Leap Towards a Career in Ethical Hacking with 60+ Hours of Prep Toward CISM, CISA, & More Certification Exams at 95% off ×
Government

Eric Holder Says Snowden Performed 'Public Service' (cnn.com) 42

An anonymous reader writes from a report via CNN: Former U.S. Attorney General Eric Holder says Edward Snowden performed a "public service" by triggering a debate over surveillance techniques, but still must pay a penalty for illegally leaking a trove of classified intelligence documents. "We can certainly argue about the way in which Snowden did what he did, but I think that he actually performed a public service by raising the debate that we engaged in and by the changes that we made," Holder told David Axelrod on "The Axe Files," a podcast produced by CNN and the University of Chicago Institute of Politics. "Now I would say that doing what he did -- and the way he did it -- was inappropriate and illegal," Holder added. "I think that he's got to make a decision. He's broken the law in my view. He needs to get lawyers, come on back, and decide, see what he wants to do: Go to trial, try to cut a deal. I think there has to be a consequence for what he has done." "But," Holder emphasized, "I think in deciding what an appropriate sentence should be, I think a judge could take into account the usefulness of having had that national debate." You can listen to the podcast with Eric Holder here.
Android

Op-ed: Oracle Attorney Says Google's Court Victory Might Kill the GPL (arstechnica.com) 337

Annette Hurst, an attorney at Orrick, Herrington & Sutcliffe who represented Oracle in the recent Oracle v. Google trial, has written an opinion piece for Ars Technica in which she urges developers and creators to not celebrate Google's win in the hard-fought copyright case as the decision -- if remains intact -- is poised to make them "suffer" everywhere and also the free software movement itself "now faces substantial jeopardy." As you're aware, in a verdict earlier this week, a federal court announced that Google's Android operating system didn't infringe on Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." Hurst writes: No business trying to commercialize software with any element of open software can afford to ignore this verdict. Dual licensing models are very common and have long depended upon a delicate balance between free use and commercial use. Royalties from licensed commercial exploitation fuel continued development and innovation of an open and free option. The balance depends upon adherence to the license restrictions in the open and free option. This jury's verdict suggests that such restrictions are now meaningless, since disregarding them is simply a matter of claiming "fair use." It is hard to see how GPL can survive such a result. In fact, it is hard to see how ownership of a copy of any software protected by copyright can survive this result. Software businesses now must accelerate their move to the cloud where everything can be controlled as a service rather than software. Consumers can expect to find decreasing options to own anything for themselves, decreasing options to control their data, decreasing options to protect their privacy.
Facebook

Is Facebook Sabotaging A Face-Recognition Law? (fortune.com) 50

"You know something's up when politicians bring up a bill out of nowhere, and then try to ram it through over Memorial Day weekend," writes Fortune. "That's what's happening in Illinois, where state lawmakers -- allegedly at the behest of Facebook and Google -- are poised to gut a law that limits the use of facial recognition technology." An anonymous reader writes: Earlier this month a judge refused to throw out a class action complaint against Facebook for using facial recognition software to identify people without their permission and then inviting their friends to "tag" them. Now that suit's lawyer says a so-called "Biometric Information Privacy Act" will actually swap in new definitions for "photograph" and "scan" that will apparently shield Facebook and Google from liability.
The Center for Democracy and Technology called the bill "an unnecessary loss of privacy." Google didn't respond to Fortune's request for a comment, and Facebook said only "We appreciate Senator Link's effort to clarify the scope of the law he authored."
Privacy

Controversial Surveillance Firm Blue Coat Was Granted a Powerful Encryption Certificate (vice.com) 113

Joseph Cox, reporting for Motherboard (edited for clarity): A controversial surveillance company called Blue Coat Systems -- whose products have been detected in Iran and Sudan -- was recently issued a powerful encryption certificate by Symantec. The certificate, and the authority that comes with it, could allow Blue Coat Systems to more easily snoop on encrypted traffic. But Symantec downplayed concern from the security community. Blue Coat, which sells web-monitoring software, was granted the power in September last year, but it was only widely noticed this week. The company's devices are used by both government and commercial customers for keeping tabs on networks or conducting surveillance. In Syria, the technology has been used to censor web sites and monitor the communications of dissidents, activists and journalists.Blue Coat assures that it is not going to utilize the certificates to snoop on us. The Register reports: We asked Blue Coat how it planned to use its new powers -- and we were assured that its intermediate certificate was only used for internal testing and that the certificate is no longer in use. "Symantec has reviewed the intermediate CA issued to Blue Coat and determined it was used appropriately," the two firms said in a statement. "Consistent with their protocols, Symantec maintained full control of the private key and Blue Coat never had access to it. Blue Coat has confirmed it was used for internal testing and has since been discontinued. Therefore, rumors of misuse are unfounded."
Facebook

Facebook Begins Tracking Non-Users Around the Internet (theverge.com) 124

Amar Toor, reporting for The Verge: Facebook will now display ads to web users who are not members of its social network, the company announced Thursday, in a bid to significantly expand its online ad network. As The Wall Street Journal reports, Facebook will use cookies, "like" buttons, and other plug-ins embedded on third-party sites to track members and non-members alike (Editor's note: link swapped with a non-paywall source). The company says it will be able to better target non-Facebook users and serve relevant ads to them, though its practices have come under criticism from regulators in Europe over privacy concerns. Facebook began displaying a banner notification at the top of its News Feed for users in Europe today, alerting them to its use of cookies as mandated under an EU directive.Mark Wilson of BetaNews adds that Facebook has outlined these changes in its cookies policy page. As part of which, the company is now allowing Facebook users to opt-out of the ad scheme by making changes to their Facebook settings. For users that don't have a Facebook account, they can opt-out through Digital Advertising Alliance in the United States and Canada, and the European Interactive Digital Adverting Alliance in Europe.
Government

Secret Text In Senate Bill Would Give FBI Warrantless Access To Email Records (theintercept.com) 157

mi quotes a report from The Intercept: A provision snuck into the still-secret text of the Senate's annual intelligence authorization would give the FBI the ability to demand individuals' email data and possibly web-surfing history from their service providers using those beloved 'National Security Letters' -- without a warrant and in complete secrecy. [The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of the bill's provisions "would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers." If passed, the change would expand the reach of the FBI's already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs -- most commonly, information about the name, address, and call data associated with a phone number or details about a bank account. The FBI's power to issue NSLs is actually derived from the Electronic Communications Privacy Act -- a 1986 law that Congress is currently working to update to incorporate more protections for electronic communications -- not fewer. The House unanimously passed the Email Privacy Act in late April, while the Senate is due to vote on its version this week. "NSLs have a sordid history. They've been abused in a number of ways, including targeting of journalists and use to collect an essentially unbounded amount of information," Andrew Crocker, staff attorney for the Electronic Frontier Foundation, wrote. One thing that makes them particularly easy to abuse is that recipients of NSLs are subject to a gag order that forbids them from revealing the letters' existence to anyone, much less the public.]
Advertising

Smartphone Surveillance Tech Used To Target Anti-Abortion Ads At Pregnant Women (rewire.news) 253

VoiceOfDoom writes: Rewire reports: "Last year, an enterprising advertising executive based in Boston, Massachusetts, had an idea: Instead of using his sophisticated mobile surveillance techniques to figure out which consumers might be interested in buying shoes, cars, or any of the other products typically advertised online, what if he used the same technology to figure out which women were potentially contemplating abortion, and send them ads on behalf of anti-choice organizations?"

Regardless of one's personal stance on the pro-choice/anti-abortion debate, the unfettered use of tracking and ad-targeting technology which makes this kind of application possible is surely a cause for concern. In Europe, Canada and many other parts of the world, the use of a person's data in this way would be illegal thanks to strict privacy laws. Is it time for the U.S. to consider a similar approach to protect its citizens?
Google has been reportedly tracking users on around 80 percent of all 'Top 1 Million' domains. Facebook is doing something similar. A recent report shows that Facebook uses smartphone microphones to identify the things users are listening to or watching based on the music and TV shows its able to identify. Facebook says the feature must be turned on, and that "it's only active when you're writing a status update."
Privacy

Millennials Value Speed Over Security, Says Survey (dailydot.com) 141

An anonymous reader quotes a report from The Daily Dot: Millennials stand apart from other Americans in preferring faster Internet access to safer Internet access, according to a new survey. When digital-authentication firm SecureAuth asked people from all age groups whether they would rather be safer online or browse faster online, 57 percent of Americans chose security and 43 percent chose speed. But among millennials, the results were almost reversed: 54 percent chose speed over security. Young people are also more willing than the overall population to share sensitive information over public Wi-Fi connections, which are notoriously insecure as they allow anyone on the network to analyze and intercept passing traffic. While a clear majority (57 percent) of Americans told SecureAuth that they transmitted such information over public Wi-Fi, nearly eight in 10 (78 percent) of millennials said they did so. A surprising 44 percent of millennials believe their data is generally safe from hackers, and millennials are more likely than members of other age groups to share account passwords with friends. Americans overall are paying more attention to some aspects of digital security. An October 2015 study by the wireless industry's trade group found that 61 percent of Americans use passwords on their smartphones and 58 percent use them on their tablets, compared to 50 percent and 48 percent, respectively, in 2012. The recent study lines up with a report published on May 24 that found that the elderly use more secure passwords than millennials.
Privacy

Consumer Campaigners Read T&C Of Their Mobile Phone Apps To Prove a Point (bbc.com) 85

From a BBC report: Norwegians have spent more than 30 hours reading out terms and conditions from smartphone apps in a campaign by the country's consumer agency. The average Norwegian has 33 apps, the Norwegian Consumer Council says, whose terms and conditions together run longer than the New Testament. To prove the "absurd" length, the council got Norwegians to read each of them out in real time on their website. The reading finished on Wednesday, clocking in at 31:49:11. Some of the world's most popular apps were chosen, including Netflix, YouTube, Facebook, Skype, Instagram and Angry Birds. Finn Myrstad from the Norwegian Consumer Council, said: "The current state of terms and conditions for digital services is bordering on the absurd."
Privacy

Virtual Assistants Such As Amazon's Echo Break US Child Privacy Law, Experts Say (theguardian.com) 67

Mark Harris, reporting for The Guardian: An investigation by the Guardian has found that despite Amazon marketing the Echo to families with young children, the device is likely to contravene the US Children's Online Privacy Protection Act (COPPA), set up to regulate the collection and use of personal information from anyone younger than 13. Along with Google, Apple and others promoting voice-activated artificial intelligence systems to young children, the company could now face multimillion-dollar fines. "This is part of the initial wave of marketing to children using the internet of things," says Jeff Chester, executive director of the Center for Digital Democracy, a privacy advocacy group that helped write the law. "It is exactly why the law was enacted in the first place, to protect young people from pervasive data collection."
Open Source

CentOS Linux 6.8 Released (softpedia.com) 91

An anonymous reader writes: CentOS team is pleased to announce the immediate availability of CentOS Linux 6.8 and install media for i386 and x86_64 Architectures. Release Notes for 6.8 are available here. Softpedia writes: "CentOS Linux 6.8 arrives today with major changes, among which we can mention the latest Linux 2.6.32 kernel release from upstream with support for storing up to 300TB of data on XFS filesystems. The VPN endpoint solution implemented in the NetworkManager network connection manager utility is now provided on the libreswan library instead of the Openswan IPsec implementation used in previous release of the OS, and it looks like the SSLv2 protocol has been disabled by default for the SSSD (System Security Services Daemon), which also comes with support for smart cards now." In addition, the new release comes with updated applications, including the LibreOffice 4.3.7 office suite and Squid 3.4 caching and forwarding web proxy, many of which are supporting the Transport Layer Security (TLS) 1.2 protocol, including Git, YUM, Postfix, OpenLDAP, stunnel, and vsftpd. The dmidecode open-source tool now supports SMBIOS 3.0.0, you can now pull kickstart files from HTTPS (Secure HTTP) sources, the NTDp (Network Time Protocol daemon) package has an alternative solution as chrony, SSLv3 has been disabled by default, and there's improved support for Hyper-V.
Facebook

Facebook Could Be Eavesdropping On Your Phone Calls (news10.com) 164

An anonymous reader writes: Facebook is not just looking at user's personal information, interests, and online habits but also to your private conversations, revealed a new report. According to NBC report, this may be the case as Kelli Burns, a professor at University of South Florida states, "I don't think that people realize how much Facebook is tracking every move we're making online. Anything that you're doing on your phone, Facebook is watching." the professor said. Now how do you prove that? Professor Kelli tested out her theory by enabling the microphone feature, and talked about her desire to go on a safari, informing about the mode of transport she would take. "I'm really interested in going on an African safari. I think it'd be wonderful to ride in one of those jeeps," she said aloud, phone in hand. The results were shocking, as less than 60 seconds later, the first post on her Facebook feed was about a safari story out of nowhere, which was then revealed that the story had been posted three hours earlier. And, after mentioning a jeep, a car ad also appeared on her page. On a support page, Facebook explains how this feature works: "No, we don't record your conversations. If you choose to turn on this feature, we'll only use your microphone to identify the things you're listening to or watching based on the music and TV matches we're able to identify. If this feature is turned on, it's only active when you're writing a status update." I wonder how many people are actually aware of this.
Government

TSA Replaces Security Chief As Tension Grows At Airports 266

HughPickens.com writes: Ron Nixon reports at the NYT that facing a backlash over long security lines and management problems, TSA administrator Peter V. Neffenger has shaken up his leadership team, replacing the agency's top security official Kelly Hoggan (Warning: source may be paywalled) and adding a new group of administrators at Chicago O'Hare International Airport. Beginning late that year, Hoggan received $90,000 in bonuses over a 13-month period, even though a leaked report from the Department of Homeland Security showed that auditors were able to get fake weapons and explosives past security screeners 95 percent of the time in 70 covert tests. Hoggan's bonus was paid out in $10,000 increments, an arrangement that members of Congress have said was intended to disguise the payments. During a hearing of the House Oversight Committee two weeks ago, lawmakers grilled Mr. Neffenger about the bonus, which was issued before he joined the agency in July. Last week and over the weekend, hundreds of passengers, including 450 on American Airlines alone, missed flights because of waits of two or three hours in security lines, according to local news reports. Many of the passengers had to spend the night in the terminal sleeping on cots. The TSA has sent 58 additional security officers and four more bomb-sniffing dog teams to O'Hare. Several current and former TSA employees said the moves to replace Hoggan and add the new officials in Chicago, where passengers have endured hours long waits at security checkpoints, were insufficient. "The timing of this decision is too late to make a real difference for the summer," says Andrew Rhoades, an assistant federal security director at Minneapolis-St. Paul International Airport who testified his supervisor accused him of "going native" after attending a meeting at a local mosque and that TSA's alleged practice of "directed reassignments," or unwanted job transfers were intended to punish employees who speak their minds. "Neffenger is only doing this because the media and Congress are making him look bad."
Java

Pastejacking Attack Appends Malicious Terminal Commands To Your Clipboard (softpedia.com) 89

An anonymous reader writes: "It has been possible for a long time for developers to use CSS to append malicious content to the clipboard without a user noticing and thus fool them into executing unwanted terminal commands," writes Softpedia. "This type of attack is known as clipboard hijacking, and in most scenarios, is useless, except when the user copies something inside their terminal." Security researcher Dylan Ayrey published a new version of this attack last week, which uses only JavaScript as the attack medium, giving the attack more versatility and making it now easier to carry out. The attack is called Pastejacking and it uses Javascript to theoretically allow attackers to add their malicious code to the entire page to run commands behind a user's back when they paste anything inside the console. "The attack can be deadly if combined with tech support or phishing emails," writes Softpedia. "Users might think they're copying innocent text into their console, but in fact, they're running the crook's exploit for them."
Security

Elderly Use More Secure Passwords Than Millennials, Says Report (qz.com) 153

An anonymous reader writes from a report via Quartz: A report released May 24 by Gigya surveyed 4,000 adults in the U.S. and U.K. and found that 18- to 34-year-olds are more likely to use bad passwords and report their online accounts being compromised. The majority of respondents ages 51 to 69 say they completely steer away from easily cracked passwords like "password," "1234," or birthdays, while two-thirds of those in the 18-to-34 age bracket were caught using those kind of terms. Quartz writes, "The diligence of the older group could help explain why 82% of respondents in this age range did not report having had any of their online accounts compromised in the past year. In contrast, 35% of respondents between 18 and 34 said at least one of their accounts was hacked within the last 12 months, twice the rate of those aged 51 to 69."
The Internet

Hacker Phineas Fisher is Trying To Start a 'Hack Back' Political Movement (vice.com) 123

An anonymous reader writes: The hacker who breached Hacking Team and FinFisher is trying to get more people to "hack back" and fight "the system." For some, thanks to his targeted attacks and sophisticated political views, Phineas Fisher is quickly becoming the most influential hacktivist of the last few years. In response to his most recent hack where he released a 39-minute how-to video showing how to strip data from targeted websites, specifically a website of the Catalan police union, Phineas Fisher told Motherboard, "Everything doesn't have to be big. I wanted to strike a small blow at the system, teach a bit of hacking with the video, and inspire people to take action." Biella Coleman, professor at McGill University in Montreal, believes Phineas Fisher has a good chance of inspiring a new generation of hacktivists and "setting the stage for other hackers to follow in his footsteps." She says he has been better at choosing targets and justifying his actions with more rounded and sophisticated political and ethical views than Anonymous and LulzSec-inspired hackers. Phineas Fisher told Motherboard, "I don't want to be the lone hacker fighting the system. I want to inspire others to take similar action, and try to provide the information so they can learn how."
Government

FBI Wants Biometric Database Hidden From Privacy Act (onthewire.io) 81

Trailrunner7 quotes a report from onthewire.io: The FBI is working to keep information contained in a key biometric database private and unavailable, even to people whose information is contained in the records. The database is known as the Next Generation Identification System (NGIS), and it is an amalgamation of biometric records accumulated from people who have been through one of a number of biometric collection processes. That could include convicted criminals, anyone who has submitted records to employers, and many other people. The NGIS also has information from agencies outside of the FBI, including foreign law enforcement agencies and governments. Because of the nature of the records, the FBI is asking the federal government to exempt the database from the Privacy Act, making the records inaccessible through information requests. From the report: "The bureau says in a proposal to exempt the database from disclosure that the NGIS should be exempt from the Privacy Act for a number of reasons, including the possibility that providing access 'could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another's personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.'" RT released a similar report on the matter.
AI

Avoiding BlackBerry's Fate: How Apple Could End Up In a Similar Position (marco.org) 214

It's almost unbelievable today that BlackBerry ruled the smartphone market once. The Canadian company's handset, however, started to lose relevance when Apple launched the iPhone in 2007. At the time, BlackBerry said that nobody would purchase an iPhone, as there's a battery trade-off. Wittingly or not, Apple could end up in a similar position to BlackBerry, argues Marco Arment. Arment -- who is best known for his Apple commentary, Overcast and Instapaper apps, and co-founding Tumblr -- says that Apple's strong stand on privacy is keeping it from being the frontrunner in the advanced AI, a category which has seen large investments from Google, Apple, Facebook, and Amazon in the recent years. He adds that privacy cannot be an excuse, as Apple could utilize public data like the web, mapping databases, and business directories. He writes: Today, Amazon, Facebook, and Google are placing large bets on advanced AI, ubiquitous assistants, and voice interfaces, hoping that these will become the next thing that our devices are for. If they're right -- and that's a big "if" -- I'm worried for Apple. Today, Apple's being led properly day-to-day and doing very well overall. But if the landscape shifts to prioritise those big-data AI services, Apple will find itself in a similar position as BlackBerry did almost a decade ago: what they're able to do, despite being very good at it, won't be enough anymore, and they won't be able to catch up. Where Apple suffers is big-data services and AI, such as search, relevance, classification, and complex natural-language queries. Apple can do rudimentary versions of all of those, but their competitors -- again, especially Google -- are far ahead of them, and the gap is only widening. And Apple is showing worryingly few signs of meaningful improvement or investment in these areas. Apple's apparent inaction shows that they're content with their services' quality, management, performance, advancement, and talent acquisition and retention. One company that is missing from Mr. Arment's column is Microsoft. The Cortana-maker has also placed large bets on AI. According to job postings on its portal, it appears, for instance, that Microsoft is also working on Google Home-like service.
Crime

Real-Life RoboCop Guards Shopping Centers In California (metro.co.uk) 100

An anonymous reader quotes a report from Metro: While machines from the likes of RoboCop and Chappie might just be the reserve of films for now, this new type of robot is already fighting crime. This particular example can be found guarding a shopping center in California but there are other machines in operation all over the state. Equipped with self-navigation, infra-red cameras and microphones that can detect breaking glass, the robots, designed by Knightscope, are intended to support security services. Stacy Dean Stephens, who came up with the idea, told The Guardian the problem that needed solving was one of intelligence. "And the only way to gain accurate intelligence is through eyes and ears," he said. "So, we started looking at different ways to deploy eyes and ears into situations like that." The robot costs about $7 an hour to rent and was inspired by the Sandy Hook school shooting after which it was claimed 12 lives could have been saved if officers arrived a minute earlier.
Privacy

Uber Knows Exactly When You'll Pay Surge Pricing (yahoo.com) 210

An anonymous reader writes: Uber has figured out exactly when you are more likely to pay double or triple the cost of your ride: when your phone battery is low. Uber's head of economic research, Keith Chen, recently told NPR on an episode of The Hidden Brain podcast that people are willing to accept up to 9.9 times surge pricing if their phones are about to go dead. Data about user batteries is collected because the app uses that information to know when to switch into low-power mode. The idea being: If you really need to get where you're going, you'll pay just about anything (or at least 9.9 times anything) to ensure you're getting a ride home and won't be stranded. A person with a more fully charged device has time to wait and see if the surge pricing goes down.The company insists that it won't use this information against you.

Slashdot Top Deals