Education

Massive Financial Aid Data Breach Proves Stanford Lied For Years To MBAs (poetsandquants.com) 116

14 terabytes of "highly confidential" data about 5,120 financial aid applications over seven years were exposed in a breach at Stanford's Graduate School of Business -- proving that the school "misled thousands of applicants and donors about the way it distributes fellowship aid and financial assistance to its MBA students," reports Poets&Quants. The information was unearthed by a current MBA student, Adam Allcock, in February of this year from a shared network directory accessible to any student, faculty member or staffer of the business school. In the same month, on Feb. 23, the student reported the breach to Jack Edwards, director of financial aid, and the records were removed within an hour of his meeting with Edwards. Allcock, however, says he spent 1,500 hours analyzing the data and compiling an 88-page report on it...

Allcock's discovery that more money is being used by Stanford to entice the best students with financial backgrounds suggests an admissions strategy that helps the school achieve the highest starting compensation packages of any MBA program in the world. That is largely because prior work experience in finance is generally required to land jobs in the most lucrative finance fields in private equity, venture capital and hedge funds.

Half the school's students are awarded financial aid, and though Stanford always insisted it was awarded based only on need, the report concluded the school had been "lying to their faces" for more than a decade, also identifying evidece of "systemic biases against international students."

Besides the embarrassing exposure of their financial aid policies, there's another obvious lesson, writes Slashdot reader twentysixV. "It's actually way too easy for users to improperly secure their files in a shared file system, especially if the users aren't particularly familiar with security settings." Especially since Friday the university also reported another university-wide file-sharing platform had exposed "a variety of information from several campus offices, including Clery Act reports of sexual violence and some confidential student disciplinary information from six to 10 years ago."
Businesses

Shouting 'Pay Your Taxes', Activists Occupy Apple Stores in France (marketwatch.com) 233

An anonymous reader quotes MarketWatch: A group of global activists stormed and occupied several Apple Stores in France on Saturday in a move aimed at pressuring the company to pay up on a €13 billion ($15.5 billion) tax bill to the European Union. In a press release, the France unit of the Association for the Taxation of Financial Transactions and Citizen's Action organization (Attac), said 100 of its members occupied the Opera Apple Store in Paris, demanding the company pay its taxes... Attac said dozens of protests were organized at other Apple store locations throughout France on Saturday. In the Paris store, activists were seen via videos circulating on Twitter, pushing past security and hanging a banner that said "We will stop when Apple pays." Security in Paris reportedly evacuated Apple workers from the building as those protests began.
After three hours they left the store -- leaving behind protest messages on the iPads on display. The group claims that Apple has stashed $230 billion in tax havens around the world, but also hopes to raise awareness about other issues.

"Attac said the action was part of the #PhoneRevolt movement aimed at highlighting unfair practices by Apple, that are not just about taxes, but also pollution via extraction of metals for its phones, worker exploitation and driving a global consumption binge."
The Courts

Free Game Company Sues 14-Year-Old Over 'Cheats' Video -- Claiming DMCA Violation (bbc.co.uk) 237

Bizzeh shared this report from the BBC: A mother has written a letter in defense of her 14-year-old son who is facing a lawsuit over video game cheats in the US. Caleb Rogers is one of two people facing legal action from gaming studio Epic Games for using cheat software to play the free game Fortnite. The studio says it has taken the step because the boy declined to remove a YouTube video he published which promoted how to use the software... "This company is in the process of attempting to sue a 14-year-old child," she wrote in the letter which has been shared online by the news site Torrentfreak.

Ms. Rogers added that she had not given her son parental consent to play the game as stated in its terms and conditions, and that as the game was free to play the studio could not claim loss of profit as a result of the cheats... In a statement given to the website Kotaku, Epic Games said the lawsuit was a result of Mr. Rogers "filing a DMCA counterclaim to a takedown notice on a YouTube video that exposed and promoted Fortnite Battle Royale cheats and exploits... Epic is not OK with ongoing cheating or copyright infringement from anyone at any age," it said.

Cory Doctorow counters that the 14-year-old "correctly asserted that there was no copyright infringement here. Videos that capture small snippets of a videogame do not violate that game creator's copyrights, because they are fair use..."
Transportation

Drone Pilot Arrested After Flying Over Two Stadiums, Dropping Leaflets (cbslocal.com) 108

"A man with an anti-media agenda was arrested in Oakland after he flew a drone over two different stadiums to drop leaflets" last Sunday, writes Slashdot reader execthis. A local CBS station reports: According to investigators, [55-year-old Tracy] Mapes piloted his drone over Levi's Stadium during the second quarter of the 49ers-Seattle game and released a load of pamphlets. He then quickly landed the drone, loaded it up and drove over to Oakland. He flew a similar mission over the Raiders-Broncos game. Santa Clara Police Lt. Dan Moreno said after Mapes was apprehended he defended the illegal action as a form of free speech.
USA Today reports there's now also an ongoing federal investigation "because the Federal Aviation Administration prohibits the flying of drones within five miles of an airport. Both Levi's Stadium and Oakland Coliseum are within that range."

"The San Francisco Chronicle added that the drone was a relatively ineffective messenger because 'most of the drone-dropped leaflets were carried away by the wind.'"
Communications

Volunteers Around the World Build Surveillance-Free Cellular Network Called 'Sopranica' (vice.com) 77

dmoberhaus writes: Motherboard's Daniel Oberhaus spoke to Denver Gingerich, the programmer behind Sopranica, a DIY, community-oriented cell phone network. "Sopranica is a project intended to replace all aspects of the existing cell phone network with their freedom-respecting equivalents," says Gingerich. "Taking out all the basement firmware on the cellphone, the towers that track your location, the payment methods that track who you are and who owns the number, and replacing it so we can have the same functionality without having to give up all the privacy that we have to give up right now. At a high level, it's about running community networks instead of having companies control the cell towers that we connect to." Motherboard interviews Gingerich and shows you how to use the network to avoid cell surveillance. According to Motherboard, all you need to do to join Sopranica is "create a free and anonymous Jabber ID, which is like an email address." Jabber is slang for a secure instant messaging protocol called XMPP that let's you communicate over voice and text from an anonymous phone number. "Next, you need to install a Jabber app on your phone," reports Motherboard. "You'll also need to install a Session Initiation Protocol (SIP) app, which allows your phone to make calls and send texts over the internet instead of the regular cellular network." Lastly, you need to get your phone number, which you can do by navigating to Sopranica's JMP website. (JMP is the code, which was published by Gingerich in January, and "first part of Sopranica.") "These phone numbers are generated by Sopranica's Voice Over IP (VOIP) provider which provides talk and text services over the internet. Click whichever number you want to be your new number on the Sopranica network and enter your Jabber ID. A confirmation code should be sent to your phone and will appear in your Jabber app." As for how JMP protects against surveillance, Gingerich says, "If you're communicating with someone using your JMP number, your cell carrier doesn't actually know what your JMP number is because that's going over data and it's encrypted. So they don't know that that communication is happening."
Government

Tesla Proves To Be Too Pricey For Germany, Loses Tax Subsidies (reuters.com) 121

Tesla has been removed from Germany's list of electric cars eligible for subsidies because its Model S sedan is too expensive for the scheme. Tesla customers cannot order the Model S base version without extra features that pushed the car above the 60,000 euro ($71,500) price limit, a spokesman for the German Federal Office for Economic Affairs and Export Controls (BAFA) said on Friday. From the report: Germany last year launched the incentive scheme worth about 1 billion euros, partly financed by the German car industry, to boost electric car usage. A price cap was included to exempt premium models. "This is a completely false accusation. Anyone in Germany can order a Tesla Model S base version without the comfort package, and we have delivered such cars to customers," Tesla said in a statement. The carmaker said the upper price limit was initially set by the German government to exclude Tesla, but later a compromise was reached "that allows Tesla to sell a low option vehicle that qualifies for the incentive and customers can subsequently upgrade if they wish." It said, however, it would investigate whether any car buyers were denied the no-frills version. Under the subsidy scheme, buyers get 4,000 euros off their all-electric vehicle purchase and 3,000 euros off plug-in hybrids.
Bitcoin

Blockchains Are Poised To End the Password Era (technologyreview.com) 129

schwit1 shares a report from MIT Technology Review: Blockchain technology can eliminate the need for companies and other organizations to maintain centralized repositories of identifying information, and users can gain permanent control over who can access their data (hence "self-sovereign"), says Drummond Reed, chief trust officer at Evernym, a startup that's developing a blockchain network specifically for managing digital identities. Self-sovereign identity systems rely on public-key cryptography, the same kind that blockchain networks use to validate transactions. Although it's been around for decades, the technology has thus far proved difficult to implement for consumer applications. But the popularity of cryptocurrencies has inspired fresh commercial interest in making it more user-friendly.

Public-key cryptography relies on pairs of keys, one public and one private, which are used to authenticate users and verify their encrypted transactions. Bitcoin users are represented on the blockchain by strings of characters called addresses, which are derived from their public keys. The "wallet" applications they use to hold and exchange digital coins are essentially management systems for their private keys. Just like a real wallet, they can also hold credentials that serve as proof of identification, says Reed. Using a smartphone or some other device, a person could use a wallet-like application to manage access to these credentials. But will regular consumers buy in? Technologists will need to create a form factor and user experience compelling enough to convince them to abandon their familiar usernames and passwords, says Meltem Demirors, development director at Digital Currency Group, an investment firm that funds blockchain companies. The task calls for reinforcements, she says: "The geeks are working on it right now, but we need the designers, we need the sociologists, and we need people who study ethics of technology to participate."

Businesses

Homeland Security Claims DJI Drones Are Spying For China (engadget.com) 82

A memo from the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE) says that the officials assess "with moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government." It also says that the information is based on "open source reporting and a reliable source within the unmanned aerial systems industry with first and secondhand access." Engadget reports: Part of the memo focuses on targets that the LA ICE office believes to be of interest to DJI. "DJI's criteria for selecting accounts to target appears to focus on the account holder's ability to disrupt critical infrastructure," it said. The memo goes on to say that DJI is particularly interested in infrastructure like railroads and utilities, companies that provide drinking water as well as weapon storage facilities. The LA ICE office concludes that it, "assesses with high confidence the critical infrastructure and law enforcement entities using DJI systems are collecting sensitive intelligence that the Chinese government could use to conduct physical or cyber attacks against the United States and its population." The accusation that DJI is using its drones to spy on the US and scope out particular facilities for the Chinese government seems pretty wacky and the company itself told the New York Times that the memo was "based on clearly false and misleading claims."
The Internet

Was Your Name Stolen To Support Killing Net Neutrality? (dslreports.com) 128

An anonymous reader quotes a report from DSLReports: New York Attorney General Eric Schneiderman has launched a new tool for users interested in knowing whether their identity was stolen and used to fraudulently support the FCC's attack on popular net neutrality rules. The NY AG's office announced earlier this month that it was investigating identity theft and comment fraud during the FCC's public comment period. Researchers have noted repeatedly how "someone" used a bot to fill the comment proceeding with bogus support for the FCC plan, with many of the names being those of folks who'd never heard of net neutrality -- or were even dead. The new AG tool streamlines the act of searching the FCC proceeding for comments filed falsely in your name, and lets you contribute your findings to the AG's ongoing investigation into identity theft.

"Such conduct likely violates state law -- yet the FCC has refused multiple requests for crucial evidence in its sole possession that is vital to permit that law enforcement investigation to proceed," noted Schneiderman. "We reached out for assistance to multiple top FCC officials, including you, three successive acting FCC General Counsels, and the FCC's Inspector General. We offered to keep the requested records confidential, as we had done when my office and the FCC shared information and documents as part of past investigative work." "Yet we have received no substantive response to our investigative requests," stated the AG. "None." As such, the AG is taking its fight to the public itself.

Piracy

Netflix Is Not Going to Kill Piracy, Research Suggests (torrentfreak.com) 158

Even as more people than ever are tuning to Netflix, Hulu, Amazon Prime and other streaming services to look, piracy too continues to thrive, a research suggests. An anonymous reader shares a report: Intrigued by this interplay of legal and unauthorized viewing, researchers from Carnegie Mellon University and Universidade Catolica Portuguesa carried out an extensive study. They partnered with a major telco, which is not named, to analyze if BitTorrent downloading habits can be changed by offering legal alternatives. The researchers used a piracy-tracking firm to get a sample of thousands of BitTorrent pirates at the associated ISP. Half of them were offered a free 45-day subscription to a premium TV and movies package, allowing them to watch popular content on demand. To measure the effects of video-on-demand access on piracy, the researchers then monitored the legal viewing activity and BitTorrent transfers of the people who received the free offer, comparing it to a control group. The results show that piracy is harder to beat than some would expect. Subscribers who received the free subscription watched more TV, but overall their torrenting habits didn't change significantly. "We find that, on average, households that received the gift increased overall TV consumption by 4.6% and reduced Internet downloads and uploads by 4.2% and 4.5%, respectively. However, and also on average, treated households did not change their likelihood of using BitTorrent during the experiment," the researchers write.
United States

House Panel Advances Bill on Key Surveillance Measure (axios.com) 70

The House Intelligence Committee approved a bill Friday along party lines that would reauthorize a central surveillance law, the Washington Post reports. From a report: It does change the law -- known as Section 702 -- but doesn't satisfy surveillance reform advocates, including in the tech industry. The law is used to authorize the surveillance of electronic communications by foreign nationals abroad, but advocates worry about the programs picking up communications involving Americans as well.
Businesses

Disney Sues Redbox, Hoping To Block Digital Movie Sales (marketwatch.com) 285

phalse phace writes: About 1 month ago, Redbox started selling through their kiosks slips of paper with codes on them that lets the buyer download a digital copy of a Disney movie.But Disney says that's a no-no and this week it sued Redbox in an attempt to stop the code sales. According to Marketwatch: "Walt Disney sued Redbox on Thursday in an attempt to stop the DVD rental company from selling digital copies of its movies. Privately held Redbox last month began offering consumers codes they can use to download a digital copy of a Disney movie. Redbox charges between $7.99 and $14.99 for slips of paper with the codes to download Disney films such as "Cars 3" and "Star Wars: The Force Awakens." That is less than those movies cost to buy and download from Apple's iTunes Store. Redbox is only offering digital copies of Disney movies because it doesn't have a distribution arrangement with the studio and buys retail copies of its discs to rent to customers. Those retail DVDs come with digital download codes."
Government

Democrat Senators Introduce National Data Breach Notification Law (cyberscoop.com) 162

New submitter unarmed8 shares a report from CyberScoop: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users. The scope of what kind of data breach falls under this is limited. For instance, if only a last name, address or phone number is breached, the law would not apply. If an organization "reasonably concludes that there is no reasonable risk of identity theft, fraud, or other unlawful conduct," the incident is considered exempt from the legislation.

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," Sen. Bill Nelson, D-Fla., said in a statement. "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what's best for consumers, the choice is clear."

Intel

System76 Will Disable Intel Management Engine On Its Linux Laptops (liliputing.com) 148

System76 is rolling out a firmware update for its recent laptops that will disable the Intel Management Engine altogether. The decision comes after a major security vulnerability was discovered that would allow an attacker with local access to execute arbitrary code. Liliputing reports: What's noteworthy in the System76 announcement is that the PC maker isn't just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME "provides no functionality for System76 laptop customers and is safe to disable." Right now the firmware update will only be available for computers running Ubuntu 16.04 or later or a related operating system with the System76 driver. But the company says it's working on developing a command line tool that should work on laptops running other GNU/Linux-based operating systems. System76 says it will also release an update for its desktop computers... but on those machines the update will patch the security vulnerability rather than disabling Intel ME altogether.
Communications

Australian Man Uses Snack Bags As Faraday Cage To Block Tracking By Employer (arstechnica.com) 193

An anonymous reader quotes a report from Ars Technica: A 60-year-old electrician in Perth, Western Australia had his termination upheld by a labor grievance commission when it was determined he had been abusing his position and technical knowledge to squeeze in some recreation during working hours. Tom Colella used mylar snack bags to block GPS tracking via his employer-assigned personal digital assistant to go out to play a round of golf -- more than 140 times -- while he reported he was offsite performing repairs.

In his finding against Colella, Australia Fair Work Commissioner Bernie Riordan wrote: "I have taken into account that Mr Colella openly stored his PDA device in an empty foil 'Twisties' bag. As an experienced electrician, Mr Colella knew that this bag would work as a faraday cage, thereby preventing the PDA from working properly -- especially the provision of regular GPS co-ordinate updates Mr. Colella went out of his way to hide his whereabouts. He was concerned about Aroona tracking him when the Company introduced the PDA into the workplace. He protested about Aroona having this information at that time. Mr Colella then went out of his way to inhibit the functionality of the PDA by placing it in a foil bag to create a faraday cage."

Facebook

Facebook Judge Frowns on Bid To Toss Biometric Face Print Suit (bloomberg.com) 39

Facebook faced a skeptical judge over its second request to get out of a lawsuit alleging its photo scanning technology flouts users' privacy rights. From a report: "The right to say no is a valuable commodity," U.S. District Judge James Donato said Thursday during a hearing in San Francisco. The case concerns the "most personal aspects of your life: your face, your fingers, who you are to the world." The owner of the world's largest social network faces claims that it violated the privacy of millions of users by gathering and storing biometric data without their consent. Alphabet's Google is fighting similar claims in federal court in Chicago.
Medicine

An Unconscious Patient With a 'DO NOT RESUSCITATE' Tattoo (nejm.org) 454

A real-life case study, published on New England Journal of Medicine, documents the ethical dilemma that a Florida hospital faced after a 70-year-old unresponsive patient arrived at the hospital. The medical staff, the journal notes, was taken aback when it discovered the words "DO NOT RESUSCITATE" tattooed onto the man's chest. Furthermore, the word "NOT" was underlined with his signature beneath it. The patient had a history of chronic obstructive pulmonary disease, diabetes mellitus, and atrial fibrillation. Confused and alarmed, the medical staff chose to ignore the apparent DNR request -- but not without alerting the hospital's ethics team, which had a different take on the matter. From the report: We initially decided not to honor the tattoo, invoking the principle of not choosing an irreversible path when faced with uncertainty. This decision left us conflicted owing to the patient's extraordinary effort to make his presumed advance directive known; therefore, an ethics consultation was requested. He was placed on empirical antibiotics, received intravenous fluid resuscitation and vasopressors, and was treated with bilevel positive airway pressure. After reviewing the patient's case, the ethics consultants advised us to honor the patient's do not resuscitate (DNR) tattoo. They suggested that it was most reasonable to infer that the tattoo expressed an authentic preference, that what might be seen as caution could also be seen as standing on ceremony, and that the law is sometimes not nimble enough to support patient-centered care and respect for patients' best interests. A DNR order was written. Subsequently, the social work department obtained a copy of his Florida Department of Health "out-of-hospital" DNR order, which was consistent with the tattoo. The patient's clinical status deteriorated throughout the night, and he died without undergoing cardiopulmonary respiration or advanced airway management.
Google

Google Faces Lawsuit For Gathering Personal Data From Millions of iPhone Users (betanews.com) 35

Mark Wilson writes: A group going by the name Google You Owe Us is taking Google to court in the UK, complaining that the company harvested personal data from 5.4 million iPhone users. The group is led by Richard Lloyd, director of consumer group Which?, and it alleges that Google bypassed privacy settings on iPhones between June 2011 and February 2012. The lawsuit seeks compensation for those affected by what is described as a "violation of trust." Google is accused of breaching UK data protection laws, and Lloyd says that this is "one of the biggest fights of my life." Even if the case is successful, the people represented by Google You Owe Us are not expected to receive more than a few hundred pounds each, and this is not an amount that would make much of an impact on Google's coffers.
Bitcoin

Coinbase Ordered To Report 14,355 Users To the IRS (theverge.com) 141

Nearly a year after the case was initially filed, Coinbase has been ordered to turn over identifying records for all users who have bought, sold, sent, or received more than $20,000 through their accounts in a single year. The digital asset broker estimates that 14,355 users meet the government's requirements. The Verge reports: For each account, the company has been asked to provide the IRS with the user's name, birth date, address, and taxpayer ID, along with records of all account activity and any associated account statements. The result is both a definitive link to the user's identity and a comprehensive record of everything they've done with their Coinbase account, including other accounts to which they've sent money. The order is significantly narrower than the IRS's initial request, which asked for records on every single Coinbase user over the same period. That request would also have required all communications between Coinbase and the user, a measure the judge ultimately found unnecessarily comprehensive. The government made no claim of suspicion against individual users, but instead argued that the order was justified based on the discrepancy between Coinbase users and U.S. citizens reporting Bitcoin gains to the IRS.
Power

EPA Confirms Tesla's Model 3 Has a Range of 310 Miles (theverge.com) 282

Tesla's Model 3 has a confirmed range of 310 miles, according to the Environmental Protection Agency. "That figure applies to the long-range version of the Model 3, and echoes the vehicle specs released by Tesla back in July," reports The Verge. "It also makes the Model 3 one of the most efficient passenger electric vehicles on the market." From the report: The EPA's range is used as the advertised figure for electric vehicles that are sold in the US. The 310-mile range is an estimate of the number of miles the vehicle should be able to travel in combined city and highway driving from a full charge. That's 131 miles per gallon gasoline equivalent (MPGe) for city driving, 120 MPGe on the highway, and 126 MPGe combined. You'll have to pay more to get that extended range, though. Tesla said it would be selling a standard version of the Model 3, with just 220 miles of range, for $35,000. The long-range version will start at $44,000, the automaker says. Production on the standard version isn't expected to begin until 2018.
Facebook

Facebook's New Captcha Test: 'Upload A Clear Photo of Your Face' (wired.com) 302

An anonymous reader shares a report: Facebook may soon ask you to "upload a photo of yourself that clearly shows your face," to prove you're not a bot. The company is using a new kind of captcha to verify whether a user is a real person. According to a screenshot of the identity test shared on Twitter on Tuesday and verified by Facebook, the prompt says: "Please upload a photo of yourself that clearly shows your face. We'll check it and then permanently delete it from our servers." The process is automated, including identifying suspicious activity and checking the photo. To determine if the account is authentic, Facebook looks at whether the photo is unique.
Communications

FCC Chairman Keeps Up Assault on Social Media (axios.com) 193

Republican FCC Chairman Ajit Pai is doubling down on his critique of tech companies, asking whether social media is "a net benefit to American society" in remarks at the Media Institute on Wednesday. "Now, I will tell you upfront that I don't have an answer." From a report: What he said: Pai made the case that social media has been key to the politicization of many aspects of American life. "Everything nowadays is political. Everything. ... This view that politics-is-all is often made worse by social media," he said, per his prepared remarks.
Privacy

Sensitive Personal Information of 246,000 DHS Employees Found on Home Computer (usatoday.com) 59

The sensitive personal information of 246,000 Department of Homeland Security employees was found on the home computer server of a DHS employee in May, according to documents obtained by USA TODAY. From the report: Also discovered on the server was a copy of 159,000 case files from the inspector general's investigative case management system, which suspects in an ongoing criminal investigation intended to market and sell, according to a report sent by DHS Inspector General John Roth on Nov. 24 to key members of Congress. The information included names, Social Security numbers and dates of birth, the report said. The inspector general's acting chief information security officer reported the breach to DHS officials on May 11, while IG agents reviewed the details. Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected employees who were employed at the department through the end of 2014 about the breach.
Privacy

This Impenetrable Program Is Transforming How Courts Treat DNA Evidence (wired.com) 186

mirandakatz writes: Probabilistic genotyping is a type of DNA testing that's becoming increasingly popular in courtrooms: It uses complex mathematical formulas to examine the statistical likelihood that a certain genotype comes from one individual over another, and it can work with the subtlest traces of DNA. At Backchannel, Jessica Pishko looks at one company that's caught criminal justice advocates' attention: Cybergenetics, which sells a probabilistic genotyping program called TrueAllele -- and that refuses to reveal its source code. As Pishko notes, some legal experts are arguing that Trueallele revealing its source code 'is necessary in order to properly evaluate the technology. In fact, they say, justice from an unknown algorithm is no justice at all.'
Businesses

Apple Accuses Qualcomm of Patent Infringement in Countersuit (reuters.com) 34

From a report: Apple on Wednesday filed a countersuit against Qualcomm, alleging that Qualcomm's Snapdragon mobile phone chips that power a wide variety of Android-based devices infringe on Apple's patents, the latest development in a long-running dispute. Qualcomm in July accused Apple of infringing several patents related to helping mobile phones get better battery life. Apple has denied the claims that it violated Qualcomm's battery life patents and alleged that Qualcomm's patents were invalid, a common move in such cases. But on Wednesday, in a filing in U.S. District Court in San Diego, Apple revised its answer to Qualcomm's complaint with accusations of its own. Apple alleges it owns at least eight battery life patents that Qualcomm has violated.
Software

Three Quarters of Android Apps Track Users With Third Party Tools, Says Study (theguardian.com) 46

A study by French research organization Exodus Privacy and Yale University's Privacy Lab analyzed the mobile apps for the signatures of 25 known trackers and found that more than three in four Android apps contain at least one third-party "tracker." The Guardian reports: Among the apps found to be using some sort of tracking plugin were some of the most popular apps on the Google Play Store, including Tinder, Spotify, Uber and OKCupid. All four apps use a service owned by Google, called Crashlytics, that primarily tracks app crash reports, but can also provide the ability to "get insight into your users, what they're doing, and inject live social content to delight them." Other less widely-used trackers can go much further. One cited by Yale is FidZup, a French tracking provider with technology that can "detect the presence of mobile phones and therefore their owners" using ultrasonic tones. FidZup says it no-longer uses that technology, however, since tracking users through simple wifi networks works just as well.
Privacy

A Supreme Court Case This Week Could Change US Digital Privacy Standards 74

On November 29th, the U.S. Supreme Court will hear oral arguments in Carpenter v. US, a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data. For now, they do not. Given the fact that about 95% of Americans have cellphones, this case has major implications. Quartz reports: Mobile-service providers collect "cell site location information" (CSLI) for all phones, ostensibly to use for things like improving their networks. The U.S. government considers these data "routinely collected business records" rather than private information. That means it can demand the records without proving probable cause. That's what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter's trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.

In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.
Bug

MacOS High Sierra Bug Allows Login As Root With No Password (theregister.co.uk) 237

An anonymous reader quotes a report from The Register: A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen. The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended until you can fix the problem. And while obviously this situation is not the end of the world -- it's certainly far from a remote hole or a disk decryption technique -- it's just really, really sad to see megabucks Apple drop the ball like this. Developer Lemi Orhan Ergan was the first to alert the world to the flaw. The Register notes: "If you have a root account enabled and a password for it set, the black password trick will not work. So, keep the account enabled and set a root password right now..."
Businesses

Uber Trained Employees on How To 'Impede, Obstruct or Influence' Ongoing Legal Investigations, Ex-employee Says (cnbc.com) 62

From a report on CNBC: Uber faced fresh allegations on Tuesday that it deliberately took steps to keep " unlawful schemes from seeing the light of day." Hours of testimony on Tuesday centered around a letter from a former Uber security analyst's attorney to an Uber lawyer. The former analyst, Richard Jacobs, said in the letter there was a directive for Uber employees to use disappearing chat apps like Wickr, and that Uber sent employees to Pittsburgh (where it's developing its autonomous vehicles) to "educate" them on how to prevent "Uber's unlawful schemes from seeing the light of day." He reportedly made other bombshell allegations in the letter, including that employees at Uber were trained to "impede" ongoing investigations, multiple media outlets reported.
Security

New NSA Leak Exposes Red Disk, the Army's Failed Intelligence System (zdnet.com) 67

Zack Whittaker, reporting for ZDNet: The contents of a highly sensitive hard drive belonging to a division of the National Security Agency have been left online. The virtual disk image contains over 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk." The disk image belongs to the US Army's Intelligence and Security Command, known as INSCOM, a division of both the Army and the NSA. The disk image was left on an unlisted but public Amazon Web Services storage server, without a password, open for anyone to download. Unprotected storage buckets have become a recurring theme in recent data leaks and exposures. In the past year alone, Accenture, Verizon, and Viacom, and several government departments, were all dinged by unsecured data.
HP

HP Quietly Installs System-Slowing Spyware On Its PCs, Users Say (computerworld.com) 127

It hasn't been long since Lenovo settled a massive $3.5 million fine for preinstalling adware on laptops without users' consent, and it appears HP is on to the same route already. According to numerous reports gathered by news outlet Computer World, the brand is deploying a telemetry client on customer computers without asking permission. The software, called "HP Touchpoint Analytics Service", appears to replace the self-managed HP Touchpoint Manager solution. To make matter worse, the suite seems to be slowing down PCs, users say. From the report: Dubbed "HP Touchpoint Analytics Service," HP says it "harvests telemetry information that is used by HP Touchpoint's analytical services." Apparently, it's HP Touchpoint Analytics Client version 4.0.2.1435. There are dozens of reports of this new, ahem, service scattered all over the internet. According to Gunter Born, reports of the infection go all the way back to Nov. 15, when poster MML on BleepingComputer said: "After the latest batch of Windows updates, about a half hour after installing the last, I noticed that this had been installed on my computer because it showed up in the notes of my Kaspersky, and that it opened the Windows Dump File verifier and ran a disk check and battery test." According to Gartner, HP was the largest PC vendor in the quarter that ended in September this year.
Privacy

Researchers Identify 44 Trackers in More Than 300 Android Apps (bleepingcomputer.com) 87

Catalin Cimpanu, reporting for BleepingComputer: A collaborative effort between the Yale Privacy Lab and Exodus Privacy has shed light on dozens of invasive trackers that are embedded within Android apps and record user activity, sometimes without user consent. The results of this study come to show that the practice of collecting user data via third-party tracking code has become rampant among Android app developers and is now on par with what's happening on most of today's popular websites. The two investigative teams found tracking scripts not only in lesser known Android applications, where one might expect app developers to use such practices to monetize their small userbases, but also inside highly popular apps -- such as Uber, Twitter, Tinder, Soundcloud, or Spotify. The Yale and Exodus investigation resulted in the creation of a dedicated website that now lists all apps using tracking code and a list of trackers, used by these apps. In total, researchers said they identified 44 trackers embedded in over 300 Android apps.
Cellphones

White House Weighs Personal Mobile Phone Ban For Staff (bloomberg.com) 113

The White House is considering banning its employees from using personal mobile phones while at work. While President Trump has been vocal about press leaks since taking office, one official said the potential change is driven by cybersecurity concerns. Bloomberg reports: One official said that there are too many devices connected to the campus wireless network and that personal phones aren't as secure as those issued by the federal government. White House Chief of Staff John Kelly -- whose personal phone was found to be compromised by hackers earlier this year -- is leading the push for a ban, another official said. The White House already takes precautions with personal wireless devices, including by requiring officials to leave phones in cubbies outside of meeting rooms where sensitive or classified information is discussed. Top officials haven't yet decided whether or when to impose the ban, and if it would apply to all staff in the executive office of the president. While some lower-level officials support a ban, others worry it could result in a series of disruptive unintended consequences.
The Internet

Comcast Hints At Plan For Paid Fast Lanes After Net Neutrality Repeal (arstechnica.com) 308

An anonymous reader quotes a report from Ars Technica: For years, Comcast has been promising that it won't violate the principles of net neutrality, regardless of whether the government imposes any net neutrality rules. That meant that Comcast wouldn't block or throttle lawful Internet traffic and that it wouldn't create fast lanes in order to collect tolls from Web companies that want priority access over the Comcast network. This was one of the ways in which Comcast argued that the Federal Communications Commission should not reclassify broadband providers as common carriers, a designation that forces ISPs to treat customers fairly in other ways. The Title II common carrier classification that makes net neutrality rules enforceable isn't necessary because ISPs won't violate net neutrality principles anyway, Comcast and other ISPs have claimed.

But with Republican Ajit Pai now in charge at the Federal Communications Commission, Comcast's stance has changed. While the company still says it won't block or throttle Internet content, it has dropped its promise about not instituting paid prioritization. Instead, Comcast now vaguely says that it won't "discriminate against lawful content" or impose "anti-competitive paid prioritization." The change in wording suggests that Comcast may offer paid fast lanes to websites or other online services, such as video streaming providers, after Pai's FCC eliminates the net neutrality rules next month.

Businesses

Reddit, Twitter, and 200 Others Say Ending Net Neutrality Could Ruin Cyber Monday (theverge.com) 88

An anonymous reader shares a report: More than 200 businesses and trade organizations have signed a letter to the FCC asking that the agency reconsider its plan to end net neutrality. The letter is signed by an array of big and recognizable tech and web companies: that includes Airbnb, Automattic (which owns WordPress), Etsy, Foursquare, GitHub, Pinterest, Reddit, Shutterstock, Sonos, Square, Squarespace, Tumblr (certainly to the displeasure of its owner, Verizon), Twitter, and Vimeo, among quite a few others. The letter is being released on Cyber Monday and speaks directly to the internet's constantly growing role in the US economy. "The internet is increasingly where commerce happens," the letter says. It cites figures saying that $3.5 billion in online sales happed last year on Cyber Monday and $3 billion on Black Friday. Throughout all of last year, online purchases accounted for $400 billion in sales.
United States

Justices Ponder Need For Warrant For Cellphone Tower Data (apnews.com) 200

An anonymous reader shares a report: Like almost everyone else in America, thieves tend to carry their cellphones with them to work. When they use their phones on the job, police find it easier to do their jobs. They can get cellphone tower records that help place suspects in the vicinity of crimes, and they do so thousands of times a year. Activists across the political spectrum, media organizations and technology experts are among those arguing that it is altogether too easy for authorities to learn revealing details of Americans' lives merely by examining records kept by Verizon, T-Mobile and other cellphone service companies. On Wednesday, the Supreme Court hears its latest case about privacy in the digital age. At issue is whether police generally need a warrant to review the records. Justices on the left and right have recognized that technology has altered privacy concerns. The court will hear arguments in an appeal by federal prison inmate Timothy Carpenter. He is serving a 116-year sentence after a jury convicted him of armed robberies in the Detroit area and northwestern Ohio.
Businesses

Tim Wu: Why the Courts Will Have to Save Net Neutrality (nytimes.com) 251

Tim Wu, a law professor at Columbia who first coined the term "net neutrality," writes for the New York Times: Allowing such censorship is anathema to the internet's (and America's) founding spirit. And by going this far, the F.C.C. may also have overplayed its legal hand. So drastic is the reversal of policy (if, as expected, the commission approves Mr. Pai's proposal next month), and so weak is the evidence to support the change, that it seems destined to be struck down in court. The problem for Mr. Pai is that government agencies are not free to abruptly reverse longstanding rules on which many have relied without a good reason (Editor's note: the link could be paywalled), such as a change in factual circumstances. A mere change in F.C.C. ideology isn't enough. As the Supreme Court has said, a federal agency must "examine the relevant data and articulate a satisfactory explanation for its action." Given that net neutrality rules have been a huge success by most measures, the justification for killing them would have to be very strong. It isn't. In fact, it's very weak. From what we know so far, Mr. Pai's rationale for eliminating the rules is that cable and phone companies, despite years of healthy profit, need to earn even more money than they already do -- that is, that the current rates of return do not yield adequate investment incentives. More specifically, Mr. Pai claims that industry investments have gone down since 2015, the year the Obama administration last strengthened the net neutrality rules.
United States

Petition Calls for Ouster of FCC Chairman Pai (whitehouse.gov) 174

Long-time Slashdot reader speedplane writes: Yes, we've all heard that net neutrality is on its way out, and it seems NPR was able to snag one of the few (the only?) interview's of Ajit Pai on its effect. Sadly, NPR's Rachel Martin stuck to very broad and basic questions, and failed to press Pai on the change of policy. That said, it's worth a listen.
Pai insists that "We saw companies like Facebook, and Amazon and Google become global powerhouses precisely because we had light-touch rules that applied to this Internet. The Internet wasn't broken in 2015 when these heavy-handed regulations were adopted, and once we remove them, I think we'll continue to see the infrastructure investment that will benefit digital consumers and entrepreneurs alike... I've talked to a lot of companies that say, look, we want to be able to invest in these networks, especially in rural and low-income urban areas, but the more heavy-handed the regulations are, the less likely we can build a business case for doing it."

But New York's Attorney General Eric Schneiderman says he's spent six months investigating "a massive scheme to corrupt the FCC's notice and comment process" for net neutrality, adding that "the FCC has refused multiple requests for crucial evidence." (Nine requests over five months were ignored.) And now over 65,000 people have signed a new online petition at WhiteHouse.gov calling for the immediate removal of Ajit Pai as the FCC's chairman, calling him "a threat to our freedoms."

Meanwhile, The Verge has compiled "a list of the lawmakers who voted to betray you," with each listing also including "how much money they received from the telecom industry in their most recent election cycle."
Businesses

Big Tobacco Loses 11-Year Fight, Forced To Broadcast 'Dangers of Smoking' Ads (nbcnews.com) 274

An anonymous reader quotes NBC News: Smoking kills 1,200 people a day. The tobacco companies worked to make them as addictive as possible. There is no such thing as a safer cigarette. Ads with these statements hit the major television networks and newspapers this weekend, but they are not being placed by the American Cancer Society or other health groups. They're being placed by major tobacco companies, under the orders of the federal courts. "The ads will finally run after 11 years of appeals by the tobacco companies aimed at delaying and weakening them," the American Cancer Society, American Heart Association, American Lung Association, Americans for Nonsmokers' Rights, National African American Tobacco Prevention Network and the Tobacco-Free Kids Action Fund said in a joint statement.

"It's a pretty significant moment," the American Cancer Society's Cliff Douglas said. "This is the first time they have had to âfess up and tell the whole truth." The Justice Department started its racketeering lawsuit against the tobacco companies in 1999, seeking to force them to make up for decades of deception. Federal district judge Gladys Kessler ruled in 2006 that they'd have to pay for and place the ads, but the companies kept tying things up with appeals. "Employing the highest paid lawyers in America, the tobacco companies used every tool at their disposal to delay and complicate this litigation to avoid their day of reckoning," Douglas added.

The ads will inform Americans TV viewers that "More people die every year from smoking than from murder, AIDS, suicide, drugs, car crashes, and alcohol, combined," according to one of the ads." Besides $170 billion every year in medical costs -- plus another $156 billion in lost productivity -- roughly one in five deaths in America are smoking-related, according to the Centers for Disease Control and Prevention, with cigarettes killing 480,000 Americans every year.
Government

FBI Failed To Notify 70+ US Officials Targeted By Russian Hackers (apnews.com) 94

An anonymous reader quotes the AP: The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin's crosshairs, The Associated Press has found. Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.

"It's utterly confounding," said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. "You've got to tell your people. You've got to protect your people." The FBI declined to answer most questions from AP about how it had responded to the spying campaign... A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks... A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year's electoral contest. But to this day, some leak victims have not heard from the bureau at all.

Here's an interesting statistic from the AP's analysis. "Out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them."
Government

Russia and The US Fight Over Who Gets To Extradite A Hacker (cnn.com) 98

An anonymous reader quotes CNN: A young Russian alleged to have masterminded a massive hacking of social networks including LinkedIn and Dropbox is now at the center of an extradition struggle between the United States and Russia. Yevgeniy Nikulin was detained in October 2016, in the Czech Republic capital of Prague, after US authorities issued an international arrest warrant for him. He was on vacation there with his girlfriend. A grand jury indictment filed in 2016 in California charges him with computer intrusion and aggravated identity theft, among other offenses. Nikulin denies all the charges. If convicted of all charges, he could face a maximum sentence of more than 50 years in prison and more than $2 million in fines.

But soon after his arrest, Russian authorities also sought his extradition. The Russian charge referred to the alleged theft from an online money transfer company back in 2009. The amount involved was $3,450... The Foreign Ministry in Moscow said soon afterward it was "actively working with the Czech authorities to prevent the extradition of a Russian citizen to the United States."

Patents

Patent Trolls Are Losing More. Will America's Supreme Court Change That? (nytimes.com) 127

jespada writes: New York Times has an article warning that the Patent Appeal and Trial Board is being challenged on the basis that patents represent real property and that a government agency is not empowered to take real property.
Here's a quotes from the Times article. (Non-paywalled version here): In the five years since it began its work -- a result of the America Invents Act of 2011 -- the Patent Trial and Appeal Board has saved companies more than $2 billion in legal fees alone, according to Joshua Landau, patent counsel at the Computer and Communications Industry Association, offering an expeditious and relatively cheap avenue to challenge patents of doubtful validity. The benefits of stopping bad patents from snaking their way through the economy have been even greater. Companies no longer have to pay ransom so the threat of lawsuits over dubious royalty payments -- filed by aggressive litigants known as trolls -- will go away... But for all the benefits of culling faulty intellectual-property rights, the board is under existential threat. Next week, the Supreme Court will hear a challenge that the patent office's new procedure is unconstitutional...
The Internet

Taking The Profit Out Of Killing 'Net Neutrality' (cringely.com) 257

Robert Cringely has a plan to ensure that internet providers will never profit from the end of net neutrality: We are being depended upon to act like sheep -- Internet browsing sheep, if such exist -- and without a plan that's exactly what we'll be. The key to my plan is that this is a rare instance where consumers are not alone. There are just as many or more huge companies that would prefer to keep Net Neutrality as those that oppose it... Those companies in favor of Net Neutrality obviously include the big streamers like Amazon, Hulu, Netflix, YouTube and a bunch of others. They also includes nearly every big Internet concern including Google, Facebook, Apple, and Microsoft. Those are some pretty big friends to have on your side -- our side...

So I suggest we all join ZeroTier (ZT), a thriving networking startup operating in Irvine, California. There are other companies like it but I just think ZeroTier is presently the best. ZeroTier is a very sophisticated Virtual Private Network (VPN) company that has created a Software Defined Network that goes beyond what normal VPNs are capable of. To your computer or almost any other networked device (even your smart phone), ZT looks like an Ethernet port, whether your device has Ethernet or not. Through that virtual Ethernet port you connect to a virtual IPv6 Local Area Network that's as big as the Internet itself, though the only users on this overlay network are ZT members.

The trick is to get all those big companies that are pro-Net Neutrality to join ZT. The most it will cost even Netflix is $750 per month, which is probably less than the company spends on salad bars in their Los Gatos HQ. Embracing ZT doesn't mean rejecting the regular Internet. Netflix can still be reached the old fashion way. I just want them to add a presence on ZT, too... What the ISPs won't like about this plan is that ZT traffic can't be read to determine what rules or pricing to apply. They could throttle it all down, but throttling that much traffic isn't really practical.

Security

Should Brokers Use 'Voice Prints' For Stock Transactions? (cnbc.com) 64

Fidelity and Charles Schwab now allow traders to use "voice prints" to authorize stock transactions. But there's more to the story, argues long-time Slashdot reader maiden_taiwan: Fidelity Investments is touting its new security feature, MyVoice, which allows a customer to access his/her financial accounts by telephone without a password. "When you call Fidelity, you'll no longer have to enter PINs or passwords because Fidelity MyVoice helps you interact with us securely and more conveniently. Through natural conversation, MyVoice will detect and verify your voiceprint in the first few moments of the call... Fidelity MyVoice performs even if you have a cold, allergies, or a sore throat."

Based on my own experience, Fidelity now enables MyVoice automatically for its customers who call in for other reasons. Apparently, their conversation with Fidelity customer service provides enough data for MyVoice to recognize them. (Customers are informed afterward that MyVoice has been enabled, and they can opt out, although they aren't told that opting out is possible.)

It's not clear whether Fidelity is creating voice profiles of their customers without asking first. (Fidelity's site says only that their representatives will "offer" to enroll you the next time you call.) But the original submission ends with two more questions. "In an era where Apple's face recognition is easily defeated by family members, is voice recognition any more secure?"

And "Is a 'voiceprint' even possible?"
Government

Bloomberg Op-Ed: The Internet 'Already Lost Its Neutrality' (japantimes.co.jp) 171

An anonymous reader quotes a new Bloomberg opinion piece on net neutrality: The internet will be filled today with denunciations of this move, threats of a dark future in which our access to content will be controlled by a few powerful companies. And sure, that may happen. But in fact, it may already have happened, led not by ISPs, but by the very companies that were fighting so hard for net neutrality... Our experience of the internet is increasingly controlled by a handful of firms, most especially Google and Facebook. The argument for regulating these companies as public utilities is arguably at least as strong as the argument for thus regulating ISPs, and very possibly much stronger; while cable monopolies may have local dominance, none of them has the ability that Google and Facebook have to unilaterally shape what Americans see, hear and read.

In other words, we already live in the walled garden that activists worry about, and the walls are getting higher every day... The fact that these firms were able to cement their power at the moment when regulators were most focused on keeping the internet open tells you just how difficult it is to get that sort of regulation right; while you are looking hard at one danger, an equally large one may be creeping up just outside the range of your peripheral vision.

Robotics

Is Sharp's Robot Vacuum Cleaner Vulnerable To Remote Take-over? (jvn.jp) 42

Slashdot reader AmiMoJo reports: Sharp's COCOROBO (heart-bot) vacuum cleaners can not just clean your house. They have cameras that can be viewed from a smart phone, and automatically take pictures of things they find under your sofa. They have microphones and voice recognition, and are able to ask how your day was when you get home from work. You can even activate their speakers and talk to your pets from the office. Unfortunately, so can anyone else if you don't install critical firmware updates.
JPCERT's warning says that the attacker must be on the same LAN to impersonate you, though "as a result, there is a possibility that an arbitrary operation may be conducted."
United States

Bipartisan US Election Group Issues Security Tips (reuters.com) 103

An anonymous reader quotes Reuters: A bipartisan Harvard University project aimed at protecting elections from hacking and propaganda will release its first set of recommendations today on how U.S. elections can be defended from hacking attacks. The 27-page guidebook calls for campaign leaders to emphasize security from the start and insist on practices such as two-factor authentication for access to email and documents and fully encrypted messaging via services including Signal and Wickr. The guidelines are intended to reduce risks in low-budget local races as well as the high-stakes Congressional midterm contests next year.

Though most of the suggestions cost little or nothing to implement and will strike security professionals as common sense, notorious attacks including the leak of the emails of Hillary Clinton's campaign chair, John Podesta, have succeeded because basic security practices were not followed... "We heard from campaigns that there is nothing like this that exists," said Debora Plunkett, a 31-year veteran of the National Security Agency who joined the Belfer Center this year. "We had security experts who understood security and election experts who understood campaigns, and both sides were eager to learn how the other part worked."

The group includes "top security experts" from both Google and Facebook.
Privacy

Imgur Confirms Email Addresses, Passwords Stolen In 2014 Hack (zdnet.com) 38

An anonymous reader quotes a report from ZDNet: Imgur, one of the world's most visited websites, has confirmed a hack dating back to 2014. The company confirmed to ZDNet that hackers stole 1.7 million email addresses and passwords, scrambled with the SHA-256 algorithm, which has been passed over in recent years in favor of stronger password scramblers. Imgur said the breach didn't include personal information because the site has "never asked" for real names, addresses, or phone numbers. The stolen accounts represent a fraction of Imgur's 150 million monthly users. The hack went unnoticed for four years until the stolen data was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned. Hunt informed the company on Thursday, a US national holiday observing Thanksgiving, when most businesses are closed. A day later, the company started resetting the passwords of affected accounts, and published a public disclosure alerting users of the breach.
Communications

More Than a Million Pro-Repeal Net Neutrality Comments Were Likely Faked (hackernoon.com) 177

Jeff Kao from Hacker Noon used natural language processing techniques to analyze net neutrality comments submitted to the FCC from April-October 2017 and found that at least 1.3 million pro-repeal net neutrality comments were faked. From the report: NY Attorney General Schneiderman estimated that hundreds of thousands of Americans' identities were stolen and used in spam campaigns that support repealing net neutrality. My research found at least 1.3 million fake pro-repeal comments, with suspicions about many more. In fact, the sum of fake pro-repeal comments in the proceeding may number in the millions. In this post, I will point out one particularly egregious spambot submission, make the case that there are likely many more pro-repeal spambots yet to be confirmed, and estimate the public position on net neutrality in the "organic" public submissions. [The key findings include:]

1. One pro-repeal spam campaign used mail-merge to disguise 1.3 million comments as unique grassroots submissions.
2. There were likely multiple other campaigns aimed at injecting what may total several million pro-repeal comments into the system.
3. It's highly likely that more than 99% of the truly unique comments were in favor of keeping net neutrality.

The Courts

AT&T, Comcast Lawsuit Has Nullified a City's Broadband Competition Law (arstechnica.com) 74

An anonymous reader quotes a report from Ars Technica: AT&T and Comcast have convinced a federal judge to nullify an ordinance that was designed to bring more broadband competition to Nashville, Tennessee. The Nashville Metro Council last year passed a "One Touch Make Ready" rule that gives Google Fiber or other new ISPs faster access to utility poles. The ordinance lets a single company make all of the necessary wire adjustments on utility poles itself, instead of having to wait for incumbent providers like AT&T and Comcast to send work crews to move their own wires. AT&T and Comcast sued the metro government in U.S. District Court in Nashville, claiming that federal and local laws preempt the One Touch Make Ready rule. Judge Victoria Roberts agreed with AT&T and Comcast in a ruling issued Tuesday. Google Fiber is offering service in Nashville despite saying last year that it was waiting for access to thousands of utility poles. "We're reviewing [the] court ruling to understand its potential impact on our build in Nashville," a Google spokesperson said this week, according to The Tennessean. "We have made significant progress with new innovative deployment techniques in some areas of the city, but access to poles remains an important issue where underground deployment is not a possibility."

Slashdot Top Deals