Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Snapchat, Skype Put Users' 'Human Rights at Risk', Amnesty Int'l Reports ( 47

Shanika Gunaratna, writing for CBS News: Snapchat and Skype are falling short in protecting users' privacy -- a failure that puts users' "human rights at risk," according to a report by the organization Amnesty International. Snapchat and Skype received dismal grades in a new set of rankings released by Amnesty that specifically evaluate how popular messaging apps use encryption to protect users' private communications. In the report, Amnesty is trying to elevate encryption as a human rights necessity, due to concerns that activists, opposition politicians and journalists in some countries could be put in grave danger if their communications on popular messaging apps were compromised. "Activists around the world rely on encryption to protect themselves from spying by authorities, and it is unacceptable for technology companies to expose them to danger by failing to adequately respond to the human rights risks," Sherif Elsayed-Ali, head of Amnesty's technology and human rights team, said in a statement. "The future of privacy and free speech online depends to a very large extent on whether tech companies provide services that protect our communications, or serve them up on a plate for prying eyes."Microsoft's Skype received 40 out of 100. WhatsApp fared at 73, and Apple scored 67 out of 100 for its iMessage and FaceTime apps. BlackBerry, Snapchat, and China's Tencent did 30 out of 100.

AT&T Is Spying on Americans For Profit, New Documents Reveal ( 158

AT&T has been secretly spying on its own customers, the Daily Beast reports. The revelation comes days after the top carrier announced plans to purchase Time Warner. The report claims that AT&T ran a program called Project Hemisphere through which it analyzed cellular data from the company's call records to determine where a given individual is located and with whom they are speaking. The New York Times reported about the program's existence in 2013, but it was described as a "partnership" between A&T and the government for fighting narcotics trafficking. But today's report, which cites several classifed documents, claims that AT&T used Hemisphere for a range of other functions -- and always without a warrant. From the report:Hemisphere is a secretive program run by AT&T that searches trillions of call records and analyzes cellular data to determine where a target is located, with whom he speaks, and potentially why. [...] Hemisphere isn't a "partnership" but rather a product AT&T developed, marketed, and sold at a cost of millions of dollars per year to taxpayers. No warrant is required to make use of the company's massive trove of data, according to AT&T documents, only a promise from law enforcement to not disclose Hemisphere if an investigation using it becomes public. These new revelations come as the company seeks to acquire Time Warner in the face of vocal opposition saying the deal would be bad for consumers. While telecommunications companies are legally obligated to hand over records, AT&T appears to have gone much further to make the enterprise profitable, according to ACLU technology policy analyst Christopher Soghoian. "Companies have to give this data to law enforcement upon request, if they have it. AT&T doesn't have to data-mine its database to help police come up with new numbers to investigate," Soghoian said. AT&T has a unique power to extract information from its metadata because it retains so much of it. The company owns more than three-quarters of U.S. landline switches, and the second largest share of the nation's wireless infrastructure and cellphone towers, behind Verizon. AT&T retains its cell tower data going back to July 2008, longer than other providers. Verizon holds records for a year and Sprint for 18 months, according to a 2011 retention schedule obtained by The Daily Beast.

Rowhammer Attack Can Now Root Android Devices ( 100

An anonymous reader writes from a report via Softpedia: Researchers have discovered a method to use the Rowhammer RAM attack for rooting Android devices. For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack. The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable. The research team says the Drammer attack has far more wide-reaching implications than just Android, being able to exploit any device running on ARM chips. In the past, researchers have tested the Rowhammer attack against DDR3 and DDR4 memory cards, weaponized it via JavaScript, took over PCs via Microsoft Edge, and hijacked Linux virtual machines. There's an app to test if your phone is vulnerable to this attack. "Rowhammer is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access," according to Wikipedia. "This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times."

Alibaba Founder To Chinese Government: Use Big Data To Stop Criminals ( 46

An anonymous reader quotes a report from Bloomberg: Chinese billionaire Jack Ma proposed that the nation's top security bureau use big data to prevent crime, endorsing the country's nascent effort to build unparalleled online surveillance of its billion-plus people. China's data capabilities are virtually unrivaled among its global peers, and policing cannot happen without the ability to analyze information on its citizens, the co-founder of Alibaba Group Holding Ltd. said in a speech published Saturday by the agency that polices crime and runs the courts. Ma's stance resonates with that of China's ruling body, which is establishing a system to collect and parse information on citizens in a country where minimal safeguards exist for privacy. "Bad guys in a movie are identifiable at first glance, but how can the ones in real life be found?" Ma said in his speech, which was posted on the official WeChat account of the Commission for Political and Legal Affairs. "In the age of big data, we need to remember that our legal and security system with millions of members will also face change." In his speech, Ma stuck mainly to the issue of crime prevention. In Alibaba's hometown of Hangzhou alone, the number of surveillance cameras may already surpass that of New York's, Ma said. Humans can't handle the sheer amount of data amassed, which is where artificial intelligence comes in, he added. "The future legal and security system cannot be separated from the internet and big data," Ma said. Ma's speech also highlights the delicate relationship between Chinese web companies and the government. The ruling party has designated internet industry leaders as key targets for outreach, with President Xi Jinping saying in May last year that technology leaders should "demonstrate positive energy in purifying cyberspace."

Electronic Surveillance Up 500% In DC Area Since 2011, Almost All Sealed Cases ( 41

schwit1 quotes a report from Washington Post: Secret law enforcement requests to conduct electronic surveillance in domestic criminal cases have surged in federal courts for Northern Virginia and the District, but only one in a thousand of the applications ever becomes public, newly released data show. The bare-bones release by the courts leaves unanswered how long, in what ways and for what crimes federal investigators tracked individuals' data and whether long-running investigations result in charges. In Northern Virginia, electronic surveillance requests increased 500 percent in the past five years, from 305 in 2011 to a pace set to pass 1,800 this year. Only one of the total 4,113 applications in those five years had been unsealed as of late July, according to information from the Alexandria division of the U.S. District Court for the Eastern District of Virginia, which covers northern Virginia. The report adds: "The federal court for the District of Columbia had 235 requests in 2012, made by the local U.S. attorney's office. By 2013, requests in the District had climbed 240 percent, to about 564, according to information released by the court's chief judge and clerk. Three of the 235 applications from 2012 have been unsealed. The releases from the Washington-area courts list applications by law enforcement to federal judges asking to track data -- but not eavesdrop -- on users' electronic communications. That data can include sender and recipient information, and the time, date, duration and size of calls, emails, instant messages and social media messages, as well as device identification numbers and some website information."

AT&T's $85B US Bid For Time Warner Sparks Antitrust Fears in Washington ( 116

An anonymous reader writes: The two top members of the Senate's antitrust subcommittee said Sunday that they plan to probe a colossal deal between AT&T and Time Warner. In a statement, Mike Lee, R-Utah., and Amy Klobuchar, D-Minn. -- chairman and ranking Democrat, respectively, of the Judiciary Subcommittee on Antitrust, Competition Policy and Consumer Rights -- said AT&T's acquisition of Time Warner "would potentially raise significant antitrust issues" that the panel would "carefully examine." AT&T Chairman and Chief Executive Randall Stephenson announced the $85 billion deal Saturday as "a great fit" that will combine the "world's best premium content with the networks to deliver it to every screen." Among those new properties are HBO, Turner Broadcasting System and Warner Bros., which would give them ownership of Cinemax, CNN and DC Comics, to name a few. Last year, AT&T completed the purchase of DirecTV, the country's largest satellite television provider. In an interview with NBC News, Klobuchar pointed to past mega-media acquisitions -- including the purchase of NBCUniversal by Comcast in 2011 and of Time Warner Cable by Charter Communications -- and said the "sheer volume" of the deal should give regulators pause.Presidential candidate Donald Trump has said that he would not approve of this deal if elected as the President. In the meanwhile, Bernie Sanders have also asked Obama administration to kill this agreement. The Vermont Senator said, "The deal would mean higher prices and fewer choices for the American people,"

Swedish Administrative Court Bans Drones With Cameras ( 113

An anonymous reader writes: The ruling of the Swedish administrative courts forbids anyone to fly a drone equipped with a camera as long as its not "... to document crime or prevent accidents...". They also rule that there is no exception for the ban for commercial use or in journalistic purposes. According to the court the issue with the drones is that is not "controlled locally"

The ban could cause a great problems for the drone industry within Sweden and the UAS Sweden has taken a stand against the ruling because of how it "... strikes against an entire industry that employs thousands of employees."


A New Attack Allows Intercepting Or Blocking Of Every LTE Phone Call And Text ( 79

All LTE networks and devices are vulnerable to a new attack demonstrated at the Ruxon security conference in Melbourne. mask.of.sanity shared this article from The Register: It exploits LTE fall-back mechanisms designed to ensure continuity of phone services in the event of emergency situations that trigger base station overloads... The attacks work through a series of messages sent between malicious base stations spun up by attackers and targeted phones. It results in attackers gaining a man-in-the-middle position from where they can listen to calls or read SMS, or force phones back to 2G GSM networks where only voice and basic data services are available...

[Researcher Wanqiao] Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity. "You can create a denial of service attack against cellphones by forcing phones into fake networks with no services," Zhang told the conference. "You can make malicious calls and SMS and...eavesdrop on all voice and data traffic."


US Police Consider Flying Drones Armed With Stun Guns ( 163

Slashdot reader Presto Vivace tipped us off to news reports that U.S. police officials are considering the use of flying drones to taser their suspects. From Digital Trends: Talks have recently taken place between police officials and Taser International, a company that makes stun guns and body cameras for use by law enforcement, the Wall Street Journal reported on Thursday. While no decision has yet been made on whether to strap stun guns to remotely controlled quadcopters, Taser spokesman Steve Tuttle said his team were discussing the idea with officials as part of broader talks about "various future concepts."

Tuttle told the Journal that such technology could be deployed in "high-risk scenarios such as terrorist barricades" to incapacitate the suspect rather than kill them outright... However, critics are likely to fear that such a plan would ultimately lead to the police loading up drones with guns and other weapons. Portland police department's Pete Simpson told the Journal that while a Taser drone could be useful in some circumstances, getting the public "to accept an unmanned vehicle that's got some sort of weapon on it might be a hurdle to overcome."

The article points out that there's already a police force in India with flying drones equipped with pepper spray.

Who Should We Blame For Friday's DDOS Attack? ( 190

"Wondering which IoT device types are part of the Mirai botnet causing trouble today? Brian Krebs has the list," tweeted Trend Micro's Eric Skinner Friday, sharing an early October link which identifies Panasonic, Samsung and Xerox printers, and lesser known makers of routers and cameras. An anonymous reader quotes Fortune: Part of the responsibility should also lie with lawmakers and regulators, who have failed to create a safety system to account for the Internet-of-Things era we are now living in. Finally, it's time for consumers to acknowledge they have a role in the attack too. By failing to secure the internet-connected devices, they are endangering not just themselves but the rest of the Internet as well.
If you're worried, Motherboard is pointing people to an online scanning tool from BullGuard (a U.K. anti-virus firm) which checks whether devices on your home network are listed in the Shodan search engine for unsecured IoT devices. But earlier this month, Brian Krebs pointed out the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks..."
United States

American 'Vigilante Hacker' Defaces Russian Ministry's Website ( 205

An anonymous Slashdot reader quotes CNN Money: An American vigilante hacker -- who calls himself "The Jester" -- has defaced the website of the Russian Ministry of Foreign Affairs in retaliation for attacks on American targets... "Comrades! We interrupt regular scheduled Russian Foreign Affairs Website programming to bring you the following important message," he wrote. "Knock it off. You may be able to push around nations around you, but this is America. Nobody is impressed."
In early 2015, CNN Money profiled The Jester as "the vigilante who hacks jihadists," noting he's a former U.S. soldier who now "single-handedly taken down dozens of websites that, he deems, support jihadist propaganda and recruitment efforts. He stopped counting at 179." That article argues that "the fact that he hasn't yet been hunted down and arrested says a lot about federal prosecutors and the FBI. Several cybersecurity experts see it as tacit approval."

"In an exclusive interview with CNNMoney this weekend, Jester said he chose to attack Russia out of frustration for the massive DNS cyberattack that knocked out a portion of the internet in the United States on Friday... 'I'm not gonna sit around watching these f----rs laughing at us.'"

Dyn Executive Responds To Friday's DDOS Attack ( 76

"It is said that eternal vigilance is the price of liberty...We must continue to work together to make the internet a more resilient place to work, play and communicate," wrote Dyn's Chief Strategy Officer in a Saturday blog post. An anonymous reader reports: Dyn CSO Kyle York says they're still investigating Friday's attack, "conducting a thorough root cause and forensic analysis" while "carefully monitoring" for any additional attacks. In a section titled "What We Know," he describes "a sophisticated attack across multiple attack vectors and internet source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack." But he warns that "we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses."

He posted a timeline of the attacks (7:00 EST and 12:00 EST), adding "While there was a third attack attempted, we were able to successfully mitigate it without customer impact... We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these." He predicts Friday's attack will be seen as "historic," and acknowledges his staff's efforts to fight the attack as well as the support received from "the technology community, from the operations teams of the world's top internet companies, to law enforcement and the standards community, to our competition and vendors... On behalf of Dyn, I'd like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support."

Online businesses may have lost up to $110 million in sales and revenue, according to the CEO of Dynatrace, who tells CNN more than half of the 150 websites they monitor were affected.

Feds Walk Into a Building, Demand Everyone's Fingerprints To Open Phones ( 430

An anonymous Slashdot reader quotes the Daily Herald: Investigators in Lancaster, California, were granted a search warrant last May with a scope that allowed them to force anyone inside the premises at the time of search to open up their phones via fingerprint recognition, Forbes reported Sunday. The government argued that this did not violate the citizens' Fifth Amendment protection against self incrimination because no actual passcode was handed over to authorities...

"I was frankly a bit shocked," said Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, when he learned about the scope of search warrant. "As far as I know, this warrant application was unprecedented"... He also described requiring phones to be unlocked via fingerprint, which does not technically count as handing over a self-incriminating password, as a "clever end-run" around constitutional rights.


Should Journalists Ignore Some Leaked Emails? ( 357

Tuesday Lawrence Lessig issued a comment about a leaked email which showed complaints about his smugness from a Clinton campaign staffer: "I'm a big believer in leaks for the public interest... But I can't for the life of me see the public good in a leak like this..." Now mirandakatz shares an article by tech journalist Steven Levy arguing that instead, "The press is mining the dirty work of Russian hackers for gossipy inside-beltway accounts." This is perfectly legal. As long as journalists don't do the stealing themselves, they are solidly allowed to publish what thieves expose, especially if, as in this case, the contents are available to all... [But] is the exploitation of stolen personal emails a moral act? By diving into this corpus to expose anything unseemly or embarrassing, reporters may be, however unwillingly, participating in a scheme by a foreign power to mess with our election...

As a 'good' journalist, I know that I'm supposed to cheer on the availability of information... But it's difficult to argue that these discoveries were unearthed by reporters for the sake of public good...

He's sympathetic to the idea that minutiae from campaigns lets journalists "examine the failings of 'business as usual'," but "it would be so much nicer if some disgruntled colleague of Podesta's was providing information to reporters, rather than Vladimir Putin using them as stooges to undermine our democracy." He ultimately asks, "is it moral to amplify anything that's already exposed on the internet, even if the exposers are lawbreakers with an agenda?"
The Media

Journalist Cleared of Riot Charges in South Dakota ( 79

Her video went viral, viewed more than 14 million times, and triggering concerns online when she was threatened with prison. But a North Dakota judge "refused to authorize riot charges against award-winning journalist Amy Goodman for her reporting on an attack against Native American-led anti-pipeline protesters." An anonymous Slashdot reader quotes NBC News: Goodman described the victory as a "great vindication of the First Amendment," although McLean County State's Attorney Ladd Erickson told The New York Times that additional charges were possible. "I believe they want to keep the investigation open and see if there is any evidence in the unedited and unpublished videos that we could better detail in an affidavit for the judge," Erickson told the newspaper.
The native Americans "were attempting to block the destruction of sacred sites, including ancestral burial grounds," according to a new article co-authored by Goodman about her experiences, which argues that "Attempts to criminalize nonviolent land and water defenders, humiliate them and arrest journalists should not pave the way for this pipeline."

John McAfee Thinks North Korea Hacked Dyn, and Iran Hacked the DNC ( 149

"The Dark Web is rife with speculation that North Korea is responsible for the Dyn hack" says John McAfee, according to a new article on CSO: McAfee said they certainly have the capability and if it's true...then forensic analysis will point to either Russia, China, or some group within the U.S. [And] who hacked the Democratic National Committee? McAfee -- in an email exchange and follow up phone call -- said sources within the Dark Web suggest it was Iran, and he absolutely agrees. While Russian hackers get more media attention nowadays, Iranian hackers have had their share... "The Iranians view Trump as a destabilizing force within America," said McAfee. "They would like nothing more than to have Trump as President....

"If all evidence points to the Russians, then, with 100% certainty, it is not the Russians. Anyone who is capable of carrying out a hack of such sophistication is also capable, with far less effort than that involved in the hack, of hiding their tracks or making it appear that the hack came from some other quarter..."

Bruce Schneier writes that "we don't know anything much of anything" about yesterday's massive DDOS attacks. "If I had to guess, though, I don't think it's China. I think it's more likely related to the DDoS attacks against Brian Krebs than the probing attacks against the Internet infrastructure..." Earlier this month Krebs had warned that source code had been released for the massive DDOS attacks he endured in September, "virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices."

'Anonymous' Hacker Indicted As His Hunger Strike Continues ( 67

Eight months after being rescued at sea near Cuba and then arrested, Anonymous hacker Martin Gottesfeld now faces prosecution as well as death by hunger. Newsweek reports: A member of Anonymous has been indicted on hacking charges while on the third week of a prison hunger strike protesting perceived institutionalized torture and political prosecutions. Martin Gottesfeld, 32, was charged this week in relation to the hacking of Boston Children's Hospital in 2014 following the alleged mistreatment of one of its patients. Gottesfeld has previously admitted to targeting the hospital, though says he did it in defense of "an innocent, learning-disabled, 15-year-old girl"...

Since beginning his hunger strike on October 3, Gottesfeld tells Newsweek from prison he has lost 16.5 pounds. He says he will continue his hunger strike until two demands are met: a promise from the presidential candidates that children are not mistreated in the way he claims Pelletier was; and an end to the "political" style of prosecution waged by Carmen Ortiz, the U.S. attorney for Massachusetts.

The indictment claims that the hospital spent more than $300,000 to "mitigate" the damage from the 2014 attack.

Google Has Quietly Dropped Ban On Personally Identifiable Web Tracking ( 154

Fudge Factor 3000 writes: Google has quietly changed its privacy policy to allow it to associate web tracking, which is supposed to remain anonymous, with personally identifiable user data. This completely reneges its promise to keep a wall between ad tracking and personally identifiable user data, further eroding one's anonymity on the internet. Google's priorities are clear. All they care about is monetizing user information to rake in the big dollars from ad revenue. Think twice before you purchase the premium priced Google Pixel. Google is getting added value from you as its product without giving you part of the revenue it is generating through tracking through lower prices. The crossed-out section in its privacy policy, which discusses the separation of information as mentioned above, has been followed with this statement: "Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google's services and the ads delivered by Google." ProPublica reports: "The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer. The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct. The move is a sea change for Google and a further blow to the online ad industry's longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people's real names. But until this summer, Google held the line." You can choose to opt in or out of the personalized ads here.

Cisco Develops System To Automatically Cut-Off Pirate Video Streams ( 112

An anonymous reader quotes a report from TorrentFreak: Pirate services obtain content by capturing and restreaming feeds obtained from official sources, often from something as humble as a regular subscriber account. These streams can then be redistributed by thousands of other sites and services, many of which are easily found using a simple search. Dedicated anti-piracy companies track down these streams and send takedown notices to the hosts carrying them. Sometimes this means that streams go down quickly but in other cases hosts can take a while to respond or may not comply at all. Networking company Cisco thinks it has found a solution to these problems. The company's claims center around its Streaming Piracy Prevention (SPP) platform, a system that aims to take down illicit streams in real-time. Perhaps most interestingly, Cisco says SPP functions without needing to send takedown notices to companies hosting illicit streams. "Traditional takedown mechanisms such as sending legal notices (commonly referred to as 'DMCA notices') are ineffective where pirate services have put in place infrastructure capable of delivering video at tens and even hundreds of gigabits per second, as in essence there is nobody to send a notice to," the company explains. "Escalation to infrastructure providers works to an extent, but the process is often slow as the pirate services will likely provide the largest revenue source for many of the platform providers in question." To overcome these problems Cisco says it has partnered with Friend MTS (FMTS), a UK-based company specializing in content-protection. Among its services, FMTS offers Distribution iD, which allows content providers to pinpoint which of their downstream distributors' platforms are a current source of content leaks. "Robust and unique watermarks are embedded into each distributor feed for identification. The code is invisible to the viewer but can be recovered by our specialist detector software," FMTS explains. "Once infringing content has been located, the service automatically extracts the watermark for accurate distributor identification." According to Cisco, FMTS feeds the SPP service with pirate video streams it finds online. These are tracked back to the source of the leak (such as a particular distributor or specific pay TV subscriber account) which can then be shut-down in real time.

WikiLeaks To Its Supporters: 'Stop Taking Down the US Internet, You Proved Your Point' ( 334

MojoKid writes: The Internet took a turn for the worst this morning, when large parts of the DNS network were brought down by a massive distributed denial of service attack (DDoS) targeting DNS provider Dyn. If you couldn't access Amazon, Twitter, and a host of other large sites and online services earlier today, this was why. Now, if a couple of additional tweets are to be believed, it appears supporters of WikiLeaks are responsible for this large scale DDoS attack on Dynamic Network Services Inc's Dyn DNS service. WikiLeaks is alleging that a group of its supporters launched today's DDoS attack in retaliation for the Obama administration using its influence to push the Ecuadorian government to limit Assange's internet access. Another earlier tweet reassures supporters that Mr. Assange is still alive, which -- along with a photo of heavily armed police posted this morning -- implies that he may have been (or may still be) in danger, and directly asks said supporters to stop the attack. WikiLeaks published this tweet a little after 5PM: "Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point." It was followed by: "The Obama administration should not have attempted to misuse its instruments of state to stop criticism of its ruling party candidate."

Slashdot Top Deals