aggregator

Billionaire CEO of Software Company Indicted For Alleged $2 Billion Tax Evasion Schemes

Slashdot - Your Rights Online - So, 2020-10-17 02:50
The billionaire chief executive of Ohio-based Reynolds and Reynolds Co, Robert Brockman, has been indicted on charges of tax evasion and wire fraud conducted over "decades." ZDNet reports: The scheme, in which roughly $2 billion was hidden away in offshore accounts and through money laundering, took place between 1999 and 2019, the US Department of Justice (DoJ) said on Thursday. According to the indictment (.PDF), the resident of both Houston, Texas, and Pitkin County, Colorado allegedly used a "web" of offshore organizations in Bermuda and Nevis to hide the profits he made from investments in private equity funds. Brockman squirreled away his capital gains and also tampered with the evidence of his alleged activities, prosecutors say, by methods including backdating records and using "encrypted communications and code words" to communicate with co-conspirators, including the phrases "Permit," "King," and "Redfish." A ranch, luxury home, and yacht were among the purchases apparently made with non-taxed income. US prosecutors also say that between 2008 and 2010, Brockman used a third-party entity to purchase $67.8 million in debt securities from the software company. As CEO, the executive is not permitted to do so without full disclosure as it can have an impact on share prices and trading; however, Brockman allegedly did so without informing sellers. As a result, approximately $2 billion in income was kept hidden from the US Internal Revenue Service (IRS). In addition, US prosecutors allege that investors in the software firm's debt securities were also defrauded. A federal grand jury in San Francisco, California has issued a 39-count indictment, including seven counts of tax evasion, 20 counts of wire fraud, money laundering, evidence tampering, and destruction of evidence.

Read more of this story at Slashdot.

Group Files 'Largest FOIA of All Time'

Slashdot - Your Rights Online - Pt, 2020-10-16 20:50
Reclaim the Records -- a group of activist genealogists, historians, journalists, teachers -- has filed what may be the largest Freedom Of Information Act Request of all time. The group wants the National Archives and Records Administration (NARA) to release billions of digital images and their associated metadata to the public. From a report: NARA is a government agency that preserves and archives the American government's historical records. It's also supposed to increase public access to those records. To accomplish that goal, NARA partnered with private companies such as genealogical website Ancestory.com to digitize and upload census records, immigration records, and other historical documents. Digitizing these records is a massive task, one NARA likely couldn't accomplish on its own. In exchange for its help, NARA granted the private companies limited exclusivity to the records. That means that billions of documents related to America's history are behind paywalls on sites like Ancestry, FamilySearch, and Fold3. According to the agreements, the sites were supposed to open up their digitized archive to the public after an exclusivity period of 3 - 5 years. "In practice, this simply hasn't happened," Reclaim the Records said in a blog post announcing the FOIA. "NARA has never actually posted online the vast majority of these records that were digitized through their partnership program, not to their Catalog nor indeed anywhere else where the public might be able to freely access and download the now-digital records. This remains the case today, even when the embargo periods for many of these record sets have been expired for more than a decade, sometimes two decades." Most of these are stored behind Ancestry.com's paywall, in part because Ancestry purchased several of the other sites that NARA had made deals with when they were still independent.

Read more of this story at Slashdot.

France and the Netherlands Call For Tough EU Powers To Curb Big Tech

Slashdot - Your Rights Online - Pt, 2020-10-16 19:29
France and the Netherlands have proposed stricter EU rules to oversee large technology firms, such as Alphabet, Facebook and Amazon. From a report: In a joint document, seen by CNBC and due to be sent to the European Commission, the EU's executive arm, the two countries suggested that an EU authority should be able to control the market position of these large tech platforms. "Our common ambition is to design a framework that will be efficient enough to address the economic footprint of such actors on the European economy and to be able to 'break them open,'" Cedric O, the secretary of state for digital transition in France, said in a statement. "Access to data, to services, interoperability ... these are efficient tools that we should be able to use, with a tailor-made approach, in order to tackle market foreclosure and ensure freedom of choice for consumers," he added. The EU, arguably at the forefront of regulation in this space, has intensified talks regarding Big Tech and the competitive landscape over the last 12 months. In addition to pursuing anti-trust investigations on some of the largest firms, the Commission is also working on data protection rules.

Read more of this story at Slashdot.

FCC Will Move To Regulate Social Media After Censorship Outcry

Slashdot - Your Rights Online - Pt, 2020-10-16 05:30
An anonymous reader quotes a report from The Verge: On Thursday, Federal Communications Commission Chairman Ajit Pai said that the agency will seek to regulate social media platforms like Facebook and Twitter at the behest of the Trump administration's executive order signed earlier this year. "Members of all three branches of the federal government have expressed serious concerns about the prevailing interpretation of the immunity set for in Section 230 of the Communications Act. There is bipartisan support in Congress to reform the law," Pai said in a statement Thursday. "Social media companies have a First Amendment right to free speech. But they do not have a First Amendment right to a special immunity denied to other media outlets, such as newspapers and broadcasters." On Thursday, Pai said that the commission's general counsel said that "the FCC has the legal authority to reinterpret Section 230." He continued, "Consistent with this advice, I intend to move forward with a rulemaking to clarify its meaning." "Pai's decision to move forward with rulemaking follows a series of moderation decisions on Wednesday made by Facebook and Twitter against a New York Post article regarding former Vice President Joe Biden's son, Hunter Biden, who has been the subject of political attacks from the right throughout the 2020 presidential election," the report adds. Facebook reduced the reach of the story, while Twitter banned linking to the story entirely. "These moves from Facebook and Twitter incited an outcry over conservative bias from Republicans," reports The Verge.

Read more of this story at Slashdot.

Robinhood Estimates Hackers Infiltrated Almost 2,000 Accounts

Slashdot - Your Rights Online - Pt, 2020-10-16 00:02
An anonymous reader quotes a report from Bloomberg: Almost 2,000 Robinhood Markets accounts were compromised in a recent hacking spree that siphoned off customer funds, a sign that the attacks were more widespread than was previously known. A person with knowledge of an internal review, who asked not to be identified because the findings aren't public, provided the estimated figure. When Bloomberg first reported on the hacking spree last week, the popular online brokerage disclosed few details. It said "a limited number" of customers had been struck by cyber-criminals who gained access by breaching personal email accounts outside of Robinhood, an assertion that some of the victims acknowledge and others reject. The attacks unleashed a torrent of complaints on social media, where investors recounted futile attempts to call the brokerage, which doesn't have a customer service phone number. Robinhood, which has more than 13 million customer accounts, is now considering whether to add a phone number along with other tools, the person said. This week, Robinhood sent push notifications to users suggesting they enable two-factor authentication on their accounts. It also plans to send customers more advice on security, according to the statement. Several victims said they found no sign of criminals compromising their email accounts. And some said their brokerage accounts were accessed even though they had set up two-factor authentication.

Read more of this story at Slashdot.

FCC To Move on Trump Plan To Weaken Social Media Legal Shield

Slashdot - Your Rights Online - Cz, 2020-10-15 22:05
U.S. Federal Communications Commission Chairman Ajit Pai said the agency will consider President Donald Trump's request to weaken legal protections for social media companies such as Twitter. From a report: The FCC will begin a rulemaking to "clarify" the meaning of a law that gives broad legal immunity to social media companies for their handling of users' posts, Pai said in an emailed statement. The action follows a request by the Trump administration for regulators to dilute the decades-old law that Facebook, Twitter and Google say is crucial. The request was called for in an executive order that Trump signed in May. Tech trade groups, civil liberties organizations and legal scholars have slammed the action and said it isn't likely to survive a court challenge.

Read more of this story at Slashdot.

Google and Intel Warn of High-Severity Bluetooth Security Bug In Linux

Slashdot - Your Rights Online - Cz, 2020-10-15 03:32
An anonymous reader quotes a report from Ars Technica: Google and Intel are warning of a high-severity Bluetooth flaw in all but the most recent version of the Linux Kernel. While a Google researcher said the bug allows seamless code execution by attackers within Bluetooth range, Intel is characterizing the flaw as providing an escalation of privileges or the disclosure of information. The flaw resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. Besides Linux laptops, it's used in many consumer or industrial Internet-of-things devices. It works with Linux versions 2.4.6 and later. So far, little is known about BleedingTooth, the name given by Google engineer Andy Nguyen, who said that a blog post will be published "soon." A Twitter thread and a YouTube video provide the most detail and give the impression that the bug provides a reliable way for nearby attackers to execute malicious code of their choice on vulnerable Linux devices that use BlueZ for Bluetooth. Intel, meanwhile, has issued this bare-bones advisory that categorizes the flaw as privilege-escalation or information-disclosure vulnerability. The advisory assigned a severity score of 8.3 out of a possible 10 to CVE-2020-12351, one of three distinct bugs that comprise BleedingTooth. "Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure," the advisory states. "BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities." Intel, which is a primary contributor to the BlueZ open source project, said that the most effective way to patch the vulnerabilities is to update to Linux kernel version 5.9, which was published on Sunday. Those who can't upgrade to version 5.9 can install a series of kernel patches the advisory links to. Maintainers of BlueZ didn't immediately respond to emails asking for additional details about this vulnerability. Ars Technica points out that since BleedingTooth requires proximity to a vulnerable device, there's not much reason for people to worry about this vulnerability. "It also requires highly specialized knowledge and works on only a tiny fraction of the world's Bluetooth devices," it adds.

Read more of this story at Slashdot.

Florida Could Become First State To Offer Digital Driver's Licenses

Slashdot - Your Rights Online - Cz, 2020-10-15 03:30
According to WESH Orlando, Florida residents next year will be able to apply for new mobile driver's licenses that can be easily accessed on a smartphone, tablet, or other device. They will be valid as a traditional license. From the report: The service will be provided by the company Thales, which designs and builds electrical systems and provides services for the aerospace, defense, transportation and security markets. "The State of Florida will be the first state in the United States to provide mobile Driver Licenses with leading-edge security mechanisms, fully compliant with rigorous national and international standards.," a statement from Thales said. According to Thales, a digital license will work the same way as a traditional one. People would open the app and present it to verify your age, check in at TSA or interact with law enforcement. As of now, though, Thales states on their website, "It will be up to each state and local law enforcement agency to determine what procedure and methods work best within their existing protocol." It's unclear exactly when Florida will begin offering the mobile licenses.

Read more of this story at Slashdot.

China Starts Digital Yuan Trial By Giving $30 To 50,000 People

Slashdot - Your Rights Online - Cz, 2020-10-15 01:30
China is starting a first-of-its-kind digital yuan trial by distributing 10 million yuan ($1.5 million) of the digital currency among 50,000 participants selected by lottery. "That equates to each participant being granted 200 yuan, or $30, to spend at any of 3,389 designated restaurants and stores," notes Nikkei Asian Review. From the report: The trial ends next Monday. Other tests of digital currencies have mainly been done by the public sector, but this is the first to involve a large number of ordinary citizens. There was no cost to take part in the test. More than 1.91 million people applied to take part with and acceptance rate at less than 3%. Ostensibly, the digital yuan project is meant to make China's currency more international and user friendly. But critics say it would also allow authorities to more easily track funds. Apprehensions over China's digital currency assume such transactions will not stop at the nation's border. If the digital yuan is taken up across the world through trade and other avenues, it could undermine the dollar's status as a global key currency. Sanctions that ban dollar transactions would risk losing effectiveness. And if the digital yuan becomes the international standard in terms of technology, it could create a hindrance to other nations' issuing their own digital currencies.

Read more of this story at Slashdot.

Bill Gates: 'I Was Naive At Microsoft,' Didn't Realize Success Would Bring Antitrust Scrutiny

Slashdot - Your Rights Online - Cz, 2020-10-15 00:50
Microsoft co-founder and former CEO Bill Gates told CNBC on Wednesday morning he had been naive about the government scrutiny that comes with getting large when he was running Microsoft and said the chance of Big Tech antitrust regulation is "pretty high." CNBC reports: "Whenever you get to be a super-valuable company, affecting the way people communicate and even political discourse being mediated through your system and higher percentage of commerce -- through your system -- you're going to expect a lot of government attention," Gates said in the "Squawk Box" interview. Last week, the House Judiciary subcommittee on antitrust released a report concluding that Amazon, Apple, Facebook and Google hold monopoly power. "I was naive at Microsoft and didn't realize that our success would lead to government attention," Gates said, referring to Microsoft's antitrust challenges from more than 20 years ago. "And so I made some mistakes -- you know, just saying, 'Hey, I never go to Washington, D.C.' And now I don't think, you know, that naivete is there." Gates stepped down as Microsoft CEO in the middle of the U.S. Justice Department's antitrust case, which charged the company had tried to monopolize the web browser market when it bundled Internet Explorer with Windows. The company settled with the DOJ in 2001. "The rules will change somewhat," Gates said in contrast about the possibility of future regulation. "I'd say the chances of them doing something is pretty high." "We have to get the particulars," said Gates when asked about the risk of additional regulation cutting down on innovation. "Is there some rule about acquisition? Is there some rule about splitting parts of the companies, either -- to create open availability of those resources?" Anti-competitive "killer acquisitions" was one of the House subcommittee's concerns, and the report looked into whether Facebook acquired Instagram to eliminate a competitor. Splitting up such acquisitions may be one possibility of future regulation. "We're in uncharted territory here," said Gates.

Read more of this story at Slashdot.

Zoom To Roll Out End-to-End Encrypted (E2EE) Calls

Slashdot - Your Rights Online - Śr, 2020-10-14 19:24
Video conferencing platform Zoom announced today plans to roll out end-to-end encryption (E2EE) capabilities starting next week. From a report: E2EE will allow Zoom users to generate individual encryption keys that will be used to encrypt voice or video calls between them and other conference participants. These keys will be stored locally and will not be shared with Zoom servers, meaning the software company won't be able to access or intercept any ongoing E2EE meetings. Support for E2EE calls will first be part of Zoom clients to be released next week. To use the new feature, users must update theri clients next week and enable support for E2EE calls at the account level. This green shield will contain a lock if E2EE is active. If the lock is absent, Zoom will use its default AES 256-bit GCM encryption scheme, which the company uses to secure current communications, but which the company can also intercept. Further reading: Zoom Adds Ability To Open Apps Like Dropbox And Slack, Event-Hosting Tools As Part Of Push Beyond Video Meetings.

Read more of this story at Slashdot.

Internet Freedom Has Taken a Hit During the Covid-19 Pandemic

Slashdot - Your Rights Online - Śr, 2020-10-14 17:25
Almost 40 million people around the world have contracted Covid-19 and more than a million have died from the virus. The devastation has rippled even further, thanks to a global recession and rising political unrest. And as all of this unfolds, new research indicates that the governments around the world have exploited the pandemic to expand their domestic surveillance capabilities and curtail internet freedom and speech. From a report: The human and digital rights watchdog Freedom House today published its annual "Freedom on the Net" report, which tracks the ebb and flow of censorship laws, net neutrality protections, internet shutdowns, and more around the world. This year's report, which covers the period from June 2019 through May 2020, encompasses not only the Covid-19 pandemic but the trade war between the US and China, which has resulted in a dramatic acceleration of the cyber sovereignty movement. Combined with numerous other geopolitical clashes that have impacted digital rights, Freedom House found that global internet freedom has been broadly curtailed in 2020. "Political leaders used the pandemic as a pretext to crack down on free expression and limit access to information," Freedom House director for democracy and technology Adrian Shahbaz told reporters ahead of the report's release. "We traced three commonly used tactics. First in at least 45 countries, activists, journalists, and other members of the public were arrested or charged with criminal offenses for online speech related to the pandemic. Second in at least 20 countries governments cited the pandemic emergency to impose vague or overly broad speech restrictions. Third, governments in at least 28 countries censored websites and social media posts to censor unfavorable health statistics, corruption allegations, and other Covid-19-related content."

Read more of this story at Slashdot.

There's Another Huge Right To Repair Fight Brewing In Massachusetts

Slashdot - Your Rights Online - Śr, 2020-10-14 15:00
An anonymous reader quotes a report from The Drive: Whether or not you live in Massachusetts, you should be paying attention to a very important vote coming up in November's election. Not for president, or senator, or even city council -- no, Question 1 is a proposition that could dramatically strengthen or weaken the state's landmark right-to-repair law that previously forced automakers to make it easier for you to get your car fixed. Essentially, Massachusetts voters are deciding on whether or not to add "mechanical" vehicle telematics data -- realtime updates from a car's sundry sensors transmitted to an automaker's private servers -- to the list of things OEMs have to share with independent mechanics. Telematics data was purposefully excluded from the original 2013 law, but as cars have gotten more computerized over the last decade, that gap in coverage has grown more pronounced. The full information about what is appearing on the ballot can be found here. Voting "Yes" to Question 1 would expand access to wirelessly transmitted mechanical data regarding vehicle maintenance and repair. But what makes this a big deal for those outside Massachusetts is that the amendment will require automakers who want to do business in the state to make that data accessible through a smartphone app for owners starting in 2022. Remember, it was the 2013 law's passage that forced automakers to adopt a nationwide right-to-repair standard. Could the same happen with open-access telematics data, which will only grow in importance as more cars add on driver-assist features? Pro-Question 1 organization Massachusetts Right to Repair argues the amendment would futureproof the law for consumers and independent repair shops beyond the state's borders. "Voting 'No' would make no change to governing access over wirelessly transmitted vehicle data, meaning automakers would be under no obligation to provide a standard that consumers could use to analyze diagnostic information other than what is currently provided through the vehicle's OBDII port," adds The Drive. "[T]he Coalition for Safe and Secure Data has shelled out at least $25.8 million to oppose Question 1, reportedly receiving large seven-figure donations from General Motors, Toyota, Ford, Honda and Nissan. Go figure."

Read more of this story at Slashdot.

Philippines Starts Registering Millions for National ID Cards

Slashdot - Your Rights Online - Wt, 2020-10-13 16:13
The Philippines began Monday registering millions of citizens for its national identification system, hoping to promote electronic payments and make it easier for low-income earners without bank accounts to access financial services. From a report: All Philippine citizens and resident foreigners are required to register such information as name, sex, date of birth, place of birth, blood type, address and nationality. Biometric data -- fingerprints, facial photos and iris scans -- also will be stored. The country's current system, in which different agencies issue their own numbers, has been criticized as inconvenient. The new system will grant each person a unique number that can be used across agencies. The government hopes to make financial services more accessible to low-income workers who lack bank accounts as well as facilitate delivery of government services. Officials from the Philippine statistics agency will visit homes to collect the personal information, completing the process before President Rodrigo Duterte's term ends in June 2022. The system is scheduled to begin operation in the second half of 2021 for services such as visa issuances. A survey found 73% public support for the new ID system, suggesting that little concern exists over the collection of personal information by the government. Karl Kendrick Chua, acting secretary of the National Economic and Development Authority, said the ID system will accelerate growth of the digital economy. He expressed hope that the national system will spark widespread use of electronic payments. Partnerships with the private sector also appear to be on the table.

Read more of this story at Slashdot.

Amazon's Latest Gimmicks Are Pushing the Limits of Privacy

Slashdot - Your Rights Online - Wt, 2020-10-13 03:30
At the end of September, Amazon debuted two especially futuristic products within five days of each other: a small autonomous surveillance drone, called Ring Always Home Cam, and a palm recognition scanner, called Amazon One. "Both products aim to make security and authentication more convenient -- but for privacy-conscious consumers, they also raise red flags," reports Wired. From the report: Amazon's latest data-hungry innovations are not launching in a vacuum. The company also owns Ring, whose smart doorbells have had myriad security issues and have been widely criticized for bringing unprecedented surveillance to traditionally semi-private spaces. Meanwhile, the biometric data that Amazon Go will collect is particularly sensitive, because unlike a password you can't simply change it if a hacker steals it or it gets unintentionally exposed. Amazon has a strong record for maintaining the security of its massive cloud infrastructure, but there have been lapses across the sprawling business. The stakes are already phenomenally high; the more data the company holds the more risk it takes on. "Amazon has a major genomics cloud platform, so maybe they hold your DNA and now they're going to have your palm as well? Plus all of these devices inside your house. And your purchase history on Prime. That's a lot of information. That's a lot of personal information," says Nina Alli, executive director of Defcon's Biohacking Village and a health care security researcher. "When you give away this data you're giving a company the ability to access and manage you, not the other way around." [...] Additionally, while companies like Apple and Samsung have brought biometric fingerprint and face scanners to the masses by making sure the data never leaves the device, Amazon One takes the opposite approach. Kumar writes that "palm images are never stored" on Amazon One itself. Instead they are encrypted and sent to a special high security area of Amazon's cloud to be converted into "palm signatures" based on the unique and distinctive features of a user's hand. Then the service compares that signature to the one on file in each user's account and returns a match or no match answer back down to the device. It makes sense that Amazon doesn't want to store databases of people's palm data locally on publicly accessible machines that could be manipulated. But the system could perhaps have been set up to generate a palm signature locally, delete the image of a person's hand, and send only the encrypted signature on for analysis. The fact that all of those palm images will be going for cloud processing creates a single point of failure. "I'm worried that people could read your palm vein pattern in other ways and construct an analog. It's only a matter of time," says Joseph Lorenzo Hall, a longtime security and privacy researcher and a senior vice president at the nonprofit Internet Society. "Both the home drone and the palm payment are going to rely heavily on the cloud and on the security provided by that cloud storage. That's worrying because it means all the risks -- rogue employees, government data requests, data breach, secondary uses -- associated with data collection on the server-side could be possible. I'm much more comfortable having a biometric template stored locally rather than on a server where it might be exfiltrated." An Amazon spokesperson told WIRED, "We are confident that the cloud is highly secure. In addition, Amazon One palm data is stored separately from other personal identifiers, and is uniquely encrypted with its own keys in a secure zone in the cloud."

Read more of this story at Slashdot.

How Many Americans Still Secretly Use Their Ex's Passwords

Slashdot - Your Rights Online - Wt, 2020-10-13 02:50
A recent survey by British Virgin Islands-based VPN service provider ExpressVPN asked 1,506 American adults in an exclusive (non-married) relationship to find out their password sharing habits across social media platforms. ZDNet reports on the findings: The survey showed that couples share a variety of passwords with each other, and they most commonly share within the first six months of dating. The most commonly shared passwords between couples are for video streaming (78%), mobile devices (64%), and music streaming (58%). Almost half (47%) of Americans in a relationship share social media passwords and 38% share their personal email passwords. Most services, apart from social media and mobile device accounts (which are shared most with family), are more commonly shared with a significant other than family or friends. Respondents said that sharing passwords is most indicative of trust (70%), commitment (63%), intimacy (54%), marriage-material (51%), affection (48%), and vulnerability (47%). Among those sharing video streaming services, Netflix (86%), Hulu (57%), and Amazon Prime Video (52%) are shared most with a significant other. Millennials and Generation Z are also more likely to share passwords with their significant others across all platforms, as compared to older folks. Among people who do not share passwords with anyone, the most common objection is that the same username and password combination is often used for additional accounts. Among respondents, men are more guilty than women of still secretly using an ex's login information/password post-break up. Over one in four (26%) currently use their ex's game streaming services account and online news subscriptions (26%). A quarter (25%) access their ex's photo sharing program, and food/grocery delivery sites. Almost one in four (23%) currently access social media accounts, mobile wallets, music, and video streaming services and one in five access their ex's personal email accounts. One in four 25% of respondents confess to currently tracking an ex's real-time location and 30% confess to secretly logging in to an ex's social media account at least once, with 23% admitting to still doing so currently. It is not surprising that over one in three (36%) of respondents indicate regret in sharing passwords with a significant other, either during the relationship or after a breakup -- with men feeling more regretful than women (40% vs. 32%).

Read more of this story at Slashdot.

Backdoor In Kids' Smartwatch Makes It Possible For Someone To Covertly Take Pictures, Record Audio

Slashdot - Your Rights Online - Wt, 2020-10-13 01:30
The Xplora 4 smartwatch, made by Chinese outfit Qihoo 360 Technology Co, and marketed to children under the Xplora brand in the US and Europe, can covertly take photos and record audio when activated by an encrypted SMS message, says Norwegian security firm Mnemonic. The Register reports: This backdoor is not a bug, the finders insist, but a deliberate, hidden feature. Around 350,000 watches have been sold so far, Xplora says. Exploiting this security hole is non-trivial, we note, though it does reveal the kind of remotely accessible stuff left in the firmware of today's gizmos. "The backdoor itself is not a vulnerability," said infosec pros Harrison Sand and Erlend Leiknes in a report on Monday. "It is a feature set developed with intent, with function names that include remote snapshot, send location, and wiretap. The backdoor is activated by sending SMS commands to the watch." The researchers suggest these smartwatches could be used to capture photos covertly from its built-in camera, to track the wearer's location, and to conduct wiretapping via the built-in mic. They have not claimed any such surveillance has actually been done. The watches are marketed as a child's first phone, we're told, and thus contain a SIM card for connectivity (with an associated phone number). Parents can track the whereabouts of their offspring by using an app that finds the wearer of the watch. Xplora contends the security issue is just unused code from a prototype and has now been patched. But the company's smartwatches were among those cited by Mnemonic and Norwegian Consumer Council in 2017 for assorted security and privacy concerns. With the appropriate Android intent, an incoming encrypted SMS message received by the Qihoo SMS app could be directed through the command dispatcher in the Persistent Connection Service to trigger an application command, like a remote memory snapshot. Exploiting this backdoor requires knowing the phone number of the target device and its factory-set encryption key. This data is available to those to Qihoo and Xplora, according to the researchers, and can be pulled off the device physically using specialist tools. This basically means ordinary folks aren't going to be hacked, either by the manufacturer under orders from Beijing or opportunistic miscreants attacking gizmos in the wild, though it is an issue for persons of interest. It also highlights the kind of code left lingering in mass-market devices.

Read more of this story at Slashdot.

To Avoid Prison For Leaving Bad Hotel Reviews Online, An American in Thailand Must Apologize

Slashdot - Your Rights Online - Pn, 2020-10-12 05:44
The New York Times reports: He's very, very sorry. But the hotel in Thailand that threatened an American guest with prison for his bad reviews may end up with bigger regrets. Wesley Barnes, the American guest, publicly apologized on Friday for his blunt online reviews of the Sea View Koh Chang resort in Thailand. In exchange, the hotel promised it would drop the complaint that led the authorities in Thailand to file criminal defamation charges against him. More than wounded pride was on the line. In Thailand, criminal defamation charges can result in a prison term of up to two years. Mr. Barnes had already spent two days in jail after his arrest on those charges last month before posting bail. The question now for the Sea View resort — and for Thailand's tourism industry, which is struggling under the coronavirus travel freeze — is whether it can recover from the considerable damage its reputation has suffered by threatening Mr. Barnes with prison... Mr. Barnes struck a decidedly different tone on Friday, in a statement filled with stilted official language reminiscent of a forced confession. "All of the statements that I made are completely untrue," the statement said. "These reviews and comments were written out of anger and malice. Now, I, Mr. Barnes, have regretted my actions and would like to apologize to Sea View Koh Chang, and its staff." As required by the settlement with the hotel, Mr. Barnes also sent the statement to news outlets that covered his case, including The New York Times. He apologized "for my repeatedly false and untrue statements/reviews made to maliciously defame Sea View Koh Chang...." In his statement, Mr. Barnes expressed gratitude to the hotel for allowing him to avoid prison.

Read more of this story at Slashdot.

Fortnite Remains Banned From Apple's App Store After Judge Refuses Epic's Request

Slashdot - Your Rights Online - Pn, 2020-10-12 02:04
Epic Games "did not win its preliminary injunction in its antitrust action against Apple, which would have forced Apple to allow Fortnite back onto the iPhone, iPad, and Mac," reports BGR, calling it "the decision we warned you about a few weeks ago." Gonzalez Rogers hinted during the injunction relief hearing a few weeks ago that she wasn't inclined to side with Epic when it comes to Fortnite. She pointed out at the time that Epic lied in its business relationship with Apple. "You did something, you lied about it by omission, by not being forthcoming. That's the security issue. That's the security issue!" Gonzalez Rogers told Epic. "There are a lot of people in the public who consider you guys heroes for what you guys did, but it's still not honest...." Epic engineered a huge PR stunt to turn gamers against Apple over the expected Fortnite ban and then sued Apple for anti-competitive practices at the same time. Even if the antitrust case might have merit on its own, this doesn't change the fact that Epic breached its contract... The judge clarified that Epic has breached a contract unilaterally and cannot claim that it did it because of monopoly concerns. Judge Rogers also said that Epic's failure to show it's willing to work with Apple and the court to have the game reinstated proves that Epic isn't necessarily concerned with the well-being of iOS users. "Epic Games cannot simply exclaim 'monopoly' to rewrite agreements giving itself unilateral benefit..." Epic did receive some good news in the ruling. "Epic Games is grateful that Apple will continue to be barred from retaliating against Unreal Engine and our game development customers," the company said in a statement which was quoted by Thurrott.com. "We will continue developing for Apple's platforms and pursue all avenues to end Apple's anti-competitive behavior." And the same site also quotes Apple's own statement on the ruling. "We are grateful that the Court recognized that Epic's actions were not in the best interests of its own customers and that any problems they may have encountered were of their own making when they breached their agreement."

Read more of this story at Slashdot.

America's 'Cyber Command' Is Trying to Disrupt the World's Largest Botnet

Slashdot - Your Rights Online - Pn, 2020-10-12 01:03
The Washington Post reports: In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world's largest botnet — one used also to drop ransomware, which officials say is one of the top threats to the 2020 election. U.S. Cyber Command's campaign against the Trickbot botnet, an army of at least 1 million hijacked computers run by Russian-speaking criminals, is not expected to permanently dismantle the network, said four U.S. officials, who spoke on the condition of anonymity because of the matter's sensitivity. But it is one way to distract them at least for a while as they seek to restore operations. U.S. Cyber Command also "stuffed millions of bogus records about new victims into the Trickbot database — apparently to confuse or stymie the botnet's operators," reports security researcher Brian Krebs: Alex Holden, chief information security officer and president of Milwaukee-based Hold Security, has been monitoring Trickbot activity before and after the 10-day operation. Holden said while the attack on Trickbot appears to have cut its operators off from a large number of victim computers, the bad guys still have passwords, financial data and reams of other sensitive information stolen from more than 2.7 million systems around the world. Holden said the Trickbot operators have begun rebuilding their botnet, and continue to engage in deploying ransomware at new targets. "They are running normally and their ransomware operations are pretty much back in full swing," Holden said. "They are not slowing down because they still have a great deal of stolen data." Holden added that since news of the disruption first broke a week ago, the Russian-speaking cybercriminals behind Trickbot have been discussing how to recoup their losses, and have been toying with the idea of massively increasing the amount of money demanded from future ransomware victims.

Read more of this story at Slashdot.