chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."

New submitter zayyd writes "The CBC reports that publicly-elected Gerry Rogers, member of the Provincial Government for Newfoundland and Labrador, 'has been removed from the house of assembly for refusing to apologize for comments made by other users on a Facebook group of which she had been added to as a member.' Rogers was unwillingly added to a Facebook Group which included comments of death threats aimed at Premier Kathy Dunderdale from other users. From the article: 'Dunderdale said her government understands how Facebook groups work, and she said it is up to every MHA to monitor the comments posted on Facebook groups to which they belong.' Facebook's policies for Groups are somewhat clear, even if they don't actually answer the question of 'Can I prevent people from adding me to a new group?'"

Pikoro writes with news that Foxconn's parent company has entered into an agreement to pay Microsoft royalties for every Android device they manufacture, joining a rather long list of companies licensing patents for Android/Linux from Microsoft. From the BBC: "Microsoft has secured a patent deal with the world's biggest consumer electronics manufacturer to receive fees for devices powered by Google's Android and Chrome operating systems. Hon Hai — the parent company of Foxconn — said the deal would help prevent its clients being caught up in an ongoing intellectual property dispute. Microsoft says that Google's code makes use of innovations it owns. Google alleges its rival's claims are based on 'bogus patents.' 'The patents at issue cover a range of functionality embodied in Android devices that are essential to the user experience, including: natural ways of interacting with devices by tabbing through various screens to find the information they need; surfing the web more quickly, and interacting with documents and e-books.'"

An anonymous reader sent in word that the Obama administration is threatening to veto CISPA in its current form because "The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information (PDF) when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable — and not granted immunity — for failing to safeguard personal information adequately. The Administration is committed to working with all stakeholders to find a workable solution to this challenge." Ars has a few more details, the EFF urges U.S. citizens to oppose the bill, and one of the sponsors tweeted that those opposed to the bill are basement dwelling fourteen-year-olds. Note that the Administration still wants there to be some kind of comprehensive data sharing law in the name of cybersecurity, so this may very well rear its head again in the coming months.

dcblogs writes "The U.S. Senate comprehensive immigration bill, due Tuesday, will allow the H-1B cap to rise from 65,000 to as high as 180,000. The bill, overall, contains some interesting provisions. It will require the U.S. Labor Dept. to create a website of H-1B job openings that employers must post to. The jobs must be posted least 30 calendar days before hiring an H-1B applicant to fill that position. The bill also raises wages for H-1B workers to make them more competitive, although the amount wasn't specified. One provision that will affect India, in particular, limits H-1B visa use to 50% of a firm's U.S. workforce. The provision may prompt India firms to buy U.S. companies to expand their U.S. presence."

ndogg writes "Mozilla is considering pulling TeliaSonera from its list of root certificate SSL providers. They have asked for comments on this on their mailing list. They're concerned about the use of the certificates by those governments for spying on its citizens, particularly in Azerbaijan, Kazakhstan, Georgia, Uzbekistan and Tajikistan — where TeliaSonera operates subsidiaries or is heavily invested. Mozilla's concern is that TeliaSonera has possibly issued certificates that allow hardline government servers to masquerade as legitimate websites — so-called man-in-the-middle attacks — and decrypt web traffic. This alleged activity would contradict Mozilla's policy against 'knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates.'"

An anonymous reader writes "Gottfrid Svartholm Warg, a.k.a. 'anakata,' co-founder of The Pirate Bay, has been indicted by a Swedish court on charges of computer hacking and fraud. The prosecuting attorney said, 'A large amount of data from companies and agencies was taken during the hack, including a large amount of personal data, such as personal identity numbers of people with protected identities.' According to Ars, 'The first count of hacking involves allegedly unlawfully using another person's username and password to search Infotorg, a well-known massive privately held commercial database of "private individuals, companies, properties and vehicles." The second count, as previously reported, involves an alleged hack dating back to 2010 of Logica, a Swedish IT firm that contracts with the Swedish tax authority. In March 2012, Logica was hit by an online attack that resulted in around 9,000 Swedes (Google Translate) having their personal identity numbers and names released to the public. ... The third count of hacking, allegedly taking place between July and August 2012, accuses Svartholm Warg of unauthorized access of major Nordic region bank Nordea's computers. The fraud charges accuse Svartholm Warg of allegedly transferring and attempting to transfer money from Nordea to other unauthorized bank accounts.'"

An anonymous reader writes "A trader who last year made an unauthorized purchase of nearly US$1 billion worth of Apple stock has pled guilty to wire fraud, securities fraud and conspiracy. On October 25, 2012 — the same day Apple posted its Q3 2012 earnings — David Miller of Rochdale Securities made a number of unauthorized purchases of Apple shares which ultimately led to the demise of the financial services firm he worked for. The aim of Miller's action was to make a lot of money very quickly by purchasing large quantities of Apple shares and selling them in a post-earnings surge."

An anonymous reader writes with this excerpt from Motherboard about the immediate aftermath of yesterday's bomb attack in Boston, which attempts to explain the (unsurprisingly) poor accessibility of the cellular network after the blasts: "Gut instinct suggests that the network must've been overloaded with people trying to find loved ones. At first, the Associated Press said it was a concerted effort to prevent any remote detonators from being used, citing a law enforcement official. After some disputed that report, the AP reversed its report, citing officials from Verizon and Sprint who said they'd never had a request to shut down the network, and who blamed slowdowns on heavy load. (Motherboard's Derek Mead was able to send text messages to both his sister and her boyfriend, who were very near the finish line, shortly after the bombing, which suggests that networks were never totally shut down. Still, shutting down cell phone networks to prevent remote detonation wouldn't be without precedent: It is a common tactic in Pakistan, where bombings happen with regularity.)"

An anonymous reader writes "Monday, the Supreme Court will hear a case on the validity of breast cancer gene patents. The court has a chance to end human gene patents after three decades. From the article: 'Since the 1980s, patent lawyers have been claiming pieces of humanity's genetic code. The United States Patent and Trademark Office has granted thousands of gene patents. The Federal Circuit, the court that hears all patent appeals, has consistently ruled such patents are legal. But the judicial winds have been shifting. The Supreme Court has never ruled on the legality of gene patents. And recently, the Supreme Court has grown increasingly skeptical of the Federal Circuit's patent-friendly jurisprudence. Meanwhile, a growing number of researchers, health care providers, and public interest groups have raised concerns about the harms of gene patents. The American Civil Liberties Union estimates that more than 40 percent of genes are now patented. Those patents have created "patent thickets" that make it difficult for scientists to do genetic research and commercialize their results. Monopolies on genetic testing have raised prices and reduced patient options.'"

badger.foo writes "When you publicly assert that somebody sent spam, you need to ensure that your data is accurate. Your process needs to be simple and verifiable, and to compensate for any errors, you want your process to be transparent to the public with clear points of contact and line of responsibility. Here are some pointers from the operator of the bsdly.net greytrap-based blacklist."

An anonymous reader writes "Facebook on Friday released its Android launcher called Home. The company also updated its Facebook app, adding in new permissions to allow it to collect data about the apps you are running. Facebook has set up Home to interface with the main Facebook app on Android to do all the work. In fact, the main Facebook app features all the required permissions letting the Home app meekly state: 'THIS APPLICATION REQUIRES NO SPECIAL PERMISSIONS TO RUN.' As such, it’s the Facebook app that’s doing all the information collecting. It’s unclear, however, if it will do so even if Facebook Home is not installed. Facebook may simply be declaring all the permissions the Home launcher requires, meaning the app only starts collecting data if Home asks it to."

chamilto0516 writes "Twenty-five miles due south of Salt Lake City, a massive construction project is nearing completion. The heavily secured site belongs to the National Security Agency. The NSA says the Utah Data Center is a facility for the intelligence community that will have a major focus on cyber security. Some published reports suggest it could hold 5 zettabytes of data. Asked if the Utah Data Center would hold the data of American citizens, Alexander [director of the NSA] said, 'No...we don't hold data on U.S. citizens,' adding that the NSA staff 'take protecting your civil liberties and privacy as the most important thing that they do, and securing this nation.' But critics, including former NSA employees, say the data center is front and center in the debate over liberty, security and privacy." According to University of Utah computing professor Matthew Might, one thing is clear about the Utah Data Center, it means good paying jobs. "The federal government is giving money to the U.'s programming department to develop jobs to fill the NSA building," he says.

An anonymous reader writes "Australia's premiere government research organization, the CSIRO, has been rocked by allegations of corruption including: dishonesty with 60 top-class scientists bullied or fired, fraud against drug giant Novartis, and illegally using intellectual property, faking documents and unreliable testimony to judicial officers. CSIRO boss Megan Clark has refused to discipline the staff responsible and the federal police don't want to get involved. Victims are unimpressed and former CSIRO scientists are calling for an inquiry."

A user writes "The defense lawyers of Guantanamo prisoners have been ordered to stop using government computers for sensitive information due to security and confidentiality concerns. One News from New Zealand says 'In another case, system administrators were searching files at prosecutors' request and were able to access more than 500,000 defense files, including confidential attorney-client communications.' Due to all this, hearings were postponed."

garymortimer writes "SHEPHERD-MIL, a UAV which looks like a native bird with the same flight performance, will be featured at HOMSEC 2013. This UAV is characterized by the glide-ratio and noiseless motor that make it invisible, silent and unobtrusive in sensitive missions. SHEPHERD-MIL is equipped with cameras and geolocation software. The system is especially suitable for border surveillance missions, firefighting, and anti-drug trafficking operations amongst others."

An anonymous reader writes "Google Chairman Eric Schmidt is urging lawmakers to regulate the use of unmanned aircraft by civilians — and quickly. He posed this hypothetical situation to The Guardian: 'You're having a dispute with your neighbor. How would you feel if your neighbor went over and bought a commercial observation drone that they can launch from their backyard. It just flies over your house all day. How would you feel about it?' Schmidt went on to bring up military and terrorist concerns. 'I'm not going to pass judgment on whether armies should exist, but I would prefer to not spread and democratize the ability to fight war to every single human being. It's got to be regulated... It's one thing for governments, who have some legitimacy in what they're doing, but have other people doing it... it's not going to happen.'"

hypnosec writes "The UK Government will be examining whether free to download apps are putting unfair pressure on kids to pay up for additional content within the game through in-app purchases. Office of Fair Trading (OFT), UK, will be carrying out the investigation of games that include 'commercially aggressive' in-app purchases after a number of cases have been reported whereby parents have incurred huge bills after their kids have spent huge amounts on in-app purchases."

An anonymous reader writes "Two hundred hackers from around the world gathered at a Miami Beach hotel Thursday and Friday for the Infiltrate Security conference, which focuses on systems hacking from the 'offensive' perspective (with slides). In a keynote address, Stephen Watt, who served two years in prison for writing the software used by his friend Alberto Gonzalez to steal millions of credit card numbers from TJX, Hannaford and other retailers, acknowledges he was a 'black hat' but denies that he was directly involved in TJX or any other specific job. Watt says his TCP sniffer logged critical data from a specified range of ports, which was then encrypted and uploaded to a remote server. Brad 'RenderMan' Haines gave a presentation on vulnerabilities of the Air Traffic Control system, including the FAA's 'NextGen' system which apparently carries forward the same weakness of unencrypted, unauthenticated location data passed between airplanes and control towers. Regarding the recent potential exploits publicized by Spanish researcher Hugo Teso, Haines says he pointed out similar to the FAA and its Canadian counterpart a year ago, but received only perfunctory response."

Last summer we followed the odd case of lawyer Charles Carreon, as he went after Matthew Inman, creator of The Oatmeal webcomic, with legal threats. Carreon had been hired by FunnyJunk, a website Inman accused of stealing his comics. Carreon demanded $20,000 in compensation for Inman's "false accusations." Inman declined, and then used the publicity to solicit over $200,000 in donations, which he gave to charity after sending Carreon photographs. Carreon dropped the suit against Inman, but the saga continued. A satirical website was set up about Carreon, which caused him to invoke the legal system again. The article documents the absurdities, which included further legal action and a song. Now, however, Carreon is reaping what he has sown; a judge has ordered him to pay over $46,000 for his role in the legal circus.