Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Iphone

Suspect Required To Unlock iPhone Using Touch ID in Second Federal Case (9to5mac.com) 120

An anonymous reader shares a report on 9to5Mac: A second federal judge has ruled that a suspect can be compelled to unlock their iPhone using their fingerprint in order to give investigators access to data which can be used as evidence against them. The first time this ever happened in a federal case was back in May, following a District Court ruling in 2014. The legal position of forcing suspects to use their fingerprints to unlock devices won't be known with certainty until a case reaches the U.S. Supreme Court, but lower court rulings so far appear to establish a precedent which is at odds with that concerning passcodes. Most constitutional experts appear to believe that the Fifth Amendment prevents a suspect from being compelled to reveal a password or passcode, as this would amount to forced self-incrimination -- though even this isn't certain. Fingerprints, in contrast, have traditionally been viewed as 'real or physical evidence,' meaning that police are entitled to take them without permission.Ars Technica has more details.
China

China Bans Internet News Reporting As Media Crackdown Widens (bloomberg.com) 37

Earlier this month we learned that China had banned the use of social media as a news source. The local government feared that if news outlets were to report using signals coming from social media, there was a chance that fake, non-credible, and rumors would slip through the filter. It was absurd, to say the least, considering the government itself has been reportedly caught of posting a copious amount of misleading information on domestic social media platforms. In the latest wrinkle to the whole situation, the world's largest nation is now banning internet news reporting. Long time reader schwit1 shares a Bloomberg report on the same: China's top internet regulator ordered major online companies including Sina Corp. and Tencent Holdings Ltd. to stop original news reporting, the latest effort by the government to tighten its grip over the country's web and information industries. The Cyberspace Administration of China imposed the ban on several major news portals, including Sohu.com Inc. and NetEase Inc., Chinese media reported in identically worded articles citing an unidentified official from the agency's Beijing office. The companies have "seriously violated" internet regulations by carrying plenty of news content obtained through original reporting, causing "huge negative effects," according to a report that appeared in The Paper on Sunday. The agency instructed the operators of mobile and online news services to dismantle "current-affairs news" operations on Friday, after earlier calling a halt to such activity at Tencent, according to people familiar with the situation. Like its peers, Asia's largest internet company had developed a news operation and grown its team. Henceforth, they and other services can only carry reports provided by government-controlled print or online media, the people said, asking not to be identified because the issue is politically sensitive.
Microsoft

Microsoft Can't Shield User Data From Government, Says Government (bloomberg.com) 126

Microsoft is now arguing in court that their customers have a right to know when the government is reading their e-mail. But "The U.S. said federal law allows it to obtain electronic communications without a warrant or without disclosure of a specific warrant if it would endanger an individual or an investigation," according to Bloomberg. An anonymous reader quotes their report: The software giant's lawsuit alleging that customers have a constitutional right to know if the government has searched or seized their property should be thrown out, the government said in a court filing... The U.S. says there's no legal basis for the government to be required to tell Microsoft customers when it intercepts their e-mail... The Justice Department's reply Friday underscores the government's willingness to fight back against tech companies it sees obstructing national security and law enforcement investigations...

Secrecy orders on government warrants for access to private e-mail accounts generally prohibit Microsoft from telling customers about the requests for lengthy or even unlimited periods, the company said when it sued. At the time, federal courts had issued almost 2,600 secrecy orders to Microsoft alone, and more than two-thirds had no fixed end date, cases the company can never tell customers about, even after an investigation is completed.

United States

New Illinois Law Limits Police Use Of Cellphone-Tracking Stingray (go.com) 31

An anonymous Slashdot reader quotes a report from ABC News: A new Illinois law limits how police can use devices that cast a wide net in gathering cellphone data... [Stingray] gathers phone-usage data on targets of criminal investigations, but it also gathers data on other cellphones -- hundreds or even thousands of them -- in the area. The new law requires police to delete the phone information of anyone who wasn't an investigation target within 24 hours. It also prohibits police from accessing data for use in an investigation not authorized by a judge.

A dozen other states have adopted such regulations, and Congress is considering legislation that would strengthen federal guidelines already in place... Privacy advocates worry that without limits on how much data can be gathered or how long it can be stored, law enforcement could use the technology to build databases that track the behavior and movement of people who are not part of criminal investigations.

Earlier this month a U.S. judge threw out evidence gathered with Stingray for the first time, saying that without a search warrant, "the government may not turn a citizen's cell phone into a tracking device." The ACLU has identified 66 agencies in 24 states using Stingray technology, "but because many agencies continue to shroud their purchase and use of stingrays in secrecy, this map dramatically underrepresents the actual use of stingrays by law enforcement agencies nationwide."
Privacy

Glassdoor Exposes 600,000 Email Addresses (siliconbeat.com) 88

A web site where users anonymously review their employer has exposed the e-mail addresses -- and in some cases the names -- of hundreds of thousands of users. An anonymous reader quotes an article from Silicon Beat: On Friday, the company sent out an email announcing that it had changed its terms of service. Instead of blindly copying email recipients on the message, the company pasted their addresses in the clear. Each message recipient was able to see the email addresses of 999 other Glassdoor users...

Ultimately, the messages exposed the addresses of more than 2 percent of the company's users... Last month, the company said it had some 30 million monthly active users, meaning that more than 600,000 were affected by the exposure... Although the company didnâ(TM)t directly disclose the names of its users, many of their names could be intuited from their email addresses. Some appeared to be in the format of "first name.last name" or "first initial plus last name."

A Glassdoor spokesperson said "We are extremely sorry for this error. We take the privacy of our users very seriously and we know this is not what is expected of us. It certainly isn't how we intend to operate."
Democrats

Clinton Campaign: Russia Leaked Emails to Help Trump (washingtonpost.com) 568

An anonymous Slashdot reader quotes the Washington Post: A top official with Hillary Clinton's campaign on Sunday accused the Russian government of orchestrating the release of damaging Democratic Party records in order to help the campaign of Republican Donald Trump -- and some cyber security experts in the U.S. and overseas agree. The extraordinary charge came as some national security officials have been growing increasingly concerned about possible efforts by Russia to meddle in the election, according to several individuals familiar with the situation.

Late last week, hours before the records were released by the website Wikileaks, the White House convened a high-level security meeting to discuss reports that Russia had hacked into systems at the Democratic National Committee... Officials from various intelligence and defense agencies, including the National Security Council, the Department of Defense, the FBI and the Department of Homeland Security, attended the White House meeting Thursday, on the eve of the email release.

Clinton's campaign manager told ABC News "some experts are now telling us that this was done by the Russians for the purpose of helping Donald Trump." Donald Trump's son later responded, "They'll say anything to be able to win this."
United Kingdom

Yahoo Ordered to Show How It Recovered 'Deleted' Emails (pcmag.com) 73

An anonymous reader quotes a report from PC Magazine: Just what kind of email retentions powers does Yahoo have? According to a policy guide from the company, Yahoo cannot recover emails that have been deleted from a user's account -- simple as that. If the email is in a user's account, it's fair game, and Yahoo can even give law enforcement the IP address of whatever computer is being used to send said email.

Or, at least, that's what Yahoo has said. A magistrate judge from the Northern District of California has ordered Yahoo to produce documents, as well as a witness for deposition, related to the company's ability to recover seemingly deleted emails in a UK drug case... a UK defendant was convicted -- and is currently serving an extra 20-year prison sentence -- as part of a conspiracy to import drugs into the United Kingdom. He's currently appealing the conviction, in part because the means by which Yahoo recovered the emails in question allegedly violate British law.

The drug smugglers apparently communicated by creating a draft of an email, which was then available to others who logged into that same account.
EU

EU To Give Free Security Audits To Apache HTTP Server and Keepass (softpedia.com) 65

An anonymous reader writes: The European Commission announced on Wednesday that its IT engineers would provide a free security audit for the Apache HTTP Server and KeePass projects. The two projects were selected following a public survey that included several open-source projects deemed important for both the EU agencies and the wide public.

The actual security audit will be carried out by employees of the IT departments at the European Commission and the European Parliament. This is only a test pilot program that's funded until the end of the year, but the EU said it would be looking for funding to continue it past its expiration date in December 2016.

Government

Homeland Security Border Agents Can Seize Your Phone (cnn.com) 288

Slashdot reader v3rgEz writes: A Wall Street Journal reporter has shared her experienced of having her phones forcefully taken at the border -- and how the Department of Homeland Security insists that your right to privacy does not exist when re-entering the United States. Indeed, she's not alone: Documents previously released under FOIA show that the DHS has a long-standing policy of warrantless (and even motiveless) seizures at the border, essentially removing any traveler's right to privacy.
"The female officer returned 30 minutes later and said I was free to go," according to the Journal's reporter, adding. "I have no idea why they wanted my phones..."
United Kingdom

UK Cybersecurity Executives Plead Guilty To Hacking A Rival Firm (zdnet.com) 13

An anonymous reader writes: "Five employees from cybersecurity firm Quadsys have admitted to hacking into a rival company's servers to allegedly steal customer data and pricing information," ZDNet is reporting. After a series of hearings, five top-ranking employees "admitted to obtaining unauthorised access to computer materials to facilitate the commission of an offence," including the company's owner, managing director, and account manager. Now they're facing 12 months in prison or fines, as well as additional charges, at their sentencing hearing in September. The headline at ZDNet gloats, "Not only did the Quadsys staff reportedly break into servers, they were caught doing it."
Government

Almost Half Of All TSA Employees Have Been Cited For Misconduct (mercurynews.com) 125

Slashdot reader schwit1 writes: Almost half of all TSA employees have been cited for misconduct, and the citations have increased by almost 30 percent since 2013... It also appears that the TSA has been reducing the sanctions it has been giving out for this bad behavior.
Throughout the U.S., the airport security group "has instead sought to treat the misconduct with 'more counseling and letters that explain why certain behaviors were not acceptable'," according to a report from the House Homeland Security Commission, titled "Misconduct at TSA Threatens the Security of the Flying Public". It found 1,206 instances of "neglect of duty", and also cited the case of an Oakland TSA officer who for two years helped smugglers slip more than 220 pounds of marijuana through airport security checkpoints, according to the San Jose Mercury News.

The newspaper adds that "The misconduct ranges from salacious (federal air marshals spending government money on hotel rooms for romps with prostitutes) to downright dangerous (an officer in Orlando taking bribes to smuggle Brazilian nationals through a checkpoint without questioning)." Their conclusion? "The TSA's job is to make airline passengers feel safer and, not incidentally, actually make us safer. It's failing on both."
The Almighty Buck

Maximizing Economic Output With Linear Programming...and Communism (medium.com) 494

Slashdot reader mkwan writes: Economies are just a collection of processes that convert raw materials and labour into useful goods and services. By representing these processes as a series of equations and solving a humongous linear programming problem, it should be possible to maximize an economy's GDP. The catch? The economy needs to go communist.
"[P]oorest members would receive a basic income that gradually increases as the economy becomes more efficient, plateauing at a level where they can afford everything they want to consume," argues the article, while "The middle classes wouldn't see much change. They would continue to work in a regular job for a regular -- but steadily increasing -- wage... Without the ability to own real-estate, companies, or intellectual property, it would be almost impossible to become rich, especially since the only legal source of income would be from a government job."
Republicans

Avast Suckers GOP Delegates Into Connecting To Insecure Wi-Fi Hotspots (theregister.co.uk) 109

Avast conned more than 1,200 people into connecting to fake wi-fi hotspots set up near the Republican convention and the Cleveland airport, using common network names like "Google Starbucks" and "Xfinitywifi" as well as "I vote Trump! free Internet". An anonymous reader quotes this report from The Register: With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting... Some 68.3 percent of users' identities were exposed when they connected, and 44.5 per cent of Wi-Fi users checked their emails or chatted via messenger apps... In its day-long experiment Avast saw more than 1.6Gbps transferred from more than 1,200 users.
Avast didn't store the data they collected, but they did report statistics on which sites were accessed most frequently. "5.1 percent played Pokemon Go, while 0.7 percent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup, and 0.24 percent visited pornography sites like Pornhub."
Security

Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry (theregister.co.uk) 20

The Wassenaar Arrangement "is threatening to choke the cyber-security industry, according to a consortium of cyber-security companies...supported by Microsoft among others," reports SC Magazine. "'Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,' wrote Alan Cohn from the CRC on a Microsoft blog." Reporter Darren Pauli contacted Slashdot with this report: If the Wassenaar Arrangement carries through under its current state, it will force Microsoft to submit some 3800 applications for arms export every year, company assistant general counsel Cristin Goodwin says... The Wassenaar Arrangement caught all corners of the security industry off guard, but its full potentially-devastating effects will only be realised in coming months and years... Goodwin and [Symantec director of government affairs] Fletcher are calling on the industry to lobby their agencies to overhaul the dual-use software definition of the Arrangement ahead of a closed-door meeting in September where changes can be proposed.
Security

Auto Industry Publishes Its First Set of Cybersecurity Best Practices (securityledger.com) 38

chicksdaddy quotes a report from Security Ledger: The Automotive industry's main group for coordinating policy on information security and "cyber" threats has published a "Best Practices" document, giving individual automakers guidance on implementing cybersecurity in their vehicles for the first time. The Automotive Information Sharing and Analysis Center (ISAC) released the Automotive Cybersecurity Best Practices document on July 21st, saying the guidelines are for auto manufacturers as well as their suppliers. The Best Practices cover organizational and technical aspects of vehicle cybersecurity, including governance, risk management, security by design, threat detection, incident response, training, and collaboration with appropriate third parties. Taken together, they move the auto industry closer to standards pioneered decades ago and embraced by companies like Microsoft. They call on automakers to design software to be secure from the ground up and to take a sober look at risks to connected vehicles as part of the design process. Automakers are urged to test for and respond to software vulnerabilities, to develop methods for assessing and fixing security vulnerabilities, to create training programs, promote cybersecurity awareness for both information technology and vehicle specific risks, and educate employees about security awareness. The document comes after a Kelly Blue Book survey that found that 62% of drivers think "connected cars will be hacked," and that 42% say they "want cars to be more connected."
Democrats

Hillary Clinton Chooses Virginia Sen. Tim Kaine As Running Mate (go.com) 370

An anonymous reader quotes a report from ABC News: Virginia Sen. Tim Kaine has been chosen as Hillary Clinton's running mate -- a man she called a "relentless optimist" who "devoted his life to fighting for others." Kaine has long been considered to be at the top of Clinton's short list. He was previously vetted for the vice presidency by Barack Obama in 2008. Kaine was an early supporter of Clinton's, appearing at a "Ready for Hillary" breakfast in May 2014 where he urged her to enter the 2016 presidential race. Kaine told NBC in June that he "encouraged her to run in May of 2014, because I could telescope forward and see some of the challenges that this nation would be facing. And I decided that by reason of character, by reason of background, and experience, but also especially by reason of results, she would be the most qualified person to be president in January of 2017." Prior to being elected to the Senate, Kaine served as governor and lieutenant governor of Virginia. In 2009, President Obama picked Kaine to lead the Democratic National Committee. Last week, Republican presidential nominee Donald Trump announced Mike Pence as his VP running mate.
Government

Issa Bill Would Kill A Big H-1B Loophole (computerworld.com) 246

ErichTheRed writes: This isn't perfect, but it is the first attempt I've seen at removing the "body shop" loophole in the H-1B visa system. A bill has been introduced in Congress that would raise the minimum wage for an H-1B holder from $60K to $100K, and place limits on the body shop companies that employ mostly H-1B holders in a pass-through arrangement. Whether it's enough to stop the direct replacement of workers, or whether it will just accelerate offshoring, remains to be seen. But, I think removing the most blatant and most abused loopholes in the rules is a good start. "The high-skilled visa program is critical to ensuring American companies can attract and retain the world's best talent," said Issa in a statement. "Unfortunately, in recent years, this important program has become abused and exploited as a loophole for companies to replace American workers with cheaper labor from overseas."
Government

Edward Snowden At Comic-Con: 'I Live a Surprisingly Free Life' (theguardian.com) 51

An anonymous reader writes from a report via The Guardian: Director Oliver Stone talked to whistleblower Edward Snowden in front of an audience at a question and answer session on Thursday evening. He compared Snowden's anxiety over his own appearance in his Snowden biopic film "Snowden" to that of Donald Trump, who was cut from one of his films six years before. Snowden replied: "I'd like to avoid that association." At the event, Snowden did also shed some light on his personal life, years after his revelation of the NSA's secret surveillance of the American public's internet activity resulted in criminal charges under the Espionage Act that led to his exile in Russia. "I can confirm that I am not living in a box," Snowden said. "I actually live a surprisingly free life. This was not the most likely outcome. I didn't actually expect to make it out of Hawaii. I thought it was incredibly risky. I had a lot of advantages in doing what I did; I worked for the CIA on the human intelligence side, I worked for the NSA on the signals intelligence side, and I taught counterintelligence. This is not something that's covered that well in the media. I was about as well placed as anybody could be, and I still thought I was going to get rolled up at the airport and that there were going to be knocks on the doors of the journalists." When asked what he thought about Gordon-Levitt's performance in the film where he plays Edward Snowden, Snowden responded: "This is one of the things that's kind of crazy and surreal about this kind of experience: I don't think anybody looks forward to having a movie made about themselves, especially someone who is a privacy advocate. Some of my family members have said, 'He sounds just like you!' I can't hear it myself but if he can pass the family test he's doing all right." Snowden agreed to participate on the film because he thought it could raise awareness in ways his own advocacy could not. Snowden was also in the news recently for developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions.
Privacy

'The Hillary Leaks' - Wikileaks Releases 19,252 Previously Unseen DNC Emails (zerohedge.com) 451

Reader schwit1 writes: The state department's release of Hillary emails may be over, but that of Wikileaks is just starting. Moments ago, Julian Assange's whistleblower organization released over 19,000 emails and more than 8,000 attachments from the Democratic National Committee. This is part one of their new Hillary Leaks series, Wikileaks said in press release.:"Today, Friday 22 July 2016 at 10:30am EDT, WikiLeaks releases 19,252 emails and 8,034 attachments from the top of the US Democratic National Committee -- part one of our new Hillary Leaks series. The leaks come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda (10770 emails), National Finance Director Jordon Kaplan (3797 emails), Finance Chief of Staff Scott Comer (3095 emails), Finance Director of Data & Strategic Initiatives Daniel Parrish (1472 emails), Finance Director Allen Zachary (1611 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails). The emails cover the period from January last year until 25 May this year."
The emails released Friday cover a period from January 2015 to May 2016. They purportedly come from the accounts of seven key DNC staffers: Andrew Wright, Jordon Kaplan, Scott Comer, Luis Miranda, Robert Stowe, Daniel Parrish and Allen Zachary.

A quick scan of the emails focus on Bernie Sanders and dealing with the fallout of many Democrats opposing Hillary Clinton and calling the system "rigged." Many of the emails exchanged between top DNC officials are simply the text of news articles concerning how establishment democrats can "deal" with the insurgent left-winger.
Update: 07/22 17:41 GMT by M :Guccifer 2.0 has claimed responsibility for the leak.
China

Samsung Fights Back, Sues China's Huawei For Patent Infringement (reuters.com) 24

In May, China's conglomerate Huawei filed a lawsuit against Samsung accusing the Korean company of infringing on some of its 4G-related patents. Now, Samsung is returning the favor. According to Reuters, Samsung has filed a lawsuit of its own against Huawei for a very similar reason. From the report: An intellectual property court in Beijing said on its official Weixin account that Samsung sued Huawei and a department store in Beijing and has claimed 161 million yuan ($24.14 million) in damages. Samsung asked the two defendants to stop production and sales of products the South Korean firm says infringes on its patents, including Huawei's Mate 8 and Honor smartphones, the court said.

Slashdot Top Deals