Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Republicans

Trump's Cyber Security Advisor Rudy Giuliani Runs Ancient, Utterly Hackable Website (theregister.co.uk) 280

mask.of.sanity writes from a report via The Register: U.S. president-elect Donald Trump's freshly minted cyber tsar Rudy Giuliani runs a website so insecure that its content management system is five years out of date, unpatched and is utterly hackable. Giulianisecurity.com, the website for Giuliani's eponymous infosec consultancy firm, runs Joomla! version 3.0, released in 2012, and since found to carry 15 separate vulnerabilities. More bugs and poor secure controls abound. The Register report adds: "Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server. This seemingly insecure system also has a surprising number of network ports open -- from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007. It also runs a rather old version of FreeBSD. 'You can probably break into Giuliani's server,' said Robert Graham of Errata Security. 'I know this because other FreeBSD servers in the same data center have already been broken into, tagged by hackers, or are now serving viruses. 'But that doesn't matter. There's nothing on Giuliani's server worth hacking.'"
The Courts

US Appeals Court Revives Antitrust Lawsuit Against Apple (reuters.com) 121

iPhone app purchasers may sue Apple over allegations that the company monopolized the market for iPhone apps by not allowing users to purchase them outside the App Store, leading to higher prices, a U.S. appeals court ruled. From a report on Reuters: The 9th U.S. Circuit Court of Appeals ruling revives a long-simmering legal challenge originally filed in 2012 taking aim at Apple's practice of only allowing iPhones to run apps purchased from its own App Store. A group of iPhone users sued saying the Cupertino, California, company's practice was anticompetitive. Apple had argued that users did not have standing to sue it because they purchased apps from developers, with Apple simply renting out space to those developers. Developers pay a cut of their revenues to Apple in exchange for the right to sell in the App Store.
Earth

US Puts Bumblebee On the Endangered Species List For First Time (npr.org) 130

For the first time for a bumblebee and a bee species in the U.S., the U.S. Fish and Wildlife Service has designated the bumblebee an endangered species. The protected status goes into effect on February 10, and includes requirements for federal protections and the development of a recovery plan. NPR reports: "Today's Endangered Species listing is the best -- and probably last -- hope for the recovery of the rusty patched bumble bee," NRDC Senior Attorney Rebecca Riley said in a statement from the Xerces Society, which advocates for invertebrates. "Bumble bees are dying off, vanishing from our farms, gardens, and parks, where they were once found in great numbers." Large parts of the Eastern and Midwestern United States were once crawling with these bees, Bombus affinis, but the bees have suffered a dramatic decline in the last two decades due to habitat loss and degradation, along with pathogens and pesticides. Indeed, the bee was found in 31 states and Canadian provinces before the mid- to late-1990s, according to the final rule published in the Federal Register. But since 2000, it has been reported in only 13 states and Ontario, Canada. It has seen an 88 percent decline in the number of populations and an 87 percent loss in the amount of territory it inhabits. This means the species is vulnerable to extinction, the rule says, even without further habitat loss or insecticide exposure. Canada designated the species as endangered in 2012.
Privacy

Switzerland Agrees To Its Own New Data Sharing Pact With the US (silicon.co.uk) 15

Mickeycaskill quotes a report from Silicon.co.uk: Switzerland has agreed its own new data transfer agreement with the United States, basing the framework on the deal struck by the European Union (EU) following the invalidation of Safe Harbour. The previous arrangement was invalidated because of concerns about U.S. mass surveillance but Switzerland says the new Swiss-U.S. Privacy Shield will allow Swiss companies to transfer customer data without the need for additional contractual guarantees. The Swiss Federal Council, a seven member executive council that is effectively the head of government in Switzerland, claim citizens will benefit from additional protections and the ability to contact an ombudsman about data issues. Although not part of the EU, Switzerland is a member of the European Economic Area (EEA) and has several bilateral agreements with the EU that sees it adopt many of the bigger bloc's policies. The Federal Council says the alignment between the EU and the Swiss transatlantic data sharing partnerships is good news for multinational organizations.
Privacy

Fingerprinting Methods Identify Users Across Different Browsers On the Same PC (bleepingcomputer.com) 88

An anonymous reader quotes a report from BleepingComputer: A team of researchers from universities across the U.S. has identified different fingerprinting techniques that can track users when they use different browsers installed on the same machine. Named "cross-browser fingerprinting" (CBF), this practice relies on new technologies added to web browsers in recent years, some of which had been previously considered unreliable for cross-browser tracking and only used for single browser fingerprinting. These new techniques rely on making browsers carry out operations that use the underlying hardware components to process the desired data. For example, making a browser apply an image to the side of a 3D cube in WebGL provides a similar response in hardware parameters for all browsers. This is because the GPU card is the one carrying out this operation and not the browser software. According to the three-man research team led by Assistant Professor Yinzhi Cao from the Computer Science and Engineering Department at Lehigh University, the following browser features could be (ab)used for cross-browser fingerprinting operations: [Screen Resolution, Number of CPU Virtual Cores, AudioContext, List of Fonts, Line, Curve, and Anti-Aliasing, Vertex Shader, Fragment Shader, Transparency via Alpha Channel, Installed Writing Scripts (Languages), Modeling and Multiple Models, Lighting and Shadow Mapping, Camera and Clipping Planes.] Researchers used all these techniques together to test how many users they would be able to pin to the same computer. For tests, researchers used browsers such as Chrome, Firefox, Edge, IE, Opera, Safari, Maxthon, UC Browser, and Coconut. Results showed that CBF techniques were able to correctly identify 99.24% of all test users. Previous research methods achieved only a 90.84% result.
EU

Europe Calls For Mandatory 'Kill Switches' On Robots (cnn.com) 173

To combat the robot revolution, the European Parliament's legal affairs committee has proposed that robots be equipped with emergency "kill switches" to prevent them from causing excessive damage. Legislators have also suggested that robots be insured and even be made to pay taxes. "A growing number of areas of our daily lives are increasingly affected by robotics," said Mady Delvaux, the parliamentarian who authored the proposal. "To ensure that robots are and will remain in the service of humans, we urgently need to create a robust European legal framework." CNNMoney reports: The proposal calls for a new charter on robotics that would give engineers guidance on how to design ethical and safe machines. For example, designers should include "kill switches" so that robots can be turned off in emergencies. They must also make sure that robots can be reprogrammed if their software doesn't work as designed. The proposal states that designers, producers and operators of robots should generally be governed by the "laws of robotics" described by science fiction writer Isaac Asimov. The proposal also says that robots should always be identifiable as mechanical creations. That will help prevent humans from developing emotional attachments. "You always have to tell people that robot is not a human and a robot will never be a human," said Delvaux. "You must never think that a robot is a human and that he loves you." The report cites the example of care robots, saying that people who are physically dependent on them could develop emotional attachments. The proposal calls for a compulsory insurance scheme -- similar to car insurance -- that would require producers and owners to take out insurance to cover the damage caused by their robots. The proposal explores whether sophisticated autonomous robots should be given the status of "electronic persons." This designation would apply in situations where robots make autonomous decisions or interact with humans independently. It would also saddle robots with certain rights and obligations -- for example, robots would be responsible for any damage they cause. If advanced robots start replacing human workers in large numbers, the report recommends the European Commission force their owners to pay taxes or contribute to social security.
Government

Obama Changed Rules Regarding Raw Intelligence, Allowing NSA To Share Raw Data With US's Other 16 Intelligence Agencies (schneier.com) 205

An anonymous reader quotes a report from Schneier on Security: President Obama has changed the rules regarding raw intelligence, allowing the NSA to share raw data with the U.S.'s other 16 intelligence agencies. The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches. The change means that far more officials will be searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people. Here are the new procedures. This rule change has been in the works for a while. Here are two blog posts from April discussing the then-proposed changes.
Medicine

Arizona Plans To Sue Theranos Over Faulty Blood Tests (techcrunch.com) 31

An anonymous reader shares a TechCrunch report: The Arizona attorney general is soliciting outside legal counsel to pursue a consumer fraud lawsuit against the beleaguered blood testing startup Theranos, according to a document posted on the state's procurement website. AZ's AG has so far declined to comment on any action, but the document contends Theranos may have defrauded customers in the state and the office is now seeking proposals to assist it in possible legal action "against Theranos, Inc. and its closely related subsidiaries for violations of the Arizona Consumer Fraud Act arising out of Theranos Inc.'s long-running scheme of deceptive acts and misrepresentations relating to the capabilities and operation of Theranos blood testing equipment." Theranos ran its consumer portion of the business in Arizona and even worked with the state government to change laws allowing consumers to request blood tests without a doctor's permission. But, as the document cites, a myriad bad test results, including those raised in a series of Wall street Journal articles, raised concerns with the attorney general's office.
Businesses

Amazon To Add 100,000 Full-Time US Jobs in Next 18 Months (geekwire.com) 186

An anonymous reader shares a GeekWire report: Amazon just made a big statement about its continued growth aspirations, announcing that it plans to add another 100,000 full-time jobs in the U.S. over the next 18 months, an increase of more than 55 percent in its domestic workforce. The growth would push Amazon's U.S. workforce to more than 280,000 people by mid 2018. Amazon said in an announcement that the jobs will be available to people "all across the country and with all types of experience, education and skill levels -- from engineers and software developers to those seeking entry-level positions and on-the-job training."
Government

Hacker Steals 900 GB of Cellebrite Data (vice.com) 69

An anonymous reader shares a Motherboard report: Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. The breach is the latest chapter in a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies. Cellebrite is an Israeli company whose main product, a typically laptop-sized device called the Universal Forensic Extraction Device (UFED), can rip data from thousands of different models of mobile phones. That data can include SMS messages, emails, call logs, and much more, as long as the UFED user is in physical possession of the phone.
Businesses

Amazon Just Got Slapped With a $1 Million Fine For Misleading Pricing (recode.net) 159

Some deals are too good to be true. And, for Amazon, they will cost the company. From a report on Recode: A Canadian enforcement agency announced today that Amazon Canada will pay a $1 million fine for what could be construed as misleading pricing practices. The investigation centered on the practice of Amazon displaying its prices compared to higher "list prices" -- suggested manufacturer prices (MSRPs) designed as marketing gimmicks to make people think they are getting a deal, even though it's often the case that no shopper ever pays that price. "The Bureau's investigation concluded that these claims created the impression that prices for items offered on www.amazon.ca were lower than prevailing market prices," Canada's Competition Bureau said in a statement. "The Bureau determined that Amazon relied on its suppliers to provide list prices without verifying that those prices were accurate."
AT&T

New FCC Report Says AT&T and Verizon Zero-Rating Violates Net Neutrality (theverge.com) 74

An anonymous reader quotes a report from The Verge: Just a week and a half before he is set to leave office, FCC Chairman Tom Wheeler has issued a new report stating that the zero-rated video services offered by ATT and Verizon may violate the FCC's Open Internet Order. Assembled by the FCC's Wireless Telecommunications Bureau, the report focuses on sponsored data programs, which allow companies to pay carriers to exempt exempt their data from customers' data caps. According to the report, many of those packages simply aren't playing fair. "While observing that ATT provided incomplete responses to staff inquires," Wheeler wrote to Senators, "the report states that the limited information available supports a conclusion that ATT offers Sponsored Data to third-party content providers at terms and conditions that are effectively less favorable than those it offers to its affiliate, DirecTV." In theory, sponsored data should be an even playing field, with providers bearing the costs and making the same charges regardless of who's footing the bill. But according to the report, ATT treats the DirectTV partnership very differently from an unaffiliated sponsored data system, giving the service a strong advantage over competitors. "ATT appears to view the network cost of Sponsored Data for DIRECTV Now as effectively de minimis," the report concludes. While ATT still bears some cost for all that free traffic, it's small enough that the carrier doesn't seem to care. The report raises similar concerns regarding Verizon's Go90 program, although it concludes Verizon's program may be less damaging. Notably, the letter does not raise the same concerns about T-Mobile's BingeOn video deal, since it "charges all edge providers the same zero rate for participating."
Privacy

Japan Researchers Warn of Fingerprint Theft From 'Peace' Sign (phys.org) 119

Tulsa_Time quotes a report from Phys.Org: Could flashing the "peace" sign in photos lead to fingerprint data being stolen? Research by a team at Japan's National Institute of Informatics (NII) says so, raising alarm bells over the popular two-fingered pose. Fingerprint recognition technology is becoming widely available to verify identities, such as when logging on to smartphones, tablets and laptop computers. But the proliferation of mobile devices with high-quality cameras and social media sites where photographs can be easily posted is raising the risk of personal information being leaked, reports said. The NII researchers were able to copy fingerprints based on photos taken by a digital camera three meters (nine feet) away from the subject.
Chrome

Latest Adobe Acrobat Reader Update Silently Installs Chrome Extension (bleepingcomputer.com) 144

An anonymous reader writes: The latest Adobe Acrobat Reader security update (15.023.20053), besides delivering security updates, also secretly installs the Adobe Acrobat extension in the user's Chrome browser. There is no mention of this "special package" on Acrobat's changelog, and surprise-surprise, the extension comes with anonymous data collection turned on by default. Bleeping Computer reports: "This extension allows users to save any web page they're on as a PDF file and share it or download it to disk. The extension is also Windows-only, meaning Mac and Linux Chrome users will not receive it. The extension requests the following permissions: Read and change all your data on the websites you visit; Manage your downloads; Communicate with cooperating native applications. According to Adobe, extension users 'share information with Adobe about how [they] use the application. The information is anonymous and will help us improve product quality and features,' Adobe also says. 'Since no personally identifiable information is collected, the anonymous data will not be meaningful to anyone outside of Adobe.'"
Medicine

Microsoft Anti-Porn Workers Sue Over PTSD (thedailybeast.com) 305

An anonymous reader shares with us a report from The Daily Beast: When former Microsoft employees complained of the horrific pornography and murder films they had to watch for their jobs, the software giant told them to just take more smoke breaks, a new lawsuit alleges. Members of Microsoft's Online Safety Team had "God-like" status, former employees Henry Soto and Greg Blauert allege in a lawsuit filed on Dec. 30. They "could literally view any customer's communications at any time." Specifically, they were asked to screen Microsoft users' communications for child pornography and evidence of other crimes. But Big Brother didn't offer a good health care plan, the Microsoft employees allege. After years of being made to watch the "most twisted" videos on the internet, employees said they suffered severe psychological distress, while the company allegedly refused to provide a specially trained therapist or to pay for therapy. The two former employees and their families are suing for damages from what they describe as permanent psychological injuries, for which they were denied worker's compensation. "Microsoft applies industry-leading, cutting-edge technology to help detect and classify illegal images of child abuse and exploitation that are shared by users on Microsoft Services," a Microsoft spokesperson wrote in an email. "Once verified by a specially trained employee, the company removes the image, reports it to the National Center for Missing and Exploited Children, and bans the users who shared the images from our services. We have put in place robust wellness programs to ensure the employees who handle this material have the resources and support they need." But the former employees allege neglect at Microsoft's hands.

Slashdot Top Deals