Patents

The Supreme Court Is Cracking Down on Patent Trolls (fortune.com) 93

The Supreme Court on Monday limited the ability of patent holders to bring infringement lawsuits in courts that have plaintiff friendly reputations, a notable decision that could provide a boost to companies that defend against patent claims. The high court, in an opinion by Justice Clarence Thomas, ruled unanimously that a lower court has been following an incorrect legal standard for almost 30 years that made it possible for patent holders to sue companies in almost any U.S. jurisdiction. From a report: The justices sided 8-0 (PDF) with beverage flavoring company TC Heartland in its legal battle with food and beverage company Kraft Heinz, ruling that patent infringement suits can be filed only in courts located in the jurisdiction where the targeted company is incorporated. Justice Neil Gorsuch did not participate in the decision. The decision overturned a ruling last year by the U.S. Court of Appeals for the Federal Circuit, a Washington-based patent court, that said patent suits are fair game anywhere a defendant company's products are sold.
Android

Hackers Hit Russian Bank Customers, Planned International Cyber Raids (reuters.com) 17

Russian cyber criminals used malware planted on Android mobile devices to steal from domestic bank customers and were planning to target European lenders before their arrest, investigators and sources with knowledge of the case told Reuters. From the report: Their campaign raised a relatively small sum by cyber-crime standards -- more than 50 million roubles ($892,000) -- but they had also obtained more sophisticated malicious software for a modest monthly fee to go after the clients of banks in France and possibly a range of other western nations. Russia's relationship to cyber crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the U.S. presidency by hacking Democratic Party servers. The Kremlin has repeatedly denied the allegation. The gang members tricked the Russian banks' customers into downloading malware via fake mobile banking applications, as well as via pornography and e-commerce programs, according to a report compiled by cyber security firm Group-IB which investigated the attack with the Russian Interior Ministry.
Debian

Privacy-Focused Debian-Based Tails 3.0 Reaches RC Status (betanews.com) 27

BrianFagioli quotes BetaNews: Today, Tails achieves an important milestone. Version 3.0 reaches RC status -- meaning the first release candidate (RC1). In other words, it may soon be ready for a stable release -- if testing confirms as much. If you want to test it and provide feedback, you can download the ISO now. This is quite the significant upgrade, as the operating system is moving to a new base — Debian 9 "Stretch." The Debian kernel gets upgraded to 4.9.0-3, which is based on Linux kernel 4.9.25. As previously reported back in February, Tails 3.0 will drop 32-bit processor support too.

Using Tor is a huge part of the privacy aspect of Tails, and the tor web browser sees an update to 7.0a4. Tor itself is updated to 0.3.0.7-1. Less important is the move from Icedove to Thunderbird for email. This is really in name only, as Debian has begun using the "Thunderbird" branding again. From a feature perspective, it is inconsequential.

Government

Julian Assange Still Faces Legal Jeopardy In Three Countries (chicagotribune.com) 203

Though Sweden dropped an investigation into rape allegations against Julian Assange, "I can conclude, based on the evidence, that probable cause for this crime still exists," chief prosecutor Marianne Ny told reporters in Stockholm. An anonymous reader quotes Newsweek: Ny stressed in her statement Friday that the investigation could be reopened before the statute of limitations on the case expires in 2020. If Assange "went into British custody, then the Swedes may well revisit their decision ⦠as extradition is suddenly easier", tweeted legal expert David Allen Green. Assange failed to answer a bail hearing when he took refuge in the embassy, resulting in an active warrant for his arrest by London's Metropolitan Police, punishable by up to a year in prison. Foremost of Assange's concerns is possible extradition to the U.S., where he he could be detained on espionage charges... Ecuador has offered Assange asylum should he be able to leave Britain.
Meanwhile, The Chicago Tribune reports that "a federal inquiry is widely assumed to be underway by prosecutors in Virginia." According to a former senior Justice Department official, who requested anonymity to discuss the Assange case, American authorities are now presented with a "cat and mouse game." "The decision on whether to indict him rests largely on whether they can get their hands on him," the former official said. Indicting the head of an organization such as WikiLeaks presents a huge number of First Amendment issues, but the Trump White House has indicated such issues may be less of a hurdle than during previous administrations. Prosecutors could seek a sealed indictment -- or may have one already -- to be unveiled if and when Assange strays within reach of American law enforcement, the former official said.
Open Source

Why The US Government Open Sources Its Code (opensource.com) 55

He's been the White House technology advisor since 2015, and this month Alvand Salehi delivered a keynote address at OSCON about the U.S. government's commitment to open source software. An anonymous reader quotes OpenSource.com: The Federal Source Code Policy, released in August 2016, was the first U.S. government policy to support open source across the government... All new custom source code developed by or for the federal government must be available to all other federal agencies for sharing and reuse; and at least 20% of new government custom-developed code must be released to the public as open source. It also established Code.gov as a platform for access to government-developed open source code and a way for other developers to participate.

Before this policy was released, agencies were spending a lot of money to redevelop software already in use by other government agencies. This initiative is expected to save the government millions of dollars in wasteful and duplicative spending on software development. Because of this, Salehi said, open source is not a partisan issue, and "Code.gov is here to stay." Another benefit: Releasing open source code allows the government to benefit from the brainpower of developers across the country to improve their code.

Code.gov points potential contributors to their code repository on GitHub.
China

Did China Hack The CIA In A Massive Intelligence Breach From 2010 To 2012? (ibtimes.com) 105

schwit1 quotes the International Business Times: Both the CIA and the FBI declined to comment on reports saying the Chinese government killed or imprisoned 18 to 20 CIA sources from 2010 to 2012 and dismantled the agency's spying operations in the country. It is described as one of the worst intelligence breaches in decades, current and former American officials told the New York Times.

Investigators were uncertain whether the breach was a result of a double agent within the CIA who had betrayed the U.S. or whether the Chinese had hacked the communications system used by the agency to be in contact with foreign sources. The Times reported Saturday citing former American officials from the final weeks of 2010 till the end of 2012, the Chinese killed up to 20 CIA sources.

Communications

FCC Won't Release DDoS Logs, And Will Probably Honor Fake Comments (zdnet.com) 79

An anonymous reader quotes ZDNet on the alleged denial of service attack which blocked comments supporting net neutrality. In a ZDNet interview, FCC chief information officer David Bray said that the agency would not release the logs, in part because the logs contain private information, such as IP addresses. In unprinted remarks, he said that the logs amounted to about 1 gigabyte per hour during the alleged attack... The log files showed that non-human [and cloud-based] bots submitted a flood of comments using the FCC's API. The bot that submitted these comments sparked the massive uptick in internet traffic on the FCC by using the public API as a vehicle...

Bray's comments further corroborate a ZDNet report (and others) that showed unknown anti-net neutrality spammers were behind the posting of hundreds of thousands of the same messages to the FCC's website using people's names and addresses without their consent -- a so-called "astroturfing" technique -- in an apparent attempt to influence the results of a public solicitation for feedback on net neutrality. Speaking to reporters last week, FCC chairman Ajit Pai hinted that the agency would likely honor those astroturfed comments, nonetheless.

Transportation

Texas Legislature Clears Road For Uber and Lyft To Return To Austin (austinmonitor.com) 100

schwit1 shared this article from the Austin Monitor: The Texas Legislature has cleared the road for Uber and Lyft to return to Austin on their own terms. On Wednesday, the state Senate overwhelmingly approved House Bill 100 on second and third readings, sending the statewide ride-hailing regulations to Governor Greg Abbott's desk for his signature. If Abbott signs it, as he is expected to do, the new law will preempt regulations City Council passed in December 2015 that both Uber and Lyft deemed too restrictive on transportation network companies such as themselves.
The new rules still require criminal background checks, but drop the requirement for fingerprinting. "We find it unfortunate that the 36 lobbyists deployed by the Silicon Valley giants were effective in convincing the State Legislature that there was a need to overrule the Austin voters," said a local ride-sharing company, which vowed to continue operating -- and to at least continue fingerprinting their own drivers. Houston's mayor complained the new statewide rules handed down are "another example of the legislature circumventing local control to allow corporations to profit at the expense of public safety."
Movies

Movie Piracy Blackmail Plot Fails In India, Six Arrested (torrentfreak.com) 44

An anonymous reader quote's TorrentFreak's report about "a plot against Baahubali 2: The Conclusion, a record-breaking movie taking India by storm." Someone posing as a "film anti-piracy activist" told the company that a pirated copy of the movie had been obtained and if a ransom wasn't paid, a leak onto the Internet would be inevitable... Following the call Arka Mediaworks immediately involved the police, who advised the company to engage the 'kidnappers' in dialog to obtain proof that they had the movie in question. That was delivered in the form of a high-definition sample of the movie, a move that was to mark the beginning of the end for those attempting to extort Arka Mediaworks. It's unclear whether those who sent the sample were aware, but the movie was forensically or otherwise marked, something which allowed police and investigators to track the copy back to a specific theater... shortly after the owner of the theater was arrested by police. This was followed by the arrest of the person who allegedly called Arka Mediaworks with the ransom demand. From there, police were led to other co-conspirators. In total, six arrests were made, with two of the men already known to police.
TorrentFreak calls the ransoming of movies "a worrying trend in 2017" that's "damaging the image of piracy further, if that was even possible."
Government

Indian Election Officials Challenges Critics To Hack Electronic Voting Machine (thehindu.com) 50

Slashdot reader erodep writes: Following the recent elections in India, there have been multiple allegations of electoral fraud by hacking of Electronic Voting Machines... Two weeks ago, a party even "demonstrated" that these machines can be hacked. The Election Commission of India has rubbished these claims and they have thrown an open challenge, starting June 3rd to hack these EVMs using WiFi, Bluetooth or any internet device. This is a plea to the hackers of Slashdot to help secure the future of the largest democracy on the planet.
Each party can nominate three experts -- though India's Aam Aaadmi Party is already complaining that there's too many terms and conditions. And party leader Sanjay Singh has said he also wants paper ballots for all future elections, arguing "All foreign countries like America, Japan, Germany and Britain have gone back to ballot paper."
Networking

Netgear Adds Support For "Collecting Analytics Data" To Popular R7000 Router 105

An anonymous reader writes: Netgear's latest firmware update for the R7000 includes new support for collecting analytics data. The update release notes include this caution:

NOTE:It is strongly recommended that after the firmware is updated to this version, log back in to the router s web GUI and configure the settings for this feature.

An article on Netgear's KB states updated last week that Netgear collects information including IP addresses, MAC, certain WiFi information, and information about connected devices.

Security

New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two (bleepingcomputer.com) 111

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload.

EternalRocks is far more complex than WannaCry's SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received.

Last but not least, the worm does not have a killswitch domain, which means the worm can't be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm's owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo.

Ars Technica quotes security researchers who say "there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April... These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch."
EU

EU Passes 'Content Portability' Rules Banning Geofencing (torrentfreak.com) 119

Long-time Slashdot reader AmiMoJo writes: The European Parliament has passed draft rules mandating 'content portability', i.e. the ability to take your purchased content and services across borders within the EU. Freedom of movement rules, which allow EU citizens to live and work anywhere in the EU, require that the individual is able to take their life with them -- family, property, and services. Under the new rules, someone who pays for Netflix or BBC iPlayer and then moves to another EU country will retain access to those services and the same content they had previously. Separately, rules to prevent geofencing of content within the EU entirely are also moving forward.
United States

Is Russia Conducting A Social Media War On America? (time.com) 449

An anonymous reader writes: Time magazine ran a cover story about "a dangerous new route for antidemocratic forces" -- social media. "Using these technologies, it is possible to undermine democratic government, and it's becoming easier every day," says Rand Waltzman of the Rand Corp., who ran a major Pentagon research program to understand the propaganda threats posed by social media technology." The article cites current and former FBI and CIA officials who now believe Russia's phishing emails against politicians were "just the most visible battle in an ongoing information war against global democracy." They cite, for example, a March report by U.S. counterintelligence which found "Russians had sent expertly tailored messages carrying malware to more than 10,000 Twitter users in the Defense Department." Each message contained links tailored to the interests of the recipient, but "When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow's hackers to take control of the victim's phone or computer -- and Twitter account...

"In 2016, Russia had used thousands of covert human agents and robot computer programs to spread disinformation referencing the stolen campaign emails of Hillary Clinton, amplifying their effect. Now counterintelligence officials wondered: What chaos could Moscow unleash with thousands of Twitter handles that spoke in real time with the authority of the armed forces of the United States?" The article also notes how algorithms now can identify hot-button issues and people susceptible to suggestion, so "Propagandists can then manually craft messages to influence them, deploying covert provocateurs, either humans or automated computer programs known as bots, in hopes of altering their behavior. That is what Moscow is doing, more than a dozen senior intelligence officials and others investigating Russia's influence operations tell Time."

The article describes a Russian soldier in the Ukraine pretending to be a 42-year-old American housewife. Meanwhile, this week Time's cover shows America's White House halfway-covered with Kremlin-esque spires -- drawing a complaint from the humorists at Mad magazine, who say Time copied the cover of Mad's December issue.
United States

Aftermath From The Net Neutrality Vote: A Mass Movement To Protect The Open Internet? (mashable.com) 126

After Thursday's net neutrality vote, two security guards pinned a reporter against a wall until FCC Commissioner Michael O'Rielly had left the room, the Los Angeles Times reports. The Writers Guild of America calls the FCC's 2-to-1 vote to initiate a repeal of net neutrality rules a "war on the open internet," according to The Guardian. But the newspaper now predicts that online activists will continue their massive campaign "as the month's long process of reviewing the rules begins." The Hill points out that Mozilla is already hiring a high-profile tech lobbyist to press for both cybersecurity and an open internet, and in a blog post earlier this week the Mozilla Foundation's executive director sees a larger movement emerging from the engagement of millions of internet users. Today's support for net neutrality isn't the start of the Internet health movement. People have been standing up for an open web since its inception -- by advocating for browser choice, for open source practices, for mass surveillance reform. But net neutrality is an opportunity to propel this movement into the mainstream... If we make Internet health a mainstream issue, we can cement the web as a public resource. If we don't, mass surveillance, exclusion and insecurity can creep into every aspect of society. Hospitals held hostage by rogue hackers can become the status quo.
Meanwhile, The Guardian reports that it's not till the end of the FCC's review process that "a final FCC vote will decide the future of internet regulation," adding that however they vote, "court challenges are inevitable."

Slashdot Top Deals