Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Government

FBI To Gain Expanded Hacking Powers as Senate Effort To Block Fails (reuters.com) 153

A last-ditch effort in the Senate to block or delay rule changes that would expand the U.S. government's hacking powers failed Wednesday, despite concerns the changes would jeopardize the privacy rights of innocent Americans and risk possible abuse by the incoming administration of President-elect Donald Trump. Reuters adds: Democratic Senator Ron Wyden attempted three times to delay the changes which, will take effect on Thursday and allow U.S. judges will be able to issue search warrants that give the FBI the authority to remotely access computers in any jurisdiction, potentially even overseas. His efforts were blocked by Senator John Cornyn of Texas, the Senate's second-ranking Republican. The changes will allow judges to issue warrants in cases when a suspect uses anonymizing technology to conceal the location of his or her computer or for an investigation into a network of hacked or infected computers, such as a botnet.
Facebook

Facebook Cuts Off Competitor Prisma's API Access (nymag.com) 65

Photo-filter app Prisma, the popular program which makes pictures and video look like painterly art, had its access to Facebook's Live Video API revoked this month. From a report on NYMag:According to Prisma, Facebook justified choking off Prisma's access by stating, "Your app streams video from a mobile device camera, which can already be done through the Facebook app. The Live Video API is meant to let people publish live video content from other sources such as professional cameras, multi-camera setups, games or screencasts." This is the implied aim of Facebook's video API, the technical entry point for producers to pump video into Facebook's network: The API is meant for broadcasting setups that are not phone-based. The problem is that none of this is explained in Facebook's documentation for developers. In fact, it states the opposite. Here is the very first question from the company's Live API FAQ: "The Live API is a data feed and the "glue" needed to create higher-quality live videos on Facebook. It allows you to send live content directly to Facebook from any camera."
Privacy

China Pilots a System That Rates Citizens on 'Social Credit Score' To Determine Eligibility For Jobs, Travel (technologyreview.com) 204

Speculations have turned out be true. The Chinese government is now testing systems that will be used to create digital records of citizens' social and financial behavior. In turn, these will be used to create a so-called social credit score, which will determine whether individuals have access to services, from travel and education to loans and insurance cover. Some citizens -- such as lawyers and journalists -- will be more closely monitored. From a report on MIT Technology Review: Planning documents apparently describe the system as being created to "allow the trustworthy to roam everywhere under heaven while making it hard for the discredited to take a single step." The Journal claims that the system will at first log "infractions such as fare cheating, jaywalking and violating family-planning rules" but will be expanded in the future -- potentially even to Internet activity. Some aspects of the system are already in testing, but there are some challenges to implementing such a far-reaching apparatus. It's difficult to centralize all that data, check it for accuracy, and process it, for example -- let alone feed it back into the system to control everyday life. And China has data from 1.4 billion people to handle.
Java

Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability (arstechnica.com) 30

An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.
Security

Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com) 138

An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. "This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix.
Government

It Will Soon Be Illegal To Punish Customers Who Criticize Businesses Online (arstechnica.com) 154

An anonymous reader quotes a report from Ars Technica: Congress has passed a law protecting the right of U.S. consumers to post negative online reviews without fear of retaliation from companies. The bipartisan Consumer Review Fairness Act was passed by unanimous consent in the U.S. Senate yesterday, a Senate Commerce Committee announcement said. The bill, introduced in 2014, was already approved by the House of Representatives and now awaits President Obama's signature. The Consumer Review Fairness Act -- full text available here -- voids any provision in a form contract that prohibits or restricts customers from posting reviews about the goods, services, or conduct of the company providing the product or service. It also voids provisions that impose penalties or fees on customers for posting online reviews as well as those that require customers to give up the intellectual property rights related to such reviews. The legislation empowers the Federal Trade Commission to enforce the new law and impose penalties when necessary. The bill also protects reviews that aren't available via the Internet.
Privacy

Jolla's Sailfish OS Now Certified as Russian Government's First 'Android Alternative' (techcrunch.com) 98

The future for one of the few remaining alternative mobile OS platforms, Jolla's Sailfish OS, looks to be taking clearer shape. Today the Finnish company which develops and maintains the core code, with the aim of licensing it to others, announced Sailfish has achieved domestic certification in Russia for government and corporate use. TechCrunch adds:In recent years the Russian government has made moves to encourage the development of alternatives to the duopoly of US-dominated smartphone platforms, Android and Apple's iOS -- flagging Sailfish as one possibility, along with Tizen. Although Sailfish looks to have won out as the preferred Android alternative for Russia at this point. The government has said it wants to radically reduce its reliance on foreign mobile OSes -- to 50 per cent by 2025 vs the 95 per cent of the market garnered by Android and iOS in 2015. Sailfish's local certification in Russia also follows an announcement earlier this year that a new Russian company, Open Mobile Platform (OMP), had licensed the OS with the intention of developing a custom version of the platform for use in the domestic market. So, in other words, a Russian, strategic 'Android alternative' is currently being built on Sailfish.
Communications

The UK Is About to Legalize Mass Surveillance [Update] (vice.com) 394

From a report on Motherboard: On Tuesday, the UK is due to pass its controversial new surveillance law, the Investigatory Powers Act, according to the Home Office. The Act, which has received overwhelming support in both the House of Commons and Lords, formally legalizes a number of mass surveillance programs revealed by Edward Snowden in 2013. It also introduces a new power which will force internet service providers to store browsing data on all customers for 12 months. Civil liberties campaigners have described the Act as one of the most extreme surveillance laws in any democracy, while law enforcement agencies believe that the collection of browsing data is vital in an age of ubiquitous internet communications. "The Investigatory Powers Act 2016 will ensure that law enforcement and the security and intelligence agencies have the powers they need in a digital age to disrupt terrorist attacks, subject to strict safeguards and world-leading oversight," a statement from the Home Office reads. Much of the Act gives stronger legal footing to the UK's various bulk powers, including "bulk interception," which is, in general terms, the collection of internet and phone communications en masse. In June 2013, using documents provided by Edward Snowden, The Guardian revealed that the GCHQ taps fibre-optic undersea cables in order to intercept emails, internet histories, calls, and a wealth of other data. Update: "Snooper's charter" bill has become the law. The home secretary said:"The Investigatory Powers Act is world-leading legislation, that provides unprecedented transparency and substantial privacy protection. "The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe. The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight."
Japan

Japan Fukushima Nuclear Plant 'Clean-Up Costs Double,' Approaching $200 Billion (bbc.com) 302

An anonymous reader quotes a report from BBC: Japan's government estimates the cost of cleaning up radioactive contamination and compensating victims of the 2011 Fukushima nuclear disaster has more than doubled, reports say. The latest estimate from the trade ministry put the expected cost at some 20 trillion yen ($180 billion). The original estimate was for $50 billion, which was increased to $100 billion three years later. The majority of the money will go towards compensation, with decontamination taking the next biggest slice. Storing the contaminated soil and decommissioning are the two next greatest costs. The compensation pot has been increased by about 50% and decontamination estimates have been almost doubled. The BBC's Japan correspondent, Rupert Wingfield-Hayes, says it is still unclear who is going to pay for the clean up. Japan's government has long promised that Tokyo Electric Power, the company that owns the plant, will eventually pay the money back. But on Monday it admitted that electricity consumers would be forced to pay a portion of the clean up costs through higher electricity bills. Critics say this is effectively a tax on the public to pay the debt of a private electricity utility.
EU

EU's Law Enforcement Agency Closes 4,500 Websites Peddling Fake Brands (phys.org) 72

An anonymous reader quotes a report from Phys.Org: In a massive crackdown, police and law enforcement agencies across Europe have seized more than 4,500 website domains trading in counterfeit goods, often via social networks, officials said on Monday. The operation came as Europol, Europe's police agency, unveiled its newest campaign dubbed "Don't F***(AKE) Up" to stop scam websites selling fake brand names online. In the crackdown, agencies from 27 countries mostly in Europe but including from the U.S. and Canada, joined forces to shut down over 4,500 websites. They were selling everything from "luxury goods, sportswear, spare parts, electronics, pharmaceuticals, toiletries and other fake products," Europol said in a statement, without saying how long the crackdown took. An annual operation run in collaboration with the U.S. Immigration and Customs Enforcement and Homeland Security, there was "a significant increase in the number of seized domain names compared to last year," said Europol director Rob Wainwright. As part of the crackdown, Dutch anti-fraud police arrested 12 people across The Netherlands over the past two weeks as they searched homes and warehouses. Most of the raids were prompted by online sales of counterfeit goods on social networking sites such as Facebook and Instagram. More than 3,500 items of clothing and fake luxury goods were seized in Holland, including shoes, bags and perfumes purporting to be such brands as Nike, Adidas, and Kenzo, with a market value of tens of thousands euros. Publishing a guide on how to spot fake websites and social media scams, Europol warned consumers had to be on their guard.
Government

EPA Increases Amount of Renewable Fuel To Be Blended Into Gasoline (arstechnica.com) 351

An anonymous reader quotes a report from Ars Technica: Last week the Environmental Protection Agency (EPA) announced its final renewable fuel standards for 2017, requiring that fuel suppliers blend an additional 1.2 billion gallons of renewable fuel into U.S. gas and diesel from 2016 levels. The rule breaks down the requirements to include quotas for cellulosic biofuels, biomass-based diesel, advanced biofuel, and traditional renewable fuel. Reuters points out that the aggressive new biofuel standards will create a dilemma for an incoming Trump administration, given that his campaign courted both the gas and corn industries. While the EPA under the Obama administration has continually increased so-called renewable fuel standards (RFS), the standards were first adopted by a majority-Republican Congress in 2005 and then bolstered in 2007 with a requirement to incorporate 36 billion gallons of renewable fuel into the fuel supply by 2022, barring "a determination that implementation of the program is causing severe economic or environmental harm," as the EPA writes. Some biofuels are controversial not just for oil and gas suppliers but for some wildlife advocates as well. Collin O'Mara, CEO of the National Wildlife Federation, said in a statement that the corn ethanol industry that most stands to benefit from the EPA's expansion of the renewable fuel standards "is responsible for the destruction of millions of acres of wildlife habitat and degradation of water quality." Still, the EPA contends that biofuels made from corn and other regenerating plants offer reductions in overall fuel emissions, if the processes used to make and transport the fuels are included. "Advanced biofuels" will offer "50 percent lifecycle carbon emissions reductions," and their share of the new standards will grow by 700 million gallons in 2017 from 2016 requirements, the EPA says. Cellulosic biofuel will be increased by 81 million gallons and biomass-based diesel will be increased by 100 million gallons. "Non-advanced or 'conventional' renewable fuel" will be increased to 19.28 billion gallons from 18.11 billion gallons in 2016. Conventional renewable fuel "typically refers to ethanol derived from corn starch and must meet a 20 percent lifecycle GHG [greenhouse gas] reduction threshold," according to EPA guidelines. Other kinds of renewable fuels include sugarcane-based ethanol, cellulosic ethanol derived from the stalks, leaves, and cobs leftover from a corn harvest, and compressed natural gas gleaned from wastewater facilities.
Google

Google Asked to Remove a Billion 'Pirate' Search Results in a Year (torrentfreak.com) 68

Copyright holders asked Google to remove more than 1,000,000,000 allegedly infringing links from its search engine over the past twelve months, TorrentFreak reports. According to stats provided in Google's Transparency Report for the past one year, Google was asked to remove over one billion links -- or 1,007,741,143 links. From the article: More than 90 percent of the links, 908,237,861 were in fact removed. The rest of the reported links were rejected because they were invalid, not infringing, or duplicates of earlier requests. In total, Google has now processed just over two billion allegedly infringing URLs from 945,000 different domains. That the second billion took only a year, compared to several years for the first, shows how rapidly the volume of takedown requests is expanding. At the current rate, another billion will be added by the end of next summer. Most requests, over 50 million, were sent in for the website 4shared.com. However, according to the site's operators many of the reported URLs point to the same files, inflating the actual volume of infringing content.
China

Microsoft Confirms Its Chinese-Language Chatbot Filters Certain Topics (fortune.com) 19

Microsoft's Chinese-language AI chat bot filters certain topics, the company confirmed Monday, although it did not clarify whether that included interactions deemed politically sensitive. From a report on Fortune: Last week, CNNMoney and China Digital Times reported that Xiaoice would not directly respond to questions surrounding topics deemed sensitive by the Chinese state. References to the Tiananmen Square massacre of 1989 or "Steamed Bun Xi," a nickname of Chinese President Xi Jinping, would draw evasive answers or non sequiturs from the chat bot, according to the report. "Am I stupid? Once I answer you'd take a screengrab," read one answer to a question that contained the words "topple the Communist Party." Even the mention of Donald Trump, the American President-elect, drew an evasive response from the chat bot, according to reports. "I don't want to talk about it," Xiaoice said, reports CNN Money. In response to inquiries from Fortune, Microsoft confirmed that there was some filtering around Xiaoice's interaction. "We are committed to creating the best experience for everyone chatting with Xiaoice," a Microsoft spokesperson tells Fortune. "With this in mind, we have implemented filtering on a range of topics." The tech giant did not further elaborate to which specific topics the filtering applied.
Businesses

Amazon and eBay Sellers' VAT Fraud Rife Despite Crackdown (theguardian.com) 81

Huge numbers of VAT fraudsters are illegally selling goods tax-free to British shoppers on Amazon and eBay, despite new government efforts to crack down on this ballooning 1bn pound VAT evasion crisis, reports the Guardian. From the article: A Guardian investigation found a wide variety of popular goods being illegally sold without VAT on Britain's leading shopping sites. They range from cheap Christmas tree lights, electric toothbrushes and thermal socks to expensive laptops, iPads, music keyboards, violins and pingpong tables. In some cases, VAT fraudsters offer unbeatable prices. Mostly, however, their prices remain in line with law-abiding competitors and the proceeds of evasion disappear overseas, often to China. Guardian investigations found many tax-evading sellers were trading without displaying VAT numbers on Amazon or eBay. Others were showing made up numbers, or numbers cloned, without authorisation, from unsuspecting legitimate businesses.
United Kingdom

48 Organizations Now Have Access To Every Brit's Browsing Hstory (zerohedge.com) 251

schwit1 quotes a report from Zero Hedge on Great Britain's newly-enacted "snoopers' charter": For those who missed our original reports, here is the new law in a nutshell: it requires telecom companies to keep records of all users' web activity for a year, creating databases of personal information that the firms worry could be vulnerable to leaks and hackers. Civil liberties groups say the law establishes mass surveillance of British citizens, following innocent internet users from the office to the living room and the bedroom. They are right. Which government agencies have access to the internet history of any British citizen? Here is the answer courtesy of blogger Chris Yuo, who has compiled the list
Click through to the comments to read the entire list.
Google

Online Pranksters Mock Trump's $149 Christmas Ornament, Rename Trump Tower on Google Maps (yahoo.com) 524

An anonymous reader quotes a Digital Trends story about a suspicious malfunction on Google Maps: At some point yesterday, Donald Trump's Fifth Avenue home was given a rather unceremonious rechristening, and a search for "Trump Tower" revealed a pin for "Dump Tower" instead. It was rather tricky to find for some, and required zooming in on the building itself at just the right angle (which is perhaps how the culprit got away with the stunt in the first place). At a separate angle, someone else (or perhaps the same person) transliterated the skyscraper's name in Russian Cyrillic, perhaps meant to be a jab at Trump's alleged ties to President Vladimir Putin and company... While the team [at Google Maps] managed to put out this first fire, another quickly arose to take its place (as is often the case on the internet), and later in the day on Saturday, Trump International Hotel and Tower in Columbus Circle was renamed Dump International Hotel and Tower. Meanwhile, another anonymous reader writes: Earlier this week Donald Trump emailed his supporters selling a $149 collectible "Make America Great Again" Christmas ornament finished with 14k gold, to raise money for both his campaign and the Republican party. But Yahoo News reports that it's now getting some suspicious negative (and politically-charged) reviews on its page on Amazon. ("One Star. "It tried to put my nativity figures into an internment camp.") And another reviewer even wrote a satirical story about how their family decided on the ornament for the tree. "During our family meeting we overwhelmingly chose the other ornament but somehow we still ended up with this one. We're not sure what happened."
Stats

Julian Assange Could Be Time's 'Person Of The Year', And Is Also Still Not Dead (time.com) 145

Long-time Slashdot reader cstacy noticed Saturday that Julian Assange hadn't made any communications or public appearances in six weeks. But today an anonymous reader writes: Julian Assange is still not dead, reports The Inquisitr, noting "the WikiLeaks founder made his first appearance in weeks, speaking with an interviewer for a conference in Beirut" including comments about the recent death of Fidel Castro.

Assange is also in the running to be chosen as "Person of the Year" in Time magazine's annual online reader's poll, and last Monday even moved briefly into first place, inching past Donald Trump. "It's worth noting that the poll presents people alphabetically," Time reported, "so Assange is the first option participants consider and Trump comes near the end of the poll."

I think the poll's being hacked by state actors, since Vladimir Putin now leads with 38%, followed by Theresa May (16%) and North Korea leader Kim Jong Un (13%), and Donald Trump is locked in a tie for fourth place with India Prime Minister Narendra Modi at 9%. Time worked with Opentopic and IBM's Watson to assemble the initial list for reader's votes, which also included Apple CEO Tim Cook and FBI director James Comey. Surprisingly, a few celebrities also turned up on the list too, including comedian Samantha Bee, Hamilton creator Lin-Manuel Miranda, and Olympic gymnast Simone Biles.
United States

Ransomware Compromises San Francisco's Mass Transit System (cbslocal.com) 141

Buses and light rail cars make San Francisco's "Muni" fleet the seventh largest mass transit system in America. But yesterday its arrival-time screens just displayed the message "You Hacked, ALL Data Encrypted" -- and all the rides were free, according to a local CBS report shared by RAYinNYC: Inside sources say the system has been hacked for days. The San Francisco Municipal Transportation Agency has officially confirmed the hack, but says it has not affected any service... The hack affects employees, as well. According to sources, SFMTA workers are not sure if they will get paid this week. Cyber attackers also hit Muni's email systems.
Though the article claims "The transit agency has no idea who is behind it, or what the hackers are demanding in return," Business Insider reports "The attack seems to be an example of ransomware, where a computer system is taken over and the users are locked out until a certain amount of money is sent to the attacker." In addition, they're reporting the attack "reportedly included an email address where Muni officials could ask for the key to unlock its systems."

One San Francisco local told CBS, "I think it is terrifying. I really do I think if they can start doing this here, we're not safe anywhere."
Government

Will Trump Protect America's IT Workers From H-1B Visa Abuses? (cio.com.au) 400

Monday president-elect Donald Trump sent "the strongest signal yet that the H-1B visa program is going get real scrutiny once he takes office," according to CIO. Slashdot reader OverTheGeicoE summarizes their report: President-elect Donald Trump released a video message outlining his policy plans for his first 100 days in office. At 1 minute, 56 seconds into the message, he states that he will direct the Department of Labor to investigate "all abuses of the visa programs that undercut the American worker." During his presidential campaign, Trump was critical of the H-1B visa program that has been widely criticized for displacing U.S. high-technology workers. "Companies are importing low-wage workers on H-1B visas to take jobs from young college-trained Americans," said Trump at an Ohio rally. At other rallies, Trump invited former IT workers from Disney who had been forced to train their H-1B replacements to speak.
"What he didn't say was that he was going to close the door to skilled immigrants," one tech entrepreneur told CNN Money -- although Trump's selection for attorney general has called the shortage of qualified American tech workers "a hoax".
Government

Lawrence Lessig Calls For The Electoral College to Choose Clinton Over Trump (washingtonpost.com) 1429

Lawrence Lessig's new op-ed in the Washington Post argues against the idea "that the person who lost the popular vote this year must nonetheless become our president." (Paywalled version here, free version here.) Lessig points out that the electoral college results have already been ignored twice in U.S. history -- in 1824 and 1876. The Constitution says nothing about "winner take all." It says nothing to suggest that electors' freedom should be constrained in any way...They were to be citizens exercising judgment, not cogs turning a wheel.
Complaining that the electoral college weights the votes in Wyoming roughly four times as heavily as the votes in Michigan, Lessig argues that the popular vote should be respected, and that the authors of the U.S. Constitution "left the electors free to choose. They should exercise that choice by leaving the election as the people decided it: in Clinton's favor."

Meanwhile, Politico is reporting that six electors, "mostly former Bernie Sanders supporters who hail from Washington state and Colorado," are already urging electors pledged to Clinton and Trump to instead coalesce around "a consensus pick like Mitt Romney or John Kasich." And the ethics lawyers for both President Obama and President Bush both told one liberal site "that if Trump continues to retain ownership over his sprawling business interests by the time the electors meet on December 19, they should reject Trump." Finally, from the original submission:
Even Donald Trump has called the Electoral College a "total sham." Is it time for the Electoral College to reflect the popular vote?

Slashdot Top Deals