Jesse Donat argues via Donut Studios why GitHub should never allow usernames to be valid again once they are deleted. He provides an example of a user who deleted his GitHub account and personal domain with a popular tool used for embedding data files into Go binaries. "While this is within his rights to do, this broke a dependency many people had within their projects," Donat writes. "To fix this, some users of the project recreated the account and the repository based on a fork of the project." Donat goes on to write: Allowing username reuse completely breaks any trust that what I pull is what it claims to be. What if this user had been malicious? It may have taken a while before someone actually noticed this wasn't the original user and the code was doing something more than it claimed to.

While Go's "go get" functionality is no doubt naive and just pulls the head of a repository, this is not exclusively Go's problem as this affects any package manager that runs on tags. Simply tag malicious changes beyond the current release and it would be deployed to many users likely with little actual review.

An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): Equifax said, in a document submitted to the Senate Banking Committee and reviewed by The Wall Street Journal, that cyberthieves accessed records across numerous tables in its systems that included such data as tax identification numbers, email addresses and drivers' license information beyond the license numbers it originally disclosed. The revelations come some five months after Equifax announced it had been breached and personal information belonging to 145.5 million consumers had been compromised, including names, Social Security numbers, dates of birth and addresses. It's unclear how many of the 145.5 million people are affected by the additional data including tax ID numbers, which are often assigned to people who don't have Social Security numbers. Hackers also accessed email addresses for some consumers, according to the document and an Equifax spokeswoman, who said "an insignificant number" of email addresses were affected. She added that email addresses aren't considered sensitive personal information because they are commonly searchable in public domains.

As for tax ID numbers, the Equifax spokeswoman said they "were generally housed in the same field" as Social Security numbers. She added that individuals without a Social Security number could use their tax ID number to see if they were affected by the hack. Equifax also said, in response to questions from The Wall Street Journal, that some additional drivers' license information had been accessed. The company publicly disclosed in its Sept. 7 breach announcement that drivers' license numbers were accessed; the document submitted to the banking committee also includes drivers' license issue dates and states.

An anonymous reader writes: Fight for the Future, a nonprofit advocacy group concerned with digital rights, has posted to medium today, revealing that many major websites, online communities, and internet users are planning a "day of action" focused on finding the final vote needed to pass the Congressional Review Act (CRA). "50 Senators have already come out in support of the CRA, which would completely overturn the FCC's December 14 decision and restore net neutrality protections," the post reads. "Several Senators have indicated that they are considering becoming the 51st vote we need to win, but they're under huge pressure from telecom lobbyists. Only a massive burst of energy from the internet will get them to move."

The day of action is scheduled for February 27, and participants include Tumblr, Etsy, Vimeo, Medium, Namecheap, Imgur, Sonos, and DuckDuckGo. "Internet users will be encouraged to sound the alarm on social media and sign up to receive alerts with their lawmaker's position on net neutrality and prompts to take action on the big day, while websites, subreddits, and online communities will display prominent alerts driving phone calls, emails, and tweets to Senators and Representatives calling on them to pass the CRA." The post notes that we're faced with an uphill battle as the fight will elevate to the House of Representatives if the CRA can pass the Senate. From there it will go to the President's desk.

A man from Denmark has been handed a six-month conditional prison sentence for spreading information about Popcorn Time, an authorized on-demand movies and TV shows streaming service, news outlet TorrentFreak reports. From the report: In what is being described as a first for Europe, the man was convicted after telling people how to download, install and use the movie streaming service. He was also ordered to forfeit $83,300 in ad revenue and complete 120 hours community service.

Twitch has updated its guidelines so that abuse taking place on other platforms can contribute to a suspension on the streaming site. From a report: Directing "hate or harassment" towards someone on Twitch using other services will be considered a policy violation. Conduct Twitch deems "hateful" on any platform will result in an "immediate indefinite suspension." Sexual conduct rules have also been changed to consider the "context" of a stream. Moderators will pay attention to clothing, the title of a stream, camera angles and chat moderation when deciding whether something is sexually inappropriate.

Russian security officers have arrested several scientists working at a top-secret Russian nuclear warhead facility for allegedly mining crypto-currencies, BBC reported Friday, citing local media. From the report: The suspects had tried to use one of Russia's most powerful supercomputers to mine Bitcoins, media reports say. The Federal Nuclear Centre in Sarov, western Russia, is a restricted area. The centre's press service said: "There has been an unsanctioned attempt to use computer facilities for private purposes including so-called mining." The supercomputer was not supposed to be connected to the internet -- to prevent intrusion -- and once the scientists attempted to do so, the nuclear centre's security department was alerted. They were handed over to the Federal Security Service (FSB), the Russian news service Mash says. "As far as we are aware, a criminal case has been launched against them," the press service told Interfax news agency.

In a shocking development, Uber said on Friday it has settled the high-stakes trade-secret theft lawsuit brought by Alphabet's Waymo, resolving a conflict that already cost the ride-hailing giant its top driverless car engineer and threatened to further embarrass the company. From a report: Uber will pay Waymo a 0.34 percent equity stake amounting to about $245 million at Uber's recent $72 billion valuation, the companies said on Friday, after days of courtroom theatrics. Uber has also agreed not to incorporate Waymo's confidential information into its hardware and software, though Uber CEO Dara Khosrowshahi writes that he doesn't believe his company used any of Waymo's trade secrets in the first place. Khosrowshahi says that he feels "regret" over the dispute and wished his predecessors had handled it differently.

Turkey has launched a domestic messaging app to rival Facebook's popular WhatsApp Messenger service, raising concerns among government critics that Ankara (capital of Turkey) could use the new platform to tighten surveillance and bolster an 18-month-old crackdown. From a report: The app, called PttMessenger after Turkey's Post and Telegraph General Directorate (PTT), was introduced in a limited roll-out to state institutions and some private companies this week. It is expected to be publicly available in six months. PttMessenger will provide a "system safer than WhatsApp," government spokesman Bekir Bozdag told a news conference. "Since no data is stored with the host, it will be impossible to access these data. A system safer than WhatsApp has been developed." Critics cast doubt on the suggestion PttMessenger data could not be retrieved, fearing it will give authorities greater ability to monitor dissent, pointing to the widespread crackdown that was launched after a failed military coup in July 2016.