Iphone

iPhone 8's 3D Face Scanner Will Work In 'Millionths of a Second' (phonearena.com) 154

According to a report by the Korea Herald, Apple's upcoming iPhone 8 will ditch the fingerprint identification in favor of 3D face recognition, which will work "in the millionths of a second." PhoneArena reports: The Samsung Galaxy series were among the first mainstream devices to feature iris recognition, but the speed and accuracy of the current technology leave a lot to be desired, and maybe that is why current phones ship with an eye scanner AND a fingerprint reader. The iPhone 8, on the other hand, is expected to make a full dive into 3D scanning. Both Samsung and Apple are rumored to have tried to implement a fingerprint scanner under the display glass, but failed as the technology was not sufficiently advanced. The new iPhone will also introduce 3D sensors on both its front and back for Apple's new augmented reality (AR) platform. This latest report also reveals that Apple will not use curved edges for its iPhone 8 screen, but will instead use a flat AMOLED panel. The big benefit of using AMOLED for Apple thus is not the curve, but its thinner profile compared to an LCD screen.
Bitcoin

Third Party Trackers On Web Shops Can Identify Users Behind Bitcoin Transactions (helpnetsecurity.com) 63

An anonymous reader quotes a report from Help Net Security: More and more shopping websites accept cryptocurrencies as a method of payment, but users should be aware that these transactions can be used to deanonymize them -- even if they are using blockchain anonymity techniques such as CoinJoin. Independent researcher Dillon Reisman and Steven Goldfeder, Harry Kalodner and Arvind Narayanan from Princeton University have demonstrated that third-party online tracking provides enough information to identify a transaction on the blockchain, link it to the user's cookie and, ultimately, to the user's real identity. "Based on tracking cookies, the transaction can be linked to the user's activities across the web. And based on well-known Bitcoin address clustering techniques, it can be linked to their other Bitcoin transactions," they noted. "We show that a small amount of additional information, namely that two (or more) transactions were made by the same entity, is sufficient to undo the effect of mixing. While such auxiliary information is available to many potential entities -- merchants, other counterparties such as websites that accept donations, intermediaries such as payment processors, and potentially network eavesdroppers -- web trackers are in the ideal position to carry out this attack," they pointed out.
Privacy

Meeting and Hotel Booking Provider's Data Found in Public Amazon S3 Bucket (threatpost.com) 37

Leaks of personal and business information from unsecured Amazon S3 buckets are piling up. From a report: The latest belongs to Groupize, a Boston-area business that sells tools to manage small group meetings as well as a booking engine that handles hotel room-block reservations. Researchers at Kromtech Security found a publicly accessible bucket containing business and personal data, including contracts and agreements between hotels, customers and Groupize, Kromtech said. The data included some credit card payment authorization forms that contained full payment card information including expiration data and CVV code. The researchers said the database stored in S3 contained numerous folders, below; one called "documents" held close to 3,000 scanned contracts and agreements, while another called all_leads had more than 3,100 spreadsheets containing critical Groupize business data including earnings. There were 37 other folders in the bucket containing tens of thousands of files, most of them storing much more benign data.
Google

Supreme Court Asked To Nullify the Google Trademark (arstechnica.com) 196

Is the term "google" too generic and therefore unworthy of its trademark protection? That's the question before the US Supreme Court. From a report: What's before the Supreme Court is a trademark lawsuit that Google already defeated in a lower court. The lawsuit claims that Google should no longer be trademarked because the word "google" is synonymous to the public with the term "search the Internet." "There is no single word other than google that conveys the action of searching the Internet using any search engine," according to the petition to the Supreme Court. It's perhaps one of the most consequential trademark case before the justices since they ruled in June that offensive trademarks must be allowed. The Google trademark dispute dates to 2012 when a man named Chris Gillespie registered 763 domain names that combined "google" with other words and phrase, including "googledonaldtrump.com."
Security

UK.gov To Treat Online Abuse as Seriously as Hate Crime in Real Life (theregister.co.uk) 307

The UK's Crown Prosecution Service has pledged to tackle online abuse with the same seriousness as it does hate crimes committed in the flesh. From a report: Following public concern about the increasing amount of racist, anti-religious, homophobic and transphobic attacks on social media, the CPS has today published a new set of policy documents on hate crime. This includes revised legal guidance for prosecutors on how they should make decisions on criminal charges and handle cases in court. The rules officially put online abuse on the same level as offline hate crimes -- defined as an action motivated by hostility or prejudice -- like shouting abuse at someone face-to-face. They commit the CPS to prosecuting complaints about online material "with the same robust and proactive approach used with online offending." Prosecutors are told to consider the effect on the wider community and whether to identify both the originators and the "amplifiers or disseminators."
Businesses

The Windows App Store is Full of Pirate Streaming Apps (torrentfreak.com) 98

Ernesto Van der Sar, reporting for TorrentFreak: When we were browsing through the "top free" apps in the Windows Store, our attention was drawn to several applications that promoted "free movies" including various Hollywood blockbusters such as "Wonder Woman," "Spider-Man: Homecoming," and "The Mummy." Initially, we assumed that a pirate app may have slipped past Microsoft's screening process. However, the 'problem' doesn't appear to be isolated. There are dozens of similar apps in the official store that promise potential users free movies, most with rave reviews. Most of the applications work on multiple platforms including PC, mobile, and the Xbox. They are pretty easy to use and rely on the familiar grid-based streaming interface most sites and services use. Pick a movie or TV-show, click the play button, and off you go. The sheer number of piracy apps in the Windows Store, using names such as "Free Movies HD," "Free Movies Online 2020," and "FreeFlix HQ," came as a surprise to us. In particular, because the developers make no attempt to hide their activities, quite the opposite.
Television

Plex Responds, Will Allow Users To Opt Out Of Data Collection (www.plex.tv) 91

stikves writes: This weekend Plex had announced they were implementing a new privacy policy, including removing the ability for opting out of data collection and sharing. Fortunately the backlash here, on their forums, Reddit, and other placed allowed them to offer a more sensible state, including bringing back opt-out, and anonymity of some of the data.
Plex CEO Keith Valory wrote Saturday that some information must be transferred just to provide the service -- for example, servers still check for updates, they have to determine whether a user has a premium Plex Pass, and "we have to provide accurate reporting to licensors for things like trailers and extras, photo tagging, lyrics, licensed codecs and so on... [W]e came to the conclusion that providing an 'opt out' in the set-up gives a false sense of privacy and feels disingenuous on our part. That is, even if you opted out, there is still a bunch of data we are collecting that we tried to call out as exceptions." But to address concerns about data collection, Plex will make new changes to their privacy policy: [I]n addition to providing the ability to opt out of crash reporting and marketing communications, we will provide you the ability to opt out of playback statistics for personal content on your Plex Media Server, like duration, bit rate, and resolution in a new privacy setting... we are going to "generalize" playback stats in order to make it impossible to create any sort of "fingerprint" that would allow anyone to identify a file in a library... Finally, in the new privacy tab in the server settings we will provide a full list of all product events data that we collect... Our intention here is to provide full transparency. Users will have one place where they can see what data is being collected and where they can opt out of playback data that they are not comfortable with."
And he emphasized that "we will never sell or share data related to YOUR content libraries."
Yahoo!

Alleged Yahoo Hacker Will Be Extradited To The US (tucson.com) 45

An anonymous reader quotes the AP: A Canadian man accused in a massive hack of Yahoo emails agreed Friday to forgo his extradition hearing and go face the charges in the United States. Karim Baratov was arrested in Hamilton, Ontario, in March under the Extradition Act after U.S. authorities indicted him and three others, including two alleged officers of Russia's Federal Security Service. They are accused of computer hacking, economic espionage and other crimes.

An extradition hearing for the 22-year-old Baratov had been scheduled for early September, but he signed documents before a Canadian judge Friday agreeing to waive it. His lawyer, Amedeo DiCarlo, said that does not amount to an admission of guilt... U.S. law enforcement officials call Baratov a "hacker-for-hire" paid by members of the Federal Security Service, or FSB, considered the successor to the KGB of the former Soviet Union.

Yahoo also believes that attack -- which breached at least 500 million Yahoo accounts in 2014 -- was perpetrated by "a state-sponsored actor." The CBC reports that Baratov lives alone in a large, new house in an expensive subdivision. "His parents either bought him the house," one neighbor told the CBC, "or he's getting money somewhere else, because he doesn't seem to work all day; he just drives up and down the street."

The CBC also reports that Baratov's Facebook page links to a Russian-language site "which claims to offer a number of services, including servers for rent in Russia, protection from distributed denial of service (DDoS) attacks, and domain names in China."
Censorship

50,000 Users Test New Anti-Censorship Tool TapDance (www.cbc.ca) 198

The CBC reports: What if circumventing censorship didn't rely on some app or service provider that would eventually get blocked but was built into the very core of the internet itself? What if the routers and servers that underpin the internet -- infrastructure so important that it would be impractical to block -- could also double as one big anti-censorship tool...? After six years in development, three research groups have joined forces to conduct real-world tests.
An anonymous reader writes: Earlier this week, Professor Eric Wustrow, from the University of Colorado at Boulder, presented An ISP-Scale Deployment of TapDance at the USENIX Workshop on Free and Open Communications on the Internet. TapDance is an anti-censorship, circumvention application based on "refraction networking" (formerly known as "decoy routing") that has been the subject of academic research for several years. Now, with integration with Psiphon, 50,000 users, a deployment that spans two ISPs, and an open source release, it seems to have graduated to the real world.
"In the long run, we absolutely do want to see refraction networking deployed at as many ISPs that are as deep in the network as possible," one of the paper's authors told the CBC. "We would love to be so deeply embedded in the core of the network that to block this tool of free communication would be cost-prohibitive for censors."
Bug

Bug In Lowe's Site Sold Goods For Free. Couple Arrested For Exploiting It (bleepingcomputer.com) 239

An anonymous reader writes: A couple from the Brick Township in New Jersey stands accused of using a flaw in the Lowes online portal to receive goods for free at their home. According to the Ocean County Prosecutor's Office, the couple tried to steal goods worth $258,068.01, but only managed to receive approximately $12,971.23 worth of merchandise. Officers executing a search warrant said the residence resembled "more of a warehouse than a home." Investigators said they recovered enough merchandise to fill an 18-foot trailer. Most items were in their original packaging and still had their price tags. Police say one of the suspects posted ads for some of the stolen goods on a Facebook group used to buy and sell used objects. The suspect was selling most of the items at half the price offered on the Lowes website. Authorities did not provide in-depth technical details but revealed the flaw resided in the site's gift card module.
One of the suspects' lawyer argued that his client didn't have the skills to penetrate the security on the web site of a Fortune 500 company -- and insisted instead that his client just had a really special knack for finding good deals.
Crime

FBI Accepts New Evidence in 46-Year-Old D.B. Cooper Case (dailymail.co.uk) 123

An anonymous reader quotes the Daily Mail: The FBI is looking at an 'odd bit of buried foam' as possible evidence in the cold case investigation into criminal mastermind D.B. Cooper, according to private investigators. The potential evidence was handed over to authorities last week by the team of sleuths who believe the foam made up a part of Cooper's parachute backpack, the New York Daily News reports. Cooper, one of the 20th century's most compelling masterminds, hijacked a Boeing 727 at Seattle-Tacoma airport in 1971 and held its crew and passengers hostage with a bomb. Once his demand of $200,000 cash -- the equivalent of $1,213,226 today -- was reached and transferred onto the plane, Cooper had the crew take off before he parachuted out over the dense Pacific Northwest woods and disappeared.

The discovery of the foam comes just weeks after the FBI uncovered what is believed to be part of Cooper's parachute strap, which private investigators claim could lead authorities to his stolen fortune. In addition, the FBI also received three 'unknown' pieces of fabric that were found close to where the alleged parachute strap was located.

The 40-member cold case team is being overseen by a former FBI supervisor. At one point they essentially crowdsourced the investigation by requesting help from the general public, and the team now says they've found a credible source -- providing information substantiated by FBI field notes -- which has led them to this new evidence.
The Military

A Global Fish War is Coming, Warns US Coast Guard (usni.org) 192

schwit1 shares an article from the U.S. Naval Institute's Proceedings magazine. It includes this warning from the Coast Guard's chief of fisheries law enforcement: Nearly two decades into the 21st Century, it has become clear the world has limited resources and the last area of expansion is the oceans. Battles over politics and ideologies may be supplanted by fights over resources as nations struggle for economic and food security. These new conflicts already have begun -- over fish... In 1996, Canada and Spain almost went to war over the Greenland turbot. Canada seized Spanish vessels it felt were fishing illegally, but Spain did not have the same interpretation of the law and sent gunboats to escort its ships. In 1999, a U.S. Coast Guard cutter intercepted a Russian trawler fishing in the U.S. exclusive economic zone. The lone cutter was promptly surrounded by 19 Russian trawlers. Fortunately, the Russian Border Guard and the Coast Guard drew on an existing relationship and were able to defuse the situation...

Japan protested 230 fishing vessels escorted by seven China Coast Guard ships entering the waters of the disputed Senkaku Islands. Incidents in the South China Sea between the Indonesian Navy and Chinese fishing vessels and China Coast Guard have escalated to arrests, ramming, and warning shots leading experts to suggest only navies and use of force can stop the IUU fishing... The United States needs to show it is serious about protecting sustainable fisheries and international rule of law. It needs a fleet that not only will provide a multilateral cooperation platform, but also take action against vessels and fleets that are unwilling to cooperate... If cooperation cannot be achieved, the United States should prepare for a global fish war.

When I read "fish war," I was imagining it more like this.
Crime

FBI Warns US Private Sector To Cut Ties With Kaspersky (cyberscoop.com) 173

An anonymous reader quotes CyberScoop: The FBI has been briefing private sector companies on intelligence claiming to show that the Moscow-based cybersecurity company Kaspersky Lab is an unacceptable threat to national security, current and former senior U.S. officials familiar with the matter tell CyberScoop... The FBI's goal is to have U.S. firms push Kaspersky out of their systems as soon as possible or refrain from using them in new products or other efforts, the current and former officials say.

The FBI's counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. In light of successive cyberattacks against the electric grid in Ukraine, the FBI has focused on this sector due to the critical infrastructure designation assigned to it by the Department of Homeland Security... The U.S. government's actions come as Russia is engaged in its own push to stamp American tech giants like Microsoft out of that country's systems.

Meanwhile Bloomberg Businessweek claims to have seen emails which "show that Kaspersky Lab has maintained a much closer working relationship with Russia's main intelligence agency, the FSB, than it has publicly admitted" -- and that Kaspersky Lab "confirmed the emails are authentic."

Kaspersky Lab told ZDNet they have not confirmed the emails' authenticity. A representative for Kaspersky Lab says that the company does not have "inappropriate" ties with any government, adding that "the company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime."
Encryption

Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) 94

In April Chrome began marking HTTP pages as "not secure" in its address bar if the pages had password or credit card fields. They're about to take the next step. An anonymous reader quotes SearchEngineLand: Last night, Google sent email notifications via Google Search Console to site owners that have forms on web pages over HTTP... Google said, "Beginning in October 2017, Chrome will show the 'Not secure' warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode."
Google warned in April that "Our plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria. Since the change in Chrome 56, there has been a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop, and we're ready to take the next steps..."

"Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the 'Not secure' warning when users type data into HTTP sites."
Government

Microsoft Avoids Washington State Taxes, Gives Nevada Schoolkid A Surface Laptop (seattletimes.com) 72

theodp writes: The Official Microsoft Blog hopes a letter from a Nevada middle schooler advising Microsoft President Brad Smith to "keep up the good work running that company" will "inspire you like it did us." Penned as part of a math teacher's assignment to write letters to the businesses that they like, Microsoft says the letter prompted Smith to visit the Nevada school to meet 7th-grader Sky Yi in person as part of the company's effort to draw attention to the importance of math and encourage students and teachers who are passionate about STEM (science, technology, engineering and math) education. In an accompanying video of the surprise meeting, Smith presents Yi with a new Surface Laptop that comes with Windows 10 S, a version of the OS that has been streamlined with schools in mind. "Not bad for a little letter," the Microsoft exec says.

Speaking of Microsoft, Nevada, and education, Bing Maps coincidentally shows the school Smith visited is just a 43-minute drive from the software giant's Reno-based Americas Operations Center. According to the Seattle Times, routing sales through the Reno software-licensing office helps Microsoft minimize its tax bills (NV doesn't tax business income) to the detriment, some say, of Washington State public schools.

Microsoft's state and local taxes will drop to just $30 million for the last year (from an average of $214 milion over the previous 14 years) according to the Seattle Times. "A Microsoft spokesman said the decline in 2017 was caused by the company's deferring taxes on some income to future years and the winding down of the company's smartphone business."
Television

Should Plex Stop Allowing Users To Opt Out of Data Collection? (www.plex.tv) 158

UPDATE: Plex has now made more changes to their privacy policy to address concerns about data collection, including "the ability to opt out of playback statistics for personal content on your Plex Media Server" and a promise "to 'generalize' playback stats in order to make it impossible to create any sort of 'fingerprint' that would allow anyone to identify a file in a library."

Here's what the original kerfuffle was about. Slashdot reader bigdogpete wrote: Many users of Plex got an email that said they were changing their privacy policy which goes into effect on 20 September 2017. While most of the things are pretty standard, users found it odd that they were now not going to allow users to opt-out of data collection. Here is the part from their website explaining the upcoming changes.

"In order to understand the usage across the Plex ecosystem and how we need to improve, Plex will continue to collect usage statistics, such as device type, duration, bit rate, media format, resolution, and media type (music, photos, videos, etc.). We will no longer allow the option to opt out of this statistics collection, but we do not sell or share your personally identifiable statistics. Again, we will not collect any information that identifies libraries, files, file names, and/or the specific content stored on your privately hosted Plex Media Servers. The only exception to this is when, and only to the extent, you use Plex with third-party services such as Sonos, Alexa, webhooks, and Last.fm."

What do you all think?

Electronic Frontier Foundation

EFF Honors Chelsea Manning, an IFEX Leader, And TechDirt's Editor (eff.org) 108

An anonymous reader quotes the Electronic Frontier Foundation: Whistleblower and activist Chelsea Manning, Techdirt editor and open internet advocate Mike Masnick, and IFEX executive director and global freedom of expression defender Annie Game are the distinguished winners of the 2017 Pioneer Awards, which recognize leaders who are extending freedom and innovation on the electronic frontier. This year's honorees -- a whistleblower, an editor, and an international freedom of expression activist -- all have worked tirelessly to protect the public's right to know.

The award ceremony will be held the evening of September 14 at Delancey Street's Town Hall Room in San Francisco. The keynote speaker is Emmy-nominated comedy writer Ashley Nicole Black, a correspondent on Full Frontal with Samantha Bee who uses her unique comedic style to take on government surveillance, encryption, and freedom of information.

The EFF describes Chelsea Manning as "a network security expert, whistleblower, and former U.S. Army intelligence analyst whose disclosure of classified Iraq war documents exposed human rights abuses and corruption the government kept hidden from the public." Their annoncement also notes that Annie Game has led the IFEX network of 115+ journalism and civil liberties groups around the world for over 10 years, and that Mike Masnick coined the term "The Streisand Effect" -- and is currently being sued by that man who claims he invented email.
Security

Marcus Hutchins' Code Used In Malware May Have Come From GitHub (itwire.com) 52

troublemaker_23 quotes ITWire: A security researcher says code has been discovered that was written by British hacker Marcus Hutchins that was apparently 'borrowed' by the creator of the banking trojan Kronos. The researcher, known as Hasherezade, posted a tweet identifying the code that had been taken from Hutchins' repository on GitHub.
Hasherezade also found a 2015 tweet where a then-20-year-old Hutchins first announces he's discovered the hooking engine he wrote for his own blog -- being used in a malware sample. ("This is why we can't have nice things," Hutchins jokes.) Hasherezade analyzed Kronos's code and concluded "the author has a prior knowledge in implementing malware solutions... The level of precision lead us to the hypothesis, that Kronos is the work of a mature developer, rather than an experimenting youngster."

Monday on Twitter Hutchins posted that "I'm still on trial, still not allowed to go home, still on house arrest; but now I am allowed online. Will get my computers back soon."
Government

US State Department Suffers Worldwide Email Outage (usatoday.com) 69

An anonymous reader quotes USA Today: The U.S. State Department's email system underwent a worldwide outage Friday, affecting all its unclassified communications within and outside of the department. The system was fully restored by Friday afternoon [after 12 hours], said a State Department official briefed on the incident who was not authorized to speak publicly and requested anonymity.

It was not clear what caused the early morning outage, but spokeswoman Heather Nauert told reporters it was not "any external action or interference."

Databases

Google and ProPublica Team Up To Build a National Hate Crime Database (techcrunch.com) 310

In partnership with ProPublica, Google News Lab is launching a new tool to track hate crimes across America. The "Documenting Hate News Index" is being powered by machine learning to track reported hate crimes across all 50 states, collecting data from February 2017 onward. TechCrunch reports: Data visualization studio Pitch Interactive helped craft the index, which collects Google News results and filters them through Google's natural language analysis to extract geographic and contextual information. Because they are not catalogued in any kind of formal national database, a fact that inspired the creation of the index to begin with, Google calls the project a "starting point" for the documentation and study of hate crimes. While the FBI is legally required to document hate crimes at the federal level, state and local authorities often fail to report their own incidents, making the data incomplete at best.

The initiative is a data-rich new arm of the Documenting Hate project which collects and verifies hate incidents reported by both individual contributors and by news organizations. The Hate News Index will keep an eye out for false positives (casual uses of the word "hate" for example), striking a responsible balance between machine learning and human curation on a very sensitive subject. Hate events will be mapped onto a calendar in the user interface, though users can also use a keyword search or browse through algorithmic suggestions. For anyone who'd like to take the data in a new direction, Google will open sourced its data set, making it available through GitHub.

Music

How Hackers Can Use Pop Songs To 'Watch' You (fastcompany.com) 33

An anonymous reader quotes a report from Fast Company: Forget your classic listening device: Researchers at the University of Washington have demonstrated that phones, smart TVs, Amazon Echo-like assistants, and other devices equipped with speakers and microphones could be used by hackers as clandestine sonar "bugs" capable of tracking your location in a room. Their system, called CovertBand, emits high-pitched sonar signals hidden within popular songs -- their examples include songs by Michael Jackson and Justin Timberlake -- then records them with the machine's microphone to detect people's activities. Jumping, walking, and "supine pelvic tilts" all produce distinguishable patterns, they say in a paper. (Of course, someone who hacked the microphone on a smart TV or computer could likely listen to its users, as well.)
Google

Google Explains Why It Banned the App For Gab, a Right-Wing Twitter Rival (arstechnica.com) 530

AmiMoJo shares a report from Ars Technica: When right-wing trolls and outright racists get kicked off of Twitter, they often move to Gab, a right-wing Twitter competitor. Gab was founded by Andrew Torba, who says it's devoted to unfettered free expression online. The site also hosts controversial right-wing figures like Milo Yiannopoulos, Andrew 'weev' Auernheimer and Andrew Anglin, editor of the neo-Nazi site Daily Stormer. On Thursday, Gab said that Google had banned its Android app from the Google Play Store for violating Google's ban on hate speech. The app's main competitor, Twitter, hosts accounts like the American Nazi Party, the Ku Klux Klan, and the virulently anti-gay Westboro Baptist Church, yet the Twitter app is still available on the Google Play store. Apple has long had more restrictive app store policies, and it originally rejected the Gab app for allowing pornographic content to be posted on the service -- despite the fact that hardcore pornography is readily available on Twitter. In an email to Ars, Google explained its decision to remove Gab from the Play Store: "In order to be on the Play Store, social networking apps need to demonstrate a sufficient level of moderation, including for content that encourages violence and advocates hate against groups of people. This is a long-standing rule and clearly stated in our developer policies. Developers always have the opportunity to appeal a suspension and may have their apps reinstated if they've addressed the policy violations and are compliant with our Developer Program Policies."
Privacy

Info on 1.8M Chicago Voters Was Publicly Accessible, But Now Removed From Cloud Service (chicagotribune.com) 27

A file containing the names, addresses, dates of birth and other information about Chicago's 1.8 million registered voters was published online and publicly accessible for an unknown period of time, the Chicago Board of Election Commissioners said this week. From a report: The acknowledgment came days after a data security researcher alerted officials to the existence of the unsecured files. The researcher found the files while conducting a search of items uploaded to Amazon Web Services, a cloud system that allows users to rent storage space and share files with certain people or the general public. The files had been uploaded by Election Systems & Software, a contractor that helps maintain Chicago's electronic poll books. Election Systems said in a statement that the files "did not include any ballot information or vote totals and were not in any way connected to Chicago's voting or tabulation systems." The company said it had "promptly secured" the files on Saturday evening and had launched "a full investigation, with the assistance of a third-party firm, to perform thorough forensic analyses of the AWS server." State and local officials were notified of the existence of the files Saturday by cybersecurity expert Chris Vickery, who works at the Mountain View, Calif. firm UpGuard.
Patents

E-Commerce To Evolve Next Month As Amazon Loses the 1-Click Patent (thirtybees.com) 141

An anonymous reader shares an article: Next month e-commerce will change forever thanks to Amazon. September 12 marks 20 years since Amazon filed for their 1-Click patent. This means that the patent will expire and the technology behind it will be free to be used by any e-commerce site. Starting next month more and more sites will be offering a one click checkout experience. Most major sites have already started development with plans to launch soon after the patent expires. Amazon applied for the 1-Click patent in September of 1997, the actual patent was granted in 1999. The whole idea behind the patent is when you store a user's credit card and address you only need a single click to order a product. For the last 20 years Amazon has kept a tight hold on this technology, they have only licensed it to one company: Apple. No one knows what Apple paid to license the technology, but the value of the patent has been assessed at 2.4 billion dollars by sources. Over the last 20 years Amazon has defended the validity of the patent in several cases, even having to revise the patent at one point. But, now the wait is almost over and this technology is about to make it into the open market.
Businesses

Kit Kat Accused of Copying Atari Game Breakout (bbc.com) 134

An anonymous reader shares a report: Kit Kat's maker Nestle has been accused of copying Breakout, the 1970s computer game, in a marketing campaign. Atari, the company behind some of the most popular early video games, has filed a suit alleging Nestle knowingly exploited the game's look and feel. The advert showed a game similar to Breakout but where the bricks were replaced with single Kit Kat bars. Nestle said it was aware of the lawsuit and would defend itself "strongly" against the allegations. Breakout was created as a successor to "Pong" by Apple founders, Steve Wozniak and Steve Jobs. In the advert, which is titled "Kit Kat: Breakout", a row of people, of varying ages and appearance, share a sofa and play a video game during their work break. In the game depicted, a primitive paddle moves side-to-side to bounce a ball into a collision with the horizontal bars ranged across the top of the screen.
IOS

iOS 11 Has a Feature To Temporarily Disable Touch ID (cultofmac.com) 138

A new feature baked into iOS 11 lets you quickly disable Touch ID, which could come in handy if you're ever in a situation where someone (a cop) might force you to unlock your device. Cult of Mac reports: To temporarily disable Touch ID, you simply press the power button quickly five times. This presents you with the "Emergency SOS" option, which you can swipe to call the emergency services. It also prevents your iPhone from being unlocked without the passcode. Until now, there were other ways to temporarily disable Touch ID, but they weren't quick and simply. You either had to restart your iPhone, let it sit idle for a few days until Touch ID was temporarily disabled by itself, or scan the wrong finger several times. The police, or any government agency, cannot force you to hand over your iPhone's passcode. However, they can force you to unlock your device with your fingerprint. That doesn't work if your fingerprint scanner has been disabled.
Government

Ukraine Hacker Cooperating With FBI In Russia Probe, Says Report (thehill.com) 215

schwit1 shares a report from The Hill: A hacker in Ukraine who goes by the online alias "Profexer" is cooperating with the FBI in its investigation of Russian interference in the U.S. presidential election, The New York Times is reporting. Profexer, whose real identity is unknown, wrote and sold malware on the dark web. The intelligence community publicly identified code he had written as a tool used in the hacking of the Democratic National Committee ahead of last year's presidential election. The hacker's activity on the web came to a halt shortly after the malware was identified. The New York Times, citing Ukrainian police, reported Wednesday that the individual turned himself into the FBI earlier this year and became a witness for the bureau in its investigation. FBI investigators are probing Russian interference efforts and whether there was coordination between associates of President Trump's campaign and Moscow. Special counsel Robert Mueller is heading the investigation.
Patents

Motorola Patents a Display That Can Heal Its Own Cracked Screen With Heat (theverge.com) 41

An anonymous reader quotes a report from The Verge: A patent published today explains how a phone could identify cracks on its touchscreen and then apply heat to the area in an effort to slightly repair the damage. The process relies on something called "shape memory polymer," a material that can apparently become deformed and then recovered through thermal cycling. Thermal cycling involves changing the temperature of the material rapidly. This material could be used over an LCD or LED display with a capacitive touch sensor layered in, as well. Although the phone could heat the polymer in order to restore it, a user's body heat can be used, too.
Encryption

Hacker Claims To Have Decrypted Apple's Secure Enclave Processor Firmware (iclarified.com) 111

According to iClarified, a hacker by name of "xerub" has posted the decryption key for Apple's Secure Enclave Processor (SEP) firmware. "The security coprocessor was introduced alongside the iPhone 5s and Touch ID," reports iClarified. "It performs secure services for the rest of the SOC and prevents the main processor from getting direct access to sensitive data. It runs its own operating system (SEPOS) which includes a kernel, drivers, services, and applications." From the report: The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can't read it. It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption. Today, xerub announced the decryption key "is fully grown." You can use img4lib to decrypt the firmware and xerub's SEP firmware split tool to process. Decryption of the SEP Firmware will make it easier for hackers and security researchers to comb through the SEP for vulnerabilities.
AT&T

Judge Dismisses AT&T's Attempt To Stall Google Fiber Construction In Louisville (arstechnica.com) 71

An anonymous reader quotes a report from Ars Technica: AT&T has lost a court case in which it tried to stall construction by Google Fiber in Louisville, Kentucky. AT&T sued the local government in Louisville and Jefferson County in February 2016 to stop a One Touch Make Ready Ordinance designed to give Google Fiber and other new ISPs quicker access to utility poles. But yesterday, U.S. District Court Judge David Hale dismissed the lawsuit with prejudice, saying AT&T's claims that the ordinance is invalid are false. "We are currently reviewing the decision and our next steps," AT&T said when contacted by Ars today. One Touch Make Ready rules let ISPs make all of the necessary wire adjustments on utility poles themselves instead of having to wait for other providers like AT&T to send work crews to move their own wires. Without One Touch Make Ready rules, the pole attachment process can cause delays of months before new ISPs can install service to homes. Google Fiber has continued construction in Louisville despite the lawsuit and staff cuts that affected deployments in other cities.
Patents

We Print 50 Trillion Pages a Year, and Xerox Is Betting That Continues (fortune.com) 86

An anonymous reader shares a report: For most of its 111-year history, Xerox has been known as one of the tech industry's most innovative companies. Now the legendary copier company is reinventing itself. In January, Xerox made the bold decision to split itself into two, spinning off its business services operations into a separate company called Conduent. And Jeffrey Jacobson, a Xerox tech executive, was tapped as Xerox's new CEO. Speaking with Fortune's Susie Gharib, Jacobson says Xerox is still "one of the top patent producing companies in the world" and he's counting on that scientific expertise to pivot the company to be a leader in digital print technology. "If I look at the things we're looking at with the Internet of things, artificial intelligence and bridging the digital and physical," he says, "that's what I think we'll be known for."
Social Networks

Thai Activist Jailed For the Crime of Sharing an Article on Facebook (eff.org) 120

An anonymous reader shares a report: Thai activist Jatuphat "Pai" Boonpattaraksa was sentenced this week to two and a half years in prison -- for the crime of sharing a BBC article on Facebook. The Thai-language article profiled Thailand's new king and, while thousands of users shared it, only Jutaphat was found to violate Thailand's strict lese majeste laws against insulting, defaming, or threatening the monarchy. The sentence comes after Jatuphat has already spent eight months in detention without bail. During this time, Jatuphat has fought additional charges for violating the Thai military junta's ban on political gatherings and for other activism with Dao Din, an anti-coup group. While in trial in military court, Jatuphat also accepted the Gwangzu Prize for Human Rights. When he was arrested last December, Jatuphat was the first person to be charged with lese majeste since the former King Bhumibol passed away and his son Vajiralongkorn took the throne. (He was not, however, the first to receive a sentence -- this past June saw one of the harshest rulings to date, with one man waiting over a year in jail to be sentenced to 35 years for Facebook posts critical of the royal family.) The conviction, which appears to have singled Jatuphat out among thousands of other Facebook users who shared the article, sends a strong message to other activists and netizens: overbroad laws like lese majeste can and will be used to target those who oppose military rule in Thailand.
Piracy

Roku Gets Tough On Pirate Channels, Warns Users (torrentfreak.com) 79

An anonymous reader quotes a report from TorrentFreak: Earlier this year Roku was harshly confronted with this new piracy crackdown when a Mexican court ordered local retailers to take its media player off the shelves. While this legal battle isn't over yet, it was clear to Roku that misuse of its platform wasn't without consequences. While Roku never permitted any infringing content, it appears that the company has recently made some adjustments to better deal with the problem, or at least clarify its stance. Pirate content generally doesn't show up in the official Roku Channel Store but is directly loaded onto the device through third-party "private" channels. A few weeks ago, Roku renamed these "private" channels to "non-certified" channels, while making it very clear that copyright infringement is not allowed. A "WARNING!" message that pops up during the installation of these third-party channels stresses that Roku has no control over the content. In addition, the company notes that these channels may be removed if it links to copyright infringing content.

"By continuing, you acknowledge you are accessing a non-certified channel that may include content that is offensive or inappropriate for some audiences," Roku's warning reads. "Moreover, if Roku determines that this channel violates copyright, contains illegal content, or otherwise violates Roku's terms and conditions, then ROKU MAY REMOVE THIS CHANNEL WITHOUT PRIOR NOTICE."

Television

YouTube Has An Illegal TV Streaming Problem (mashable.com) 119

An anonymous reader quotes a report from Mashable: Most people turn to Netflix to binge watch full seasons of a single TV show, but there could be a much cheaper way: YouTube. You might be surprised to learn that you can watch full episodes of popular TV shows on YouTube for free, thanks to a large number of rogue accounts that are hosting illegal live streams of shows. Perhaps the most shocking thing about these free (and very illegal) TV live streams might even make their way into your suggested video queue, if you watch enough "random shit" and Bobby Hill quote compilations on the site, as Mashable business editor Jason Abbruzzese recently experienced. He first noticed the surprisingly high number of illegal TV streaming accounts on his YouTube homepage, which has tailored recommended videos based on his viewing habits. Personalized recommendations aren't exactly new -- but the number of illegal live streams broadcasting copyrighted material on a loop was a shocker. When we looked deeper into the livestreams, the number we found was mindblowing. Many of these accounts appear to exist solely to give watchers an endless loop of their favorite shows and only have a few other posts related to the live streamed content. "YouTube respects the rights of copyright holders and we've invested heavily in copyright and content management tools to give rights holders control of their content on YouTube," a YouTube spokesperson told Mashable in an email. "When copyright holders work with us to provide reference files for their content, we ensure all live broadcasts are scanned for third party content, and we either pause or terminate streams when we find matches to third party content."
Communications

WordPress Bans Fascist Website Linked To Charlottesville Killer (fastcompany.com) 451

tedlistens writes: WordPress has said that it does not censor websites like that of self-proclaimed fascist group Vanguard America. But last night, the group's site was taken offline for violating the company's terms of service. The about-face was likely prompted by Vanguard's participation in last weekend's Unite the Right rallies in Charlottesville, Virginia, during which James Alex Fields drove his car into a crowd, killing one person and injuring 19. Fields has claimed allegiance to Vanguard America; the group denies that Fields was a member. For WordPress to drop a site, even a fascist site, is a very big deal; the same is true of GoDaddy's and Google's decision to drop their registration of neo-Nazi site the Daily Stormer (another site that GoDaddy previously said would be permitted on free speech grounds). WordPress hasn't explained the shift in its approach to the website: the company's user agreement and terms of service have not changed since Charlottesville. That policy, like that of other tech platforms, has long stood by strict neutrality and freedom of expression. That may now be changing.
Patents

Toyota Patents Cloaking Device To Make Car Pillars Appear Transparent (thedrive.com) 105

Toyota has patented a cloaking device that aims to make big, chunky car pillars transparent. The "apparatuses and methods for making an object appear transparent" which Toyota just patented uses cleverly placed mirrors to bend light around an object making it visible from the other side. The Drive reports: So you're not really seeing through the pillars, you're seeing around them. This is a much cheaper option than adding more cameras and screens all over the place and much more realistic than Harry Potter's invisibility cloak. The patent was filed with the U.S. patent office by Toyota North America, so if Toyota does go forward with this technology, we can probably expect to see it in cars in the U.S.
Communications

Neo-Nazi Site The Daily Stormer Moves To Dark Web After Shutdown (vice.com) 337

After being shutdown by Google and GoDaddy, prominent neo-Nazi website The Daily Stormer has moved their site to the dark web. "The new site is now only available through the Tor network, which allows users to set up their own domains," reports VICE News. "The original site, Dailystormer.com, is now fully offline." From the report: The homepage, as of Tuesday morning, contained articles that make light of the car ramming attack that claimed the life of 32-year-old Heather Heyer; admonish the "Jew media;" liberally employ various racial epithets; and, in a less offensive post, provided an update on which characters are available on Pokemon Go. In a statement, the site's founder promised to bring his site back online. "The Daily Stormer will be live in internet prison with drug dealers, terrorists and perverts, which is where we've been exiled to, for all time," Andrew Anglin said in a statement sent to VICE News. "We should have a real domain online within 24 hours. If it gets shut down again, people will know we are on the black web."
Communications

Tech Companies Urge Supreme Court To Boost Cellphone Privacy (reuters.com) 29

More than a dozen high technology companies and the biggest wireless operator in the United States, Verizon, have called on the U.S. Supreme Court to make it harder for government officials to access individuals' sensitive cellphone data. From a report: The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user's whereabouts. Signed by some of Silicon Valley's biggest names, including Apple, Facebook, Twitter, Snap and Alphabet's Google, the brief said that as individuals' data is increasingly collected through digital devices, greater privacy protections are needed under the law. "That users rely on technology companies to process their data for limited purposes does not mean that they expect their intimate data to be monitored by the government without a warrant," the brief said.
Government

Justice Department Demands 1.3 Million IP Addresses Related To Anti-Trump Website (theverge.com) 392

An anonymous reader quotes a report from The Verge: In a blog post today, online web hosting provider DreamHost disclosed that it has been involved in a months-long legal battle with the Justice Department over records on visitors to an anti-Trump website. The dispute focuses on a Justice Department demand for information on data related to disruptj20.org, which describes itself as a group of activists "building the framework needed for mass protests to shut down the inauguration of Donald Trump and planning widespread direct actions to make that happen." DreamHost is taking issue with a warrant issued by the department for "all files" related to the website, which DreamHost says would compel them to turn over electronic data like visitor logs. That would include IP addresses and other information that could be used to identify anyone who visited the site. "The request from the DOJ demands that DreamHost hand over 1.3 million visitor IP addresses -- in addition to contact information, email content, and photos of thousands of people -- in an effort to determine who simply visited the website," the company said in its blog post. The warrant, DreamHost argues, would also require it to hand over any communications that are even tangentially related to the website.

"In essence, the Search Warrant not only aims to identify the political dissidents of the current administration, but attempts to identify and understand what content each of these dissidents viewed on the website," the company said in a legal filing arguing against the warrant. A hearing on the situation is set for Friday in Washington, DC Superior Court.

The Courts

Judge Says LinkedIn Cannot Block Startup From Public Profile Data (reuters.com) 166

A U.S. federal judge on Monday ruled that LinkedIn cannot prevent a startup from accessing public profile data, in a test of how much control a social media site can wield over information its users have deemed to be public. Reuters reports: U.S. District Judge Edward Chen in San Francisco granted a preliminary injunction request brought by hiQ Labs, and ordered LinkedIn to remove within 24 hours any technology preventing hiQ from accessing public profiles. The dispute between the two tech companies has been going on since May, when LinkedIn issued a letter to hiQ Labs instructing the startup to stop scraping data from its service. HiQ Labs responded by filing a suit against LinkedIn in June, alleging that the Microsoft-owned social network was in violation of antitrust laws. HiQ Labs uses the LinkedIn data to build algorithms capable of predicting employee behaviors, such as when they might quit. "To the extent LinkedIn has already put in place technology to prevent hiQ from accessing these public profiles, it is ordered to remove any such barriers," Chen's order reads. Meanwhile, LinkedIn said in a statement: "We're disappointed in the court's ruling. This case is not over. We will continue to fight to protect our members' ability to control the information they make available on LinkedIn."
Republicans

Trump Can Block People On Twitter If He Wants, Administration Says (arstechnica.com) 214

An anonymous reader quotes a report from Ars Technica: The administration of President Donald Trump is scoffing at a lawsuit by Twitter users who claim in a federal lawsuit that their constitutional rights are being violated because the president has blocked them from his @realDonaldTrump Twitter handle. "It would send the First Amendment deep into uncharted waters to hold that a president's choices about whom to follow, and whom to block, on Twitter -- a privately run website that, as a central feature of its social-media platform, enables all users to block particular individuals from viewing posts -- violate the Constitution." That's part of what Michael Baer, a Justice Department attorney, wrote to the New York federal judge overseeing the lawsuit Friday. In addition, the Justice Department said the courts are powerless to tell Trump how he can manage his private Twitter handle, which has 35.8 million followers.

"To the extent that the President's management of his Twitter account constitutes state action, it is unquestionably action that lies within his discretion as Chief Executive; it is therefore outside the scope of judicial enforcement," Baer wrote. (PDF) Baer added that an order telling Trump how to manage his Twitter feed "would raise profound separation-of-powers concerns by intruding directly into the president's chosen means of communicating to millions of Americans."

The Military

US Army Walks Back Decision To Ban DJI Drones Ever So Slightly (suasnews.com) 27

garymortimer shares a report from sUAS News: News has reached me that another DJI memo was passed around on Friday the 11th of August. An exception to policy with recommendations from the asymmetric warfare group that will permit the use of DJI kit once some conditions have been met. The Android Tactical Assault Kit will become the ground control station (GCS) of choice when a DJI plugin has passed OPSEC (Operational Security) scrutiny. In a separate report from Reuters, DJI said it is "tightening data security in the hopes that the U.S. Army will lift its ban on DJI drones because of 'cyber vulnerabilities.'" The company is "speeding deployment of a system that allows users to disconnect from the internet during flights, making it impossible for flight logs, photos or videos to reach DJI's computer servers," reports Reuters. While the security measure has been in the works for several months, it's being rolled out sooner than planned because of the Army's decision to discontinue the use of DJI drones.
Communications

Discord Bans Servers That Promote Nazi Ideology (theverge.com) 456

A popular video game chat service with over 25 million users announced today that it had shut down "a number of accounts" following violence instigated by white supremacists over the weekend. Discord, the service "which lets users chat with voice and text, was being used by proponents of Nazi ideology both before and after the attacks in Charlottesville, Virginia," reports The Verge. "We will continue to take action against Nazi ideology, and all forms of hate," the company said in a tweet. From the report: Discord declined to state how many servers had been affected, but said it included a mix of old accounts and accounts that were created over the weekend. Among the affected servers was one used by AltRight.com, a white nationalist news site. The site's homepage includes a prominent link to a Discord chat which is now broken. The company said it does not read private messages exchanged on its servers. Members of those groups reported messages in the chats for violating Discord's terms of service, the company said, and it took action. "When hatred like this violates our community standards we act swiftly to take servers down and ban individual users," the company said in a statement. "The public server linked to AltRight.com that violated those terms was shut down along with several other public groups and accounts fostering bad actors on Discord. We will continue to be aggressive to ensure that Discord exists for the community we set out to support -- gamers."
Security

Spyware Apps Found on Google Play Store (bleepingcomputer.com) 37

Researchers at the security firm Lookout have identified a family of malicious Android apps, referred to as SonicSpy. From a report: Experts say the malware author modified a version of the official Telegram app, injected the spyware code, rebranded it, and uploaded the modified app on the Play Store. In total, the crook uploaded the app three times on the Play Store under the names Soniac, Hulk Messenger, and Troy Chat. Only Soniac was active on Google's app store when researchers first spotted the spyware, as the other two apps were already taken down, most likely by the developer himself. At the time of writing, Lookout says they identified over 1,000 variations of this new spyware called SonicSpy, which they believe to be a new version of an older Android spyware named SpyNote.
The Courts

Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware (vice.com) 71

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.
AI

Why AI Won't Take Over The Earth (ssrn.com) 298

Law professor Ryan Calo -- sometimes called a robot-law scholar -- hosted the first White House workshop on AI policy, and has organized AI workshops for the National Science Foundation (as well as the Department of Homeland Security and the National Academy of Sciences). Now an anonymous reader shares a new 30-page essay where Calo "explains what policymakers should be worried about with respect to artificial intelligence. Includes a takedown of doomsayers like Musk and Gates." Professor Calo summarizes his sense of the current consensus on many issues, including the dangers of an existential threat from superintelligent AI:

Claims of a pending AI apocalypse come almost exclusively from the ranks of individuals such as Musk, Hawking, and Bostrom who possess no formal training in the field... A number of prominent voices in artificial intelligence have convincingly challenged Superintelligence's thesis along several lines. First, they argue that there is simply no path toward machine intelligence that rivals our own across all contexts or domains... even if we were able eventually to create a superintelligence, there is no reason to believe it would be bent on world domination, unless this were for some reason programmed into the system. As Yann LeCun, deep learning pioneer and head of AI at Facebook colorfully puts it, computers don't have testosterone.... At best, investment in the study of AI's existential threat diverts millions of dollars (and billions of neurons) away from research on serious questions... "The problem is not that artificial intelligence will get too smart and take over the world," computer scientist Pedro Domingos writes, "the problem is that it's too stupid and already has."
A footnote also finds a paradox in the arguments of Nick Bostrom, who has warned of that dangers superintelligent AI -- but also of the possibility that we're living in a computer simulation. "If AI kills everyone in the future, then we cannot be living in a computer simulation created by our decedents. And if we are living in a computer simulation created by our decedents, then AI didn't kill everyone. I think it a fair deduction that Professor Bostrom is wrong about something."
Google

269 People Joined An Age Discrimination Class Action Suit Against Google (bizjournals.com) 178

Slashdot reader #9,119 BrookHarty writes: "269 people have joined a class-action lawsuit against Google claiming they were discriminated against in the workplace based on their age..." reports BizJournals. "The lawsuit originated in 2015 with plaintiff Robert Heath and was certified as a class-action in 2016." Google has stated it has implemented policies to stop age discrimination but still has an average employee age of 29.

In 2004 Larry Page fired Brian Reid nine days before IPO costing Reid 45 million in unvested stock options. Reid was fired for lack of "cultural fit". Reid has settled for an undisclosed amount.

Democrats

Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com) 197

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.
Transportation

Uber and Lyft May Cause Lower Car Ownership In Big Cities, Says Report (slashgear.com) 118

A new study from the University of Michigan Transportation Research Institute has shed light on what may turn out to be a growing trend: lower car ownership in cities where ride-sharing services are available. SlashGear reports: While Uber and Lyft have both deployed in a number of cities, they have, at times, had to abandon those cities due to local governments driving them out for one reason or another. That's what happened in Austin, Texas, opening the door for an interesting study on personal car ownership. Did the sudden absence of these two services cause increased car usage and/or ownership, or did things remain unaffected? The result, according to the study, was a big increase in personal car usage and a statistically significant increase in car ownership. The researchers surveyed a total of 1,200 people from the Austin region, and found that 41-percent of them started using their own car more often to make up for the lack of Uber and Lyft rides. As well, a total of 9-percent of those surveyed bought their own personal car to make up for the services' absences.
Government

FBI Says Islamic State Used eBay, PayPal To Channel Money To the US (theverge.com) 57

An anonymous reader quotes a report from The Verge: Islamic State allegedly used PayPal and fake eBay transactions to channel money to an operative in the U.S., The Wall Street Journal reports. The man who allegedly received the money was American citizen Mohamed Elshinawy, who was arrested last year in Maryland. The FBI claims that Elshinawy, in his early 30s, sold computer printers on eBay as a front in order to receive the payments through PayPal. The details have come to light because of a recently unsealed FBI affidavit, which alleges Elshinawy was part of a worldwide network that used such channels to fund ISIS. Elshinawy received $8,700 from ISIS, including five PayPal payments from senior ISIS official Siful Sujan through his technology company. Those funds were used to buy a laptop, a cellphone, and a VPN to communicate with IS, according to the affidavit. Sujan was killed in a drone strike in 2015. eBay told The Wall Street Journal it "has zero tolerance for criminal activities taking place on our marketplace." Meanwhile, a spokeswoman for PayPal said it "invests significant time and resources in working to prevent terrorist activity on our platform. We proactively report suspicious activities and respond quickly to lawful requests to support law enforcement agencies in their investigations."

Slashdot Top Deals