Government

FBI Says Islamic State Used eBay, PayPal To Channel Money To the US (theverge.com) 57

An anonymous reader quotes a report from The Verge: Islamic State allegedly used PayPal and fake eBay transactions to channel money to an operative in the U.S., The Wall Street Journal reports. The man who allegedly received the money was American citizen Mohamed Elshinawy, who was arrested last year in Maryland. The FBI claims that Elshinawy, in his early 30s, sold computer printers on eBay as a front in order to receive the payments through PayPal. The details have come to light because of a recently unsealed FBI affidavit, which alleges Elshinawy was part of a worldwide network that used such channels to fund ISIS. Elshinawy received $8,700 from ISIS, including five PayPal payments from senior ISIS official Siful Sujan through his technology company. Those funds were used to buy a laptop, a cellphone, and a VPN to communicate with IS, according to the affidavit. Sujan was killed in a drone strike in 2015. eBay told The Wall Street Journal it "has zero tolerance for criminal activities taking place on our marketplace." Meanwhile, a spokeswoman for PayPal said it "invests significant time and resources in working to prevent terrorist activity on our platform. We proactively report suspicious activities and respond quickly to lawful requests to support law enforcement agencies in their investigations."
The Courts

Silicon Valley Billionaire Fails To Prevent Access To Public Beach (theguardian.com) 283

Robotron23 writes: Vinod Khosla, a Silicon Valley venture capitalist, has lost his appeal to privatize Martins Beach -- a publicly-owned strip of coastline in California. Having previously fenced off the land in a bid to render the area private, Khosla has been ordered to restore access by a California court. Khosla had previously demanded the government pay him $30 million to reopen the gate to the beachfront. The law of California states that all beaches should be open to the public up to the "mean high tide line." "The decision this week, affirming a lower court ruling, stems from a lawsuit filed by the Surfrider Foundation, a not-for-profit group that says the case could have broader implications for beach access across the U.S.," reports The Guardian.
Government

FCC Extends Net Neutrality Comment Period By Two Weeks (theverge.com) 22

An anonymous reader quotes a report from The Verge: You'll have two extra weeks to file your thoughts with the FCC on its plan to get rid of net neutrality. The proposal's comment period was originally scheduled to end next week, on August 16th, but the commission just pushed the date out to August 30th. The extension was granted in response to 10 groups asking for more time to respond. They had been looking for an additional eight weeks, but the commission said an additional two weeks would be more in line with the type of extensions granted in the past. The commission didn't signal that disruptions to its filing system, caused by an apparent DDOS attack, factored into the decision at all. Granting a two week extension gives people more time to file "reply comments," which are meant to respond to what people filed during the first phase of the comment period, which closed in July. That comment period had been much longer than usual, because the commission released the proposal a month before it was voted on.
Businesses

Uber Shareholder Group Wants Benchmark Off Board (axios.com) 31

Dan Primack, reporting for Axios: A group of Uber investors has asked that venture capital firm Benchmark step down from the company's board of directors, Axios has learned. It also wants Benchmark to divest enough shares so as to no longer have board appointment rights. The move comes one day after Benchmark sued former Uber CEO Travis Kalanick for fraud, in an attempt to have him removed from the board. From the letter: Mr. Kalanick's resignation, along with other concessions, on a few hours' notice and within weeks of a personal tragedy, under threat of public scandal. Even less so your escalation of this fratricidal course -- notwithstanding Mr. Kalanick's resignation -- through your recent lawsuit, which we fear will cost the company public goodwill, interfere with fundraising and impede the critical search for a new, world-class Chief Executive Officer. Benchmark has used false allegations from lawsuits like Waymo as a matter of fact and this and many actions has crossed the fiduciary line. Benchmark's investment of $27M is worth $8.4 billion today and you are suing the founder, the company and the employees who worked so hard to create such unprecedented value. We ask you to please consider the lives of these employees and allow them to continue to grow this company in peace and make it thrive. These actions do the opposite.
The Courts

Developers File Antitrust Complaint Against Apple in China (reuters.com) 27

A Chinese law firm has filed a complaint against Apple on behalf of 28 local developers alleging the firm breached antitrust regulations. From a report: The complaint, lodged by Beijing-based Dare & Sure Law Firm, accuses Apple of charging excessive fees and removing apps from its local store without proper explanation, Lin Wei, an attorney at the firm told Reuters on Thursday. "During its localization process Apple has run into several antitrust issues ... after an initial investigation we consulted a number of enterprises and got a very strong response," said Lin. The law firm invited developers to join the complaint in April and on Tuesday filed it to China's State Administration for Industry and Commerce and the National Development and Reform Commission, which oversees antitrust matters in the country.
United States

Hearing Loss of US Diplomats In Cuba Is Blamed On Covert Device (bostonglobe.com) 224

bsharma shares a report from The Boston Globe: The two-year-old U.S. diplomatic relationship with Cuba was roiled Wednesday by what U.S. officials say was a string of bizarre incidents that left a group of American diplomats in Havana with severe hearing loss attributed to a covert sonic device. In the fall of 2016, a series of U.S. diplomats began suffering unexplained losses of hearing, according to officials with knowledge of the investigation into the case. Several of the diplomats were recent arrivals at the embassy, which reopened in 2015 as part of former President Barack Obama's reestablishment of diplomatic relations with Cuba. Some of the diplomats' symptoms were so severe that they were forced to cancel their tours early and return to the United States, officials said. After months of investigation, U.S. officials concluded that the diplomats had been exposed to an advanced device that operated outside the range of audible sound and had been deployed either inside or outside their residences. It was not immediately clear if the device was a weapon used in a deliberate attack, or had some other purpose.
Businesses

Why Amazon's UK Tax Bill Has Dropped 50% (bbc.com) 139

An anonymous reader quotes a report from BBC: Amazon has seen a 50% fall in the amount of UK corporation tax it paid last year, while recording a 54% increase in turnover for the same period. This snippet of news raised eyebrows this morning when it was revealed. So what's going on? Taxes are paid on profit not turnover. It paid lower taxes because it made lower profits. Last year it made 48 million British Pounds (BP) or ~$62 million U.S. dollars (USD) in profit -- this year it made only 24 million BP or ~$31 million USD so it paid 7 million BP (~$9 million USD) tax compared to 15 million BP (~$19 million USD). What is more interesting is WHY its profits were lower. Part of the reason is the way it pays its staff. Amazon UK Services is the division which runs the fulfillment centers which process, package and post deliveries to UK customers. It employs about 16,000 of the 24,000 people Amazon have in the UK. Each full-time employee gets given at least 1,000 BP (~$1,297 USD) worth of shares every year. They can't cash them in immediately -- they have to hold them for a period of between one and three years.

If Amazon's share price goes up in that time, those shares are worth more. Amazon's share price has indeed gone up over the past couple of years -- a lot. In fact, in the past two years the share price has nearly doubled, so 1,000 BP (~$1,297 USD) in shares granted in August 2015 are now worth nearly 2,000 BP (~$2,595 USD). Staff compensation goes up, compensation is an expense, expenses can be deducted from revenue -- so profits are lower and so are the taxes on those profits.

United States

Wisconsin Won't Break Even On Foxconn Plant Deal For Over Two Decades (theverge.com) 309

Last month, Foxconn announced plans to build a $10 billion factory in southeastern Wisconsin in exchange for $3 billion in tax breaks. While the factory was heralded as a big win for President Trump and Governor Scott Walker, a report issued last week says the plan is looking less and less like a good deal for the state. In the report, Wisconsin's Legislative Fiscal Bureau said that the state wouldn't break even on its investment until 2043 -- and that's in an absolute best-case scenario. The Verge reports: How many workers Foxconn actually hires, and where Foxconn hires them from, would have a significant impact on when the state's investment pays off, the report says. The current analysis assumes that "all of the construction-period and ongoing jobs associated with the project would be filled by Wisconsin residents." But the report says it's likely that some positions would go to Illinois residents, because the factory would be located so close to the border. That would lower tax revenue and delay when the state breaks even. And that's still assuming that Foxconn actually creates the 13,000 jobs it claimed it might create, at the average wage -- just shy of $54,000 -- it promised to create them at. In fact, the plant is only expected to start with 3,000 jobs; the 13,000 figure is the maximum potential positions it could eventually offer. If the factory offers closer to 3,000 positions, the report notes, "the breakeven point would be well past 2044-45."
China

China Working On 'Repression Network' Which Lets Cameras Identify Cars With Unprecedented Accuracy (thesun.co.uk) 80

schwit1 shares a report from The Sun: Researchers at a Chinese university have revealed the results of an investigation aimed at creating a "repression network" which can identify cars from "customized paintings, decorations or even scratches" rather than by scanning its number plate. A team from Peking University said the technology they have developed to perform this task could also be used to recognize the faces of human beings. Essentially, it works by learning from what it sees, allowing it to differentiate between cars (or humans) by spotting small differences between them. "The growing explosion in the use of surveillance cameras in public security highlights the importance of vehicle search from large-scale image databases," the researcher wrote. "Precise vehicle search, aiming at finding out all instances for a given query vehicle image, is a challenging task as different vehicles will look very similar to each other if they share same visual attributes." They added: "We can extend our framework [software] into wider applications like face and person retrieval [identification] as well."
Security

Password Power Rankings: a Look At the Practices of 40+ Popular Websites (helpnetsecurity.com) 126

Orome1 shares a report from Help Net Security: Nothing should be more important for these sites and apps than the security of the users who keep them in business. Unfortunately, Dashlane found that that 46% of consumer sites, including Dropbox, Netflix, and Pandora, and 36% of enterprise sites, including DocuSign and Amazon Web Services, failed to implement the most basic password security requirements. The most popular sites provide the least guidance when it comes to secure password policies. Of the 17 consumer sites that failed Dashlane's tests, eight are entertainment/social media sites, and five are e-commerce. Most troubling? Researchers created passwords using nothing but the lowercase letter "a" on Amazon, Google, Instagram, LinkedIn, Venmo, and Dropbox, among others. GoDaddy emerged as the only consumer website with a perfect score, while enterprise sites Stripe and QuickBooks also garnered a perfect score of 5/5. Here's a screenshot of how each consumer/enterprise website performed.
Security

Scientists Create DNA-Based Exploit of a Computer System (technologyreview.com) 43

Archeron writes: It seems that scientists at University of Washington in Seattle have managed to encode malware into genomic data, allowing them to gain full access to a computer being used to analyze the data. While this may be a highly contrived attack scenario, it does ask the question whether we pay sufficient attention to data-driven exploits, especially where the data is instrument-derived. What other systems could be vulnerable to a tampered raw data source? Perhaps audio and RF analysis systems? MIT Technology Review reports: "To carry out the hack, researchers led by Tadayoshi Kohno and Luis Ceze encoded malicious software in a short stretch of DNA they purchased online. They then used it to gain 'full control' over a computer that tried to process the genetic data after it was read by a DNA sequencing machine. The researchers warn that hackers could one day use faked blood or spit samples to gain access to university computers, steal information from police forensics labs, or infect genome files shared by scientists. To make the malware, the team translated a simple computer command into a short stretch of 176 DNA letters, denoted as A, G, C, and T. After ordering copies of the DNA from a vendor for $89, they fed the strands to a sequencing machine, which read off the gene letters, storing them as binary digits, 0s and 1s. Yaniv Erlich, a geneticist and programmer who is chief scientific officer of MyHertige.com, a genealogy website, says the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command. In this case, the command contacted a server controlled by Kohno's team, from which they took control of a computer in their lab they were using to analyze the DNA file." You can read their paper here.
China

China's VPN Developers Face Crackdown (bbc.com) 55

China recently launched a crackdown on the use of software which allows users to get around its heavy internet censorship. Now as the BBC reports, developers are facing growing pressure. From the report: The three plain-clothes policemen tracked him down using a web address. They came to his house and demanded to see his computer. They told him to take down the app he was selling on Apple's App Store, and filmed it as it was happening. His crime was to develop and sell a piece of software that allows people to get round the tough restrictions that limit access to the internet in China. A virtual private network (VPN) uses servers abroad to provide a secure link to the internet. It's essential in China if you want to access parts of the outside world like Facebook, Gmail or YouTube, all of which are blocked on the mainland. "They insisted they needed to see my computer," the software developer, who didn't want us to use his name, told us during a phone interview. "I said this is my private stuff. How can you search as you please?" No warrant was produced and when he asked them what law he had violated they didn't say. Initially he refused to co-operate but, fearing detention, he relented. Then they told him what they wanted: "If you take the app off the shelf from Apple's App Store then this will be all over." 'Sorry, I can't help you with that'. Up until a few months ago his was a legal business. Then the government changed the regulations. VPN sellers need a licence now.
Crime

UK Wants To Criminalize Re-Identification of Anonymized User Data (bleepingcomputer.com) 120

An anonymous reader writes: European countries are currently implementing new data protection laws. Recently, despite leaving the European Union, the United Kingdom has expressed intent to implement the law called General Data Protection Regulation. As an extension, the UK wants to to ban re-identification (with a penalty of unlimited fines), the method of reversing anonymization, or pointing out the weakness of the used anonymisation process. One famous example was research re-identifying Netflix users from published datasets. By banning re-identification, UK follows the lead of Australia which is considering enacting similarly controversial law that can lead to making privacy research difficult or impossible. Privacy researchers express concerns about the effectiveness of the law that could even complicate security, a view shared by privacy advocates.
Movies

Disney Ditching Netflix Keeps Piracy Relevant (torrentfreak.com) 263

Yesterday, Disney announced its intent to pull its movies from Netflix and start its own streaming service. This upset many users across the web as the whole appeal of the streaming model becomes diluted when there are too many "Netflixes." TorrentFreak argues that "while Disney expects to profit from the strategy, more fragmentation is not ideal for the public" and that the move "keeps piracy relevant." From the report: Although Disney's decision may be good for Disney, a lot of Netflix users are not going to be happy. It likely means that they need another streaming platform subscription to get what they want, which isn't a very positive prospect. In piracy discussions, Hollywood insiders often stress that people have no reason to pirate, as pretty much all titles are available online legally. What they don't mention, however, is that users need access to a few dozen paid services, to access them all. In a way, this fragmentation is keeping the pirate ecosystems intact. While legal streaming services work just fine, having dozens of subscriptions is expensive, and not very practical. Especially not compared to pirate streaming sites, where everything can be accessed on the same site.
Privacy

Disney Sued For Allegedly Spying On Children Through 42 Gaming Apps (washingtonpost.com) 40

schwit1 shares a report from The Washington Post (Warning: may be paywalled; alternative source): The Walt Disney Co. secretly collects personal information on some of their youngest customers and shares that data illegally with advertisers without parental consent, according to a federal lawsuit filed late last week in California. The class-action suit targets Disney and three other software companies -- Upsight, Unity and Kochava -- alleging that the mobile apps they built together violate the law by gathering insights about app users across the Internet, including those under the age of 13, in ways that facilitate "commercial exploitation."

The plaintiffs argue that Disney and its partners violated COPPA, the Children's Online Privacy Protection Act, a federal law designed to protect the privacy of children on the Web. The lawsuit, filed in U.S. District Court for the District of Northern California, seeks an injunction barring the companies from collecting and disclosing the data without parental consent, as well as punitive damages and legal fees. The lawsuit alleges that Disney allowed the software companies to embed trackers in apps such as "Disney Princess Palace Pets" and "Where's My Water? 2." Once installed, tracking software can then "exfiltrate that information off the smart device for advertising and other commercial purposes," according to the suit. Disney should not be using those software development companies, said Jeffrey Chester, the executive director of the Center for Digital Democracy. "These are heavy-duty technologies, industrial-strength data and analytic companies whose role is to track and monetize individuals," Chester said. "These should not be in little children's apps."
Disney responded to the lawsuit, saying: "Disney has a robust COPPA compliance program, and we maintain strict data collection and use policies for Disney apps created for children and families. The complaint is based on a fundamental misunderstanding of COPPA principles, and we look forward to defending this action in court."
The Internet

Maybe Americans Don't Need Fast Home Internet Service, FCC Suggests (arstechnica.com) 375

An anonymous reader shares an excerpt from a report via Ars Technica: Americans might not need a fast home Internet connection, the Federal Communications Commission suggests in a new document. Instead, mobile Internet via a smartphone might be all people need. The suggestion comes in the FCC's annual inquiry into broadband availability. Section 706 of the Telecommunications Act requires the FCC to determine whether broadband (or more formally, "advanced telecommunications capability") is being deployed to all Americans in a reasonable and timely fashion. If the FCC finds that broadband isn't being deployed quickly enough to everyone, it is required by law to "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market."

The FCC found during George W. Bush's presidency that fast Internet service was being deployed in a reasonable and timely fashion. But during the Obama administration, the FCC determined repeatedly that broadband isn't reaching Americans fast enough, pointing in particular to lagging deployment in rural areas. These analyses did not consider mobile broadband to be a full replacement for a home (or "fixed") Internet connection via cable, fiber, or some other technology. Last year, the FCC updated its analysis with a conclusion that Americans need home and mobile access. Because home Internet connections and smartphones have different capabilities and limitations, Americans should have access to both instead of just one or the other, the FCC concluded under then-Chairman Tom Wheeler.
The report goes on to add that with Republican Ajit Pai as chairman of the FCC, "the FCC seems poised to change that policy by declaring that mobile broadband with speeds of 10Mbps downstream and 1Mbps upstream is all one needs." Furthermore, "In doing so, the FCC could conclude that broadband is already being deployed to all Americans in a reasonable and timely fashion, and thus the organization would take fewer steps to promote deployment and competition."
Privacy

Prison Time For Manager Who Hacked Ex-Employer's FTP Server, Email Account (bleepingcomputer.com) 37

Catalin Cimpanu, writing for BleepingComputer: Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company's FTP server and the email account of one of his former colleagues. Needham did all the hacking after he left his former employer, Allen & Hoshall (A&H), a design and engineering firm for which he worked until 2013. Needham left to create his own company named HNA Engineering together with a business partner. HNA is also a design and engineering firm. According to court documents obtained by Bleeping Computer, between May 2014 and March 2016, Needham hacked into the email account of one of his former co-workers. From this account, the FBI says Needham took sensitive business information, company fee structures, marketing plans, project proposals, and lists of credentials for A&H's FTP server. A&H rotated its FTP credentials every six months, but Needham acquired new logins from his former colleague's email account.
Privacy

In Less Than Five Years, 45 Billion Cameras Will Be Watching Us (fastcompany.com) 85

An anonymous reader writes: It was a big deal for many when Apple added a second camera to the back of the iPhone 7 Plus last year. In five years, that will be considered quaint. By then, smartphones could sport 13 cameras, allowing them to capture 360-degree, 3D video; create complex augmented reality images onscreen; and mimic with digital processing the optical zoom and aperture effects of an SLR. That's one of the far-out, but near-term, predictions in a new study by LDV Capital, a VC firm that invests in visual technologies such as computer vision. It polled experts at its own portfolio companies and beyond to predict that by 2022, the total number of cameras in the world will reach about 45 billion. Jaw-dropping as that figure is, it doesn't seem so crazy when you realize that today there are already about 14 trillion cameras in the world, according to data from research firms such as Gartner. Next to phones, other camera-hungry products will include robots (including autonomous cars), security cameras, and smart home products like the new Amazon Echo Show, according to LDV. UPDATE: Story has been updated to reflect the updates made to The Fast Company article. The outreach figures are 45 billion cameras by 2022, not trillion.
Canada

An Image Site Is Victimizing Countless Women and Little Can Be Done (vice.com) 271

Allison Tierney, reporting for Vice: An international anonymous photo-sharing site where people post explicit photos without consent is playing host to the victimization of countless women. In the Canadian section of Anon-IB alone, there are currently over a hundred threads -- often organized by region, city, or calling out for nudes of a specific woman to be posted publicly. "Hamilton hoes," "Nanaimo Thread!," and "Markham wins" are some titles of Canadian threads. (Language used on the site equates the word "win" with sexually explicit photos of women.) Many major Canadian cities are represented on the site, and some threads even focus on women from specific schools. While it's a crime to share an "intimate image" of a person without their consent in Canada, sites that host this kind of activity don't necessarily fall under this. "[In terms of organizing content], is it criminal? No. Is it illegal? No," Toronto-based lawyer Jordan Donich, of Donich Law, told VICE. "It's a newer version of an older problem -- sites like these have been around for a long time." Anon-IB is not a new site; its current domain was registered to a "private person" in 2015 and ends in an ".ru." However, the site was initially up several years before 2015, going offline briefly in 2014.
Google

Google May Be In Trouble For Firing James Damore (inc.com) 1015

Google fired engineer James Damore after he wrote a 10-page document about "Google's Ideological Echo Chamber." taustin writes from a report via Inc. about the potential legal trouble the company may face from firing the "anti-diversity" engineer: Whether Demore is right or wrong, whether one agrees with him or not, Google may have legal trouble for firing him. Employees are protected by federal law when they discuss working conditions with other employees (and this was an internal memo). His memo could be considered whistleblowing, which is also protected (and it is very clear that he was fired as retribution). And, in California, political opinions are protected in the work place as well. Just because one side is wrong doesn't mean the other side is right.
Earth

Leaked Federal Climate Report Finds Link Between Climate Change, Human Activity (washingtonpost.com) 450

An anonymous reader shares a report from The New York Times (Warning: source may be paywalled; alternative source): The average temperature in the United States has risen rapidly and drastically since 1980, and recent decades have been the warmest of the past 1,500 years, according to a sweeping federal climate change report awaiting approval by the Trump administration. The draft report by scientists from 13 federal agencies, which has not yet been made public, concludes that Americans are feeling the effects of climate change right now. It directly contradicts claims by President Trump and members of his cabinet who say that the human contribution to climate change is uncertain, and that the ability to predict the effects is limited. "Evidence for a changing climate abounds, from the top of the atmosphere to the depths of the oceans," a draft of the report states. A copy of it was obtained by The New York Times. The authors note that thousands of studies, conducted by tens of thousands of scientists, have documented climate changes on land and in the air. "Many lines of evidence demonstrate that human activities, especially emissions of greenhouse (heat-trapping) gases, are primarily responsible for recent observed climate change," they wrote. The report was completed this year and is a special science section of the National Climate Assessment, which is congressionally mandated every four years. The National Academy of Sciences has signed off on the draft report, and the authors are awaiting permission from the Trump administration to release it. "The report concludes that even if humans immediately stopped emitting greenhouse gases into the atmosphere, the world would still feel at least an additional 0.50 degrees Fahrenheit (0.30 degrees Celsius) of warming over this century compared with today," reports The New York Times. "The projected actual rise, scientists say, will be as much as 2 degrees Celsius." Given the Trump administration's stance on climate change, some of the scientists who worked on the report are concerned that the report will be suppressed.
Security

The Man Who Wrote the Password Rules Regrets Doing So (gizmodo.com) 239

New submitter cdreimer writes: According to a report in The Wall Street Journal (Warning: source may be paywalled, alternative source), the author behind the U.S. government's password requirements regrets wasting our time on changing passwords so often. From the report: "The man who wrote the book on password management has a confession to make: He blew it. Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of 'NIST Special Publication 800-63. Appendix A.' The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers -- and to change them regularly. The document became a sort of Hammurabi Code of passwords, the go-to guide for federal agencies, universities and large companies looking for a set of password-setting rules to follow. The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn't keep the hackers at bay. Also off the mark: demanding a letter, number, uppercase letter and special character such as an exclamation point or question mark -- a finger-twisting requirement." "Much of what I did I now regret," Bill Burr told The Wall Street Journal. "In the end, [the list of guidelines] was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree."
The Military

North Korea Now Making Missile-Ready Nuclear Weapons, US Analysts Say (washingtonpost.com) 338

schwit1 shares a report from The Washington Post: North Korea has successfully produced a miniaturized nuclear warhead that can fit inside its missiles, crossing a key threshold on the path to becoming a full-fledged nuclear power, U.S. intelligence officials have concluded in a confidential assessment. The new analysis completed last month by the Defense Intelligence Agency comes on the heels of another intelligence assessment that sharply raises the official estimate for the total number of bombs in the communist country's atomic arsenal. The U.S. calculated last month that up to 60 nuclear weapons are now controlled by North Korean leader Kim Jong Un. Some independent experts believe the number of bombs is much smaller. "The IC [intelligence community] assesses North Korea has produced nuclear weapons for ballistic missile delivery, to include delivery by ICBM-class missiles," the assessment states, in an excerpt read to The Washington Post. "It is not yet known whether the reclusive regime has successfully tested the smaller design, although North Korea officially last year claimed to have done so," reports The Washington Post.
Businesses

US To Review Qualcomm's Complaints About Apple iPhone Patents (reuters.com) 35

U.S. trade officials have agreed to investigate Qualcomm's allegations that Apple Inc infringed on patents with its iPhone7 and other devices, the U.S. International Trade Commission said on Tuesday. From a report: The ITC will make its decision "at the earliest practicable time" and will set a target date for completing its investigation within the next 45 days, the commission said in a statement. Qualcomm filed the complaint in early July, asking U.S. trade regulators to ban certain models of the iPhone that contain so-called broadband modem chips, which help phones connect to wireless data networks, that were not made by Qualcomm. Apple began using broadband modem chips made by Intel Corp in the iPhone 7. Qualcomm has not alleged that Intel chips violate its patents but says the way Apple uses them in the iPhone does.
Businesses

Top VPN Provider Accused of Sharing Customer Traffic With Online Advertisers (bleepingcomputer.com) 55

Catalin Cimpanu, reporting for BleepingComputer: On Monday, the Center for Democracy & Technology (CDT) -- a US-based privacy group -- filed a complaint with the US Federal Trade Commission (FTC) accusing one of today's largest VPN providers of deceptive trade practices. In a 14-page complaint, the CDT accuses AnchorFree -- the company behind the Hotspot Shield VPN -- of breaking promises it made to its users by sharing their private web traffic with online advertisers for the purpose of improving the ads shown to its users. In its complaint to the FTC, the CDT is not accusing Anchor Free of secretly injecting ads, as users are well aware of this practice, but of not respecting promises made to its customers. More specifically, the CDT says that AnchorFree does not respect a pledge made in marketing materials that it won't track or sell customer information.
The Internet

Indian ISPs Appear To Be Blocking Access To Internet Archive (bit.ly) 24

An anonymous reader writes: Several Internet service providers in India have blocked access to Internet Archive -- a non-profit organisation that runs Wayback Machine, a massive archive of webpages dating back to over a decade -- Indian outlet NDTV reported Tuesday. Some subscribers of Airtel, Aircel, and Act Internet, among other carriers, are seeing a DoT notification when they attempt to access Internet Archive. The notification reads, 'Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India.' Popularly known as time-warping tool, Internet Archive's Way Back Machine has made copies of over three billion pages over the years. In the age of ephemeral media, Way Back Machine has become a cultural phenomenon, serving as a permanent registrar of popular websites and other webpages.
Privacy

Game of Thrones Hackers Demand Ransom (bbc.com) 70

An anonymous reader shares a report: Hackers who have leaked Game of Thrones scripts and other data from entertainment company HBO have released a note demanding a ransom payment. In a new dump, they also published a script for the as yet unbroadcast fifth episode of the current series. Company documents and video episodes of other HBO shows were also shared. The hackers claim to have 1.5TB of data in total, but HBO has said it does not believe its email system has been compromised. Documents in the latest leak were marked "HBO is falling," according to the Wired news site, and included legal information, employment agreements and other company files. The Associated Press reports that some documents appeared to contain personal contact information for Game of Thrones actors.
Security

Forget the Russians: Corrupt, Local Officials Are the Biggest Threat To Elections (securityledger.com) 287

chicksdaddy writes: Do you think that shadowy Russian hackers are the biggest threat to the integrity of U.S. elections? Think again. It turns out the bad actors in U.S. elections may be a lot more "Senator Bedfellow" than "Fancy Bear," according to Bev Harris, the founder of Black Box Voting. "It's money," Harris told The Security Ledger. "There's one federal election every four years, but there are about 100,000 local elections which control hundreds of billions of dollars in contract signings." Those range from waste disposal and sanitation to transportation."There are 1,000 convictions every year for public corruption," Harris says, citing Department of Justice statistics. "Its really not something that's even rare in the United States." We just don't think that corruption is a problem, because we rarely see it manifested in the ways that most people associate with public corruption, like violence or having to pay bribes to receive promised services, Harris said. But it's still there.

How does the prevalence of public corruption touch election security? Exactly in the way you might think. "You don't know at any given time if the people handling your votes are honest or not," Harris said. "But you shouldn't have to guess. There should be a way to check." And in the decentralized, poorly monitored U.S. elections system, there often isn't. At the root of our current problem isn't (just) vulnerable equipment, it's also a shoddy "chain of custody" around votes, says Eric Hodge, the director of consulting at Cyber Scout, which is working with the Board of Elections in Kentucky and in other states to help secure elections systems. That includes where and how votes are collected, how they are moved and tabulated and then how they are handled after the fact, should citizens or officials want to review the results of an election. That lack of transparency leaves the election system vulnerable to manipulation and fraud, Harris and Hodge argue.

Patents

'Podcasting Patent' Is Totally Dead, Appeals Court Rules (arstechnica.com) 30

A federal appeals court affirmed the April 2015 inter partes review (IPR) ruling -- a process that allows anyone to challenge a patent's validity at the U.S. Patent and Trademark Office -- that invalidated the so-called "podcasting patent." "That process was held by a company called Personal Audio, which had threatened numerous podcasts with lawsuits in recent years," reports Ars Technica. From the report: Back in 2013, Personal Audio began sending legal demand letters to numerous podcasters and companies, like Samsung, in an apparent attempt to cajole them into a licensing deal, lest they be slapped with a lawsuit. Some of those efforts were successful: in August 2014, Adam Carolla paid about $500,000. As Personal Audio began to gain more public attention, the Electronic Frontier Foundation, however, stepped in and said that it would challenge Personal Audio's US Patent No. 8,112,504, which describes a "system for disseminating media content representing episodes in a serialized sequence." In the end, EFF raised over $76,000, more than double its initial target.

[T]he history of Personal Audio dates to the late 1990s, when founder Jim Logan created a company seeking to create a kind of proto-iPod digital music player. But his company flopped. Years later, Logan turned to lawsuits to collect money from those investments. He sued companies over both the "episodic content" patent, as well as a separate patent, which Logan and his lawyers said covered playlists. He and his lawyers wrung verdicts or settlements from Samsung and Apple.

Businesses

Can Elon Musk Be Weaned Off Government Support? (thehill.com) 269

mi shares an opinion piece written by Jenny Beth Martin via The Hill: A study published in 2015 by The Los Angeles Times revealed that just three of Musk's ventures -- SolarCity Corp. (which manufactured and installed solar energy systems before its 2016 merger with Tesla Motors Inc.), Tesla Motors Inc. (which manufactures electric vehicles), and Space Exploration Technologies Corp., known as SpaceX (which builds rocket ships) -- had received $4.9 billion in government subsidies to that point in time. By now, Musk's various ventures have sucked well over $5 billion from government coffers. Worse: in order to induce car buyers to spend their money on electric vehicles, the federal government offers a $7,500 rebate on the purchase price. Some states enhance that rebate with rebates of their own. In California, for instance, purchasers of electric vehicles get a state-funded rebate of $2,500 more.

Slashdot reader mi asks: "Why are you and I subsidizing Elon Musk's products and when will his businesses be able to compete on their own?"

Cellphones

Ask Slashdot: Are My Drone Apps Phoning Home? 132

Slashdot reader bitwraith noticed something suspicious after flying "a few cheap, ready-to-fly quadcopters" with their smartphone apps, including drones from Odyssey and Eachine. I often turn off my phone's Wi-Fi support before plugging it in to charge at night, only to discover it has mysteriously turned on in the morning. After checking the Wi-Fi Control History on my S7, it appears as though the various cookie-cutter apps for these drones wake up to phone home in the night after they are opened, while the phone is charging. I tried contacting the publisher of the Odyssey VR app, with no reply.

I would uninstall the app, but then how would I fly my drone? Why did Google grant permission to control Wi-Fi state implicitly to all apps, including these abusers? Are the apps phoning home to report my flight history?

The original submission asks about similar experiences from other drone-owning Slashdot users -- so leave your best answers in the comments. What's making this phone wake up in the night?

Are the drone apps phoning home?
United States

Net Neutrality Rollback Faces New Criticism From US Congress -- And 16 Million Comments (techcrunch.com) 147

An anonymous reader quotes TechCrunch's newest update on the FCC's attempt to gut net neutrality protections: 10 Representatives who helped craft the law governing the FCC itself have submitted an official comment on the proposal ruthlessly dismantling it... The FCC is well within its rights to interpret the law, and it doesn't have to listen to contrary comments from the likes of you and me. It does, however, have to listen to Congress -- "congressional intent" is a huge factor in determining whether an interpretation of the law is reasonable. And in the comment they've just filed, Representatives Pallon, Doyle et al. make it very clear that their intent was and remains very different from how the FCC has chosen to represent it.

"The law directs the FCC to look at ISP services as distinct from those services that ride over the networks. The FCC's proposal contravenes our intent... While some may argue that this distinction should be abandoned because of changes in today's market, that choice is not the FCC's to make. The decision remains squarely with those of us in Congress -- and we have repeatedly chosen to leave the law as it is."

In another letter Thursday, 15 Congressmen asked FCC Chairman Ajit Pai to extend the time period for comments. They note the proposed changes have received more than 16 million comments, more than four times the number of comments on any previous FCC item. The Hill reports that the previous record was 4 million comments -- during the FCC's last net neutrality proceeding in 2014 -- and "the lawmakers also noted that the comment period for approving net neutrality in 2014 was 60 days. Pai has only allowed a 30-day comment period for his plan to rollback the rules."
The Military

A US Spy Plane Has Been Flying Circles Over Seattle For Days (thedrive.com) 232

turkeydance shares Thursday's report from The Drive: A very unique U.S. Air Force surveillance aircraft has been flying highly defined circles over Seattle and its various suburbs for nine days now... The aircraft, which goes by the callsign "SPUD21" and wears a nondescript flat gray paint job with the only visible markings being a U.S. Air Force serial on its tail, is a CASA CN-235-300 transport aircraft that has been extensively modified... It is covered in a dizzying array of blisters, protrusions, humps and bumps. These include missile approach warning detectors and large fairings on its empennage for buckets of forward-firing decoy flares, as well as both microwave -- the dome antenna behind the wing and flat antenna modification in front of the wing -- and ultra high-frequency satellite communications -- the platter-like antenna behind the dome antenna. A communications intelligence suite also appears to be installed on the aircraft, with the antenna farm on the bottom of its fuselage being a clear indication of such a capability. But what's most interesting is the aircraft's apparent visual intelligence gathering installation...

This particular CN-235, with the serial 96-6042, is one of six that researchers commonly associated with the Air Force's top secret 427th Special Operations Squadron... The 427th occupies the same space with a host of other "black" U.S. military aviation elements, most of which are affiliated to some degree with Joint Special Operations Command and the Intelligence Community... [I]f the military placed the aircraft under civilian control to some degree and with an appropriate legal justification, the U.S. military could possibly fly it in support of a domestic operation or one focused on a foreign suspect or organization operating within the United States... It's also entirely possible, if not probable, that the aircraft could be involved in a realistic training exercise rather than an actual operation... The area could have simply provided a suitable urban area to test existing or new surveillance technologies, too, though this could spark serious privacy concerns if true.

Friday an Air Force Special Operations Command public affairs officer confirmed that the plane was one of theirs, describing its activity as "just a training mission," according to Russia Today.
Government

'Elon Musk's Hyperloop Is Doomed For the Worst Reason' (bloomberg.com) 304

schwit1 quotes a Bloomberg column by Virginia Postrel: What makes Musk's Hyperloop plan seem like fantasy isn't the high-tech part. Shooting passengers along at more than 700 miles per hour seems simple -- engineers pushed 200 miles-per-hour in a test this week -- compared to building a tunnel from New York to Washington. And even digging that enormously long tunnel -- twice as long as the longest currently in existence -- seems straightforward compared to navigating the necessary regulatory approvals... The eye-rolling comes less from the technical challenges than from the bureaucratic ones.

With his premature declaration, Musk is doing public debate a favor. He's reminding us of what the barriers to ambitious projects really are: not technology, not even money, but getting permission to try. "Permits harder than technology," Musk tweeted after talking with Los Angeles mayor Eric Garcetti about building a tunnel network. That's true for the public sector as well as the private... SpaceX and its commercial-spaceflight competitors can experiment because Congress and President Barack Obama agreed to protect them from Federal Aviation Administration standards. usk is betting that his salesmanship will have a similar effect on the ground. He's trying to get the public so excited that the political pressures to allow the Hyperloop to go forward become irresistible. He seems to believe that he can will the permission into being. If he succeeds, he'll upend not merely intercity transit but the bureaucratic process by which things get built. That would be a true science-fiction scenario.

The Courts

Who's Profiting From The WannaCry Ransoms? (cnn.com) 31

CNN reports: For months, the ransom money from the massive WannaCry cyberattack sat untouched in online accounts. Now, someone has moved it. More than $140,000 worth of digital currency bitcoin has been drained from three accounts linked to the ransomware virus that hit hundreds of thousands of computers around the world in May.
Meanwhile, a Ukrainian law firm wants NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, said to be the point of origin of the NotPetya ransomware outbreak. An anonymous reader quotes BleepingComputer: The NotPetya ransomware spread via a trojanized M.E.Doc update, according to Microsoft, Bitdefender, Kaspersky, Cisco, ESET, and Ukrainian Cyber Police. A subsequent investigation revealed that Intellect-Service had grossly mismanaged the hacked servers, which were left without updates since 2013 and were backdoored on three different occasions... The Juscutum Attorneys Association says that on Tuesday, Ukrainian Cyber Police confirmed that M.E.Doc servers were backdoor on three different occasions in an official document. The company is now using this document as the primary driving force behind its legal action.
The law firm says victims must pay all of the court fees -- and give them 30% of any awarded damages.
Censorship

Syrian Open Source Developer Bassel Khartabil Believed Executed (www.cbc.ca) 150

TheSync writes: The Syrian open source developer, blogger, entrepreneur, hackerspace founder, and free culture advocate Bassell Khartabil was swept up in a wave of military arrests in March 2012. A CBC report states that his wife wrote on Facebook late Tuesday that she has received confirmation that security services executed Khartabil in October 2015 after torturing him in prison. Before his arrest, his most recent work included a 3D virtual reconstruction of the ancient city of Palmyra in Syria.
At the time of his arrest, Khartabi was 30 years old -- after which he started a blog called "MeInSyrianJail" and a Twitter account called "Live from my cell." Though he spent the last three and half years of his life in prison, he once tweeted that "Jail is not walls, not the executioner and guards. It is the hidden fear in our hearts that makes us prisoners." The latest tweet on his feed says "Rest in power our friend."

Thursday the Creative Commons nonprofit described the developer as "our friend and colleague," and announced the Bassel Khartabil Memorial Fund, "which will support projects in the spirit of Bassel's work."
Chrome

Browser Extensions Are Undermining Privacy (vortex.com) 82

pizzutz writes: Chrome's popular Web Developer plugin was briefly hijacked on Wednesday when an attacker gained control of the author's Google account and released a new version (0.49) which injected ads into web pages of more than a million users who downloaded the update. The version was quickly replaced with an uncompromised version (0.5) and all users are urged to update immediately.
Lauren Weinstein has a broader warning: While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained. Ironically, some of these add-on extensions and apps claim to be providing more security, while actually undermining the intrinsic security of the browsers themselves. Others (and this is an extremely common scenario) claim to be providing additional search or shopping functionalities, while actually only existing to silently collect and sell user browsing activity data of all sorts.
Lauren also warns about sites that "push users very hard to install these privacy-invasive, data sucking extensions" -- and believes requests for permissions aren't a sufficient safeguard for most users. "Expecting them to really understand what these permissions mean is ludicrous. We're the software engineers and computer scientists -- most users aren't either of these. They have busy lives -- they expect our stuff to just work, and not to screw them over."
Bug

The NSA Intercepted Microsoft's Windows Bug Reports (schneier.com) 52

Bruce Schneier writes on his security blog: Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports... "When Tailored Access Operations selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft... this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer..."

The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit?

The Courts

Volkswagen Executive Faces Jail Time After Guilty Plea (arstechnica.com) 135

An anonymous reader quotes Ars Technica: A former Volkswagen executive has pleaded guilty to two charges related to the company's diesel emissions scandal. He is the second VW Group employee to do so, following retired engineer James Liang pleading guilty last summer. The VW Group executive, Oliver Schmidt, was based outside of Detroit and was in charge of emissions compliance for Volkswagen in the years before the company was caught using illegal software to cheat on federal emissions tests.

Schmidt, a German citizen who was 48 when he was arrested in Miami in January on vacation, was originally charged with 11 felony counts. In accepting a plea deal from US federal officials, Schmidt will only plead guilty to two charges: conspiracy to defraud the US government and violate the Clean Air Act, and making a false statement under the Clean Air Act. Schmidt will be sentenced in December. He could face up to seven years in prison, as well as fines from $40,000 to $400,000, according to the plea agreement. After that, Schmidt could also be required to serve four years of supervised release.

Businesses

Wells Fargo Sued Again For Misbilling Car Owners And Veterans (reuters.com) 75

UnknowingFool writes: A new class action lawsuit from a former Wells Fargo customer claimed the bank charged loan customers for auto insurance they did not need. With auto loans, the bank often requires that full coverage auto insurance be bought when the loan is made. However, lead plaintiff Paul Hancock says that Wells Fargo charged him for auto insurance even though he informed them he already had an insurance policy with another company. Wells Fargo also charged him a late fee when he disputed the charge. Wells Fargo does not dispute that it did this to customers and has offered to refund $80 million to 570,000 customers who were charged for insurance. The lawsuit however is to recoup late fees, delinquency charges, and other fees that the refund would not cover.
NPR describes Wells Fargo actually repossessing the car of a man who was "marked as delinquent for not paying this insurance -- which he didn't want or need or even know about." Friday the bank also revealed the number of "potentially unauthorized accounts" from its earlier fake accounts scandal could be much higher than previous estimates -- and that they're now expecting their legal costs to exceed the $3.3 billion they'd already set aside.

And Reuters reports that the bank will also be paying $108 million "to settle a whistleblower lawsuit claiming it charged military veterans hidden fees to refinance their mortgages, and concealed the fees when applying for federal loan guarantees."
Communications

Is Microsoft Hustling Us With 'White Spaces'? (wired.com) 65

rgh02 writes: Microsoft recently announced their plan to deploy unused television airwaves to solve the digital divide in America. And while the media painted this effort as a noble one, at Backchannel, Susan Crawford reveals the truth: "Microsoft's plans aren't really about consumer internet access, don't actually focus on rural areas, and aren't targeted at the US -- except for political purposes." So what is Microsoft really up to?
The article's author believes Microsoft's real game is "to be the soup-to-nuts provider of Internet of Things devices, software, and consulting services to zillions of local and national governments around the world. Need to use energy more efficiently, manage your traffic lights, target preventative maintenance, and optimize your public transport -- but you're a local government with limited resources and competence? Call Microsoft."

The article argues Microsoft wants to bypass mobile data carriers who "will want a pound of flesh -- a percentage -- in exchange for shipping data generated by Microsoft devices from Point A to Point B... [I]n many places, they are the only ones allowed to use airwave frequencies -- spectrum -- under licenses from local governments for which they have paid hundreds of millions of dollars."
Social Networks

FBI Tracked 'Fake News' Believed To Be From Russia On Election Day (cnn.com) 352

An anonymous reader quotes a report from CNN: The FBI monitored social media on Election Day last year in an effort to track a suspected Russian disinformation campaign utilizing "fake news," CNN has learned. In the months leading up to Election Day, Twitter and Facebook were the feeding grounds for viral "news" stories floating conspiracies and hoaxes, many aimed at spreading negative false claims about Hillary Clinton. On Election Day, dozens of agents and analysts huddled at a command center arrayed with large monitoring screens at the FBI headquarters in Washington watching for security threats, according to multiple sources. That included analysts monitoring cyber threats, after months of mounting Russian intrusions targeting every part of the US political system, from political parties to policy think-tanks to state election systems. On this day, there was also a group of FBI cyber and counterintelligence analysts and investigators watching social media. FBI analysts had identified social media user accounts behind stories, some based overseas, and the suspicion was that at least some were part of a Russian disinformation campaign, according to two sources familiar with the investigation.
Open Source

Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk) 306

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Android

BLU Claims Innocence, Gets Phones Reinstated On Amazon (slashgear.com) 43

Earlier this week, Amazon suspended budget phone maker BLU from selling its phones on the site, citing a "potential security issue." A few days have passed and BLU has made its defense. SlashGear reports: AdUps, the Chinese company that provides affordable firmware update software to countless budget Android phones, is not spyware and not even Kryptowire, the security firm that broke the news last year, called it that, insists BLU. To be fair, Kryptowire really didn't. In its 2016 report, it simply described AdUps' OTA software as "FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE." Curiously, that is more or less how the FTC defines spyware (PDF). In its 2017 follow-up, it did drop the second part of that phrase and simply reported on "mobile devices for Personally Identifiable Information (PII) collection and transmission to third parties." While BLU, and a few other OEMs, was caught unaware by the first report, it's insisting on its innocence in this second instance. Its defense stems from the argument that it is doing nothing that violates its Privacy Policy and, therefore, doesn't constitute any wrongdoing. Yes, that privacy policy that barely anyone reads, which can't legally be blamed on manufacturers anyway.

In other words, when you agreed to use BLU's devices, you basically agreed that such PII could possibly be transmitted to a third party outside the US. In this particular case, that does apply to the situation with AdUps. Interestingly, the policy's copyright dates back to 2016, when the AdUps issue first came up. The Internet Archives doesn't seem to have any version of that page before April this year. And so we come to BLU's second arguments: everybody's doing it. The data that AdUps collects is the same or even just a fraction of what other OEMs are collecting. Google is hardly the bastion of privacy and other OEMs are also collecting such data and sending it to servers in China, as is the case with Huawei and ZTE. Finally, BLU says that Kryptowire's new report really only identifies the Cubot X16S, from a Chinese OEM, as the only smartphone really spying on its users.
UPDATE: BLU has confirmed that its devices "are now back up for sale on Amazon."
The Internet

Supreme Court Moves Toward Digital With Online Court Filings (thehill.com) 20

An anonymous reader quotes a report from The Hill: Supreme Court case documents will soon be made available for the first time online. The court announced Thursday that it will launch an electronic filing system on Nov. 13 that will make "virtually all new filings" accessible to the public via the court's website for free. Court documents for the lower courts are typically available online through the Public Access to Court Electronics Records, which charges a fee per page. The court's announcement comes just days after the high court unveiled a newly designed website. Court watchers say it's a surprising, but welcome, jump into the 21st century for a court that's been reluctant over the years to advance its technologies.
Government

Apple Owns $52.6 Billion In US Treasury Securities, More Than Mexico, Turkey or Norway (cnbc.com) 93

randomErr shares a report from CNBC: If Apple were a foreign country, CEO Tim Cook might have considerable political clout in the United States. That's because the tech giant owns $52.6 billion in U.S. Treasury securities, which would rank it among the top 25 major foreign holders, according to estimates from the Treasury Department and Apple's SEC filings released Wednesday. Apple's stake in U.S. government securities as of June, up from $41.7 billion as of last September, puts it ahead of Israel, Mexico and the Netherlands, according to Treasury data released last month, which tracks up to May of this year. With $20.1 billion in short-term Treasury securities and $31.35 billion in long-term marketable Treasury securities, Apple still falls far below countries like China and Japan, which hold over a trillion dollars in U.S. government debt each -- which has caused considerable hand-wringing in Washington. Still, Apple is way above other big companies like Amazon, which owns less than $5 billion in U.S. government or agency securities combined, according to regulatory filings.
The Military

US Army Calls Halt On Use of Chinese-Made Drones By DJI (theverge.com) 45

Due to "an increased awareness of cyber vulnerabilities with DJI products," the U.S. Army is asking all units to discontinue the use of DJI drones. The news comes from an internal memo obtained by the editor of SUAS News. It notes that the Army had issued over 300 separate releases authorizing the use of DJI products for Army missions, meaning a lot of hardware may have been in active use prior to the memo, which is dated August 2nd, 2017. The Verge reports: SUAS News published a piece back in May of this year that made a number of serious accusations about data gathered by DJI drones. Author Kevin Pomaski starts out writing, "Using a simple Google search the data mined by DJI from your provided flights (imagery, position and flight logs) and your audio can be accessed without your knowing consent." However, he never follows up with evidence to demonstrate how this data becomes public or can be found through a Google search. Pomaski also point out, correctly, that when DJI users elect to upload data to their SkyPixel accounts through the DJI app, this data can be stored on servers in the U.S., Hong Kong, and China. This data can include videos, photos, and audio recorded by your phone's microphone, and telemetry data detailing the height, distance, and position of your recent flights. DJI provided the following statement to The Verge: "People, businesses and governments around the world rely on DJI's products and technology for a variety of uses including sensitive and mission critical operations. The Department of the Army memo even reports that they have 'issued over 300 separate Airworthiness Releases for DJI products in support of multiple organizations with a variety of mission sets.' We are surprised and disappointed to read reports of the U.S. Army's unprompted restriction on DJI drones as we were not consulted during their decision. We are happy to work directly with any organization, including the U.S. Army, that has concerns about our management of cyber issues. We'll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by 'cyber vulnerabilities.' Until then, we ask everyone to refrain from undue speculation."
Republicans

Silicon Valley Says Trump Plan To Reduce Immigration Will Hurt Economy (cbslocal.com) 273

An anonymous reader quotes a report from CBS Local: President Donald Trump's push to cut legal immigration to the United States in half is being met by opposition from Silicon Valley leaders, economists, and even some Republicans senators, who all say legal immigration is key to economic prosperity. The Trump administration Wednesday endorsed the Reforming American Immigration for a Strong Economy Act or RAISE Act, a Senate bill introduced by two Republican senators earlier this year, that aims to cut all U.S. immigration in half. Business leaders, especially those in California's tech industry, say the bill will stymie their ability to fill jobs and grow the U.S. economy. California's economy is the sixth largest in the world and many attribute that success, in part, to immigration. The Information Technology Industry Council, which represents companies including Amazon, Apple, Adobe, Dell, Facebook, Hewlett-Packard, Google, Visa, Nokia, and Microsoft railed against the bill.

Dean Garfield, President and CEO of the council said, "This is not the right proposal to fix our immigration system because it does not address the challenges tech companies face, injects more bureaucratic dysfunction, and removes employers as the best judge of the employee merits they need to succeed and grow the U.S. economy." Garfield argues that the tech industry cannot find enough STEM-skilled Americans to fill open positions and that U.S. immigration policy "stops us from keeping the best and brightest innovators here in the U.S. and instead we lose out to our overseas competitors."

Security

ESET Spreading FUD About Torrent Files, Clients (welivesecurity.com) 60

An anonymous reader writes: ESET has taken fear mongering, something that some security firms continue to do, to a new level by issuing a blanket warning to users to view torrent files and clients as a threat. The warning came from the company's so-called security evangelist Ondrej Kubovic, (who used extremely patchy data to try and scare the bejesus out of computer users (Google cache). Like all such attempts at FUD, his treatise ended with a claim that ESET was the one true source whereby users could obtain "knowledge" to protect themselves. "If you want to stay informed and protect yourself by building up your knowledge, read the latest pieces by ESET researchers on WeLiveSecurity," he wrote. Kubovic used the case of Transmission -- a BitTorrent client that was breached in March and August 2016 with malware implanted and aimed at macOS users -- to push his barrow. But to use this one instance to dissuade people from downloading BitTorrent clients en masse is nothing short of scaremongering. There are dozens, if not more, BitTorrent clients which enjoy much wider usage, with uTorrent being one good example. Kubovic then used the old furphy which is resorted to by those who lobby on behalf of the copyright industry -- torrents are mostly illegal files and downloading them is Not The Right Thing To Do. But then he failed to mention that hundreds of thousands of perfectly legitimate files are also offered as torrents -- for instance, this writer regularly downloads images of various GNU/Linux distributions using a BitTorrent client because it is the more community-friendly thing to do, rather than using a direct HTTP link and hogging all the bandwidth available.
The Courts

'Pharma Bro' Martin Shkreli Found Guilty of 3 of 8 Charges, Including Securities Fraud (cnbc.com) 146

Former pharmaceutical chief executive Martin Shkreli has been found guilty of securities fraud. A New York City jury returned the verdict after five days of deliberations. From a report: Shkreli, 34, was convicted of some of the eight criminal counts that he had faced, which had included securities fraud and conspiracy to commit both securities fraud and wire fraud, after a more-than-month-long trial in Brooklyn, New York, federal court. Of the eight counts, Shkreli was found guilty of three. Those included conspiracy to commit securities fraud, and two counts of securities fraud. He was found not guilty of five counts, including those related to wire fraud. He faces up to 20 years in prison when he is sentenced.

Slashdot Top Deals