aggregator

Skype Vanishes From App Stores in China

Slashdot - Your Rights Online - 1 godz. 13 min ago
Skype, Microsoft's Internet phone call and messaging service, has been unavailable for download from a number of app stores in China, including Apple's, for almost a month (Editor's note: the link could be paywalled; alternative source), The New York Times reported on Tuesday. From the report: "We have been notified by the Ministry of Public Security that a number of voice over internet protocol apps do not comply with local law. Therefore these apps have been removed from the app store in China," an Apple spokeswoman said Tuesday in an emailed statement responding to questions about Skype's disappearance from the app store. "These apps remain available in all other markets where they do business." The removal led to a volley of complaints from Chinese users on internet message boards who were no longer able to pay for Skype's services through Apple. The users said that the disruption began in late October. Skype, which is owned by Microsoft, still functions in China, and its fate in the country is not yet clear. But its removal from the app stores is the most recent example of a decades-long push by China's government to control and monitor the flow of information online.

Read more of this story at Slashdot.

Google Collects Android Users' Locations Even When Location Services Are Disabled

Slashdot - Your Rights Online - 3 godzin 18 min ago
Google has been collecting Android phones' locations even when location services are turned off, and even when there is no carrier SIM card installed on the device, an investigation has found. Keith Collins, reporting for Quartz: Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers -- even when location services are disabled -- and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy. Quartz observed the data collection occur and contacted Google, which confirmed the practice. The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.

Read more of this story at Slashdot.

Trump Administration Tightens Scrutiny of Skilled Worker Visa Applicants

Slashdot - Your Rights Online - 4 godzin 13 min ago
wyattstorch516 writes: The Trump administration is tightening the scrutiny on the H-1B visa program (Warning: paywalled; alternative source). Changes would undo actions by the Obama administration. There are two big regulatory changes looming that would undo actions by the Obama administration. "The first change allowed spouses of H-1B workers the right to work. That regulation is being challenged in court and the Trump administration is expected to eliminate the provision rather than defend it," reports WSJ. "The second change affects the Optional Practical Training program, which allows foreign graduates from U.S. colleges in science and technology an extra two years of work authorization, giving them time to win an H-1B visa. The Trump administration could kill that benefit or reduce the two-year window, according to people familiar with the discussions." The Journal highlights a "series of more modest changes that have added scrutiny to visa processing": - "USCIS directed last month that adjudicators no longer pay 'deference' to past determinations for renewal applications. This means an applicant's past approval won't carry any weight if he or she applies for a renewal. - The agency is conducting more applicant interviews, which critics say slows the system. The agency spokesman says this process will ramp up over several years and is needed to detect fraud and make accurate decisions. - In the spring, the agency suspended premium processing, which allowed for fast-track consideration to those who paid an extra fee. This option wasn't resumed until October, meaning many workers who qualified for a coveted H-1B visa had to wait months for a decision. - State Department officials have been told to consider that Mr. Trump's 'Buy American, Hire American' executive order directs visa programs must 'protect the interests of United States workers.' And the Foreign Affairs Manual now instructs officers to scrutinize applications of students to ensure they plan to return to their home countries. A State Department official said the official rules haven't changed but said a 'comprehensive' review is under way."

Read more of this story at Slashdot.

Over 400 of the World's Most Popular Websites Record Your Every Keystroke

Slashdot - Your Rights Online - 13 godzin 43 min ago
An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn't new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled "No Boundaries," three researchers from Princeton's Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world's most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers' findings. If you accidentally paste something into a form that was copied to your clipboard, it's also recorded. These scripts, or bits of code that websites run, are called "session replay" scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don't just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don't run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can't "reasonably be expected to be kept anonymous," according to the researchers.

Read more of this story at Slashdot.

Why Hackers Reuse Malware

Slashdot - Your Rights Online - 17 godzin 53 min ago
Orome1 shares a report from Help Net Security: Software developers love to reuse code wherever possible, and hackers are no exception. While we often think of different malware strains as separate entities, the reality is that most new malware recycles large chunks of source code from existing malware with some changes and additions (possibly taken from other publicly released vulnerabilities and tools). This approach makes sense. Why reinvent the wheel when another author already created a working solution? While code reuse in malware can make signature-based detection methods more effective in certain cases, more often than not it frees up time for attackers to do additional work on detection avoidance and attack efficacy -- which can create a more dangerous final product. There are multiple reasons why hackers reuse code when developing their own malware. First, it saves time. By copying code wherever possible, malware authors have more time to focus on other areas, like detection avoidance and attribution masking. In some cases, there may be only one way to successfully accomplish a task, such as exploiting a vulnerability. In these instances, code reuse is a no-brainer. Hacker also tend to reuse effective tactics such as social engineering, malicious macros and spear phishing whenever possible simply because they have a high rate of success.

Read more of this story at Slashdot.

US Sues To Block AT&T Purchase of Time Warner

Slashdot - Your Rights Online - Wt, 2017-11-21 00:40
The U.S. Department of Justice is suing AT&T to block its $85.4 billion acquisition of Time Warner. "The legal challenge was expected after AT&T rejected a demand by the Justice Department earlier this month to divest its DirecTV unit or Time Warner's Turner Broadcasting -- which contains news network CNN -- in order to win antitrust approval," reports Reuters. From the report: AT&T's chief executive said then that he would defend the deal in court to win approval, and the company criticized the Justice Department's case on Monday. The lawsuit is "a radical and inexplicable departure from decades of antitrust precedent," said AT&T lawyer David McAtee, arguing that so-called vertical mergers, between companies that are not direct competitors, are routinely approved. "We see no legitimate reason for our merger to be treated differently," he said, adding that AT&T is confident a judge will reject the Justice Department's case.

Read more of this story at Slashdot.

10-Year-Old Boy Cracks the Face ID On Both Parents' IPhone X

Slashdot - Your Rights Online - Pn, 2017-11-20 10:34
An anonymous reader writes: A 10-year-old boy discovered he could unlock his father's phone just by looking at it. And his mother's phone too. Both parents had just purchased a new $999 iPhone X, and apparently its Face ID couldn't tell his face from theirs. The unlocking happened immediately after the mother told the son that "There's no way you're getting access to this phone." Experiments suggest the iPhone X was confused by the indoor/nighttime lighting when the couple first registered their faces. Apple's only response was to point to their support page, which states that "the statistical probability is different...among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate." The boy's father is now offering this advice to other parents. "You should probably try it with every member of your family and see who can access it." And his son just "thought it was hilarious."

Read more of this story at Slashdot.

Net Neutrality is Essentially Unassailable, Argues Billionaire Barry Diller

Slashdot - Your Rights Online - Pn, 2017-11-20 04:36
An anonymous reader quotes Yahoo Finance: The billionaire media mogul behind such popular sites as Expedia, Match.com and HomeAdvisor has a one-word forecast for traditional media conglomerates concerned about being replaced by tech giants: serfdom. "They, like everyone else, are kind of going to be serfs on the land of the large tech companies," IAC chairman Barry Diller said... That's because Google and Facebook not only have such massive user bases but also dominate online advertising. "Google and Facebook are consolidating," Diller said. "They are the only mass advertising mediums we have..." He expects Facebook, Google and maybe Amazon to face government regulation, simply because of their immense size. "At a certain point in size, you must," he said. "It's inevitable." He did, however, outline one positive for Big Tech getting so gargantuan. Big Telecom no longer has the economic leverage to roll back today's net-neutrality norms, in which internet providers don't try to charge sites extra for access to their subscribers. "I think it's hard to overturn practically," he said. "It is the accepted system." Even if the U.S. government takes moves to fight net neutrality, Diller told CNBC that "I think it is over... It is [the] practice of the world... You're still going to be able to push a button and publish to the world, without anybody in between asking you for tribute. I think that is now just the way things are done. I don't think it can be violated no matter what laws are back."

Read more of this story at Slashdot.

'Lazy' Hackers Exploit Microsoft RDP To Install Ransomware

Slashdot - Your Rights Online - N, 2017-11-19 18:10
An anonymous reader writes: An investigation by Sophos has uncovered a new, lazy but effective ransomware attack where hackers brute force passwords on computers with [Microsoft's] Remote Desktop Protocol enabled, use off-the-shelf privilege escalation exploits to make themselves admins, turn off security software and then manually run fusty old versions of ransomware. They even delete the recovery files created by Windows Live backup -- and make sure they can also scramble the database. "Because they've used their sysadmin powers to rig the system to be as insecure as they can, they can often use older versions of ransomware, perhaps even variants that other crooks have given up on and that are now floating around the internet 'for free'." Most of the attacks hit small-to-medium companies with 30 or fewer employees, since "with small scale comes a dependence on external IT suppliers or 'jack-of-all-trades' IT generalists trying to manage cybersecurity along with many other responsibilities. In one case a victim was attacked repeatedly, because of a weak password used by a third-party application that demanded 24-hour administrator access for its support staff."

Read more of this story at Slashdot.

Musk-Backed 'Slaughterbots' Video Will Warn the UN About Killer Microdrones

Slashdot - Your Rights Online - N, 2017-11-19 04:50
An anonymous reader quotes Space.com: A graphic new video posits a very scary future in which swarms of killer microdrones are dispatched to kill political activists and U.S. lawmakers. Armed with explosive charges, the palm-sized quadcopters use real-time data mining and artificial intelligence to find and kill their targets. The makers of the seven-minute film titled Slaughterbots are hoping the startling dramatization will draw attention to what they view as a looming crisis -- the development of lethal, autonomous weapons, that select and fire on human targets without human guidance. The Future of Life Institute, a nonprofit organization dedicated to mitigating existential risks posed by advanced technologies, including artificial intelligence, commissioned the film. Founded by a group of scientists and business leaders, the institute is backed by AI-skeptics Elon Musk and Stephen Hawking, among others. The institute is also behind the Campaign to Stop Killer Robots, a coalition of non-governmental organizations which have banded together to call for a preemptive ban on lethal autonomous weapons... The film will be screened this week at the United Nations in Geneva during a meeting of the Convention on Certain Conventional Weapons... The Campaign to Stop Killer Robots is hosting a series of meetings at this year's event to propose a worldwide ban on lethal autonomous weapons, which could potentially be developed as flying drones, self-driving tanks, or automated sentry guns. "This short film is more than just speculation," says Stuart Russell, a U.C. Berkeley considered an expert in artificial intelligence. "It shows the results of integrating and miniaturizing technologies we already have."

Read more of this story at Slashdot.

Apple Is Served A Search Warrant To Unlock Texas Church Gunman's iPhone

Slashdot - Your Rights Online - N, 2017-11-19 01:42
An anonymous reader quotes the New York Daily News: Authorities in Texas served Apple with a search warrant in order to gain access to the Sutherland Springs church shooter's cellphone files. Texas Ranger Kevin Wright obtained the warrant last week, according to San Antonio Express-News. Investigators are hoping to gain access to gunman Devin Patrick Kelley's digital photos, messages, calls, videos, social media passwords, address book and data since January 2016. Authorities also want to know what files Kelley stored in his iCloud account. Fast Company writes that "it's very likely that Apple will give the Rangers the same answer it gave the FBI in 2016 (in effect, hell no!)... That may be why, in the Texas case, the FBI and the Rangers didn't even bother calling Apple, but rather went straight to court."

Read more of this story at Slashdot.

EFF Beats 'Stupid' Patent Troll In Court

Slashdot - Your Rights Online - So, 2017-11-18 20:34
An Australian court can't make a California advocacy group take down a web page, a U.S. federal judge just ruled on Friday. Even if that web page calls a company's patents "stupid." Courthouse News reports: San Francisco-based Electronic Frontier Foundation sued Global Equity Management, or GEMSA, in April, claiming the Australian firm exploited its home country's weaker free speech protections to secure an unconstitutional injunction against EFF. Kurt Opsahl, EFF's deputy executive director and general counsel, hailed the ruling as a victory for free speech. "We knew all along the speech was protected by the First Amendment," Opsahl said in a phone interview Friday. "We were pleased to see the court agree." Opsahl said the ruling sends a strong message EFF and other speakers can weigh in on important topics, like patent reform, without fear of being muzzled by foreign court orders. The dispute stems from an article EFF published in June 2016, featuring GEMSA in its "Stupid Patent of the Month" series. The GEMSA patent is for a "virtual cabinet" to store data. In the article, EFF staff attorney Daniel Nazer called GEMSA a "classic patent troll" that uses its patent on graphic representations of data storage to sue "just about anyone who runs a website." The article also says GEMSA "appears to have no business other than patent litigation." The judge granted EFF a default judgment, saying the Australian court's injunction was not only unenforceable in the United States but also "repugnant" to the U. S. Constitution.

Read more of this story at Slashdot.

FOSS Community Criticizes SFLC over SFC Trademark War

Slashdot - Your Rights Online - So, 2017-11-18 19:34
Earlier this month Bruce Perens notified us that "the Software Freedom Law Center, a Linux-Foundation supported organization, has asked USPTO to cancel the trademark of the name of the Software Freedom Conservancy, an organization that assists and represents Free Software/Open Source developers." Now Slashdot reader curcuru -- director of the Apache Software Foundation -- writes: No matter how you look at it, this kind of lawsuit is a loss for software freedom and open source in general, since this kind of USPTO trademark petition (like a lawsuit) will tie up both organizations, leaving less time and funds to help FOSS projects. There's clearly more to the issue than the trademark issue; the many community members' blog posts make that clear. GNOME executive director Neil McGovern Apache Software Foundation director Shane Curcuru Google security developer Matthew Garrett Linux industry journalist Bryan Lunduke The key point in this USPTO lawsuit is that the legal aspects aren't actually important. What's most important is the community reaction: since SFLC and Conservancy are both non-profits who help serve free software communities, it's the community perception of what organizations to look to for help that matters. SFLC's attempt to take away the Conservancy's very name doesn't look good for them. Bryan Lunduke's video covers the whole case, including his investigation into the two organizations and their funding.

Read more of this story at Slashdot.

The House's Tax Bill Levies a Tax On Graduate Student Tuition Waivers

Slashdot - Your Rights Online - So, 2017-11-18 05:30
Camel Pilot writes: The new GOP tax plan -- which just passed the House -- will tax tuition waivers as income. Graduate students working as research assistants on meager stipends would have to declare tuition waivers as income on the order of $80,000 income. This will force many graduate students of modest means to quit their career paths and walk away from their research. These are the next generation of scientists, engineers, inventors, educators, medical miracle workers and market makers. As Prof Claus Wilke points out: "This would be a disaster for U.S. STEM Ph.D. education." Slashdot reader Camel Pilot references a report via The New York Times, where Erin Rousseau explains how the House of Representatives' recently passed tax bill affects graduate research in the United States. Rousseau is a graduate student at M.I.T. who studies the neurological basis of mental health disorders. "My peers and I work between 40 and 80 hours a week as classroom teachers and laboratory researchers, and in return, our universities provide us with a tuition waiver for school. For M.I.T. students, this waiver keeps us from having to pay a tuition bill of about $50,000 every year -- a staggering amount, but one that is similar to the fees at many other colleges and universities," he writes. "No money from the tuition waivers actually ends up in our pockets, so under Section 117(d)(5), it isn't counted as taxable income." Rousseau continues by saying his tuition waivers will be taxed under the House's tax bill. "This means that M.I.T. graduate students would be responsible for paying taxes on an $80,000 annual salary, when we actually earn $33,000 a year. That's an increase of our tax burden by at least $10,000 annually."

Read more of this story at Slashdot.

Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets

Slashdot - Your Rights Online - So, 2017-11-18 02:10
An anonymous reader quotes a report from The Register: Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages -- all scraped from around the world by the U.S. military to identify and profile persons of interest. The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive. CENTCOM is the common abbreviation for the U.S. Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for U.S. Pacific Command, covering the rest of southern Asia, China and Australasia. "For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate." Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens. The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the U.S. government's Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism.

Read more of this story at Slashdot.

FCC Approves Next-Gen ATSC 3.0 TV Standard

Slashdot - Your Rights Online - So, 2017-11-18 01:30
New submitter mikeebbbd writes: "U.S. regulators on Thursday approved the use of new technology that will improve picture quality on mobile phones, tablets and television, but also raises significant privacy concerns by giving advertisers dramatically more data about viewing habits," reports Reuters. ATSC3.0 will apparently make personal data collection and targeted ads possible. New TVs will be necessary, and broadcasters will need to transmit both ATSC 2.0 (the current standard) for 3 to 5 years before turning off the older system. For now, the conversion is voluntary. There appears to be no requirement (as there was when ATSC 2.0 came out) for low-cost adapter boxes to make older TVs work; once a channel goes ATSC 3.0-only, your old TV will not display it any more.

Read more of this story at Slashdot.

Germany Bans Children's Smartwatches

Slashdot - Your Rights Online - Pt, 2017-11-17 18:02
A German regulator has banned the sale of smartwatches aimed at children, describing them as spying devices. From a report: It had previously banned an internet-connected doll called, My Friend Cayla, for similar reasons. Telecoms regulator the Federal Network Agency urged parents who had such watches to destroy them. One expert said the decision could be a "game-changer" for internet-connected devices. "Poorly secured smart devices often allow for privacy invasion. That is really concerning when it comes to kids' GPS tracking watches - the very watches that are supposed to help keep them safe," said Ken Munro, a security expert at Pen Test Partners.

Read more of this story at Slashdot.

Why is this Company Tracking Where You Are on Thanksgiving?

Slashdot - Your Rights Online - Pt, 2017-11-17 16:45
Earlier this week, several publications published a holiday-themed data study about how families that voted for opposite parties spent less time together on Thanksgiving, especially in areas that saw heavy political advertising. The data came from a company called SafeGraph that supplied publications with 17 trillion location markets for 10 million smartphones. A report looks at the bigger picture: The data wasn't just staggering in sheer quantity. It also appears to be extremely granular. Researchers "used this data to identify individuals' home locations, which they defined as the places people were most often located between the hours of 1 and 4 a.m.," wrote The Washington Post. The researchers also looked at where people were between 1 p.m. and 5 p.m. on Thanksgiving Day in order to see if they spent that time at home or traveled, presumably to be with friends or family. "Even better, the cellphone data shows you exactly when those travelers arrived at a Thanksgiving location and when they left," the Post story says. To be clear: This means SafeGraph is looking at an individual device and tracking where its owner is going throughout their day. A common defense from companies that creepily collect massive amounts of data is that the data is only analyzed in aggregate; for example, Google's database BigQuery, which allows organizations to upload big data sets and then query them quickly, promises that all its public data sets are "fully anonymized" and "contain no personally-identifying information." In multiple press releases from SafeGraph's partners, the company's location data is referred to as "anonymized," but in this case they seem to be interpreting the concept of anonymity quite liberally given the specificity of the data.

Read more of this story at Slashdot.

Report Claims That 18 Nation's Elections Were Impacted By Social Engineering Last Year

Slashdot - Your Rights Online - Pt, 2017-11-17 04:05
sqorbit writes: Independent watchdog group Freedom House released a report that claims that 18 nation's elections were "hacked." Of the 65 countries that Freedom House monitors, 30 appear to be using social media in order to affect elections by attempting to control online discussions. The report covers fake news posts, paid online opinion writers and trolling tactics. Other items in the report speak to online censorship and VPN blocking that blocks information within countries to interfere with elections. The report says net freedom could be aided by: large-scale programs that showed people how to spot fake news; putting tight controls on political adverts; and making social media giants do more to remove bots and tune algorithms to be more objective.

Read more of this story at Slashdot.

Bluetooth Hack Affects 20 Million Amazon Echo, Google Home Devices

Slashdot - Your Rights Online - Pt, 2017-11-17 03:25
In September, security researchers discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. We have now learned that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities. The Hacker News reports: Amazon Echo is affected by the following two vulnerabilities: a remote code execution vulnerability in the Linux kernel (CVE-2017-1000251); and an information disclosure flaw in the SDP server (CVE-2017-1000250). Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android. Whereas, Google Home devices are affected by one vulnerability: information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785). This Android flaw can also be exploited to cause a denial-of-service (DoS) condition. Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack. The security firm [Armis, who disclosed the issue] notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.

Read more of this story at Slashdot.