Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Twitter

Twitter Announces New Blocking and Filtering Features (wired.co.uk) 117

Twitter just began rolling out "new ways to control your experience," promising the two new features "will give you more control over what you see and who you interact with on Twitter." An anonymous Slashdot reader quotes a report from Wired UK: First up, notification settings will allow those using Twitter on the web or on desktop to limit the notifications they receive for @ mentions, RTs, and other interactions to just be from people they follow. The feature can be turned on through the notifications tab. Twitter is also expanding its quality filter -- also accessible through notifications. "When turned on, the filter can improve the quality of Tweets you see by using a variety of signals, such as account origin and behavior," the company's product manager Emil Leong said in a blog post.

In December 2015, the company changed its rules to explicitly ban "hateful conduct" for the first time, while back in February last year, Twitter's then-CEO Dick Costolo admitted the network needed to improve how it handled trolls and abuse. In a leaked memo he said: "I'm frankly ashamed of how poorly we've dealt with this issue during my tenure as CEO. It's absurd. There's no excuse for it. I take full responsibility for not being more aggressive on this front. It's nobody else's fault but mine, and it's embarrassing."

Meanwhile, the Twitter account of Wikipedia co-founder Jimmy Wales was hacked on Saturday.
Piracy

India Threatens 3-Year Jail Sentences For Viewing Blocked Torrents (intoday.in) 95

"It is official now. The punishment for rape is actually less..." writes an anonymous Slashdot reader, who adds that "Some users think that this is all the fault of Bollywood/Hollywood movie studios. They are abusing power, court and money..." India Today reports: The Indian government, with the help of internet service providers, and presumably under directives of court, has banned thousands of websites and URLs in the last five odd years. But until now if you somehow visited these "blocked URLs" all was fine. However, now if you try to visit such URLs and view the information, you may get a three-year jail sentence as well as invite a fine...

This is just for viewing a torrent file, or downloading a file from a host that may have been banned in India, or even for viewing an image on a file host like Imagebam. You don't have to download a torrent file, and then the actual videos or other files, which might have copyright. Just accessing information under a blocked URL will land you in jail and leave your bank account poorer.

While it's not clear how this will be enforced, visiting a blocked URL in India now leads to a warning that "Viewing, downloading, exhibiting or duplicating an illicit copy of the contents under this URL is punishable as an offence under the laws of India, including but not limited to under Sections 63, 63-A, 65 and 65-A of the Copyright Act, 1957 which prescribe imprisonment for 3 years and also fine of up to Rs. 3,00,000..."
AI

Chicago's Experiment In Predictive Policing Isn't Working (theverge.com) 191

The U.S. will phase out private prisons, a move made possible by fewer and shorter sentences for drug offenses, reports the BBC. But when it comes to reducing arrests for violent crimes, police officers in Chicago found themselves resorting ineffectively to a $2 million algorithm which ultimately had them visiting people before any crime had been committed. schwit1 quotes Ars Technica: Struggling to reduce its high murder rate, the city of Chicago has become an incubator for experimental policing techniques. Community policing, stop and frisk, "interruption" tactics --- the city has tried many strategies. Perhaps most controversial and promising has been the city's futuristic "heat list" -- an algorithm-generated list identifying people most likely to be involved in a shooting.

The hope was that the list would allow police to provide social services to people in danger, while also preventing likely shooters from picking up a gun. But a new report from the RAND Corporation shows nothing of the sort has happened. Instead, it indicates that the list is, at best, not even as effective as a most wanted list. At worst, it unnecessarily targets people for police attention, creating a new form of profiling.

The police argue they've updated the algorithm and improved their techniques for using it. But the article notes that the researchers began following the "heat list" when it launched in 2013, and "found that the program has saved no lives at all."
Security

Has WikiLeaks Morphed Into A Malware Hub? (backchannel.com) 125

Slashdot reader mirandakatz writes: In releasing an unredacted database of emails from the Turkish party AKP, WikiLeaks exposed the public to a collection of malware -- and even after a Bulgarian security expert pointed this out publicly, the organization only removed the select pieces of malware that he identified, leaving well over a thousand malicious files on the site.

That AKP leak also included the addresses and other personal details of millions of Turkish women, not unlike the recent DNC leak, which included the personal data of many private individuals. WikiLeaks says this is all in the name of its "accuracy policy," but the organization seems to be increasingly putting the public at risk.

The article opens with the question, "What the hell happened to WikiLeaks?" then argues that "Once an inspiring effort at transparency, WikiLeaks now seems more driven by personal grudges and reckless releases of information..."
Security

New Linux Trojan Is A DDoS Tool, a Bitcoin Miner, and Web Ransomware (softpedia.com) 63

An anonymous reader writes: A trojan that targeted Drupal sites on Linux servers last May that was incredibly simplistic and laughable in its attempt to install (and fail) web ransomware on compromised websites, has now received a major update and has become a top threat on the malware scene. That trojan, named Rex, has evolved in only three months into an all-around threat that can: (1) compromise servers and devices running platforms like Drupal, WordPress, Magento, Jetspeed, Exarid, AirOS; (2) install cryptocurrency mining in the background; (3) send spam; (4) use a complex P2P structure to manage its botnet; and (5) install a DDoS agent which crooks use to launch DDoS attacks.

Worse is that they use their DDoS capabilities to extort companies. The crooks send emails to server owners announcing them of 15-minute DDoS tests, as a forewarning of future attacks unless they pay a ransom. To scare victims, they pose as a known hacking group named Armada Collective. Other groups have used the same tactic, posing as Armada Collective, and extorting companies, according to CloudFlare.

Crime

Want To Hunt Bank Robbers? There's an App For That, Says The FBI (networkworld.com) 67

Long-time Slashdot reader coondoggie quotes an article from Network World: The FBI today said it released a new application making it easier for the public -- as well as financial institutions, law enforcement agencies, and others -- to view photos and information about bank robberies in different geographic areas of the country.
The FBI's new "Bank Robbers" application runs on both Android and iOS, according to the article, "and lets users sort bank robberies by the date they occurred, the category they fall under (i.e., armed serial bank robber), the FBI field office working the case, or the state where the robbery occurred." The app ties into BankRobbers.fbi.gov, which overlays FBI information about bank robberies onto Google Maps.

The app's users "can also select push notifications to be informed when a bank robbery has taken place near their location," according to the FBI's site, which adds innocently that "If the location services on your device are enabled, you can view a map that shows the relevant bank robberies that took place in your geographic area..."
Businesses

How the H-1B Visa Program Impacts America's Tech Workers (computerworld.com) 329

Computerworld is running an emotional report by their national correspondent Patrick Thibodeau -- complete with a dramatic video -- arguing that America's H-1B Visa program "has also become a way for companies to outsource jobs." An anonymous Slashdot reader quotes the article accompanying the video: The vast majority of people who work in IT did everything right: They invested in their education, studied difficult subjects, kept their skills updated... But no job is safe, no future entirely secure -- something IT workers know more than most. Given their role, they are most often the change agents, the people who deploy technologies and bring in automation that can turn workplaces upside down. To survive, they count on being smart, self-reliant and one step ahead...

Over the years, Computerworld reporter Patrick Thibodeau has interviewed scores of IT workers who trained their visa-holding replacements. Though details each time may differ, they all tell the same basic story. There are many issues around high-skilled immigration, but to grasp the issue fully you need to understand how the H-1B program can affect American workers.

Security

Computer Science Professor Mocks The NSA's Buggy Code (softpedia.com) 177

After performing hours of analysis, a computer science professor says he's "not impressed" by the quality of the recently-leaked code that's supposedly from an NSA hacking tool. An anonymous Slashdot reader writes: The professor, who teaches Software Vulnerability Analysis and Advanced Computer Security at the University of Illinois, Chicago, gripes about the cryptography operations employed in the code of an exploit called BANANAGLEE, used against Fortinet firewalls. Some of his criticism include the words "ridiculous", "very bad", "crazy" and "boring memory leaks".

"I would expect relatively bug-free code. And I would expect minimal cryptographic competence. None of those were true of the code I examined which was quite surprising," the professor told Softpedia in an email.

If these were cyberweapons, "I'm pretty underwhelmed by their quality," professor Checkoway writes on his blog, adding that he found "sloppy and buggy code," no authentication of the encrypted communication channel, 128-bit keys generated using 64 bits of entropy, and cypher initialization vectors that leaked bits of the hash of the plain text...
Oracle

Oracle Is Funding a New Anti-Google Group (fortune.com) 152

An anonymous reader writes from a report via Fortune: Oracle says it is funding a new non-profit called "Campaign for Accountability," which consists of a campaign called "The Google Transparency Project" that claims to expose criminal behavior carried out by Google. "Oracle is absolutely a contributor (one of many) to the Transparency Project. This is important information for the public to know. It is 100 percent public records and accurate," said Ken Glueck, Senior Vice President of Oracle. Fortune reports: "Oracle's hidden hand is not a huge surprise since the company has a history of sneaky PR tactics, and is still embroiled in a bitter intellectual property lawsuit with Google." One would think Microsoft may be another contributor, but the company said it is not. Daniel Stevens, the deputy director of the CfA, declined to name the group's other donors, or to explain why it does not disclose its funders. Why does this matter? "When wealthy companies or individuals pose as a grass-roots group like the so-called 'campaign for accountability' project, [it] can confuse news and public relations, and foster public cynicism," writes Jeff John Roberts via Fortune.
Electronic Frontier Foundation

EFF Accuses T-Mobile of Violating Net Neutrality With Throttled Video (arstechnica.com) 57

An anonymous reader writes: T-Mobile's new "unlimited" data plan that throttles video has upset the Electronic Frontier Foundation (EFF), which accuses the company of violating net neutrality principles. The new $70-per-month unlimited data plan "limits video to about 480p resolution and requires customers to pay an extra $25 per month for high-definition video," reports Ars Technica. "Going forward, this will be the only plan offered to new T-Mobile customers, though existing subscribers can keep their current prices and data allotments." EFF Senior Staff Technologist Jeremy Gillula told the Daily Dot, "From what we've read thus far it seems like T-Mobile's new plan to charge its customers extra to not throttle video runs directly afoul of the principle of net neutrality." The FCC's net neutrality rules ban throttling, though Ars notes "there's a difference between violating 'the principle of net neutrality' and violating the FCC's specific rules, which have exceptions to the throttling ban and allow for case-by-case judgements." "Because our no-throttling rule addresses instances in which a broadband provider targets particular content, applications, services, or non-harmful devices, it does not address a practice of slowing down an end user's connection to the internet based on a choice made by the end user," says the FCC's Open Internet Order (PDF). "For instance, a broadband provider may offer a data plan in which a subscriber receives a set amount of data at one speed tier and any remaining data at a lower tier." The EFF is still determining whether or not to file a complaint with the Federal Communications Commission.
Piracy

Scammers Use Harvard Education Platform to Promote Pirated Movies (torrentfreak.com) 27

TorrentFreak reports: Spammers are using Harvard's educational sharing tool H2O to promote pirated movies. Thousands of links to scammy sites have appeared on the site in recent weeks. Copyright holders are not happy with this unintended use and are targeting the pages with various takedown notices. H2O is a tool that allows professors and students to share learning material in a more affordable way. It is a welcome system that's actively used by many renowned scholars. However, in recent weeks the platform was also discovered by scammers. As a result, it quickly filled up with many links to pirated content. Instead of course instructions and other educational material, the H2O playlists of these scammers advertise pirated movies. The scammers in question are operating from various user accounts and operate much like traditional spam bots, offering pages with movie links and related keywords such as putlocker, megashare, viooz, torrent and YIFY.
The Courts

Tesla Owner in Autopilot Crash Won't Sue, But Car Insurer May (bloomberg.com) 93

Dana Hull, reporting for Bloomberg: A Texas man said the Autopilot mode on his Tesla Model S sent him off the road and into a guardrail, bloodying his nose and shaking his confidence in the technology. He doesn't plan to sue the electric-car maker, but his insurance company might. Mark Molthan, the driver, readily admits that he was not paying full attention. Trusting that Autopilot could handle the route as it had done before, he reached into the glove box to get a cloth and was cleaning the dashboard seconds before the collision, he said. The car failed to navigate a bend on Highway 175 in rural Kaufman, Texas, and struck a cable guardrail multiple times, according to the police report of the Aug. 7 crash. "I used Autopilot all the time on that stretch of the highway," Molthan, 44, said in a phone interview. "But now I feel like this is extremely dangerous. It gives you a false sense of security. I'm not ready to be a test pilot. It missed the curve and drove straight into the guardrail. The car didn't stop -- it actually continued to accelerate after the first impact into the guardrail." Cozen O'Connor, the law firm that represents Molthan's auto-insurance carrier, a unit of Chubb Ltd., said it sent Tesla Motors Inc. a notice letter requesting joint inspection of the vehicle, which has been deemed a total loss.
Privacy

PSA: Twitch's 'Activity Sharing' Feature Exposes Your Activity By Default (betanews.com) 12

The 'Activity Sharing' feature that Twitch announced on Thursday aims to notify your entire Friends list if you're doing something interesting. The video games streaming platform hopes that it would bolster the engagement level, as people will want to know what their friends are doing. The problem is that this feature is on by default. An anonymous reader writes: While the feature is fairly harmless, it is understandable that some people won't want others to easily spy on their behaviors. As an example, maybe you are watching a Hello Kitty game stream -- some folks might be embarrassed to have that displayed under their name. To turn it off, simply deselect the box as seen in this image.
AT&T

AT&T, Apple, Google To Work On 'Robocall' Crackdown (reuters.com) 110

Last month the FCC had pressed major U.S. phone companies to take immediate steps to develop technology that blocks unwanted automated calls available to consumers at no charge. It had demanded the concerned companies to come up with a "concrete, actionable" plan within 30 days. Well, the companies have complied. On Friday, 30 major technology companies announced they are joining the U.S. government to crack down on automated, pre-recorded telephone calls that regulators have labeled as "scourge." Reuters adds: AT&T, Alphabet, Apple, Verizon Communications and Comcast are among the members of the "Robocall Strike Force," which will work with the U.S. Federal Communications Commission. The strike force will report to the commission by Oct. 19 on "concrete plans to accelerate the development and adoption of new tools and solutions," said AT&T Chief Executive Officer Randall Stephenson, who is chairing the group. The group hopes to put in place Caller ID verification standards that would help block calls from spoofed phone numbers and to consider a "Do Not Originate" list that would block spoofers from impersonating specific phone numbers from governments, banks or others.
Government

The NSA Leak Is Real, Snowden Documents Confirm (theintercept.com) 143

Sam Biddle, reporting for The Intercept: On Monday, A hacking group calling itself the "ShadowBrokers" announced an auction for what it claimed were "cyber weapons" made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide. The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA's virtual fingerprints and clearly originates from the agency. The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE. SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA's offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don't always have the last word when it comes to computer exploitation.
Botnet

'Smart' Electrical Socket Leaks Your Email Address, Can Launch DDoS Attacks (softpedia.com) 82

An anonymous reader writes from a report via Softpedia: There is an insecure IoT smart electrical socket on the market that leaks your Wi-Fi password, your email credentials (if configured), and is also poorly coded, allowing attackers to hijack the device via a simple command injection in the password field. Researchers say that because of the nature of the flaws, attackers can overwrite its firmware and add the device to a botnet, possibly using it for DDoS attacks, among other things. Bitdefender didn't reveal the device's manufacturer but said the vendor is working on a fix, which will be released in late Q3 2016. Problems with the device include a lack of encryption for device communications and the lack of any basic input sanitization for the password field. "Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the internet and bypass the limitations of the network address translation," says Alexandru Balan, Chief Security Researcher at Bitdefender. "This is a serious vulnerability, we could see botnets made up of these power outlets."
Government

How The US Will Likely Respond To Shadow Brokers Leak (dailydot.com) 110

blottsie writes: The NSA and FBI are both expected to investigate the leak of NSA-linked cyberweapons this week by an entity calling itself the Shadow Brokers, experts with knowledge of the process tell the Daily Dot. However, multiple experts say any retaliation by the U.S. will likely remain secret to keep the tactical advantage. Meanwhile, Motherboard reports that some former NSA staffers believe the leak is the work of a "rogue NSA insider." "First, the incident will be investigated by the National Security Agency as it tracks down exactly what went so wrong that top-secret offensive code and exploits ended up stolen and published for the world to see," reports Daily Dot. "An FBI counterintelligence investigation will likely follow, according to experts with knowledge of the process. [...] Following the investigation, the NSA and other entities within the United States government will have to decide on a response." The response will depend on a lot of things, such as whether or not an insider at the NSA is responsible for the breach -- a theory that is backed by a former NSA staffer and other experts. "The process is called an IGL: Intelligence Gain/Loss," reports Daily Dot. "Authorities suss out a pro and con list for various reactions, including directly and publicly blaming another country. [Chris Finan, a former director of cybersecurity legislation in the Obama administration and now CEO of the security firm Manifold Technology, said:] 'Some people think about responding in kind: A U.S. cyberattack. Doing that gives up the asymmetric response advantage you have in cyberspace.' Finan urged authorities to look at all tools, including economic sanctions against individuals, companies, groups, governments, or diplomatic constraints, to send a message through money rather than possibly burning a cyberwar advantage. Exactly if and how the U.S. responds to the Shadow Brokers incident will depend on the source of the attack. Attribution in cyberwar is tricky or even impossible much of the time. It quickly becomes a highly politicized process ripe with anonymous sources and little solid fact."
Nintendo

Nintendo Shuts Down 'Pokemon Uranium' Fan Game After 1.5 Million Downloads (thewrap.com) 137

An anonymous reader quotes a report from The Wrap: The fan-made "Pokemon Uranium" game took a pair of programmers more than nine years to develop. Nintendo needed just about nine days to kill it. "After receiving more than 1,500,000 downloads of our game, we have been notified of multiple takedown notices from lawyers representing Nintendo of America," the creators of "Pokemon Uranium" said in a statement. "While we have not personally been contacted, it's clear what their wishes are, and we respect those wishes deeply. Therefore, we will no longer provide official download links for the game through our website," they continued. "We have no connection to fans who re-upload the game files to their own hosts, and we cannot verify that those download links are all legitimate. We advise you to be extremely cautious about downloading the game from unofficial sources." The role-playing game was free, though creators @JVuranium and Involuntary Twitch were open to suggested PayPal donations of $2-$10. Set in the tropical Tandor region, "Uranium" players can encounter more than 150 all-new species of Pokemon in their quest to collect all eight Gym Badges and triumph over the Tandor League, per the official description. Along the way, the players must battle against a sinister threat that's causing Nuclear Meltdowns.
Government

Cisco Patches 'ExtraBacon' Zero-day Exploit Leaked By NSA Hackers (dailydot.com) 100

Patrick O'Neill quotes a report from The Daily Dot: After a group of hackers stole and published a set of NSA cyberweapons earlier this week, the multibillion dollar tech firm Cisco is now updating its software to counter two potent leaked exploits that attack and take over crucial security software used to protect corporate and government networks. "Cisco immediately conducted a thorough investigation of the files released, and has identified two vulnerabilities affecting Cisco ASA devices that require customer attention," the company said in a statement. "On Aug. 17, 2016, we issued two Security Advisories, which deliver free software updates and workarounds where possible." The report adds: "An unknown group of hackers dubbed the Shadow Brokers posted cyberweapons stolen from the so-called Equation Group, the National Security Agency-linked outfit known as 'the most advanced' group of cyberwarriors in the internet's history. One of the cyberweapons posted was an exploit called ExtraBacon that can be used to attack Cisco Adaptive Security Appliance (ASA) software designed to protect corporate networks and data centers. 'ExtraBacon targets a particular firewall, Cisco ASA, running a particular version (8.x, up to 8.4), and you must have SNMP read access to it,' Khalil Sehnaoui, a Middle East-based cybersecurity specialist and founder of Krypton Security, told the Daily Dot. 'If run successfully, the exploit will enable the attacker to access the firewall without a valid username or password.' ExtraBacon was a zero-day exploit, Cisco confirmed. That means it was unknown to Cisco or its customers, leaving them open to attack by anyone who possessed the right tools."
Google

Oracle Says Trial Wasn't Fair, It Should Have Known About Google Play For Chrome (arstechnica.com) 181

Two and a half months after a federal jury concluded that Google's Android operating system does not infringe Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use," Oracle's attorney says her client missed a crucial detail in the trial, adding that this detail could change everything. ArsTechnica reports: Oracle lawyers argued in federal court today that their copyright trial loss against Google should be thrown out because they were denied key evidence in discovery. Oracle attorney Annette Hurst said that the launch of Google Play on Chrome OS, which happened in the middle of the trial, showed that Google was trying to break into the market for Java SE on desktops. In her view, that move dramatically changes the amount of market harm that Oracle experienced, and the evidence should have been shared with the jury. "This is a game-changer," Hurst told U.S. District Judge William Alsup, who oversaw the trial. "The whole foundation for their case is gone. [Android] isn't 'transformative'; it's on desktops and laptops." Google argued that its use of Java APIs was "fair use" for several reasons, including the fact that Android, which was built for smartphones, didn't compete with Java SE, which is used on desktops and laptops. During the post-trial hearing today, Hurst argued that it's clear that Google intends to use Android smartphones as a "leading wedge" and has plans to "suck in the entire Java SE market. [...] Android is doing this using Java code," said Hurst. "That's outrageous, under copyright law. This verdict is tainted by the jury's inability to hear this evidence. Viewing the smartphone in isolation is a Google-gerrymandered story."In the meanwhile, Google attorney said Oracle was aware of Google's intentions of porting Android to laptops and desktops, and that if Oracle wanted to use this piece of information, it could have.

Slashdot Top Deals