware and not even Kryptowire, the security firm that broke the news last year, called it that, insists BLU. To be fair, Kryptowire really didn't. In its 2016 report, it simply described AdUps' OTA software as "FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE." Curiously, that is more or less how the FTC defines spyware (PDF). In its 2017 follow-up, it did drop the second part of that phrase and simply reported on "mobile devices for Personally Identifiable Information (PII) collection and transmission to third parties." While BLU, and a few other OEMs, was caught unaware by the first report, it's insisting on its innocence in this second instance. Its defense stems from the argument that it is doing nothing that violates its Privacy Policy and, therefore, doesn't constitute any wrongdoing. Yes, that privacy policy that barely anyone reads, which can't legally be blamed on manufacturers anyway.

In other words, when you agreed to use BLU's devices, you basically agreed that such PII could possibly be transmitted to a third party outside the US. In this particular case, that does apply to the situation with AdUps. Interestingly, the policy's copyright dates back to 2016, when the AdUps issue first came up. The Internet Archives doesn't seem to have any version of that page before April this year. And so we come to BLU's second arguments: everybody's doing it. The data that AdUps collects is the same or even just a fraction of what other OEMs are collecting. Google is hardly the bastion of privacy and other OEMs are also collecting such data and sending it to servers in China, as is the case with Huawei and ZTE. Finally, BLU says that Kryptowire's new report really only identifies the Cubot X16S, from a Chinese OEM, as the only smartphone really spying on its users.
UPDATE: BLU has confirmed that its devices "are now back up for sale on Amazon."
The Internet

Supreme Court Moves Toward Digital With Online Court Filings (thehill.com) 20

An anonymous reader quotes a report from The Hill: Supreme Court case documents will soon be made available for the first time online. The court announced Thursday that it will launch an electronic filing system on Nov. 13 that will make "virtually all new filings" accessible to the public via the court's website for free. Court documents for the lower courts are typically available online through the Public Access to Court Electronics Records, which charges a fee per page. The court's announcement comes just days after the high court unveiled a newly designed website. Court watchers say it's a surprising, but welcome, jump into the 21st century for a court that's been reluctant over the years to advance its technologies.
Government

Apple Owns $52.6 Billion In US Treasury Securities, More Than Mexico, Turkey or Norway (cnbc.com) 93

randomErr shares a report from CNBC: If Apple were a foreign country, CEO Tim Cook might have considerable political clout in the United States. That's because the tech giant owns $52.6 billion in U.S. Treasury securities, which would rank it among the top 25 major foreign holders, according to estimates from the Treasury Department and Apple's SEC filings released Wednesday. Apple's stake in U.S. government securities as of June, up from $41.7 billion as of last September, puts it ahead of Israel, Mexico and the Netherlands, according to Treasury data released last month, which tracks up to May of this year. With $20.1 billion in short-term Treasury securities and $31.35 billion in long-term marketable Treasury securities, Apple still falls far below countries like China and Japan, which hold over a trillion dollars in U.S. government debt each -- which has caused considerable hand-wringing in Washington. Still, Apple is way above other big companies like Amazon, which owns less than $5 billion in U.S. government or agency securities combined, according to regulatory filings.
The Military

US Army Calls Halt On Use of Chinese-Made Drones By DJI (theverge.com) 45

Due to "an increased awareness of cyber vulnerabilities with DJI products," the U.S. Army is asking all units to discontinue the use of DJI drones. The news comes from an internal memo obtained by the editor of SUAS News. It notes that the Army had issued over 300 separate releases authorizing the use of DJI products for Army missions, meaning a lot of hardware may have been in active use prior to the memo, which is dated August 2nd, 2017. The Verge reports: SUAS News published a piece back in May of this year that made a number of serious accusations about data gathered by DJI drones. Author Kevin Pomaski starts out writing, "Using a simple Google search the data mined by DJI from your provided flights (imagery, position and flight logs) and your audio can be accessed without your knowing consent." However, he never follows up with evidence to demonstrate how this data becomes public or can be found through a Google search. Pomaski also point out, correctly, that when DJI users elect to upload data to their SkyPixel accounts through the DJI app, this data can be stored on servers in the U.S., Hong Kong, and China. This data can include videos, photos, and audio recorded by your phone's microphone, and telemetry data detailing the height, distance, and position of your recent flights. DJI provided the following statement to The Verge: "People, businesses and governments around the world rely on DJI's products and technology for a variety of uses including sensitive and mission critical operations. The Department of the Army memo even reports that they have 'issued over 300 separate Airworthiness Releases for DJI products in support of multiple organizations with a variety of mission sets.' We are surprised and disappointed to read reports of the U.S. Army's unprompted restriction on DJI drones as we were not consulted during their decision. We are happy to work directly with any organization, including the U.S. Army, that has concerns about our management of cyber issues. We'll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by 'cyber vulnerabilities.' Until then, we ask everyone to refrain from undue speculation."
Republicans

Silicon Valley Says Trump Plan To Reduce Immigration Will Hurt Economy (cbslocal.com) 273

An anonymous reader quotes a report from CBS Local: President Donald Trump's push to cut legal immigration to the United States in half is being met by opposition from Silicon Valley leaders, economists, and even some Republicans senators, who all say legal immigration is key to economic prosperity. The Trump administration Wednesday endorsed the Reforming American Immigration for a Strong Economy Act or RAISE Act, a Senate bill introduced by two Republican senators earlier this year, that aims to cut all U.S. immigration in half. Business leaders, especially those in California's tech industry, say the bill will stymie their ability to fill jobs and grow the U.S. economy. California's economy is the sixth largest in the world and many attribute that success, in part, to immigration. The Information Technology Industry Council, which represents companies including Amazon, Apple, Adobe, Dell, Facebook, Hewlett-Packard, Google, Visa, Nokia, and Microsoft railed against the bill.

Dean Garfield, President and CEO of the council said, "This is not the right proposal to fix our immigration system because it does not address the challenges tech companies face, injects more bureaucratic dysfunction, and removes employers as the best judge of the employee merits they need to succeed and grow the U.S. economy." Garfield argues that the tech industry cannot find enough STEM-skilled Americans to fill open positions and that U.S. immigration policy "stops us from keeping the best and brightest innovators here in the U.S. and instead we lose out to our overseas competitors."

Security

ESET Spreading FUD About Torrent Files, Clients (welivesecurity.com) 60

An anonymous reader writes: ESET has taken fear mongering, something that some security firms continue to do, to a new level by issuing a blanket warning to users to view torrent files and clients as a threat. The warning came from the company's so-called security evangelist Ondrej Kubovic, (who used extremely patchy data to try and scare the bejesus out of computer users (Google cache). Like all such attempts at FUD, his treatise ended with a claim that ESET was the one true source whereby users could obtain "knowledge" to protect themselves. "If you want to stay informed and protect yourself by building up your knowledge, read the latest pieces by ESET researchers on WeLiveSecurity," he wrote. Kubovic used the case of Transmission -- a BitTorrent client that was breached in March and August 2016 with malware implanted and aimed at macOS users -- to push his barrow. But to use this one instance to dissuade people from downloading BitTorrent clients en masse is nothing short of scaremongering. There are dozens, if not more, BitTorrent clients which enjoy much wider usage, with uTorrent being one good example. Kubovic then used the old furphy which is resorted to by those who lobby on behalf of the copyright industry -- torrents are mostly illegal files and downloading them is Not The Right Thing To Do. But then he failed to mention that hundreds of thousands of perfectly legitimate files are also offered as torrents -- for instance, this writer regularly downloads images of various GNU/Linux distributions using a BitTorrent client because it is the more community-friendly thing to do, rather than using a direct HTTP link and hogging all the bandwidth available.
The Courts

'Pharma Bro' Martin Shkreli Found Guilty of 3 of 8 Charges, Including Securities Fraud (cnbc.com) 146

Former pharmaceutical chief executive Martin Shkreli has been found guilty of securities fraud. A New York City jury returned the verdict after five days of deliberations. From a report: Shkreli, 34, was convicted of some of the eight criminal counts that he had faced, which had included securities fraud and conspiracy to commit both securities fraud and wire fraud, after a more-than-month-long trial in Brooklyn, New York, federal court. Of the eight counts, Shkreli was found guilty of three. Those included conspiracy to commit securities fraud, and two counts of securities fraud. He was found not guilty of five counts, including those related to wire fraud. He faces up to 20 years in prison when he is sentenced.
Security

The Kronos Indictment: Is it a Crime To Create and Sell Malware? (washingtonpost.com) 199

Marcus Hutchins, the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak in its tracks by discovering a hidden "kill switch" for the malware, was arrested by the FBI over his alleged involvement in separate malicious software targeting bank accounts. According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of having helped to create, spread and maintain the banking trojan Kronos between 2014 and 2015. Hutchins, who is indicted with another unnamed co-defendant, stands accused of six counts of hacking-related crimes as a result of his alleged involvement with Kronos. A preliminary analysis of those counts suggest that the government will face significant legal challenges. Orin Kerr, the Fred C. Stevenson Research Professor at The George Washington University Law School, writes: The indictment asserts that Hutchins created the malware and an unnamed co-conspirator took the lead in selling it. The indictment charges a slew of different crimes for that: (1) conspiracy to violate the Computer Fraud and Abuse Act; (2) three counts of violating 18 U.S.C. 2512, which prohibits selling and advertising wiretapping devices; (3) a count of wiretapping; and (4) a count of violating the Computer Fraud and Abuse Act through accomplice liability -- basically, aiding and abetting a hacking crime. Do the charges hold up? Just based on a first look at the case, my sense is that the government's theory of the case is fairly aggressive. It will lead to some significant legal challenges. It's hard to say, at this point, how those challenges will play out. The indictment is pretty bare-bones, and we don't have all the facts or even what the government thinks are the facts.
AI

Chinese Chatbots Apparently Re-educated After Political Faux Pas (reuters.com) 80

A pair of 'chatbots' in China have been taken offline after appearing to stray off-script. In response to users' questions, one said its dream was to travel to the United States, while the other said it wasn't a huge fan of the Chinese Communist Party. From a report: The two chatbots, BabyQ and XiaoBing, are designed to use machine learning artificial intelligence (AI) to carry out conversations with humans online. Both had been installed onto Tencent Holdings Ltd's popular messaging service QQ. The indiscretions are similar to ones suffered by Facebook and Twitter, where chatbots used expletives and even created their own language. But they also highlight the pitfalls for nascent AI in China, where censors control online content seen as politically incorrect or harmful. Tencent confirmed it had taken the two robots offline from its QQ messaging service, but declined to elaborate on reasons.
Communications

The FCC Is Full Again, With Three Republicans and Two Democrats (arstechnica.com) 81

An anonymous reader quotes a report from Ars Technica: The U.S. Senate today confirmed the nominations of Republican Brendan Carr and Democrat Jessica Rosenworcel to fill the two empty seats on the Federal Communications Commission. FCC Chairman Ajit Pai congratulated the commissioners in a statement. "As I know from working with each of them for years, they have distinguished records of public service and will be valuable assets to the FCC in the years to come," Pai said. "Their experience at the FCC makes them particularly well-suited to hit the ground running. I'm pleased that the FCC will once again be at full strength and look forward to collaborating to close the digital divide, promote innovation, protect consumers, and improve the agency's operations."

Carr served as Pai's Wireless, Public Safety and International Legal Advisor for three years. After President Trump elevated Pai to the chairmanship in January, Pai appointed Carr to become the FCC's general counsel. Rosenworcel had to leave the commission at the end of last year when the Republican-led US Senate refused to re-confirm her for a second five-year term. But Democrats pushed Trump to re-nominate Rosenworcel to fill the empty Democratic spot and he obliged. FCC commissioners are nominated by the president and confirmed by the Senate. esides Pai, Carr, and Rosenworcel, the five-member commission includes Republican Michael O'Rielly and Democrat Mignon Clyburn.

The Courts

NotPetya Ransomware Victims Preparing Lawsuit Against Ukrainian Software Firm (bleepingcomputer.com) 25

An anonymous reader writes from a report via Bleeping Computer: The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software -- the point of origin of the NotPetya ransomware outbreak. The NotPetya ransomware spread via a trojanized M.E.Doc update, according to Microsoft, Bitdefender, Kaspersky, Cisco, ESET, and Ukrainian Cyber Police. A subsequent investigation revealed that Intellect-Service had grossly mismanaged the hacked servers, which were left without updates since 2013 and were backdoored on three different occasions. On Tuesday, Ukrainian Cyber Police confirmed that M.E.Doc servers were backdoored on three different occasions in an official document. The company is now using this document as the primary driving force behind its legal action. Juscutum says that victims must pay all court fees, must provide evidence or help with the collection of evidence, and agree to a 30% cut in the case of any awarded damages. The lawsuit is in its incipient stages. Juscutum representatives are currently spreading their message and encouraging victims to join the lawsuit via social media posts and articles in local Ukrainian press.
Security

WikiLeaks Reveals CIA Tool For Hacking Webcams, Microphones (thestack.com) 107

An anonymous reader quotes a report from The Stack: WikiLeaks has released a new set of documents in the CIA Vault 7 leak, outlining the "Dumbo" hacking tool which allows control of webcams and microphones. The release explains that the tool is capable of completely suspending processes on webcams and corrupting video recordings. Dumbo's is tasked specifically with gaining and exploiting physical access to target computers used in CIA field operations, the release notes. According to WikiLeaks, the tool allows for the identification, control and manipulation of monitoring and detection systems, such as webcams and microphones, running the Microsoft Windows operating system. The technology first identifies all installed devices, whether they are connected locally, wirelessly, or across wired networks. Once Dumbo has detected all of these devices, it identifies all the related processes, which may include recording, monitoring or detection of video, audio and network streams. These operations can then be suspended by the operator. "By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation," the release added. Dumbo does require direct access to the target computer and is run from a USB stick. The release states that it supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. However, 64bit Windows XP and Windows versions prior to XP are not supported.
China

China Is Perfecting a New Method For Suppressing Dissent On the Internet (vox.com) 151

An anonymous reader quotes a report from Vox: The art of suppressing dissent has been perfected over the years by authoritarian governments. For most of human history, the solution was simple: force. Punish people severely enough when they step out of line and you deter potential protesters. But in the age of the internet and "fake news," there are easier ways to tame dissent. A new study by Gary King of Harvard University, Jennifer Pan of Stanford University, and Margaret Roberts of the University of California San Diego suggests that China is the leading innovator on this front. Their paper, titled "How the Chinese Government Fabricates Social Media Posts for Strategic Distraction, Not Engaged Argument," shows how Beijing, with the help of a massive army of government-backed internet commentators, floods the web in China with pro-regime propaganda. What's different about China's approach is the content of the propaganda. The government doesn't refute critics or defend policies; instead, it overwhelms the population with positive news (what the researchers call "cheerleading" content) in order to eclipse bad news and divert attention away from actual problems. This has allowed the Chinese government to manipulate citizens without appearing to do so. It permits just enough criticism to maintain the illusion of dissent and only acts overtly when fears of mass protest or collective action arise.
Crime

Man Used DDoS Attacks On Media To Extort Them To Remove Stories (itwire.com) 34

New submitter troublemaker_23 shares a report from iTWire: A 32-year-old man from Seattle who was arrested for mounting a series of distributed denial of service attacks on businesses in Australia, the U.S. and Canada, wanted articles about himself removed from various news sites, including Fairfax Media. According to an FBI chargesheet filed in the U.S. District Court for the Northern District of Texas (Dallas Division), Kamyar Jahanrakhshan tried to get articles removed from the Sydney Morning Herald, a site for legal articles known as Leagle.com, Metronews.ca, a Canadian news website, CBC in Canada and Canada.ca. The chargesheet, filed by FBI special agent Matthew Dosher, said Jahanrakhshan migrated to the U.S. in 1991 and took U.S. citizenship; he then moved to Canada about four years later and became a permanent resident there. He had a conviction for second degree theft in Washington state in 2005 and this was vacated in August 2011; he also had a 2011 conviction for fraud and obstruction in Canada. In each case, Jahanrakhshan, who was deported back to the U.S. as a result of the Canada crime, launched DDoS attacks on the news websites and then contacted them. Further reading: Ars Technica
Software

Cable Giants Step Up Piracy Battle By Interrogating Montreal Software Developer (www.cbc.ca) 185

New submitter wierzpio writes: In more news about TVAddons, Canadian cable companies used a civil search warrant to visit the owner and developer of TVAddons, a library of hundreds of apps known as add-ons that allow people easy access to pirated movies, TV shows, and live TV. According to Adam Lackman, founder of TVAddons and defendant in the copyright lawsuit launched by the television giants, "The whole experience was horrifying. It felt like the kind of thing you would have expected to have happened in the Soviet Union." During the 16 hour-long visit, he was interrogated, denied the right not to answer the questions, and denied the right to consult his answers with his lawyer, who was present. His personal possessions were seized. Adam is fighting back (link to Indiegogo fundraising page) and already the judge declared the search warrant "null and void." "I am of the view that its true purpose was to destroy the livelihood of the defendant, deny him the financial resources to finance a defense to the claim made against him," the judge wrote. "The defendant has demonstrated that he has an arguable case that he is not violating the [Copyright] Act," the judge continued, adding that by the plaintiffs' own estimate, only about one per cent of Lackman's add-ons were allegedly used to pirate content. Lackman's belongings still haven't been returned, and he can't acess the TVAddons website or its social media accounts, which were also seized. "Bell, Rogers and Videotron has appealed the court decision and a Federal Court of Appeal judge has ruled that until the appeal can be hard, Lackman will get nothing back," reports cbc.ca.
Businesses

Font Maker Sues Universal Music Over 'Pirated' The Vamps Logo (torrentfreak.com) 142

An anonymous reader writes: Universal Music Group is being sued by HypeForType, which accuses the record label of using "pirated" copies of its fonts for the logo of The Vamps. The font is widely used for artwork, promotion material and merchandising of the popular British band, and the font creator is looking for a minimum of $1.25 million in damages. The font maker has filed a lawsuit accusing the major label of using its "Nanami Rounded" and "Ebisu Bold" fonts without permission. According to a complaint, filed in a New York federal court, Universal failed to obtain a proper license for its use, so they are essentially using pirated fonts.
Censorship

Joining Apple, Amazon's China Cloud Service Bows To Censors (nytimes.com) 51

Days after Apple yanked anti-censorship tools off its app store in China, another major American technology company is moving to implement the country's tough restrictions on online content. From a report: A Chinese company that operates Amazon's cloud-computing and online services business there said on Tuesday that it told local customers to cease using any software that would allow Chinese to circumvent the country's extensive system of internet blocks (Editor's note: the link could be paywalled; alternative source). The company, called Beijing Sinnet Technology and operator of the American company's Amazon Web Services operations in China, sent one round of emails to customers on Friday and another on Monday. "If users don't comply with the guidance, the offered services and their websites can be shut down," said a woman surnamed Wang who answered a Sinnet service hotline. "We the operators also check routinely if any of our users use these softwares or store illegal content." Ms. Wang said the letter was sent according to recent guidance from China's Ministry of Public Security and the country's telecom regulator. Amazon did not respond to emails and phone calls requesting comment. The emails are the latest sign of a widening push by China's government to block access to software that gets over the Great Firewall -- the nickname for the sophisticated internet filters that China uses to stop its people from gaining access to Facebook, Google and Twitter, as well as foreign news media outlets.
Businesses

New Data On H-1B Visas Prove That IT Outsourcers Hire a Lot But Pay Very Little (qz.com) 233

New submitter FerociousFerret shares a report from Quartz: Hard numbers have been released by the U.S. government agency that screens visas for high-skilled foreign workers, and they are not pretty. Data made available by the U.S. Citizenship and Immigration Services (USCIS) for the first time show that the widely made complaint about the visa program is true: a small number of IT outsourcing companies get a disproportionately high number of H-1B visas and pay below-average wages to their workers. The new data also gives a more accurate picture of salaries of H-1B workers by employer. The top IT outsourcing companies on average paid much lower salaries to their workers. The wage divide is largely a result of different education requirements of H-1B positions. H-1B visas are issued to workers with specialized skills which generally requires a Bachelor's degree or higher. More than 98% of approved H-1B visa positions were awarded to workers with either a Bachelor's or a Master's degree in fiscal year 2016. A closer look at the educations held by H-1B workers at companies like Google, Amazon and Intel -- places with in-house tech staffs -- show that more than 60% had Masters degrees. For most IT outsourcing companies, the majority of H-1B visa holders only had a Bachelor's.
Privacy

NSA Unlawfully Surveilled Kim Dotcom In New Zealand, Says Report (thehill.com) 133

According to new documents from New Zealand's Government Communications Security Bureau (GCSB), the NSA illegally used technology to spy on Megaupload founder Kim Dotcom. "The New Zealand Herald first reported that the GCSB told the nation's high court that it ceased all surveillance of Dotcom in early 2012, but that 'limited' amounts of communications from Dotcom were later intercepted by its technology without the bureau's knowledge," reports The Hill. From the report: Dotcom was surveilled by the NSA and the GCSB in a joint intelligence operation named Operation Debut. According to the Herald, that surveillance was scheduled to end in January 2012, but the United States continued to use New Zealand's technology. According to court documents obtained by the Herald, "Limited interception of some communications continued beyond the detasking date without the knowledge of GCSB staff." The court papers don't explain how the NSA was able to use the GCSB's spying technology without the bureau's knowledge. According to the Herald, "The GCSB documents do contain an admission of NSA involvement, although it was not made outright." Dotcom is facing charges of copyright infringement and money laundering related to Megaupload, a file-sharing website shut down in 2012. He is currently fighting U.S. attempts to extradite him from New Zealand.

Slashdot Top Deals