Kansas 'Swat' Perpetrator Had Already Been To Prison For Fake Bomb Threats ( 315

More details are emerging about an online gamer whose fake call to Kansas police led to a fatal shooting:
  • "After phoning in a false bomb threat to a Glendale, California TV station in 2015, Tyler Barriss threatened to kill his grandmother if she reported him, according to local reports and court documents." -- The Wichita Eagle
  • "The Glendale Police Department confirmed to ABC News that Tyler Barriss made about 20 calls to universities and media outlets throughout the country around the time he was arrested for a bomb threat to Los Angeles ABC station KABC in 2015... He was sentenced to two years and eight months in jail, court records show." -- ABC News
  • "Within months of his release in August, he had already become the target of a Los Angeles Police Department investigation into similar hoax calls... LAPD detectives were planning to meet with federal prosecutors to discuss their investigation..." -- The Los Angeles Times
  • The Wichita Eagle reports that even after the police had fatally shot the person SWauTistic was pretending to be, he continued his phone call with the 911 operator for another 16 minutes -- on a call which lasted over half an hour.
  • Brian Krebs reports that police may have been aided in their investigation by another reformed SWAT perpetrator -- adding that SWauTistic privately claimed to have already called in fake emergencies at approximately 100 schools and 10 homes.

Just last month SWauTistic's Twitter account showed him bragging about a bomb threat which caused the evacuation of a Dallas convention center, according to the Daily Beast -- after which SWauTistic encouraged his Twitter followers to also follow him on a second account, "just in case twitter suspends me for being a god." Later the 25-year-old tweeted that "if you can't pull off a swat without getting busted you're not a leet hacking God its that simple."

Barriss remains in jail in Los Angeles with no bond, though within three weeks he's expected to be extradited to Kansas for his next trial.


Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs ( 220

An anonymous reader quotes a report from The Guardian: Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week. Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel's delay in public disclosure from when it was first notified by researchers of the flaws in June. Intel said in a statement it "can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment." The plaintiffs also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," Intel said in an earlier statement.

Why Twitter Hasn't Banned President Trump ( 449

An anonymous reader quotes a report from The Verge: Amid vocal calls for the company to act, Twitter today offered its first explanation for why it hasn't banned President Donald Trump -- without ever saying the man's name. "Elected world leaders play a critical role in that conversation because of their outsized impact on our society," the company said in a blog post. "Blocking a world leader from Twitter or removing their controversial Tweets, would hide important information people should be able to see and debate. It would also not silence that leader, but it would certainly hamper necessary discussion around their words and actions." In its blog post, Twitter reiterated its previous statement that all accounts still must follow the company's rules. The statement seemed to leave open the possibility that it might one day take action against Trump's account, or the accounts of other world leaders who might use the platform to incite violence or otherwise break its rules. "We review Tweets by leaders within the political context that defines them, and enforce our rules accordingly," it said. In response to the claims that Twitter doesn't ban President Trump because he draws attention -- and ad revenue -- to the company, Twitter said: "No one person's account drives Twitter's growth, or influences these decisions. We work hard to remain unbiased with the public interest in mind."

Don't Pirate Or We'll Mess With Your Connected Thermostats, Warns East Coast ISP ( 252

Internet service provider Armstrong Zoom has roughly a million subscribers in the Northeastern part of the U.S. and is keen to punish those it believes are using file-sharing services. According to Engadget, "the ISP's response to allegedly naughty customers is bandwidth throttling, which is when an ISP intentionally slows down your internet service based on what you're doing online. Armstrong Zoom's warning letter openly threatens its suspected file-sharing customers about its ability to use or control their webcams and connected thermostats." From the report: The East Coast company stated: "Please be advised that this may affect other services which you may have connected to your internet service, such as the ability to control your thermostat remotely or video monitoring services." All U.S. states served by Armstrong Zoom will be experiencing temperatures around or under freezing over the weekend and into the near future. Bandwidth throttling for customers in those areas who have connected thermostats could mean the difference between sickness and health, or even life and death. Seems like an extreme punishment for any allegedly downloaded Game of Thrones cam rips.

New US Customs Guidelines Limit Copying Files and Searching Cloud Data ( 71

The U.S. Customs and Border Protection Agency has updated its guidelines for electronic border searches, adding new detail to border search rules that were last officially updated in 2009. The Verge reports: Officers can still request that people unlock electronic devices for inspection when they're entering the U.S., and they can still look through any files or apps on those devices. But consistent with a statement from acting commissioner Kevin McAleenan last summer, they're explicitly banned from accessing cloud data -- per these guidelines, that means anything that can't be accessed while the phone's data connection is disabled. The guidelines also draw a distinction between "basic" and "advanced" searches. If officers connect to the phone (through a wired or wireless connection) and copy or analyze anything on it using external devices, that's an advanced search, and it can only be carried out with reasonable suspicion of illegal activity or a national security concern. A supervisor can approve the search, and "many factors" might create reasonable suspicion, including a terrorist watchlist flag or "other articulable factors."
Operating Systems

Eben Upton Explains Why Raspberry Pi Isn't Vulnerable To Spectre Or Meltdown ( 116

Raspberry Pi founder and CEO Eben Upton says the Raspberry Pi isn't susceptible to the "Spectre" or "Meltdown" vulnerabilities because of the particular ARM cores they use. "Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel's address space (which should normally be inaccessible to user programs)," Upton writes. He goes on to provide a "primer on some concepts in modern processor design" and "illustrate these concepts using simple programs in Python syntax..."

In conclusion: "Modern processors go to great lengths to preserve the abstraction that they are in-order scalar machines that access memory directly, while in fact using a host of techniques including caching, instruction reordering, and speculation to deliver much higher performance than a simple processor could hope to achieve," writes Upton. "Meltdown and Spectre are examples of what happens when we reason about security in the context of that abstraction, and then encounter minor discrepancies between the abstraction and reality. The lack of speculation in the ARM1176, Cortex-A7, and Cortex-A53 cores used in Raspberry Pi render us immune to attacks of the sort."

Ex-NSA Hacker Is Building an AI To Find Hate and Far-Right Symbols on Twitter and Facebook ( 509

Motherboard reporter Lorenzo Franceschi-Bicchierai has interviewed Emily Crose, a former NSA hacker, who has built NEMESIS, an AI-powered program that can help spot symbols that have been co-opted by hate groups to signal to each other in plain sight. Crose, who has also moderated Reddit in the past, thought of building NEMESIS after the Charlottesville, Virginia incident last year. From the report: Crose's motivation is to expose white nationalists who use more or less obscure, mundane, or abstract symbols -- or so-called dog whistles -- in their posts, such as the Black Sun and certain Pepe the frog memes. Crose's goal is not only to expose people who use these symbols online but hopefully also push the social media companies to clamp down on hateful rhetoric online. "The real goal is to educate people," Crose told me in a phone call. "And a secondary goal: I'd really like to get the social media platforms to start thinking how they can enforce some decency on their own platforms, a certain level of decorum." [...]

At a glance, the way NEMESIS works is relatively simple. There's an "inference graph," which is a mathematical representation of trained images, classified as Nazi or white supremacist symbols. This inference graph trains the system with machine learning to identify the symbols in the wild, whether they are in pictures or videos. In a way, NEMESIS is dumb, according to Crose, because there are still humans involved, at least at the beginning. NEMESIS needs a human to curate the pictures of the symbols in the inference graph and make sure they are being used in a white supremacist context. For Crose, that's the key to the whole project -- she absolutely does not want NEMESIS to flag users who post Hindu swastikas, for example -- so NEMESIS needs to understand the context. "It takes thousands and thousands of images to get it to work just right," she said.


Leading Lobbying Group for Amazon, Facebook, Google and Other Tech Giants is Joining the Legal Battle To Restore Net Neutrality ( 77

A leading lobbying group for Amazon, Facebook, Google, Netflix, Twitter and other tech giants said Friday that it would be joining the coming legal crusade to restore the U.S. government's net neutrality rules. From a report: The Washington, D.C.-based Internet Association specifically plans to join a lawsuit as an intervening party, aiding the challenge to FCC Chairman Ajit Pai's vote in December to repeal regulations that required internet providers like AT&T and Comcast to treat all web traffic equally, its leader confirmed to Recode. Technically, the Internet Association isn't filing its own lawsuit. That task will fall to companies like Etsy, public advocates like Free Press and state attorneys general, all of which plan to contend they are most directly harmed by Pai's decision, as Recode first reported this week. As an intervener, though, the Internet Association still will play a crucial role, filing legal arguments in the coming case. And in formally participating, tech giants will have the right to appeal a judge's decision later if Silicon Valley comes out on the losing end. "The final version of Chairman Pai's rule, as expected, dismantles popular net neutrality protections for consumers," said the group's chief, Michael Beckerman, in a statement. "This rule defies the will of a bipartisan majority of Americans and fails to preserve a free and open internet."

What Happens When States Have Their Own Net Neutrality Rules? ( 179

Last month FCC Chairman Ajit Pai dismantled Obama-era rules on net neutrality. A handful of lawmakers in liberal-leaning U.S. states plan to spend this year building them back up. FCC anticipated the move -- the commission's rules include language forbidding states from doing this, warning against an unwieldy patchwork of regulations. But lawmakers in New York and California aren't aiming to be exceptions to the national rules; they're looking to, in effect, create their own. From a report: In New York, Assemblywoman Patricia Fahy introduced a bill that would make it a requirement for internet providers to adhere to the principles of net neutrality as a requirement for landing state contracts. This would mean they couldn't block or slow down certain web traffic, and couldn't offer faster speeds to companies who pay them directly. Fahy said the restrictions on contractors would apply even if the behaviors in question took place outside New York. She acknowledged that the approach could run afoul of limits on states attempting to regulate interstate commerce, but thought the bill could "thread the needle." Even supporters of state legislation on net neutrality think this may go too far. California State Senator Scott Wiener introduced a bill this week that would only apply to behavior within the state, saying any other approach would be too vulnerable to legal challenge.

But this wouldn't be the first time a large state threw around its weight in ways that reverberate beyond its borders. The texbook industry, for instance, has long accommodated the standards of California and Texas. [...] The internet doesn't lend itself cleanly to state lines. It could be difficult for Comcast or Verizon to accept money from services seeking preferential treatment in one state, then make sure that its network didn't reflect those relationships in places where state lawmakers forbade them, said Geoffrey Manne, executive director of the International Center for Law & Economics, a research group.


Amazon Alexa is Coming To Headphones, Smart Watches, Bathrooms and More ( 89

An anonymous reader shares a CNBC report: Amazon announced new tools on Friday that will allow gadget-makers to include the smart voice assistant in a whole array of new products. Alexa is Amazon's smart voice assistant and it has slowly made its way from the Amazon Echo into third-party speakers, refrigerators and, soon, even microwaves. Now, with Amazon's Alexa Mobile Accessory Kit, device makers will be able to build Alexa into headphones, smart watches, fitness trackers and more. That means you may soon be able to look down at your wrist and ask Alexa the weather, or to remind you to pick up eggs at the grocery store. CNET reports Kohler, a company that makes plumbing products, wants to bring Alexa to your bathroom as well.

The FCC Is Preparing To Weaken the Definition of Broadband ( 217

An anonymous reader quotes a report from DSLReports: Under Section 706 of the Telecommunications Act, the FCC is required to consistently measure whether broadband is being deployed to all Americans uniformly and "in a reasonable and timely fashion." If the FCC finds that broadband isn't being deployed quickly enough to the public, the agency is required by law to "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market." Unfortunately whenever the FCC is stocked by revolving door regulators all-too-focused on pleasing the likes of AT&T, Verizon and Comcast -- this dedication to expanding coverage and competition often tends to waver.

What's more, regulators beholden to regional duopolies often take things one-step further -- by trying to manipulate data to suggest that broadband is faster, cheaper, and more evenly deployed than it actually is. We saw this under former FCC boss Michael Powell (now the top lobbyist for the cable industry), and more recently when the industry cried incessantly when the base definition of broadband was bumped to 25 Mbps downstream, 4 Mbps upstream. We're about to see this effort take shape once again as the FCC prepares to vote in February for a new proposal that would dramatically weaken the definition of broadband. How? Under this new proposal, any area able to obtain wireless speeds of at least 10 Mbps down, 1 Mbps would be deemed good enough for American consumers, pre-empting any need to prod industry to speed up or expand broadband coverage.


France's President Macron Wants To Block Websites During Elections To Fight 'Fake News' ( 299

French President Emmanuel Macron has a rather extreme approach to combat fake news: ban entire websites. In a speech to journalists on Wednesday, Macron said he planned to introduce new legislation to strictly regulate fake news during online political campaigns. Gizmodo reports: His proposal included a number of measures, most drastically "an emergency legal action" that could enable the government to either scrap "fake news" from a website or even block a website altogether. "If we want to protect liberal democracies, we must be strong and have clear rules," Macron said. "When fake news are spread, it will be possible to go to a judge... and if appropriate have content taken down, user accounts deleted and ultimately websites blocked."

Macron, himself a target of election interference, also outlined some less extreme measures in his speech yesterday. He proposed more rigid requirements around transparency, specifically in relation to online ads during elections. According to the Guardian, Macron said the legislation would force platforms to publicly identify who their advertisers are, as well as limit how much they can spend on ads over the course of an election campaign.


White House Bans Use of Personal Devices From West Wing ( 205

In the wake of damaging reports of a chaotic Trump administration detailed in a new book from Michael Wolff, the White House is instituting new policies on the use of personal cellphones in the West Wing. CBS News reports: White House Press Secretary Sarah Huckabee Sanders released the following statement on the policy change: "The security and integrity of the technology systems at the White House is a top priority for the Trump administration and therefore starting next week the use of all personal devices for both guests and staff will no longer be allowed in the West Wing. Staff will be able to conduct business on their government-issued devices and continue working hard on behalf of the American people."

Wolff reportedly gained access to the White House where he conducted numerous interviews with staffers on the inner-workings of the Trump campaign and West Wing operations. Sanders told reporters Wednesday that there were about "a dozen" interactions between Wolff and White House officials, which she said took place at Bannon's request. The White House swiftly slammed the book and those who cooperated with Wolff.


How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found ( 138

Reuters tells the story of how Daniel Gruss, a 31-year-old information security researcher and post-doctoral fellow at Austria's Graz Technical University, hacked his own computer and exposed a flaw in most of the Intel chips made in the past two decades. Prior to his discovery, Gruss and his colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor's "kernel" memory, which is meant to be inaccessible to users, was only theoretically possible. From the report: "When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked," Gruss told Reuters in an email interview, describing how he had unlocked personal data that should be secured. Gruss, Lipp and Schwarz, working from their homes on a weekend in early December, messaged each other furiously to verify the result. "We sat for hours in disbelief until we eliminated any possibility that this result was wrong," said Gruss, whose mind kept racing even after powering down his computer, so he barely caught a wink of sleep.

Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found." The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995. Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan's Softbank.


Google Blocks Pirate Search Results Prophylactically ( 38

Google is accepting "prophylactic" takedown requests to keep pirated content out of its search results, an anonymous reader writes, citing a TorrentFreak report. From the article: Over the past year, we've noticed on a few occasions that Google is processing takedown notices for non-indexed links. While we assumed that this was an 'error' on the sender's part, it appears to be a new policy. "Google has critically expanded notice and takedown in another important way: We accept notices for URLs that are not even in our index in the first place. That way, we can collect information even about pages and domains we have not yet crawled," Caleb Donaldson, copyright counsel at Google writes. In other words, Google blocks URLs before they appear in the search results, as some sort of piracy vaccine. "We process these URLs as we do the others. Once one of these not-in-index URLs is approved for takedown, we prophylactically block it from appearing in our Search results, and we take all the additional deterrent measures listed above." Some submitters are heavily relying on the new feature, Google found. In some cases, the majority of the submitted URLs in a notice are not indexed yet.

Personal Data of a Billion Indians Sold Online For $8, Report Claims ( 74

Michael Safi, reporting for The Guardian: The personal information of more than a billion Indians stored in the world's largest biometric database can be bought online for less than $8, according to an investigation by an Indian newspaper. The reported breach is the latest in a series of alleged leaks from the Aadhaar database, which has been collecting the photographs, thumbprints, retina scans and other identifying details of every Indian citizen. The report in the Chandigarh-based Tribune newspaper claimed that software is also being sold online that can generate fake Aadhaar cards, an identity document that is required to access a growing number of government services including free meals and subsidised grain. The Unique Identification Authority of India (UIDAI), which administers the Aadhaar system, said it appeared the newspaper had accessed only limited details through a search facility that had been made available to government officials.
The Internet

Ajit Pai Backs Out of Planned CES 2018 Appearance ( 277

New submitter sdinfoserv writes: Ajit Pai, the most hated person in tech since Darl McBride, backed out of a speaking engagement at CES 2018. Apparently he lacks the spine to justify himself before the group of individuals his decisions affect most. Consumer Technology Association head Gary Shapiro announced: "Unfortunately, Federal Communications Commission Chairman Ajit Pai is unable to attend CES 2018. We look forward to our next opportunity to host a technology policy discussion with him before a public audience."
The Internet

After Beating Cable Lobby, Colorado City Moves Ahead With Muni Broadband ( 198

Last night, the city council in Fort Collins, Colorado, voted to move ahead with a municipal fiber broadband network providing gigabit speeds, two months after the cable industry failed to stop the project. Ars Technica reports: Last night's city council vote came after residents of Fort Collins approved a ballot question that authorized the city to build a broadband network. The ballot question, passed in November, didn't guarantee that the network would be built because city council approval was still required, but that hurdle is now cleared. Residents approved the ballot question despite an anti-municipal broadband lobbying campaign backed by groups funded by Comcast and CenturyLink. The Fort Collins City Council voted 7-0 to approve the broadband-related measures, a city government spokesperson confirmed to Ars today.

While the Federal Communications Commission has voted to eliminate the nation's net neutrality rules, the municipal broadband network will be neutral and without data caps. "The network will deliver a 'net-neutral' competitive unfettered data offering that does not impose caps or usage limits on one use of data over another (i.e., does not limit streaming or charge rates based on type of use)," a new planning document says. "All application providers (data, voice, video, cloud services) are equally able to provide their services, and consumers' access to advanced data opens up the marketplace." The city will also be developing policies to protect consumers' privacy. The city intends to provide gigabit service for $70 a month or less and a cheaper Internet tier.


2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices ( 12

chicksdaddy quotes a report from The Security Ledger: Security researchers say that serious security vulnerabilities linger in GPS software by the China-based firm ThinkRace more than two years after the hole was discovered and reported to the firm, The Security Ledger reports. Data including a GPS enabled device's location, serial number, assigned phone number and model and type of device can be accessed by any user with access to the GPS service. In some cases, other information is available including the device's location history going back 1 week. In some cases, malicious actors could also send commands to the device via SMS including those used to activate or deactivate GEO fencing alarms features, such as those used on child-tracking devices.

The vulnerabilities affect hundreds of thousands of connected devices that use the GPS services, from smart watches, to vehicle GPS trackers, fitness trackers, pet trackers and more. At issue are security holes in back-end GPS tracking services that go by names like,, and, according to Michael Gruhn, an independent security researcher who noted the insecure behavior in a location tracker he acquired and has helped raise awareness of the widespread flaws. Working with researcher Vangelis Stykas, Gruhn discovered scores of seemingly identical GPS services, many of which have little security, allowing low-skill hackers to directly access data on GPS tracking devices.

Alas, news about the security holes is not new. In fact, the security holes in ThinkRace's GPS services are identical to those discovered by New Zealand researcher Lachlan Temple in 2015 and publicly disclosed at the time. Temple's research focused on one type of device: a portable GPS tracker that plugged into a vehicle's On Board Diagnostic (or OBD) port. However, Stykas and Gruhn say that they have discovered the same holes spread across a much wider range of APIs (application program interfaces) and services linked to ThinkRace.


Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users ( 375

An anonymous reader quotes a report from Hot Hardware: The tech blogosphere lit up yesterday afternoon after reports of a critical bug in modern Intel processors has the potential to seriously impact systems running Windows, Linux and macOS. The alleged bug is so severe that it cannot be corrected with a microcode update, and instead, OS manufacturers are being forced to address the issue with software updates, which in some instances requires a redesign of the kernel software. Some early performance benchmarks have even suggested that patches to fix the bug could result in a performance hit of as much as 30 percent. Since reports on the issues of exploded over the past 24 hours, Intel is looking to cut through the noise and tell its side of the story. The details of the exploit and software/firmware updates to address the matter at hand were scheduled to go live next week. However, Intel says that it is speaking out early to combat "inaccurate media reports."

Intel acknowledges that the exploit has "the potential to improperly gather sensitive data from computing devices that are operating as designed." The company further goes on state that "these exploits do not have the potential to corrupt, modify or delete data." The company goes on to state that the "average computer user" will be negligibly affected by any software fixes, and that any negative performance outcomes "will be mitigated over time." In a classic case of trying to point fingers at everyone else, Intel says that "many different vendors' processors" are vulnerable to these exploits.
You can read the full statement here.

Mozilla Will Delete Firefox Crash Reports Collected by Accident ( 38

Catalin Cimpanu, writing for BleepingComputer: Mozilla said last week it would delete all telemetry data collected because of a bug in the Firefox crash reporter. According to Mozilla engineers, Firefox has been collecting information on crashed background tabs from users' browsers since Firefox 52, released in March 2017. Firefox versions released in that time span did not respect user-set privacy settings and automatically auto-submitted crash reports to Mozilla servers. The browser maker fixed the issue with the release of Firefox 57.0.3. Crash reports are not fully-anonymized.
The Internet

The FCC Is Still Tweaking Its Net Neutrality Repeal ( 68

An anonymous reader quotes a report from TechCrunch: You may think, from the pomp accompanying the FCC's vote in December to repeal the 2015 net neutrality rules, that the deed was accomplished. Not so -- in fact, the order hasn't even reached its final form: the Commission is still working on it. But while it may be frustrating, this is business as usual for regulations like this, and concerned advocates should conserve their outrage for when it's really needed. The "Restoring Internet Freedom" rule voted on last month was based on a final draft circulated several weeks before the meeting at which it would be adopted. But as reports at the time noted, significant edits (i.e. not fixing typos) were still going into the draft the day before the FCC voted. Additional citations, changes in wording and more serious adjustments may be underway. It may sound like some serious shenanigans are being pulled, but this is how the sausage was always made, and it's actually one of Chairman Ajit Pai's handful of commendable efforts that the process is, in some ways at least, more open to the public. The question of exactly what is being changed, however, we will have ample time to investigate: The rules will soon be entered into the federal register, at which point they both come into effect and come under intense scrutiny and legal opposition.
The Courts

Spotify Hit With $1.6 Billion Copyright Lawsuit ( 132

The Wixen Music Publishing company, which administers song compositions by Tom Petty, Dan Auerbach, Rivers Cuomo, Stevie Nicks, Neil Young, and others, has hit Spotify with a copyright lawsuit seeking $1.6 billion in damages. The publishing company filed the lawsuit on December 29, alleging the streaming giant is using Petty's "Free Fallin" and tens of thousands of other songs without license or compensation. SPIN reports: Back in September, Wixen objected to a $43 million settlement Spotify had arranged over another class action lawsuit brought by David Lowery (of Cracker and Camper van Beethoven) and Melissa Ferrick, stating it was "procedurally and substantively unfair to Settlement Class Members because it prevents meaningful participation by rights holders and offers them an unfair dollar amount in light of Spotify's ongoing, willful copyright infringement of their works." A judge has yet to rule on that settlement, and in the meantime, Wixen has moved to file its own lawsuit, which purports "as much as 21 percent of the 30 million songs on Spotify are unlicensed," according to The Hollywood Reporter.

"Spotify brazenly disregards United States Copyright law and has committed willful, ongoing copyright infringement," the complaint reads. "Wixen notified Spotify that it had neither obtained a direct or compulsory mechanical license for the use of the Works. For these reasons and the foregoing, Wixen is entitled to the maximum statutory relief."


US Calls On Iran To Unblock Social Media Sites Amid Protests ( 135

The Trump administration is calling on the government of Iran to stop blocking Instagram and other social media sites while encouraging Iranians to use special software to circumvent controls. "The great Iranian people have been repressed for many years," President Trump tweeted yesterday. "They are hungry for food & for freedom. Along with human rights, the wealth of Iran is being looted. Time for change!" ABC News reports: Undersecretary of State Steve Goldstein, in charge of public diplomacy, said the U.S. wants Iran's government to "open these sites" including the photo-sharing platform Instagram and the messaging app Telegram. "They are legitimate avenues for communication," Goldstein said. "People in Iran should be able to access those sites." Iranians seeking to evade the blocks can use virtual private networks, Goldstein said. Known as VPNs, the services create encrypted data "tunnels" between computers and are used in many countries to access overseas websites blocked by the local government. Despite the blocks, the United States is working to maintain communication with Iranians in the Farsi language, including through official accounts on Facebook, Twitter and other platforms. The State Department also was to distribute videos of top U.S. officials encouraging the protesters through those and other sites.

New Bill Could Finally Get Rid of Paperless Voting Machines ( 391

An anonymous reader quotes a report from Ars Technica: A bipartisan group of six senators has introduced legislation that would take a huge step toward securing elections in the United States. Called the Secure Elections Act, the bill aims to eliminate insecure paperless voting machines from American elections while promoting routine audits that would dramatically reduce the danger of interference from foreign governments. "With the 2018 elections just around the corner, Russia will be back to interfere again," said co-sponsor Sen. Kamala Harris (D-Calif.). So a group of senators led by James Lankford (R-Okla.) wants to shore up the security of American voting systems ahead of the 2018 and 2020 elections. And the senators have focused on two major changes that have broad support from voting security experts.

The first objective is to get rid of paperless electronic voting machines. Computer scientists have been warning for more than a decade that these machines are vulnerable to hacking and can't be meaningfully audited. States have begun moving away from paperless systems, but budget constraints have forced some to continue relying on insecure paperless equipment. The Secure Elections Act would give states grants specifically earmarked for replacing these systems with more secure systems that use voter-verified paper ballots. The legislation's second big idea is to encourage states to perform routine post-election audits based on modern statistical techniques. Many states today only conduct recounts in the event of very close election outcomes. And these recounts involve counting a fixed percentage of ballots. That often leads to either counting way too many ballots (wasting taxpayer money) or too few (failing to fully verify the election outcome). The Lankford bill would encourage states to adopt more statistically sophisticated procedures to count as many ballots as needed to verify an election result was correct -- and no more.


Toutiao, One of China's Most Popular News Apps, is Discovering the Risks Involved in Giving People Exactly What They Want Online ( 29

The New York Times reports: One of the world's most valuable start-ups got that way by using artificial intelligence to satisfy Chinese internet users' voracious appetite for news and entertainment. Every day, its smartphone app feeds 120 million people personalized streams of buzzy news stories, videos of dogs frolicking in snow, GIFs of traffic mishaps and listicles such as "The World's Ugliest Celebrities." Now the company is discovering the risks involved, under China's censorship regime, in giving the people exactly what they want. The makers of the popular news app Jinri Toutiao unveiled moves this week to allay rising concerns from the authorities (Editor's note: the link may be paywalled; alternative source).

Last week, the Beijing bureau of China's top internet regulator accused Toutiao of "spreading pornographic and vulgar information" and "causing a negative impact on public opinion online," and ordered that updates to several popular sections of the app be halted for 24 hours. In response, the app's parent company, Beijing Bytedance Technology, took down or temporarily suspended the accounts of more than 1,100 bloggers that it said had been publishing "low-quality content" on the app. It also replaced Toutiao's "Society" section with a new section called "New Era," which is heavy on state media coverage of government decisions.


Big Tech and Democracy Need To Work Together, Microsoft Executives Say ( 89

From a report: It's not often that Big Tech calls for more government action. But two top Microsoft executives -- Brad Smith, president and chief legal officer, and Carol Ann Browne, director of executive communications -- write in a tech trends forecast out today. "2018 will be a year when democratic governments can either work together to safeguard electoral processes or face a future where democracy is more fragile. [T]his needs to include work to protect campaigns from hacking, address social media issues, ensure the integrity of voting results, and protect vital census processes," they wrote.

China's WeChat Denies Storing User Chats ( 49

WeChat, China's most popular messenger app, on Tuesday denied storing users' chat histories, after a top businessman was quoted in media reports as saying he believed Tencent was monitoring everyone's account. From a report: " WeChat does not store any users' chat history. That is only stored in users' mobiles, computers and other terminals," WeChat said in a post on the social media platform. "WeChat will not use any content from user chats for big data analysis. Because of WeChat's technical model that does not store or analyse user chats, the rumour that 'we are watching your WeChat everyday' is pure misunderstanding." More than 900 million people use WeChat.

People Are Using PornHub To Stream 'Hamilton' and 'Zootopia' ( 92

An anonymous reader shares a report: There's more on PornHub than pornography. People are using the streaming-video site -- a sort of YouTube for pornography where users can upload and watch adult videos -- to stream pirated copies of high-profile titles like the Broadway musical Hamilton and Disney's animated movie Zootopia. Where YouTube has been fighting for years to keep pornography off its site, PornHub now finds itself in the position of having to purge its platform of videos that are decidedly safe for work. The full, 75-minute first act of the historical, Tony Award-winning play, Hamilton -- with its original cast, including creator and star Lin-Manuel Miranda -- is on PornHub, one Twitter user discovered. As the most sought after ticket in town, the play just set a new high-water mark (paywall) for Broadway after taking in $3.8 million at the box office for the week ending Dec. 24.

Germany Starts Enforcing Hate Speech Law ( 545

Germany is set to start enforcing a law that demands social media sites move quickly to remove hate speech, fake news and illegal material. From a report: Sites that do not remove "obviously illegal" posts could face fines of up to 50m euro ($60m). The law gives the networks 24 hours to act after they have been told about law-breaking material. Social networks and media sites with more than two million members will fall under the law's provisions. Facebook, Twitter and YouTube will be the law's main focus but it is also likely to be applied to Reddit, Tumblr and Russian social network VK. Other sites such as Vimeo and Flickr could also be caught up in its provisions.

Congo Shuts Down Internet Services 'Indefinitely' ( 88

On Saturday Engadget wrote: Authoritarian leaders are fond of severing communications in a bid to hold on to power, and that tradition sadly isn't going away. The Democratic Republic of Congo's government has ordered telecoms to cut internet and SMS access ahead of planned mass protests against President Joseph Kabila, whose administration has continuously delayed elections to replace him. Telecom minister Emery Okundji told Reuters that it was a response to "violence that is being prepared," but people aren't buying that argument. Officials had already banned demonstrations, and the country has history of cutting communications and blocking social network access in a bid to quash dissent.
And today in the wake of deadly protests, Congo announced that the internet shutdown will continue "indefinitely." The New York Times reports: At least eight people were killed and a dozen altar boys arrested in the Democratic Republic of Congo on Sunday after security forces cracked down on planned church protests against President Joseph Kabila's refusal to leave office before coming elections... Congolese security forces set up checkpoints across Kinshasa, and the government issued an order to shut down text messaging and internet services indefinitely across the country for what it called "reasons of state security."
Electronic Frontier Foundation

EFF Applauds 'Massive Change' to HTTPS ( 214

"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates...

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...

The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.


Kansas Swatting Perpetrator 'SWauTistic' Interviewed on Twitter ( 434

"That kids house that I swatted is on the news," tweeted "SWauTistic" -- before he realized he'd gotten somebody killed. Security researcher Brian Krebs reveals what happened next. When it became apparent that a man had been killed as a result of the swatting, Swautistic tweeted that he didn't get anyone killed because he didn't pull the trigger. Swautistic soon changed his Twitter handle to @GoredTutor36, but KrebsOnSecurity managed to obtain several weeks' worth of tweets from Swautistic before his account was renamed. Those tweets indicate that Swautistic is a serial swatter -- meaning he has claimed responsibility for a number of other recent false reports to the police. Among the recent hoaxes he's taken credit for include a false report of a bomb threat at the U.S. Federal Communications Commission (FCC) that disrupted a high-profile public meeting on the net neutrality debate. Swautistic also has claimed responsibility for a hoax bomb threat that forced the evacuation of the Dallas Convention Center, and another bomb threat at a high school in Panama City, Fla, among others.

After tweeting about the incident extensively Friday afternoon, KrebsOnSecurity was contacted by someone in control of the @GoredTutor36 Twitter account. GoredTutor36 said he's been the victim of swatting attempts himself, and that this was the reason he decided to start swatting others. He said the thrill of it "comes from having to hide from police via net connections." Asked about the FCC incident, @GoredTutor36 acknowledged it was his bomb threat. "Yep. Raped em," he wrote. "Bomb threats are more fun and cooler than swats in my opinion and I should have just stuck to that," he wrote. "But I began making $ doing some swat requests."

Krebs' article also links to a police briefing with playback from the 911 call. "There is no question that police officers and first responders across the country need a great deal more training to bring the number of police shootings way down..." Krebs argues. "Also, all police officers and dispatchers need to be trained on what swatting is, how to spot the signs of a hoax, and how to minimize the risk of anyone getting harmed when responding to reports about hostage situations or bomb threats."

But he also argues that filing a false police report should be reclassified as a felony in all states.

Tech Bros Bought Sex Trafficking Victims Using Amazon and Microsoft Work Emails ( 321

An anonymous reader writes: Newsweek's National Politics Correspondent reports on "a horny nest of prostitution 'hobbyists' at tech giants Microsoft, Amazon and other firms in Seattle," citing "hundreds" of emails "fired off by employees at major tech companies hoping to hook up with trafficked Asian women" between 2014 and 2016, "67 sent from Microsoft, 63 sent from Amazon email accounts and dozens more sent from some of Seattle's premier tech companies and others based elsewhere but with offices in Seattle, including T-Mobile and Oracle, as well as many local, smaller tech firms." Many of the emails came from a sting operation against online prostitution review boards, and were obtained through a public records request to the King County Prosecutor's Office.

"They were on their work accounts because Seattle pimps routinely asked first-time sex-buyers to prove they were not cops by sending an employee email or badge," reports Newsweek, criticizing "the widespread and often nonchalant attitude toward buying sex from trafficked women, a process made shockingly more efficient by internet technology... A study commissioned by the Department of Justice found that Seattle has the fastest-growing sex industry in the United States, more than doubling in size between 2005 and 2012. That boom correlates neatly with the boom of the tech sector there... Some of these men spent $30,000 to $50,000 a year, according to authorities." A lawyer for some of the men argues that Seattle's tech giants aren't conducting any training to increase employees' compassion for trafficked women in brothels. The director of research for a national anti-trafficking group cites the time Uber analyzed ride-sharing data and reported a correlation between high-crime neighborhoods and frequent Uber trips -- including people paying for prostitutes. "They made a map using their ride-share data, like it was a funny thing they could do with their data. It was done so flippantly."


Iran Cuts Internet Access and Threatens Telegram Following Mass Protests ( 156

Long-time Slashdot reader cold fjord writes: As seething discontent has boiled over in Iran leading to mass protests, protesters have taken to the streets and social media to register their discontent... The government has been closing schools and shutting down transportation.

Now, as mass protests in Iran go into their third day there are reports that internet access is being cut in cities with protests occurring. Social media has been a tool for documenting the protests and brutal crackdowns against them. Iran previously cut off internet access during the Green Movement protests following the 2009 elections. At the same time the Iranian government is cutting internet access they have called on Telegram, reportedly used by more than 40 million Iranians, to close the channels used by protesters. Telegram is now closing channels used by the protesters while Telegram itself may be shut down in Iran.


Louisana Police Bust an Infamous Nigerian Email Spam Scammer ( 66

MojoKid writes: You have probably at some point been contacted via email spam by someone claiming you are the beneficiary in a will of a Nigerian prince. As the scam goes, all you have to do is submit your personal information and Western Union some funds to process the necessary paperwork, and in return you will receive millions of dollars. One of the people behind the popular scam, Michael Neu, has been arrested by police in Slidell, Louisiana.

This may come as a shocker, but Neu is not a prince, nor is he Nigerian. He is a 67-year-old male possibly of German descent (based on his last name) who is facing 269 counts of wire fraud and money laundering for his alleged role as a middle man in the scheme. According to Slidell police, some of the money obtained by Neu was wired to co-conspirators who do actually live in Nigera.


Call of Duty Gaming Community Points To 'Swatting' In Wichita Police Shooting ( 681

schwit1 shares a report from The Daily Dot: A man was killed by police Thursday night in Wichita, Kansas, when officers responded to a false report of a hostage situation. The online gaming community is saying the dead man was the victim of a swatting prank, where trolls call in a fake emergency and force SWAT teams to descend on a target's house. If that's true, this would be the first reported swatting-related death. Wichita deputy police chief Troy Livingston told the Wichita Eagle that police were responding to a report that a man fighting with his parents had accidentally shot his dad in the head and was holding his mom, brother and sister hostage. When police arrived, "A male came to the front door," Livingston told the Eagle. "As he came to the front door, one of our officers discharged his weapon." The man at the door was identified by the Eagle as 28-year-old Andrew Finch. Finch's mother told reporters "he was not a gamer," but the online Call of Duty community claims his death was the result of a gamer feud which Finch may not have even been a part of.
UPDATE: The New York Daily News reports police in Los Angeles have now arrested 25-year-old gamer Tyler Barriss, who the paper describes as "an alleged serial 'prankster'..."

"Barriss gave cops Finch's address, mistakenly believing it belonged to a person he had feuded with over a $1 or $2 Call of Duty wager."

Kodi Media Player Arrives On the Xbox One ( 57

The Kodi media player is now available to download on your Xbox One, making it one of the best Xbox One exclusives of the year. The Verge reports: Kodi is a very capable player that's highly expandable thanks to third-party add-ons like live TV and DVR services -- something Microsoft isn't going to provide. But Kodi is perhaps best known as the go to app for piracy due to a wide variety of plugins that let you illegally stream television shows, professional sports, and films from the comfort of your living room. This has led to a cottage industry of so-called "Kodi boxes," often built around cheap HDMI dongles like Amazon's Fire TV sticks. While the XBMC Foundation has attempted to distance itself from the illegal third-party plugins, it's also benefited from the exposure. In a blog post, Kodi warns that the Xbox One download isn't finished and may contain missing features and bugs. Fun fact: Kodi began life fifteen years ago as the XBMP (Xbox Media Player). The only way to get the open-source player running on an original Xbox was to hack the console. XBMP eventually evolved into XBMC (Xbox Media Center), which then became Kodi.

Facebook's Uneven Enforcement of Hate Speech Rules Allows Vile Posts To Stay Up ( 171

ProPublica has found inconsistent rulings on hate speech after analyzing more than 900 Facebook posts submitted to them as part of a crowd-sourced investigation into how the world's largest social network implements its hate-speech rules. "Based on this small fraction of Facebook posts, its content reviewers often make different calls on items with similar content, and don't always abide by the company's complex guidelines," reports ProPublica. "Even when they do follow the rules, racist or sexist language may survive scrutiny because it is not sufficiently derogatory or violent to meet Facebook's definition of hate speech." From the report: We asked Facebook to explain its decisions on a sample of 49 items, sent in by people who maintained that content reviewers had erred, mostly by leaving hate speech up, or in a few instances by deleting legitimate expression. In 22 cases, Facebook said its reviewers had made a mistake. In 19, it defended the rulings. In six cases, Facebook said the content did violate its rules but its reviewers had not actually judged it one way or the other because users had not flagged it correctly, or the author had deleted it. In the other two cases, it said it didn't have enough information to respond.

"We're sorry for the mistakes we have made -- they do not reflect the community we want to help build," Facebook Vice President Justin Osofsky said in a statement. "We must do better." He said Facebook will double the size of its safety and security team, which includes content reviewers and other employees, to 20,000 people in 2018, in an effort to enforce its rules better. He added that Facebook deletes about 66,000 posts reported as hate speech each week, but that not everything offensive qualifies as hate speech. "Our policies allow content that may be controversial and at times even distasteful, but it does not cross the line into hate speech," he said. "This may include criticism of public figures, religions, professions, and political ideologies."


300,000 Users Exposed In Data Leak ( 43

Dangerous_Minds shares a report from ThreatPost: said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet. In a statement issued over the weekend, Chief Information Security Officer of Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server. On Wednesday, told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb's infrastructure, and is not linked to's site and services. said RootsWeb has "millions" of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards. The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server. "Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers," Blackham wrote.

That Game on Your Phone May Be Tracking What You're Watching on TV ( 98

Rick Zeman writes: The New York Times (may be paywalled) has an article describing how some apps track TV and movie viewing even when the loaded app isn't currently active. These seemingly innocuous games, geared towards both adults and children work by "using a smartphone's microphone. For instance, Alphonso's software can detail what people watch by identifying audio signals in TV ads and shows, sometimes even matching that information with the places people visit and the movies they see. The information can then be used to target ads more precisely...." While these apps, mostly available on Google play, with some available on the Apple Store, do offer an opt opt, it's not clear when consumers see "permission for microphone access for ads," it may not be clear to a user that, "Oh, this means it's going to be listening to what I do all the time to see if I'm watching 'Monday Night Football."'
One advertising executive summarizes thusly: "It's not what's legal. It is what's not creepy."


Two Romanians Charged With Hacking Washington DC Police Surveillance Cameras Days Before Trump's Inauguration ( 47

US prosecutors have charged two Romanians with hacking Washington DC police computers linked to surveillance cameras just days before President Donald Trump's inauguration. From a report on BBC: The pair are being held in Romania, having been arrested at Bucharest Otopeni airport on 15 December. Mihai Alexandru Isvanca, 25, and Eveline Cismaru, 28, allegedly accessed 123 outdoor surveillance cameras as part of a suspected ransomware scheme. Mr Trump was sworn in on 20 January. The US Department of Justice said the case was "of the highest priority" because of the security surrounding the presidential inauguration. The perpetrators intended to use the camera computers to send ransomware to more than 179,600 email addresses and extort money from victims, the justice department said in a statement.

Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner ( 47

Catalin Cimpanu, reporting for BleepingComputer: A Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks. The extension does not ask for user permission before hijacking their CPUs to mine Monero all the time the Chrome browser is open. Named "Archive Poster," the extension is advertised as a mod for Tumblr that allows users an easier way to "reblog, queue, draft, and like posts right from another blog's archive." According to users reviews, around the start of December the extension has incorporated the infamous Coinhive in-browser miner in its source code.

A Manager of the Exmo Bitcoin Exchange Has Been Kidnapped In Ukraine ( 82

CaptainDork shares a report from BBC: A manager of the Exmo Bitcoin exchange has been kidnapped in Ukraine. According to Russian and Ukrainian media reports Pavel Lerner, 40, was kidnapped while leaving his office in Kiev's Obolon district on December 26th. The reports said he was dragged into a black Mercedes-Benz by men wearing balaclavas. Police in Kiev confirmed to the BBC that a man had been kidnapped on the day in question, but would not confirm his identity. A spokeswoman said that the matter was currently under investigation, and that more information would be made public later on. Mr Lerner is a prominent Russian blockchain expert and the news of his kidnapping has stunned many in the international cryptocurrency community.

Windows 10 Visits To US Government Sites Surpass Windows 7 For the First Time ( 111

In what may be a signal of changing attitudes for Windows 10, visits to U.S. government sites via Windows 10 have surpassed Windows 7 for the first time. On MSFT reports: This United States government website reports that of the 2.54 billion visits to U.S. Government websites over the past 90 days, 20.9% came from Windows 10, and 20.7% from Windows 7. Interestingly, Windows 8.1 came in at 2.7%, Windows 8 .05%, and other OS 0.8%. The numbers are a bit niche and could be just from a holiday bump based on the sites 90-day average, but they still do give a solid number comparison for the state of various OS and browser stats. When it comes to browser share, Edge was not popularly used to visit U.S. Government websites. Chrome was on top with 44.4%, Followed up Safari with 27.6%, Internet Explorer at 12.3%, and then Firefox at 5.9% and Edge at 3.9%. Though all these government percentages may be bleak for Microsoft, the latest AdDuplex December report also shows strong adoption for Windows 10 Fall Creators Update, so things can only go up from Microsoft from here on out.
The Courts

Italian Clothing Company Defeats Apple, Wins the Right To Use Steve Jobs' Name ( 172

An Italian clothing company that uses the name "Steve Jobs" as its brand will be able to continue using the moniker after winning a multi-year legal battle, reports Italian site la Repubblica Napoli. Mac Rumors reports: Brothers Vincenzo and Giacomo Barbato named their clothing brand "Steve Jobs" in 2012 after learning that Apple had not trademarked his name. "We did our market research and we noticed that Apple, one of the best known companies in the world, never thought about registering its founder's brand, so we decided to do it," the two told la Repubblica Napoli. The Barbatos designed a logo that resembles Apple's own, choosing the letter "J" with a bite taken out of the side. Apple, of course, sued the two brothers for using Jobs' name and a logo that mimics the Apple logo. In 2014, the European Union's Intellectual Property Office ruled in favor of the Barbatos and rejected Apple's trademark opposition. While the outcome of the legal battle was decided in 2014, Vincenzo and Giacomo Barbato have been unable to discuss the case until now, as their claim on the brand was not settled until 2017. The two told la Repubblica Napoli that Apple went after the logo, something that may have been a mistake. The Intellectual Property Office decided that the "J" logo that appears bitten was not infringing on Apple's own designs as a letter is not edible and thus the cutout in the letter cannot be perceived as a bite. The report goes on to note that the company plans to produce electronic devices under the Steve Jobs brand.

People Who Know How the News Is Made Resist Conspiratorial Thinking ( 368

An anonymous reader quotes a report from Ars Technica: Conspiracy theories, like the world being flat or the Moon landings faked, have proven notoriously difficult to stomp out. Add a partisan twist to the issue, and the challenge becomes even harder. Even near the end of his second term, barely a quarter of Republicans were willing to state that President Obama was born in the U.S. If we're seeking to have an informed electorate, then this poses a bit of a problem. But a recent study suggests a very simple solution helps limit the appeal of conspiracy theories: news media literacy. This isn't knowledge of the news, per se, but knowledge of the companies and processes that help create the news. While the study doesn't identify how the two are connected, its authors suggest that an understanding of the media landscape helps foster a healthy skepticism.

[...] "Despite popular conceptions," the authors point out, "[conspiratorial thinking] is not the sole province of the proverbial nut-job." When mixed in with the sort of motivated reasoning that ideology can, well, motivate, crazed ideas can become relatively mainstream. Witness the number of polls that indicated the majority of Republicans thought Obama wasn't born in the U.S., even after he shared his birth certificate. While something that induces a healthy skepticism of information sources might be expected to help with this, it's certainly not guaranteed, as motivated reasoning has been shown to be capable of overriding education and knowledge on relevant topics.

[...] As a whole, the expected connection held up: "for both conservatives and liberals, more knowledge of the news media system related to decreased endorsement of liberal conspiracies." And, conversely, the people who did agree with conspiracy theories tended to know very little about how the news media operated.


Web Trackers Exploit Flaw In Browser Login Managers To Steal Usernames ( 76

An anonymous reader writes: Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain. This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers. Experts say that web trackers can embed hidden login forms on sites where the tracking scripts are loaded. Because of the way the login managers work, the browser will fill these fields with the user's login information, such as username and passwords.

The trick is an old one, known for more than a decade but until now it's only been used by hackers trying to collect login information during XSS (cross-site scripting) attacks. Princeton researchers say they recently found two web tracking services that utilize hidden login forms to collect login information. The two services are Adthink ( and OnAudience (, and Princeton researchers said they identified scripts from these two that collected login info on 1,110 sites found on the Alexa Top 1 Million sites list. A demo page has been created to show how the tracking works.


FBI Software For Analyzing Fingerprints Contains Russian-Made Code, Whistleblowers Say ( 174

schwit1 shares an exclusive report via BuzzFeed: The fingerprint-analysis software used by the FBI and more than 18,000 other U.S. law enforcement agencies contains code created by a Russian firm with close ties to the Kremlin, according to documents and two whistleblowers. The allegations raise concerns that Russian hackers could gain backdoor access to sensitive biometric information on millions of Americans, or even compromise wider national security and law enforcement computer systems. The Russian code was inserted into the fingerprint-analysis software by a French company, said the two whistleblowers, who are former employees of that company. The firm -- then a subsidiary of the massive Paris-based conglomerate Safran -- deliberately concealed from the FBI the fact that it had purchased the Russian code in a secret deal, they said. The Russian company whose code ended up in the FBI's fingerprint-analysis software has Kremlin connections that should raise similar national security concerns, said the whistleblowers, both French nationals who worked in Russia. The Russian company, Papillon AO, boasts in its own publications about its close cooperation with various Russian ministries as well as the Federal Security Service -- the intelligence agency known as the FSB that is a successor of the Soviet-era KGB and has been implicated in other hacks of U.S. targets.

Cybersecurity experts said the danger of using the Russian-made code couldn't be assessed without examining the code itself. But "the fact that there were connections to the FSB would make me nervous to use this software," said Tim Evans, who worked as director of operational policy for the National Security Agency's elite cyberintelligence unit known as Tailored Access Operations and now helps run the cybersecurity firm Adlumin. The FBI's overhaul of its fingerprint-recognition technology, unveiled in 2011, was part of a larger initiative known as Next Generation Identification to expand the bureau's use of biometrics, including face- and iris-recognition technology. The TSA also relies on the FBI fingerprint database.


Empirical Research Reveals Three Big Problems With How Patents Are Vetted ( 94

An anonymous reader quotes a report from Ars Technica: If you've read our coverage of the Electronic Frontier Foundation's "Stupid Patent of the Month" series, you know America has a patent quality problem. People apply for patents on ideas that are obvious, vague, or were invented years earlier. Too often, applications get approved and low-quality patents fall into the hands of patent trolls, creating headaches for real innovators. Why don't more low-quality patents get rejected? A recent paper published by the Brookings Institution offers fascinating insights into this question. Written by legal scholars Michael Frakes and Melissa Wasserman, the paper identifies three ways the patent process encourages approval of low-quality patents:

-The United States Patent and Trademark Office (USPTO) is funded by fees -- and the agency gets more fees if it approves an application.
-Unlimited opportunities to refile rejected applications means sometimes granting a patent is the only way to get rid of a persistent applicant.
-Patent examiners are given less time to review patent applications as they gain seniority, leading to less thorough reviews.

None of these observations is entirely new. But what sets Frakes and Wasserman's work apart is that they have convincing empirical evidence for all three theories. They have data showing that these features of the patent system systematically bias it in the direction of granting more patents. Which means that if we reformed the patent process in the ways they advocate, we'd likely wind up with fewer bogus patents floating around.

Slashdot Top Deals