Sri Lanka Accuses Facebook of Failing To Control Hate Speech That Contributed To Deadly Riots (theguardian.com) 73

The Sri Lankan government is accusing Facebook of failing to control rampant hate speech that it says contributed to anti-Muslim riots last week that left three people dead and the country under a state of emergency. The accusations come after the country blocked Facebook and several other platforms last week in an effort to prevent the spread of hate speech. The Guardian reports: On Thursday Fernando, along with the Sri Lankan prime minister, Ranil Wickremesinghe, and communications officials, will meet a Facebook team that has flown to Colombo. The Sri Lankans will demand a new, faster system for taking down posts flagged as a national security risk by agencies in the country. "Facebook is not reacting as fast as we have wanted it to react," Fernando said. "In the past it has taken various number of days to review [flagged posts] or even to take down the pages." On Tuesday he highlighted a tweet from a user who claimed to have reported a Facebook post in the Sinhala language that read "Kill all Muslims, don't even let an infant of the dogs escape." The user claimed he received a reply six days later saying the post did not contravene a specific Facebook community standard. The extremist leader Amith Weerasinghe, who was arrested last week in Kandy after being accused of helping to instigate the violence, had amassed nearly 150,000 followers on his Facebook page before it was taken down last week.

Former Equifax CIO Charged With Insider Trading (bloomberg.com) 90

OffTheLip writes: Jun Ying, a former CIO with Equifax has been charged with insider trading by the US Department of Justice. From the linked article:

Wednesday's announcement marks the first criminal charge brought in one of the largest data breaches in history. Ying, the former chief information officer for Equifax's U.S. information-solutions business, used confidential information entrusted to him by the company to determine it had been hacked, according to a separate complaint filed by the Securities and Exchange Commission.

ZDNet adds: According to a Justice Department statement, Ying sent a text message to a colleague two weeks before Equifax revealed the hack, in which he said the breach "sounds bad." Three days later, Ying searched the web to research the effect of Experian's 2015 own breach on its stock price. Later that day, Ying excised all his available stock options.


SEC Charges Theranos, CEO Elizabeth Holmes With 'Massive Fraud' (engadget.com) 128

An anonymous reader quotes a report from Engadget: The SEC has charged Theranos, Elizabeth Holmes and Ramesh "Sunny" Balwani with fraud relating to the startup's fundraising activities. The company, as well as CEO Holmes and former president Balwani are said to have raised more than $700 million from investors through "an elaborate, years-long fraud." This involved making "false statements about the company's technology, business and financial performance." In a statement, the commission said that the company, and its two executives, misled investors about the capability of its blood testing technology. Theranos' big selling point was that its hardware could scan for a number of diseases with just a small drop of blood. Unfortunately, the company was never able to demonstrate that its system worked as well as its creators claimed.

The company and Elizabeth Holmes have already agreed to settle the charges leveled against them by the SEC. Holmes will have to pay a $500,000 fine and return 18.9 million shares in Theranos that she owned, as well as downgrading her super-majority equity into common stock. The CEO is now barred from serving as the officer or director of a public company for 10 years. In addition, if Theranos is liquidated or acquired, Holmes cannot profit from her remaining shareholding unless $750 million is handed back to defrauded investors. Balwani, on the other hand, is facing a federal court case in the Northern District of California where the SEC will litigate its claims against him.
Worth noting: the court still has to approve the deals between Holmes and Theranos, and neither party has admitted any wrongdoing.

'Women At Microsoft Are Sexualized By Their Male Managers,' Lawsuit Alleges (arstechnica.com) 178

An anonymous reader quotes a report from Ars Technica: According to a newly unsealed court filing, women at Microsoft who work in technical jobs filed 238 internal complaints pertaining to gender discrimination or sexual harassment from 2010 through 2016. The new document was first reported Monday evening by Reuters. The figures were revealed as part of a proposed class-action lawsuit originally filed in 2015 (Moussouris v. Microsoft). The female plaintiffs argue that the company's internal rating system discriminates against women and disfavors professional advancement for women.

As part of the class certification process and civil discovery, Microsoft handed over years of records to the plaintiffs' lawyers. In the Monday-released filing, which was originally submitted to the court in October 2017, Moussouris' lawyer, Michael Subit, wrote that "Microsoft's Culture is Rife with Sexual Harassment" before continuing: "Company records indicate that women at Microsoft are sexualized by their male managers and coworkers, leading to a substantial number of incidents of alleged sexual harassment, and even several incidents of sexual assault, that often go unpunished." Specifically, Subit continued, Microsoft's internal unit (known as "ERIT") received 108 complaints of sexual harassment filed by female US-based technical employees, 119 complaints of gender discrimination, eight complaints of retaliation, and three complaints of pregnancy discrimination. Out of all of the claimed instances of gender discrimination, Microsoft's internal investigation only found that one such complaint was "founded."


Privacy-Busting Bugs Found in Popular VPN Services Hotspot Shield, Zenmate and PureVPN (zdnet.com) 60

A report by VpnMentor, a website which ranks VPN services, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users. VpnMentor says it hired a team of three external ethical hackers to find vulnerabilities in three random popular VPNs. While one hacker wants to keep his identity private, the other two are known as File Descriptor and Paulos Yibelo. ZDNet: The research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location. In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services. [...] AnchorFree, which makes Hotspot Shield, fixed the bugs, and noted that its mobile and desktop apps were not affected by the bugs. The researchers also reported similar IP leaking bugs to Zenmate and PureVPN.
The Internet

Reddit and the Struggle To Detoxify the Internet (newyorker.com) 398

In an article published on The New Yorker this week, Andrew Marantz discusses the state of free speech on the Web and takes a look at Reddit, the internet's fourth-most-popular site, after Google, YouTube, and Facebook. Some excerpts from the story: On November 23, 2016, shortly after President Trump's election, Reddit CEO Steve Huffman was at his desk, in San Francisco, perusing the site. It was the day before Thanksgiving. Reddit's administrators had just deleted a subreddit called r/Pizzagate, a forum for people who believed that high-ranking staffers of Hillary Clinton's Presidential campaign, and possibly Clinton herself, were trafficking child sex slaves. The reason for the ban, according to Reddit's administrators, was not the beliefs of people on the subreddit, but the way they'd behaved -- specifically, their insistence on publishing their enemies' private phone numbers and addresses, a clear violation of Reddit's rules. [...] Some of the conspiracy theorists left Reddit and reunited on Voat, a site made by and for the users that Reddit sloughs off. Other Pizzagaters stayed and regrouped on r/The_Donald, a popular pro-Trump subreddit. Throughout the Presidential campaign, The_Donald was a hive of Trump boosterism. By this time, it had become a hermetic subculture, full of inside jokes and ugly rhetoric. The community's most frequent commenters, like the man they'd helped propel to the Presidency, were experts at testing boundaries. Within minutes, they started to express their outrage that Pizzagate had been deleted.

Redditors are pseudonymous, and their pseudonyms are sometimes prefaced by "u," for "username." Huffman's is Spez. As he scanned The_Donald, he noticed that hundreds of the most popular comments were about him: "fuck u/spez", "u/spez is complicit in the coverup". One commenter simply wrote "u/SPEZ IS A CUCK," in bold type, a hundred and ten times in a row. Huffman, alone at his computer, wondered whether to respond. "I consider myself a troll at heart," he said later. "Making people bristle, being a little outrageous in order to add some spice to life -- I get that. I've done that." Privately, Huffman imagined The_Donald as a misguided teen-ager who wouldn't stop misbehaving. "If your little brother flicks your ear, maybe you ignore it," he said. "If he flicks your ear a hundred times, or punches you, then maybe you give him a little smack to show you're paying attention."

Although redditors didn't yet know it, Huffman could edit any part of the site. He wrote a script that would automatically replace his username with those of The_Donald's most prominent members, directing the insults back at the insulters in real time: in one comment, "Fuck u/Spez" became "Fuck u/Trumpshaker"; in another, "Fuck u/Spez" became "Fuck u/MAGAdocious." The_Donald's users saw what was happening, and they reacted by spinning a conspiracy theory that, in this case, turned out to be true. "Manipulating the words of your users is fucked," a commenter wrote.


Trump's Pick for New CIA Director Is Career Spymaster (bloomberg.com) 307

An anonymous reader shares a AP report: President Donald Trump's choice to be the first female director of the CIA is a career spymaster who once ran an agency prison in Thailand where terror suspects were subjected to a harsh interrogation technique that the president has supported. Trump tweeted Tuesday that CIA Director Mike Pompeo will replace Rex Tillerson as secretary of state and that he has selected Gina Haspel to replace Pompeo. Haspel, the current deputy CIA director, also helped carry out an order that the agency destroy its waterboarding videos. That order prompted a lengthy Justice Department investigation that ended without charges. Haspel, who has extensive overseas experience, briefly ran a secret CIA prison where accused terrorists Abu Zubayadah and Abd al Rahim al-Nashiri were waterboarded in 2002, according to current and former U.S. intelligence officials, who spoke to The Associated Press on condition of anonymity.

US Navy Under Fire In Mass Software Piracy Lawsuit (torrentfreak.com) 121

An anonymous reader quotes a report from TorrentFreak: In 2011 and 2012, the U.S. Navy began using BS Contact Geo, a 3D virtual reality application developed by German company Bitmanagement. The Navy reportedly agreed to purchase licenses for use on 38 computers, but things began to escalate. While Bitmanagement was hopeful that it could sell additional licenses to the Navy, the software vendor soon discovered the U.S. Government had already installed it on 100,000 computers without extra compensation. In a Federal Claims Court complaint filed by Bitmanagement two years ago, that figure later increased to hundreds of thousands of computers. Because of the alleged infringement, Bitmanagement demanded damages totaling hundreds of millions of dollars. In the months that followed both parties conducted discovery and a few days ago the software company filed a motion for partial summary judgment, asking the court to rule that the U.S. Government is liable for copyright infringement. According to the software company, it's clear that the U.S. Government crossed a line. In its defense, the U.S. Government had argued that it bought concurrent-use licenses, which permitted the software to be installed across the Navy network. However, Bitmanagement argues that it is impossible as the reseller that sold the software was only authorized to sell PC licenses. In addition, the software company points out that the word "concurrent" doesn't appear in the contracts, nor was there any mention of mass installations. The full motion brings up a wide range of other arguments as well which, according to Bitmanagement, make it clear that the U.S. Government is liable for copyright infringement.

ACLU Sues TSA Over Electronic Device Searches (techcrunch.com) 115

The American Civil Liberties Union of Northern California has filed a Freedom of Information Act lawsuit against the Transportation Security Administration over its alleged practices of searching the electronic devices of passengers traveling on domestic flights. "The federal government's policies on searching the phones, laptops, and tablets of domestic air passengers remain shrouded in secrecy," ACLU Foundation of Northern California attorney Vasudha Talla said in a blog post. "TSA is searching the electronic devices of domestic passengers, but without offering any reason for the search," Talla added. "We don't know why the government is singling out some passengers, and we don't know what exactly TSA is searching on the devices. Our phones and laptops contain very personal information, and the federal government should not be digging through our digital data without a warrant." TechCrunch reports: The lawsuit, which is directed toward the TSA field offices in San Francisco and its headquarters in Arlington, Virginia, specifically asks the TSA to hand over records related to its policies, procedures and/or protocols pertaining to the search of electronic devices. This lawsuit comes after a number of reports came in pertaining to the searches of electronic devices of passengers traveling domestically. The ACLU also wants to know what equipment the TSA uses to search, examine and extract any data from passengers' devices, as well as what kind of training TSA officers receive around screening and searching the devices. The ACLU says it first filed FOIA requests back in December, but TSA "subsequently improperly withheld the requested records," the ACLU wrote in a blog post today.

'Slingshot' Malware That Hid For Six Years Spread Through Routers 72

An anonymous reader quotes a report from Engadget: Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers. It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive. Kaspersky describes these two elements as "masterpieces," and for good reason. For one, it's no mean feat to run hostile kernel code without crashes. Slingshot also stores its malware files in an encrypted virtual file system, encrypts every text string in its modules, calls services directly (to avoid tripping security software checks) and even shuts components down when forensic tools are active. If there's a common method of detecting malware or identifying its behavior, Slingshot likely has a defense against it. It's no wonder that the code has been active since at least 2012 -- no one knew it was there. Recent MikroTik router firmware updates should fix the issue. However, there's concern that other router makers might be affected.

Trump Issues Order To Block Broadcom's Takeover of Qualcomm (bloomberg.com) 227

Bloomberg reports that President Donald Trump issued an executive order today blocking Broadcom from acquiring Qualcomm, "scuttling a $117 billion deal that had been subject to U.S. government scrutiny on national security grounds." From the report: The president acted on a recommendation by the Committee on Foreign Investment in the U.S., which reviews acquisitions of American firms by foreign investors. The decision to block the deal was unveiled just hours after Broadcom Chief Executive Officer Hock Tan met with security officials at the Pentagon in a last-ditch effort to salvage the transaction. "There is credible evidence that leads me to believe that Broadcom Ltd." by acquiring Qualcomm "might take action that threatens to impair the national security of the United States," Trump said in the order released Monday evening in Washington.

Comcast 'Blocks' an Encrypted Email Service: Yet Another Reminder Why Net Neutrality Matters (zdnet.com) 105

Zack Whittaker, writing for ZDNet: For about twelve hours earlier this month, encrypted email service Tutanota seemed to fall off the face of the internet for Comcast customers. Starting in the afternoon on March 1, people weren't sure if the site was offline or if it had been attacked. Reddit threads speculated about the outage. Some said that Comcast was actively blocking the site, while others dismissed the claims altogether. Several tweets alerted the Hanover, Germany-based encrypted messaging provider to the alleged blockade, which showed a "connection timed out" message to Comcast users. It was as if to hundreds of Comcast customers, Tutanota didn't exist. But as soon as users switched to another non-Comcast internet connection, the site appeared as normal. "To us, this came as a total surprise," said Matthias Pfau, co-founder of Tutanota, in an email. "It was quite a shock as such an outage shows the immense power [internet providers] are having over our Internet when they can block sites...without having to justify their action in any way," he said.

By March 2, the site was back, but the encrypted email provider was none the wiser to the apparent blockade. The company contacted Comcast for answers, but did not receive a reply. When contacted, a Comcast spokesperson couldn't say why the site was blocked -- or even if the internet and cable giant was behind it. According to a spokesperson, engineers investigated the apparent outage but found there was no evidence of a connection breakage between Comcast and Tutanota. The company keeps records of issues that trigger incidents -- but found nothing to suggest an issue. It's not the first time Comcast customers have been blocked from accessing popular sites. Last year, the company purposefully blocked access to internet behemoth Archive.org for more than 13 hours.


Apple Must Explain Why It Doesn't Want You To Fix Your Own iPhone, California Lawmaker Says (vice.com) 195

A California state lawmaker says she hopes to make Apple explain specifically why it has opposed and lobbied against legislation that would make it easier for you to repair your iPhone and other electronics. Motherboard reports: Last week, California assemblymember Susan Talamantes-Eggman announced that she plans to introduce right to repair legislation in the state, which would require companies like Apple, Microsoft, John Deere, and Samsung to sell replacement parts and repair tools, make repair guides available to the public, and would require companies to make diagnostic software available to independent shops. Public records show that Apple has lobbied against right to repair legislation in New York, and my previous reporting has shown that Apple has privately asked lawmakers to kill legislation in places like Nebraska. To this point, the company has largely used its membership in trade organizations such as CompTIA and the Consumer Technology Association to publicly oppose the bill. But with the right to repair debate coming to Apple's home state, Talamantes-Eggman says she expects the company to show up to hearings about the bill.

"Apple is a very important company in the state of California, and one I have a huge amount of respect for. But the onus is on them to explain why we can't repair our own things and what damage or danger it causes them," Talamantes-Eggman told me in a phone interview. Talamantes-Eggman told me that the bill she plans to introduce will apply to both consumer electronics as well as agricultural equipment such as tractors. Broadly speaking, the electronics industry has decided to go with an "authorized repair" model in which companies pay the original device manufacturer to become authorized to fix devices.


Data Breach Victims Can Sue Yahoo in the United States, Federal Judge Rules (reuters.com) 13

Yahoo has been ordered by a federal judge to face much of a lawsuit in the United States claiming that the personal information of all 3 billion users was compromised in a series of data breaches. From a report: In a decision on Friday night, U.S. District Judge Lucy Koh in San Jose, California rejected a bid by Verizon Communications, which bought Yahoo's Internet business last June, to dismiss many claims, including for negligence and breach of contract. Koh dismissed some other claims. She had previously denied Yahoo's bid to dismiss some unfair competition claims.

[...] The plaintiffs amended their complaint after Yahoo last October revealed that the 2013 breach affected all 3 billion users, tripling its earlier estimate. Koh said the amended complaint highlighted the importance of security in the plaintiffs' decision to use Yahoo. 'Plaintiffs' allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System," Koh wrote. She also said the plaintiffs could try to show that liability limits in Yahoo's terms of service were "unconscionable," given the allegations that Yahoo knew its security was deficient but did little.


Firefox Gets Privacy Boost By Disabling Proximity and Ambient Light Sensor APIs (bleepingcomputer.com) 79

Stating with Firefox 60 -- expected to be released in May 2018 -- websites won't be able to use Firefox to access data from sensors that provide proximity distances and ambient light information. From a report: Firefox was allowing websites to access this data via the W3C Proximity and Ambient Light APIs. But at the start of the month, Mozilla engineers decided to disable access to these two APIs by default. The APIs won't be removed, but their status is now controlled by two Firefox flags that will ship disabled by default. This means users will have to manually enable the two flags before any website can use Firefox to extract proximity and ambient light data from the device's underlying sensors. The two flags will be available in Firefox's about:config settings page. The screenshot below shows the latest Firefox Nightly version, where the two flags are now disabled, while other sensor APIs are enabled.

Slashdot Top Deals