Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Patents

Apple Patenting a Way To Collect Fingerprints, Photos of Thieves (appleinsider.com) 90

An anonymous reader quotes a report from Apple Insider: As published by the U.S. Patent and Trademark Office, Apple's invention covering "Biometric capture for unauthorized user identification" details the simple but brilliant -- and legally fuzzy -- idea of using an iPhone or iPad's Touch ID module, camera and other sensors to capture and store information about a potential thief. Apple's patent is also governed by device triggers, though different constraints might be applied to unauthorized user data aggregation. For example, in one embodiment a single failed authentication triggers the immediate capture of fingerprint data and a picture of the user. In other cases, the device might be configured to evaluate the factors that ultimately trigger biometric capture based on a set of defaults defined by internal security protocols or the user. Interestingly, the patent application mentions machine learning as a potential solution for deciding when to capture biometric data and how to manage it. Other data can augment the biometric information, for example time stamps, device location, speed, air pressure, audio data and more, all collected and logged as background operations. The deemed unauthorized user's data is then either stored locally on the device or sent to a remote server for further evaluation.
Communications

FCC Proposes 5G Cybersecurity Requirements, Asks For Industry Advice (fedscoop.com) 29

Presto Vivace quotes a report from FedScoop: "Cybersecurity issues must be addressed during the design phase for the entire 5G ecosystem, including devices. This will place a premium on collaboration among all stakeholders," said FCC chairman Tom Wheeler during a National Press Club event on June 20. "We continue to prefer an approach that emphasizes that industry develop cybersecurity standards just as we have done in wired networks." The FCC published a request Wednesday for comment on a new set of proposed 5G rules to the Federal Register focused on adding specific "performance requirements" for developers of example internet-connected devices. If a company hopes to secure a license to access higher-frequency 5G spectrum in the future then they will need to adhere to these specific requirements -- in other words, compliance is non-negotiable. Notably, these FCC "performance requirements" now include the submission of a network security plan. The report adds: "A quick review of the FCC's proposed 5G cybersecurity plan shows a six category split, organized by a companies' security approach, coordination efforts, standards and best practices, participation with standards bodies, other security approaches and plans with information sharing organizations. Security plans must be submitted to the commission at least six months before a 5G-ready product enters the market, according to the notice."
Government

Malware Sold To Governments Helped Them Spy on iPhones (washingtonpost.com) 31

One of the world's most evasive digital arms dealers is believed to have been taking advantage of three security vulnerabilities in popular Apple products in its efforts to spy on dissidents and journalists, reports The New York Times. (Editor's note: the link could be paywalled, here's an alternate source). From the report: Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target's mobile phone, was responsible for the intrusions. The NSO Group's software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user. In response, Apple on Thursday released a patched version of its mobile software, iOS 9.3.5. Users can get the patch through a normal software update.The Washington Post reports that these "zero-day" flaws were previously used by the governments to take over victims' phones by tricking them into clicking on a link to a text message. Motherboard says that this is the first time anyone has uncovered such an attack in the wild. "Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars."
China

China To Crackdown On Unauthorised Radio Broadcasts (www.bgr.in) 44

An anonymous reader writes: Reportedly, in a national campaign aided by more than 30,000 airwave monitors, in over past six months, more than 500 sets of equipment for making unauthorised radio broadcasts were seized in China. The campaign, launched on February 15 by the State Council, resulted in 1,796 cases related to illegal radio stations, after 301,840 hours of monitoring from February to July, according to an online statement by the Ministry of Industry and Information Technology. The number of incidents was down by 50 per cent from April to August, the China Daily quoted the statement as saying. So-called pirate radios have appeared in most parts of China since 2015 and this "has been a channel for criminals to defraud and promote aphrodisiacs, along with counterfeit and poor-quality medicine," according to the Ministry of Public Security's Criminal Investigation Department. The operating cost of a pirate radio is low, but profit can be high. A pirate radio station that broadcasts advertisements for aphrodisiacs can pocket more than 70,000 yuan ($10,500) a month, with an overhead cost of no more than 10,000 yuan, investigators said in a post on Sina Weibo. It said most spare parts for broadcasting equipment can be bought on the internet.
Facebook

WhatsApp To Share Some Data With Facebook (bloomberg.com) 102

Two years ago when Facebook bought WhatsApp, the instant messaging client said that the deal would not affect the digital privacy of its users. Things are changing now, WhatsApp said Thursday. The Facebook-owned app will share with the company some member information, as well as some analytics data of its users. Bloomberg reports: WhatsApp announced a change to its privacy policy today that allows businesses to communicate with users. The messages could include appointment reminders, delivery and shipping notifications or marketing material, the company said in its revised terms of service. In a blog post, WhatsApp said it will be testing these business features over the coming months. The strategy is an important step for Facebook as it attempts to make money from its most expensive acquisition. In addition to the messages from businesses, WhatsApp said it would begin sharing more information about its users with the "Facebook family." The data, including a person's phone number, could be used to better targets ads when browsing Facebook or Instagram, WhatsApp said.
The Almighty Buck

'Legalist' Startup Automates The Lawsuit Strategy Peter Thiel Used To Bankrupt Gawker (gizmodo.com) 242

An anonymous reader writes from a report via Gizmodo: "Two Harvard undergraduates have created a service called Legalist that uses what they call 'data-backed litigation financing,' analyzing civil lawsuits with an algorithm to predict case outcomes and determine which civil lawsuits are worth investing in," reports Gizmodo. The process is very similar to what billionaire Peter Thiel did when he secretly funded a lawsuit from Hulk Hogan against Gawker Media. "Legalist says it uses an algorithm of 58 different variables including, as [Legalist cofounder] Eva Shang told the Silicon Valley Business Journal, who the presiding judge is and the number of cases the judge is currently working on. The algorithm has been fed cases dating back to 1989 and helps people figure out how long a case will last and the risks associated with it. In a presentation at Y Combinator's Demo Day on Tuesday [Legalist was developed as part of Y Combinator's Summer 2016 class], the founders claimed that the startup funded one lawsuit for $75,000 and expects a return of more than $1 million. Shang says the $1.40 is earned for every $1 spent in litigation financing, which can prove to be a profitable enterprise when you're spending hundreds of thousands of dollars." Shang told Business Insider in reference to the Gawker lawsuit, "That's the kind of thing we're staying away from here." The company will supposedly be focusing on commercial and small-business lawsuits, and will not be backing lawsuits by individuals.
HP

HP Hit With Age-Discrimination Suit Claiming Old Workers Purged (mercurynews.com) 193

Hewlett-Packard started laying off workers in 2012, before it separated into HP Inc. and HP Enterprise last year. The company has continued to cut thousands of jobs since. As a result of the "restructuring," an age discrimination lawsuit has been filed by four former employees of HP alleging they were ousted amid a purge of older workers. The Mercury News reports: "The goal 'was to make the company younger,' said the complain filed Aug. 18 in U.S. District Court in San Jose. 'In order to get younger, HP intentionally discriminated against its older employees by targeting them for termination [...] and then systematically replacing them with younger employees. HP has hired a disproportionately large number of new employees under the age of 40 to replace employees aged 40 and older who were terminated.' Arun Vatturi, a 15-year Palo Alto employee at HP who was a director in process improvement until he was laid off in January at age 52, and Sidney Staton, in sales at HP in Palo Alto for 16 months until his layoff in April 2015 at age 54, have joined in the lawsuit with a former employee from Washington, removed at age 62, and one from Texas, out at age 63. The group is seeking class-action status for the court action and claims HP broke state and federal laws against age discrimination." The lawsuit also alleges that written guidelines issued by HP's human resources department mandated that 75 percent of all hires outside of the company be fresh from school or "early career" applicants.
Piracy

Cloudflare Faces Lawsuit For Assisting Pirate Sites (torrentfreak.com) 82

An anonymous reader shares a TorrentFreak report: In recent months CloudFlare has been called out repeatedly for offering its services to known pirate sites, including The Pirate Bay. These allegations have now resulted in the first lawsuit after adult entertainment publisher ALS Scan filed a complaint against CloudFlare at a California federal court. [...] Copyright holders are not happy with CloudFlare's actions. Just recently, the Hollywood-affiliated group Digital Citizens Alliance called the company out for helping pirate sites to stay online. Adult entertainment outfit ALS Scan agrees and has now become the first dissenter to take CloudFlare to court. In a complaint filed at a California federal court, ALS describes piracy as the greatest threat to its business. The rise of online piracy has significantly hurt the company's profits, they argue, noting that "pirate" sites are not the only problem. "The problems faced by ALS are not limited to the growing presence of sites featuring infringing content, or 'pirate' sites. A growing number of service providers are helping pirate sites thrive by supporting and engaging in commerce with these sites," ALS writes.
The Internet

Singapore To Cut Off Public Servants From the Internet (theguardian.com) 59

Singapore is planning to cut off web access for public servants as a defence against potential cyber attack, Reuters reports. The local government's move has already been criticized by many, who say that it marks a retreat for a technologically advanced city-state that has trademarked the term "smart nation". From an article on The Guardian: Some security experts say the policy, due to be in place by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve. It may only raise slightly the defensive walls against cyber attack, they say. Ben Desjardins, director of security solutions at network security firm Radware, called it "one of the more extreme measures I can recall by a large public organisation to combat cyber security risks." Stephen Dane, a Hong Kong-based managing director at networking company Cisco Systems, said it was "a most unusual situation" and Ramki Thurimella, chair of the computer science department at the University of Denver, called it both "unprecedented" and "a little excessive".
PlayStation (Games)

Sony Tries To Remove News Articles About PlayStation 4 Slim Leak From The Internet (techdirt.com) 85

Sony is expected to announce two new PlayStation 4 consoles at a scheduled event on September 7th in New York City, but as that date nears more leaks of the consoles have emerged. The most recent leak appears to show the upcoming PlayStation 4 Slim, which Sony is trying to remove from the internet by taking down news articles from social media accounts about the leak. Erik Kain via @erikkain on Twitter tweeted (Tweet no longer exists): "Sony issued a takedown and had this post removed from my Facebook page: https://t.co/fIjP0buTdY (Warning: may be paywalled)." Techdirt reports: "[The Forbes post] references the work Eurogamer did in visiting the leaker of the image to confirm the console is for real (it is), as well as generating its own image and even video of the console working for its story on the leak. But if you go today to the Eurogamer post about the leak, the video has been replaced by the following update. UPDATE, 7.30pm: Upon taking legal advice, we have removed the video previously referenced in this article. Left unsaid is whether or not any contact had been made by Sony with Eurogamer, thus prompting this 'legal advice,' but one can imagine that being the case, particularly given Sony's threats to social media users sharing images and reporting of Sony leaks and, more to the point, threats against any media that might report on those leaks."
Patents

US Trade Judge Clears Fitbit of Stealing Jawbone's Trade Secrets (reuters.com) 13

An anonymous reader quotes a report from Reuters: Fitbit did not steal rival Jawbone's trade secrets, a U.S. International Trade Commission judge ruled on Tuesday, dashing Jawbone's hopes of securing an import ban against Fitbit's wearable fitness tracking devices. The judge, Dee Lord, said that there had been no violation of the Tariff Act, which gives the commission the power to block products that infringe U.S. intellectual property, because "no party has been shown to have misappropriated any trade secret." The ruling means Jawbone comes away with nothing from a complaint it filed with the trade agency in July 2015, accusing Fitbit of infringing six patents and poaching employees who took with them confidential data about Jawbone's business, such as plans, supply chains and technical details. Jawbone first sued Fitbit last year over trade secret violations in California state court, where the case is still pending. The companies, both based in San Francisco, are also litigating over patents in federal court.
Crime

FBI Authorized Informants To Break The Law 22,800 Times In 4 Years (dailydot.com) 106

blottsie quotes a report from the Daily Dot: Over a four-year period, the FBI authorized informants to break the law more than 22,800 times, according to newly reviewed documents. Official records obtained by the Daily Dot under the Freedom of Information Act show the Federal Bureau of Investigation gave informants permission at least 5,649 times in 2013 to engage in activity that would otherwise be considered a crime. In 2014, authorization was given 5,577 times, the records show. USA Today previously revealed confidential informants engaged in "otherwise illegal activity," as the bureau calls it, 5,658 times in 2011. The figure was at 5,939 the year before, according to documents acquired by the Huffington Post. In total, records obtained by reporters confirm the FBI authorized at least 22,823 crimes between 2011 and 2014. Unfortunately, many of those crimes can have serious and unintended consequences. One of the examples mentioned in the Daily Dot's report was of an FBI informant who "was responsible for facilitating the 2011 breach of Stratfor in one of the most high-profile cyberattacks of the last decade. While a handful of informants ultimately brought down the principal hacker responsible, the sting also caused Stratfor, an American intelligence firm, millions of dollars in damages and left and estimated 700,000 credit card holders vulnerable to fraud."
Canada

Ashley Madison Security Protocols Violated Canada, Austrialia Privacy Laws (www.cbc.ca) 29

The Office of the Privacy Commissioner of Canada said Tuesday that the Canada-based online dating and social networking service Ashely Madison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs. CBC.ca reports: "In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers. The hack stole correspondence, identifying details and even credit card information from millions of the site's users. The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts. Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn't do enough to guard against being hacked. The company even adorned its website with the logo of a 'trusted security award' -- a claim the company admits it fabricated." The report found that "poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company" and that "much of the company's efforts to monitor its own security were 'focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data.'" What's more is that Ashley Madison continued to store personal information of its users even after some of which had deleted or deactivated their account(s). These people then had their information included in databases published online after the hack.
Privacy

WikiLeaks Published Rape Victims' Names, Credit Cards, Medical Data (arstechnica.com) 303

Joe Mullin, writing for ArsTechnica: Even as WikiLeaks founder Julian Assange sits trapped in the Ecuadorean embassy, the WikiLeaks website continues to publish the secrets of various governments worldwide. But that's not all it's publishing. A report today by the Associated Press highlights citizens who had "sensitive family, financial or identity records" published by the site. "They published everything: my phone, address, name, details," said one Saudi man whose paternity dispute was revealed in documents published by the site. "If the family of my wife saw this... Publishing personal stuff like that could destroy people." One document dump, from Saudi diplomatic cables, held at least 124 medical files. The files named sick children, refugees, and patients with psychiatric conditions. In one case, the cables included the name of a Saudi who was arrested for being gay. In Saudi Arabia, homosexuality is punishable by death. In two other cases, WikiLeaks published the names of teenage rape victims. "This has nothing to do with politics or corruption," said Dr. Nayef al-Fayez, who had a patient with brain cancer whose personal details were published.
Facebook

Facebook Knows Your Political Preferences (businessinsider.com) 183

Facebook knows a lot more about its users than they think. For instance, the New York Times reports, the company is categorizing its users as liberal, conservative, or moderate. These details are valuable for advertisers and campaign managers, especially ahead of the election season. From a BusinessInsider report: For some, Facebook is able to come to conclusions about your political leanings easily, if you mention a political party on your page. For those that are less open about politics on social media, Facebook makes assumptions based on pages you like. As The New York Times explained, if you like Ben and Jerry's Facebook page and most of the other people that like that page identify as liberal, Facebook might assume you too are liberal.
Government

FBI Investigating Russian Hack Of New York Times Reporters, Others (cnn.com) 61

Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at the New York Times and other U.S. news organizations, reports CNN, citing US officials briefed on the matter. From the report: The intrusions, detected in recent months, are under investigation by the FBI and other US security agencies. Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said. "Like most news organizations we are vigilant about guarding against attempts to hack into our systems," said New York Times Co. spokeswoman Eileen Murphy. "There are a variety of approaches we take up to and including working with outside investigators and law enforcement. We won't comment on any specific attempt to gain unauthorized access to The Times." The breaches targeting reporters and news organizations are part of an apparent surge in cyber attacks in the past year against entities beyond US government agencies.
Electronic Frontier Foundation

US Customs and Border Protection Wants To Know Who You Are On Twitter (eff.org) 347

An anonymous reader quotes a report from Electronic Frontier Foundation: U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers' privacy, and would have a wide-ranging impact on freedom of expression -- all while doing little or nothing to protect Americans from terrorism. A proposal has been issued by U.S. Customs and Border Protection to collect social media handles from visitors to the United States from visa waiver countries. The Electronic Frontier Foundation opposes the proposal and has commented on it individually and as part of a larger coalition. "CBP specifically seeks 'information associated with your online presence -- Provider/Platform -- Social media identifier' in order to provider DHS 'greater clarity and visibility to possible nefarious activity and connections' for 'vetting purposes,'" reports EFF. "In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism." They say this plan "would unfairly violate the privacy of innocent travelers," would cause "innocent travelers" to "engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government," and would lead to a "slippery slope, where CBP would require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data."
Power

New Mexico Nuclear Accident Ranks Among the Costliest In US History (latimes.com) 319

mdsolar quotes a report from Los Angeles Times: When a drum containing radioactive waste blew up in an underground nuclear dump in New Mexico two years ago, the Energy Department rushed to quell concerns in the Carlsbad desert community and quickly reported progress on resuming operations. The early federal statements gave no hint that the blast had caused massive long-term damage to the dump, a facility crucial to the nuclear weapons cleanup program that spans the nation, or that it would jeopardize the Energy Department's credibility in dealing with the tricky problem of radioactive waste. But the explosion ranks among the costliest nuclear accidents in U.S. history, according to a Times analysis. The long-term cost of the mishap could top $2 billion, an amount roughly in the range of the cleanup after the 1979 partial meltdown at the Three Mile Island nuclear power plant in Pennsylvania. The Feb. 14, 2014, accident is also complicating cleanup programs at about a dozen current and former nuclear weapons sites across the U.S. Thousands of tons of radioactive waste that were headed for the dump are backed up in Idaho, Washington, New Mexico and elsewhere, state officials said in interviews. "The direct cost of the cleanup is now $640 million, based on a contract modification made last month with Nuclear Waste Partnership that increased the cost from $1.3 billion to nearly $2 billion," reports Los Angeles Times. "The cost-plus contract leaves open the possibility of even higher costs as repairs continue. And it does not include the complete replacement of the contaminated ventilation system or any future costs of operating the mine longer than originally planned."
Television

North Korea Unveils Netflix-Like Streaming Service Called 'Manbang' (bbc.com) 162

North Korea has unveiled a set-top box that offers video-on demand services similar to Netflix. The service is called Manbang, which translates to "everywhere" in Korean, and allows consumers to stream documentaries about Kim Jong Un and other "educational" programs, as well as five live TV channels. "If a viewer wants to watch, for instance, an animal movie and sends a request to the equipment, it will show the relevant video to the viewer [...] this is two-way communications," according to NK News. It reportedly works by plugging the set-top box into an internet modem, then connecting an HDMI cable from the cable box to the TV. A very small number of North Koreans will actually be able to use the device as "only a few thousand [...] have access to the state-sanctioned internet, in a nation of 25 million people," reports New York Daily News.
Security

BHU's 'Tiger Will Power' Wi-Fi Router May Be The Most Insecure Router Ever Made (softpedia.com) 62

An anonymous reader writes from a report via Softpedia: A Wi-Fi router manufactured and sold only in China can easily run for the title of "most insecure router ever made." The BHU router, whose name translates to "Tiger Will Power," has a long list of security problems that include: four authentication bypass flaws (one of which is just hilarious); a built-in backdoor root account that gets created on every boot-up sequence; the fact that it opens the SSH port for external connections after every boot (somebody has to use that root backdoor account right?); a built-in proxy server that re-routes all traffic; an ad injection system that adds adverts to all the sites you visit; and a backup JS file embedded in the router firmware if the ad script fails to load from its server. For techies, there's a long technical write-up, which gets funnier and scarier at the same time as you read through it. "An attacker authenticating on the router can use a hardcoded session ID (SID) value of 700000000000000 to gain admin privileges," reports Softpedia. "If he misspells the SID and drops a zero, that's no problem. The BHU router will accept any value and still grant the user admin rights."

Slashdot Top Deals