Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Crime

Cops Are Raiding Homes of Innocent People Based Only On IP Addresses (fusion.net) 240

Kashmir Hill has a fascinating story today on what can go wrong when you solely rely on IP address in a crime investigation -- also highlighting how often police resort to IP addresses. In the story she follows a crime investigation that led police to raid a couple's house at 6am in the morning, because their IP address had been associated with the publication of child porn on notorious 4chan porn. The problem was, Hill writes: the couple -- David Robinson and Jan Bultmann -- weren't the ones who had uploaded the child porn. All they did was voluntarily use one of their old laptops as a Tor exit relay, a software used by activists, dissidents, privacy enthusiasts as well as criminals, so that people who want to stay anonymous when surfing the web could do so. Hill writes: Robinson and Bultmann had [...] specifically operated the riskiest node in the chain: the exit relay which provides the IP address ultimately associated with a user's activity. In this case, someone used Tor to make the porn post, and his or her traffic had been routed through the computer in Robinson and Bultmann's house. The couple wasn't pleased to have helped someone post child porn to the internet, but that's the thing about privacy-protective tools: They're going to be used for good and bad purposes, and to support one, you might have to support the other.Robinson added that he was a little let down because police didn't bother to look at the public list which details the IP addresses associated with Tor exit relays. Hill adds: The police asked Robinson to unlock one MacBook Air, and then seemed satisfied these weren't the criminals they were looking for and left. But months later, the case remains open with Robinson and Bultmann's names on police documents linking them to child pornography. "I haven't run an exit relay since. The police told me they'd be back if it happened again," Robinson said; he's still running a Tor node, just not the end point anymore. "I have to take the threat seriously because I don't want my wife or I to wake up with guns in our faces."Technologist Seth Schoen, and EFF Executive Director Cindy Cohn in a white paper aimed at courts and cops. "For many reasons, connecting an individual to a crime linked to an IP address, without any additional investigation, is irresponsible and threatens the civil liberties of innocent people."
Piracy

Hackers Seed Torrent Trackers With Malware Disguised as Popular Downloads (grahamcluley.com) 63

An anonymous reader writes: Cybercriminals are spreading malware via torrent distribution networks, using an automated tool to disguise the downloads as trending audio, video and other digital content in an attempt to infect more unsuspecting victims. Researchers at InfoArmor say they have uncovered a malicious torrent distribution network that relies on a tool called RAUM to infect computers with malware. The network begins with a torrent parser, which collects information about some of the most popular torrent files circulating around the web. Computer criminals then apply their RAUM tool to create a series of malicious files. Some are fake copies of those popular torrent files that in reality hide notorious malware such as CryptXXX, Cerber, or Dridex. Others are weaponized torrent files, while others still are parsed torrent files that rely on a high download rating, a reputation which the attackers artificially inflate by abusing compromised users' accounts to set up new seeds.
China

Uber's Terrifying 'Ghost Drivers' Are Freaking Out Passengers in China (qz.com) 80

Several Chinese publications are reporting that "ghost drivers" are frightening Uber passengers into paying for trips they didn't take. Passengers in Tianjin, Qingdao, Chengdu, Beijing, Shanghai and Suzhou have been canceling Uber rides after seeing creepy driver profile pictures pop up in the app. Quartz reports: Passengers using the ride-hailing app in several Chinese cities have reported seeing their requests picked up by drivers with creepy profile photos of zombie faces. According to Chinese news site Sixth Tone, the point of these ghostly profiles is to scare passengers into canceling the trip, so they are fined for a few yuan (less than a dollar), which goes to the driver. Other passengers have reported seeing their rides accepted, but then their trips were "started" by the driver on the app before they even get to the car. These "ghost rides" last less than a minute, with the driver charging customers between 8 and 15 yuan (about 1 to 2 dollars) for a ride that never happened. Calls to the drivers in these cases are never picked up, according to The Paper, a state-owned media. Passengers can however eventually be reimbursed by Uber China if they lodge a complaint.
Democrats

Oversight Orders Reddit To Preserve Deleted Posts In Clinton Investigation (thehill.com) 382

HockeyPuck writes: The House Oversight Committee has ordered Reddit to preserve deleted posts believed to be written by Paul Combetta, an IT technician the committee suspects may have deleted Hillary Clinton emails that were under subpoena. This follows up on an earlier report on reddit users' findings. Reddit users found that Combetta, through the username "StoneTear," requested help in relation to retaining and purging email messages after 60 days, and requested advice on how to remove a "VERY VIP" individual's email address from archived content. The Hill says in its report: "It's unclear what, exactly, the committee will be able to learn from the information Reddit preserves. According to the company's public policy for handling official requests, it maintains basic subscriber information, like IP logs, which identify the computer used to access a site. According to the policy, Reddit can maintain deleted records -- like a user's account -- for 90 days if it receives an official preservation order. Otherwise, the information will be subject to Reddit's 'normal retention or destruction schedules.'"
The Courts

Appeals Court Decision Kills North Carolina Town's Gigabit Internet (hothardware.com) 222

MojoKid writes: In early August, the 6th Circuit U.S. Court of Appeals ruled the FCC had no authority to prevent states from imposing restrictions on municipal internet. This was a result of the FCC stepping in last year in an effort to "remove barriers to broadband investment and competition." However, the courts sided with the states, which said that the FCC's order impeded on state rights. In the end, this ruling clearly favored firmly entrenched big brand operators like Time Warner Cable, Comcast, and ATT, which lobbied hard to keep competition at bay. The federal ruling specifically barred municipal internet providers from offering service outside of their city limits, denying them from providing service to under-served communities. The fallout from the federal court's rejection of the FCC order to extend a lifeline to municipal internet providers has claimed another victim. The small community of Pinetops, North Carolina -- population 1,300 -- will soon have its gigabit internet connection shut off. Pinetops has been the recipient of Greenlight internet service, which is provided by the neighboring town of Wilson. The town of Wilson has been providing electric power to Pinetops for the past 40 years, and had already deployed fiber through the town in order to bolster its smart grid initiative. What's infuriating to the Wilson City Council and to the Pinetop residents that will lose their high-speed service is that the connections are already in place. There's no logical reason why they should be cut off, but state laws and the lobbyists supporting those laws have deemed what Greenlight is doing illegal. Provide power to a neighboring town -- sure that's OK. Provide better internet to a neighboring town -- lawsuit
Power

TV Manufacturers Accused of Gaming Energy Usage Tests (cbslocal.com) 86

The Natural Resources Defense Council has issued a new report accusing Samsung, LG and Vizio of "misleading consumers and regulators about how much energy high-definition screens devour, alleging that the televisions were designed to perform more efficiently during government testing than in ordinary use." The report "estimates that the collective electricity bills during a decade of watching the high-definition TVs will be $1.2 billion higher than the energy ratings imply," and that "the higher energy usage generates an additional 5 million metric tons of carbon pollution." CBS Local reports: The findings are based on an analysis of high-definition TVs with screens spanning at least 55 inches made in 2015 and 2016. The estimates on electricity costs are based on high definition TVs with screens 32 inches and larger. The study concluded that Samsung and LG have gamed the system during government testing in an effort to get better scores on the "Energy Star" yellow labels that appear on the sets in stores. Those scores often influence the buying decisions of consumers looking to save money on their utility bills. The report said Samsung and LG did not break any laws in their manipulation of the tests, but rather exploited weaknesses in the Department of Energy's system to measure electricity usage. The Samsung and LG sets have a dimming feature that turns off the screens' backlight during part of the 10-minute video clip used in government tests. But that does not typically happen when the sets are being used in homes to watch sports, comedies, dramas and news programming. The analysis also found that Samsung, LG and Vizio disable energy-saving features in their TVs when consumers change the factory setting on the picture, a common practice. The energy-saving feature is turned off, with little or no warning on the screen, sometimes doubling the amount of electricity consumed, according to the NRDC report.
The Courts

With 3D Printer Gun Files, National Security Interest Trumps Free Speech, Court Rules (arstechnica.com) 424

A federal appeals court ruled this week against Defense Distributed, the Texas organization that promotes 3D-printed guns, in a lawsuit that it brought last year against the State Department. In a 2-1 decision, the 5th Circuit Court of Appeals was not persuaded that Defense Distributed's right to free speech under the First Amendment outweighs national security concerns. From an ArsTechnica report: The majority concluded: 'Ordinarily, of course, the protection of constitutional rights would be the highest public interest at issue in a case. That is not necessarily true here, however, because the State Department has asserted a very strong public interest in national defense and national security. Indeed, the State Department's stated interest in preventing foreign nationals -- including all manner of enemies of this country -- from obtaining technical data on how to produce weapons and weapon parts is not merely tangentially related to national defense and national security; it lies squarely within that interest.'
Music

Stop Piracy? Legal Alternatives Beat Legal Threats, Research Shows (torrentfreak.com) 133

An anonymous reader writes: Threatening file-sharers with high fines or even prison sentences is not the best way to stop piracy. New research published by UK researchers shows that perceived risk has no effect on people's file-sharing habits. Instead, the entertainment industries should focus on improving the legal options, so these can compete with file-sharing. Unauthorized file-sharing (UFS) is best predicted by the supposed benefits of piracy. As such, the researchers note that better legal alternatives are the best way to stop piracy. The results are based on a psychological study among hundreds of music and ebook consumers. They were subjected to a set of questions regarding their file-sharing habits, perceived risk, industry trust, and online anonymity. By analyzing the data the researchers found that the perceived benefit of piracy, such as quality, flexibility of use and cost are the real driver of piracy. An increase in legal risk was not directly associated with any statistically significant decrease in self-reported file-sharing.
Google

YouTube Is Looking for Volunteers To Improve Its Site (fortune.com) 124

The video-sharing site is looking for "heroes." YouTube is looking for a few good users who want to be "Heroes." Google's video-sharing site wants volunteers to help moderate its content by flagging inappropriate content, fielding questions in YouTube Help forums, and contributing video captions and subtitles, reports Reuters. From the report:Performing those types of tasks will help users earn points in the site's new crowdsourcing program, called "YouTube Heroes." YouTube announced the "Heroes" program in a post on the site's help channel on Wednesday that included a video showing prospective volunteers how they can participate and the perks they can earn. "You work hard to make YouTube better for everyone and, like all heroes, you deserve a place to call home," YouTube says in the video.
Patents

'Corporate Troll' Wins $3 Million Verdict Against Apple For Ring-Silencing Patent (arstechnica.com) 84

An anonymous reader quotes a report from Ars Technica: A non-practicing entity called MobileMedia Ideas LLC won a patent lawsuit against Apple today, with a Delaware federal jury finding that Apple should pay $3 million for infringing MobileMedia's patent RE39,231, which relates to ring-silencing features on mobile phones. MobileMedia is an unusual example of the kind of pure patent-licensing entity often derided as a "patent troll." It is majority-owned by MPEG-LA, a patent pool that licenses common digital video technologies like H-264, MPEG-2, and MPEG-4. Minority stakes in MobileMedia are owned by Sony and Nokia, which both contributed the patents owned by the company. MobileMedia also has the same CEO as MPEG-LA, Larry Horn. The battle ended up being a long one, as MobileMedia first filed the case in 2010. It went to trial in 2012, and the jury found that Apple infringed three patents. After reviewing post-trial motions, the judge knocked out some, but not all, of the infringed patent claims. Then came an appeal in which a panel of Federal Circuit judges upheld (PDF) some of the lower court's judges and overturned others. A $3 million verdict is hardly going to make an impact on Apple, and it doesn't represent a huge win for MobileMedia, which was reportedly seeking $18 million in royalties from the trial. Still, getting a verdict in its favor does represent some validation of MobileMedia's business model, which was a striking example of technology corporations using the "patent troll" business model as a kind of proxy war. Nokia and Sony were able to use MobileMedia and the licensing talent at MPEG-LA to wage a patent attack on Apple without engaging directly in court. In all, after years of back-and-forth, the ring-silencing patent was the one that MobileMedia had left. While Apple didn't win the case against one of the first "corporate trolls," it was able to severely pare down the scale of the attack and show that it's willing to fight a long legal war of attrition to make its point.
Google

Google Backs Off On Previously Announced Allo Privacy Feature (theverge.com) 84

When Google first unveiled its Allo messaging app, the company said it would not keep a log of chats you have with people when in incognito mode. The company released Allo for iOS and Android users last night, and it seems it is reneging on some of those promises. The Verge reports:The version of Allo rolling out today will store all non-incognito messages by default -- a clear change from Google's earlier statements that the app would only store messages transiently and in non-identifiable form. The records will now persist until the user actively deletes them, giving Google default access to a full history of conversations in the app. Users can also avoid the logging by using Alo's Incognito Mode, which is still fully end-to-end encrypted and unchanged from the initial announcement. Like Hangouts and Gmail, Allo messages will still be encrypted between the device and Google servers, and stored on servers using encryption that leaves the messages accessible to Google's algorithms. According to Google, the change was made to improve the Allo assistant's smart reply feature, which generates suggested responses to a given conversation. Like most machine learning systems, the smart replies work better with more data. As the Allo team tested those replies, they decided the performance boost from permanently stored messages was worth giving up privacy benefits of transient storage.
Patents

Apple Patents a Paper Bag (theguardian.com) 201

mspohr writes: Continuing its leadership in innovation, Apple has patented a paper bag. We all remember the groundbreaking "rounded corners" innovation, now we have a paper bag! Just try to make your own paper bag and you'll be speaking with Apple lawyers. (Note: In fairness to Apple, this is a "special" paper bag which is stronger due to numerous improvements on your ordinary recycled paper bag -- just don't try to copy it.) The patent application summarizes the bag as follows: "A paper bag is disclosed. The paper bag may include a bag container formed of white solid bleached sulfate paper with at least 60% post-consumer content." Apple's patented paper bags are designed to be sturdy, while remaining "both pearly white and environmentally friendly." Let's just hope they don't remove the handles...
Security

College Student Got 15 Million Miles By Hacking United Airlines (fortune.com) 79

An anonymous reader quotes a report from Fortune: University of Georgia Tech student Ryan Pickren used to get in trouble for hacking websites -- in 2015, he hacked his college's master calendar and almost spent 15 years in prison. But now he's being rewarded for his skills. Pickren participated in United Airlines' Bug Bounty Program and earned 15 million United miles. At two cents a mile, that's about $300,000 worth. United's white hat hacking program invites computer experts to legally hack their systems, paying up to one million United miles to hackers who can reveal security flaws. At that rate, we can presume Pickren reported as many as 15 severe bugs. The only drawback to all those free miles? Taxes. Having earned $300,000 of taxable income from the Bug Bounty Program, Pickren could owe the Internal Revenue Service tens of thousands of dollars. He's not keeping all of the, though: Pickren donated five million miles to Georgia Tech. The ultimate thank-you for not pressing charges last year. In May, certified ethical hackers at Offensi.com identified a bug allowing remote code execution on one of United Airlines' sites and were rewarded with 1,000,000 Mileage Plus air miles. Instead of accepting the award themselves, they decided to distribute their air miles among three charities.
Earth

A Shocking Amount of E-Waste Recycling Is a Complete Sham (vice.com) 166

An anonymous reader quotes a report from Motherboard: Forty percent of all U.S. electronics recyclers testers included in [a study that used GPS trackers to follow e-waste over the course of two years] proved to be complete shams, with our e-waste getting shipped wholesale to landfills in Hong Kong, China, and developing nations in Africa and Asia. The most important thing to know about the e-waste recycling industry is that it is not free to recycle an old computer or an old CRT television. The value of the raw materials in the vast majority of old electronics is worth less than it costs to actually recycle them. While consumers rarely have to pay e-waste recycling companies to take their old electronics (costs are offset by local tax money or manufacturers fronting the bill as part of a legally mandated obligated recycling quota), companies, governments, and organizations do. Based on the results of a new study from industry watchdog Basel Action Network and MIT, industry documents obtained by Motherboard, and interviews with industry insiders, it's clear that the e-waste recycling industry is filled with sham operations profiting off of shipping toxic waste to developing nations. Here are the major findings of the study and of my interviews and reporting: Real, environmentally sustainable electronics recycling can be profitable only if recycling companies charge a fee to take on old machines; the sale of recycled materials rarely if ever covers the actual cost of recycling in the United States. Companies, governments, and other organizations have a requirement to recycle old machines; because there is little oversight or enforcement, a secondary industry of fake recyclers has popped up to undercut sustainable recyclers. These "recyclers," which advertise themselves as green and sustainable, get paid pennies per pound to take in old TVs, computers, printers, and monitors. Rather than recycle them domestically, the recycling companies sell them to junkyards in developing nations, either through middlemen or directly. These foreign junkyards hire low-wage employees to pick through the few valuable components of often toxic old machines. The toxic machines are then left in the scrapyards or dumped nearby. Using GPS trackers, industry watchdog Basel Action Network found that 40 percent of electronics recyclers it tested in the United States fall into this "scam recycling" category.
Network

North Korea Has Just 28 Websites (vice.com) 138

In September of 2014, NetCraft confirmed there to be over 1 billion websites on the world wide web. There are over 140 million .com and .net domains alone, as well as millions of websites for each country code top-level domain (ccTLD), such as .de for Germany and .cn for China. But in North Korea, the number of websites the country has registered for its top-level domain is in the double digits. Motherboard reports: On Tuesday, apparently by mistake, North Korea misconfigured its nameserver, essentially a list that holds information on all of the domains that exist for .kp, allowing anyone to query it and get the list. In other words, a snafu by North Korea's system administrators allowed anyone to ask the country's nameserver: "can I have all of your information on this domain?" and get an answer, giving everyone a peek into the strange world of North Korea's web. North Korea has only 28 registered domains, according to the leaked data. "We didn't think there was much in the way of internet resources in North Korea, and according to these leaked zone files, we were right," Doug Madory, a researcher at Dyn, a company that monitors internet use and access around the world, told Motherboard. Some of the sites aren't reachable, perhaps because after Bryant discovered them, they are being deluged with traffic.

Slashdot Top Deals