Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Opera

Opera Sync Users May Have Been Compromised In Server Breach (fortune.com) 20

An anonymous reader writes: Someone broke into Opera's servers. The Opera browser has a handy feature for synchronizing browsing data across different devices. Unfortunately, some of the passwords and login information used to enable the feature may have been stolen from Opera's servers. Opera's sync service is used by around 1.7 million people each month. Overall, the browser has 350 million users. The Norwegian firm told its users that someone had gained access to the Opera sync system, and "some of our sync users' passwords and account information, such as login names, may have been compromised." As a result, Opera had to reset all the passwords for the feature, meaning users will need to select new ones.
Security

How Security Experts Are Protecting Their Own Data (siliconvalley.com) 166

Today the San Jose Mercury News asked several prominent security experts which security products they were actually using for their own data. An anonymous Slashdot reader writes: The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security. ("I don't like to get complacent and rely on it in any way...") He does regularly encrypt his e-mail, "but he doesn't recommend that average users scramble their email, because he thinks the encryption software is just too difficult to use."

The newspaper also interviewed security expert Eugene Spafford, who rarely updates the operating system on one of his computers -- because it's not connected to the internet -- and sometimes even accesses his files with a virtual machine, which he then deletes when he's done. His home router is equipped with a firewall device, and "he's developed some tools in his research center that he uses to try to detect security problems," according to the article. "There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me."

Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."
Google

Google Tests A Software That Judges Hollywood's Portrayal of Women 248

Slashdot reader theodp writes: Aside from it being hosted in a town without a movie theater, the 2016 Bentonville Film Festival was also unusual in that it required all entrants to submit "film scripts and downloadable versions of the film" for judgment by "the team at Google and USC", apparently part of a larger Google-funded research project with USC Engineering "to develop a computer science tool that could quickly and efficiently assess how women are represented in films"...

Fest reports noted that representatives of Google and the White House Office of Science and Technology Policy appeared in a "Reel vs. Real Diversity" panel presentation at the fest, where the importance of diversity and science to President Obama were discussed, and the lack of qualified people to fill 500,000 U.S. tech jobs was blamed in part on how STEM careers have been presented in film and television... In a 2015 report on a Google-sponsored USC Viterbi School of Engineering MacGyver-themed event to promote women in engineering, USC reported that President Obama was kept briefed on efforts to challenge media's stereotypical portrayals of women. As for its own track record, Google recently updated its Diversity page, boasting that "21% of new hires in 2015 were women in tech, compared to 19% of our current population"....
Databases

100 Arrested In New York Thanks To Better Face-Recognition Technology (arstechnica.com) 82

New York doubled the number of "measurement points" used by their facial recognitation technology this year, leading to 100 arrests for fraud and identity theft, plus another 900 open cases. An anonymous reader quotes a report from Ars Technica: In all, since New York implemented facial recognition technology in 2010, more than 14,000 people have been hampered trying to get multiple licenses. The newly upgraded system increases the measurement points of a driver's license picture from 64 to 128.

The DMV said this vastly improves its chances of matching new photographs with one already in a database of 16 million photos... "Facial recognition plays a critical role in keeping our communities safer by cracking down on individuals who break the law," Gov. Andrew M. Cuomo said in a statement. "New York is leading the nation with this technology, and the results from our use of this enhanced technology are proof positive that its use is vital in making our roads safer and holding fraudsters accountable."

At least 39 US states use some form of facial recognition software, and New York says their new system also "removes high-risk drivers from the road," stressing that new licenses will no longer be issued until a photo clears their database.
Security

New Ransomware Poses As A Windows Update (hothardware.com) 85

Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it's installing the update, but what's really happening is that the user's documents and files are being encrypted in the background...

The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe... As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption... Users affected by this are instructed to email the culprit for payment instructions.

While the ransomware is busy encrypting your files, it displays Microsoft's standard warning about not turning off the computer while the "update" is in progress. Pressing Ctrl+F4 closes that window, according to the article, "but that doesn't stop the ransomware from encrypting files in the background."
Bitcoin

Kim Dotcom Will Revive Megaupload, Linking File Transfers To Bitcoin Microtransactions (fortune.com) 70

Long-time Slashdot reader SonicSpike quotes an article from Fortune: The controversial entrepreneur Kim Dotcom said last month that he was preparing to relaunch Megaupload, the file-sharing site that U.S. and New Zealand authorities dramatically shut down in 2012, with bitcoins being involved in some way... This system will be called Bitcache, and Dotcom claimed its launch would send the bitcoin price soaring way above its current $575 value.

The launch of Megaupload 2.0 will take place on January 20, 2017, he said, urging people to "buy bitcoin while cheap, like right now, trust me..." Crucially, Dotcom said the Bitcache system would overcome bitcoin's scaling problems. "It eliminates all blockchain limitations," he claimed.

Every file transfer taking place over Megaupload "will be linked to a tiny Bitcoin micro transaction," Dotcom posted on Twitter. His extradition trial begins Monday, and he's asking the court to allow live-streaming of the trial "because of global interest in my case." Meanwhile, the FBI apparently let the registration lapse on the Megaupload domain, which they seized in 2012, and Ars Technica reports that the site is now full of porn ads.
EU

EU Copyright Reform Proposes Search Engines Pay For Snippets (thestack.com) 168

An anonymous Slashdot reader reports that the European Commission "is planning reforms that would allow media outlets to request payment from search engines such as Google, for publishing snippets of their content in search results." The Stack reports: The working paper recommends the introduction of an EU law that covers the rights to digital reproduction of news publications. This would essentially make news publishers a new category of rights holders under copyright law, thereby ensuring that "the creative and economic contribution of news publishers is recognized and incentivized in EU law, as it is today the case for other creative sectors."
Iphone

Apple Fixes Three Zero Days Used In Targeted Attack (onthewire.io) 73

Trailrunner7 quotes a report from On The Wire: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them.

The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab, who recognized what they were looking at. "On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising ;new secrets' about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based 'cyber war' company that sells Pegasus, a government-exclusive "lawful intercept" spyware product," Citizen Lab said in a new report on the attack and iOS flaws.

Japan

Japanese Government Plans Cyber Attack Institute (thestack.com) 11

An anonymous reader quotes a report from The Stack: The government of Japan will create an institute to train employees to counter cyber attacks. The institute, which will be operational early next year, will focus on preventing cyber attacks on electrical systems and other infrastructure. The training institute, which will operate as part of Japan's Information Technology Promotion Agency (IPA), is the first center for training in Japan to focus on preventing cyber attacks.

A government source said that the primary aims will be preventing a large-scale blackout during the Tokyo Olympics and Paralympics in 2020, and stopping leaks of sensitive power plant designs. The source also stated that there is potential for a joint exercise in cyber awareness between the Japanese group and foreign cybersecurity engineers in the future.

Social Networks

'Social Media ID, Please?' Proposed US Law Greeted With Anger (computerworld.com) 208

The U.S. government announced plans to require some foreign travelers to provide their social media account names when entering the country -- and in June requested comments. Now the plan is being called "ludicrous," an "all-around bad idea," "blatant overreach," "desperate, paranoid heavy-handedness," "preposterous," "appalling," and "un-American," reports Slashdot reader dcblogs: That's just a sampling of the outrage. Some 800 responded to the U.S. request for comments about a proposed rule affecting people traveling from "visa waiver" countries to the U.S., where a visa is not required. This includes most of Europe, Singapore, Chile, Japan, South Korea, Australia and New Zealand... In a little twist of irony, some critics said U.S. President Obama's proposal for foreign travelers is so bad, it must have been hatched by Donald Trump.
"Travelers will be asked to provide their Twitter, Facebook, Instagram, LinkedIn, Google+, and whatever other social ID you can imagine to U.S. authorities," reports Computer World. "It's technically an 'optional' request, but since it's the government asking, critics believe travelers will fear consequences if they ignore it..."
DRM

BitTorrent Cases Filed By Malibu Media Will Proceed, Rules Judge 58

Long-time Slashdot reader NewYorkCountryLawyer writes: In the federal court for the Eastern District of New York, where all Malibu Media cases have been stayed for the past year, the Court has lifted the stay and denied the motion to quash in the lead case, thus permitting all 84 cases to move forward.

In his 28-page decision (PDF), Magistrate Judge Steven I. Locke accepted the representations of Malibu's expert, one Michael Patzer from a company called Excipio, that in detecting BitTorrent infringement he relies on "direct detection" rather than "indirect detection", and that it is "not possible" for there to be misidentification.
United States

HAARP Holds Open House To Dispel Rumors Of Mind Control (adn.com) 143

An anonymous Slashdot reader writes: HAARP -- the former Air Force/Navy/DARPA research program in Alaska -- will host an open house Saturday where "We hope to show people that it is not capable of mind control and not capable of weather control and all the other things it's been accused of..." said Sue Mitchell, spokesperson for the geophysical institute at the University of Alaska. "We hope that people will be able to see the actual science of it." HAARP, which was turned over to The University of Alaska last August, has been blamed for poor crop yields in Russia, with conspiracy theorists also warning of "a super weapon capable of mind control or weather control, with enough juice to trigger hurricanes, tornadoes and earthquakes."

The facility's 180 high-frequency antennas -- spread across 33 acres -- will be made available for public tours, and there will also be interactive displays and an unmanned aircraft 'petting zoo'. The Alaska Dispatch News describes it as "one of the world's few centers for high-power and high-frequency study of the ionosphere... important because radio waves used for communication and navigation reflect back to Earth, allowing long-distance, short-wave broadcasting."

Privacy

Eavesdropping On Tinder: Researcher Demonstrates Man-in-the-Middle Attacks (hert.org) 19

An anonymous Slashdot reader writes: Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, "Not only we can eavesdrop on the conversation of two strangers, we can also change their reality." The attack can easily be extended to SMS, Whatsapp, iMessage and voice.
"At some point people exchange phone numbers and the Tinder convo stops. That's not a problem..." Zboralski explains, suggesting more ways to continue the man-in-the-middle exploits..

His article drew a response from Tinder, arguing they "employ several manual and automated mechanisms" to deter fake and duplicate profiles. But while they're looking for ways to improve, "ultimately, it is unrealistic for any company to positively validate the real-world identity of millions of users while maintaining the commonly expected level of usability."
Microsoft

Apple, Facebook, IBM, and Microsoft Sign White House Pledge For Equal Pay (fortune.com) 277

In honor of Women's Equality Day, an anonymous reader shares with us a festive report from Fortune: More than two months after the White House first announced its Equal Pay Pledge for the private sector, Facebook, Apple, Microsoft and other major industry players have signed on. By taking the pledge, which was first introduced at the United State of Women Summit in June of this year, companies promise to help close the national gender pay gap, conduct annual, company-wide pay analyses, and review hiring and promotion practices. The new signees were announced in a White House statement on Friday -- which also happens to be Women's Equality Day, the anniversary of the ratification of the 19th amendment, which gave women the right to vote. Apple, which announced earlier this year that it has no pay gap, released a statement promising to dig even deeper into compensation. "We're now analyzing the salaries, bonuses, and annual stock grants of all our employees worldwide. If a gap exists, we'll address it," the company said in a statement. Twenty-nine companies signed the pledge on Friday, bringing the total number of signatories to 57. The pledge is part of a $50-million, White House-led initiative to expand opportunities for and improve the lives of women and girls. The consortium members issued a statement via Whitehouse.gov's press release: "The Employers for Pay Equity consortium is comprised of companies that understand the importance of diversity and inclusion, including ensuring that all individuals are compensated equitably for equal work and experience and have an equal opportunity to contribute and advance in the workplace. We are committed to collaborating to eliminate the national pay and leadership gaps for women and ethic minorities. Toward that end, we have come together to share best practices in compensation, hiring, promotion, and career development as well as develop strategies to support other companies' efforts in this regard. By doing so, we believe we can have a positive effect on our workforces that, in turn, makes our companies stronger and delivers positive economic impact." The consortium members include: Accenture, Airbnb, BCG, Care.com, CEB, Cisco, Deloitte, Dow, Expedia, EY, Glassdoor, GoDaddy, Jet.com, L'Oreal USA, Mercer, PepsiCo, Pinterest, Rebecca Minkoff, Salesforce, Spotify, Staples, Stella McCartney, and Visa.
United Kingdom

British Companies Are Selling Advanced Spy Tech To Authoritarian Regimes (vice.com) 56

An anonymous reader quotes a report from Motherboard: Since early 2015, over a dozen UK companies have been granted licenses to export powerful telecommunications interception technology to countries around the world, Motherboard has learned. Many of these exports include IMSI-catchers, devices which can monitor large numbers of mobile phones over broad areas. Some of the UK companies were given permission to export their products to authoritarian states such as Saudi Arabia, the United Arab Emirates, Turkey, and Egypt; countries with poor human rights records that have been well-documented to abuse surveillance technology. In 2015, the UK's Department for Business, Innovation and Skills (BIS) started publishing basic data about the exportation of telecommunications interception devices. Through the Freedom of Information Act, Motherboard obtained the names of companies that have applied for exportation licenses, as well as details on the technologies being shipped, including, in some cases, individual product names. The companies include a subsidiary of defense giant BAE Systems, as well as Pro-Solve International, ComsTrac, CellXion, Cobham, and Domo Tactical Communications (DTC). Many of these companies sell IMSI-catchers. IMSI-catchers, sometimes known as "Stingrays" after a particularly popular brand, are fake cell phone towers which force devices in their proximity to connect. In the data obtained by Motherboard, 33 licenses are explicitly marked as being for IMSI-catchers, including for export to Turkey and Indonesia. Other listings heavily suggest the export of IMSI-catchers too: one granted application to export to Iraq is for a "Wideband Passive GSM Monitoring System," which is a more technical description of what many IMSI-catchers do. In all, Motherboard received entries for 148 export license applications, from February 2015 to April 2016. A small number of the named companies do not provide interception capabilities, but defensive measures, for example to monitor the radio spectrum.

Slashdot Top Deals