aggregator

Security Analyst Concludes Windows 10 Enterprise 'Tracks Too Much'

Slashdot - Your Rights Online - 13 godzin 6 min ago
A viral Twitter rant about Windows 10 Enterprise supposedly ignoring users' privacy settings has since been clarified. "I made mistakes on my original testing and therefore saw more connections than I should have," writes IT security analyst Mark Burnett, "including some to Google ads." But his qualified results -- quoted below -- are still critical of Microsoft: You can cut back even more using the Windows Restricted Traffic Limited Functionality Baseline but break many things.Settings can be set wrong if you aren't paying attention. Also, settings are not consistent and can be confusing to beginners.You are opted-in to just about everything by default and have to set hundreds of settings to opt out, even on an Enterprise Windows system. Sometimes multiple settings for the same feature. Most Microsoft documentation discourages opting out and warns of a less optimal experience... But you can't completely opt-out. Windows still tracks too much.Home and Professional users are much worse off due to limitations of some settings and lack of an IT staff... I'm not saying ditch Windows. I'm saying let's fix this. If we can't fix it, then we ditch Windows.

Read more of this story at Slashdot.

The Lawyer Who Founded Prenda Law Just Got Disbarred

Slashdot - Your Rights Online - So, 2017-05-27 22:44
Long-time Slashdot reader lactose99 writes: One of the original copyright trolls finally got their comeuppance. From TFA: "John L. Steele, a Chicago lawyer who pled guilty to perjury, fraud and money laundering resulting from alleged 'honeypot' schemes, has just been disbarred by an Illinois court." John L. Steele, as you may know, is one of the principals of Prenda Law, a notorious copyright troll who has been featured on /. several times. The article goes on to describe how the Prenda lawyers used honeypot-like tactics to trick people into downloads and then subsequently scammed them for copyright violations. Their operation brought in $6 million in settlement fees, reports Engadget, adding "While it is illegal to download copyrighted files from file-sharing sites, it is also against the law to extort downloaders."

Read more of this story at Slashdot.

Investigation Demanded Over Fake FCC Comments Submitted By Dead People

Slashdot - Your Rights Online - So, 2017-05-27 16:34
An anonymous reader writes: Fight for the Future has found another issue with the fake comments submitted to the FCC opposing net neutrality. "The campaign group says that some of the comments were posted using the names and details of dead people," according to the BBC. The exact same comment was also submitted more than 7,000 times using addresses in Colorado, where a reporter discovered that contacting the people at those addresses drew reactions which included "I have never seen this before in my life" and "No, I did not post this comment. In fact, I disagree with this comment." Fight for the Future also knocked on doors in Tampa, Florida, where the few people who answered "were shocked to hear that their name and address were publicly listed alongside a political message they did not necessarily understand or agree with." An alleged commenter in Montana told a reporter she didn't even know what net neutrality was. 14 people have already signed Fight for the Future's official complaint to the FCC, which calls for notification of all people affected, an investigation, and the immediate removal of all fake comments from the public docket. "Based on numerous media reports, nearly half a million Americans may have been impacted by whoever impersonated us," states the letter, "in a dishonest and deceitful campaign to manufacture false support for your plan to repeal net neutrality protections." Fight for the Future says they've already verified "dozens" of instance of real people discovering a fake comment was submitted in their name -- and that in addition, more than 2,400 people have already used their site to contact their state Attorneys General demanding an investigation. They note the FCC has taken no steps to remove the fake comments from its docket, "risking the safety and privacy of potentially hundreds of thousands of people," while a campaign director at Fight for the Future added, "For the FCC's process to have any legitimacy, they simply cannot move forward until an investigation has been conducted."

Read more of this story at Slashdot.

Hackers Have Targeted Both the Trump Organization And Democrat Election Data

Slashdot - Your Rights Online - So, 2017-05-27 09:00
An anonymous reader writes: Two recent news stories give new prominence to politically-motivated data breaches. Friday the Wall Street Journal reported that last year Guccifer 2.0 sent 2.5 gigabytes of Democratic Congressional Campaign Committee election data to a Republican operative in Florida, including their critical voter turnout projections. At the same time ABC News is reporting that the FBI is investigating "an attempted overseas cyberattack against the Trump Organization," adding that such an attack would make his network a high priority for government monitoring. "In the course of its investigation," they add, "the FBI could get access to the Trump Organization's computer network, meaning FBI agents could possibly find records connected to other investigations." A senior FBI official (now retired) concedes to ABC that "There could be stuff in there that they [the Trump organization] do not want to become part of a separate criminal investigation." It seems like everyone's talking about the privacy of their communications. Tonight the Washington Post writes that Trump's son-in-law/senior advisor Jared Kushner "discussed the possibility of setting up a secret and secure communications channel between Trump's transition team and the Kremlin, using Russian diplomatic facilities in an apparent move to shield their pre-inauguration discussions from monitoring, according to U.S. officials briefed on intelligence reports." And Friday Hillary Clinton was even quoted as saying, "I would have won had I not been subjected to the unprecedented attacks by Comey and the Russians..."

Read more of this story at Slashdot.

Hackers Have Targetted Both the Trump Organization And Democrat Election Data

Slashdot - Your Rights Online - So, 2017-05-27 09:00
An anonymous reader writes: Two recent news stories give new prominence to politically-motivated data breaches. Friday the Wall Street Journal reported that last year Guccifer 2.0 sent 2.5 gigabytes of Democratic Congressional Campaign Committee election data to a Republican operative in Florida, including their critical voter turnout projections. At the same time ABC News is reporting that the FBI is investigating "an attempted overseas cyberattack against the Trump Organization," adding that such an attack would make his network a high priority for government monitoring. "In the course of its investigation," they add, "the FBI could get access to the Trump Organization's computer network, meaning FBI agents could possibly find records connected to other investigations." A senior FBI official (now retired) concedes to ABC that "There could be stuff in there that they [the Trump organization] do not want to become part of a separate criminal investigation." It seems like everyone's talking about the privacy of their communications. Tonight the Washington Post writes that Trump's son-in-law/senior advisor Jared Kushner "discussed the possibility of setting up a secret and secure communications channel between Trump's transition team and the Kremlin, using Russian diplomatic facilities in an apparent move to shield their pre-inauguration discussions from monitoring, according to U.S. officials briefed on intelligence reports." And Friday Hillary Clinton was even quoted as saying, "I would have won had I not been subjected to the unprecedented attacks by Comey and the Russians..."

Read more of this story at Slashdot.

10 Years Later: FileZilla Adds Support For Master Password That Encrypts Your Logins

Slashdot - Your Rights Online - So, 2017-05-27 03:25
An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.

Read more of this story at Slashdot.

Facebook Bans Sale of Piracy-Enabling Set-Top Boxes

Slashdot - Your Rights Online - So, 2017-05-27 02:45
Lirodon quotes a report from Variety: Facebook has joined the fight against illegal video-streaming devices. The social behemoth recently added a new category to products it prohibits users to sell under its commerce policy: Products or items that "facilitate or encourage unauthorized access to digital media." The change in Facebook's policy, previously reported by The Drum, appears primarily aimed at blocking the sale of Kodi-based devices loaded with software that allows unauthorized, free access to piracy-streaming services. Kodi is free, open-source media player software. The app has grown popular among pirates, who modify the code with third-party add-ons for illegal streaming. Even with the ban officially in place, numerous "jail-broken" Kodi-enabled devices remain listed in Facebook's Marketplace section, indicating that the company has yet to fully enforce the new ban. A Facebook rep confirmed the policy went into effect earlier this month. In addition, the company updated its advertising policy to explicitly ban ads for illegal streaming services and devices.

Read more of this story at Slashdot.

Two Different Studies Find Thousands of Bugs In Pacemakers, Insulin Pumps and Other Medical Devices

Slashdot - Your Rights Online - So, 2017-05-27 02:05
Two studies are warning of thousands of vulnerabilities found in pacemakers, insulin pumps and other medical devices. "One study solely on pacemakers found more than 8,000 known vulnerabilities in code inside the cardiac devices," reports BBC. "The other study of the broader device market found only 17% of manufacturers had taken steps to secure gadgets." From the report: The report on pacemakers looked at a range of implantable devices from four manufacturers as well as the "ecosystem" of other equipment used to monitor and manage them. Researcher Billy Rios and Dr Jonathan Butts from security company Whitescope said their study showed the "serious challenges" pacemaker manufacturers faced in trying to keep devices patched and free from bugs that attackers could exploit. They found that few of the manufacturers encrypted or otherwise protected data on a device or when it was being transferred to monitoring systems. Also, none was protected with the most basic login name and password systems or checked that devices they were connecting to were authentic. Often, wrote Mr Rios, the small size and low computing power of internal devices made it hard to apply security standards that helped keep other devices safe. In a longer paper, the pair said device makers had work to do more to "protect against potential system compromises that may have implications to patient care." The separate study that quizzed manufacturers, hospitals and health organizations about the equipment they used when treating patients found that 80% said devices were hard to secure. Bugs in code, lack of knowledge about how to write secure code and time pressures made many devices vulnerable to attack, suggested the study.

Read more of this story at Slashdot.

Chipotle Says 'Most' of Its Restaurants Were Infected With Credit Card Stealing Malware

Slashdot - Your Rights Online - So, 2017-05-27 00:00
Earlier this year, Chipotle announced that the their payment processing system was hacked. Today, the company has released more information about the hack, identifying the malware that was responsible and releasing a new tool to help customers check whether the restaurant they visited was involved. The company did not say how many restaurants were affected, but it did tell The Verge that "most" locations nationwide may have been involved. The Verge reports: "The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device," Chipotle said in a statement. "There is no indication that other customer information was affected." We browsed through the tool and found that every state Chipotle operates in had restaurants that were breached, including most major cities. The restaurants were vulnerable in various time frames between March 24th and April 18th, 2017. Chipotle also operates another chain called Pizzeria Locale, which was affected by the hack as well. (The list of identified restaurants can be found here, which includes locations in Kansas, Missouri, Colorado, and Ohio.) Chipotle noted that not all locations have been identified, but it's a starting guide to check whether your visit lines up with the breached period.

Read more of this story at Slashdot.

Sean Parker Is Going To Great Lengths To Ensure 'Screening Room' Is Piracy Free, Patents Reveal

Slashdot - Your Rights Online - Pt, 2017-05-26 22:40
Napster co-founder Sean Parker has been working on his new service called Screening Room, which when becomes reality, could allow people to watch the latest Hollywood blockbusters in their living room as soon as they premiere at the box office. This week we get a glimpse at the kind of technologies Parker is using to ensure that the movies don't get distributed easily. From a report: Over the past several weeks, Screening Room Media, Inc. has submitted no less than eight patent applications related to its plans, all with some sort of anti-piracy angle. For example, a patent titled "Presenting Sonic Signals to Prevent Digital Content Misuse" describes a technology where acoustic signals are regularly sent to mobile devices, to confirm that the user is near the set-top box and is authorized to play the content. Similarly, the "Monitoring Nearby Mobile Computing Devices to Prevent Digital Content Misuse" patent, describes a system that detects the number of mobile devices near the client-side device, to make sure that too many people aren't tuning in. The general technology outlined in the patents also includes forensic watermarking and a "P2P polluter." The watermarking technology can be used to detect when pirated content spreads outside of the protected network onto the public Internet. "At this point, the member's movie accessing system will be shut off and quarantined. If the abuse or illicit activity is confirmed, the member and the household will be banned from the content distribution network," the patent reads. [...] Screening Room's system also comes with a wide range of other anti-piracy scans built in. Among other things, it regularly scans the Wi-Fi network to see which devices are connected, and Bluetooth is used to check what other devices are near.

Read more of this story at Slashdot.

Disney Chief Bob Iger Doesn't Believe Movie Hack Threat Was Real

Slashdot - Your Rights Online - Pt, 2017-05-26 19:20
You may remember Disney's boss revealing that hackers had threatened to leak one of the studio's new films unless it paid a ransom. Bob Iger didn't name the film, but it was thought to be "Pirates of the Caribbean: Dead Men Tell No Tales." But now Iger says: "To our knowledge we were not hacked." From a report: Disney chairman-CEO Bob Iger confirmed Thursday that a hacker claiming to have stolen an upcoming Disney movie and demanding a ransom didn't appear to have the goods. "To our knowledge we were not hacked," Iger told Yahoo Finance. "We had a threat of a hack of a movie being stolen. We decided to take it seriously but not react in the manner in which the person who was threatening us had required." Iger continued, "We don't believe that it was real and nothing has happened." On May 15, as first reported by The Hollywood Reporter, Iger told ABC employees at a town hall meeting in New York that someone claiming to have stolen an upcoming movie would release the film on the internet unless the company paid a ransom. Iger told staff that the studio wouldn't meet any such demands.

Read more of this story at Slashdot.

Major US Tech Firms Press Congress For Internet Surveillance Reforms

Slashdot - Your Rights Online - Pt, 2017-05-26 18:40
Dustin Volz, reporting for Reuters: Facebook, Amazon and more than two dozen other U.S. technology companies pressed Congress on Friday to make changes to a broad internet surveillance law, saying they were necessary to improve privacy protections and increase government transparency. The request marks the first significant public effort by Silicon Valley to wade into what is expected to be a contentious debate later the year over the Foreign Intelligence Surveillance Act, parts of which will expire on Dec. 31 unless Congress reauthorizes them. Of particular concern to the technology industry and privacy advocates is Section 702, which allows U.S. intelligence agencies to vacuum up vast amounts of communications from foreigners but also incidentally collects some data belonging to Americans that can be searched by analysts without a warrant.

Read more of this story at Slashdot.

Proposed Active-Defense Bill Would Allow Destruction of Data, Use of Beacon Tech

Slashdot - Your Rights Online - Pt, 2017-05-26 00:40
Trailrunner7 quotes a report from On the Wire: A bill that would allow victims of cybercrime to use active defense techniques to stop attacks and identify attackers has been amended to require victims to notify the FBI of their actions and also add an exemption to allow victims to destroy their data once they locate it on an attacker's machine. The Active Cyber Defense Certainty Act, drafted by Rep. Tom Graves (R-Ga.) in March, is designed to enable people who have been targets of cybercrime to employ certain specific techniques to trace the attack and identify the attacker. The bill defines active cyber defense as "any measure -- (I) undertaken by, or at the direction of, a victim"; and "(II) consisting of accessing without authorization the computer of the attacker to the victim" own network to gather information in order to establish attribution of criminal activity to share with law enforcement or to disrupt continued unauthorized activity against the victim's own network." After releasing an initial draft of the bill in March, Rep. Tom Graves held a public event in Georgia to collect feedback on the legislation. Based on that event and other feedback, Graves made several changes to the bill, including the addition of the notification of law enforcement and an exception in the Computer Fraud and Abuse Act for victims who use so-called beaconing technology to identify an attacker. "The provisions of this section shall not apply with respect to the use of attributional technology in regard to a defender who uses a program, code, or command for attributional purposes that beacons or returns locational or attributional data in response to a cyber intrusion in order to identify the source of the intrusion," the bill says.

Read more of this story at Slashdot.

83 Percent Of Security Staff Waste Time Fixing Other IT Problems

Slashdot - Your Rights Online - Cz, 2017-05-25 23:20
An anonymous reader shares a report: A new survey of security professionals reveals that 83 percent say colleagues in other departments turn to them to fix personal computer problems. The study by security management company FireMon shows a further 80 percent say this is taking up more than an hour of their working week, which in a year could equate to more than $88,000. For organizations, eight percent of professionals surveyed helping colleagues out five hours a week or more could be costing over $400,000. Organizations are potentially paying qualified security professionals salaries upwards of $100,000 a year and seeing up to 12.5 percent of that investment being spent on non-security related activities.

Read more of this story at Slashdot.

Egypt Blocks 21 Websites For 'Terrorism' And 'Fake News'

Slashdot - Your Rights Online - Cz, 2017-05-25 20:40
Ahmed Aboulenein, reporting for Reuters: Egypt has banned 21 websites, including the main website of Qatar-based Al Jazeera television and prominent local independent news site Mada Masr, accusing them of supporting terrorism and spreading false news. The blockade is notable in scope and for being the first publicly recognized by the government. It was heavily criticized by journalists and rights groups. The state news agency announced it late on Wednesday. Individual websites had been inaccessible in the past but there was never any official admission. Reuters found the websites named by local media and were inaccessible. The move follows similar actions taken on Wednesday by Egypt's Gulf allies Saudi Arabia and the United Arab Emirates, which blocked Al Jazeera and other websites after a dispute with Qatar. From a separate report: "This is not the typical Egyptian regime attitude," Lina Attalah, the editor-in-chief of Mada Masr told BuzzFeed News in an interview in Cairo. "We are used to facing troubles with the regime since we have always chosen to write the stories they don't like to hear. We are used to being arrested or have cases filed against us, but blocking us is a new thing." Mada Masr, since its founding in 2013, has regularly published critical stories of the regime in both English and Arabic.

Read more of this story at Slashdot.

US Intelligence Community Has Lost Credibility Due To Leaks

Slashdot - Your Rights Online - Cz, 2017-05-25 16:40
Two anonymous readers and Mi share an article: U.K. police investigating the Manchester terror attack say they have stopped sharing information with the U.S. after a series of leaks that have so angered the British government that Prime Minister Therese May wants to discuss them with President Donald Trump during a North Atlantic Treaty Organization meeting in Brussels. What can Trump tell her, though? The leaks drive him nuts, too. Since the beginning of this century, the U.S. intelligence services and their clients have acted as if they wanted the world to know they couldn't guarantee the confidentiality of any information that falls into their hands. At this point, the culture of leaks is not just a menace to intelligence-sharing allies. It's a threat to the intelligence community's credibility. [...] If this history has taught the U.S. intelligence community anything, it's that leaking classified information isn't particularly dangerous and those who do it largely enjoy impunity. Manning spent seven years in prison (though she'd been sentenced to 35), but Snowden, Assange, Petraeus, the unknown Chinese mole, the people who stole the hacking tools and the army of recent anonymous leakers, many of whom probably still work for U.S. intelligence agencies, have escaped any kind of meaningful punishment. President Donald Trump has just now announced that the administration would "get to the bottom" of leaks. In a statement, he said: "The alleged leaks coming out of government agencies are deeply troubling. These leaks have been going on for a long time and my Administration will get to the bottom of this. The leaks of sensitive information pose a grave threat to our national security. I am asking the Department of Justice and other relevant agencies to launch a complete review of this matter, and if appropriate, the culprit should be prosecuted to the fullest extent of the law. There is no relationship we cherish more than the Special Relationship between the United States and the United Kingdom.

Read more of this story at Slashdot.

How Facebook Flouts Holocaust Denial Laws Except Where It Fears Being Sued

Slashdot - Your Rights Online - Cz, 2017-05-25 15:00
An anonymous reader quotes a report from The Guardian: Facebook's policies on Holocaust denial will come under fresh scrutiny following the leak of documents that show moderators are being told not to remove this content in most of the countries where it is illegal. The files explain that moderators should take down Holocaust denial material in only four of the 14 countries where it is outlawed. One document says the company "does not welcome local law that stands as an obstacle to an open and connected world" and will only consider blocking or hiding Holocaust denial messages and photographs if "we face the risk of getting blocked in a country or a legal risk." A picture of a concentration camp with the caption "Never again Believe the Lies" was permissible if posted anywhere other than the four countries in which Facebook fears legal action, one document explains. Facebook contested the figures but declined to elaborate. Documents show Facebook has told moderators to remove dehumanizing speech or any "calls for violence" against refugees. Content "that says migrants should face a firing squad or compares them to animals, criminals or filth" also violate its guidelines. But it adds: "As a quasi-protected category, they will not have the full protections of our hate speech policy because we want to allow people to have broad discussions on migrants and immigration which is a hot topic in upcoming elections." The definitions are set out in training manuals provided by Facebook to the teams of moderators who review material that has been flagged by users of the social media service. The documents explain the rules and guidelines the company applies to hate speech and "locally illegal content," with particular reference to Holocaust denial. One 16-page training manual explains Facebook will only hide or remove Holocaust denial content in four countries -- France, Germany, Israel and Austria. The document says this is not on grounds of taste, but because the company fears it might get sued.

Read more of this story at Slashdot.

8 In 10 People Now See Climate Change As a 'Catastrophic Risk,' Says Survey

Slashdot - Your Rights Online - Cz, 2017-05-25 12:00
An anonymous reader quotes a report from the Thomas Reuters Foundation: Nearly nine in 10 people say they are ready to make changes to their standard of living if it would prevent future climate catastrophe, a survey on global threats found Wednesday. The survey of more than 8,000 people in eight countries -- the United States, China, India, Britain, Australia, Brazil, South Africa and Germany -- found that 84 percent of people now consider climate change a "global catastrophic risk." That puts worry about climate change only slightly behind fears about large-scale environmental damage and the threat of politically motivated violence escalating into war, according to the Global Challenges Foundation, which commissioned the Global Catastrophic Risks 2017 report. The survey, released in advance of this week's G7 summit of advanced economies in Italy, also found that 85 percent of people think the United Nations needs reforms to be better equipped to address global threats. About 70 percent of those surveyed said they think it may be time to create a new global organization -- with power to enforce its decisions -- specifically designed to deal with a wide range of global risks. Nearly 60 percent said they would be prepared to have their country give up some level of sovereignty to make that happen.

Read more of this story at Slashdot.

Boeing Will Make the Military's New Hypersonic Spaceplane

Slashdot - Your Rights Online - Cz, 2017-05-25 09:00
The Department of Defense has selected Boeing to make a new hypersonic spaceplane that can be reused frequently over a short period of time to deliver multiple satellites into orbit. "DARPA, the agency that tests new advanced technologies for the military, has picked Boeing's design concept, called the Phantom Express, to move forward as part of the agency's Experimental Spaceplane (XS-1) program," reports The Verge. From the report: The goal of DARPA's XS-1 program is to create a spacecraft that's something of a hybrid between an airplane and a traditional vertical rocket. The spaceplane is meant to take off vertically and fly uncrewed to high altitudes above Earth. From there, the vehicle will release a mini-rocket -- a booster with an engine that can propel a satellite weighing up to 3,000 pounds into orbit. As the booster deploys the satellite, the spaceplane will then land back on Earth horizontally just like a normal airplane -- and then be fueled up for its next mission. DARPA wants the turnaround time between flights to last just a few hours. But perhaps the most audacious goal is the price DARPA wants for each flight. The agency is aiming for the spaceplane to cost $5 million per mission, a significant bargain considering most orbital rockets cost tens to hundreds of millions of dollars to launch. And Boeing says it's up to the task. "Phantom Express is designed to disrupt and transform the satellite launch process as we know it today, creating a new, on-demand space-launch capability that can be achieved more affordably and with less risk," Darryl Davis, president of Boeing Phantom Works, said in a statement.

Read more of this story at Slashdot.

Manchester Attack Could Lead To Internet Crackdown

Slashdot - Your Rights Online - Cz, 2017-05-25 05:30
New submitter boundary writes: The UK government looks to be about to put the most egregious parts of the Investigative Powers Act into force "soon after the election" (which is in a couple of weeks) in the wake of the recent bombing in Manchester. "Technical Capability Orders" require tech companies to break their own security. I wonder who'll comply? The Independent reports: "Government will ask parliament to allow the use of those powers if Theresa May is re-elected, senior ministers told The Sun. 'We will do this as soon as we can after the election, as long as we get back in,' The Sun said it was told by a government minister. 'The level of threat clearly proves there is no more time to waste now. The social media companies have been laughing in our faces for too long.'"

Read more of this story at Slashdot.