Communications

FCC Refuses To Release Text of More Than 40,000 Net Neutrality Complaints (arstechnica.com) 62

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission has denied a request to extend the deadline for filing public comments on its plan to overturn net neutrality rules, and the FCC is refusing to release the text of more than 40,000 net neutrality complaints that it has received since June 2015. The National Hispanic Media Coalition (NHMC) filed a Freedom of Information Act (FoIA) request in May of this year for tens of thousands of net neutrality complaints that Internet users filed against their ISPs. The NHMC argues that the details of these complaints are crucial for analyzing FCC Chairman Ajit Pai's proposal to overturn net neutrality rules. The coalition also asked the FCC to extend the initial comment deadline until 60 days after the commission fully complies with the FoIA request. A deadline extension would have given people more time to file public comments on the plan to eliminate net neutrality rules. Instead, the FCC yesterday denied the motion for an extension and said that it will only provide the text for a fraction of the complaints, because providing them all would be too burdensome.
Security

Should We Ignore the South Carolina Election Hacking Story? (securityledger.com) 137

chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."
Bug

Flaw In IoT Security Cameras Leaves Millions of Devices Open To Hackers (vice.com) 53

New submitter Aliciadivo writes: A nasty vulnerability found in Axis security cameras could allow hackers to take full control of several types of Internet of Things devices, and in some cases, software programs, too. The Senrio research team found that devices and software programs using an open source software library called gSOAP to enable their product to communicate to the internet could be affected. Stephen Ridley, founder of Senrio, said: "I bet you all these other manufacturers have the same vulnerability throughout their product lines as well. It's a vulnerability in virtually every IoT device [...] Every kind of device you can possibly think of." A spokesperson for ONVIF, an electronics industry consortium that includes Axis and has includes some members that use gSOAP, said it has notified its members of the flaw, but it's not "up to each member to handle this in the way they best see fit." Also, gSOAP "is not in any way mandated by the ONVIF specifications, but as SOAP is the base for the ONVIF API, it is possible that ONVIF members would be affected." Hundreds of thousands of devices might be affected, as a search for the term "Axis" on Shodan, an engine that scours the internet for vulnerable devices, returns around 14,000 results. You can view Senrio Labs' video on the exploit (which they refer to as the "Devil's Ivy Exploit") here.
Government

US Increases Number of H-2B Visas By 15,000 (arstechnica.com) 142

An anonymous reader quotes a report from Ars Technica: President Donald Trump has said he's going to set more limits on the H-1B visa program, which allows tens of thousands of technology workers into the U.S. each year. But yesterday, the Department of Homeland Security moved to expand another type of visa, the H-2B, which allows lower-skilled workers in on a seasonal basis. The Department of Homeland Security said yesterday it is going to allow an additional 15,000 workers to come in under the H-2B visa category, which is typically used by U.S. businesses in industries like tourism, construction, and seafood processing. The program normally allows for 66,000 visas, split between the two halves of the year. That means the DHS increase, announced yesterday, represents an increase of more than 40 percent for the second half of 2017. Businesses can begin applying for the additional visas right away, as long as they attest under penalty of perjury that their business will "suffer irreparable harm" if it can't employ additional H-2B workers in 2017. The expansion is a temporary one, and it only applies to the current year.
Social Networks

Nearly 90,000 Sex Bots Invaded Twitter in 'One of the Largest Malicious Campaigns Ever Recorded on a Social Network' (gizmodo.com) 53

An anonymous reader shares a report: Last week, Twitter's security team purged nearly 90,000 fake accounts after outside researchers discovered a massive botnet peddling links to fake "dating" and "romance" services. The accounts had already generated more than 8.5 million posts aimed at driving users to a variety of subscription-based scam websites with promises of -- you guessed it -- hot internet sex. The accounts were first identified by ZeroFOX, a Baltimore-based security firm that specializes in social-media threat detection. The researchers dubbed the botnet "SIREN" after sea-nymphs described in Greek mythology as half-bird half-woman creatures whose sweet songs often lured horny, drunken sailors to their rocky deaths. ZeroFOX's research into SIREN offers a rare glimpse into how efficient scammers have become at bypassing Twitter's anti-spam techniques. Further, it demonstrates how effective these types of botnets can be: The since-deleted accounts collectively generated upwards of 30 million clicks -- easily trackable since the links all used Google's URL shortening service.
The Courts

California Lawsuit Wants To Weaken Noncompetes (axios.com) 125

An anonymous reader shares a report: California already prohibits companies from enforcing noncompetes within the state, but a Bay Area life sciences company is asking a state court to go even further. Veeva Systems is suing three of its East Coast-based competitors and asking a California Superior Court judge to declare that it has the right to hire employees who have signed such agreements. Veeva also wants a court to limit the use of non-disparagement and confidentiality agreements. "Non-compete agreements are bad," the company said in its suit. "These agreements limit employment opportunities. They suppress wages. They keep employees trapped in jobs they do not want, and they keep employees from fairly competing with their former employers. These agreements restrict fair and robust competition for employees."
Google

Google Bolsters Security To Prevent Another Google Docs Phishing Attack (zdnet.com) 25

Google is adding a set of features to its security roster to prevent a second run of last month's massive phishing attack. From a report: The company is adding warnings and interstitial screens to warn users that an app they are about to use is unverified and could put their account data at risk. This so-called "unverified app" screen will land on all new web apps that connect to Google user accounts to prevent a malicious app from appearing legitimate. Any Google Chrome user landing on a hacked or malicious website will recognize the prompt as the red warning screen. Some existing apps will also have to go through the same verification process as new apps, Google said. Google also said it will add those warnings to its Apps Scripts, which let Google use custom macros and add-ons for its productivity apps, like Google Docs.
China

China's Censors Can Now Erase Images Mid-Transmission (wsj.com) 90

Eva Dou, reporting for WSJ: China's already formidable internet censors have demonstrated a new strength -- the ability to delete images in one-on-one chats as they are being transmitted, making them disappear before receivers see them. The ability is part of a broader technology push by Beijing's censors to step up surveillance and get ahead of activists and others communicating online in China (Editor's note: the link could be paywalled; alternative source). Displays of this new image-filtering capability kicked into high gear last week as Chinese dissident Liu Xiaobo lay dying from liver cancer and politically minded Chinese tried to pay tribute to him, according to activists and a new research report. Wu Yangwei, a friend of the long-jailed Nobel Peace Prize laureate, said he used popular messaging app WeChat to send friends a photo of a haggard Mr. Liu embracing his wife. Mr. Wu believed the transmissions were successful, but he said his friends never saw them. "Sometimes you can get around censors by rotating the photo," said Mr. Wu, a writer better known by his pen name, Ye Du. "But that doesn't always work." There were disruptions on Tuesday to another popular messaging app, Facebook's WhatsApp, with many China-based users saying they were unable to send photos and videos without the use of software that circumvents Chinese internet controls. Text messages appeared to be largely unaffected.
Security

Hacks 'Probably Compromised' UK Industry (bbc.com) 19

Some industrial software companies in the UK are "likely to have been compromised" by hackers, according to a document reportedly produced by British spy agency GCHQ. A copy of the document from the National Cyber Security Centre (NCSC) -- part of GCHQ -- was obtained by technology website Motherboard. From a report: A follow-up by the BBC indicated that the document was legitimate. There have been reports about similar cyber-attacks around the world lately. Modern, computer-based industrial control systems manage equipment in facilities such as power stations. And attacks attempting to compromise such systems had become more common recently, one security researcher said. The NCSC report specifically discusses the threat to the energy and manufacturing sectors. It also cites connections from multiple UK internet addresses to systems associated with "advanced state-sponsored hostile threat actors" as evidence of hackers targeting energy and manufacturing organisations.
Security

Exploit Derived From EternalSynergy Upgraded To Target Newer Windows Versions (bleepingcomputer.com) 61

An anonymous reader writes: "Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system," reports Bleeping Computer. "ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections. The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements. Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method 'should never crash a target,' the expert says. 'Chance should be nearly 0%,' Wang adds." Combining his exploit with the original ETERNALSYNERGY exploit would allow a hacker to target all Windows versions except Windows 10. This is about 75% of all Windows PCs. The exploit code is available for download from Wang's GitHub or ExploitDB. Sheila A. Berta, a security researcher for Telefonica's Eleven Paths security unit, has published a step-by-step guide on how to use Wang's exploit.
Privacy

Facial Recognition Could Be Coming To Police Body Cameras (defenseone.com) 178

schwit1 quotes a report from Defense One: Even if the cop who pulls you over doesn't recognize you, the body camera on his chest eventually just might. Device-maker Motorola will work with artificial intelligence software startup Neurala to build "real-time learning for a person of interest search" on products such as the Si500 body camera for police, the firm announced Monday. Italian-born neuroscientist and Neurala founder Massimiliano Versace has created patent-pending image recognition and machine learning technology. It's similar to other machine learning methods but far more scalable, so a device carried by that cop on his shoulder can learn to recognize shapes and -- potentially faces -- as quickly and reliably as a much larger and more powerful computer. It works by mimicking the mammalian brain, rather than the way computers have worked traditionally.

Versace's research was funded, in part, by the Defense Advanced Research Projects Agency or DARPA under a program called SyNAPSE. In a 2010 paper for IEEE Spectrum, he describes the breakthrough. Basically, a tiny constellation of processors do the work of different parts of the brain -- which is sometimes called neuromorphic computation -- or "computation that can be divided up between hardware that processes like the body of a neuron and hardware that processes the way dendrites and axons do." Versace's research shows that AIs can learn in that environment using a lot less code.

The Almighty Buck

$12 Billion In Private Student Loan Debt May Be Wiped Away By Missing Paperwork (nytimes.com) 399

New submitter cdreimer shares a report from The New York Times (Warning: source may be paywalled; alternate source): Tens of thousands of people who took out private loans to pay for college but have not been able to keep up payments may get their debts wiped away because critical paperwork is missing. The troubled loans, which total at least $5 billion, are at the center of a protracted legal dispute between the student borrowers and a group of creditors who have aggressively pursued them in court after they fell behind on payments. Judges have already dismissed dozens of lawsuits against former students, essentially wiping out their debt, because documents proving who owns the loans are missing. A review of court records by The New York Times shows that many other collection cases are deeply flawed, with incomplete ownership records and mass-produced documentation. Some of the problems playing out now in the $108 billion private student loan market are reminiscent of those that arose from the subprime mortgage crisis a decade ago, when billions of dollars in subprime mortgage loans were ruled uncollectable by courts because of missing or fake documentation. And like those troubled mortgages, private student loans -- which come with higher interest rates and fewer consumer protections than federal loans -- are often targeted at the most vulnerable borrowers, like those attending for-profit schools.

At the center of the storm is one of the nation's largest owners of private student loans, the National Collegiate Student Loan Trusts. It is struggling to prove in court that it has the legal paperwork showing ownership of its loans, which were originally made by banks and then sold to investors. National Collegiate is an umbrella name for 15 trusts that hold 800,000 private student loans, totaling $12 billion. More than $5 billion of that debt is in default, according to court filings.

Security

US To Create the Independent US Cyber Command, Split Off From NSA (pbs.org) 101

An anonymous reader quotes a report from PBS: After months of delay, the Trump administration is finalizing plans to revamp the nation's military command for defensive and offensive cyber operations in hopes of intensifying America's ability to wage cyberwar against the Islamic State group and other foes, according to U.S. officials. Under the plans, U.S. Cyber Command would eventually be split off from the intelligence-focused National Security Agency. The goal, they said, is to give U.S. Cyber Command more autonomy, freeing it from any constraints that stem from working alongside the NSA, which is responsible for monitoring and collecting telephone, internet and other intelligence data from around the world -- a responsibility that can sometimes clash with military operations against enemy forces. Making cyber an independent military command will put the fight in digital space on the same footing as more traditional realms of battle on land, in the air, at sea and in space. The move reflects the escalating threat of cyberattacks and intrusions from other nation states, terrorist groups and hackers, and comes as the U.S. faces ever-widening fears about Russian hacking following Moscow's efforts to meddle in the 2016 American election.
Microsoft

US Appeals Court Upholds Nondisclosure Rules For Surveillance Orders (reuters.com) 53

An anonymous reader shares a report: A U.S. federal appeals court on Monday upheld nondisclosure rules that allow the FBI to secretly issue surveillance orders for customer data to communications firms, a ruling that dealt a blow to privacy advocates. A unanimous three-judge panel on the 9th U.S. Circuit Court of Appeals in San Francisco sided with a lower court ruling in finding that rules permitting the FBI to send national security letters under gag orders are appropriate and do not violate the First Amendment of the U.S. Constitution's free speech protections. Content distribution firm CloudFlare and phone network operator CREDO Mobile had sued the government in order to notify customers of five national security letters received between 2011 and 2013.
United Kingdom

Porn Websites in UK Ordered To Introduce Age Checks From Next Year (bbc.com) 103

Reader dryriver shares an article: A nine-month countdown to the introduction of compulsory age checks on online pornography seen from the UK has begun. The April 2018 goal to protect under-18s was revealed as digital minister Matt Hancock signed the commencement order for the Digital Economy Act, which introduces the requirement. But details as to how the scheme will work have yet to be finalised. Experts who advised ministers said the targeted date seemed "unrealistic". The act also sets out other new laws including punishing the use of bots to snatch up scores of concert tickets, and mandating the provision of subtitles on catch-up TV. The age-check requirement applies to any website or other online platform that provides pornography "on a commercial basis" to people in the UK. It allows a regulator to fine any business that refuses to comply and to ask third-party payment services to withdraw support. The watchdog will also be able to force internet providers to block access to non-compliant services.
Electronic Frontier Foundation

American ISPS Are Now Fighting State Broadband Privacy Proposals (eff.org) 74

The EFF complains that "the very companies who spent millions of dollars lobbying in D.C. to repeal our federal broadband privacy rights are now fighting state attempts to protect consumers because they supposedly prefer a federal rule." The EFF urges Californians to phone their state senator ahead of a crucial back-to-back committee hearings on Tuesday. An anonymous reader writes: "Congress stole your online privacy. Let's seize it back," begins an email that the EFF is sending to California supporters. It warns that "Big Telecom has massive amounts of money to spend on an army of lobbyists. But if Internet users from across California unite with one voice, we can defeat their misinformation campaign... Don't let the big ISPs coopt our privacy."

The EFF's site points out that more than 83% of Americans support the privacy regulations which were repealed in March by the U.S. Congress, according to a new poll released last week. That's even more than the 77% of Americans who support keeping current net neutrality protections in place, according to the same poll. The EFF now hopes that California's newly-proposed legislation could become a model for privacy-protecting laws in other states. And back in Silicon Valley, the San Jose Mercury News writes that California "has an obligation to take a lead in establishing the basic privacy rights of consumers using the Internet. Beyond being the right thing to do for the whole country, building trust in tech products is an essential long-term business strategy for the industry that was born in this region."

The EFF has also compiled an interesting list of past instances where ISPs have already tried to exploit the personal information of their customers for profit.
Australia

Crypto-Bashing Prime Minister Argues The Laws Of Mathematics Don't Apply In Australia (independent.co.uk) 325

An anonymous reader quotes the Independent:Australian Prime Minister Malcolm Turnbull has said the laws of mathematics come second to the law of the land in a row over privacy and encryption... When challenged by a technology journalist over whether it was possible to tackle the problem of criminals using encryption -- given that platform providers claim they are currently unable to break into the messages even if required to do so by law -- the Prime Minister raised eyebrows as he made his reply. "Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia," he said... "The important thing is to recognise the challenge and call on the companies for assistance. I am sure they know morally they should... They have to face up to their responsibility."
Facebook has already issued a statement saying that they "appreciate the important work law enforcement does, and we understand the need to carry out investigations. That's why we already have a protocol in place to respond to any requests we can.

"At the same time, weakening encrypted systems for them would mean weakening it for everyone."
Government

Y Combinator Announces Funding For UBI-Supporting Political Candidates (latimes.com) 194

Most people "feel like they have great potential that is being wasted," argues Y Combinator president Sam Altman -- a Stanford dropout whose company's investments are now worth $65 billion, including Airbnb, Reddit, and Dropbox. Now an anonymous reader quote the Los Angeles Times: A wealthy young Silicon Valley venture capitalist hopes to recruit statewide and congressional candidates and launch an affordable-housing ballot measure in 2018 because he says California's leaders are failing to address flaws in the state's governance that are killing opportunities for future generations. Sam Altman, 32, will roll out an effort to enlist candidates around a shared set of policy priorities -- including tackling how automation is going to affect the economy and the cost of housing in California -- and is willing to put his own money behind the effort. "I think we have a fundamental breakdown of the American social contract and it's desperately important that we fix it," he said. "Even if we had a very well-functioning government, it would be a challenge, and our current government functions so badly it is an extra challenge..."

Altman lays out 10 principles including lowering the cost of housing, creating single-payer healthcare, increasing clean energy use, improving education, reforming taxes and rebuilding infrastructure. He has few specific policy edicts, and floats proposals that will generate controversy, such as creating a universal basic income for all Americans in an effort to equalize opportunity, public funding for the media and increasing taxes on property that is owned by foreigners, is unoccupied or has been "flipped" by investors seeking a quick return on an investment.

Altman argues that he wants to "ensure that everyone benefits from the coming changes," and specifically highlights the idea of a Universal Basic Income. Altman writes that "If it turns out to be a good policy, I could imagine passing a law that puts it into effect when the GDP per capita doubles. This could help cushion the transition to a post-automation world."
Media

Free Speech vs Billionaires: Netflix Streams A New Documentary About The Gawker Verdict (businessinsider.com) 199

Speaking of Netflix, last month they began streaming "Nobody Speak: Trials of the Free Press" -- a new documentary by Brian Knappenberger about the Gawker verdict. An anonymous reader shares this description from Business Insider: Knappenberger -- who previously made the movies "The Internet's Own Boy: The Story of Aaron Swartz," on internet activist Aaron Swartz, and "We Are Legion," about the hacker group Anonymous -- got in touch with Nick Denton and Gawker editor-in-chief (who also posted the Hogan sex tape video) A.J. Daulerio to be in the film as well as Hogan's lawyer David R. Houston... Knappenberger said he also tried to get Peter Thiel to be in the movie, but Thiel declined Knappenberger's numerous requests. And the movie shows how other people with money and influence can and do silence the media.

Knappenberger also showcases what happened to the Las Vegas Review-Journal at the end of 2015. The paper's staff was suddenly told that the paper had been sold, though they were never told who the new publisher was. A group of reporters found that the son-in-law of Las Vegas casino titan Sheldon Adelson was a major player in the purchase of the paper. According to the movie, Adelson had a vendetta with the paper's columnist John L. Smith, who wrote unflattering things about him in a 2005 book. Smith was even ordered after the paper was bought that he was never to write about Adelson in any of his pieces. For Knappenberger, there's no other way to look at it: The suppression of the media by billionaires is happening.

Knappenberger said if any legal documents arrive from the billionaires discussed in his movie, "We're ready for it." But he added that the bigger issue is getting people to understand that the loss of the free press is "the most important thing facing our country." Or, as a former Gawker editor says in the film, "If you're not pissing off a billionaire, what's the point?"
Transportation

Is Homeland Security's Face-Scanning At Airports An Unreasonable Search? (technologyreview.com) 146

schwit1 shares an article from MIT's Technology Review: Facial-recognition systems may indeed speed up the boarding process, as the airlines rolling them out promise. But the real reason they are cropping up in U.S. airports is that the government wants to keep better track of who is leaving the country, by scanning travelers' faces and verifying those scans against photos it already has on file... The U.S. Department of Homeland Security has partnered with airlines including JetBlue and Delta to introduce such recognition systems at New York's JFK International Airport, Washington's Dulles International, and airports in Atlanta, Boston, and Houston, among others. It plans to add more this summer...

As facial-recognition technology has improved significantly in recent years, it has attracted the interest of governments and law enforcement agencies. That's led to debates over whether certain uses of the technology violate constitutional protections against unreasonable searches... Harrison Rudolph, a law fellow at Georgetown Law's Center on Privacy and Technology, and others are raising alarms because as part of the process, U.S. Customs and Border Protection is also scanning the faces of U.S. citizens... They say Congress has never expressly authorized the collection of facial scans from U.S. citizens at the border routinely and without suspicion.

"We aren't entirely sure what the government is doing with the images," the article adds, though it notes that the Department of Homeland Security is saying that it deletes all data pertaining to the images after two weeks. But Slashdot reader schwit1 is still worried about the possibility of an irretrievable loss of privacy, writing that "If the DHS database gets hacked, it's hard to get a new face."

Slashdot Top Deals