Phishing Attack Scores Credentials For More Than 50,000 Snapchat Users ( 11

An anonymous reader quotes an exclusive report from The Verge: In late July, Snap's director of engineering emailed the company's team in response to an unfolding privacy threat. A government official from Dorset in the United Kingdom had provided Snap with information about a recent attack on the company's users: a publicly available list, embedded in a phishing website named, that listed 55,851 Snapchat accounts, along with their usernames and passwords. The attack appeared to be connected to a previous incident that the company believed to have been coordinated from the Dominican Republic, according to emails obtained by The Verge. Not all of the account credentials were valid, and Snap had reset the majority of the accounts following the initial attack. But for some period of time, thousands of Snapchat account credentials were available on a public website. According to a person familiar with the matter, the attack relied on a link sent to users through a compromised account that, when clicked, opened a website designed to mimic the Snapchat login screen.

Labor Board Says Google Could Fire James Damore For Anti-Diversity Memo ( 605

According to a recently disclosed letter from the U.S. National Labor Relations Board, Google didn't violate labor laws by firing engineer James Damore for a memo criticizing the company's diversity program. "The lightly redacted statement is written by Jayme Sophir, associate general counsel of the NLRB's division of advice; it dates to January, but was released yesterday, according to," reports The Verge. "Sophir concludes that while some parts of Damore's memo was legally protected by workplace regulations, 'the statements regarding biological differences between the sexes were so harmful, discriminatory, and disruptive as to be unprotected.'" From the report: Damore filed an NLRB complaint in August of 2017, after being fired for internally circulating a memo opposing Google's diversity efforts. Sophir recommends dismissing the case; Bloomberg reports that Damore withdrew it in January, and that his lawyer says he's focusing on a separate lawsuit alleging discrimination against conservative white men at Google. NLRB records state that its case was closed on January 19th. In her analysis, Sophir writes that employers should be given "particular deference" in trying to enforce anti-discrimination and anti-harassment policies, since these are tied to legal requirements. And employers have "a strong interest in promoting diversity" and cooperation across different groups of people. Because of this, "employers must be permitted to 'nip in the bud' the kinds of employee conduct that could lead to a 'hostile workplace,'" she writes. "Where an employee's conduct significantly disrupts work processes, creates a hostile work environment, or constitutes racial or sexual discrimination or harassment, the Board has found it unprotected even if it involves concerted activities regarding working conditions."
The Courts

Judge Won't Let FCC's Net Neutrality Repeal Stop Lawsuit Alleging Charter Throttled Netflix ( 33

An anonymous reader quotes a report from The Hollywood Reporter: [I]n the first significant decision referring to the repeal [of net neutrality] since FCC chairman Ajit Pai got his way, a New York judge on Friday ruled that the rescinding of net neutrality rules wasn't relevant to an ongoing lawsuit against Charter Communications. New York Attorney General Eric Schneiderman filed the lawsuit almost exactly a year ago today. It's alleged that Charter's Spectrum-TWC service promised internet speeds it knew it couldn't deliver and that Spectrum-TWC also misled subscribers by promising reliable access to Netflix, online content and online games. According to the complaint, the ISP intentionally failed to deliver reliable service in a bid to extract fees from backbone and content providers. When Netflix wouldn't pay, this "resulted in subscribers getting poorer quality streams during the very hours when they were most likely to access Netflix," and after Netflix agreed to pay demands, service "improved dramatically." This arguably is the kind of thing that net neutrality was supposed to prevent. And Charter itself pointed to the net neutrality repeal in a bid to block Schneiderman's claims that Charter had engaged in false advertising and deceptive business practices. New York Supreme Court Justice O. Peter Sherwood isn't sold.

He writes in an opinion that the FCC's order "which promulgates a new deregulatory policy effectively undoing network neutrality, includes no language purporting to create, extend or modify the preemptive reach of the Transparency Rule," referring to how ISPs have to disclose "actual network performance." And although Charter attempted to argue that the FCC clarified its intent to stop state and local governments from imposing disclosure obligations on broadband providers that were inconsistent with FCC's rules, Sherwood notes other language from the "Restoring Internet Freedom Order" how states will "continue to play their vital role in protecting consumers from fraud, enforcing fair business practices... and generally responding to consumer inquiries and complaints."


Facebook Must Stop Tracking Belgian Users, Court Rules ( 83

Facebook must stop tracking Belgian users' surfing outside the social network and delete data it's already gathered, or it will face fines of 250,000 ($312,000) euros a day, a Belgian court ruled. From a report: Facebook "doesn't sufficiently inform" clients about the data it gathers on their broader web use, nor does it explain what it does with the information or say how long it stores it, the Brussels Court of First Instance said in a statement. The social network is coming under increasing fire in Europe, with a high-profile German antitrust probe examining whether it unfairly compels users to sign up to restrictive privacy terms. Belgium's data-protection regulators have targeted the company since at least 2015 when a court ordered it to stop storing non-users' personal data.

Intel Hit With More Than 30 Lawsuits Over Security Flaws ( 99

Intel said on Friday shareholders and customers had filed 32 class action lawsuits against the company in connection with recently-disclosed security flaws in its microchips. From a report: Most of the lawsuits -- 30 -- are customer class action cases that claim that users were harmed by Intel's "actions and/or omissions" related to the flaws, which could allow hackers to steal data from computers. Intel said in a regulatory filing it was not able to estimate the potential losses that may arise out of the lawsuits. Security researchers at the start of January publicized two flaws, dubbed Spectre and Meltdown, that affected nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM.

Two Years After FBI vs Apple, Encryption Debate Remains ( 175

It's been two years since the FBI and Apple got into a giant fight over encryption following the San Bernardino shooting, when the government had the shooter's iPhone, but not the password needed to unlock it, so it asked Apple to create a way inside. What's most surprising is how little has changed since then. From a report: The encryption debate remains unsettled, with tech companies largely opposed and some law enforcement agencies still making the case to have a backdoor. The case for strong encryption: Those partial to the tech companies' arguments will note that cyberattacks and hacking incidents have become even more common, with encryption serving as a valuable way to protect individuals' personal information. The case for backdoors: Criminals are doing bad stuff and when devices are strongly encrypted they can do it in what amounts to the perfect dark alley, completely hidden from public view.

Federal Judge Says Embedding a Tweet Can Be Copyright Infringement ( 149

An anonymous reader quotes a report from the Electronic Frontier Foundation: Rejecting years of settled precedent, a federal court in New York has ruled [PDF] that you could infringe copyright simply by embedding a tweet in a web page. Even worse, the logic of the ruling applies to all in-line linking, not just embedding tweets. If adopted by other courts, this legally and technically misguided decision would threaten millions of ordinary Internet users with infringement liability.

This case began when Justin Goldman accused online publications, including Breitbart, Time, Yahoo, Vox Media, and the Boston Globe, of copyright infringement for publishing articles that linked to a photo of NFL star Tom Brady. Goldman took the photo, someone else tweeted it, and the news organizations embedded a link to the tweet in their coverage (the photo was newsworthy because it showed Brady in the Hamptons while the Celtics were trying to recruit Kevin Durant). Goldman said those stories infringe his copyright.
"[W]hen defendants caused the embedded Tweets to appear on their websites, their actions violated plaintiff's exclusive display right; the fact that the image was hosted on a server owned and operated by an unrelated third party (Twitter) does not shield them from this result," Judge Katherine Forrest said.

Slashdot Top Deals