schwit1 writes from a report via Behind The Black: The tests the EPA uses to establish the fuel efficiency of cars are unreliable, and likely provide no valid information at all about the fuel efficiency of the cars tested. Robert Zimmerman reports from Behind The Black: "The law requiring cars to meet these fuel efficiency tests was written in the 1970s, and specifically sets standards based on the technology then. Worse, the EPA doesn't know exactly how its CAFE testing correlates with actual results, because it has never done a comprehensive study of real-world fuel economy. Nor does anyone else. The best available data comes from consumers who report it to the DOT (WARNING: Source may be paywalled) -- hardly a scientific sampling. Other than that, everything is fine. Companies are forced to spend billions on this regulation, the costs of which they immediately pass on to consumers, all based on fantasy and a badly-written law. Gee, I'm sure glad we never tried this with healthcare!"
An anonymous reader writes: Two weeks ago, China released its first ever set of digital ad regulations that impacted Chinese market leaders like Baidu and Alibaba. "But hidden among (the new regulations) is language that would seem to all but ban ad blocking," wrote Adblock Plus (ABP) operations manager Ben Williams in a blog post Wednesday. The new regulations prohibit "the use of network access, network devices, applications, and the disruption of normal advertising data, tampering with or blocking others doing advertising business (or) unauthorized loading the ad." There is also a clause included that addresses tech companies that "intercept, filter, cover, fast-forward and [impose] other restrictions" on online ad campaigns. ABP general counsel Kai Recke said in an email to AdExchanger that the Chinese State Administration for Industry and Commerce (SAIC) has much more control over the market than its otherwise equal U.S. counterpart, the Federal Communications Commission (FCC). "After all it looks like the Chinese government tries to get advertising more under their control and that includes that they want to be the only ones to be allowed to remove or alter ads," said Recke. "Ad-block users are a distinct audience and they require a distinct strategy and ways to engage them," said ABP CEO Till Faida at AdExchanger's Clean Ads I/O earlier this year. "They have different standards they've expressed for accessing them, and advertising has to reflect that."
Karl Bode, reporting for DSLReports: Several users have written in to note that Verizon has informed them the company will begin charging FiOS customers with an older router a new "Router Maintenance Charge." An e-mail being sent to many Verizon FiOS customers says that the fee of $2.80 will soon be charged every month -- unless users pay Verizon to get a more recent iteration of its FiOS gateway and router. Since Verizon FiOS often uses a MOCA coax connection and the gateway is needed for Verizon TV, many FiOS users don't have the ability to swap out gear as easily as with other ISPs. "Our records indicate that you have an older model router that is being discontinued," states the e-mail. "If you do plan to keep using your current router, we will begin billing, on 9.29.16, a monthly Router Maintenance Charge of $2.80 (plus taxes), to ensure we deliver the best support."
An anonymous reader quotes a report from HotHardware: The U.S. Navy has been accused of pirating 3D software after first testing a software package offered by Germany company Bitmanagement Software GmbH. The company is suing the United States of America for nearly $600 million. HotHardware reports: "According to the court filing, Bitmanagement licensed its BS Contact Geo software for use on 38 Navy computers from 2011 to 2012. This limited rollout was 'for the purposes of testing, trial runs, and integration into Navy systems.' While this test period was underway, the Navy reportedly began negotiating to license the software for use on thousands of additional computers. However, even as the negotiations were ongoing, the Navy decided to go ahead and initiate its full-scale rollout without actually paying for the software. In total, the initial 38 computers allegedly swelled to 104,922 computers by October 2013. As of today, BS Contact GEO is claimed to be installed on 558,466 Navy computers, although 'likely this unauthorized copying has taken place on an even larger scale' according to the filing. As if the unauthorized installation of software onto hundreds of thousands of computers wasn't enough, Bitmanagement is alleging that the Navy during 2014 began disabling the Flexwrap software that is tasked with tracking the use of BS Contact Geo and helping to prevent it from being duplicated. When this software piracy was taking place, the retail price of a single BS Contact Geo license was $1067.76. With nearly 600,000 computers now in play, Bitmanagement is seeking a whopping $596,308,103 in damages. The lawsuit, which alleges willful copyright infringement was filed on July 15th."
France's National Data Protection Commission (CNIL) has ordered Microsoft to "stop collecting excessive data and tracking browsing by users without consent," adding that Microsoft must comply with the French Data Protection Act within next three months. BetaNews reports: In addition to this, the chair of CNIL has notified Microsoft that it needs to take "satisfactory measures to ensure the security and confidentiality of user data." The notice comes after numerous complaints about Windows 10, and a series of investigations by French authorities which revealed a number of failings on Microsoft's part. Microsoft is accused of not only gathering excessive data about users, but also irrelevant data. The CNIL points to Windows 10's telemetry service which gathers information about the apps users have installed and how long each is used for. The complaint is that "these data are not necessary for the operation of the service."
Mozilla has announced that it plans to discontinue support for Flash in Firefox. Starting next month, Firefox will block Flash content "that is not essential to the user experience." Also, starting sometime in 2017, the browser will require click-to-activate approval from users before a website activates the Flash plugin for any content. In a blogpost, the company writes:Mozilla and the Web as a whole have been taking steps to reduce the need for Flash content in everyday browsing. Over the past few years, Firefox has implemented Web APIs to replace functionality that was formerly provided only by plugins. This includes audio/video playback and streaming capabilities, clipboard integration, fast 2D and 3D graphics, WebSocket networking, and microphone/camera access. As websites have switched from Flash to other web technologies, the plugin crash rate in Firefox has dropped significantly. [...] We continue to work closely with Adobe to deliver the best possible Flash experience for our users.
Dan Goodin, reporting for Ars Technica: A newly disclosed vulnerability could allow attackers to seize control of mobile phones and key parts of the world's telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks, security experts warned Tuesday. The bug resides in a code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones. Although exploiting the heap overflow vulnerability would require great skill and resources, attackers who managed to succeed would have the ability to execute malicious code on virtually all of those devices. The code library was developed by Pennsylvania-based Objective Systems and is used to implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One."The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources," researchers who discovered the flaw wrote in an advisory published Monday evening. "These may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network."
When it was first created, Skype network was built as a decentralized peer-to-peer system. PCs that had enough processing muscle and bandwidth acted as "supernodes," and coordinated connections between other machines on the network. This p2p system was generally perceived as being relatively private, a belief that has since been debunked. There were several technical challenges, which led Microsoft to move most of Skype's operations to the cloud. Ars Technica is reporting that the company has finalized the switch. From the article: Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients -- in particular, those integrated into smart TVs and available for the PlayStation 3 -- are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds: The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype's traditionally peer-to-peer infrastructure. Accordingly, we've seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype's peer-to-peer system can only raise suspicions here.Matthew Green, who teaches cryptography at Johns Hopkins, said: "The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won't just admit it."
An anonymous reader writes from a report via ZDNet: Since announcing how many government data requests and wiretap orders it receives, Amazon has so far issued two transparency reports. The two reports outline how many subpoenas, search warrants, and court orders the company received to cloud service, Amazon Web Services. The cloud makes up a large portion of all the data Amazon gathers, but the company does also collect vast amounts of data from its retail businesses, mobile services, book purchases, and requests made to Echo. The company's third report is due to be released in a few weeks but an Amazon spokesperson wouldn't comment on whether or not the company will expand its transparency report to include information regarding whether or not the Amazon Echo has been wiretapped. There are reportedly more than three million Amazon Echo speakers out in the wild. Gizmodo filed a freedom of information (FOIA) request with the FBI earlier this year to see if the agency had wiretapped an Echo as part of a criminal investigation. The FBI didn't confirm or deny wiretapping the Echo. Amazon was recently awarded a patent for drone docking and recharging stations that would be built on tall, existing structures like lampposts, cell towers, or church steeples.
An anonymous reader quotes a report from RT: Despite a massive cyberattack on its website, WikiLeaks has published the first batch of nearly 300,000 emails from the Turkish ruling AKP party's internal server and thousands of attached files in response to the Ankara government's widespread post-coup purges. Some 294,548 emails pertaining to Turkish president Recep Tayyip Erdogan's Justice and Development Party (AKP) were made public on Tuesday at 11:00pm Ankara time. WikiLeaks says that the release of almost 300,000 email bodies together with several thousand attached files, is just part one in the series and encompasses 762 mailboxes beginning with 'A' through to 'I.' All emails are attributed to "akparti.org.tr," the primary domain of the main political force in the country, and cover a period from 2010 up until July 6, 2016, just a week before the failed military coup. The NGO also revealed that one of the emails contained an Excel database of the cell phone numbers of AKP deputies. Prior to the release WikiLeaks suffered a "sustained attack" as it warned that Turkish government entities might try to interfere with the publication of the AKP material. The attacks are still continuing and users are experiencing difficulties in accessing the material. WikiLeaks reassured the public that they are "winning" the battle. A few hours after the release, WikiLeaks tweeted a screenshot showing the database to be blocked in Turkey, claiming that Ankara "ordered [the release] to be blocked nationwide." More than 200 people have died and over 1,400 injured from the attempted coup. Thousands of people have also been detained and/or lost their posts across the judiciary, military, interior ministry and civil service sectors. The Turkish president Erdogan is blaming the U.S.-based cleric Fethullah Gulen for orchestrating the attempted coup.
An anonymous reader writes from a report via The Consumerist: Amazon has received a patent that shows what drones may be doing when they're not flying throughout the sky delivering packages: sitting on lampposts and church steeples. "Amazon was recently awarded a patent for docking and recharging stations that would be built on tall, existing structures like lampposts, cell towers, or church steeples," reports The Consumerist. "Once the drone is done making a delivery, it would be able to land on the station, recharge and refuel, as well as pick up additional packages." A "central control system" would then be able to control each docking station and connect the docked drone(s) with a local or regional packaged handling center or central facility. Based on weather or package data, the drones may be commanded accordingly. The patent says the system will not only provide directions based to the drone, but will have the ability to redirect the unmanned aerial vehicle based on the most favorable conditions, such as a route with less wind. The patent describes a system in which the drone delivers a package to the platform that then moves the item via a "vacuum tube, dumbwaiter, elevator, or conveyor to the ground level." From there, the package could be transferred to an Amazon Locker or a local delivery person. The docking stations could also act as cell towers that "provide local free or fee-based Wi-Fi services. This can enable cities to provide free Wi-Fi in public parks, buildings, and other public areas without bearing the burden of installing some, or all, of the necessary infrastructure."
An anonymous reader writes: The Library of Congress (LOC) announced via Twitter Monday that they were the target of a denial-of-service attack. The attack was detected on July 17 and has caused other websites hosted by the LOC, including the U.S. Copyright Office, to go down. In addition, employees of the Library of Congress were unable to access their work email accounts and to visit internal websites. The outages continue to affect some online properties managed by the library. "In June 2015, the Government Accountability Office, or GAO, published a limited distribution report -- undisclosed publicly though it was sourced in a 2015 GAO testimony to the Committee on House Administration -- highlighting digital security deficiencies apparent at the Library of Congress, including poor software patch management and firewall protections," reports FedScoop.
Microsoft and Google are under no obligation to weed out 'torrent' results from their respective search engines, the High Court of Paris has ruled. BetaNews adds: French music industry group SNEP went to court on behalf of a trio of artists, requesting that Microsoft and Google automatically filter out links to pirated material. The group had called for a complete block on searches that include the word 'torrent' as well as blocking sites whose name includes the word. The court found that SNEP's request was far too broad, saying: "SNEP's requests are general, and pertain not to a specific site but to all websites accessible through the stated methods, without consideration for identifying or even determining the site's content, on the premise that the term 'Torrent' is necessarily associated with infringing content".The court added that 'torrent' is a common noun, which has a range of different meanings.
An anonymous reader writes: Bulk collection of data from phone calls and emails by carriers acting under government orders could be permissible in the pursuit of 'serious crime'. That's the preliminary ruling in a case brought by Brexit chief minister David Davis against PM Theresa May before the European Union's highest court. The ruling suggests bulk collection and retention of customer data might not be in breach of the EU Charter of Fundamental Rights -- if it's done legally and with safeguards. Davis with Labour Party deputy leader Tom Watson and others brought their case to the European Court of Justice in February.
Madison Margolin, reporting for Motherboard: A glitch in Google Maps has turned the small fishing town of Sokcho, South Korea, into a Pokemon Go tourist haven. The globally popular mobile game hasn't launched yet in South Korea, but that hasn't stopped clever gamers from finding a way to play it anyways. The city of Sokcho is taking full advantage of it, according to this video by the Wall Street Journal. Because of Cold War era laws preventing North Korea from obtaining maps of the country, the use of Google Maps is restricted in South Korea, the WSJ reports. However, a fluke in the system allows it to work in Sokcho, in the northeast corner of the country, just outside the DMZ (demilitarized zone) between North and South Korea. Sokcho is outside the range of indexing grids that Pokemon Go developers used for mapping restrictions of South Korea and other countries.
A Brazilian judge has ordered wireless phone carriers to block access to Facebook's WhatsApp indefinitely, starting on Tuesday, the third such incident against the popular phone messaging app in eight months. Reuters report: The decision by Judge Daniela Barbosa Assuncao de Souza in the southeastern state of Rio de Janeiro applies to Brazil's five wireless carriers. The reason for the order was not known due to legal secrecy in an ongoing case, and will only be lifted once Facebook surrenders data, Souza's office said. Sao Paulo-based representatives at WhatsApp, which is owned by Facebook Inc, as well as the Brazilian five carriers -- Telefonica Brasil SA, America Movil SAB's Claro, TIM Participacoes SA, Oi SA and Nextel Participacoes SA.
The attorneys general of New York, Massachusetts, and Maryland are suing Volkswagen for violating state environmental regulations with its diesel emissions cheating scandal. The states say that the car company has violated their air quality laws, combined with some sort of anti-fraud measure for the defeat mechanisms to bypass emissions testing. The move comes after many states agreed to a $14.7 billion settlement for violating consumer protection and EPA and California state environmental regulations. The Verge reports: "Volkswagen, Audi and Porsche defrauded thousands of Massachusetts consumers, polluted our air, and damaged our environment and then, to make matters worse, plotted a massive cover-up to mislead environmental regulators," said Massachusetts Attorney General Maura Healey in a statement. This was echoed by New York Attorney General Eric T. Schneiderman, who released his own statement saying "the allegations against Volkswagen, Audi and Porsche reveal a culture of deeply-rooted corporate arrogance, combined with a conscious disregard for the rule of law and the protection of public health and the environment."
Stephanie Condon, writing for ZDNet: Government requests for user data from Google hit an all-time high in the second half of 2015, the internet company revealed on Monday. Through July to December 2015, governments from around the globe made 40,677 requests, impacting as many as 81,311 user accounts. That's an 18 percent spike from the first half of 2015, when government requests for data impacted 68,908 users. By far and away, the most requests came from the United States, which made 12,523 data requests for this reporting period. The requests impacted 27,157 users or accounts. Google reports the number of user data requests it has received every six-month period going as far back as the second half of 2009. It started detailing the number of users and/or accounts impacted in the first half of 2011. "Usage of our services have increased every year, and so have the user data request numbers," the company noted. Since the second half of 2010, Google has reported the percentage of user data requests it at least partially complies with. For the second half of 2015, the company produced at least some data for 64 percent of requests. That figure has been about the same since 2013, but it's been trending slightly downward. Google complied with 79 percent of requests from the United States.
New submitter yzf750 quotes a report from ESPN: A federal judge sentenced the former scouting director of the St. Louis Cardinals [Christopher Correa] to nearly four years in prison Monday for hacking the Houston Astros' player personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs. "The data breach was reported in June 2014 when Astros general manager Jeff Luhnow told reporters the team had been the victim of hackers who accessed servers and proceeded to publish online months of internal trade talks," reports ESPN. "Luhnow had previously worked for the Cardinals. The FBI said Correa was able to gain access using a password similar to that used by a Cardinals employee who 'had to turn over his Cardinals-owned laptop to Correa along with the laptop's password' when he was leaving for a job with the Astros in 2011. Prosecutors have said Correa in 2013 improperly downloaded a file of the Astros' scouting list of every eligible player for that year's draft. They say he also improperly viewed notes of trade discussions as well as a page that listed information such as potential bonus details, statistics and notes on recent performances and injuries by team prospects. Authorities say that after the Astros took security precautions involving [a database called Ground Control] following a Houston Chronicle story about the database, Correa was able to still get into it. Authorities say he hacked the email system and was able to view 118 pages of confidential information, including notes of trade discussions, player evaluations and a 2014 team draft board that had not yet been completed. Federal prosecutors say the hacking cost the Astros about $1.7 million, taking into account how Correa used the Astros' data to draft players. Christopher Correa had pleaded guilty in January to five counts of unauthorized access of a protected computer from 2013 to at least 2014, the same year he was promoted to director of baseball development in St. Louis. He was fired last summer and now faces 46 months behind bars and a court order to pay $279,038 in restitution. He had faced up to five years in prison on each count."
Trailrunner7 quotes a report from On the Wire: A security researcher has discovered a method that would have enabled fraudsters to steal thousands of dollars from Facebook, Microsoft, and Google by linking premium-rate numbers to various accounts as part of the two-step verification process. Arne Swinnen discovered the issue several months ago after looking at the way that several of these companies's services set up their two-step verification procedures. Facebook uses two-step verification for some of its services, including Instagram, and Google and Microsoft also employ it for some of their user accounts. Swinnen realized that the companies made a mistake in not checking to see whether the numbers that users supply as contact points are legitimate. "They all offer services to supply users with a token via a computer-voiced phone call, but neglected to properly verify whether supplied phone numbers were legitimate, non-premium numbers. This allowed a dedicated attacker to steal thousands of EUR/USD/GBP," Swinnen said in a post explaining the bug. "For services such as Instagram and Gmail, users can associate a phone number with their accounts," reports On the Wire. "In the case of Instagram, users can find other people by their phone number, and when a user adds a number, Instagram will send a text to verify the number. If the user never enters the code included in the text, Instagram will eventually call the number. Swinnen noticed that Instagramâ(TM)s robocallers would call any number supplied, including premium-rate numbers. 'One attacker could thus steal 1 GBP per 30 minutes, or 48 GBP/day, 1.440 GBP/month or 17.280/year with one pair. However, a dedicated attacker could easily setup and manage 100 of these pairs, increasing these numbers by a factor 100: 4.800 GBP/day, 144.000 GBP/month or 1.728.000 GBP/year.'"