Earth

Floating Pacific Island Is In the Works With Its Own Government, Cryptocurrency (cnbc.com) 168

An anonymous reader quotes a report from CNBC: Nathalie Mezza-Garcia is a political scientist turned "seavangelesse" -- her term for an evangelist in favor of living off the grid -- and on the ocean. Mezza-Garcia spoke with CNBC's Matthew Taylor about what she sees as the trouble with governments, and why she believes tech startups should head to Tahiti. This seavangelesse is a researcher for the Blue Frontiers and Seasteading Institute's highly-anticipated Floating Island Project. The project is a pilot program in partnership with the government of French Polynesia, which will see 300 homes built on an island that runs under its own governance, using a cryptocurrency called Varyon.

"Once we can see how this first island works, we will have a proof of concept to plan for islands to house climate refugees," she said. The project is funded through philanthropic donations via the Seasteading Institute and Blue Frontiers, which sells tokens of the cryptocurrency Varyon. The pilot island is expected to be completed by 2022 and cost up to $50 million. As well as offering a home for the displaced, the self-contained islands are designed to function as business centers that are beyond the influence of government regulation.

United Kingdom

FM Radio Faces UK Government Switch-Off As Digital Listening Passes 50 Percent Milestone (inews.co.uk) 99

The Amazon Echo and other smart speakers have helped push the audience for digital radio past that of FM and AM in the UK for the first time. According to Radio Joint Audience Research (RAJAR), digital listening has reached a new record share of 50.9%, up from 47.2% a year ago. This milestone will trigger a government review into whether the analog FM radio signal should be switched off altogether. iNews reports: The BBC said it would be "premature" to switch off the FM signal. It could cut off drivers with analogue car radios and disenfranchise older wireless listeners. Margot James, Digital minister, welcomed "an important milestone for radio." She confirmed that the Government will "work closely with all partners -- the BBC, commercial radio, (transmitter business) Arqiva, car manufacturers and listeners" before committing to a timetable for analogue switch-off.

James Purnell, BBC Director of Radio and Education, said: "We're fully committed to digital, and growing its audiences, but, along with other broadcasters, we've already said that it would be premature to switch off FM." Mr Purnell said that BBC podcast listening was up a third across all audiences since the same time last year, accounting now for 40,000 hours a week. But younger audiences have not inherited the habit of listening to "live" radio, even on digital.

Privacy

FCC Investigating LocationSmart Over Phone-Tracking Flaw (cnet.com) 19

The FCC has opened an investigation into LocationSmart, a company that is buying your real-time location data from four of the largest U.S. carriers in the United States. The investigation comes a day after a security researcher from Carnegie Mellon University exposed a vulnerability on LocationSmart's website. CNET reports: The bug has prompted an investigation from the FCC, the agency said on Friday. An FCC spokesman said LocationSmart's case was being handled by its Enforcement Bureau. Since The New York Times revealed that Securus, an inmate call tracking service, had offered the same tracking service last week, Sen. Ron Wyden, a Democrat from Oregon, called for the FCC and major wireless carriers to investigate these companies. On Friday, Wyden praised the investigation, but requested the FCC to expand its look beyond LocationSmart.

"The negligent attitude toward Americans' security and privacy by wireless carriers and intermediaries puts every American at risk," Wyden said. "I urge the FCC expand the scope of this investigation, and to more broadly probe the practice of third parties buying real-time location data on Americans." He is also calling for FCC Chairman Ajit Pai to recuse himself from the investigation, because Pai was a former attorney for Securus.

Intel

New Spectre Attack Can Reveal Firmware Secrets (zdnet.com) 60

Yuriy Bulygin, the former head of Intel's advanced threat team, has published research showing that the Spectre CPU flaws can be used to break into the highly privileged CPU mode on Intel x86 systems known as System Management Mode (SMM). ZDNet reports: Bulygin, who has launched security firm Eclypsium, has modified Spectre variant 1 with kernel privileges to attack a host system's firmware and expose code in SMM, a secure portion of BIOS or UEFI firmware. SMM resides in SMRAM, a protected region of physical memory that should only be accessible by BIOS firmware and not the operating system kernel, hypervisors or security software. SMM handles especially disruptive interrupts and is accessible through the SMM runtime of the firmware, knows as System Management Interrupt (SMI) handlers.

"Because SMM generally has privileged access to physical memory, including memory isolated from operating systems, our research demonstrates that Spectre-based attacks can reveal other secrets in memory (eg, hypervisor, operating system, or application)," Bulygin explains. To expose code in SMM, Bulygin modified a publicly available proof-of-concept Spectre 1 exploit running with kernel-level privileges to bypass Intel's System Management Range Register (SMRR), a set or range registers that protect SMM memory. "These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," he notes.

Security

RedDawn Android Malware Is Harvesting Personal Data of North Korean Defectors (theinquirer.net) 21

According to security company McAfee, North Korea uploaded three spying apps to the Google Play Store in January that contained hidden functions designed to steal personal photos, contact lists, text messages, and device information from the phones they were installed on. "Two of the apps purported to be security utilities, while a third provided information about food ingredients," reports The Inquirer. All three of the apps were part of a campaign dubbed "RedDawn" and targeted primarily North Korean defectors. From the report: The apps were promoted to particular targets via Facebook, McAfee claims. However, it adds that the malware was not the work of the well-known Lazarus Group, but another North Korean hacking outfit that has been dubbed Sun Team. The apps were called Food Ingredients Info, Fast AppLock and AppLockFree. "Food Ingredients Info and Fast AppLock secretly steal device information and receive commands and additional executable (.dex) files from a cloud control server. We believe that these apps are multi-staged, with several components."

"AppLockFree is part of the reconnaissance stage, we believe, setting the foundation for the next stage unlike the other two apps. The malwares were spread to friends, asking them to install the apps and offer feedback via a Facebook account with a fake profile promoted Food Ingredients Info," according to McAfee security researcher Jaewon Min. "After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including additional plug-in dex files; this is a similar tactic to earlier Sun Team attacks. From these cloud storage sites, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs. Furthermore, the email addresses of the new malware's developer are identical to the earlier email addresses associated with the Sun Team."

Government

Congress Is Looking To Extend Copyright Protection Term To 144 Years (wired.com) 291

"Because it apparently isn't bad enough already, Congress is looking to extend the copyright term to 144 years," writes Slashdot reader llamalad. "Please write to your representatives and consider donating to the EFF." American attorney Lawrence Lessig writes via Wired: Almost exactly 20 years ago, Congress passed the Sonny Bono Copyright Term Extension Act, which extended the term of existing copyrights by 20 years. The Act was the 11th extension in the prior 40 years, timed perfectly to assure that certain famous works, including Mickey Mouse, would not pass into the public domain. Immediately after the law came into force, a digital publisher of public domain works, Eric Eldred, filed a lawsuit challenging the act [which the Supreme Court later rejected].

Twenty years later, the fight for term extension has begun anew. Buried in an otherwise harmless act, passed by the House and now being considered in the Senate, this new bill purports to create a new digital performance right -- basically the right to control copies of recordings on any digital platform (ever hear of the internet?) -- for musical recordings made before 1972. These recordings would now have a new right, protected until 2067, which, for some, means a total term of protection of 144 years. The beneficiaries of this monopoly need do nothing to get the benefit of this gift. They don't have to make the work available. Nor do they have to register their claims in advance.

Transportation

Utilities, Tesla Appeal Federal Rollback of Auto Emissions Standards (arstechnica.com) 118

A coalition of utilities and electric vehicle makers, including Tesla, are petitioning the EPA to reconsider its recent plan to roll back auto emissions standards. In April, the EPA said that it would relax greenhouse gas emissions standards that had been put in place for model year 2022-2025 vehicles. Ars Technica reports: The National Coalition for Advanced Transportation (NCAT) represents 12 utilities as well as Tesla, electric truck maker Workhorse, and EV charging network EVgo. NCAT earlier this month asked the Second Circuit Court of Appeals in Washington, DC to review the EPA's latest efforts to relax the Obama-era fuel economy standards.

The coalition challenge to the EPA follows a similar challenge made by 17 states, including California. The utilities' efforts show that they're interested in protecting one of the major projected avenues for growth in electricity demand. Electricity consumption has stagnated in the U.S. as efficiency measures take effect and, in some states, solar panels make it easier for residents to buy less electricity from the local utility.

Businesses

Trump Personally Pushed Postmaster General To Double Rates on Amazon, Other Firms: Report (washingtonpost.com) 350

President Trump personally urged the leader of the U.S. Postal Service to double the rates the agency charges Amazon and other firms for delivery packages in several private conversations in 2017 and 2018, The Washington Post reported Friday (alternative source). From the report: Postmaster General Megan Brennan has so far resisted Trump's demand, explaining in multiple conversations occurring this year and last that these arrangements are bound by contracts and must be reviewed by a regulatory commission, the three people said. She has told the president that the Amazon relationship is beneficial for the Postal Service and gave him a set of slides that showed the variety of companies, in addition to Amazon, that also partner for deliveries.

Despite these presentations, Trump has continued to level criticism at Amazon. And last month, his critiques culminated in the signing of an executive order mandating a government review of the financially strapped Postal Service that could lead to major changes in the way it charges Amazon and others for package delivery. Few U.S. companies have drawn Trump's ire as much as Amazon, which has rapidly grown to be the second-largest U.S. company in terms of market capitalization. For more than three years, Trump has fumed publicly and privately about the giant commerce and services company and its founder Jeffrey P. Bezos, who is also the owner of The Washington Post.

Crime

Alleged Owners of Mugshots.com Have Been Arrested For Extortion (lawandcrime.com) 101

Reader schwit1 writes: The alleged owners of Mugshots.com have been charged and arrested. These four men Sahar Sarid, Kishore Vidya Bhavnanie, Thomas Keesee, and David Usdan only removed a person's mugshot from the site if this individual paid a "de-publishing" fee, according to the California Attorney General on Wednesday. That's apparently considered extortion. On top of that, they also face charges of money laundering, and identity theft.

If you read a lot of articles about crime, then you're probably already familiar with the site (which is still up as of Friday afternoon). They take mugshots, slap the url multiple times on the image, and post it on the site alongside an excerpt from a news outlet that covered the person's arrest. According to the AG's office, the owners would only remove the mugshots if the person paid a fee, even if the charges were dismissed. This happened even if the suspect was only arrested because of "mistaken identity or law enforcement error." You can read the affidavit here.

Security

A Bug in Keeper Password Manager Leads To Sparring Over 'Zero-Knowledge' Claim (zdnet.com) 47

Keeper, a password manager maker that recently and controversially sued a reporter, has fixed a bug that a security researcher claimed could have allowed access to a user's private data. From a report: The bug -- which the company confirmed and has since fixed -- filed anonymously to a public security disclosure list, detailed how anyone controlling Keeper's API server could gain access to the decryption key to a user's vault of passwords and other sensitive information. The researcher found the issue in the company's Python-powered script called Keeper Commander, which allows users to rotate passwords, eliminating the need for hardcoded passwords in software and systems.

According to the write-up, the researcher said it's possible that someone in control of Keeper's API -- such as employees at the company -- could unlock an account, because the API server stores the information used to produce an intermediary decryption key. "What seems to appear in the code of Keeper Commander from November 2015 to today is blind trust of the API server," said the researcher.

Businesses

Satellite Data Strongly Suggests That China, Russia and Other Authoritarian Countries Are Fudging Their GDP Reports (washingtonpost.com) 175

Christopher Ingraham, writing for The Washington Post: China, Russia and other authoritarian countries inflate their official GDP figures by anywhere from 15 to 30 percent in a given year, according to a new analysis of a quarter-century of satellite data. The working paper, by Luis R. Martinez of the University of Chicago, also found that authoritarian regimes are especially likely to artificially boost their gross domestic product numbers in the years before elections, and that the differences in GDP reporting between authoritarian and non-authoritarian countries can't be explained by structural factors, such as urbanization, composition of the economy or access to electricity. Martinez's findings are derived from a novel data source: satellite imagery that tracks changes in the level of nighttime lighting within and between countries over time.
Facebook

Facebook's Android App Is Asking for Superuser Privileges, Users Say (bleepingcomputer.com) 183

Catalin Cimpanu, reporting for BleepingComputer: The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. "Grants full access to your device," read the prompts while asking users for superuser permissions. These popups originate from the official Facebook Android app (com.facebook.katana) and are started appearing last night [UTC timezone], continuing throughout the day. Panicked users took to social media, Reddit, and Android-themed forums to share screengrabs of these suspicious popups and ask for advice on what's going on.
Government

US Government Wants To Start Charging For Landsat, the Best Free Satellite Data On Earth (qz.com) 239

The U.S. government may begin charging users for access to five decades of satellite images of Earth. Quartz reports: Nature reports that the Department of Interior has asked an advisory board to consider the consequences of charging for the data generated by the Landsat program, which is the largest continuously collected set of Earth images taken in space and has been freely available to the public since 2008. Since 1972, Landsat has used eight different satellites to gather images of the Earth, with a ninth currently slated for a December 2020 launch. The data are widely used by government agencies, and since it became free, by an increasing number of academics, private companies and journalists. "As of March 31, 2018, more than 75 million Landsat scenes have been downloaded from the USGS-managed archive!" the agency noted on the 10th anniversary of the program.

Now, the government says the cost of sharing the data has grown as more people access it. Advocates for open data say the public benefit produced through research and business activity far outweigh those costs. A 2013 survey cited by Nature found that the dataset generated $2 billion in economic activity, compared to an $80 million budget for the program.

Education

Scottish Students Used Spellchecker Glitch To Cheat In Literacy Test (bbc.com) 166

Thelasko shares a report from the BBC: Schools are to be given advice on how to disable a glitch that allows pupils sitting online spelling tests to right-click their mouse and find the answer. It follows the discovery by teachers that children familiar with traditional computer spellcheckers were simply applying it to the tests. The Scottish National Standardized Assessments were introduced to assess progress in four different age groups. A spokesman said the issue was not with the Scottish National Standardized Assessments (SNSA) but with browser or device settings on some machines.

Introduced in 2017, the spelling test asks children to identify misspelt words. However, on some school computers the words were highlighted with a red line. Pupils who right-clicked on the words were then able to access the correct spelling. The web-based SNSA tool enables teachers to administer online literacy and numeracy tests for pupils in P1, P4, P7 and S3, which are marked and scored automatically. Advice is being given to schools about how to disable the spellchecking function.

Wireless Networking

Ask Slashdot: Which Is the Safest Router? 380

MindPrison writes: As ashamed as I am to admit it -- a longtime computer user since the Commodore heydays, I've been hacked twice recently and that has seriously made me rethink my options for my safety and well-being. So, I ask you dear Slashdot users, from one fellow longtime Slashdotter to another: which is the best router for optimal safety today?
Privacy

Cell Phone Tracking Firm Exposed Millions of Americans' Real-time Locations (zdnet.com) 39

Earlier this week, ZDNet shed some light on a company called LocationSmart that is buying your real-time location data from four of the largest U.S. carriers in the United States. The story blew up because a former police sheriff snooped on phone location data without a warrant, according to The New York Times. ZDNet is now reporting that the company "had a bug in its website that allowed anyone to see where a person is located -- without obtaining their consent." An anonymous reader shares an excerpt: "Due to a very elementary bug in the website, you can just skip that consent part and go straight to the location," said Robert Xiao, a PhD. student at the Human-Computer Interaction Institute at Carnegie Mellon University, in a phone call. "The implication of this is that LocationSmart never required consent in the first place," he said. "There seems to be no security oversight here." The "try" website was pulled offline after Xiao privately disclosed the bug to the company, with help from CERT, a public vulnerability database, also at Carnegie Mellon. Xiao said the bug may have exposed nearly every cell phone customer in the U.S. and Canada, some 200 million customers.

The researcher said he started looking at LocationSmart's website following ZDNet's report this week, which followed from a story from The New York Times, which revealed how a former police sheriff snooped on phone location data without a warrant. The sheriff has pleaded not guilty to charges of unlawful surveillance. He said one of the APIs used in the "try" page that allows users to try the location feature out was not validating the consent response properly. Xiao said it was "trivially easy" to skip the part where the API sends the text message to the user to obtain their consent. "It's a surprisingly simple bug," he said.

Google

Google's Selfish Ledger is an Unsettling Vision of Silicon Valley Social Engineering (theverge.com) 252

An anonymous reader shares a report: Google has built a multibillion-dollar business out of knowing everything about its users. Now, a video produced within Google and obtained by The Verge offers a stunningly ambitious and unsettling look at how some at the company envision using that information in the future. The video was made in late 2016 by Nick Foster, the head of design at X (formerly Google X), and shared internally within Google. It imagines a future of total data collection, where Google helps nudge users into alignment with their goals, custom-prints personalized devices to collect more data, and even guides the behavior of entire populations to solve global problems like poverty and disease.
Java

California Bypasses Science To Label Coffee a Carcinogen (undark.org) 277

travers_r writes: Superior Court Judge Elihu Berle affirmed last week that all coffee sold in California must come with a warning label stating that chemicals in coffee (acrylamide, a substance created naturally during the brewing process) are known to cause cancer and birth defects or other reproductive harm. But judges, journalists, and environmental advocates fail to recognize the critical difference between probably and certainly, which fuels the inaccurate belief that cancer is mostly caused by things in the environment. From a report at Undark: "IARC is one of the leading scientific bodies in the world, and it is also one of several expert panels on which California relies for scientific opinions in such cases. The IARC has concluded that while there is sufficient evidence to consider acrylamide carcinogenic in experimental animals, there is insufficient evidence for carcinogenicity in humans. Therefore, its overall evaluation is that 'acrylamide is probably carcinogenic to humans.'
[...]
Leading experts, in fact, believe that roughly two-thirds of all cancers are the result of mutations to DNA that are caused by natural bodily processes, not exposure to environmental chemicals. This is quite the opposite of the prevailing belief among the public that most cancers are caused by exogenous substances imposed on us by the products and technologies of the modern world. It's this belief -- this fear -- that prompted voters to pass Proposition 65 in 1986. It was a time when fear of hazardous waste and industrial chemicals was high, when chemophobia -- a blanket fear of anything having to do with the word 'chemicals' -- was being seared into the public's mind."

Government

Cops Will Soon ID You Via Your Roof Rack (arstechnica.com) 98

An anonymous reader quotes a report from Ars Technica: On Tuesday, one of the largest license plate reader (LPR) manufacturers, ELSAG, announced a major upgrade to "allow investigators to search by color, seven body types, 34 makes, and nine visual descriptors in addition to the standard plate number, location, and time." Such a vast expansion of the tech now means that evading such scans will be even more difficult.

"Using advanced computer vision software, ELSAG ALPR data can now be processed to include the vehicle's make, type -- sedan, SUV, hatchback, pickup, minivan, van, box truck -- and general color -- red, blue, green, white and yellow," ELSAG continued. "The solution actively recognizes the 34 most-common vehicle brands on US roads." Plus, the company says, the software is now able to visually identity things like a "roof rack, spare tire, bumper sticker, or a ride-sharing company decal."

Businesses

Senate Votes To Save Net Neutrality (gizmodo.com) 288

In a monumental decision that will resonate through election season, the U.S. Senate on Wednesday voted to reinstate the net neutrality protections the Federal Communications Commission decided to repeal late last year. From a report: For months, procedural red tape has delayed the full implementation of the FCC's decision to drop Title II protections that prevent internet service providers from blocking or throttling online content. Last week, FCC Chairman Ajit Pai confirmed that the repeal of the 2015 Open Internet Order would go into effect on June 11. But Democrats put forth a resolution to use its power under the Congressional Review Act (CRA) to review new regulations by federal agencies through an expedited legislative process. All 49 Democrats in the Senate supported the effort to undo the FCC's vote. Republicans, Sen. Susan Collins of Maine, John Kennedy of Louisiana and Lisa Murkowski of Alaska crossed party lines to support the measure. Further reading: ArsTechnica.

Slashdot Top Deals