DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Businesses

Two More Executives Are Leaving Uber, Drivers May Unionize (nytimes.com) 200

First the resignations. "The beliefs and approach to leadership that have guided my career are inconsistent with what I saw and experienced at Uber," the company's former president told Recode on Sunday, announcing his resignation. "The departures add to the executive exodus from Uber this year," writes The New York Times. An anonymous reader quotes their report. Brian McClendon, vice president of maps and business platform at Uber, also plans to leave at the end of the month... Raffi Krikorian, a well-regarded director in Uber's self-driving division, left the company last week, while Gary Marcus, who joined Uber in December after Uber acquired his company, left this month. Uber also asked for the resignation of Amit Singhal, a top engineer who failed to disclose a sexual harassment claim against him at his previous employer, Google, before joining Uber. And Ed Baker, another senior executive, left this month as well.
Jones left Uber after less than six months, though McClendon's departure is said to be more amicable. "Mr. McClendon, in a statement, said he was returning to his hometown, Lawrence, Kansas, after 30 years away. 'This fall's election and the current fiscal crisis in Kansas is driving me to more fully participate in our democracy -- and I want to do that in the place I call home."

In other news, the Teamsters labor union plans to start organizing Uber's drivers into a union, after a Washington judge rejected Uber's attempt to overturn a right-to-unionize ordinance passed by the city of Seattle.
Government

Apple Paid $0 In Taxes To New Zealand, Despite Sales of $4.2 Billion (nzherald.co.nz) 448

Apple paid no income tax to New Zealand's Inland Revenue Department for the last 10 years, according to an article shared by sit1963nz, prompting calls for the company to "do the right thing" even from some American-based Apple users. From the New Zealand Herald: Bryan Chaffin of The Mac Observer, an Apple community blog site founded in 1998...wrote that Apple was the largest taxpayer in the United States, but 'pays next to nothing in most parts of the world... [L]ocal taxes matter. Roads matter. Schools matter. Housing authorities matter. Health care matters. Regulation enforcement matters. All of the things that support civil society matter. Apple's profits are made possible by that civil society, and the company should contribute its fair share.'"
Apple's accounts "show apparent income tax payments of $37 million," according to an earlier article, "but a close reading shows this sum was actually sent abroad to the Australian Tax Office, an arrangement that has been in place since at least 2007. Had Apple reported the same healthy profit margin in New Zealand as it did for its operations globally it would have paid $356 million in taxes over the period."

"It is absolutely extraordinary that they are able to get away with paying zero tax in this country," said Green Party co-leader James Shaw. "I really like Apple products -- they're incredibly innovative -- but it looks like their tax department is even more innovative than their product designers."
Patents

Maryland Legislator Wants To Keep State University Patents Away From Trolls (eff.org) 52

The EFF's "Reclaim Invention" campaign provided the template for a patent troll-fighting bill recently introduced in the Maryland legislature to guide public universities. An anonymous reader writes: The bill would "void any agreement by the university to license or transfer a patent to a patent assertion entity (or patent troll)," according to the EFF, requiring universities to manage their patent portfolios in the public interest. James Love, the director of the nonprofit Knowledge Ecology International, argues this would prevent assigning patents to "organizations who are just suing people for infringement," which is especially important for publicly-funded colleges. "You don't want public sector patents to be used in a way that's a weapon against the public." Yarden Katz, a fellow at Harvard's Berkman Klein Center for Internet amd Society, says the Maryland legislation would "set an example for other states by adopting a framework for academic research that puts public interests front and center."
The EFF has created a web page where you can encourage your own legislators to pass similar bills, and to urge universities to pledge "not to knowingly license or sell the rights of inventions, research, or innovation...to patent assertion entities, or patent trolls."
Microsoft

WikiLeaks Won't Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met (fortune.com) 227

"WikiLeaks has made initial contact with us via secure@microsoft.com," a Microsoft spokesperson told Motherboard -- but then things apparently stalled. An anonymous reader quotes Fortune: Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security "zero days" and other surveillance methods in the possession of the Central Intelligence Agency... Wikileaks' demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard's sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.
Julian Assange announced Friday that Mozilla had already received information after agreeing to their "industry standard responsible disclosure plan," then added that "most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies... such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA." Assange suggested users "may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves."
Government

NY Bill Would Require Removal of Inaccurate, Irrelevant Or Excessive Statements (washingtonpost.com) 155

schwit1 writes: In a bill aimed at securing a "right to be forgotten," introduced by Assemblyman David I. Weprin and (as Senate Bill 4561 by state Sen. Tony Avella), New York politicians would require people to remove "inaccurate," "irrelevant," "inadequate" or "excessive" statements about others... Failure to comply would make the search engines or speakers liable for, at least, statutory damages of $250/day plus attorney fees.
The Washington Post reports the bill's provisions would be as follows: Within 30 days of a "request from an individual, all search engines [and online speakers] shall remove...content about such individual, and links or indexes to any of the same, that is 'inaccurate', 'irrelevant', 'inadequate' or 'excessive,' and without replacing such removed...content with any disclaimer [or] takedown notice.... [I]naccurate', 'irrelevant', 'inadequate', or 'excessive' shall mean content, which after a significant lapse in time from its first publication, is no longer material to current public debate or discourse, especially when considered in light of the financial, reputational and/or demonstrable other harm that the information...is causing to the requester's professional, financial, reputational or other interest, with the exception of content related to convicted felonies, legal matters relating to violence, or a matter that is of significant current public interest, and as to which the requester's role with regard to the matter is central and substantial."
Crime

Your Hotel Room Photos Could Help Catch Sex Traffickers (cnn.com) 151

100,000 people people have already downloaded an app that helps fight human trafficking. dryriver summarizes a report from CNN: Police find an ad for paid sex online. It's an illegally trafficked underage girl posing provocatively in a hotel room. But police don't know where this hotel room is -- what city, what neighborhood, what hotel or hotel room. This is where the TraffickCam phone app comes in. When you're staying at a hotel, you take pictures of your room... The app logs the GPS data (location of the hotel) and also analyzes what's in the picture -- the furniture, bed sheets, carpet and other visual features. This makes the hotel room identifiable. Now when police come across a sex trafficking picture online, there is a database of images that may reveal which hotel room the picture was taken in.
"Technology drives everything we do nowadays, and this is just one more tool that law enforcement can use to make our job a little safer and a little bit easier," says Sergeant Adam Kavanaugh, supervisor of the St. Louis County Multi-Jurisdictional Human Trafficking Task Force. "Right now we're just beta testing the St. Louis area, and we're getting positive hits," he says (meaning ads that match hotel-room photos in the database). But the app's creators hope to make it available to all U.S. law enforcement within the next few months, and eventually globally, so their app is already collecting photographs from hotel rooms around the world to be stored for future use.
Crime

Company's Former IT Admin Accused of Accessing Backdoor Account 700+ Times (bleepingcomputer.com) 63

An anonymous reader writes: "An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer," reports BleepingComputer. Court papers reveal the IT admin left to be the CTO at one of the sportswear company's IT suppliers after working for 14 years at his previous employer. For more than two years, he's [allegedly] been using an account he created before he left to access his former colleagues' emails and gather information about the IT services they might need in the future. The IT admin was fired from his CTO job after his new employer found out what he was doing.
One backdoor, which enabled both VPN and VDI connections to the company's network, granted access to a "jmanming" account for a non-existent employee named Jeff Manning...
The Military

The US Army Finally Gets The World's Largest Laser Weapon System (bizjournals.com) 130

It's been successfully tested on trucks, as well as UAVs and small rockets, according to a video from Lockheed Martin, which is now shipping the first 60kW-class "beam combined" fiber laser for use by the U.S. Army. An anonymous reader quotes the Puget Sound Business Journal: Lockheed successfully developed and tested the 58 kW laser beam earlier this year, setting a world record for this type of laser. The company is now preparing to ship the laser system to the U.S. Army Space and Missile Defense Command/Army Forces Strategic Command in Huntsville, Alabama [according to Robert Afzal, senior fellow for Lockheed's Laser and Sensor Systems in Bothell]. "We have shown that a powerful directed energy laser is now sufficiently light-weight, low volume and reliable enough to be deployed on tactical vehicles for defensive applications on land, at sea and in the air..." Laser weapons, which complement traditional kinetic weapons in the battlefield, will one day protect against threats such as "swarms of drones" or a flurry of rockets and mortars, Lockheed said.
Encryption

Ask Slashdot: How Would You Implement Site-Wide File Encryption? 151

Recently-leaked CIA documents prove that encryption works, according to the Associated Press. But how should sys-admins implement site-wide file encryption? Very-long-time Slashdot reader Pig Hogger writes: If you decide to implement server-level encryption across all your servers, how do you manage the necessary keys/passwords/passphrases to insure that you have both maximum uptime (you can access your data if you need to reboot your servers), yet that the keys cannot be compromised... What are established practices to address this issue?
Keep in mind that you can't change your password once the server's been seized, bringing up the issue of how many people know that password. Or is there a better solution? Share you suggestions and experiences in the comments. How would you implement site-wide file encryption?
Government

CBS Reports 'Suspicious' Cell Phone Tower Activity In Washington DC (cbsnews.com) 187

"An unusually high amount of suspicious cell phone activity in the nation's capital has caught the attention of the Department of Homeland Security, raising concerns that U.S. officials are being monitored by a foreign entity," reports CBS News: The issue was first reported in the Washington Free Beacon, but a source at telecom security firm ESD America confirmed the spike in suspicious activity to CBS News. ESD America, hired preemptively for a DHS pilot program this January called ESD Overwatch, first noticed suspicious activity around cell phone towers in certain parts of the capital, including near the White House. This kind of activity can indicate that someone is monitoring specific individuals or their devices... According to the ESD America source, the first such spike of activity was in D.C. but there have been others in other parts of the country. Based on the type of technology used, the source continued, it is likely that the suspicious activity was being conducted by a foreign nation.
The news coincides with a letter sent to the DHS by two congressmen "deeply concerned" about vulnerabilities in the SS7 protocol underlying U.S. cellular networks, according to an article shared by Slashdot reader Trailrunner7. Senator Ron Wyden and Representative Ted Lieu are asking if the agency has enough resources to address the threat. "Although there have been a few news stories about this topic, we suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones."
China

China's Police Will Shoot Illegal Drones With Radio-Jamming Rifles (mashable.com) 62

"Police in China are being equipped with new high-tech weaponry to help them fight back against illegal drone use," writes new submitter drunkdrone. Mashable reports: A Chinese city's police department is arming itself with more than 20 drone-jamming rifles...which work by emitting radio signals that force the drones to land, purportedly without damaging them. The drone-killing rifles will be used during the upcoming 2017 Wuhan Marathon, to raise security. Wuhan police demonstrated the drone-killing rifles last week, where they shot down six drones, according to the Chutian Metropolitan Daily.
Each rifle costs $36,265, and has a range of 0.6 miles.
Botnet

Bruce Schneier Calls for IoT Legislation, Argues The Internet Is Becoming One Giant Robot (linux.com) 84

"We're building a world-size robot, and we don't even realize it," security expert Bruce Schneier warned the Open Source Leadership Summit. As mobile computing and always-on devices combine with the various network-connected sensors, actuators, and cloud-based AI processing, "We are building an internet that senses, thinks, and acts." An anonymous reader quotes Linux.com: You can think of it, he says, as an Internet that affects the world in a direct physical manner. This means Internet security becomes everything security. And, as the Internet physically affects our world, the threats become greater. "It's the same computers, it could be the same operating systems, the same apps, the same vulnerability, but there's a fundamental difference between when your spreadsheet crashes, and you lose your data, and when your car crashes and you lose your life," Schneier said...

"I have 20 IoT-security best-practices documents from various organizations. But the primary barriers here are economic; these low-cost devices just don't have the dedicated security teams and patching/upgrade paths that our phones and computers do. This is why we also need regulation to force IoT companies to take security seriously from the beginning. I know regulation is a dirty word in our industry, but when people start dying, governments will take action. I see it as a choice not between government regulation and no government regulation, but between smart government regulation and stupid government regulation."

Communications

Could We Eliminate Spam With DMARC? (zdnet.com) 124

An anonymous reader writes: "The spam problem would not only be significantly reduced, it'd probably almost go away," argues Paul Edmunds, the head of technology from the cybercrimes division of the U.K.'s National Crime Agency -- suggesting that more businesses should be using DMARC, an email validation system that uses both the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). "Edmunds argued, if DMARC was rolled out everywhere in order to verify if messages come from legitimate domains, it would be a major blow to spam distributors and take a big step towards protecting organizations from this type of crime..." reports ZDNet. "However, according to a recent survey by the Global Cyber Alliance, DMARC isn't widely used and only 15% of cybersecurity vendors themselves are using DMARC to prevent email spoofing.
Earlier this month America's FTC also reported that 86% of major online businesses used SPF to help ISPs authenticate their emails -- but fewer than 10% have implemented DMARC.
Government

US Lawmakers Propose Minimum Seat Sizes For Airlines (consumerist.com) 266

The size of each passenger's seat on an airplane -- as well as the distance between rows of seats -- should be standardized, according to legislation proposed by two American lawmakers. Slashdot reader AmiMoJo quotes Consumerist: The text of the bill does not specify any dimensions for seat widths or legroom. Rather, if the legislation is passed, the particulars would be left up to the FAA to sort out... Though seat size may vary from airline to airline, Cohen notes that the average distance between rows of seats has dropped from 35 inches before airline deregulation in the 1970s, to around 31 inches today. Your backside is getting the squeeze, as well, as the average width of an airline seat has also shrunk from 18 inches to about 16.5 inches.
Security

Windows 10 UAC Bypass Uses Backup and Restore Utility (bleepingcomputer.com) 58

An anonymous reader writes: "A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning," reports BleepingComputer. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware. Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10 (not earlier OS versions) and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility
Crime

Judge Grants Search Warrant For Everyone Who Searched a Crime Victim's Name On Google (startribune.com) 101

Hennepin County District Judge Gary Larson has issued a search warrant to Edina, Minnesota police to collect information on people who searched for variations of a crime victim's name on Google from Dec. 1 through Jan. 7. Google would be required to provide Edina police with basic contact information for people targeted by the warrant, as well as Social Security numbers, account and payment information, and IP and MAC addresses. StarTribune reports: Information on the warrant first emerged through a blog post by public records researcher Tony Webster. Edina police declined to comment Thursday on the warrant, saying it is part of an ongoing investigation. Detective David Lindman outlined the case in his application for the search warrant: In early January, two account holders with SPIRE Credit Union reported to police that $28,500 had been stolen from a line of credit associated with one of their accounts, according to court documents. Edina investigators learned that the suspect or suspects provided the credit union with the account holder's name, date of birth and Social Security number. In addition, the suspect faxed a forged U.S. passport with a photo of someone who looked like the account holder but wasn't. Investigators ran an image search of the account holder's name on Google and found the photo used on the forged passport. Other search engines did not turn up the photo. According to the warrant application, Lindman said he had reason to believe the suspect used Google to find a picture of the person they believed to be the account holder. Larson signed off on the search warrant on Feb. 1. According to court documents, Lindman served it about 20 minutes later.
Crime

FBI Arrests Alleged Attacker Who Tweeted Seizure-Inducing Strobe at a Writer (theverge.com) 151

From a report on The Verge: An arrest has been made three months after someone tweeted a seizure-inducing strobe at writer and Vanity Fair contributing editor Kurt Eichenwald. The Dallas FBI confirmed the arrest to The Verge today, and noted that a press release with more details is coming. Eichenwald, who has epilepsy, tweeted details of the arrest and said that more than 40 other people also sent him strobes after he publicized the first attack. Their information is now with the FBI, he says. It isn't clear whether these "different charges" relate to similar online harassment incidents or something else entirely.
Google

Google's Allo App Can Reveal To Your Friends What You've Searched (recode.net) 61

Google's new messaging app Allo can reveal your search history and other personal information when you include the Google Assistant bot in chats, according to a report. From the article: My friend directed Assistant to identify itself. Instead of offering a name or a pithy retort, it responded with a link from Harry Potter fan website Pottermore. The link led to an extract from "Harry Potter and the Order of the Phoenix," the fifth book in J.K. Rowling's Harry Potter series. But the response was not merely a nonsequitur. It was a result related to previous searches my friend said he had done a few days earlier. [...] When I asked "What is my job?" in my conversation with my friend, Assistant responded by sharing a Google Maps image showing the address at which I used to work -- the address of a co-working space, not the publicly listed address of my previous employer. Google had the address on file because I had included it in my personal Google Maps settings. It did not ask my permission to share that.
Education

Ebook Pirates Are Relatively Old and Wealthy, Study Finds (torrentfreak.com) 153

A new study has found that people who illegally download ebooks are older and wealthier than most people's perception of the average pirate. From a report on TorrentFreak: Commissioned by anti-piracy company Digimarc, the study suggests that people aged between 30 and 44 years old with a household income of between $60k and $99k are most likely to grab a book without paying for it. [...] In previous studies, it has been younger downloaders that have grabbed much of the attention, and this one is no different. Digimarc reveals that 41 percent of all adult pirates are aged between 18 and 29 but perhaps surprisingly, 47 percent fall into the 30 to 44-year-old bracket. At this point, things tail off very quickly, as the remaining 13 percent are aged 45 or up.
Transportation

A US Ally Shot Down a $200 Drone With a $3 Million Patriot Missile (theverge.com) 318

An anonymous reader shares a report on The Verge: Earlier this week, General David Perkins, the commander of the US Army Training and Doctrine Command (TRADOC) spoke at the Association of the US Army's Global Force symposium, where he discussed the threats that the US military would begin to face in the coming years. One notable example is how a US ally recently shot down a $200 consumer drone with a $3.4 million worth Patriot Missile. Perkins' talk during the symposium focused on the complexity of a military organization in the field, and how the interconnected nature of air, ground, and sea forces can lead to a fragmented response to a threat between the commanders who are in charge of specific areas. [...] "The gut instinct was," he explains, "that's an air defense problem, because they're in the air." "In fact," he went on to say, "we have a very close ally of ours that was dealing with an adversary using small quadcopter UASs, and they shot it down with a Patriot missile." The problem, he said, wasn't effectiveness: the tiny drone didn't stand a chance -- the issue is economics.

Slashdot Top Deals