The Passwords Most Used By CEOs Are Startlingly Dumb

Slashdot - Your Rights Online - 5 godzin 25 min ago
A recent cybersecurity report shows how immensely idiotic many CEOs and business owners can be, considering the strength of their chosen account passwords. PC Gamer reports: The research comes from NordPass password manager which identified back in 2020 that the general public's most commonly used passwords were sequential numbers like '123456', 'picture1', and yep, you guessed it: 'password'. The more recent research sample consists of 290 million cybersecurity data breaches around the globe, and denotes the job level of those affected. Turns out, when it comes to CEOs and other high-ranking businesses execs, their password choices are much the same as the general public, although many often feature names. Tiffany was spotted in 100,534 breaches; then there was Charlie with 33,699; Michael was found 10,647 times; and Jordan, 10,472 times. The report also ranks mythical creatures and animals as some of the top passwords to have been cracked in data breaches. 'Dragon' was spotted 11,926 times, and 'monkey' comes in at 11,675. I spoke to IT support engineer Ash Smith, who recommends that companies should consider handing out randomly generated passwords as new accounts are created. "Arguably the strongest passwords are 3 random words, something that you can make a story about in your head to help you remember," he says.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

India Says VPN Firms Unwilling To Comply With New Rules 'Will Have To Pull Out' of the Country

Slashdot - Your Rights Online - Śr, 2022-05-18 16:00
India is pushing ahead with its new cybersecurity rules that will require cloud service providers and VPN operators to maintain names of their customers and their IP addresses and suggested firms unwilling to comply to pull out of the world's second largest internet market. From a report: The Indian Computer Emergency Response Team clarified on Wednesday that "virtual private server (VPS) providers, cloud service providers, VPN service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers and government organisations" shall follow the directive, called Cyber Security Directions, that requires them to store customers' names, email addresses, IP addresses, know your customer records, financial transactions for a period of five years. The new rules, which were unveiled late last month and go into effect late June, won't be applicable to corporate and enterprise VPNs, the government agency clarified. Several VPN providers have expressed worries about India's new cybersecurity rules. NordVPN, one of the most popular VPN operators, said earlier that it may remove its services from India if "no other options are left." Rajeev Chandrasekhar, the junior IT minister of India, said that VPN providers who wish to conceal who uses their services "will have to pull out."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'Will+Have+To+Pull+Out'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Angry IT Admin Wipes Employer's Databases, Gets 7 Years In Prison

Slashdot - Your Rights Online - Śr, 2022-05-18 00:10
Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data. BleepingComputer reports: Bing allegedly performed the act in June 2018, when he used his administrative privileges and "root" account to access the company's financial system and delete all stored data from two database servers and two application servers. This has resulted in the immediate crippling of large portions of Lianjia's operations, leaving tens of thousands of its employees without salaries for an extended period and forcing a data restoration effort that cost roughly $30,000. The indirect damages from the disruption of the firm's business, though, were far more damaging, as Lianjia operates thousands of offices, employs over 120,000 brokers, owns 51 subsidiaries, and its market value is estimated to be $6 billion.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Fed Chair Says Interest Rates Should Have Gone Up Sooner

Slashdot - Your Rights Online - Wt, 2022-05-17 20:50
Federal Reserve Chair Jerome H. Powell acknowledged in an interview with Marketplace on Thursday that the central bank could have moved faster to raise interest rates and cut inflation, as the central bank comes under increasing scrutiny over whether it waited too long to act on prices. From a report: "If you had perfect hindsight you'd go back, and it probably would have been better for us to have raised rates a little sooner," Powell said in an interview released Thursday with Marketplace's Kai Ryssdal. "I'm not sure how much difference it would have made, but we have to make decisions in real time, based on what we know then, and we did the best we could." Powell's comments mark a sharper sentiment of regret than his past remarks when it comes to whether the Fed should have stepped in sooner. The Fed has faced criticism, primarily from Republicans and some prominent economists, such as Lawrence H. Summers, for delaying interest rate hikes and ending stimulus-era financial supports, which work together to cool off the economy and bring inflation down. Powell, who was confirmed by the Senate for a second term as Fed chair earlier Thursday, lost a handful of votes from lawmakers who said their constituents were suffering too much from high prices on his watch. For much of the last year, the Fed stuck to its message that rising inflation would be "transitory," or temporary, and more limited to pockets of the economy hit hard by the coronavirus pandemic and related shutdowns and supply chain disruptions. At WSJ conference on Tuesday, Powell emphasized his resolve to get inflation down, saying he won't hesitate to back interest rate increases until prices start falling back toward a healthy level. "We'll go to that point. There won't be any hesitation about that," he added.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

White House Slams Bezos Criticism of Biden Tax Comments

Slashdot - Your Rights Online - Wt, 2022-05-17 17:37
The White House slammed Amazon founder Jeff Bezos on Monday after the billionaire accused President Biden of "misdirection" in his comments on inflation and corporate taxes. From a report: Biden tweeted Friday that the wealthiest corporations must "pay their fair share" to help bring down record-high inflation. Biden also recently met with Amazon labor organizers after their union victory. Bezos responded to Biden claiming inflation and corporate taxes aren't related. "Raising corp taxes is fine to discuss. Taming inflation is critical to discuss. Mushing them together is just misdirection," he tweeted. "It doesn't require a huge leap to figure out why one of the wealthiest individuals on Earth opposes an economic agenda for the middle class that cuts some of the biggest costs families face, fights inflation for the long haul, and adds to the historic deficit reduction the President is achieving by asking the richest taxpayers and corporations to pay their fair share," deputy White House press secretary Andrew Bates said in a statement per the Washington Post. "It's also unsurprising that this tweet comes after the President met with labor organizers, including Amazon employees." Bezos fired back shortly after, saying the White House is trying to "muddy the topic." "They know inflation hurts the neediest the most. But unions aren't causing inflation and neither are wealthy people. Remember the Administration tried their best to add another $3.5 TRILLION to federal spending," he tweeted. "They failed, but if they had succeeded, inflation would be even higher than it is today, and inflation today is at a 40 year high."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Judge Rules California Law Requiring Women On Corporate Boards Is Unconstitutional

Slashdot - Your Rights Online - Wt, 2022-05-17 04:02
A Los Angeles judge has ruled that California's landmark law requiring women on corporate boards is unconstitutional. CBS News reports: Superior Court Judge Maureen Duffy-Lewis said the law that would have required boards have up to three female directors by this year violated the right to equal treatment. The ruling was dated Friday. The conservative legal group Judicial Watch had challenged the law, claiming it was illegal to use taxpayer funds to enforce a law that violates the equal protection clause of the California Constitution by mandating a gender-based quota. The state defended the law as constitutional saying it was necessary to reverse a culture of discrimination that favored men and was put in place only after other measures failed. The state also said the law didn't create a quota because boards could add seats for female directors without stripping men of their positions. Although the law carried potential hefty penalties for failing to file an annual report or comply with the law, a chief in the secretary of state's office acknowledged during the trial that it was toothless. The law required publicly held companies headquartered in California to have one member who identifies as a woman on their boards of directors by the end of 2019. By January 2022, boards with five directors were required to have two women and boards with six or more members were required to have three women. The Women on Boards law, also known by its bill number, SB826, called for penalties ranging from $100,000 fines for failing to report board compositions to the California secretary of state's office to $300,000 for multiple failures to have the required number of women board members. Fewer than half the nearly 650 applicable corporations in the state reported last year that they had complied. More than half didn't file the required disclosure statement, according to the most recent report.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Ad-Tech Firms Grab Email Addresses From Forms Before They're Even Submitted

Slashdot - Your Rights Online - Wt, 2022-05-17 00:40
Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers. Some of these firms are said to have also inadvertently grabbed passwords from these forms. The Register reports: In a research paper scheduled to appear at the Usenix '22 security conference later this year, authors Asuman Senol (imec-COSIC, KU Leuven), Gunes Acar (Radboud University), Mathias Humbert (University of Lausanne) and Frederik Zuiderveen Borgesius, (Radboud University) describe how they measured data handling in web forms on the top 100,000 websites, as ranked by research site Tranco. The boffins created their own software to measure email and password data gathering from web forms -- structured web input boxes through which site visitors can enter data and submit it to a local or remote application. Providing information through a web form by pressing the submit button generally indicates the user has consented to provide that information for a specific purpose. But web pages, because they run JavaScript code, can be programmed to respond to events prior to a user pressing a form's submit button. And many companies involved in data gathering and advertising appear to believe that they're entitled to grab the information website visitors enter into forms with scripts before the submit button has been pressed. "Our analyses show that users' email addresses are exfiltrated to tracking, marketing and analytics domains before form submission and without giving consent on 1,844 websites in the EU crawl and 2,950 websites in the US crawl," the researchers state in their paper, noting that the addresses may be unencoded, encoded, compressed, or hashed depending on the vendor involved. Most of the email addresses grabbed were sent to known tracking domains, though the boffins say they identified 41 tracking domains that are not found on any of the popular blocklists. "Furthermore, we find incidental password collection on 52 websites by third-party session replay scripts," the researchers say.pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Gunman Livestreams Killing of 10 On Twitch - After Radicalization On 4chan

Slashdot - Your Rights Online - N, 2022-05-15 05:39
Slashdot reader DevNull127 writes: 10 people were killed in a grocery store in Buffalo, New York this afternoon mdash; and three more were injured mdash; by a gunman who livestreamed the massacre on Twitch. "A Twitch spokesperson said the platform has investigated and confirmed that the stream was removed 'less than two minutes after the violence started,'" reports NBC News. The Raw Story reports that the 18-year-old suspected gunman had also apparently posted a 106-page manifesto online prior to the attack. A researcher at George Washington University program on extremism studied the manifesto, and points out that the suspected shooter "states that he was radicalized online on 4chan and was inspired by Brenton Tarrant's manifesto and livestreamed mass shooting in New Zealand." The suspect reportedly used an assault rifle. Less than two weeks ago, Slashdot posted the following: 28-year-old Brenton Tarrant killed 51 people in New Zealand in 2019. The Associated Press reports that at that point he'd been reading 4chan for 14 years, according to his mother mdash; since the age of 14. The year before, 25-year-old Alek Minassian, who killed 11 people in Toronto in 2018, namechecked 4chan in a pre-attack Facebook post. But the Guardian now adds another a story from nine days ago mdash; when a 23-year-old shooter with 1,000 rounds of ammunition opened fire from his apartment in Washington D.C. "Just two minutes after the shooting began, someone under the username "Raymond Spencer" logged onto the normally-anonymous 4chan and started a new thread titled 'shool [sic] shooting'. The newly published message contained a link mdash; to a 30-second video of images captured from the digital scope of Spencer's rifle...." NBC News reported that while Saturday's suspected shooter was livestreaming, "Some users of the website 4chan discussed the attack, and at least one archived the video in real-time, releasing photos of dead civilians inside the supermarket over the course of Saturday afternoon."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

America's FAA Shifts Gears Slightly on Certifying Future 'Flying Taxi' Pilots

Slashdot - Your Rights Online - So, 2022-05-14 23:42
Flying cars mdash; or even electric flying taxis mdash; are the dream of several well-funded manufacturers building "electric vertical-takeoff and landing aircraft" (or eVTOLs). But will they face stricter government regulations than anticipated? Long-time Slashdot reader wired_parrot reports that America's Federal Aviation Administration has shifted gears mdash; "revising it certification requirements for eVTOLS from small aircraft to a powered-lift category." (The original submission cites a "growing number" of issues for the industry to resolve mdash; and asks whether this raises concerns about the viability of the whole potential eVTOL market.) Meanwhile, AVWeb reports: According to a Reuters report, the impetus for the shift came from an ongoing audit by the U.S. Department of Transportation's Office of the Inspector General. The IG said so-called Urban Air Mobility vehicles present the FAA with "new and complex safety challenges...." In a written response to a request for clarification, an FAA spokesperson told AVweb: "The FAA's top priority is to make sure the flying public is safe. This obligation includes our oversight of the emerging generation of eVTOL vehicles. The agency is pursuing a predictable framework that will better accommodate the need to train and certify the pilots who will operate these novel aircraft. "Our process for certifying the aircraft themselves remains unchanged. All of the development work done by current applicants remains valid and the changes in our regulatory approach should not delay their projects. As this segment of the industry continues to grow, we look forward to certifying innovative new technologies that meet the safety standards that the public expects and deserves."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'s+FAA+Shifts+Gears+Slightly+on+Certifying+Future+'Flying+Taxi'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

House of Representatives To Give Staff Free Peloton Memberships

Slashdot - Your Rights Online - So, 2022-05-14 09:00
schwit1 shares a report: The House of Representatives [...] will provide taxpayer-funded Peloton memberships to all of its staff, costing taxpayers roughly $100,000 per month. The move comes one year after the fitness company set up a lobbying shop in Washington. Memberships to the exercise service, which offers workout classes, will be available to House staff in Washington, D.C., and in district offices, as well as to Capitol police officers, Fox Business reported. The number of people eligible for the fully taxpayer-funded memberships totals roughly 12,300. Under the contract with Peloton, which takes effect May 18, the government will pay the company $10,000 up front and $10 per month for each staffer who chooses to enroll, according to Fox Business. With high participation among House staffers, the monthly cost of the contract for taxpayers could exceed $100,000 per month. [...] In March 2021, Peloton hired an in-house lobbyist and two lobbying firms to influence Congress on issues including "government programming to support health and wellness of Americans."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

ATamp;T Is About To Get Away With Its Bogus $1.99 'Administrative Fee'

Slashdot - Your Rights Online - So, 2022-05-14 03:25
Sean Hollister writes via The Verge: Since 2013, ATamp;T has quietly bilked customers out of hundreds of millions of dollars with a bogus "administrative fee," a fee it more than doubled to $1.99 a month in 2018. For a few years there, a California class-action lawsuit made it seem like ATamp;T might finally get taken to task. But this week, both sides told a judge they'd settle for just $14 million -- meaning customers may get less than 10 percent of what they paid ATamp;T, while ATamp;T gets to keep on charging them. According to the proposed settlement agreement in Vianu v. ATamp;T Mobility -- which still needs to be approved by a judge -- just about every ATamp;T Wireless postpaid customer in California since 2015 will be eligible for an estimated payment of between $15 and $29. But again, that's only a fraction of what ATamp;T's own records show it charged: $180 per customer on average since 2015, according to documents. The settlement "represents a refund of approximately 6-11 months of the average fees," they read. Meanwhile, the lawyers are likely to get $3.5 million. "The estimated payment amount represents a strong result for the Settlement Class, particularly given the substantial risks, costs, and delay of continued litigation," reads the proposed settlement agreement, going on to list all the ways that the lawyers suing ATamp;T believe that ATamp;T might still win the case. [...] Oh, and you won't even get a check in the mail if you're still an ATamp;T customer, assuming this version of the settlement is approved. The money will be credited back to your ATamp;T account, where ATamp;T can dip its hand right back in again for that $1.99 -- or more if it feels emboldened enough to increase the fee yet again. (Admittedly, the ATamp;T account could be a more reliable way to make sure customers get money back.) The settlement websites can be found here. An ATamp;T spokesperson issued the following response: "We deny the allegations in this lawsuit because we clearly disclose all fees that are charged to our customers. However, we have decided to settle this case to avoid lengthy, expensive litigation."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'Administrative+Fee'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Ex-eBay Exec Pleads Guilty To Terrorizing Couple With Spiders, Funeral Wreaths

Slashdot - Your Rights Online - So, 2022-05-14 02:02
An anonymous reader quotes a report from The Guardian: A former eBay executive pleaded guilty on Thursday to participating in a scheme to terrorize the creators of an online newsletter that included the delivery of live spiders and other disturbing items to their home. David Harville, eBay's former director of global resiliency, is the final onetime eBay employee charged in the case to plead guilty. Six others have admitted to their roles in the harassment campaign targeting a Massachusetts couple who publish the newsletter EcommerceBytes, which eBay executives viewed as critical of the company. The scheme included sending items like a box of live cockroaches, a funeral wreath and books about surviving the loss of a spouse to the couple's home with the hopes of getting them to stop publishing negative articles about the company, prosecutors say. eBay employees also set up fake social media accounts to send threatening messages to the couple and posted the couple's home address online. Harville and others were charged in June 2020 over the plot, which authorities say was orchestrated by members of eBay's executive leadership team after the newsletter published an article about a lawsuit filed by eBay accusing Amazon of poaching its sellers, authorities said. Another former executive who pleaded guilty last month, James Baugh, held meetings to coordinate the harassment campaign and directed Harville to go with him to Boston to spy on the couple, prosecutors say.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Startup Raises $17 Million To Develop Smart Gun

Slashdot - Your Rights Online - So, 2022-05-14 01:20
Biofire Technologies has raised $17 million in seed funding to further develop its smart gun, which uses a fingerprint sensor to unlock the trigger. Axios reports: Biofire's guns only can be fired by authorized users, which should exclude kids or teens from using guns that their parents didn't secure. Even if you're someone who decries firearms proliferation and supports stricter gun control, this is an innovation that should be welcomed. "I see firearm ownership continuing to be part of American culture for the foreseeable future," says Biofire founder and CEO Kai Kloepfer. "This issue has become so politicized that really nothing is being done, even for things that shouldn't be political in any way, like kids getting hold of guns ... A smart gun isn't a cure-all, but we do think that we can have an immediate and substantial impact." Kloepfer, who dropped out of MIT to pursue Biofire, adds that the gun is being beta tested with law enforcement and firearms experts, and that it doesn't have any RFID or other wireless capabilities that could turn off prospective buyers A recent Morning Consult poll found that 55% of current gunowners would be comfortable using a smart gun.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

EU Governments, Lawmakers Agree on Tougher Cybersecurity Rules for Key Sectors

Slashdot - Your Rights Online - Pt, 2022-05-13 18:02
EU countries and lawmakers agreed on Friday to tougher cybersecurity rules for large energy, transport and financial firms, digital providers and medical device makers amid concerns about cyber attacks by state actors and other malicious players. From a report: The European Commission two years ago proposed rules on the cybersecurity of network and information systems called NIS 2 Directive, in effect expanding the scope of the current rule known as NIS Directive. The new rules cover all medium and large companies in essential sectors - energy, transport, banking, financial market infrastructure, health, vaccines and medical devices, drinking water, waste water, digital infrastructure, public administration and space. All medium and large firms in postal and courier services, waste management, chemicals, food manufacturing, medical devices, computers and electronics, machinery equipment, motor vehicles, and digital providers such as online market places, online search engines, and social networking service platforms will also fall under the rules.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Report: 'Carbon Bombs' Are Poised To Screw Us Over Big Time

Slashdot - Your Rights Online - Pt, 2022-05-13 05:30
An anonymous reader quotes a report from Gizmodo: Oil and gas companies are gearing up to invest in so many new projects that they'll blow away potential progress to mitigate emissions and stop worst-case climate scenarios, says a new investigation from the Guardian. Why describe them as bombs? If completed, these projects would push climate change well past the 1.5-degree Celsius warming target that the Paris Agreement has set for the world. These projects would literally blow through our carbon budget, the Guardian reports. But how will this be financed? Oil prices are currently sky high at the pump, and the two largest petroleum companies in the U.S. -- Chevron and ExxonMobil -- have raked in record profits. That means that large fossil fuel companies can bet on expansion projects that could dish even bigger payouts, the Guardian found. [...] The Guardian's investigation found that about 60% of these projects are already pumping, and Canada, Australia, and the U.S. are among the nations with the biggest fossil fuel project expansion plans. The commitment to these projects is pretty clear. Large companies, including Shell, Chevron, BP, PetroChina, and Total Energies, are set to spend over $100 million a day for the rest of this decade on creating projects in new oil and gas fields. This is despite the fact that we might be on track to meet 1.5 degrees of warming in the next four years. In an editorial follow-up to their investigation, the Guardian says "governments much find ways to promote the long-term health of the planet over short-term profit." They added: "There is no alternative but to force companies to write off the most dangerous investments."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'Carbon+Bombs'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

US Secretly Issued Subpoena To Access Reporter's Phone Records

Slashdot - Your Rights Online - Pt, 2022-05-13 04:10
The US justice department secretly issued a subpoena to gain access to details of the phone account of a Guardian reporter as part of an aggressive leak investigation into media stories about an official inquiry into the Trump administration's child separation policy at the southern border. From a report: Leak investigators issued the subpoena to obtain the phone number of Stephanie Kirchgaessner, the Guardian's investigations correspondent in Washington. The move was carried out without notifying the newspaper or its reporter, as part of an attempt to ferret out the source of media articles about a review into family separation conducted by the Department of Justice's inspector general, Michael Horowitz. It is highly unusual for US government officials to obtain a journalist's phone details in this way, especially when no national security or classified information is involved. The move was all the more surprising in that it came from the DoJ's inspector general's office -- the watchdog responsible for ethical oversight and whistleblower protections. Katharine Viner, the Guardian's editor-in-chief, decried the action as "an egregious example of infringement on press freedom and public interest journalism by the US Department of Justice."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

FBI Told Israel It Wanted Pegasus Hacking Tool For Investigations

Slashdot - Your Rights Online - Pt, 2022-05-13 02:10
The F.B.I. informed the Israeli government in a 2018 letter that it had purchased Pegasus, the notorious hacking tool, to collect data from mobile phones to aid ongoing investigations, the clearest documentary evidence to date that the bureau weighed using the spyware as a tool of law enforcement. The New York Times reports: The F.B.I.'s description of its intended use of Pegasus came in a letter from a top F.B.I. official to Israel's Ministry of Defense that was reviewed by The New York Times. Pegasus is produced by an Israeli firm, NSO Group, which needs to gain approval from the Israeli government before it can sell the hacking tool to a foreign government. The 2018 letter, written by an official in the F.B.I.'s operational technology division, stated that the bureau intended to use Pegasus "for the collection of data from mobile devices for the prevention and investigation of crimes and terrorism, in compliance with privacy and national security laws." The Times revealed in January that the F.B.I. had purchased Pegasus in 2018 and, over the next two years, tested the spyware at a secret facility in New Jersey. Since the article's publication, F.B.I. officials have acknowledged that they considered deploying Pegasus but have emphasized that the bureau bought the spying tool mainly to test and evaluate it -- partly to assess how adversaries might use it. They said the bureau never used the spyware in any operation.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

Anonymous Social Media App Yik Yak Exposed Users' Precise Locations

Slashdot - Your Rights Online - Pt, 2022-05-13 00:50
An anonymous reader quotes a report from Motherboard: The anonymous message board app Yik Yak is designed in a way that it is possible to get the precise location of a user's post, and see users' unique IDs, potentially allowing someone to dox and stalk users, according to a researcher. Yik Yak is an anonymous social media network popular primarily on college campuses. It was launched in 2013. The app shut down completely in 2017, after it was accused of being a platform used to harass and cyberbully students, and even to post bomb threats. These allegations have followed the app since its very beginning. In 2014, the company blocked access to middle school and high school students because of reports of threats of violence and bullying. The app came back last year, a comeback no one was really asking for, as my colleague Gita Jackson pointed out at the time. Yik Yak does have so-called "community guardrails" to "to ensure everyone feels welcomed and stays safe." But students are still reporting the same old problems. In April, David Teather, a computer science student, analyzed what kind of data Yik Yak exposes by intercepting data sent and received by his Yik Yak app using a free and open source tool called mitmproxy and by writing "code that pretended to be the Yik Yak app to extract information from it." By doing that, he realized that Yik Yak sent the precise GPS coordinates of every post to his app, as well as a user's unique ID -- nrCi213RA3SncY6mVLZzuGUIJ2T2 for example -- which could have allowed him to track users' posts by looking at where they posted over time, opening up the possibility to de-anonymize and stalk users, according to a blog post he published this week. Teather demonstrated the flaw in a video call to Motherboard, showing a post in his area, and its GPS coordinates. After Teather alerted Yik Yak of this flaw on April 11, the company made some changes and pushed out new versions of the app on April 28, May 9, and May 10. Teather told Yik Yak that he was planning to publish his research on May 9, according to email correspondence that he shared with Motherboard. After Yik Yak pushed the new updated apps, the privacy issues are only partially fixed, according to Teather. Teather said that as of today, on the app's latest version, Yik Yak does not expose GPS locations, and the app doesn't display a user's unique ID when intercepting data the same way he did in April. But, Teather told Motherboard that he is still able to recover both coordinates and user ID by analyzing the app's API from previous app versions. What's worse, the app now shows the distance, in feet, between a user and other users' posts, according to Teather and Zach Edwards, an independent privacy researcher who analyzed the Yik Yak app for Motherboard. "Since the distance is in feet though it should be still possible to triangulate a particular user/post by changing your location until you can figure that out," Teather told Motherboard. Edwards added: "you can still probably dox someone by merely spoofing your own location and recording the number of feet from the person posting."pdiv class="share_submission" style="position:relative;" a class="slashpop" href="'"img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

DEA Investigating Breach of Law Enforcement Data Portal

Slashdot - Your Rights Online - Cz, 2022-05-12 22:50
An anonymous reader quotes a report from KrebsOnSecurity: The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of, which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA. According to this page at the Justice Department website, LEIA "provides federated search capabilities for both EPIC and external database repositories," including data classified as "law enforcement sensitive" and "mission sensitive" to the DEA. A document published by the Obama administration in May 2016 (PDF) says the DEA's El Paso Intelligence Center (EPIC) systems in Texas are available for use by federal, state, local and tribal law enforcement, as well as the Department of Defense and intelligence community. EPIC and LEIA also have access to the DEA's National Seizure System (NSS), which the DEA uses to identify property thought to have been purchased with the proceeds of criminal activity (think fancy cars, boats and homes seized from drug kingpins). The screenshots shared with this author indicate the hackers could use EPIC to look up a variety of records, including those for motor vehicles, boats, firearms, aircraft, and even drones. From the standpoint of individuals involved in filing these phony EDRs, access to databases and user accounts within the Department of Justice would be a major coup. But the data in EPIC would probably be far more valuable to organized crime rings or drug cartels, said Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley. Weaver said it's clear from the screenshots shared by the hackers that they could use their access not only to view sensitive information, but also submit false records to law enforcement and intelligence agency databases. "I don't think these [people] realize what they got, how much money the cartels would pay for access to this," Weaver said. "Especially because as a cartel you don't search for yourself you search for your enemies, so that even if it's discovered there is no loss to you of putting things ONTO the DEA's radar."pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p

US Cities Are Backing Off Banning Facial Recognition as Crime Rises

Slashdot - Your Rights Online - Cz, 2022-05-12 19:27
Facial recognition is making a comeback in the United States as bans to thwart the technology and curb racial bias in policing come under threat amid a surge in crime and increased lobbying from developers. From a report: Virginia in July will eliminate its prohibition on local police use of facial recognition a year after approving it, and California and the city of New Orleans as soon as this month could be next to hit the undo button. Homicide reports in New Orleans rose 67% over the last two years compared with the pair before, and police say they need every possible tool. "Technology is needed to solve these crimes and to hold individuals accountable," police Superintendent Shaun Ferguson told reporters as he called on the city council to repeal a ban that went into effect last year.pdiv class="share_submission" style="position:relative;" a class="slashpop" href=""img src=""/a a class="slashpop" href=""img src=""/a /div/ppa href=";utm_medium=feed"Read more of this story/a at Slashdot./p