aggregator

Twitter Suspends 300,000 Accounts Tied To Terrorism In 2017

Slashdot - Your Rights Online - 3 godzin 40 min ago
According to a new transparency report, Twitter said it suspended nearly 300,000 accounts globally linked to terrorism in the first half of the year. The company is improving automation tools used to help block accounts that promote terrorism and violence. Bloomberg reports: Of [the nearly 300,000 accounts that were suspended], roughly 95 percent were identified by the company's spam-fighting automation tools. Meanwhile, the social network said government data requests continued to increase, and that it provided authorities with data on roughly 3,900 accounts from January to June. Twitter said about 75 percent of the blocked accounts this year were spotted before a single tweet was sent, and that 935,897 accounts had been suspended since August 2015, with two-thirds of those coming in the past year. American authorities made 2,111 requests from Twitter from January to June, the most of the 83 countries tracked by the company. Twitter supplied information on users in 77 percent of the inquiries. Japan made 1,384 requests and the U.K. issued 606 requests. Turkish authorities continued a trend of aggressively policing Twitter, making 554 requests for account data and issuing court orders to remove 715 pieces of content. Other governments made only 38 total content-removal requests.

Read more of this story at Slashdot.

Google, Bing, Yahoo Data Retention Doesn't Improve Search Quality, Study Claims

Slashdot - Your Rights Online - 4 godzin 20 min ago
A new paper released on Monday via the National Bureau of Economic Research claims that retaining search log data doesn't do much for search quality. "Data retention has implications in the debate over Europe's right to be forgotten, the authors suggest, because retained data undermines that right," reports The Register. "It's also relevant to U.S. policy discussions about privacy regulations." From the report: To determine whether retention policies affected the accuracy of search results, Chiou and Tucker used data from metrics biz Hitwise to assess web traffic being driven by search sites. They looked at Microsoft Bing and Yahoo! Search during a period when Bing changed its search data retention period from 18 months to 6 months and when Yahoo! changed its retention period from 13 months to 3 months, as well as when Yahoo! had second thoughts and shifted to an 18-month retention period. According to Chiou and Tucker, data retention periods didn't affect the flow of traffic from search engines to downstream websites. "Our findings suggest that long periods of data storage do not confer advantages in search quality, which is an often-cited benefit of data retention by companies," their paper states. Chiou and Tucker observe that the supposed cost of privacy laws to consumers and to companies may be lower than perceived. They also contend that their findings weaken the claim that data retention affects search market dominance, which could make data retention less relevant in antitrust discussions of Google.

Read more of this story at Slashdot.

Pepe the Frog's Creator Is Sending Takedown Notices To Far-Right Sites

Slashdot - Your Rights Online - 5 godzin 45 sec ago
An anonymous reader quotes a report from Motherboard: Pepe the Frog creator Matt Furie has made good on his threat to "aggressively enforce his intellectual property." The artist's lawyers have taken legal action against the alt-right. They have served cease and desist orders to several alt-right personalities and websites including Richard Spencer, Mike Cernovich, and the r/the_Donald subreddit. In addition, they have issued Digital Millennium Copyright Act takedown requests to Reddit and Amazon, notifying them that use of Pepe by the alt-right on their platforms is copyright infringement. The message is to the alt-right is clear -- stop using Pepe the Frog or prepare for legal consequences. Furie originally created Pepe as a non-political character for his Boy's Club comic, but Pepe later became an internet meme and during the 2016 U.S. presidential election the alt-right movement appropriated the frog in various grotesque and hateful memes.

Read more of this story at Slashdot.

EFF Resigns From Web Consortium In Wake of EME DRM Standardization

Slashdot - Your Rights Online - 5 godzin 45 min ago
New submitter Frobnicator writes: Four years ago, the W3C began standardizing Encrypted Media Extensions, or EME. Several organizations, including the EFF, have argued against DRM within web browsers. Earlier this year, after the W3C leadership officially recommended EME despite failing to reach consensus, the EFF filed the first-ever official appeal that the decision be formally polled for consensus. That appeal has been denied, and for the first time the W3C is endorsing a standard against the consensus of its members. In response, the EFF published their resignation from the body: "The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew -- and the large corporate members continued to reject any meaningful compromise -- the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. [...] Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. Effective today, EFF is resigning from the W3C." Jeff Jaffe, CEO of W3C said: "I know from my conversations that many people are not satisfied with the result. EME proponents wanted a faster decision with less drama. EME critics want a protective covenant. And there is reason to respect those who want a better result. But my personal reflection is that we took the appropriate time to have a respectful debate about a complex set of issues and provide a result that will improve the web for its users. My main hope, though, is that whatever point-of-view people have on the EME covenant issue, that they recognize the value of the W3C community and process in arriving at a decision for an inherently contentious issue. We are in our best light when we are facilitating the debate on important issues that face the web."

Read more of this story at Slashdot.

In a 'Plot Twist', Wikileaks Releases Documents It Claims Detail Russia Mass Surveillance Apparatus

Slashdot - Your Rights Online - Wt, 2017-09-19 21:25
WikiLeaks, believed by many to be a Kremlin front, surprised some observers Tuesday morning (Snowden called it a "plot twist") when it released documents linking a Russian tech company with access to thousands of citizens' telephone and internet communications with Moscow. From a report: Writing a summary of the cache of mostly Russian-language documents, Wikileaks claims they show how a long-established Russian company which supplies software to telcos is also installing infrastructure, under state mandate, that enables Russian state agencies to tap into, search and spy on citizens' digital activity -- suggesting a similar state-funded mass surveillance program to the one utilized by the U.S.'s NSA or by GCHQ in the U.K. (both of which were detailed in the 2013 Snowden disclosures). The documents which Wikileaks has published (there are just 34 "base documents" in this leak) relate to a St. Petersburg-based company, called Peter-Service, which it claims is a contractor for Russian state surveillance. The company was set up in 1992 to provide billing solutions before going on to become a major supplier of software to the mobile telecoms industry.

Read more of this story at Slashdot.

AI Just Made Guessing Your Password a Whole Lot Easier

Slashdot - Your Rights Online - Wt, 2017-09-19 03:25
sciencehabit shares a report from Science Magazine: The Equifax breach is reason for concern, of course, but if a hacker wants to access your online data by simply guessing your password, you're probably toast in less than an hour. Now, there's more bad news: Scientists have harnessed the power of artificial intelligence (AI) to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles. Researchers at Stevens Institute of Technology in Hoboken, New Jersey, started with a so-called generative adversarial network, or GAN, which comprises two artificial neural networks. A "generator" attempts to produce artificial outputs (like images) that resemble real examples (actual photos), while a "discriminator" tries to detect real from fake. They help refine each other until the generator becomes a skilled counterfeiter. The Stevens team created a GAN it called PassGAN and compared it with two versions of hashCat and one version of John the Ripper. The scientists fed each tool tens of millions of leaked passwords from a gaming site called RockYou, and asked them to generate hundreds of millions of new passwords on their own. Then they counted how many of these new passwords matched a set of leaked passwords from LinkedIn, as a measure of how successful they'd be at cracking them. On its own, PassGAN generated 12% of the passwords in the LinkedIn set, whereas its three competitors generated between 6% and 23%. But the best performance came from combining PassGAN and hashCat. Together, they were able to crack 27% of passwords in the LinkedIn set, the researchers reported this month in a draft paper posted on arXiv. Even failed passwords from PassGAN seemed pretty realistic: saddracula, santazone, coolarse18.

Read more of this story at Slashdot.

Jeweler Forged Judge's Signature To Force Google To Kill Negative Reviews

Slashdot - Your Rights Online - Wt, 2017-09-19 02:45
A sapphire salesman is facing jail time for forging a judge's signature in a case involving Google. Kelly Weill from The Daily Beast reports: Michael Arnstein is the third-generation owner of the Natural Sapphire Company, a Manhattan-based jewelry business. After a falling-out with a former business partner, Arnstein's company amassed dozens of negative reviews, which featured prominently in the Natural Sapphire Company's Google search results. Arnstein sued the former business partner in 2011, accusing him of writing defamatory negative reviews, and a judge ordered the partner to delete 54 of the negative comments. But some negative reviews remained, even after the court order. So Arnstein copied the judge's signature and forged new court orders of his own, demanding that Google scrub negative reviews from his company's search results, Arnstein admitted in a guilty plea on Friday.

Read more of this story at Slashdot.

Equifax Stock Sales Are the Focus of US Criminal Probe

Slashdot - Your Rights Online - Pn, 2017-09-18 23:20
An anonymous reader quotes a report from Bloomberg: The U.S. Justice Department has opened a criminal investigation into whether top officials at Equifax Inc. violated insider trading laws when they sold stock before the company disclosed that it had been hacked, according to people familiar with the investigation. U.S. prosecutors in Atlanta, who the people said are looking into the share sales, said in a statement they are examining the breach and theft of people's personal information in conjunction with the Federal Bureau of Investigation. The Securities and Exchange Commission is working with prosecutors on the investigation into stock sales, according to another person familiar with the matter. Investigators are looking at the stock sales by Equifax's chief financial officer, John Gamble; its president of U.S. information solutions, Joseph Loughran; and its president of workforce solutions, Rodolfo Ploder, said two of the people, who asked not to be named because the probe is confidential. Equifax disclosed earlier this month that it discovered a security breach on July 29. The three executives sold shares worth almost $1.8 million in early August. The company has said the managers didn't know of the breach at the time they sold the shares. Regulatory filings don't show that the transactions were part of pre-scheduled trading plans.

Read more of this story at Slashdot.

Apple Officially Bans Scammy Antivirus Apps From iOS App Store

Slashdot - Your Rights Online - Pn, 2017-09-18 17:20
Fake "virus scanning" apps have plagued the iOS App Store for a while, and Apple seems to finally be banning them once and for all in updated developer guidelines it published last week. From a report: The updated developer guidelines, compiled by Paul Hudson over at Hacking With Swift, now includes a ban on apps that claim to "including content or services that it does not actually offer" -- something that includes any iOS virus scanning apps, seeing as it wasn't possible to scan for viruses on iOS with third party apps, since iOS's sandboxing prevents applications from directly interacting with each other or the core of the iOS operating system.

Read more of this story at Slashdot.

Avast's CCleaner Free Windows Application Infected With Malware

Slashdot - Your Rights Online - Pn, 2017-09-18 16:01
Reader Tinfoil writes: Cisco Talos announces that malware cleaning app, CCleaner, has been infected with malware for the past month. Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. The company said more 2.27 million had downloaded the compromised version of CCleaner.

Read more of this story at Slashdot.

Americans Plan Massive 'Net Neutrality' Protest Next Week

Slashdot - Your Rights Online - Pn, 2017-09-18 13:30
An anonymous reader quotes the Guardian: A coalition of activists, consumer groups and writers are calling on supporters to attend the next meeting of the Federal Communications Commission on September 26 in Washington DC. The next day, the protest will move to Capitol Hill, where people will meet legislators to express their concerns about an FCC proposal to rewrite the rules governing the internet... The activist groups are encouraging internet users to meet their lawmakers and tell them how a free and open internet is vital to their lives and their livelihoods... "The FCC seems dead set on killing net neutrality, but they have to answer to Congress, and Congress has to answer to us, their constituents," said Evan Greer, campaign director for Fight for the Future, one of the protest's organisers. "With this day of advocacy, we're harnessing the power of the web to make it possible for ordinary internet users to meet directly with their senators and representatives to tell their stories, and make sure that lawmakers hear from the public, not just lobbyists for AT&T and Verizon," she said. Monday Mozilla and the Internet Archive are also inviting the public to a free panel discussion featuring former FCC Chairman Tom Wheeler on ways the American public can act to preserve net neutrality.

Read more of this story at Slashdot.

Illinois Tests A Blockchain-Based Birth Registry/ID System

Slashdot - Your Rights Online - Pn, 2017-09-18 09:30
An anonymous reader quotes Government Technology: The state of Illinois, which has six blockchain pilots underway, will partner with Utah-based Evernym for a birth registry pilot meant to individualize and secure identities... The endeavor, one of six distinct blockchain explorations Illinois began last summer with a working group, is expected to utilize the Sovrin Foundation's publicly available distributed identity ledger and expand upon accomplishments of the W3C Verifiable Claims Task Force, the state said... Recognizing that identity -- and, now, digital identity -- begin at birth, the state will explore using these technologies to create "a secure 'self-sovereign' identity for Illinois citizens during the birth registration process," it said in the announcement. More from the Illinois Blockchain Initiative site: Self-sovereign identity refers to a digital identity that remains entirely under the individual's control. A self-sovereign identity can be efficiently and securely validated by entities who require it, free from reliance on a centralized repository. Jennifer O'Rourke, Blockchain Business Liaison for the Illinois Blockchain Initiative commented, "To structurally address the many issues surrounding digital identity, we felt it was important to develop a framework that examines identity from its inception at child birth... Identity is not only foundational to nearly every government service, but is the basis for trust and legitimacy in the public sector." In the proposed framework, government agencies will verify birth registration information and then cryptographically sign identity attributes such as legal name, date of birth, sex or blood type, creating what are called "verifiable claims" or attributes. Permission to view or share each of these government-verified claims is stored on the tamper-proof distributed ledger protocol in the form of a decentralized identifier... This minimizes the need for entities to establish, maintain and rely upon their own proprietary databases of identity information. Evernym's "Chief Trust Officer" sees the program as "a major contribution to the larger effort of solving the online identity problem."

Read more of this story at Slashdot.

New Book Argues Silicon Valley Will Lead Us to Our Doom

Slashdot - Your Rights Online - N, 2017-09-17 13:22
Long-time Slashdot reader Zorro quotes the San Diego Union-Tribune: To many Americans, large technology firms embody much of what's good about the modern world. Franklin Foer has a different perspective. In his new book, "World Without Mind," the veteran journalist lays out a more ominous view of where Big Tech would like to take us -- in many ways, already has taken us... These firms have a program: to make the world less private, less individual, less creative, less human... Big Tech has imposed its will on the resident population with neither our input nor our permission. The reviewer summarizes the book's argument as "Once hooked, consumers are robbed of choice, milked for profit, deprived of privacy and made the subjects of stealth social engineering experiments." Interestingly, Foer was fired from The New Republic in 2014 by its new publisher -- Facebook co-founder Chris Hughes -- and Foer's new book includes strong criticism of the way companies are assembling detailed profiles on their users. "They have built their empires by pulverizing privacy; they will further ensconce themselves by pushing boundaries, by taking even more invasive steps that build toward an even more complete portrait of us."

Read more of this story at Slashdot.

NSA Launches 'Codebreaker Challenge' For Students: Stopping an Infrastructure Attack

Slashdot - Your Rights Online - N, 2017-09-17 00:02
Slashdot reader eatvegetables writes: The U.S. National Security Agency launched Codebreaker Challenge 2017 Friday night (Sept 15) at 9 p.m. EST. It started off as a reverse-engineering challenge a few years ago but has grown in scope to include network analysis, reverse-engineering, and vulnerability discovery/exploitation. This year's challenge story centers around hackers attacking critical "supervisory control and data acquisition" (SCADA) infrastructure. Your mission, should you choose to accept it, is to figure out how the SCADA network is being attacked, find the attack vector(s), and stop the bad guy(s)/gal(s)/other(s). Codebreaker-Challenge is unusual for capture-the-flag(ish) contests due to the scope/number of challenges and how long the contest runs (now until end of year). Also (this year, at least), the challenge is built around a less than well-known networking protocol, MQTT. It's open to anyone with a school.edu email address. A site leader-board shows which school/University has the most l33t students. Carnegie Mellon and Georgia Institute of Tech are at the top of the leader-board as of Saturday morning. Last year, 3,300 students (from 481 schools) participated, with 15 completing all six tasks. One Carnegie Mellon student finished in less than 18 hours. A resources page offers "information on reverse engineering," and the NSA says the first 50 students who complete all the tasks ths year will receive a "small token" of appreciation from the agency.

Read more of this story at Slashdot.

WordPress Ditches ReactJS Over Facebook's Patent Clause

Slashdot - Your Rights Online - So, 2017-09-16 22:58
An anonymous reader quote TechCrunch: Matt Mullenweg, the co-founder of the popular open source web publishing software WordPress, has said the community will be pulling away from using Facebook's React JavaScript library over concerns about a patent clause in Facebook's open source license. In a blog post explaining the decision yesterday, Mullenweg said he had hoped to officially adopt React for WordPress -- noting that Automattic, the company behind WordPress.com which he also founded, had already used React for the Calypso ground-up rewrite of WordPress.com a few years ago, while the WordPress community had started using it for its major Gutenberg core project. But he said he has changed his mind after seeing Facebook dig in behind the patent clause -- which was recently added to the Apache Software Foundation's list of disallowed licenses... [H]e writes that he cannot, in good conscience, require users of the very widely used open source WordPress software to inherit the patent clause and associated legal risk. So he's made the decision to ditch React. Facebook can revoke their license if a React user challenges Facebook's patents.

Read more of this story at Slashdot.

Facebook Shares Details Of Russia-Bought Ads With US Investigators

Slashdot - Your Rights Online - So, 2017-09-16 21:54
An anonymous reader quotes CNN: Special counsel Robert Mueller and his team are now in possession of Russian-linked ads run on Facebook during the presidential election, after they obtained a search warrant for the information. Facebook gave Mueller and his team copies of ads and related information it discovered on its site linked to a Russian troll farm, as well as detailed information about the accounts that bought the ads and the way the ads were targeted at American Facebook users, a source with knowledge of the matter told CNN. The disclosure, first reported by the Wall Street Journal, may give Mueller's office a fuller picture of who was behind the ad buys and how the ads may have influenced voter sentiment during the 2016 election... As CNN reported Thursday, Facebook is still not sure whether pro-Kremlin groups may have made other ad buys intended to influence American politics that it simply hasn't discovered yet. It is even possible that unidentified ad buys may still exist on the social media network today.

Read more of this story at Slashdot.

Can The Pirate Bay Replace Ads With A Bitcoin Miner?

Slashdot - Your Rights Online - So, 2017-09-16 18:42
Mark Wilson writes: When it comes to the Pirate Bay, it's usually movie studios, music producers and software creators that get annoyed with the site — you know, copyright and all that. But in an interesting twist it is now users who find themselves irked by and disappointed in the most famous torrent site in the world. So what's happened? Out of the blue, the Pirate Bay has added a Javascript-powered Bitcoin miner to the site. Nestling in the code of the site is an embedded cryptocurrency miner from Coinhive. Users who have noticed an increase in resource usage on their computers as a result of this are not happy. TorrentFreak reports the miner is being tested for about 24 hours -- as a possible way to earn enough revenue to remove advertising from the site.

Read more of this story at Slashdot.

Equifax CSO 'Retires'. Known Bug Was Left Unpatched For Nearly Five Months

Slashdot - Your Rights Online - So, 2017-09-16 16:34
phalse phace quotes MarketWatch: Following on the heels of a story that revealed that Equifax hired a music major with no education related to technology or security as its Chief Security Officer, Equifax announced on Friday afternoon that Chief Security Officer Susan Mauldin has quit the company along with Chief Information Officer David Webb. Chief Information Officer David Webb and Chief Security Officer Susan Mauldin retired immediately, Equifax said in a news release that did not mention either of those executives by name. Mark Rohrwasser, who had been leading Equifax's international information-technology operations since 2016, will replace Webb and Russ Ayres, a member of Equifax's IT operation, will replace Mauldin. The company revealed Thursday that the attackers exploited Apache Struts bug CVE-2017-5638 -- "identified and disclosed by U.S. CERT in early March 2017" -- and that they believed the unauthorized access happened from May 13 through July 30, 2017. Thus, MarketWatch reports, Equifax "admitted that the security hole that attackers used was known in March, about two months before the company believes the breach began." And even then, Equifax didn't notice (and remove the affected web applications) until July 30.

Read more of this story at Slashdot.

Mystery of Sonic Weapon Attacks At US Embassy In Cuba Deepens

Slashdot - Your Rights Online - So, 2017-09-16 05:30
An anonymous reader quotes a report from The Guardian: The blaring, grinding noise jolted the American diplomat from his bed in a Havana hotel. He moved just a few feet, and there was silence. He climbed back into bed. Inexplicably, the agonizing sound hit him again. It was as if he'd walked through some invisible wall cutting straight through his room. Soon came the hearing loss, and the speech problems, symptoms both similar and altogether different from others among at least 21 U.S. victims in an astonishing international mystery still unfolding in Cuba. The top U.S. diplomat has called them "health attacks." New details learned by the Associated Press indicate at least some of the incidents were confined to specific rooms or even parts of rooms with laser-like specificity, baffling U.S. officials who say the facts and the physics don't add up. Suspicion initially focused on a sonic weapon, and on the Cubans. Yet the diagnosis of mild brain injury, considered unlikely to result from sound, has confounded the FBI, the state department and U.S. intelligence agencies involved in the investigation. Some victims now have problems concentrating or recalling specific words, several officials said, the latest signs of more serious damage than the U.S. government initially realized. The United States first acknowledged the attacks in August -- nine months after symptoms were first reported.

Read more of this story at Slashdot.

Credit Karma To Launch Free ID Monitoring Following Equifax Hack

Slashdot - Your Rights Online - So, 2017-09-16 02:45
Credit Karma is launching a new free service that will alert customers if their identity data has been compromised in hacks, the San Francisco-based fintech company said on Friday in the wake of massive breach at credit monitoring agency Equifax. From a report: The new ID monitoring service is being tested and will be available in October, the company said on Friday. Similar to services offered by Symantec-owned LifeLock, CreditKarma will keep track of data breaches and tell customers if they are one of the victims. Customers can then check to use the company's credit monitoring services and flag suspicious activities. The company said it was accelerating the launch of the new service in response to the large data breach at Equifax, where thieves may have stolen personal information of 143 million Americans.

Read more of this story at Slashdot.