Democrats

Democrats Are Just One Vote Shy of Restoring Net Neutrality (engadget.com) 329

An anonymous reader quotes a report from Engadget: Senate minority leader Chuck Schumer now says Democrats in the Senate are a single vote away from restoring net neutrality. According to the senator from New York, they now have a total of 50 votes for a Senate resolution of disapproval that would restore the Open Internet Order of 2015 and deliver a stiff rebuke to Ajit Pai and other Republican members of the FCC. It would also prevent the agency from passing a similar measure in the future, all but guaranteeing Net Neutrality is permanently preserved. Right now the resolution has the support of all 49 Democrats in the Senate and one Republican, Susan Collins of Maine. But Schumer and the rest of the caucus will have to win over one more Republican vote to prevent Vice President Mike Pence from breaking tie and allowing the repeal to stand. Under the Congressional Review Act, the Senate has 60 days to challenge a decision by an independent agency like the FCC. Democrats have less than 30 days to convince a "moderate" like John McCain or Lindsey Graham to buck their party. Further reading: The Washington Post (paywalled)
The Almighty Buck

OnePlus Customers Report Credit Card Fraud After Buying From the Company's Website (androidpolice.com) 61

If you purchased a OnePlus smartphone recently from the official OnePlus website, you might want to check your transactions to make sure there aren't any you don't recognize. "A poll was posted on the OnePlus forum on Thursday asking users if they had noticed fraudulent charges on their credit cards since purchasing items on the OnePlus site," reports Android Police. "More than 70 respondents confirmed that they had been affected, with the majority saying they had bought from the site within the past 2 months." From the report: A number of FAQs and answers follow, in which OnePlus confirms that only customers who made credit card payments are affected, not those who used PayPal. Apparently, card info isn't stored on the site but is instead sent directly to a "PCI-DSS-compliant payment processing partner" over an encrypted connection. [...] OnePlus goes on to say that intercepting information should be extremely difficult as the site is HTTPS encrypted, but that it is nevertheless carrying out a complete audit. In the meantime, affected customers are advised to contact their credit card companies immediately to get the payments canceled/reversed (called a chargeback). OnePlus will continue to investigate alongside its third-party service providers, and promises to update with its findings as soon as possible.

According to infosec firm Fidus, there is actually a brief window in which data could be intercepted. Between entering your card details into the form and hitting 'submit,' the details are apparently hosted on-site, which could give attackers all the time they need to steal those precious digits and head off on a spending spree. Fidus also notes that the company doesn't appear to be PCI-compliant, but that directly contradicts OnePlus' own statement. We'll have to wait until more details emerge before we pass judgment.
Here's OnePlus' official statement on the matter: "At OnePlus, we take information privacy extremely seriously. Over the weekend, members of the OnePlus community reported cases of unknown credit card transactions occurring on their credit cards post purchase from oneplus.net. We immediately began to investigate as a matter of urgency, and will keep you updated. This FAQ document will be updated to address questions raised."
The Almighty Buck

Canadian Charged With Running LeakedSource.com, Selling Stolen Info (reuters.com) 27

A Canadian man accused of operating the LeakedSource.com website, a major repository of stolen online credentials, has been arrested and charged with trafficking in billions of stolen personal identity records, the Royal Canadian Mounted Police (RCMP) said on Monday. From a report: The site, which was shut down in early 2017, had collected details from a string of major breaches and made them accessible and searchable for a fee. The man, 27-year-old Jordan Evan Bloom, is due to appear in a Toronto court on Monday to hear charges that as administrator of the site he collected some C$247,000 from the sale of stolen records and associated passwords.
Bitcoin

Cryptocurrency Traders in South Korea Face Fines For Virtual Accounts (yonhapnews.co.kr) 74

An anonymous reader shares a report: Cryptocurrency investors in South Korea will be fined for refusing to convert their virtual accounts into real-name ones, financial authorities said Sunday. The move comes as South Korea is scrambling to rein in the virtual currency frenzy in Asia's fourth-largest economy, including preparations for a bill to ban cryptocurrency exchanges at home. According to the authorities, cryptocurrency traders will be allowed to convert their virtual accounts into real-name ones within this month, but those who refuse to accede to real-name identification will face fines.
Privacy

India To Add Facial Authentication For Its Aadhaar Card Security (reuters.com) 20

India will build facial recognition into its national identity card in addition to fingerprints after a series of breaches in the world's biggest biometric identification programme, the government said on Monday. From a report: A local newspaper reported this month that access to the "Aadhaar" database which has identity details of more than 1 billion citizens was being sold for just $8 on social media. The Unique Identification Authority of India (UIDAI), which issues the identity cards, said it would add face recognition software as an additional layer of security from July. Card holders will be required to match their photographs with that stored in the data base for authentication in addition to fingerprints and iris scans, the agency said in a statement.
Google

Why Uber Can Find You but 911 Can't (wsj.com) 199

Accurate location data is on smartphones, so why don't more wireless carriers use it to locate emergency callers? From a report, shared by a reader: Software on Apple's iPhones and Google's Android smartphones help mobile apps like Uber and Facebook to pinpoint a user's location, making it possible to order a car, check in at a local restaurant or receive targeted advertising. But 911, with a far more pressing purpose, is stuck in the past. U.S. regulators estimate as many as 10,000 lives could be saved each year if the 911 emergency dispatching system were able to get to callers one minute faster. Better technology would be especially helpful, regulators say, when a caller can't speak or identify his or her location. After years of pressure, wireless carriers and Silicon Valley companies are finally starting to work together to solve the problem. But progress has been slow. Roughly 80% of the 240 million calls to 911 each year are made using cellphones, according to a trade group that represents first responders. For landlines, the system shows a telephone's exact address. But it can register only an estimated location, sometimes hundreds of yards wide, from a cellphone call. That frustration is now a frequent source of tension during 911 calls, said Colleen Eyman, who oversees 911 services in Arvada, Colo., just outside Denver.
Communications

The Tech Failings of Hawaii's Missile Alert 232

Over the weekend, Hawaii incorrectly warned citizens of a missile attack via their phones. According to The Washington Post, the error was a result of a staffer picking the wrong option -- missile alert instead of test missile alert -- from a drop down software menu. Hawaiian officials say they have already changed protocols to avoid a repeat of the scenario. The report goes on to add: Part of what worsened the situation Saturday was that there was no system in place at the state emergency agency for correcting the error, HEMA (Hawaii Emergency Management Agency) spokesman Richard Rapoza said. The state agency had standing permission through FEMA to use civil warning systems to send out the missile alert -- but not to send out a subsequent false alarm alert, he said. Though the Hawaii Emergency Management Agency posted a follow-up tweet at 8:20 a.m. saying there was "NO missile threat," it wouldn't be until 8:45 a.m. that a subsequent cellphone alert was sent telling people to stand down. Motherboard notes that new regulations require telecom companies to offer a testing system for local and state alert originators, but because of lobbying by Verizon and CTIA, this specific regulation does not go into effect until March 2019.

In a piece, The Atlantic argues that the 90-character messages sent by the system aren't suited to the way we use our devices.
EU

City of Barcelona Dumps Windows For Linux and Open Source Software (europa.eu) 249

An anonymous reader quotes Open Source Observatory: The City of Barcelona is migrating its computer systems away from the Windows platform, reports the Spanish newspaper El País. The City's strategy is first to replace all user applications with open-source alternatives, until the underlying Windows operating system is the only proprietary software remaining. In a final step, the operating system will be replaced with Linux... According to Francesca Bria, the Commissioner of Technology and Digital Innovation at the City Council, the transition will be completed before the current administration's mandate ends in spring 2019. For starters, the Outlook mail client and Exchange Server will be replaced with Open-Xchange. In a similar fashion, Internet Explorer and Office will be replaced with Firefox and LibreOffice, respectively. The Linux distribution eventually used will probably be Ubuntu, since the City of Barcelona is already running 1,000 Ubuntu-based desktops as part of a pilot...

Barcelona is the first municipality to have joined the European campaign 'Public Money, Public Code'. This campaign is an initiative of the Free Software Foundation Europe (FSFE) and revolves around an open letter advocating that publicly funded software should be free. Currently, this call to public agencies is supported by more than 100 organisations and almost 15,000 individuals. With the new open-source strategy, Barcelona's City Council aims to avoid spending large amounts of money on licence-based software and to reduce its dependence on proprietary suppliers through contracts that in some cases have been closed for decades.

Power

California Will Close Its Last Nuclear Power Plant (sfchronicle.com) 353

An anonymous reader quotes the San Francisco Chronicle: California's last nuclear power plant -- Diablo Canyon, whose contentious birth helped shape the modern environmental movement -- will close in 2025, state utility regulators decided Thursday. The unanimous vote by the California Public Utilities Commission will likely bring an end to nuclear energy's long history in the state. State law forbids building more nuclear plants in California until the federal government creates a long-term solution for dealing with their waste, a goal that remains elusive despite decades of effort.

The decision comes even as California expands its fight against global warming. Owned by Pacific Gas and Electric Co., Diablo Canyon is the state's largest power plant, supplying 9 percent of California's electricity while producing no greenhouse gases. "With this decision, we chart a new energy future by phasing out nuclear power here in California," said commission President Michael Picker. "We've looked hard at all the arguments, and we agree the time has come."

Censorship

How Millions of Iranians Are Evading Internet Censors (msn.com) 48

schwit1 quotes the Wall Street Journal: Authorities in Tehran have ratcheted up their policing of the internet in the past week and a half, part of an attempt to stamp out the most far-reaching protests in Iran since 2009. But the crackdown is driving millions of Iranians to tech tools that can help them evade censors, according to activists and developers of the tools. Some of the tools were attracting three or four times more unique users a day than they were before the internet crackdown, potentially weakening government efforts to control access to information online. "By the time they wake up, the government will have lost control of the internet," said Mehdi Yahyanejad, executive director of NetFreedom Pioneers, a California-based technology nonprofit that largely focuses on Iran and develops educational and freedom of information tools.
Wired calls it "the biggest protest movement in Iran since the 2009 Green Movement uprising," criticing tech companies which "continue to deny services to Iranians that could be crucial to free and open communications."
Electronic Frontier Foundation

Calls to Action on the Fifth Anniversary of the Death of Aaron Swartz (eff.org) 151

On the fifth anniversary of the death of Aaron Swartz, EFF activist Elliot Harmon posted a remembrance: When you look around the digital rights community, it's easy to find Aaron's fingerprints all over it. He and his organization Demand Progress worked closely with EFF to stop SOPA. Long before that, he played key roles in the development of RSS, RDF, and Creative Commons. He railed hard against the idea of government-funded scientific research being unavailable to the public, and his passion continues to motivate the open access community. Aaron inspired Lawrence Lessig to fight corruption in politics, eventually fueling Lessig's White House run... It's tempting to become pessimistic in the face of countless threats to free speech and privacy. But the story of the SOPA protests demonstrates that we can win in the face of seemingly insurmountable odds.
He shares a link to a video of Aaron's most inspiring talk, "How We Stopped SOPA," writing that "Aaron warned that SOPA wouldn't be the last time Hollywood attempted to use copyright law as an excuse to censor the Internet... 'The enemies of the freedom to connect have not disappeared... We won this fight because everyone made themselves the hero of their own story. Everyone took it as their job to save this crucial freedom. They threw themselves into it. They did whatever they could think of to do.'"

On the anniversary of Aaron's death, his brother Ben Swartz, an engineer at Twitch, wrote about his own efforts to effect change in ways that would've made Aaron proud, while Aaron's mother urged calls to Congress to continue pushing for reform to the Computer Fraud and Abuse Act.

And there were countless other remembrances on Twitter, including one fro Cory Doctorow, who tweeted a link to Lawrence Lessig's analysis of the prosecution. And Lessig himself marked the anniversary with several posts on Twitter. "None should rest," reads one, "for still, there is no peace."
Cellphones

Text Message Scammer Gets Five Years in Prison (reuters.com) 69

36-year-old Fraser Thompson is going to prison, according to Reuters, after receiving a five-year sentence for "defrauding" cellphone customers out of millions of dollars. An anonymous reader quotes Reuters: Prosecutors said Thompson engaged in a scheme to sign up hundreds of thousands of cellphone customers for paid text messaging services without their consent. The customers were subsequently forced to pay more than $100 million for unsolicited text messages that included trivia, horoscopes and celebrity gossip, according to the prosecutors. They said the scheme was headed by Darcy Wedd, Mobile Messenger's former chief executive, who was found guilty by a jury in December but has not yet been sentenced. "They ripped off everyday cellphone users, $10 a month, netting over $100 million in illegal profits, of which Thompson personally received over $1.5 million," Manhattan U.S. Attorney Geoffrey S. Berman said in a statement.
Thompson was ordered to forfeit $1.5 million in "fraud proceeds," according to the article, and was convicted of conspiracy, wire fraud, identity theft and money laundering.

Seven other people also pleaded guilty to participating in the scam -- and one has already been sentenced to 33 months in prison.
Government

Chelsea Manning Files to Run for U.S. Senate in Maryland (washingtonpost.com) 313

An anonymous reader quotes the Washington Post: Chelsea E. Manning, the transgender former Army private who was convicted of passing sensitive government documents to WikiLeaks, is seeking to run for the U.S. Senate in Maryland, according to federal election filings. Manning would be challenging Democrat Benjamin L. Cardin, who is in his second term in the Senate and is up for reelection in November. Cardin is Maryland's senior senator and is considered an overwhelming favorite to win a third term... However, a candidate with national name recognition, such as Manning, who comes in from the outside could tap a network of donors interested in elevating a progressive agenda...

Evan Greer, campaign director of the nonprofit organization Fight for the Future and a close supporter of Manning's while she was imprisoned, said the news is exciting. "Chelsea Manning has fought for freedom and sacrificed for it in ways that few others have," Greer wrote in an email. "The world is a better place with her as a free woman, and this latest news makes it clear she is only beginning to make her mark on it."

Crime

Kansas 'Swat' Perpetrator Charged; Faces 11 More Years in Prison (latimes.com) 417

Jail time looms for 25-year-old Tyler Barriss, whose fake call to Kansas police led to a fatal shooting:
  • Barriss was charged with involuntary manslaughter, and if convicted "could face up to 11 years and three months in prison." He was also charged with making a false alarm, which is considered a felony. The District Attorney adds that others have also been identified as "potential suspects" in the case, but they're still deciding whether to charge them.
  • Friday Barriss gave his first interview to a local news outlet -- from jail. "Of course, you know, I feel a little of remorse for what happened," he tells KWCH. "I never intended for anyone to get shot and killed. I don't think during any attempted swatting anyone's intentions are for someone to get shot and killed..."

    Asked about the call, Barriss acknowledged that "It hasn't just affected my life, it's affected someone's family too. Someone lost their life. I understand the magnitude of what happened. It's not just affecting me because I'm sitting in jail. I know who it has affected. I understand all of that."
  • Barriss has also been charged in Calgary with public mischief, fraud and mischief for another false phone call, police said, though it's unlikely he'll ever be arrested unless he enters the country. Just six days before the fatal shooting, Barriss had made a nearly identical call to police officers in Canada, this time supplying the address of a well-known video gamer who livestreams on Twitch, and according to one eyewitness more than 20 police cars surrounded her apartment building for at least half an hour.

Cellphones

Fake 'Inbound Missile' Alert Sent To Every Cellphone in Hawaii (chicagotribune.com) 226

"Somebody sent out a false emergency alert to all cell phones in Hawaii saying, 'BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL'," writes Slashdot reader flopwich, adding "Somebody's had better days at work." The Associated Press reports: In a conciliatory news conference later in the day, Hawaii officials apologized for the mistake and vowed to ensure it will never happen again. Hawaii Emergency Management Agency Administrator Vern Miyagi said the error happened when someone hit the wrong button. "We made a mistake," said Miyagi. For nearly 40 minutes, it seemed like the world was about to end in Hawaii, an island paradise already jittery over the threat of nuclear-tipped missiles from North Korea...

On the H-3, a major highway north of Honolulu, vehicles sat empty after drivers left them to run to a nearby tunnel after the alert showed up, the Honolulu Star-Advertiser reported. Workers at a golf club huddled in a kitchen fearing the worst... The Hawaii Emergency Management Agency tweeted there was no threat about 10 minutes after the initial alert, but that didn't reach people who aren't on the social media platform. A revised alert informing of the "false alarm" didn't reach cellphones until 38 minutes later, according to the time stamp on images people shared on social media.

EU

Is Finland's Universal Basic Income Trial Too Good To Be True? (theguardian.com) 534

It was one year ago that Finland began giving money to 2,000 unemployed people -- roughly $652 a month (€560 or £475). But have we learned anything about universal basic incomes? An anonymous reader quotes the Guardian: Amid this unprecedented media attention, the experts who devised the scheme are concerned it is being misrepresented. "It's not really what people are portraying it as," said Markus Kanerva, an applied social and behavioural sciences specialist working in the prime minister's office in Helsinki. "A full-scale universal income trial would need to study different target groups, not just the unemployed. It would have to test different basic income levels, look at local factors. This is really about seeing how a basic unconditional income affects the employment of unemployed people."

While UBI tends often to be associated with progressive politics, Finland's trial was launched -- at a cost of around €20m (£17.7m or $24.3 million) -- by a centre-right, austerity-focused government interested primarily in spending less on social security and bringing down Finland's stubborn 8%-plus unemployment rate. It has a very clear purpose: to see whether an unconditional income might incentivise people to take up paid work. Authorities believe it will shed light on whether unemployed Finns, as experts believe, are put off taking up a job by the fear that a higher marginal tax rate may leave them worse off. Many are also deterred by having to reapply for benefits after every casual or short-term contract... According to Kanerva, the core data the government is seeking -- on whether, and how, the job take-up of the 2,000 unemployed people in the trial differs from a 175,000-strong control group -- will be "robust, and usable in future economic modelling" when it is published in 2019.

Although the experiment may be impacted by all the hype it's generating, according to the Guardian. "One participant who hoped to start his own business with the help of the unconditional monthly payment complained that, after speaking to 140 TV crews and reporters from as far afield as Japan and Korea, he has simply not been able to find the time."
Books

'Science Fiction Writers of America' Accuse Internet Archive of Piracy (sfwa.org) 117

An anonymous reader writes: The "Open Library" project of the nonprofit Internet Archive has been scanning books and offering "loans" of DRM-protected versions for e-readers (which expire after the loan period expires). This week the Legal Affairs Committe of the Science Fiction Writers of America issued a new "Infringement Alert" on the practice, complaining that "an unreadable copy of the book is saved on users' devices...and can be made readable by stripping DRM protection."

The objection, argues SFWA President Cat Rambo, is that "writers' work is being scanned in and put up for access without notifying them... it is up to the individual writer whether or not their work should be made available in this way." But the infringement alert takes the criticism even further. "We suspect that this is the world's largest ongoing project of unremunerated digital distribution of entire in-copyright books."

The Digital Reader blog points out one great irony. "The program initially launched in 2007. It has been running for ten years, and the SFWA only just now noticed." They add that SFWA's tardiness "leaves critical legal issues unresolved."

"Remember, Google won the Google Books case, and had its scanning activities legalized as fair use ex post facto... [I]n fact the Internet Archive has a stronger case than Google did; the latter had a commercial interest in its scans, while the Internet Archive is a non-profit out to serve the public good."
Government

Will Facial Recognition in China Lead To Total Surveillance? (washingtonpost.com) 122

schwit1 shares a new Washington Post article about China's police and security state -- including the facial recognition cameras allow access to apartment buildings. "If I am carrying shopping bags in both hands, I just have to look ahead and the door swings open," one 40-year-old woman tells the Post. "And my 5-year-old daughter can just look up at the camera and get in. It's good for kids because they often lose their keys." But for the police, the cameras that replaced the residents' old entry cards serve quite a different purpose. Now they can see who's coming and going, and by combining artificial intelligence with a huge national bank of photos, the system in this pilot project should enable police to identify what one police report, shared with The Washington Post, called the "bad guys" who once might have slipped by... Banks, airports, hotels and even public toilets are all trying to verify people's identities by analyzing their faces. But the police and security state have been the most enthusiastic about embracing this new technology.

The pilot in Chongqing forms one tiny part of an ambitious plan, known as "Xue Liang," which can be translated as "Sharp Eyes." The intent is to connect the security cameras that already scan roads, shopping malls and transport hubs with private cameras on compounds and buildings, and integrate them into one nationwide surveillance and data-sharing platform... At the back end, these efforts merge with a vast database of information on every citizen, a "Police Cloud" that aims to scoop up such data as criminal and medical records, travel bookings, online purchase and even social media comments -- and link it to everyone's identity card and face.

Government

Many US States Propose Their Own Laws Protecting Net Neutrality (seattletimes.com) 144

An anonymous reader quotes the New York Times: Lawmakers in at least six states, including California and New York, have introduced bills in recent weeks that would forbid internet providers to block or slow down sites or online services. Legislators in several other states, including North Carolina and Illinois, are weighing similar action... By passing their own law, the state lawmakers say, they would ensure that consumers would find the content of the choice, maintain a diversity of voices online and protect businesses from having to pay fees to reach users.

And they might even have an effect beyond their states. California's strict auto-emissions standards, for example, have been followed by a dozen other states, giving California major sway over the auto industry. "There tends to be a follow-on effect, particularly when something happens in a big state like California," said Harold Feld, a senior vice president at a nonprofit consumer group, Public Knowledge, that supports net-neutrality efforts by the states. Bills have also been introduced in Massachusetts, Nebraska, Rhode Island and Washington.

In addition, a representative in Alaska's legislature has also pre-filed legislation requiring the state's ISPs to practice net neutrality, which will be introduced when the state legislature resumes on January 16th.

"The recent FCC decision eliminating net neutrality was a mistake that favors the big internet providers and those who want to restrict the kinds of information a free-thinking Alaskan can access," representative Scott Kawasaki told a local news station. "That is not the Alaskan way, and I am hopeful my colleagues in the House and Senate will agree..."

The Independent also notes that Europe "is still strongly committed" to net neutrality.
Security

Adult Themed VR Game Leaks Data On Thousands (securityledger.com) 41

chicksdaddy writes from The Security Ledger: Somebody deserves a spanking after personal information on thousands of users of an adult virtual reality game were exposed to security researchers in the UK by a balky application. Researchers at the firm Digital Interruption on Tuesday warned that an adult-themed virtual reality application, SinVR, exposes the names, email and other personal information via an insecure desktop application -- a potentially embarrassing security lapse. The company decided to go public with the information after being frustrated in multiple efforts to responsibly disclose the vulnerability to parent company inVR, Inc., Digital Interruption researcher and founder Jahmel Harris told The Security Ledger. Jahmel estimated that more than 19,000 records were leaked by the application, but did not have an exact count.

SinVR is a sex-themed virtual reality game that allows players to navigate in various adult-themed environments and interact with virtual characters in common pornographic themes including BDSM, cosplay, naughty teacher, and so on. The company discovered the data after reverse-engineering the SinVR desktop application and noticing a function named "downloadallcustomers." That function called a web service that returned thousands of SinVR customer records including email addresses, user names, computer PC names and so on. Passwords and credit card details were not part of the data dump, Harris said.

Slashdot Top Deals