Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Traditional Keyboard Sounds Can be Decoded By Listening Over a VoIP Connection, Researchers Say ( 56

Reader Trailrunner7 writes: Researchers have known for a long time that acoustic signals from keyboards can be intercepted and used to spy on users, but those attacks rely on grabbing the electronic emanation from the keyboard. New research from the University of California Irvine shows that an attacker, who has not compromised a target's PC, can record the acoustic emanations of a victim's keystrokes and later reconstruct the text of what he typed, simply by listening over a VoIP connection.

The researchers found that when connected to a target user on a Skype call, they could record the audio of the user's keystrokes. With a small amount of knowledge about the victim's typing style and the keyboard he's using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware on the victim's machine and simply takes advantage of the way that VoIP software acquires acoustic emanations from the machine it's on.


Spanish Police Arrest Their First Ever eBook Pirate ( 48

An anonymous reader writes: Spain's Ministry of the Interior has announced the first ever arrest of an eBook pirate. The suspect is said to have uploaded more than 11,000 literary works online, many on the same day as their official release. More than 400 subsequent sites are said to have utilized his releases. The investigation began in 2015 following a complaint from the Spanish Reproduction Rights Centre (CEDRO), a non-profit association of authors and publishers of books, magazines, newspapers and sheet music. According to the Ministry, CEDRO had been tracking the suspect but were only able to identify him by an online pseudonym. However, following investigations carried out by the police, his real identity was discovered.

DNA Testing For Jobs May Be On Its Way, Warns Gartner ( 227

Reader dcblogs writes: It is illegal today to use DNA testing for employment, but as science advances its understanding of genes that correlate to certain desirable traits -- such as leadership and intelligence -- business may want this information. People seeking leadership roles in business, or even those in search of funding for a start-up, may volunteer their DNA test results to demonstrate that they have the right aptitude, leadership capabilities and intelligence for the job. This may sound farfetched, but it's possible based on the direction of the science, according to Gartner analysts David Furlonger and Stephen Smith, who presented their research Wednesday at the firm's Symposium IT/xpo in Orlando. This research is called 'maverick' in Gartner parlance, meaning it has a somewhat low probability and is still years out, but its potential is nonetheless worrisome to the authors. It isn't as radical as it seems. Job selection on the basis of certain desirable genetic characteristics is already common in the military and sports. Even without testing, businesses, governments and others may use this understanding about how some characteristics are genetically determined to develop new interview methodologies and testing to help identify candidates predisposed to the traits they desire.
The Internet

Ecuador Acknowledges Limiting Julian Assange's Web Access ( 409

Alexandra Valencia, reporting for Reuters: Ecuador's government acknowledged on Tuesday it had partly restricted internet access for Julian Assange, the founder of anti-secrecy group WikiLeaks who has lived in the South American country's London embassy since mid-2012. WikiLeaks said Assange lost connectivity on Sunday, sparking speculation Ecuador might have been pressured by the United States due to the group's publication of hacked material linked to U.S. Democratic presidential candidate Hillary Clinton. In a statement, Ecuador's leftist government said WikiLeaks' decision to publish documents impacting the U.S. election campaign was entirely its own responsibility, and the South American country did not cede to pressure from other nations. "In that respect, Ecuador, exercising its sovereign right, has temporarily restricted access to part of its communications systems in its UK Embassy," it added in a statement. "The Ecuador government respects the principle of non-intervention in other countries' affairs, it does not meddle in election processes underway, nor does it support any candidate specially."

CIA-Backed Surveillance Tool 'Geofeedia' Was Marketed To Public Schools ( 41

An anonymous reader quotes a report from The Daily Dot: An online surveillance tool that enabled hundreds of U.S. law enforcement agencies to track and collect information on social media users was also marketed for use in American public schools, the Daily Dot has learned. Geofeedia sold surveillance software typically bought by police to a high school in a northern Chicago suburb, less than 50 miles from where the company was founded in 2011. An Illinois school official confirmed the purchase of the software by phone on Monday. In the fall of 2014, the Lincolnshire-Prairie School District paid Geofeedia $10,000 to monitor the social media posts of children at Adlai E. Stevenson High School. "We did have for one year a contract with Geofeedia," said Jim Conrey, a spokesperson for Lincolnshire-Prairie School District. "We were mostly interested in the possibility of trying to prevent any kind of harm, either that students would do to themselves or to other students." Conrey said the district simply wanted to keep its students safe. "It was really just about student safety; if we could try to head off any potential dangerous situations, we thought it might be worth it," he said. Ultimately, the school found little use for the platform, which was operated by police liaison stationed on school grounds, and chose not to renew its subscription after the first year, citing cost and a lack of actionable information. "A lot of kids that were posting stuff that we most wanted, they weren't doing the geo-tagging or making it public," Conrey said. "We weren't really seeing a lot there." The school's experience, added Conrey, was that more often than not students would approach school administrators with sensitive issues, as opposed to the school unearthing problems affecting students using Geofeedia. "Quite frankly, we found that it wasn't worth the money," Conrey said.
The Almighty Buck

Samsung Hit With Class Action Lawsuit Over Exploding Galaxy Note 7 ( 42

An anonymous reader quotes a report from Motherboard: Samsung's Galaxy Note 7 troubles are continuing -- the company was just hit with a class action lawsuit in New Jersey focused on recovering cell phone contract fees for customers who were left with an unusable phone for several weeks. The suit has three initial plaintiffs, who say that they were left without a phone for the several weeks between when Samsung and the U.S. Consumer Product Safety Commission originally issued a recall and told consumers to "power down" their devices (September 9), and when the company began offering replacement devices (September 21). It also notes that Samsung didn't make enough replacement devices immediately available -- which is probably a good thing considering that the company ultimately had to recall those as well. "Samsung informed consumers they would have to wait several days, and even weeks in many cases, before receiving a replacement smartphone," the suit alleges. "During this time, and as a result of Defendant failing to provide consumers with an adequate replacement, consumers continued to incur monthly device and plan charges from their cellular carriers for phones they could not safely use." The total recall and destruction of Galaxy Note 7 phones is unprecedented for a modern smartphone, so there isn't much to look at in order to project whether the case will succeed. "Samsung has agreed to recall and reimburse the cost of the device, but their customers have had to continue to pay on their data and voice plans during the time they had to make their device inoperative until they received their replacement device," Richard McCune, one of the lawyers representing the class, told me. "That is the loss that the case is focused on."
The Almighty Buck

Plaintiffs From Seven States Sue Comcast For Misleading, Hidden Fees ( 80

An anonymous reader quotes a report from DSLReports: Back in 2013 Comcast began charging customers what it called the "Broadcast TV Fee." The fee, which began at $1.25 per month, has jumped to $6.50 (depending on your market) in just three years. As consumers began to complain about yet another glorified rate hike, the company in 2014 issued a statement proclaiming it was simply being "transparent," and passing on the cost of soaring programmer retransmission fees on to consumers. There's several problems with Comcast's explanation. One, however pricey broadcaster retransmission fees have become (and keep in mind Comcast is a broadcaster), programming costs are simply the cost of doing business for a cable company, and should be included in the overall price. Comcast doesn't include this fee in the overall price because sticking it below the line let's the company falsely advertise a lower rate. Inspired by the banking sector, this misleading practice has now become commonplace in the broadband and cable industry. Whether it's CenturyLink's $2 per month "Internet Cost Recovery Fee" or Fairpoint's $3 per month "Broadband Cost Recovery Fee," these fees are utterly nonsensical, and inarguably false advertising. And while the FCC can't be bothered to take aim at such misleading business practices, Federal class action lawsuit filed this week in California is trying to hold Comcast accountable for the practice. Plaintiffs from seven states -- including New Jersey, Illinois, California, Washington, Colorado, Florida and Ohio -- have sued Comcast alleging consumer fraud, unfair competition, unjust enrichment and breach of contract. What's more, the fee has consistently skyrocketed, notes the lawsuit. Comcast initially charged $1.50 when the fee first appeared back in 2013, but now charges upwards of $6.50 more per month in many markets -- a 333% increase in just three years.

Half of American Adults Are In a Face-Recognition Database ( 64

An anonymous reader quotes a report from Ars Technica: Half of American adults are in a face-recognition database, according to a Georgetown University study released Wednesday. That means there's about 117 million adults in a law enforcement facial-recognition database, the study by Georgetown's Center on Privacy and Technology says. The report (PDF), titled "The Perpetual Line-up: Unregulated Police Face Recognition in America," shows that one-fourth of the nation's law enforcement agencies have access to face-recognition databases, and their use by those agencies is virtually unregulated. Where do the mug shots come from? For starters, about 16 states allow the FBI to use facial recognition to compare faces of suspected criminals to their driver's licenses or ID photos, according to the study. "In this line-up," the study says, "it's not a human that points to the suspect -- it's an algorithm." The study says 26 states or more allow police agencies to "run or request searches" against their databases or driver's licenses and ID photos. This equates to "roughly one in two American adults has their photos searched this way," according to the study. Many local police agencies also insert mug shots of people they arrest into searchable, biometric databases, according to the report. According to the report, researchers obtained documents stating that at least five "major police departments," including those in Chicago, Dallas, and Los Angeles, "either claimed to run real-time face recognition off of street cameras, bought technology that can do so, or expressed an interest in buying it." The Georgetown report's release comes three months after the U.S. Government Accountability Office (GAO) concluded that the FBI has access to as many as 411.9 million images as part of its face-recognition database. The study also mentioned that the police departments have little oversight of their databases and don't audit them for misuse: "Maryland's system, which includes the license photos of over two million residents, was launched in 2011. It has never been audited. The Pinellas Country Sheriff's Office system is almost 15 years old and may be the most frequently used system in the country. When asked if his office audits searches for misuse, Sheriff Bob Gualtieri replied, "No, not really." Despite assurances to Congress, the FBI has not audited use of its face recognition system, either. Only nine of 52 agencies (17%) indicated that they log and audit their officers' face recognition searchers for improper use. Of those, only one agency, the Michigan State Police, provided documentation showing that their audit regime was actually functional."

Clinton Campaign Considered Bill Gates, Tim Cook For Vice President ( 171

WikiLeaks has been releasing thousands of emails over the past couple of weeks belonging to Hillary Clinton's campaign chair John Podesta. One of the more interesting tidbits revealed from the email dump was the list of potential running mates considered by Clinton's campaign. The Verge reports: Clinton's vice presidential candidates, while not altogether surprising, include some vaguely interesting choices like Bill and Melinda Gates, Apple CEO Tim Cook, and General Motors CEO Mary Barra. In the mail, Podesta says he has organized the list into "rough food groups," one of which includes all the people mentioned above. Xerox CEO Ursula Burns and Starbucks CEO Howard Shultz are also in this "food group," along with Michael Bloomberg. With just under 40 names on the list, it's not immediately obvious how close any of these people came to actually being asked to take on the role (Tim Kaine is on the list).

Project Include Drops Y Combinator As Peter Thiel Pledges $1.25 Million To Trump ( 615

Peter Thiel's support for U.S. Republican presidential candidate Donald Trump has given Silicon Valley a headache. This past weekend, Thiel donated $1.25 million to his campaign, which is driving away partners from Thiel's Silicon Valley accelerator, Y Combinator. Today, Project Include, a community for building meaningful, enduring diversity and inclusion into tech companies, said that it would no longer work with Y Combinator startups. "Thiel's actions are in direct conflict with our values at Project Include," the group's co-founder, Ellen Pao, wrote in a Medium post. "Because of this continued connection to YC, we are compelled to break off our relationship with YC." The Verge reports: Founded in 2005, Y Combinator has incubated some of the biggest tech companies of the past decade, including Airbnb, Dropbox, and Stripe. It faced a barrage of criticism over the weekend for refusing to dissociate itself from Thiel, who took an advisory role with the organization in 2015. In a series of tweets, YC's president stood by Thiel. "Cutting off opposing viewpoints leads to extremism and will not get us the country we want," Sam Altman wrote. "Diversity of opinion is painful but critical to the health of a democratic society. We can't start purging people for political support." In her post, Pao rejected the idea that Thiel's donation could be dismissed as political speech. "We agree that people shouldn't be fired for their political views, but this isn't a disagreement on tax policy, this is advocating hatred and violence," she wrote. "Giving more power to someone whose ascension and behavior strike fear into so many people is unacceptable. His attacks on black, Mexican, Asian, Muslim, and Jewish people, on women, and on others are more than just political speech; fueled by hate and encouraging violence, they make each of us feel unsafe."
The Almighty Buck

It's Entirely Reasonable For Police To Swipe a Suspicious Gift Card, Says Court ( 204

An anonymous reader quotes Ars Technica: A U.S. federal appeals court has found that law enforcement can, without a warrant, swipe credit cards and gift cards to reveal the information encoded on the magnetic stripe. It's the third such federal appellate court to reach this conclusion. Last week, the 5th U.S. Circuit Court of Appeals found in favor of the government in United States v. Turner, establishing that it was entirely reasonable for Texas police officers to scan approximately 100 gift cards found in a car that was pulled over at a traffic stop. Like the previous similar 8th Circuit case that Ars covered in June 2016, the defendants challenged the search of the gift cards as being unreasonable. (The second case was from the 3rd Circuit in July 2015, in a case known as U.S. v. Bah.) In this case, after pulling over the car and running the IDs of both men, police found that there was an outstanding warrant for the passenger, Courtland Turner. When Turner was told to get out of the car and was placed in the patrol car, the officer returned to the stopped car and noticed an "opaque plastic bag partially protruding from the front passenger seat," as if someone had tried to push it under the seat to keep it hidden. The cop then asked the driver, Broderick Henderson, what was in the bag. Henderson replied that they had bought gift cards. When the officer then asked if he had receipts for them, Henderson replied that they had "bought the gift cards from another individual who sells them to make money." Turner's lawyers later challenged the scanning, arguing that this "search" of these gift cards went against their client's "reasonable expectation of privacy," an argument that neither the district court nor the appellate court found convincing. The 5th Circuit summarized: "After conferring with other officers about past experiences with stolen gift cards, the officer seized the gift cards as evidence of suspected criminal activity. Henderson was ticketed for failing to display a driver's license and signed an inventory sheet that had an entry for 143 gift cards. Turner was arrested pursuant to his warrant. The officer, without obtaining a search warrant, swiped the gift cards with his in-car computer. Unable to make use of the information shown, the officer turned the gift cards over to the Secret Service. A subsequent scan of the gift cards revealed that at least forty-three were altered, meaning the numbers encoded in the card did not match the numbers printed on the card. The investigating officer also contacted the stores where the gift cards were purchased -- a grocery store and a Walmart in Bryan, Texas provided photos of Henderson and Turner purchasing gift cards."

Ethiopia's State of Emergency Makes Posting To Facebook a Crime ( 38

Due to anti-government protests occurring in the country, Ethiopia has declared a state of emergency that, among other things, makes it a crime to post updates on Facebook about the current status of the country. "The military command will take action on those watching and posting on these social media outlets," Siraj Fegessa, Ethiopia's minister of defense, said on state television. Those who violate the terms of the state of emergency may be subject to prison for up to five years. Quartz reports: Ethiopia's largest ethnic groups, the Oromo and the Amhara, are protesting what they see as the marginalization of their rights and freedoms by the ruling Ethiopian People's Revolutionary Democratic Front (EPRDF), dominated by the Tigray minority. After a week of intensified protests that left businesses and government property destroyed, prime minister Hailemariam Desalegn declared a state of emergency on Oct 9 for the next six months. Under the state of emergency, all expressions or communication that could incite violence have been banned, including the now famous protest gesture of raised hands, crossed at the wrist. Authorities can search and detain citizens without prior approval. Discussing issues with foreigners that could incite violence or communicating with groups deemed terrorists is also illegal.

Hackers Steal Credit Card Data From Visitors of US Senate GOP Committee Website ( 27

pdclarry writes: While all of the recent news has been about hacking the Democratic National Committee, apparently the Republicans have also been hacked over many months (since March 2016). This was not about politics, however; it was to steal credit card numbers. Brian Krebs reports: "a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the web storefront of the National Republican Senatorial Committee (NRSC). [...] If you purchased a 'Never Hillary' poster or donated funds to the NRSC through its website between March 2016 and the first week of this month [October 2016], there's an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground." Krebs says his information comes from Dutch researcher Willem De Groot, co-founder and head of security at Dutch e-commerce site The Republicans were not alone; theirs was just one of 5,900 e-commerce sites hacked by the same Russian actors. You can view De Groot's analysis of the malware planted on the NRSC's site and other services here. Krebs adds: "The NRSC did not respond to multiple requests for comment, but a cached copy of the site's source code from October 5, 2016 indicates the malicious code was on the site at the time (load this link, click 'view source' and then Ctrl-F for '')."

WikiLeaks: Ecuador Cut Off Assange's Internet Access ( 312

Following a report from WikiLeaks claiming that its co-founder's internet service was intentionally cut off by a state actor, the anti-secrecy organization released a statement confirming the state actor was Ecuador. WikiLeaks tweeted: "We can confirm Ecuador cut off Assange's internet access Saturday, 5pm GMT, shortly after publication of Clinton's Goldman Sachs speechs." BBC reports: There was no way to immediately verify if he had been knocked offline, and if so, what was Ecuador's motivation. The anti-secrecy organization did not return calls and emails on Monday, though it said in a tweet: "We have activated the appropriate contingency plans." A woman who picked up the phone at the Ecuadorean embassy said: "I cannot disclose any information." The Wikileaks claim follows the latest emails it disclosed from a hack of Clinton campaign chairman John Podesta's emails. It released three transcripts on Saturday of Mrs Clinton's paid speeches to Goldman Sachs, which her campaign had long refused to release. The scrips reveal her bantering relationship with the investment bank's executives, which is unlikely to allay fears among liberal Democrats that she is too cosy with Wall Street.

Apple and Other Tech Companies Have Registered Their IP in Jamaica, Tonga, and Elsewhere For Years ( 42

Apple's product launches are notoriously secretive, but the Cupertino, California tech giant is sure to do one thing ahead of a big reveal: file trademark paperwork in Jamaica. From a Quartz report: It did this for Siri, the Apple Watch, macOS, and dozens of its major products months before the equivalent paperwork was lodged in the United States. Likewise, Google, Amazon, and Microsoft routinely file trademarks for their most important products in locales far flung from Silicon Valley and Seattle. These include Jamaica, Tonga, Iceland, South Africa, and Trinidad and Tobago -- places where trademark authorities don't maintain easily searchable databases. The tech giants are exploiting a US trademark-law provision that lets them effectively claim a trademark in secret. Under this provision, once a mark is lodged with an intellectual property office outside the US, the firm has six months to file it with the US Patent and Trademark Office (USPTO). When the firm does file in the US, it can point to its original application made abroad to show that it has a priority claim on the mark.

UK Police Begins Deployment of 22,000 Police Body Cameras ( 65

An anonymous reader writes: London's Metropolitan Police Service has begun a roll-out of 22,000 Body Worn Video (BWV) cameras to officers over the city's 32 boroughs after ten years of country-wide trials. The device, which records video only when the officer decides, has a 130-degree field of view and a 30-second buffer which permits police to begin recording even after an event has started. The makers of the camera also provide an Android/iOS app which can allow a remote viewer to connect to an officer's camera, effectively turning police operatives into walking CCTVs. Academic research has suggested that use of BWV cams can reduce complaints against officers by 93%, and the Met contends that the new technology, whose cloud-based systems erases unwanted videos after 31 days, is particularly effective in domestic violence cases.

Journalists Face Jail Time After Reporting on North Dakota Pipeline Protest ( 356

Investigative reporter and co-founder of Democracy Now!, Amy Goodman, is now facing riot charges in the state of North Dakota after her report on a Native American-led pipeline protest there went viral on Facebook. From a TechCrunch report:Democracy Now! issued a statement about the new charges against Goodman late Saturday. Goodman's story, posted to Facebook on September 4th, has been viewed more than 14 million times on the social media platform, Democracy Now! said, and was picked up by mainstream media outlets and networks including CBS, NBC, NPR, CNN, MSNBC and The Huffington Post. Additionally, documentary filmmaker Deia Schlosberg, is facing felony and conspiracy charges that could carry a 45-year sentence for filming at the protest, IndieWire reports.
United Kingdom

UK Security Agencies Unlawfully Collected Data For 17 Years, Court Rules ( 56

British security agencies have secretly and unlawfully collected massive volumes of confidential personal data, including financial information, on citizens for more than a decade, top judges have ruled. The Guardian adds:The investigatory powers tribunal, which is the only court that hears complaints against MI5, MI6 and GCHQ, said the security services operated secret regimes to collect vast amounts of personal communications data, tracking individual phone and web use and large datasets of confidential personal information, without adequate safeguards or supervision for more than 10 years. The ruling said the regime governing the collection of bulk communications data (BCD) -- the who, where, when and what of personal phone and web communications -- failed to comply with article 8 protecting the right to privacy of the European convention of human rights (ECHR) between 1998, when it started, and 4 November 2015, when it was made public. It said the holding of bulk personal datasets (BPD) -- which might include medical and tax records, individual biographical details, commercial and financial activities, communications and travel data -- also failed to comply with article 8 for the decade it was in operation until its public avowal in March 2015.

Assange Internet Link Cut By State Actor, Claims Wikileaks ( 474

An anonymous reader shares a report by RussianToday: WikiLeaks has activated "contingency plans" after its co-founder's internet service was intentionally cut off by a state actor, the media organization said in a tweet. The internet is one of the few, if not only, available ways for Julian Assange, who has been locked up in the Ecuadorian Embassy in London for more than four years, to maintain contact with the outside world. Facing extradition to Sweden over allegations of rape, which he denies, the Australian computer programmer has been holed up in the embassy in West London since 2012. He claims the extradition is actually a bid to move him to a jurisdiction from which he can then be sent to the US, which is known to be actively investigating WikiLeaks. The unverified claims of state sabotage come as WikiLeaks continues to release damaging documents, most recently thousands of hacked emails from Hillary Clinton's campaign manager John Podesta.

More Performers Are Demanding Audiences Lock Up Their Phones ( 550

More performers -- and other venues -- are discovering a new anti-piracy technology called Yondr -- including comedian Dave Chappelle. Slashdot reader quotes the New York Times: Fans are required to place their cellphones into Yondr's form-fitting lockable pouch when entering the show, and a disk mechanism unlocks it on the way out. Fans keep the pouch with them, but it is impossible to snap pictures, shoot videos or send text messages during the performance while the pouch is locked.

'I know my show is protected, and it empowers me to be more honest and open with the audience,' says Dave Chappelle...But some fans object to not being able to disseminate and see live shows via videotape...

"In this day and age, my phone is how I keep my memory," one live-music fan told the Washington Post, adding "If you don't want your music heard, then don't perform it." But the device is becoming more common, and according to the Times it's now also being used at weddings, restaurants, schools, and when movies are being prescreened.

Slashdot Top Deals