An anonymous reader quotes a report from Ars Technica: The Food and Drug Administration on Tuesday approved the first large-scale, phase 3 clinical trial of ecstasy in patients suffering from post-traumatic stress disorder (PTSD), the New York Times reported. The regulatory green-light follows six smaller-scale trials that showed remarkable success using the drug. In fact, some of the 130 PTSD patients involved in those trials say ecstasy -- or 3,4-Methylenedioxymethamphetamine (MDMA) -- saved them from the devastating impacts of PTSD after more than a decade of seeing no improvement with the other treatment options available. Currently, the best of those established treatment options can only improve symptoms in 60 to 70 percent of PTSD patients, one expert noted. However, after one of the early MDMA studies, the drug had completely erased all traces of symptoms in two-thirds of PTSD patients. The new Phase 3 trial will involve at least 230 patients and is planned to start in 2017. Like the other trials, it is backed by the Multidisciplinary Association for Psychedelic Studies (MAPS), a nonprofit created in 1985 to advocate for the medical benefits and use of psychedelic drugs, such as MDMA and marijuana. Also like the others, the new, larger trial will involve a limited number of MDMA treatments administered by professional psychotherapists as part of a therapy program. In previous trials, patients spent 12 weeks in a psychotherapy program, including three eight-hour sessions in which they took MDMA and talked through traumatic memories.
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Twitter has made a serious effort as of late to limit hate speech on its social media site, especially after Election Day where "biased graffiti, assaults and other incidents have been reported in the news." The company now faces President-elect Donald Trump, who has used Twitter for the past 18 months as a megaphone for his views and rants, which many would consider as "hate speech." According to the American Bar Association, hate speech is "speech that offends, threatens, or insults groups, based on race, color, religion, national origin, sexual orientation, or other traits." Quartz reports: While Trump's deceptive tweets may not violate Twitter's rules against harassment, threats and "hateful conduct," Twitter is still keeping an eye on his account for more egregious offenses. This week, the company told Slate it would consider banning key government officials, even the president, if its rules against hate speech or other language were violated. "The Twitter Rules prohibit violent threats, harassment, hateful conduct, and multiple account abuse, and we will take action on accounts violating those policies," a spokesperson wrote. Twitter confirmed with Quartz that everyone, including government officials, were subject to the policy: "The Twitter Rules apply to all accounts," a spokesman wrote. Trump may not have crossed that line yet, but he hasn't exactly refrained from making incendiary claims. Most recently, he claimed that Abdul Razak Ali Artan, who allegedly carried out an attack injuring 11 students at Ohio State University, "should not have been in our country." Artan was a legal permanent U.S. resident, whose family had fled Somalia for Pakistan in 2007. He arrived in the States in 2014.
An anonymous reader quotes a report from Computerworld: A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users. A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had "found the bug" and were "working on a patch." On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox. Dan Guido, CEO of TrailofBits, noted on Twitter, that "it's a garden variety use-after-free, not a heap overflow" and it's "not an advanced exploit." He added that the vulnerability is also present on the Mac OS, "but the exploit does not include support for targeting any operating system but Windows." Security researcher Joshua Yabut told Ars Technica that the exploit code is "100% effective for remote code execution on Windows systems." "The shellcode used is almost exactly the shellcode of the 2013 one," tweeted a security researcher going by TheWack0lian. He added, "When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn't looking at a 3-year-old post." He's referring to the 2013 payload used by the FBI to deanonymize Tor-users visiting a child porn site. The attack allowed the FBI to tag Tor browser users who believed they were anonymous while visiting a "hidden" child porn site on Freedom Hosting; the exploit code forced the browser to send information such as MAC address, hostname and IP address to a third-party server with a public IP address; the feds could use that data to obtain users' identities via their ISPs.
Last week, President-elect Donald Trump appointed two new advisers to his transition team that will oversee his FCC and telecommunications policy agenda. Trump has added a third adviser today who, like the other two advisers, is a staunch opponent of net neutrality regulations. DSLReports adds: The incoming President chose Roslyn Layton, a visiting fellow at the broadband-industry-funded American Enterprise Institute, to help select the new FCC boss and guide the Trump administration on telecom policy. Layton joins Jeffrey Eisenach, a former Verizon consultant and vocal net neutrality critic, and Mark Jamison, a former Sprint lobbyist that has also fought tooth and nail against net neutrality; recently going so far as to argue he doesn't think telecom monopolies exist. Like Eisenach and Jamison, Layton has made a career out of fighting relentlessly against most of the FCC's more consumer-focused efforts, including net neutrality, consumer privacy rules, and increased competition in the residential broadband space. Back in October, Layton posted an article to the AEI blog proclaiming that the FCC's new privacy rules, which give consumers greater control over how their data is collected and sold, were somehow part of a "partisan endgame of corporate favoritism" that weren't necessary and only confused customers. Layton also has made it abundantly clear she supports zero rating, the practice of letting ISPs give their own (or high paying partners') content cap-exemption and therefore a competitive advantage in the market. She has similarly, again like Eisenach and Jamison, supported rolling back the FCC's classification of ISPs as common carriers under Title II, which would kill the existing net neutrality rules and greatly weaken the FCC's ability to protect consumers.
With the most recent update to Uber's ride-hailing app, the company has begun requesting users if they are willing to share their location data with Uber app even while the app is not in use. The company says it plans to use the data gained to improve user experience -- including offering improved pick-up times and locations. From an article on Business Insider: In August the company moved away from using Google Maps for its service and began using its own mapping technology. Google's lack of accuracy in many non-Western countries led to increased friction between consumers and drivers. This means the company needs to boost the amount of location data it has. Location data could also be used to provide new channels of revenue for the digital platform. This could include serving ads of local businesses or recommending nearby places of interest to users. Mobile marketing, which relies on accurate location data is a rapidly growing industry and could serve as a revenue windfall for Uber in the years ahead as it faces increasing competition. In fact, revenue from location-targeted mobile ads is expected to grow at an annualized rate of almost 34% between 2014 and 2019, surpassing $18 billion, according to a forecast from BIA/Kelsey.
A last-ditch effort in the Senate to block or delay rule changes that would expand the U.S. government's hacking powers failed Wednesday, despite concerns the changes would jeopardize the privacy rights of innocent Americans and risk possible abuse by the incoming administration of President-elect Donald Trump. Reuters adds: Democratic Senator Ron Wyden attempted three times to delay the changes which, will take effect on Thursday and allow U.S. judges will be able to issue search warrants that give the FBI the authority to remotely access computers in any jurisdiction, potentially even overseas. His efforts were blocked by Senator John Cornyn of Texas, the Senate's second-ranking Republican. The changes will allow judges to issue warrants in cases when a suspect uses anonymizing technology to conceal the location of his or her computer or for an investigation into a network of hacked or infected computers, such as a botnet.
Photo-filter app Prisma, the popular program which makes pictures and video look like painterly art, had its access to Facebook's Live Video API revoked this month. From a report on NYMag:According to Prisma, Facebook justified choking off Prisma's access by stating, "Your app streams video from a mobile device camera, which can already be done through the Facebook app. The Live Video API is meant to let people publish live video content from other sources such as professional cameras, multi-camera setups, games or screencasts." This is the implied aim of Facebook's video API, the technical entry point for producers to pump video into Facebook's network: The API is meant for broadcasting setups that are not phone-based. The problem is that none of this is explained in Facebook's documentation for developers. In fact, it states the opposite. Here is the very first question from the company's Live API FAQ: "The Live API is a data feed and the "glue" needed to create higher-quality live videos on Facebook. It allows you to send live content directly to Facebook from any camera."
Speculations have turned out be true. The Chinese government is now testing systems that will be used to create digital records of citizens' social and financial behavior. In turn, these will be used to create a so-called social credit score, which will determine whether individuals have access to services, from travel and education to loans and insurance cover. Some citizens -- such as lawyers and journalists -- will be more closely monitored. From a report on MIT Technology Review: Planning documents apparently describe the system as being created to "allow the trustworthy to roam everywhere under heaven while making it hard for the discredited to take a single step." The Journal claims that the system will at first log "infractions such as fare cheating, jaywalking and violating family-planning rules" but will be expanded in the future -- potentially even to Internet activity. Some aspects of the system are already in testing, but there are some challenges to implementing such a far-reaching apparatus. It's difficult to centralize all that data, check it for accuracy, and process it, for example -- let alone feed it back into the system to control everyday life. And China has data from 1.4 billion people to handle.
An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.
An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. "This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix.
An anonymous reader quotes a report from Ars Technica: Congress has passed a law protecting the right of U.S. consumers to post negative online reviews without fear of retaliation from companies. The bipartisan Consumer Review Fairness Act was passed by unanimous consent in the U.S. Senate yesterday, a Senate Commerce Committee announcement said. The bill, introduced in 2014, was already approved by the House of Representatives and now awaits President Obama's signature. The Consumer Review Fairness Act -- full text available here -- voids any provision in a form contract that prohibits or restricts customers from posting reviews about the goods, services, or conduct of the company providing the product or service. It also voids provisions that impose penalties or fees on customers for posting online reviews as well as those that require customers to give up the intellectual property rights related to such reviews. The legislation empowers the Federal Trade Commission to enforce the new law and impose penalties when necessary. The bill also protects reviews that aren't available via the Internet.
The future for one of the few remaining alternative mobile OS platforms, Jolla's Sailfish OS, looks to be taking clearer shape. Today the Finnish company which develops and maintains the core code, with the aim of licensing it to others, announced Sailfish has achieved domestic certification in Russia for government and corporate use. TechCrunch adds:In recent years the Russian government has made moves to encourage the development of alternatives to the duopoly of US-dominated smartphone platforms, Android and Apple's iOS -- flagging Sailfish as one possibility, along with Tizen. Although Sailfish looks to have won out as the preferred Android alternative for Russia at this point. The government has said it wants to radically reduce its reliance on foreign mobile OSes -- to 50 per cent by 2025 vs the 95 per cent of the market garnered by Android and iOS in 2015. Sailfish's local certification in Russia also follows an announcement earlier this year that a new Russian company, Open Mobile Platform (OMP), had licensed the OS with the intention of developing a custom version of the platform for use in the domestic market. So, in other words, a Russian, strategic 'Android alternative' is currently being built on Sailfish.
From a report on Motherboard: On Tuesday, the UK is due to pass its controversial new surveillance law, the Investigatory Powers Act, according to the Home Office. The Act, which has received overwhelming support in both the House of Commons and Lords, formally legalizes a number of mass surveillance programs revealed by Edward Snowden in 2013. It also introduces a new power which will force internet service providers to store browsing data on all customers for 12 months. Civil liberties campaigners have described the Act as one of the most extreme surveillance laws in any democracy, while law enforcement agencies believe that the collection of browsing data is vital in an age of ubiquitous internet communications. "The Investigatory Powers Act 2016 will ensure that law enforcement and the security and intelligence agencies have the powers they need in a digital age to disrupt terrorist attacks, subject to strict safeguards and world-leading oversight," a statement from the Home Office reads. Much of the Act gives stronger legal footing to the UK's various bulk powers, including "bulk interception," which is, in general terms, the collection of internet and phone communications en masse. In June 2013, using documents provided by Edward Snowden, The Guardian revealed that the GCHQ taps fibre-optic undersea cables in order to intercept emails, internet histories, calls, and a wealth of other data. Update: "Snooper's charter" bill has become the law. The home secretary said:"The Investigatory Powers Act is world-leading legislation, that provides unprecedented transparency and substantial privacy protection. "The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe. The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight."
An anonymous reader quotes a report from BBC: Japan's government estimates the cost of cleaning up radioactive contamination and compensating victims of the 2011 Fukushima nuclear disaster has more than doubled, reports say. The latest estimate from the trade ministry put the expected cost at some 20 trillion yen ($180 billion). The original estimate was for $50 billion, which was increased to $100 billion three years later. The majority of the money will go towards compensation, with decontamination taking the next biggest slice. Storing the contaminated soil and decommissioning are the two next greatest costs. The compensation pot has been increased by about 50% and decontamination estimates have been almost doubled. The BBC's Japan correspondent, Rupert Wingfield-Hayes, says it is still unclear who is going to pay for the clean up. Japan's government has long promised that Tokyo Electric Power, the company that owns the plant, will eventually pay the money back. But on Monday it admitted that electricity consumers would be forced to pay a portion of the clean up costs through higher electricity bills. Critics say this is effectively a tax on the public to pay the debt of a private electricity utility.
An anonymous reader quotes a report from Phys.Org: In a massive crackdown, police and law enforcement agencies across Europe have seized more than 4,500 website domains trading in counterfeit goods, often via social networks, officials said on Monday. The operation came as Europol, Europe's police agency, unveiled its newest campaign dubbed "Don't F***(AKE) Up" to stop scam websites selling fake brand names online. In the crackdown, agencies from 27 countries mostly in Europe but including from the U.S. and Canada, joined forces to shut down over 4,500 websites. They were selling everything from "luxury goods, sportswear, spare parts, electronics, pharmaceuticals, toiletries and other fake products," Europol said in a statement, without saying how long the crackdown took. An annual operation run in collaboration with the U.S. Immigration and Customs Enforcement and Homeland Security, there was "a significant increase in the number of seized domain names compared to last year," said Europol director Rob Wainwright. As part of the crackdown, Dutch anti-fraud police arrested 12 people across The Netherlands over the past two weeks as they searched homes and warehouses. Most of the raids were prompted by online sales of counterfeit goods on social networking sites such as Facebook and Instagram. More than 3,500 items of clothing and fake luxury goods were seized in Holland, including shoes, bags and perfumes purporting to be such brands as Nike, Adidas, and Kenzo, with a market value of tens of thousands euros. Publishing a guide on how to spot fake websites and social media scams, Europol warned consumers had to be on their guard.
An anonymous reader quotes a report from Ars Technica: Last week the Environmental Protection Agency (EPA) announced its final renewable fuel standards for 2017, requiring that fuel suppliers blend an additional 1.2 billion gallons of renewable fuel into U.S. gas and diesel from 2016 levels. The rule breaks down the requirements to include quotas for cellulosic biofuels, biomass-based diesel, advanced biofuel, and traditional renewable fuel. Reuters points out that the aggressive new biofuel standards will create a dilemma for an incoming Trump administration, given that his campaign courted both the gas and corn industries. While the EPA under the Obama administration has continually increased so-called renewable fuel standards (RFS), the standards were first adopted by a majority-Republican Congress in 2005 and then bolstered in 2007 with a requirement to incorporate 36 billion gallons of renewable fuel into the fuel supply by 2022, barring "a determination that implementation of the program is causing severe economic or environmental harm," as the EPA writes. Some biofuels are controversial not just for oil and gas suppliers but for some wildlife advocates as well. Collin O'Mara, CEO of the National Wildlife Federation, said in a statement that the corn ethanol industry that most stands to benefit from the EPA's expansion of the renewable fuel standards "is responsible for the destruction of millions of acres of wildlife habitat and degradation of water quality." Still, the EPA contends that biofuels made from corn and other regenerating plants offer reductions in overall fuel emissions, if the processes used to make and transport the fuels are included. "Advanced biofuels" will offer "50 percent lifecycle carbon emissions reductions," and their share of the new standards will grow by 700 million gallons in 2017 from 2016 requirements, the EPA says. Cellulosic biofuel will be increased by 81 million gallons and biomass-based diesel will be increased by 100 million gallons. "Non-advanced or 'conventional' renewable fuel" will be increased to 19.28 billion gallons from 18.11 billion gallons in 2016. Conventional renewable fuel "typically refers to ethanol derived from corn starch and must meet a 20 percent lifecycle GHG [greenhouse gas] reduction threshold," according to EPA guidelines. Other kinds of renewable fuels include sugarcane-based ethanol, cellulosic ethanol derived from the stalks, leaves, and cobs leftover from a corn harvest, and compressed natural gas gleaned from wastewater facilities.
Copyright holders asked Google to remove more than 1,000,000,000 allegedly infringing links from its search engine over the past twelve months, TorrentFreak reports. According to stats provided in Google's Transparency Report for the past one year, Google was asked to remove over one billion links -- or 1,007,741,143 links. From the article: More than 90 percent of the links, 908,237,861 were in fact removed. The rest of the reported links were rejected because they were invalid, not infringing, or duplicates of earlier requests. In total, Google has now processed just over two billion allegedly infringing URLs from 945,000 different domains. That the second billion took only a year, compared to several years for the first, shows how rapidly the volume of takedown requests is expanding. At the current rate, another billion will be added by the end of next summer. Most requests, over 50 million, were sent in for the website 4shared.com. However, according to the site's operators many of the reported URLs point to the same files, inflating the actual volume of infringing content.
Microsoft's Chinese-language AI chat bot filters certain topics, the company confirmed Monday, although it did not clarify whether that included interactions deemed politically sensitive. From a report on Fortune: Last week, CNNMoney and China Digital Times reported that Xiaoice would not directly respond to questions surrounding topics deemed sensitive by the Chinese state. References to the Tiananmen Square massacre of 1989 or "Steamed Bun Xi," a nickname of Chinese President Xi Jinping, would draw evasive answers or non sequiturs from the chat bot, according to the report. "Am I stupid? Once I answer you'd take a screengrab," read one answer to a question that contained the words "topple the Communist Party." Even the mention of Donald Trump, the American President-elect, drew an evasive response from the chat bot, according to reports. "I don't want to talk about it," Xiaoice said, reports CNN Money. In response to inquiries from Fortune, Microsoft confirmed that there was some filtering around Xiaoice's interaction. "We are committed to creating the best experience for everyone chatting with Xiaoice," a Microsoft spokesperson tells Fortune. "With this in mind, we have implemented filtering on a range of topics." The tech giant did not further elaborate to which specific topics the filtering applied.
Huge numbers of VAT fraudsters are illegally selling goods tax-free to British shoppers on Amazon and eBay, despite new government efforts to crack down on this ballooning 1bn pound VAT evasion crisis, reports the Guardian. From the article: A Guardian investigation found a wide variety of popular goods being illegally sold without VAT on Britain's leading shopping sites. They range from cheap Christmas tree lights, electric toothbrushes and thermal socks to expensive laptops, iPads, music keyboards, violins and pingpong tables. In some cases, VAT fraudsters offer unbeatable prices. Mostly, however, their prices remain in line with law-abiding competitors and the proceeds of evasion disappear overseas, often to China. Guardian investigations found many tax-evading sellers were trading without displaying VAT numbers on Amazon or eBay. Others were showing made up numbers, or numbers cloned, without authorisation, from unsuspecting legitimate businesses.
schwit1 quotes a report from Zero Hedge on Great Britain's newly-enacted "snoopers' charter": For those who missed our original reports, here is the new law in a nutshell: it requires telecom companies to keep records of all users' web activity for a year, creating databases of personal information that the firms worry could be vulnerable to leaks and hackers. Civil liberties groups say the law establishes mass surveillance of British citizens, following innocent internet users from the office to the living room and the bedroom. They are right. Which government agencies have access to the internet history of any British citizen? Here is the answer courtesy of blogger Chris Yuo, who has compiled the list
Click through to the comments to read the entire list.
Click through to the comments to read the entire list.