Piracy

Flight Sim Company Embeds Malware To Steal Pirates' Passwords (torrentfreak.com) 223

TorrentFreak: Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.
The Courts

Man, Seeking New Copy of Windows 7 After Forced Windows 10 Upgrade, Sues Microsoft (bleepingcomputer.com) 356

Catalin Cimpanu, writing for BleepingComputer: An Albuquerque man has sued Microsoft and its CEO -- Satya Nadella -- seeking a fresh copy of Windows 7 or $600 million in damages. According to a civil complaint filed last week on February 14, Frank K. Dickman Jr. of Albuquerque, New Mexico, is suing Microsoft because of a botched forced Windows 10 upgrade. "I own a ASUS 54L laptop computer which has an OEM license for Windows Version 7," Dickman's claim reads. "The computer was upgraded to Windows Version 10 and became non-functional immediately. The upgrade deleted the cached, or backup, version of Windows 7." Dickman says that the laptop's original OEM vendor is "untrustworthy," hence, he cannot obtain a legitimate copy of Windows 7 to downgrade his laptop.
IBM

IBM Sues Microsoft's New Chief Diversity Officer To Protect Diversity Trade Secrets (geekwire.com) 197

theodp writes: GeekWire reports that IBM has filed suit against longtime exec Lindsay-Rae McIntyre, alleging that her new position as Microsoft's chief diversity officer violates a year-long non-compete agreement, allowing Microsoft to use IBM's internal secrets to boost its own diversity efforts. A hearing is set for Feb. 22, but in the meantime, a U.S. District Judge has temporarily barred McIntyre from working at Microsoft. "IBM has gone to great lengths to safeguard as secret the confidential information that McIntyre possesses," Big Blue explained in a court filing, citing its repeated success (in 2012, 2013, 2015, 2016, 2017) in getting the U.S. government to quash FOIA requests for IBM's EEO-1 Reports on the grounds that the mandatory race/ethnicity and gender filings represent "confidential proprietary trade secret information." IBM's argument may raise some eyebrows, considering that other tech giants -- including Google, Microsoft, Apple, and Facebook -- voluntarily disclosed their EEO-1s years ago after coming under pressure from Rev. Jesse Jackson and the Congressional Black Caucus. In 2010, IBM stopped disclosing U.S. headcount data in its annual report as it accelerated overseas hiring.
Crime

Sweden Considers Six Years in Jail For Online Pirates (torrentfreak.com) 194

Sweden's Minister for Justice has received recommendations as to how the country should punish online pirates. From a report: Helene Fritzon received a proposal which would create crimes of gross infringement under both copyright and trademark law, leading to sentences of up to six years in prison. The changes would also ensure that non-physical property, such as domain names, can be seized.
Security

Contractors Pose Cyber Risk To Government Agencies (betanews.com) 78

Ian Barker, writing for BetaNews: While US government agencies are continuing to improve their security performance over time, the contractors they employ are failing to meet the same standards according to a new report. The study by security rankings specialist BitSight sampled over 1,200 federal contractors and finds that the security rating for federal agencies was 15 or more points higher than the mean of any contractor sector. It finds more than eight percent of healthcare and wellness contractors have disclosed a data breach since January 2016. Aerospace and defense firms have the next highest breach disclosure rate at 5.6 percent. While government has made a concerted effort to fight botnets in recent months, botnet infections are still prevalent among the government contractor base, particularly for healthcare and manufacturing contractors. The study also shows many contractors are not following best practices for network encryption and email security.
Security

US's Greatest Vulnerability is Ignoring the Cyber Threats From Our Adversaries, Foreign Policy Expert Says (cnbc.com) 102

America's greatest vulnerability is its continued inability to acknowledge the extent of its adversaries' capabilities when it comes to cyber threats, says Ian Bremmer, founder and president of leading political risk firm Eurasia Group. From a report: Speaking to CNBC from the Munich Security Conference on Saturday, the prominent American political scientist emphasized that there should be much more government-level concern and urgency over cyber risk. The adversarial states in question are what U.S. intelligence agencies call the "big four": Russia, China, North Korea, and Iran. "We're vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea -- no one in the U.S. cybersecurity services believed the North Koreans could actually do that," Bremmer described, naming the ransomware virus that crippled more than 200,000 computer systems across 150 countries in May of 2017.

Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. "It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data."

Privacy

Facebook Admits SMS Notifications Sent Using Two-Factor Number Was Caused by Bug (theverge.com) 50

Facebook has clarified the situation around SMS notifications sent using the company's two-factor authentication (2FA) system, admitting that the messages were indeed caused by a bug. From a report: In a blog post penned by Facebook Chief Security Officer Alex Stamos, the company says the error led it to "send non-security-related SMS notifications to these phone numbers." Facebook uses the automated number 362-65, or "FBOOK," as its two-factor authentication number, which is a secure way of confirming a user's identity by sending a numeric code to a secondary device like a mobile phone. That same number ended up sending users Facebook notifications without their consent. When users would attempt to get the SMS notifications to stop, the replies were posted to their own Facebook profiles as status updates.
The Internet

FreeBSD's New Code of Conduct (freebsd.org) 850

FreeBSD has a new code of conduct, which is making several people angry. From the blog post: This code of conduct applies to all spaces used by the FreeBSD Project, including our mailing lists, IRC channels, and social media, both online and off. Anyone who is found to violate this code of conduct may be sanctioned or expelled from FreeBSD Project controlled spaces at the discretion of the FreeBSD Code of Conduct Committee. Participants are responsible for knowing and abiding by these rules. Harassment includes but is not limited to: Comments that reinforce systemic oppression related to gender, gender identity and expression, sexual orientation, disability, mental illness, neurodiversity, physical appearance, body size, age, race, or religion. Unwelcome comments regarding a person's lifestyle choices and practices, including those related to food, health, parenting, drugs, and employment. Deliberate misgendering. Deliberate use of "dead" or rejected names. Gratuitous or off-topic sexual images or behaviour in spaces where they're not appropriate.

Physical contact and simulated physical contact (e.g., textual descriptions like "hug" or "backrub") without consent or after a request to stop. Threats of violence. Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm. Deliberate intimidation. Stalking or following. Harassing photography or recording, including logging online activity for harassment purposes. Sustained disruption of discussion. Unwelcome sexual attention. Pattern of inappropriate social contact, such as requesting/assuming inappropriate levels of intimacy with others. Continued one-on-one communication after requests to cease. Deliberate "outing" of any private aspect of a person's identity without their consent except as necessary to protect vulnerable people from intentional abuse. Publication of non-harassing private communication without consent. Publication of non-harassing private communication with consent but in a way that intentionally misrepresents the communication (e.g., removes context that changes the meaning). Knowingly making harmful false claims about a person.

Security

Phishing Attack Scores Credentials For More Than 50,000 Snapchat Users (theverge.com) 11

An anonymous reader quotes an exclusive report from The Verge: In late July, Snap's director of engineering emailed the company's team in response to an unfolding privacy threat. A government official from Dorset in the United Kingdom had provided Snap with information about a recent attack on the company's users: a publicly available list, embedded in a phishing website named klkviral.org, that listed 55,851 Snapchat accounts, along with their usernames and passwords. The attack appeared to be connected to a previous incident that the company believed to have been coordinated from the Dominican Republic, according to emails obtained by The Verge. Not all of the account credentials were valid, and Snap had reset the majority of the accounts following the initial attack. But for some period of time, thousands of Snapchat account credentials were available on a public website. According to a person familiar with the matter, the attack relied on a link sent to users through a compromised account that, when clicked, opened a website designed to mimic the Snapchat login screen.
Businesses

Labor Board Says Google Could Fire James Damore For Anti-Diversity Memo (theverge.com) 598

According to a recently disclosed letter from the U.S. National Labor Relations Board, Google didn't violate labor laws by firing engineer James Damore for a memo criticizing the company's diversity program. "The lightly redacted statement is written by Jayme Sophir, associate general counsel of the NLRB's division of advice; it dates to January, but was released yesterday, according to Law.com," reports The Verge. "Sophir concludes that while some parts of Damore's memo was legally protected by workplace regulations, 'the statements regarding biological differences between the sexes were so harmful, discriminatory, and disruptive as to be unprotected.'" From the report: Damore filed an NLRB complaint in August of 2017, after being fired for internally circulating a memo opposing Google's diversity efforts. Sophir recommends dismissing the case; Bloomberg reports that Damore withdrew it in January, and that his lawyer says he's focusing on a separate lawsuit alleging discrimination against conservative white men at Google. NLRB records state that its case was closed on January 19th. In her analysis, Sophir writes that employers should be given "particular deference" in trying to enforce anti-discrimination and anti-harassment policies, since these are tied to legal requirements. And employers have "a strong interest in promoting diversity" and cooperation across different groups of people. Because of this, "employers must be permitted to 'nip in the bud' the kinds of employee conduct that could lead to a 'hostile workplace,'" she writes. "Where an employee's conduct significantly disrupts work processes, creates a hostile work environment, or constitutes racial or sexual discrimination or harassment, the Board has found it unprotected even if it involves concerted activities regarding working conditions."
The Courts

Judge Won't Let FCC's Net Neutrality Repeal Stop Lawsuit Alleging Charter Throttled Netflix (hollywoodreporter.com) 33

An anonymous reader quotes a report from The Hollywood Reporter: [I]n the first significant decision referring to the repeal [of net neutrality] since FCC chairman Ajit Pai got his way, a New York judge on Friday ruled that the rescinding of net neutrality rules wasn't relevant to an ongoing lawsuit against Charter Communications. New York Attorney General Eric Schneiderman filed the lawsuit almost exactly a year ago today. It's alleged that Charter's Spectrum-TWC service promised internet speeds it knew it couldn't deliver and that Spectrum-TWC also misled subscribers by promising reliable access to Netflix, online content and online games. According to the complaint, the ISP intentionally failed to deliver reliable service in a bid to extract fees from backbone and content providers. When Netflix wouldn't pay, this "resulted in subscribers getting poorer quality streams during the very hours when they were most likely to access Netflix," and after Netflix agreed to pay demands, service "improved dramatically." This arguably is the kind of thing that net neutrality was supposed to prevent. And Charter itself pointed to the net neutrality repeal in a bid to block Schneiderman's claims that Charter had engaged in false advertising and deceptive business practices. New York Supreme Court Justice O. Peter Sherwood isn't sold.

He writes in an opinion that the FCC's order "which promulgates a new deregulatory policy effectively undoing network neutrality, includes no language purporting to create, extend or modify the preemptive reach of the Transparency Rule," referring to how ISPs have to disclose "actual network performance." And although Charter attempted to argue that the FCC clarified its intent to stop state and local governments from imposing disclosure obligations on broadband providers that were inconsistent with FCC's rules, Sherwood notes other language from the "Restoring Internet Freedom Order" how states will "continue to play their vital role in protecting consumers from fraud, enforcing fair business practices... and generally responding to consumer inquiries and complaints."

Government

Facebook Must Stop Tracking Belgian Users, Court Rules (mercurynews.com) 83

Facebook must stop tracking Belgian users' surfing outside the social network and delete data it's already gathered, or it will face fines of 250,000 ($312,000) euros a day, a Belgian court ruled. From a report: Facebook "doesn't sufficiently inform" clients about the data it gathers on their broader web use, nor does it explain what it does with the information or say how long it stores it, the Brussels Court of First Instance said in a statement. The social network is coming under increasing fire in Europe, with a high-profile German antitrust probe examining whether it unfairly compels users to sign up to restrictive privacy terms. Belgium's data-protection regulators have targeted the company since at least 2015 when a court ordered it to stop storing non-users' personal data.
Intel

Intel Hit With More Than 30 Lawsuits Over Security Flaws (reuters.com) 99

Intel said on Friday shareholders and customers had filed 32 class action lawsuits against the company in connection with recently-disclosed security flaws in its microchips. From a report: Most of the lawsuits -- 30 -- are customer class action cases that claim that users were harmed by Intel's "actions and/or omissions" related to the flaws, which could allow hackers to steal data from computers. Intel said in a regulatory filing it was not able to estimate the potential losses that may arise out of the lawsuits. Security researchers at the start of January publicized two flaws, dubbed Spectre and Meltdown, that affected nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM.
Encryption

Two Years After FBI vs Apple, Encryption Debate Remains (axios.com) 175

It's been two years since the FBI and Apple got into a giant fight over encryption following the San Bernardino shooting, when the government had the shooter's iPhone, but not the password needed to unlock it, so it asked Apple to create a way inside. What's most surprising is how little has changed since then. From a report: The encryption debate remains unsettled, with tech companies largely opposed and some law enforcement agencies still making the case to have a backdoor. The case for strong encryption: Those partial to the tech companies' arguments will note that cyberattacks and hacking incidents have become even more common, with encryption serving as a valuable way to protect individuals' personal information. The case for backdoors: Criminals are doing bad stuff and when devices are strongly encrypted they can do it in what amounts to the perfect dark alley, completely hidden from public view.
Twitter

Federal Judge Says Embedding a Tweet Can Be Copyright Infringement (eff.org) 149

An anonymous reader quotes a report from the Electronic Frontier Foundation: Rejecting years of settled precedent, a federal court in New York has ruled [PDF] that you could infringe copyright simply by embedding a tweet in a web page. Even worse, the logic of the ruling applies to all in-line linking, not just embedding tweets. If adopted by other courts, this legally and technically misguided decision would threaten millions of ordinary Internet users with infringement liability.

This case began when Justin Goldman accused online publications, including Breitbart, Time, Yahoo, Vox Media, and the Boston Globe, of copyright infringement for publishing articles that linked to a photo of NFL star Tom Brady. Goldman took the photo, someone else tweeted it, and the news organizations embedded a link to the tweet in their coverage (the photo was newsworthy because it showed Brady in the Hamptons while the Celtics were trying to recruit Kevin Durant). Goldman said those stories infringe his copyright.
"[W]hen defendants caused the embedded Tweets to appear on their websites, their actions violated plaintiff's exclusive display right; the fact that the image was hosted on a server owned and operated by an unrelated third party (Twitter) does not shield them from this result," Judge Katherine Forrest said.

Slashdot Top Deals