Security

Wikimedia Is Clear To Sue the NSA Over Its Use of Warrantless Surveillance Tools (engadget.com) 19

The Wikimedia Foundation has the right to sue the National Security Agency over its use of warrantless surveillance tools, a federal appeals court ruled. "A district judge shot down Wikimedia's case in 2015, saying the group hadn't proved the NSA was actually illegally spying on its communications," reports Engadget. "In this case, proof was a tall order, considering information about the targeted surveillance system, Upstream, remains classified." From the report: The appeals court today ruled Wikimedia presented sufficient evidence that the NSA was in fact monitoring its communications, even if inadvertently. The Upstream system regularly tracks the physical backbone of the internet -- the cables and routers that actually transmit our emoji. With the help of telecom providers, the NSA then intercepts specific messages that contain "selectors," email addresses or other contact information for international targets under U.S. surveillance. "To put it simply, Wikimedia has plausibly alleged that its communications travel all of the roads that a communication can take, and that the NSA seizes all of the communications along at least one of those roads," the appeals court writes. "Thus, at least at this stage of the litigation, Wikimedia has standing to sue for a violation of the Fourth Amendment. And, because Wikimedia has self-censored its speech and sometimes forgone electronic communications in response to Upstream surveillance, it also has standing to sue for a violation of the First Amendment."
Security

DEFCON Conference To Target Voting Machines (politico.com) 60

An anonymous reader quotes a report from Politico: Hackers will target American voting machines -- as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar's Palace in Las Vegas at the end of July for DEFCON, the world's largest hacking conference, organizers are planning to have waiting what they call "a village" of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks. With all the attention on Russia's apparent attempts to meddle in American elections -- former President Barack Obama and aides have made many accusations toward Moscow, but insisted that there's no evidence of actual vote tampering -- voting machines were an obvious next target, said DEFCON founder Jeff Moss.
Cellphones

Republicans Want To Leave You Voicemail -- Without Ever Ringing Your Cellphone (recode.net) 302

bricko quotes a report from Recode: The GOP's leading campaign and fundraising arm, the Republican National Committee, has quietly thrown its support behind a proposal at the Federal Communications Commission that would pave the way for marketers to auto-dial consumers' cellphones and leave them prerecorded voicemail messages -- all without ever causing their devices to ring. Under current federal law, telemarketers and others, like political groups, aren't allowed to launch robocall campaigns targeting cellphones unless they first obtain a consumer's written consent. But businesses stress that it's a different story when it comes to "ringless voicemail" -- because it technically doesn't qualify as a phone call in the first place. In their eyes, that means they shouldn't need a customer or voter's permission if they want to auto-dial mobile voicemail inboxes in bulk pre-made messages about a political candidate, product or cause. And they want the FCC to rule, once and for all, that they're in the clear. Their argument, however, has drawn immense opposition from consumer advocates.
Censorship

FCC Won't Punish Stephen Colbert For Controversial Trump Insult (slashdot.org) 180

Earlier this month, the FCC said it would look into complaints made against The Late Show host Stephen Colbert over a homophobic joke he made about President Donald Trump. Well, it turns out the FCC is not going to levy a fine against the comedian for using the word "cock" on late-night network television, reports The Verge. From the report: "Consistent with standard operating procedure, the FCC's Enforcement Bureau has reviewed the complaints and the material that was the subject of these complaints," reads the FCC's statement, according to Variety. "The Bureau has concluded that there was nothing actionable under the FCC's rules." Helping Colbert's case was the fact that the broadcast, time delayed for incidents like these, bleeped out the questionable word and also blurred the host's mouth as he was saying it. The FCC has broad authority to regulate what can and cannot be broadcast based on legal precedent regarding obscenity laws. Yet looser rules apply during the hours of 10PM and 6AM ET, when Colbert's show airs. So it would appear that the ample self-censorship on behalf of CBS saved the program from a guilty verdict in this case.
The Courts

Engineer At Boeing Admits Trying To Sell Space Secrets To Russians (arstechnica.com) 67

An anonymous reader shares an ArsTechnica report: Gregory Allen Justice, a 49-year-old engineer living in Culver City, Calif., has pleaded guilty to charges of attempted economic espionage and attempted violation of the Export Control Act. Justice, who according to his father worked for Boeing Satellite Systems in El Segundo, Calif., was arrested last July after selling technical documents about satellite systems to someone he believed to be a Russian intelligence agent. Instead, he sold the docs to an undercover Federal Bureau of Investigation employee. The sting was part of a joint operation by the FBI and the US Air Force Office of Special Investigations. The documents provided by Justice to the undercover agent included information on technology on the US Munitions List, meaning they were regulated by government International Trade in Arms regulations (ITAR). "In exchange for providing these materials during a series of meeting between February and July of 2016, Justice sought and received thousands of dollars in cash payments," a Justice Department spokesperson said in a statement. "During one meeting, Justice and the undercover agent discussed developing a relationship like one depicted on the television show 'The Americans.'"
Communications

Comcast Proves Need For Net Neutrality By Trying To Censor Advocacy Website (fightforthefuture.org) 135

Reader mrchaotica writes: As most Slashdot readers are probably aware, the FCC, under the direction of Trump-appointed chairman Ajit Pai, is trying to undo its 2015 decision to protect Net Neutrality (PDF) by classifying ISPs as common carriers. During the recent public comment period, the FCC's website was flooded with pro-Net-Neutrality comments from actual people (especially those who heeded John Oliver's call to arms) as well as anti-Net-Neutrality comments posted by bots using the names and addresses of people without their consent. The fake comments use boilerplate identical to that used in a 2010 press release by the conservative lobbying group Center for Individual Freedom (which is funded by Comcast, among other entities), but beyond that, the entities who perpetrated and funded the criminal acts have not been conclusively identified. In response to this brazen attempt to undermine the democratic process, the Internet freedom advocacy group Fight for the Future (FFTF) created the website Comcastroturf.com to call attention to the fraud and allow people to see if their identity had been misappropriated. Comcast, in a stunning display of its tone-deaf attitude towards free speech, has sent a cease-and-desist order to FFTF, claiming that Comcastroturf.com violates its "valuable intellectual property[sic]." According to the precedent set in Bosley Medical Institute, Inc. v. Kremer , websites created for the purpose of criticizing an organization can not be considered trademark infringement. As such, FFTF reportedly has no intention of taking down the site.

"This is exactly why we need Title II net neutrality protections that ban blocking, throttling, and censorship," said Evan Greer, campaign director of Fight for the Future, "If Ajit Pai's plan is enacted, there would be nothing preventing Comcast from simply blocking sites like Comcastroturf.com that are critical of their corporate policies," she added. "It also makes you wonder what Comcast is so afraid of? Are their lobbying dollars funding the astroturfing effort flooding the FCC with fake comments that we are encouraging Internet users to investigate?"

Could there be a better example to illustrate why ensuring strong Net Neutrality protections by regulating ISPs as common carriers is so important?


Businesses

Nokia Uses Lawsuit To Make Apple Its Friend (bbc.com) 8

Apple has settled a patent dispute with Finnish telecom equipment maker Nokia and agreed to buy more of its network products and services. The deal means Nokia will get bigger royalties from Apple for using its mobile phone patents, helping offset the impact of waning demand for its mobile network hardware. Nokia's shares were up by seven percent following the announcement. WSJ puts things into perspective: Nokia's deal with Apple follows a highly unusual playbook: using a lawsuit to win business from your adversary (could be paywalled). When the first iPhone was unveiled a decade ago, Apple became a major competitor to the Finnish group, which was then the world's leading mobile-phone maker. As Nokia's business dwindled, the companies became legal antagonists. Now they are set to become business partners. The settlement announced Tuesday involves Apple paying Nokia a lump sum plus royalties for each device it sells using Nokia's technology. This is broadly the same kind of agreement the two sides reached in 2011 following a two-year lawsuit. The previous deal expired last year, which is why both sides launched fresh suits in December. In the aftermath of the lawsuit last year, Apple had pulled all Withings products from its stores. As part of the settlement, Apple said it will reverse that move.
Microsoft

Microsoft Announces 'Windows 10 China Government Edition', Lets Country Use Its Own Encryption (windows.com) 105

At an event in China on Tuesday, Microsoft announced yet another new version of Windows 10. Called Windows 10 China Government Edition, the new edition is meant to be used by the Chinese government and state-owned enterprises, ending a standoff over the operating system by meeting the government's requests for increased security and data control. In a blog post, Windows chief Terry Myerson writes: The Windows 10 China Government Edition is based on Windows 10 Enterprise Edition, which already includes many of the security, identity, deployment, and manageability features governments and enterprises need. The China Government Edition will use these manageability features to remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates, and to enable the government to use its own encryption algorithms within its computer systems.
The Courts

PayPal Sues Pandora Over 'Patently Unlawful' Logo (billboard.com) 129

PayPal has filed a trademark infringement lawsuit against Pandora, arguing that the company's minimalist logo "dilutes the distinctiveness" of its own branding. "Element by element and in overall impression, the similarities between the logos are striking, obvious, and patently unlawful," the lawsuit alleges. Billboard reports: In October 2016, Pandora announced it was redesigning its logo from a thin, serifed "P" into the chunky, sans serifed "P" that it is today. The color scheme was also changed from midnight blue to a softer shade of blue. By comparison, PayPal's logo, active since 2014, also features a minimalist-looking "P" in a sans serif font and sporting a blue color palette. PayPal's mark actually consists of two overlapping and slanted "Ps," whereas Pandora keeps it to one. Both P's lack a hole. It is because of these similarities that PayPal believes customers of both companies are unable to distinguish the two, and that many are complaining about inadvertently opening Pandora instead of PayPal on their smartphones. The lawsuit includes various screen grabs, primarily from Twitter, of people noting the similarities. PayPal's lawsuit also points out Pandora's current struggles as a brand, saying that since it is primarily an ad-supported service, it "has no obvious path to profitability," especially given "overwhelming competition" from the likes of Spotify and Apple Music. The suit alleges that Pandora purposely "latched itself on to the increasingly popular" PayPal logo look-and-feel as part of its efforts to reverse its fortunes.
Microsoft

Microsoft Says a Chinese 'Gaming Service' Company Is Hacking Xbox Accounts (theverge.com) 28

An anonymous reader shares a report: Since 2015, a Chinese gaming website has been hacking Xbox accounts and selling the proceeds on the open market, according to a complaint filed by Microsoft in federal court on Friday. On its website, iGSKY presents itself as a gaming service company, offering players a way to pay for in-game credits and rare items -- but according to Microsoft, many of those credits were coming from someone else's wallet. The complaint alleges that the company made nearly $2 million in purchases through hacked accounts and their associated credit cards, using purchases as a way to launder the resulting cash. On the site, cheap in-game points are also available for the FIFA games, Forza Horizon 3, Grand Theft Auto V, and Pokemon Go, among others.
Patents

The Supreme Court Is Cracking Down on Patent Trolls (fortune.com) 108

The Supreme Court on Monday limited the ability of patent holders to bring infringement lawsuits in courts that have plaintiff friendly reputations, a notable decision that could provide a boost to companies that defend against patent claims. The high court, in an opinion by Justice Clarence Thomas, ruled unanimously that a lower court has been following an incorrect legal standard for almost 30 years that made it possible for patent holders to sue companies in almost any U.S. jurisdiction. From a report: The justices sided 8-0 (PDF) with beverage flavoring company TC Heartland in its legal battle with food and beverage company Kraft Heinz, ruling that patent infringement suits can be filed only in courts located in the jurisdiction where the targeted company is incorporated. Justice Neil Gorsuch did not participate in the decision. The decision overturned a ruling last year by the U.S. Court of Appeals for the Federal Circuit, a Washington-based patent court, that said patent suits are fair game anywhere a defendant company's products are sold.
Android

Hackers Hit Russian Bank Customers, Planned International Cyber Raids (reuters.com) 19

Russian cyber criminals used malware planted on Android mobile devices to steal from domestic bank customers and were planning to target European lenders before their arrest, investigators and sources with knowledge of the case told Reuters. From the report: Their campaign raised a relatively small sum by cyber-crime standards -- more than 50 million roubles ($892,000) -- but they had also obtained more sophisticated malicious software for a modest monthly fee to go after the clients of banks in France and possibly a range of other western nations. Russia's relationship to cyber crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the U.S. presidency by hacking Democratic Party servers. The Kremlin has repeatedly denied the allegation. The gang members tricked the Russian banks' customers into downloading malware via fake mobile banking applications, as well as via pornography and e-commerce programs, according to a report compiled by cyber security firm Group-IB which investigated the attack with the Russian Interior Ministry.
Debian

Privacy-Focused Debian-Based Tails 3.0 Reaches RC Status (betanews.com) 31

BrianFagioli quotes BetaNews: Today, Tails achieves an important milestone. Version 3.0 reaches RC status -- meaning the first release candidate (RC1). In other words, it may soon be ready for a stable release -- if testing confirms as much. If you want to test it and provide feedback, you can download the ISO now. This is quite the significant upgrade, as the operating system is moving to a new base — Debian 9 "Stretch." The Debian kernel gets upgraded to 4.9.0-3, which is based on Linux kernel 4.9.25. As previously reported back in February, Tails 3.0 will drop 32-bit processor support too.

Using Tor is a huge part of the privacy aspect of Tails, and the tor web browser sees an update to 7.0a4. Tor itself is updated to 0.3.0.7-1. Less important is the move from Icedove to Thunderbird for email. This is really in name only, as Debian has begun using the "Thunderbird" branding again. From a feature perspective, it is inconsequential.

Government

Julian Assange Still Faces Legal Jeopardy In Three Countries (chicagotribune.com) 234

Though Sweden dropped an investigation into rape allegations against Julian Assange, "I can conclude, based on the evidence, that probable cause for this crime still exists," chief prosecutor Marianne Ny told reporters in Stockholm. An anonymous reader quotes Newsweek: Ny stressed in her statement Friday that the investigation could be reopened before the statute of limitations on the case expires in 2020. If Assange "went into British custody, then the Swedes may well revisit their decision ⦠as extradition is suddenly easier", tweeted legal expert David Allen Green. Assange failed to answer a bail hearing when he took refuge in the embassy, resulting in an active warrant for his arrest by London's Metropolitan Police, punishable by up to a year in prison. Foremost of Assange's concerns is possible extradition to the U.S., where he he could be detained on espionage charges... Ecuador has offered Assange asylum should he be able to leave Britain.
Meanwhile, The Chicago Tribune reports that "a federal inquiry is widely assumed to be underway by prosecutors in Virginia." According to a former senior Justice Department official, who requested anonymity to discuss the Assange case, American authorities are now presented with a "cat and mouse game." "The decision on whether to indict him rests largely on whether they can get their hands on him," the former official said. Indicting the head of an organization such as WikiLeaks presents a huge number of First Amendment issues, but the Trump White House has indicated such issues may be less of a hurdle than during previous administrations. Prosecutors could seek a sealed indictment -- or may have one already -- to be unveiled if and when Assange strays within reach of American law enforcement, the former official said.
Open Source

Why The US Government Open Sources Its Code (opensource.com) 58

He's been the White House technology advisor since 2015, and this month Alvand Salehi delivered a keynote address at OSCON about the U.S. government's commitment to open source software. An anonymous reader quotes OpenSource.com: The Federal Source Code Policy, released in August 2016, was the first U.S. government policy to support open source across the government... All new custom source code developed by or for the federal government must be available to all other federal agencies for sharing and reuse; and at least 20% of new government custom-developed code must be released to the public as open source. It also established Code.gov as a platform for access to government-developed open source code and a way for other developers to participate.

Before this policy was released, agencies were spending a lot of money to redevelop software already in use by other government agencies. This initiative is expected to save the government millions of dollars in wasteful and duplicative spending on software development. Because of this, Salehi said, open source is not a partisan issue, and "Code.gov is here to stay." Another benefit: Releasing open source code allows the government to benefit from the brainpower of developers across the country to improve their code.

Code.gov points potential contributors to their code repository on GitHub.
China

Did China Hack The CIA In A Massive Intelligence Breach From 2010 To 2012? (ibtimes.com) 112

schwit1 quotes the International Business Times: Both the CIA and the FBI declined to comment on reports saying the Chinese government killed or imprisoned 18 to 20 CIA sources from 2010 to 2012 and dismantled the agency's spying operations in the country. It is described as one of the worst intelligence breaches in decades, current and former American officials told the New York Times.

Investigators were uncertain whether the breach was a result of a double agent within the CIA who had betrayed the U.S. or whether the Chinese had hacked the communications system used by the agency to be in contact with foreign sources. The Times reported Saturday citing former American officials from the final weeks of 2010 till the end of 2012, the Chinese killed up to 20 CIA sources.

Communications

FCC Won't Release DDoS Logs, And Will Probably Honor Fake Comments (zdnet.com) 82

An anonymous reader quotes ZDNet on the alleged denial of service attack which blocked comments supporting net neutrality. In a ZDNet interview, FCC chief information officer David Bray said that the agency would not release the logs, in part because the logs contain private information, such as IP addresses. In unprinted remarks, he said that the logs amounted to about 1 gigabyte per hour during the alleged attack... The log files showed that non-human [and cloud-based] bots submitted a flood of comments using the FCC's API. The bot that submitted these comments sparked the massive uptick in internet traffic on the FCC by using the public API as a vehicle...

Bray's comments further corroborate a ZDNet report (and others) that showed unknown anti-net neutrality spammers were behind the posting of hundreds of thousands of the same messages to the FCC's website using people's names and addresses without their consent -- a so-called "astroturfing" technique -- in an apparent attempt to influence the results of a public solicitation for feedback on net neutrality. Speaking to reporters last week, FCC chairman Ajit Pai hinted that the agency would likely honor those astroturfed comments, nonetheless.

Transportation

Texas Legislature Clears Road For Uber and Lyft To Return To Austin (austinmonitor.com) 106

schwit1 shared this article from the Austin Monitor: The Texas Legislature has cleared the road for Uber and Lyft to return to Austin on their own terms. On Wednesday, the state Senate overwhelmingly approved House Bill 100 on second and third readings, sending the statewide ride-hailing regulations to Governor Greg Abbott's desk for his signature. If Abbott signs it, as he is expected to do, the new law will preempt regulations City Council passed in December 2015 that both Uber and Lyft deemed too restrictive on transportation network companies such as themselves.
The new rules still require criminal background checks, but drop the requirement for fingerprinting. "We find it unfortunate that the 36 lobbyists deployed by the Silicon Valley giants were effective in convincing the State Legislature that there was a need to overrule the Austin voters," said a local ride-sharing company, which vowed to continue operating -- and to at least continue fingerprinting their own drivers. Houston's mayor complained the new statewide rules handed down are "another example of the legislature circumventing local control to allow corporations to profit at the expense of public safety."
Movies

Movie Piracy Blackmail Plot Fails In India, Six Arrested (torrentfreak.com) 47

An anonymous reader quote's TorrentFreak's report about "a plot against Baahubali 2: The Conclusion, a record-breaking movie taking India by storm." Someone posing as a "film anti-piracy activist" told the company that a pirated copy of the movie had been obtained and if a ransom wasn't paid, a leak onto the Internet would be inevitable... Following the call Arka Mediaworks immediately involved the police, who advised the company to engage the 'kidnappers' in dialog to obtain proof that they had the movie in question. That was delivered in the form of a high-definition sample of the movie, a move that was to mark the beginning of the end for those attempting to extort Arka Mediaworks. It's unclear whether those who sent the sample were aware, but the movie was forensically or otherwise marked, something which allowed police and investigators to track the copy back to a specific theater... shortly after the owner of the theater was arrested by police. This was followed by the arrest of the person who allegedly called Arka Mediaworks with the ransom demand. From there, police were led to other co-conspirators. In total, six arrests were made, with two of the men already known to police.
TorrentFreak calls the ransoming of movies "a worrying trend in 2017" that's "damaging the image of piracy further, if that was even possible."

Slashdot Top Deals