An anonymous reader quotes a report from Consumer Reports: Consumer Reports has found that millions of smart TVs can be controlled by hackers exploiting easy-to-find security flaws. The problems affect Samsung televisions, along with models made by TCL and other brands that use the Roku TV smart-TV platform, as well as streaming devices such as the Roku Ultra. We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn't understand what was happening. This could be done over the web, from thousands of miles away. (These vulnerabilities would not allow a hacker to spy on the user or steal information.) The findings were part of a broad privacy and security evaluation, led by Consumer Reports, of smart TVs from top brands that also included LG, Sony, and Vizio. The testing also found that all these TVs raised privacy concerns by collecting very detailed information on their users. Consumers can limit the data collection. But they have to give up a lot of the TVs' functionality -- and know the right buttons to click and settings to look for.

Jason Koebler shares a report from Motherboard: An anonymous person posted what experts say is the source code for a core component of the iPhone's operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The code is for "iBoot," which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. It's the program that loads iOS, the very first process that runs when you turn on your iPhone. The code says it's for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11. Bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000. "This is the biggest leak in history," Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told Motherboard in an online chat. "It's a huge deal." Levin, along with a second security researcher familiar with iOS, says the code appears to be the real iBoot code because it aligns with the code he reverse engineered himself.

The Electronic Frontier Foundation reports that its founder, John Perry Barlow, has passed away quietly in his sleep this morning. He was 70 years old. From the report: It is no exaggeration to say that major parts of the Internet we all know and love today exist and thrive because of Barlow's vision and leadership. He always saw the Internet as a fundamental place of freedom, where voices long silenced can find an audience and people can connect with others regardless of physical distance. Barlow was sometimes held up as a straw man for a kind of naive techno-utopianism that believed that the Internet could solve all of humanity's problems without causing any more. As someone who spent the past 27 years working with him at EFF, I can say that nothing could be further from the truth.

Barlow knew that new technology could create and empower evil as much as it could create and empower good. He made a conscious decision to focus on the latter: "I knew it's also true that a good way to invent the future is to predict it. So I predicted Utopia, hoping to give Liberty a running start before the laws of Moore and Metcalfe delivered up what Ed Snowden now correctly calls 'turn-key totalitarianism.'" Barlow's lasting legacy is that he devoted his life to making the Internet into "a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth... a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity."

Reddit has banned the r/deepfakes subreddit that's devoted to making AI-powered porn using celebrities' faces, classifying it as a form of "involuntary pornography." Reddit follows several other platforms that have already banned deepfakes pornography, including Pornhub, which said yesterday that deepfakes imagery counted as nonconsensual pornography. The Verge reports: In a post today, Reddit announced an update to its rules on posting sexual imagery of a person without their consent. The new rule extends a ban on posting photos or video of people who are nude or engaged in sexual acts without the subject's permission, saying that this includes "depictions that have been faked" -- including the sophisticated face-swapped videos that have become especially popular on Reddit over the past month. "Do not post images or video of another person for the specific purpose of faking explicit content or soliciting 'lookalike' pornography."

This doesn't affect all AI-based face swapping enthusiasts on Reddit. The subreddit for FakeApp, a program that allows anyone to swap faces in videos, is still online. So is r/SFWdeepfakes, which is devoted to non-pornographic use of the technology. At least one small, specific subreddit devoted to simulated porn for an individual actor also seems to have slipped under the radar. But along with the central deepfakes hub, the main subreddit for posting not-safe-for-work deepfakes has gotten shut down, and so has the community r/YouTubefakes. The subreddit r/CelebFakes, which focused on non-AI-powered photoshopped pornographic images, was initially left online, but removed shortly after the announcement. The site will rely on "first-party reports" to shut down future deepfakes material.

An anonymous reader quotes a report from NBC News: The Food and Drug Administration declared the popular herbal product kratom to be an opioid on Tuesday, opening a new front in its battle to get people to stop using it. New research shows kratom acts in the brain just as opioids do, FDA Commissioner Dr. Scott Gottlieb said in a statement. And he said the agency has documented 44 cases in which kratom at least helped kill people -- often otherwise healthy young people.

"Taken in total, the scientific evidence we've evaluated about kratom provides a clear picture of the biologic effect of this substance," Gottlieb wrote. "Kratom should not be used to treat medical conditions, nor should it be used as an alternative to prescription opioids. There is no evidence to indicate that kratom is safe or effective for any medical use." The FDA released detailed accounts of several of the deaths. The victims often had mixed kratom with other substances, including chemicals taken out of inhalers and found in over-the-counter cold and flu drugs.

U.S. prosecutors say 36 people have been indicted in connection with an international cybercrime ring that bought and sold stolen credit card information, leading to losses of more than $530 million. From a report: The Justice Department says Wednesday that the so-called Infraud Organization dealt in the large-scale acquisition and sale of stolen identities, credit card information and malware. Deputy Assistant Attorney General David Rybicki says it was "truly the premier one-stop shop for cybercriminals worldwide." He says the organization used an online forum on the dark web to sell financial and personal information. Investigators believe the organization's nearly 11,000 members targeted more than 4.3 million credit cards and bank accounts.

An anonymous reader writes: The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the secretive industry that helps government hackers get around encryption. Azimuth is part of an opaque, little known corner of the intelligence world made of hackers who develop and sell expensive exploits to break into popular technologies like iOS, Chrome, Android and Tor.

An anonymous reader shares a report: The operators of some tech support scam websites have found a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded software or servicing fees. The trick relies on using JavaScript code loaded on these malicious pages to initiate thousands of file download operations that quickly take up the user's memory resources, freezing Chrome on the scammer's site. The trick is meant to drive panicked users into calling one of the tech support phone numbers shown on the screen. According to Jerome Segura -- Malwarebytes leading expert in tech support scam operations, malvertising, and exploit kits -- this new trick utilizes the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to achieve the "download bomb" that freezes Chrome.

An anonymous reader quotes a report from TechCrunch: In a hearing today before the Senate Banking Committee, Securities and Exchange Commission Chairman Jay Clayton and Commodity Futures Trading Commission Chairman Christopher Giancarlo opened up about what the near-term U.S. regulatory fate of cryptocurrency might look like. In a week of plunging prices and bad news, the hearing struck a tone that coin watchers could reasonably interpret as surprisingly optimistic. Over the course of the open hearing, Clayton and Giancarlo traded testimony over what can be regulated, what should be regulated and how, while offering a broader outlook on the long-term future of virtual currency markets and blockchain tech.

The testimony drew a useful distinction among three pillars of the virtual currency ecosystem (for lack of a better unifying term): cryptocurrencies, "a replacement for dollars;" ICOs, "like a stock offering;" and distributed ledger technologies, or the technical framework generally known as blockchain. Throughout the hearing, on the SEC side, Clayton struck a relatively solemn tone focused on ICO fraud concerns, while the CFTC's Giancarlo came across as genuinely enthusiastic and curious about the emerging market. When asked about the intrinsic value of cryptocurrency, Clayton said: "There are a lot of smart people who think there's something to the value of cryptocurrency and the international exchange and I'm not seeing those benefits manifesting themselves in the market yet. I look at this from the perspective of Main Street investors and they should understand that."

On ICOs as a security: "I believe every ICO I've seen is a security... You can call it a coin but if it functions as a security, it is a security... Those who engage in semantic gymnastics or elaborate re-structuring exercises in an effort to avoid having a coin be a security are squarely in the crosshairs of our enforcement provision."