Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry (theregister.co.uk) 20

The Wassenaar Arrangement "is threatening to choke the cyber-security industry, according to a consortium of cyber-security companies...supported by Microsoft among others," reports SC Magazine. "'Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,' wrote Alan Cohn from the CRC on a Microsoft blog." Reporter Darren Pauli contacted Slashdot with this report: If the Wassenaar Arrangement carries through under its current state, it will force Microsoft to submit some 3800 applications for arms export every year, company assistant general counsel Cristin Goodwin says... The Wassenaar Arrangement caught all corners of the security industry off guard, but its full potentially-devastating effects will only be realised in coming months and years... Goodwin and [Symantec director of government affairs] Fletcher are calling on the industry to lobby their agencies to overhaul the dual-use software definition of the Arrangement ahead of a closed-door meeting in September where changes can be proposed.
Security

Auto Industry Publishes Its First Set of Cybersecurity Best Practices (securityledger.com) 38

chicksdaddy quotes a report from Security Ledger: The Automotive industry's main group for coordinating policy on information security and "cyber" threats has published a "Best Practices" document, giving individual automakers guidance on implementing cybersecurity in their vehicles for the first time. The Automotive Information Sharing and Analysis Center (ISAC) released the Automotive Cybersecurity Best Practices document on July 21st, saying the guidelines are for auto manufacturers as well as their suppliers. The Best Practices cover organizational and technical aspects of vehicle cybersecurity, including governance, risk management, security by design, threat detection, incident response, training, and collaboration with appropriate third parties. Taken together, they move the auto industry closer to standards pioneered decades ago and embraced by companies like Microsoft. They call on automakers to design software to be secure from the ground up and to take a sober look at risks to connected vehicles as part of the design process. Automakers are urged to test for and respond to software vulnerabilities, to develop methods for assessing and fixing security vulnerabilities, to create training programs, promote cybersecurity awareness for both information technology and vehicle specific risks, and educate employees about security awareness. The document comes after a Kelly Blue Book survey that found that 62% of drivers think "connected cars will be hacked," and that 42% say they "want cars to be more connected."
Democrats

Hillary Clinton Chooses Virginia Sen. Tim Kaine As Running Mate (go.com) 381

An anonymous reader quotes a report from ABC News: Virginia Sen. Tim Kaine has been chosen as Hillary Clinton's running mate -- a man she called a "relentless optimist" who "devoted his life to fighting for others." Kaine has long been considered to be at the top of Clinton's short list. He was previously vetted for the vice presidency by Barack Obama in 2008. Kaine was an early supporter of Clinton's, appearing at a "Ready for Hillary" breakfast in May 2014 where he urged her to enter the 2016 presidential race. Kaine told NBC in June that he "encouraged her to run in May of 2014, because I could telescope forward and see some of the challenges that this nation would be facing. And I decided that by reason of character, by reason of background, and experience, but also especially by reason of results, she would be the most qualified person to be president in January of 2017." Prior to being elected to the Senate, Kaine served as governor and lieutenant governor of Virginia. In 2009, President Obama picked Kaine to lead the Democratic National Committee. Last week, Republican presidential nominee Donald Trump announced Mike Pence as his VP running mate.
Government

Issa Bill Would Kill A Big H-1B Loophole (computerworld.com) 248

ErichTheRed writes: This isn't perfect, but it is the first attempt I've seen at removing the "body shop" loophole in the H-1B visa system. A bill has been introduced in Congress that would raise the minimum wage for an H-1B holder from $60K to $100K, and place limits on the body shop companies that employ mostly H-1B holders in a pass-through arrangement. Whether it's enough to stop the direct replacement of workers, or whether it will just accelerate offshoring, remains to be seen. But, I think removing the most blatant and most abused loopholes in the rules is a good start. "The high-skilled visa program is critical to ensuring American companies can attract and retain the world's best talent," said Issa in a statement. "Unfortunately, in recent years, this important program has become abused and exploited as a loophole for companies to replace American workers with cheaper labor from overseas."
Government

Edward Snowden At Comic-Con: 'I Live a Surprisingly Free Life' (theguardian.com) 52

An anonymous reader writes from a report via The Guardian: Director Oliver Stone talked to whistleblower Edward Snowden in front of an audience at a question and answer session on Thursday evening. He compared Snowden's anxiety over his own appearance in his Snowden biopic film "Snowden" to that of Donald Trump, who was cut from one of his films six years before. Snowden replied: "I'd like to avoid that association." At the event, Snowden did also shed some light on his personal life, years after his revelation of the NSA's secret surveillance of the American public's internet activity resulted in criminal charges under the Espionage Act that led to his exile in Russia. "I can confirm that I am not living in a box," Snowden said. "I actually live a surprisingly free life. This was not the most likely outcome. I didn't actually expect to make it out of Hawaii. I thought it was incredibly risky. I had a lot of advantages in doing what I did; I worked for the CIA on the human intelligence side, I worked for the NSA on the signals intelligence side, and I taught counterintelligence. This is not something that's covered that well in the media. I was about as well placed as anybody could be, and I still thought I was going to get rolled up at the airport and that there were going to be knocks on the doors of the journalists." When asked what he thought about Gordon-Levitt's performance in the film where he plays Edward Snowden, Snowden responded: "This is one of the things that's kind of crazy and surreal about this kind of experience: I don't think anybody looks forward to having a movie made about themselves, especially someone who is a privacy advocate. Some of my family members have said, 'He sounds just like you!' I can't hear it myself but if he can pass the family test he's doing all right." Snowden agreed to participate on the film because he thought it could raise awareness in ways his own advocacy could not. Snowden was also in the news recently for developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions.
Privacy

'The Hillary Leaks' - Wikileaks Releases 19,252 Previously Unseen DNC Emails (zerohedge.com) 455

Reader schwit1 writes: The state department's release of Hillary emails may be over, but that of Wikileaks is just starting. Moments ago, Julian Assange's whistleblower organization released over 19,000 emails and more than 8,000 attachments from the Democratic National Committee. This is part one of their new Hillary Leaks series, Wikileaks said in press release.:"Today, Friday 22 July 2016 at 10:30am EDT, WikiLeaks releases 19,252 emails and 8,034 attachments from the top of the US Democratic National Committee -- part one of our new Hillary Leaks series. The leaks come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda (10770 emails), National Finance Director Jordon Kaplan (3797 emails), Finance Chief of Staff Scott Comer (3095 emails), Finance Director of Data & Strategic Initiatives Daniel Parrish (1472 emails), Finance Director Allen Zachary (1611 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails). The emails cover the period from January last year until 25 May this year."
The emails released Friday cover a period from January 2015 to May 2016. They purportedly come from the accounts of seven key DNC staffers: Andrew Wright, Jordon Kaplan, Scott Comer, Luis Miranda, Robert Stowe, Daniel Parrish and Allen Zachary.

A quick scan of the emails focus on Bernie Sanders and dealing with the fallout of many Democrats opposing Hillary Clinton and calling the system "rigged." Many of the emails exchanged between top DNC officials are simply the text of news articles concerning how establishment democrats can "deal" with the insurgent left-winger.
Update: 07/22 17:41 GMT by M :Guccifer 2.0 has claimed responsibility for the leak.
China

Samsung Fights Back, Sues China's Huawei For Patent Infringement (reuters.com) 24

In May, China's conglomerate Huawei filed a lawsuit against Samsung accusing the Korean company of infringing on some of its 4G-related patents. Now, Samsung is returning the favor. According to Reuters, Samsung has filed a lawsuit of its own against Huawei for a very similar reason. From the report: An intellectual property court in Beijing said on its official Weixin account that Samsung sued Huawei and a department store in Beijing and has claimed 161 million yuan ($24.14 million) in damages. Samsung asked the two defendants to stop production and sales of products the South Korean firm says infringes on its patents, including Huawei's Mate 8 and Honor smartphones, the court said.
Government

Texas Man Who Acted As Russian Agent Gets 10 Years' Prison (go.com) 83

An anonymous reader quotes a report from ABC News: A Texas man who acted as a secret agent for the Russian government and illegally exported cutting-edge military technology to Russia has been sentenced to 10 years in prison. Alexander Fishenko learned his punishment Thursday in federal court in New York. He pleaded guilty in September to crimes including acting as a Russian agent. The 50-year-old Fishenko is a U.S. and Russian citizen. He owned Houston-based Arc Electronics Inc. Prosecutors say he led a scheme that evaded strict export controls for micro-electronics commonly used in missile guidance systems, detonation triggers and radar systems. Prosecutors say his company shipped about $50 million worth of technologies to Russia between 2002 and 2012. In other Russian-related news, a Russian government-owned news site Sputnik has reported that the Kremlin is building a nuclear space bomber that should be flight-ready by 2020.
Printer

Police 3D-Printed A Murder Victim's Finger To Unlock His Phone (theverge.com) 97

An anonymous reader quotes a report from The Verge: Police in Michigan have a new tool for unlocking phones: 3D printing. According to a new report from Flash Forward creator Rose Eveleth, law enforcement officers approached professors at the University of Michigan earlier this year to reproduce a murder victim's fingerprint from a prerecorded scan. Once created, the 3D model would be used to create a false fingerprint, which could be used to unlock the phone. Because the investigation is ongoing, details are limited, and it's unclear whether the technique will be successful. Still, it's similar to techniques researchers have used in the past to re-create working fingerprint molds from scanned images, often in coordination with law enforcement. This may be the first confirmed case of police using the technique to unlock a phone in an active investigation. Apple has recently changed the way iOS manages fingerprint logins. You are now required to input an additional passcode if your phone hasn't been touched for eight hours and the passcode hasn't been entered in the past six days.
Movies

'The Wolf of Wall Street' Movie Was Financed With Stolen Money, Says DOJ (nydailynews.com) 160

An anonymous reader quotes a report from NY Daily News: Federal officials charged a $3.5 billion Malaysian money-laundering scheme helped finance the Leonardo DiCaprio movie "Wolf of Wall Street" -- the Hollywood tale that parallels the corruption charges. U.S. officials seek to recover $1.3 billion of the missing funds, including profits from the Martin Scorsese-directed movie that earned five Oscar nominations. The conspirators used some of their illicit cash to fund Scorsese's tale of "a corrupt stockbroker who tried to hide his own illicit profits in a perceived foreign safe haven," said U.S. Assistant Attorney General Leslie Caldwell. DiCaprio famously played the lead role of convicted fraudster Jordan Belfort, who was ordered to repay $110 million to 1,500 victims of his scam. The identified conspirators included movie producer Riza Shahriz Abdul Aziz, the prime minister's stepson, and businessman Low Taek John, a friend of Najib's family. A third scammer identified only as "Malaysian Official 1" was widely believed to be Najib. Court papers indicated that $681 million from a 2013 bond sale went directly into the official's private account. The nation's attorney-general, Mohamed Apandi, came to Najib's defense Thursday, expressing his "strong concerns at the insinuations and allegations" brought against the 1Malaysia Development Berhad (1MDB). Apandi's office, after investigating the $681 million bank deposit, announced in January that the funds were a donation from the Saudi royal family. The prime minister wound up returning most of the cash. Federal officials, in their California court filing, indicated they were hoping to seize proceeds from the 2013 movie, along with luxury properties in New York and California, artwork by Vincent Van Gogh and Claude Monet, and a $35 million private jet. Investigations of 1MDB are already underway in Switzerland and Singapore, with officials in the latter announcing Thursday that they had seized assets worth $176 million. This is shaping up to be the largest U.S. Justice Department asset recovery action in history.
Piracy

IsoHunt Launches Unofficial KAT Mirror 66

An anonymous reader writes: Torrent site isoHunt appears to have unofficially resurrected KickassTorrents (also known as Kickass Torrents or just KAT) at kickasstorrents.website. It might look like the original KAT site, which went down yesterday after alleged founder Artem Vaulin was arrested, but upon closer inspection it's simply a basic mirror. The isoHunt team tells me the KAT mirror is hosting files from the last year to year-and-a-half. So no, not everything is available. Furthermore, there is no forum, no community, and no support. And, you shouldn't get too attached, the administrators warn. Disclaimer: Slashdot doesn't necessarily condone piracy -- at least, in most cases.
DRM

EFF Is Suing the US Government To Invalidate the DMCA's DRM Provisions (boingboing.net) 93

Cory Doctorow, writes for BoingBoing: The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. EFF is representing two clients in its lawsuit: Andrew "bunnie" Huang, a legendary hardware hacker whose NeTV product lets users put overlays on DRM-restricted digital video signals; and Matthew Green, a heavyweight security researcher at Johns Hopkins who has an NSF grant to investigate medical record systems and whose research plans encompass the security of industrial firewalls and finance-industry "black boxes" used to manage the cryptographic security of billions of financial transactions every day. Both clients reflect the deep constitutional flaws in the DMCA, and both have standing to sue the US government to challenge DMCA 1201 because of its serious criminal provisions (5 years in prison and a $500K fine for a first offense).Doctorow has explained aspects of this for The Guardian today. You should also check Huang's blog post on this.
Microsoft

Microsoft Responds To Allegations That Windows 10 Collects 'Excessive Personal Data' (betanews.com) 156

BetaNews's Mark Wilson writes: Yesterday France's National Data Protection Commission (CNIL) slapped a formal order on Microsoft to comply with data protection laws after it found Windows 10 was collecting "excessive data" about users. The company has been given three months to meet the demands or it will face fines. Microsoft has now responded, saying it is happy to work with the CNIL to work towards an acceptable solution. Interestingly, while not denying the allegations set against it, the company does nothing to defend the amount of data collected by Windows 10, and also fails to address the privacy concerns it raises. Microsoft does address concerns about the transfer of data between Europe and the US, saying that while the Safe Harbor agreement is no longer valid, the company still complied with it up until the adoption of Privacy Shield. It's interesting to see that Microsoft, in response to a series of complaints very clearly leveled at Windows 10, manages to mention the operating system only once. There is the promise of a statement about privacy next week, but for now we have Microsoft's response to the CNIL's order.
Privacy

Edward Snowden's New Research Aims To Keep Smartphones From Betraying Their Owners (theintercept.com) 107

Smartphones become indispensable tools for journalists, human right workers, and activists in war-torn regions. But at the same time, as Intercept points out, they become especially potent tracking devices that can put users in mortal danger by leaking their location. To address the problem, NSA whistleblower Edward Snowden and hardware hacker Andrew "Bunnie" Huang have been developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. "We have to ensure that journalists can investigate and find the truth, even in areas where governments prefer they don't," Snowden told Intercept. "It's basically to make the phone work for you, how you want it, when you want it, but only when." Snowden and Huang presented their findings in a talk at MIT Media Lab's Forbidden Research event Thursday, and published a detailed paper. From the Intercept article: Snowden and Huang have been researching if it's possible to use a smartphone in such an offline manner without leaking its location, starting with the assumption that "a phone can and will be compromised." [...] The research is necessary in part because most common way to try and silence a phone's radio -- turning on airplane mode -- can't be relied on to squelch your phone's radio traffic. Fortunately, a smartphone can be made to lie about the state of its radios. The article adds: According to their post, the goal is to "provide field-ready tools that enable a reporter to observe and investigate the status of the phone's radios directly and independently of the phone's native hardware." In other words, they want to build an entirely separate tiny computer that users can attach to a smartphone to alert them if it's being dishonest about its radio emissions. Snowden and Haung are calling this device an "introspection engine" because it will inspect the inner-workings of the phone. The device will be contained inside a battery case, looking similar to a smartphone with an extra bulky battery, except with its own screen to update the user on the status of the radios. Plans are for the device to also be able to sound an audible alarm and possibly to also come equipped with a "kill switch" that can shut off power to the phone if any radio signals are detected.Wired has a detailed report on this, too.
Crime

Feds Seize KickassTorrents Domains and Arrest Owner In Poland (arstechnica.com) 300

An anonymous reader quotes a report from Ars Technica: Federal authorities announced on Wednesday the arrest of the alleged mastermind of KickassTorrents (KAT), the world's largest BitTorrent distribution site. As of this writing, the site is still up. Prosecutors have formally charged Artem Vaulin, 30, of Ukraine, with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Like The Pirate Bay, KAT does not host individual infringing files but rather provides links to .torrent and .magnet files so that users can download unauthorized copies of TV shows, movies, and more from various BitTorrent users. According to a Department of Justice press release sent to Ars Technica, Vaulin was arrested on Wednesday in Poland. The DOJ will shortly seek his extradition to the United States. "Vaulin is charged with running today's most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials," Assistant Attorney General Caldwell said in the statement. "In an effort to evade law enforcement, Vaulin allegedly relied on servers located in countries around the world and moved his domains due to repeated seizures and civil lawsuits. His arrest in Poland, however, demonstrates again that cybercriminals can run, but they cannot hide from justice." KickassTorrents added a dark web address last month to make it easier for users to bypass blockades installed by ISPs.

Slashdot Top Deals