Government

Trump Blocks China-Backed Takeover of US Chip Maker 'Lattice Semi' (cnn.com) 151

MountainLogic shares a report from CNN: President Trump has stopped the takeover of an American chip maker by a private equity firm with ties to China. The deal, which would have seen China-backed Canyon Bridge Capital Partners acquire Lattice Semiconductors, was blocked over national security concerns. "Today, consistent with the administration's commitment to take all actions necessary to ensure the protection of U.S. national security, the president issued an order prohibiting the acquisition," Treasury Secretary Steven Mnuchin said in a statement Wednesday. The national security risk included "the potential transfer of intellectual property" to the Chinese-backed company and the "Chinese government's role in supporting this transaction," according to Mnuchin's statement. Those are sensitive matters: the Trump administration launched an investigation last month into whether China is unfairly getting hold of American technology and intellectual property. The Committee on Foreign Investment in the U.S., which reviews deals that could result in a foreign entity taking control of an American company, had previously recommended halting the deal. Lattice CEO Darin G. Billerbeck called the outcome "disappointing" and called the proposed acquisition "an excellent deal" for Lattice and for "expanding the opportunity to keep jobs in America." According to CNN, Lattice currently employs 300 people in Oregon -- and Canyon Bridge has committed to adding 350 more if the takeover deal went through.
Advertising

First Ever Malvertising Campaign Uses JavaScript To Mine Cryptocurrencies In Your Browser (bleepingcomputer.com) 70

An anonymous reader writes from a report via Bleeping Computer: Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers (mostly Monero), without their knowledge. The way crooks pulled this off was by using an online advertising company that allows them to deploy ads with custom JavaScript code. The JavaScript code is a modified version of MineCrunch (also known as Web Miner), a script released in 2014 that can mine cryptocurrencies using JavaScript code executed inside the browser. Cryptocurrency mining operations are notoriously resource-intensive and tend to slow down a user's computer. To avoid raising suspicion, crooks delivered malicious ads mainly on video streaming and browser-based gaming sites (currently mostly Ukrainian and Russian sites). Both types of sites use lots of resources, and users wouldn't get suspicious when their computer slowed down while accessing the site. Furthermore, users tend to linger more on browser games and video streaming services, allowing the mining script to do its job and generate profits for the crooks.
Businesses

Wisconsin State Legislature Signs Off On $3 Billion Foxconn Incentive Package (venturebeat.com) 158

On Thursday, legislators in the state of Wisconsin approved a nearly $3 billion incentive package for the Taiwanese electronics manufacturer, Foxconn, in exchange for it investing approximately $10 billion in the state and building a factory that could employ up to 13,000 workers. The legislation is now headed to Republican Governor Scott Walker's desk, where he is expected to give it his seal of approval. VentureBeat reports: The bill passed the Wisconsin State Assembly on a 64-31 vote, after previously passing the state senate on a 20-13 vote. The move signals the start of what will likely be an important experiment in just how much generous incentive packages can do to help create new tech hubs. Governor Walker has said that the Foxconn factory â" the company's first in the United States -- will help transform Wisconsin into "Wisconn Valley." While on a trade mission this week to Japan and South Korea, Governor Walker told reporters that many of the companies he met with on the trip were already "every interested in how they could come to Wisconsin and partner for that new ecosystem." However, there are still a few details that need to be finalized before Foxconn can start breaking ground -- most notably, where the company will build the factory. The factory was set to be built in either Kenosha or Racine County, Wisconsin, before Kenosha dropped out of the running earlier this week.
Facebook

Spain Fines Facebook Over Tracking Users Without Consent (tomshardware.com) 41

Spain's Data Protection Authority has issued a 1.2 million euro fine against Facebook after it found three instances when the company collected data without informing users, as required by European Union privacy laws. Tom's Hardware reports: The AEPD found multiple issues with how Facebook gathered data on Spanish users. One of the issues was that Facebook collects data on ideology, sex, and religious beliefs, as well as personal tastes and web surfing habits without informing the users about how that data will be used. A second issue was that Facebook wasn't obtaining specific and informed consent from the users because the data it was offering them about the collection was not sufficiently clear. The company has been tracking both users and non-users of the service through the Like button across the web without informing them about this sort of tracking, nor about what it plans to do with the data. The company has said that the collection is done for advertising purposes before, but some purposes remain secret, according to the Spanish Data Protection Authority. The AEPD said this sort of collection doesn't comply with the EU's data protection regulations.

Finally, the AEPD also noticed that Facebook has not been completely purging the data about users who had already deleted their accounts and that Facebook was making use of accounts' data that have been deleted for more than 17 months. Considering the data that has remained behind is no longer useful for the purpose for which it was collected, the agency considered this another serious infringement of EU privacy laws.

Security

ISPs Claim a Privacy Law Would Weaken Online Security, Increase Pop-Ups (arstechnica.com) 86

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

Google

Google Hit With Gender Pay Discrimination Lawsuit (axios.com) 243

An anonymous reader shares a report: Three female former Google employees have filed a lawsuit against the search giant alleging gender-based pay discrimination, as the Associated Press reported. The former employees, Kelly Ellis, Holly Pease and Kelli Wisuri, all left the company after being put on career paths within the company that they say would pay them less than their male counterparts.
Government

In a Highly Unusual Move, FTC Confirms It Is Investigating Equifax (reuters.com) 117

The Federal Trade Commission (FTC) on Thursday confirmed it is investigating Equifax's handling of a data breach affecting 143m Americans. "The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach," said Peter Kaplan, the commission's acting director of public affairs. Washington Post reporter tweeted: "To put a finer point on it, this is really, really unusual -- the FTC hardly ever says anything about ongoing probes."
Businesses

Silicon Valley Bosses Are Globalists, Not Libertarians (economist.com) 307

From a report via The Economist: In a recently published survey of 600 entrepreneurs and executives in Silicon Valley, conducted by David Broockman and Neil Malhotra of Stanford University and Gregory Ferenstein, a journalist, three-quarters of respondents said they supported Hillary Clinton during the 2016 presidential election. But although technology-firm leaders hold views that in general hew much closer to Democratic positions than Republican ones, they are far from reliable partisan ideologues. As you might expect from captains of industry, Silicon Valley executives are much more likely to support free trade and to oppose government regulation of businesses than your average Democrat is. For example, just 30% of tech bosses believe that ride-hailing companies need to be regulated like the taxi industry, compared with 60% of Democrats.

Given their combination of socially liberal attitudes and a preference for free markets, you might call Silicon Valley executives libertarians. However, libertarians generally advocate shrinking the state as a share of the economy, which technology bosses resolutely do not. When asked if they "would like to live in a society where government does nothing except provide national defense and police protection, so that people could be left alone to earn whatever they could," just 24% agreed. In contrast, 68% of Republican donors concurred with that statement. Moreover, Silicon Valley entrepreneurs are just as likely to favor redistributive economic policies, such as universal health care and higher taxes on the rich, as an average Democrat is. The outlook of our new robot-building overlords is far more communitarian than, say, the doctrines of Ayn Rand.

Security

Backdoor Found In WordPress Plugin With More Than 200,000 Installations (bleepingcomputer.com) 82

According to Bleeping Computer, a WordPress plug that goes by the name Display Widgets has been used to install a backdoor on WordPress sites across the internet for the past two and a half months. While the WordPress.org team removed the plugin from the official WordPress Plugins repository, the plugin managed to be installed on more than 200,000 sites at the time of its removal. The good news is that the backdoor code was only found between Display Widgets version 2.6.1 (released June 30) and version 2.6.3 (released September 2), so it's unlikely everyone who installed the plugin is affected. WordPress.org staff members reportedly removed the plugin three times before for similar violations. Bleeping Computer has compiled a history of events in its report, put together with data aggregated from three different investigations by David Law, White Fir Design, and Wordfence. The report adds: The original Display Widgets is a plugin that allowed WordPress site owners to control which, how, and when WordPress widgets appear on their sites. Stephanie Wells of Strategy11 developed the plugin, but after switching her focus to a premium version of the plugin, she decided to sell the open source version to a new developer who would have had the time to cater to its userbase. A month after buying the plugin in May, its new owner released a first new version -- v2.6.0 -- on June 21.
Music

Apple's 'Shoddy' Beats Headphones Get Slammed In Lawsuit (theregister.co.uk) 188

A lawsuit (PDF) filed Tuesday in U.S. District Court in Oakland, California, recounts the frustrations of five plaintiffs who found that Apple's Powerbeats 2 and Powerbeats 3 headphones did not perform as advertised. They are also claiming the company is refusing to honor warranty commitments to repair or replace the failed units. The Register reports: The complaint seeks $5,000,000 in damages and class action certification, in order to represent thousands of similarly afflicted Beats customers who are alleged to exist. "In widespread advertising and marketing campaigns, Apple touts that its costly Powerbeats (which retail for $199.95) are 'BUILT TO ENDURE' and are the 'BEST HEADPHONES FOR WORKING OUT,'" the complaint says. "But these costly headphones are neither 'built to endure' nor 'sweat & water resistant,' and certainly do not have a battery that lasts for six or twelve hours. Instead, these shoddy headphones contain a design defect that causes the battery life to diminish and eventually stop retaining a charge."

The complaint attributes the shoddiness of Apple's Powerbeats headphones to cheap components. Citing an estimate in a recent Motley Fool article, the complaint contends that Apple's Beats Solo headphones cost $16.89 to make and retail for $199.95: a markup of more than 1,000 per cent. That figure actually comes from a Medium post by Avery Louie, from hardware prototyping biz Bolt.

EU

EU Set To Demand Internet Firms Act Faster To Remove Illegal Content (reuters.com) 60

Companies including Google, Facebook and Twitter could face European Union laws forcing them to be more proactive in removing illegal content if they do not do more to police what is available on the Internet. From a report: The European Union executive outlines in draft guidelines reviewed by Reuters how Internet firms should step up efforts with measures such as establishing trusted flaggers and taking voluntary measures to detect and remove illegal content. Proliferating illegal content, whether because it infringes copyright or incites terrorism, has sparked heated debate in Europe between those who want online platforms to do more to tackle it and those who fear it could impinge on free speech. The companies have significantly stepped up efforts to tackle the problem of late, agreeing to an EU code of conduct to remove hate speech within 24 hours and forming a global working group to combine their efforts remove terrorist content from their platforms.
Government

Kaspersky Software Banned From US Government Systems Over Concerns About Russia (betanews.com) 91

Mark Wilson writes: The Department of Homeland Security has told US government agencies to remove Kaspersky software from their systems. The directive was issued because of concerns about influence exerted over the company by the Russian government. Government agencies have been given three months to identify and start to remove Kaspersky's security products. Kaspersky has constantly denied connections to the Russian government, but the US is simply not willing to take the risk.
Microsoft

Windows 10 Will Soon Give Users More Control Over App Permissions (engadget.com) 76

An anonymous reader shares a report: The software giant has revealed that you'll get much more control over what apps are allowed to do with your device. Where you previously only had control over location sharing, the Fall Creators Update will ask you to grant permission before accessing all kinds of potentially sensitive hardware and software features. It'll ask to use your camera and microphone if you have a video recording app, for instance, or check before offering access to your calendar and contacts. You'll only get these prompts for apps installed after you move to the Fall Creators Update; you'll have to dive into your privacy settings to review permissions for apps you already have. Even so, it's an important boost to Windows' privacy security levels. Much as on phones, where fine-grained permissions are already fairly commonplace, you might not have to worry as much about malicious apps spamming your contacts or hijacking the camera.
Privacy

Trump Administration Sued Over Phone Searches at US Borders (reuters.com) 138

The Trump administration has engaged in an unconstitutional practice of searching without a warrant the phones and laptops of Americans who are stopped at the border, a lawsuit filed on Wednesday alleged. From a report: Ten U.S. citizens and one lawful permanent resident sued the Department of Homeland Security in federal court, saying the searches and prolonged confiscation of their electronic devices violate privacy and free speech protections of the U.S. Constitution. DHS could not be immediately reached for comment. The lawsuit comes as the number of searches of electronic devices has surged in recent years, alarming civil rights advocates.
Botnet

At Least 1.65 Million Computers Are Mining Cryptocurrency For Hackers So Far This Year (vice.com) 37

According to new statistics released on Tuesday by Kaspersky Lab, a prominent Russian information security firm, 2017 is on track to beat 2016 -- and every year since 2011 -- in terms of the sheer number of computers infected with malware that installs mining software. From a report: So far in 2017, the company says it has detected 1.65 million infected machines. The total amount of infected computers for all of the previous year was roughly 1.8 million. The infected machines are not just home computers, the firm stated in a blog post, but company servers as well. "The main effect for a home computer or organization infrastructure is reduced system performance," Anton Ivanov, a security researcher for Kaspersky, wrote me in an email. "Also some miners could download modules from a threat actor's infrastructure, and these modules could contain other malware such as Trojans [malware that disguises itself as legitimate software]." Ivanov said that the firm doesn't know how much money has been made overall with this scheme, but a digital wallet for one mining botnet that the company identified currently contains over $200,000 USD.
Government

Department of Energy Invests $50 Million To Improve Critical Energy Infrastructure Security (helpnetsecurity.com) 51

Orome1 shares a report from Help Net Security: Today, the Department of Energy (DOE) is announcing awards of up to $50 million to DOE's National Laboratories to support early stage research and development of next-generation tools and technologies to further improve the resilience of the Nation's critical energy infrastructure, including the electric grid and oil and natural gas infrastructure. The electricity system must continue to evolve to address a variety of challenges and opportunities such as severe weather and the cyber threat, a changing mix of types of electric generation, the ability for consumers to participate in electricity markets, the growth of the Internet of Things, and the aging of the electricity infrastructure. The seven Resilient Distribution Systems projects awarded through DOE's Grid Modernization Laboratory Consortium (GMLC) will develop and validate innovative approaches to enhance the resilience of distribution systems -- including microgrids -- with high penetration of clean distributed energy resources (DER) and emerging grid technologies at regional scale. The project results are expected to deliver credible information on technical and economic viability of the solutions. The projects will also demonstrate viability to key stakeholders who are ultimately responsible for approving and investing in grid modernization activities. In addition, the Department of Energy "is also announcing 20 cybersecurity projects that will enhance the reliability and resilience of the Nation's electric grid and oil and natural gas infrastructure through innovative, scalable, and cost-effective research and development of cybersecurity solutions."
Microsoft

Researchers Catch Microsoft Zero-Day Used To Install Government Spyware (vice.com) 83

An anonymous reader quotes a report from Motherboard: Government hackers were using a previously-unknown vulnerability in Microsoft's .NET Framework, a development platform for building apps, to hack targets and infect them with spyware, according to security firm FireEye. The firm revealed the espionage campaign on Tuesday, on the same day Microsoft patched the vulnerability. According to FireEye, the bug, which until today was a zero-day, was being used by a customer of FinFisher, a company that sells surveillance and hacking technologies to governments around the world. The hackers sent a malicious Word RTF document to a "Russian speaker," according to Ben Read, FireEye's manager of cyber espionage research. The document was programmed to take advantage of the recently-patched vulnerability to install FinSpy, spyware designed by FinFisher. The spyware masqueraded as an image file called "left.jpg," according to FireEye.
Communications

The Only Safe Email is Text-Only Email (theconversation.com) 174

Sergey Bratus, Research Associate Professor of Computer Science, Dartmouth College, and Anna Shubina, Post-doctoral Associate in Computer Science, Dartmouth College write: The real issue is that today's web-based email systems are electronic minefields filled with demands and enticements to click and engage in an increasingly responsive and interactive online experience. It's not just Gmail, Yahoo mail and similar services: Desktop-computer-based email programs like Outlook display messages in the same unsafe way. Simply put, safe email is plain-text email -- showing only the plain words of the message exactly as they arrived, without embedded links or images. Webmail is convenient for advertisers (and lets you write good-looking emails with images and nice fonts), but carries with it unnecessary -- and serious -- danger, because a webpage (or an email) can easily show one thing but do another. Returning email to its origins in plain text may seem radical, but it provides radically better security. Even the federal government's top cybersecurity experts have come to the startling, but important, conclusion that any person, organization or government serious about web security should return to plain-text email (PDF).
The Almighty Buck

Chatbot Lets You Sue Equifax For Up To $25,000 Without a Lawyer (theverge.com) 111

Shannon Liao reports via The Verge: If you're one of the millions affected by the Equifax breach, a chatbot can now help you sue Equifax in small claims court, potentially letting you avoid hiring a lawyer for advice. Even if you want to be part of the class action lawsuit against Equifax, you can still sue Equifax for negligence in small claims court using the DoNotPay bot and demand maximum damages. Maximum damages range between $2,500 in states like Rhode Island and Kentucky to $25,000 in Tennessee. The bot, which launched in all 50 states in July, is mainly known for helping with parking tickets. But with this new update, its creator, Joshua Browder, who was one of the 143 million affected by the breach, is tackling a much bigger target, with larger aspirations to match. He says, "I hope that my product will replace lawyers, and, with enough success, bankrupt Equifax."

Not that the bot helps you do anything you can't already do yourself, which is filling out a bunch of forms -- you still have to serve them yourself. Unfortunately, the chatbot can't show up in court a few weeks later to argue your case for you either. To add to the headache, small claims court rules differ from state to state. For instance, in California, a person needs to demand payment from Equifax or explain why they haven't demanded payment before filing the form.

Encryption

Virginia Scraps Electronic Voting Machines Hackers Destroyed At DefCon (theregister.co.uk) 194

Following the DefCon demonstration in July that showed how quickly Direct Recording Electronic voting equipment could be hacked, Virginia's State Board of Elections has decided it wants to replace their electronic voting machines in time for the gubernatorial election due on November 7th, 2017. According to The Register, "The decision was announced in the minutes of the Board's September 8th meeting: 'The Department of Elections officially recommends that the State Board of Elections decertify all Direct Recording Electronic (DRE or touchscreen) voting equipment." From the report: With the DefCon bods showing some machines shared a single hard-coded password, Virginia directed the Virginia Information Technology Agency (VITA) to audit the machines in use in the state (the Accuvote TSX, the Patriot, and the AVC Advantage). None passed the test. VITA told the board "each device analyzed exhibited material risks to the integrity or availability of the election process," and the lack of a paper audit trail posed a significant risk of lost votes. Local outlet The News Leader notes that many precincts had either replaced their machines already, or are in the process of doing so. The election board's decision will force a change-over on the 140 precincts that haven't replaced their machines, covering 190,000 of Virginia's ~8.4m population.

Slashdot Top Deals