aggregator

Tech Giants Are Giving China a Vital Edge In Espionage.

Slashdot - Your Rights Online - Wt, 2020-12-29 02:08
schwit1 shares a report: The embrace between China's intelligence services and Chinese businesses has gotten tighter, U.S. officials say. In 2017, under Xi's intensifying authoritarianism, Beijing promulgated a new national intelligence law that compels Chinese businesses to work with Chinese intelligence and security agencies whenever they are requested to do so -- a move that codified "what was pretty much what was going on for many years before, though corruption had tempered it" previously, a former senior CIA official said. In the final years of the Obama administration, national security officials had directed U.S. spy agencies to step up their intelligence collection on the relationship between the Chinese state and China's private industrial behemoths. By the advent of the Trump era, this effort had borne fruit, with the U.S. intelligence community piecing together voluminous evidence on coordination -- including back-and-forth data transfers -- between ostensibly private Chinese companies and that country's intelligence services, according to current and former U.S. officials. There was evidence of close public-private cooperation occurring on "a daily basis," according to a former Trump-era national security official. "Those commercial entities are the commercial wing of the party," the source said. "They of course cooperate with intelligence services to achieve the party's goals." Beijing's access to, and ability to sift through, troves of pilfered and otherwise obtained data "gives [China] vast opportunities to target people in foreign governments, private industries, and other sectors around the world -- in order to collect additional information they want, such as research, technology, trade secrets, or classified information," said William Evanina, the United States' top counterintelligence official. "Chinese technology companies play a key role in processing this bulk data and making it useful for China's intelligence services," he said.

Read more of this story at Slashdot.

Finland Says Hackers Accessed MPs' Emails Accounts

Slashdot - Your Rights Online - Pn, 2020-12-28 23:47
The Finnish Parliament said on Monday that hackers gained entry to its internal IT system and accessed email accounts for some members of Parliament (MPs)fin. From a report: Government officials said the attack took place in the fall of 2020 and was discovered this month by the Parliament's IT staff. The matter is currently being investigated by the Finnish Central Criminal Police (KRP). In an official statement, KRP Commissioner Tero Muurman said the attack did not cause any damage to the Parliament's internal IT system but was not an accidental intrusion either. Muurman said the Parliament security breach is currently being investigated as a "suspected espionage" incident. "At this stage, one alternative is that unknown factors have been able to obtain information through the hacking, either for the benefit of a foreign state or to harm Finland," Muurman said. "The theft has affected more than one person, but unfortunately, we cannot tell the exact number without jeopardizing the ongoing preliminary investigation.

Read more of this story at Slashdot.

Will America's Next President Change Its Space Program?

Slashdot - Your Rights Online - Pn, 2020-12-28 14:34
America's next president takes office in three weeks and two days. What changes should he make to America's space program? An opinion writer at Bloomberg tackles the question: Donald Trump badly wanted to be the president who sent Americans back to the moon. Instead, his administration has presided over Artemis, a lunar-landing program plagued by "uncertain plans, unproven cost assumptions, and limited oversight," according to a new watchdog report. Pieces of the program, including the SLS rocket and Orion spacecraft, are billions of dollars over budget, years past deadline and poised to eat into NASA's more promising projects. As a result, the U.S. space agency will almost certainly miss its goal of landing Americans on the moon again by 2024. President-elect Joe Biden inherits the task of deciding what to do next. - He should focus on what has made the U.S. space program distinctive in recent years: the power of private competition... - The government bears all the risk of missed deadlines and rising costs. A more efficient alternative is fixed-price contracts, in which a company keeps as profit whatever's left over after it completes its assigned task. Beginning in 2006, NASA has used such contracts to boost the development of private space companies capable of reaching the International Space Station. The initiative has worked far better than anyone could've expected. In a 2011 report, NASA expressed bewilderment that SpaceX, then a young upstart, managed to develop its workhorse Falcon 9 rocket for just $390 million — as opposed to a likely cost of $1.7 billion to $4 billion under traditional cost-plus assumptions. Today, the rocket delivers hardware and astronauts for companies and space agencies around the world. Come January, the Biden administration should take a similar approach to the troubled Artemis system. Step one should be eliminating SLS and Orion altogether in favor of cheaper private-sector alternatives.... Currently, there are a number of Artemis elements being developed under fixed-price contracts, including future lunar landers. The new administration should use a similar approach with as many aspects of the project as possible, thereby harnessing the efficiency and inventiveness of private competition.

Read more of this story at Slashdot.

Are Tech Companies Censoring Their Users For Access to China's Market?

Slashdot - Your Rights Online - Pn, 2020-12-28 01:09
This week MSNBC published an opinion piece from a researcher on China (who works on internet censorship and freedom of expression issues) from the advocacy group Human Rights Watch. It examines specific exchanges between a China-based Zoom executive and employees at the company's California headquarters (taken from the 47-page complaint filed by America's Justice Department) showing how Zoom disrupted video meetings commemorating the anniversary of the Tiananmen Square crackdown: It was a fascinating read, not least because few global tech companies that do business in China have ever made public the details of their communications with Chinese authorities on censorship issues, despite repeated calls to do so from human rights organizations and United Nations experts. What the complaint reveals is Beijing's aggressive pursuit of global censorship of topics deemed sensitive or critical of Beijing, and Zoom's failure to adequately protect its users' rights to free expression and privacy... Beijing has long leveraged market access to compel foreign tech companies to meet its censorship demands, whether in China or abroad. Apple has removed hundreds of virtual private network (VPN) apps from China's App Store. In 2019, it also removed a mapping app widely used by pro-democracy protesters in Hong Kong from the App Store. LinkedIn blocked content critical of Chinese authorities for users in China. From the complaint, one can see Zoom's fear that if it didn't terminate meetings or suspend accounts upon request, it risked having its China operation shut down at any time, which loomed large in all of its decisions. Companies understandably want access to China's huge market, but they also have a responsibility to respect human rights under the United Nations Guiding Principles on Business and Human Rights. Zoom said publicly that it is "dedicated to the free and open exchange of ideas," but when Jin repeatedly framed speech critical of the Chinese government as something that could "do bad things" or "illegal activities," and demanded they be censored, he met no resistance or got any questions from his colleagues at headquarters. The article also blames Jin for making false claims to a Zoom colleague that a private Tiananmen commemoration meeting was supporting terrorism/inciting violence, after which "the colleague quickly terminated the meeting and suspended the host account without any investigation into the matter." And it alleges that Jin also forwarded complaints from operatives who'd intentionally joined public meetings with offending content so those meetings could then be reported and shut down, while "a U.S.-based Zoom employee, knowing they were schemes, facilitated it..."

Read more of this story at Slashdot.

Edward Snowden Urges Donations to the EFF

Slashdot - Your Rights Online - N, 2020-12-27 21:54
In October, Edward Snowden was granted permanent residency in Russia. A new web page by the EFF applauds his past activities as a U.S. whistleblower. "His revelations about secret surveillance programs opened the world's eyes to a new level of government misconduct, and reinvigorated EFF's continuing work in the courts and with lawmakers to end unlawful mass spying." And then they shared this fund-raising pitch written by Edward Snowden: Seven years ago I did something that would change my life and alter the world's relationship to surveillance forever. When journalists revealed the truth about state deception and illegal conduct against citizens, it was human rights and civil liberties groups like EFF — backed by people around the world just like you — that seized the opportunity to hold authority to account. Surveillance quiets resistance and takes away our choices. It robs us of private space, eroding our dignity and the things that make us human. When you're secure from the spectre of judgement, you have room to think, to feel, and to make mistakes as your authentic self. That's where you test your notions of what's right. That's when you question the things that are wrong. By sounding the alarm and shining a light on mass surveillance, we force governments around the world to confront their wrongdoing. Slowly, but surely, grassroots work is changing the future. Laws like the USA Freedom Act have just begun to rein in excesses of government surveillance. Network operators and engineers are triumphantly "encrypting all the things" to harden the Internet against spying. Policymakers began holding digital privacy up to the light of human rights law. And we're all beginning to understand the power of our voices online. This is how we can fix a broken system. But it only works with your help. For 30 years, EFF members have joined forces to ensure that technology supports freedom, justice, and innovation for all people. It takes unique expertise in the courts, with policymakers, and on technology to fight digital authoritarianism, and thankfully EFF brings all of those skills to the fight. EFF relies on participation from you to keep pushing the digital rights movement forward . Each of us plays a crucial role in advancing democracy for ourselves, our neighbors, and our children. I hope you'll answer the call by joining EFF to build a better digital future together. Sincerely, Edward Snowden

Read more of this story at Slashdot.

Will America's Next President Break Up Facebook?

Slashdot - Your Rights Online - N, 2020-12-27 02:04
With 25 days until Joe Biden becomes America's next president, Politico writes that throughout the US government, "From lawmakers on Capitol Hill to antitrust enforcers at the Federal Trade Commission, Washington is training its sights on the world's largest social network like never before." Biden's antitrust enforcers will take ownership of a lawsuit the FTC filed this month threatening to dismantle the sprawling company. And his staff will negotiate legislative proposals with congressional leaders who have hammered Facebook for mishandling its users' personal data and spreading hate speech and dangerous falsehoods. It's a historic moment of legislative and regulatory upheaval with profound consequences for Facebook and its Silicon Valley brethren. The Trump era opened the floodgates for Facebook detractors, who accused the world's largest social network of silencing conservatives on one side, and abetting disinformation about the U.S. election on the other. Now, under Biden, the company's critics see a prime opportunity to finally tame Facebook — for the sake of election integrity, privacy and fair play in the digital era... "It's just not a great business strategy to piss off the incoming president," said Sally Hubbard, the director of enforcement strategy at the Open Markets Institute, which has advocated for antitrust enforcement against Facebook, Google and other big tech firms. She and other tech critics are putting pressure on Biden to take a different approach than past administrations, and they already have several allies advising the transition as it prepares to take over next month... The now-president-elect has called for the internet industry's sacred legal liability protections to be revoked, specifically citing Facebook's handling of election-related misinformation. He turned heads in January when he said bluntly, "I've never been a fan of Facebook," a company whose digital reach helped propel the Obama-Biden ticket to the White House in past elections... "[I]t's certainly possible that skepticism about Facebook from the Biden team could result in a greater likelihood of antitrust scrutiny by the Justice Department and the FTC," said Matt Perault, a former Facebook public policy director who now leads Duke University's Center on Science and Technology Policy. "And it's possible that a Biden White House could use their bully pulpit to try to force changes that they can't achieve through executive action or legislation...." Republicans, too, have gripes about Facebook's handling of political speech, with some saying its lack of meaningful competition gives it the leverage to censor users' political views. After the FTC and state attorneys general announced their Facebook lawsuits this month, lawmakers from both sides of the aisle expressed support... But bipartisan frustration with tech has yet to mean lawmakers will set aside partisan differences. Both sides have been frustrated with how Facebook, Twitter and Google-owned YouTube police political content, for instance, but Democrats want more moderation and Republicans have called for less... Even with such divisions, the general animosity toward Facebook could help the anti-Facebook advocates to gain traction with the new administration. And they're pushing their agenda hard ahead of the inauguration.

Read more of this story at Slashdot.

'Unforced Error' in Suspected Russian Data Breach May Have Led to Its Discovery

Slashdot - Your Rights Online - So, 2020-12-26 19:34
CNN reports: US officials and private sector experts investigating the massive data breach that has rocked Washington increasingly believe the attackers were ultimately discovered because they took a more aggressive "calculated risk" that led to a possible "unforced error" as they tried to expand their access within the network they had penetrated months earlier without detection, according to a US official and two sources familiar with the situation... FireEye was tipped off to the hackers' presence when they attempt to move laterally within the firm's network, according to the sources, a move that suggested the hackers were targeting sensitive data beyond emails addresses or business records. Whether that exposure was the result of a mistake by the attackers or because they took a calculated risk remains unclear, the sources said. "At some point, you have to risk some level of exposure when you're going laterally to get after the things that you really want to get. And you're going to take calculated risks as an attacker," one source familiar with the investigation said... Now, the hackers are attempting to salvage what access they can as the US government and private sector are "burning it all down," sources said, referring to their complete overhaul of networks, which will force the attackers to find new ways of getting the information they seek. Meanwhile, US officials continue to grapple with the fallout and assess just how successful the operation was, the US official said, noting that it is clear the nation-state responsible invested significant time and resources into the effort. While the scope of the hacking campaign remains unclear, government agencies that have disclosed they were impacted have said there is no evidence to date that classified data was compromised. But the way the hackers were discovered suggests the operation was intended to steal sensitive information beyond what was available on unclassified networks and sought to establish long-standing access to various targeted networks, the sources said. The fact that FireEye — not the federal government — discovered the breach has also raised questions about why the attack went undetected at US government agencies. The article also notes FireEye's acknowledgement that the breach "occurred when the hackers, who already had an employee's credentials, used those to register their own device to FireEye's multi-factor authentication system so they could receive the employee's unique access codes."

Read more of this story at Slashdot.

XRP Cryptocurrency Crashes Following Announcement of SEC Suit Against Ripple

Slashdot - Your Rights Online - Pt, 2020-12-25 02:20
An anonymous reader quotes a report from TechCrunch: The value of one of the world's most valuable cryptocurrencies is crashing and a recently filed SEC complaint is at the root of the free fall. According to CoinMarketCap, the XRP token's value has declined more than 42% in the past 24 hours and is down more than 63% from its 30-day high of $0.76. It now sits at just $0.27. XRP's price volatility has rivaled the most capricious of cryptocurrencies. Since reaching an all-time-high of $3.84 back in January of 2018, the coin has spent much of the past two years drifting closer and closer to pennies. In the past month, on the back of major rallies from other cryptocurrencies, XRP has seen its biggest rally in years, but those gains were all erased this week by the Ripple CEO Brad Garlinghouse's admission that the SEC was planning to file a sweeping lawsuit against the company during the current administration's final days. The SEC's fundamental argument is that XRP has always been a security and that it should have been registered with the commission from the beginning more than seven years ago. The SEC claims that the defendants in the case -- namely the company Ripple, CEO Bran Garlinghouse and executive chairman Chris Larsen -- generated more than $1.38 billion from sales of the XRP token. The company's line has been that XRP is not a security but is, in fact, a tool for financial institutions, though the coin's volatility has discouraged banks from actually adopting the token. Meanwhile, XRP is present on a number of cryptocurrency exchanges, a fact which could expand the scope of this legal complaint and affect more players in the space.

Read more of this story at Slashdot.

The ACLU Is Suing For More Information About the FBI's Phone-Hacking Lab

Slashdot - Your Rights Online - Pt, 2020-12-25 01:40
On Tuesday, the American Civil Liberties Union filed a new lawsuit demanding information about the FBI's Electronic Device Analysis Unit (EDAU) -- a forensic unit that the ACLU believes has been quietly breaking the iPhone's local encryption systems. The Verge reports: "The FBI is secretly breaking the encryption that secures our cell phones and laptops from identity thieves, hackers, and abusive governments," the ACLU said in a statement announcing the lawsuit, "and it refuses to even acknowledge that it has information about these efforts." The FBI has made few public statements about the EDAU, but the lawsuit cites a handful of cases in which prosecutors have submitted a "Mobile Device Unlock Request" and received data from a previously locked phone. The EDAU also put in public requests for the GrayKey devices that found success unlocking a previous version of iOS. In June 2018, the ACLU filed a FOIA request for records relating to the EDAU, but the FBI has refused to confirm any records even exist. After a string of appeals within the FOIA process, the group is taking the issue to federal court, calling on the attorney general and FBI inspector general to directly intervene and make the records available. "We're demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption," the ACLU said in a statement.

Read more of this story at Slashdot.

Facebook Managers Trash Their Own Ad Targeting In Unsealed Remarks

Slashdot - Your Rights Online - Pt, 2020-12-25 00:20
An anonymous reader quotes a report from The Intercept: Facebook is currently waging a PR campaign purporting to show that Apple is seriously injuring American small businesses through its iOS privacy features. But at the same time, according to allegations in recently unsealed court documents, Facebook has been selling them ad targeting that is unreliable to the point of being fraudulent. The documents feature internal Facebook communications in which managers appear to admit to major flaws in ad targeting capabilities, including that ads reached the intended audience less than half of the time they were shown and that data behind a targeting criterion was "all crap." Facebook says the material is presented out of context. They emerged from a suit currently seeking class-action certification in federal court. The suit was filed by the owner of Investor Village, a small business that operates a message board on financial topics. Investor Village said in court filings that it decided to buy narrowly targeted Facebook ads because it hoped to reach "highly compensated and educated investors" but "had limited resources to spend on advertising." But nearly 40 percent of the people who saw Investor Village's ad either lacked a college degree, did not make $250,000 per year, or both, the company claims. In fact, not a single Facebook user it surveyed met all the targeting criteria it had set for Facebook ads, it says. The complaint features Facebook documents indicating that the company knew its advertising capabilities were overhyped and underperformed. A "February 2016 internal memorandum" sent from an unnamed Facebook manager to Andrew Bosworth, a Zuckerberg confidant and powerful company executive who oversaw ad efforts at the time, reads, "[I]nterest precision in the US is only 41% -- that means that more than half the time we're showing ads to someone other than the advertisers' intended audience. And it is even worse internationally. We don't feel we're meeting advertisers' interest accuracy expectations today." The lawsuit goes on to quote unnamed "employees on Facebook's ad team" discussing their targeting capabilities circa June 2016. "Interest" and "behavior" are two key facets of the data dossiers Facebook compiles on us for advertisers; according to the company, the former includes things you like, "from organic food to action movies," while the latter consists of "behaviors such as prior purchases and device usage." The complaint also cites unspecified internal communications in which "[p]rivately, Facebook managers described important targeting data as 'crap' and admitted accuracy was 'abysmal.'" Facebook has said in its court filings that these quotes are presented out of context.

Read more of this story at Slashdot.

Dozens Sue Amazon's Ring After Camera Hack Leads To Threats and Racial Slurs

Slashdot - Your Rights Online - Cz, 2020-12-24 20:41
Dozens of people who say they were subjected to death threats, racial slurs, and blackmail after their in-home Ring smart cameras were hacked are suing the company over "horrific" invasions of privacy. From a report: A new class action lawsuit, which combines a number of cases filed in recent years, alleges that lax security measures at Ring, which is owned by Amazon, allowed hackers to take over their devices. Ring provides home security in the form of smart cameras that are often installed on doorbells or inside people's homes. The suit against Ring builds on previous cases, joining together complaints filed by more than 30 people in 15 families who say their devices were hacked and used to harass them. In response to these attacks, Ring "blamed the victims, and offered inadequate responses and spurious explanations," the suit alleges. The plaintiffs also claim the company has also failed to adequately update its security measures in the aftermath of such hacks.

Read more of this story at Slashdot.

Hackers Threaten To Leak Plastic Surgery Pictures

Slashdot - Your Rights Online - Cz, 2020-12-24 19:21
Hackers have stolen the data of a large cosmetic surgery chain and are threatening to publish patients' before and after photos, among other details. From a report: The Hospital Group, which has a long list of celebrity endorsements, has confirmed the ransomware attack. It said it had informed the Information Commissioner of the breach. On its darknet webpage, the hacker group known as REvil said the "intimate photos of customers" were "not a completely pleasant sight." It claimed to have obtained more than 900 gigabytes of patient photographs. The Hospital Group, which is also known as the Transform Hospital Group, claims to be the UK's leading specialist weight loss and cosmetic surgery group. It has 11 clinics specialising in bariatric weight loss surgery, breast enlargements, nipple corrections and nose adjustments. The company has previously promoted itself via celebrity endorsements, although it has not done so for several years. Former Big Brother contestant Aisleyne Horgan-Wallace told Zoo magazine about her breast enhancement surgery with The Hospital Group in 2009. Atomic Kitten singer Kerry Katona, Shameless actress Tina Malone and reality TV star Joey Essex from The Only Way is Essex are also previous patients who have endorsed the clinic.

Read more of this story at Slashdot.

BMW Backtracks: 'We Do Not Draw on Warranty Status' For Targeted Ads

Slashdot - Your Rights Online - Cz, 2020-12-24 16:41
BMW has told Motoring Research its targeted billboard warranty adverts -- which are claimed to use number plate registration technology to tailor public adverts to BMW drivers -- do not actually draw upon vehicle warranty status. From a report: Rather, only publically available information is used. "There is no personalisation visible on the advert and no vehicle or customer data is stored or retained." The new initiative was originally claimed to focus on BMW drivers with an expired new or Approved Used warranty. Owners will receive personalised messages on electronic roadside billboards highlighting the fact they no longer have a valid warranty. They will be warned their vehicle is not covered for the cost of repairs, and invited to 'consider purchasing a BMW Insured warranty online.' The electronic billboards use Vehicle Detection Technology to pick out BMW owners with expired warranties.

Read more of this story at Slashdot.

ExamSoft Flags One-Third of California Bar Exam Test Takers For Cheating

Slashdot - Your Rights Online - Cz, 2020-12-24 15:00
The California Bar released data last week confirming that during its use of ExamSoft for the October Bar exam, over one-third of the nearly nine-thousand online examinees were flagged by the software. The Electronic Frontier Foundation is concerned that the exam proctoring software is incorrectly flagging students for cheating "due either to the software's technical failures or to its requirements that students have relatively new computers and access to near-broadband speeds." From the report: This is outrageous. It goes without saying that of the 3,190 applicants flagged by the software, the vast majority were not cheating. Far more likely is that, as EFF and others have said before, remote proctoring software is surveillance snake oil -- you simply can't replicate a classroom environment online, and attempting to do so via algorithms and video monitoring only causes harm. In this case, the harm is not only to the students who are rightfully upset about the implications and the lack of proper channels for redress, but to the institution of the Bar itself. While examinees have been searching for help from other examinees as well as hiring legal counsel in their attempt to defend themselves from potentially baseless claims of cheating, the California Committee of Bar Examiners has said "everything is going well" and called these results "a good thing to see" (13:30 into the video of the Committee meeting). That is not how we see it. These flags have triggered concern for hundreds, if not thousands, of test takers, most of whom had no idea that they were flagged until recently. Many only learned about the flag after receiving an official "Chapter 6 Notice" from the Bar, which is sent when an applicant is observed (supposedly) violating exam conduct rules or seen or heard with prohibited items, like a cell phone, during the exam. In a depressingly ironic introduction to the legal system, the Bar has requested that students respond to the notices within 10 days, but it would appear that none of them have been given enough information to do so, as Chapter 6 Notices contain only a short summary of the violation. These summaries are decidedly vague: "Facial view of your eyes was not within view of the camera for a prolonged period of time"; "No audible sound was detected"; "Leaving the view of the webcam outside of scheduled breaks during a remote-proctored exam." Examinees do not currently have access to the flagged videos themselves, and are not expected to receive access to them, or any other evidence against them, before they are required to submit a response. The report goes on to say that some of these flags are technical issues with ExamSoft. For example, Lenovo laptops appear to have been flagged en masse for an issue with the software's inability to access the internal microphone. Other flags are likely due to the inability of the software to correctly recognize the variability of examinees' demeanors and expressions. "We implore the California Bar to rethink its plans for remotely-proctored future exams, and to work carefully to offer clearer paths for examinees who have been flagged by these inadequate surveillance tools," the EFF says in closing. "Until then, the Bar must provide examinees who have been flagged with a fair appeals process, including sharing the videos and any other information necessary for them to defend themselves before requiring a written response."

Read more of this story at Slashdot.

Nintendo Conducted Invasive Surveillance Operation Against Homebrew Hacker

Slashdot - Your Rights Online - Cz, 2020-12-24 03:25
Leaked Nintendo documents have revealed a frightening surveillance operation carried out against a hacker who was researching exploits for the 3DS handheld. TorrentFreak reports: During the past 24 hours, various Twitter accounts (1,2) have been posting snippets from documents that were recently leaked from Nintendo. While there are numerous items of interest, the most shocking revelations involve Neimod, a hacker who several years ago developed exploits for the 3DS handheld console. [T]he scale of the operation, which is revealed in detail in the leaked documents, shows just how far the gaming giant was prepared to go to stop his work. For example, the leak reveals personal profiling that dug deeply into Neimod's education status, listed details of his working life, while offering evidence of physical snooping on his daily lifestyle. What time he could be found at home, who came to see him there, and even when he visited places like banks and restaurants are all included. While this kind of surveillance is creepy in its own right, additional documents reveal a detailed plan to use the gathered intelligence to physically confront Neimod in order to pressurize him into complying with the company's demands. According to Nintendo's planning, the operation would begin around April 15, 2013, with its team meeting at a local hotel to discuss and finalize their plans. Following a review of Neimod's movements of the previous week, the team would then decide where and when contact would be made -- after work or at home, for example. With an undercover investigator monitoring Neimod to discover what time he left work, Neimod was to be approached by a 'contact team,' who were instructed to approach their target "in a friendly, non-threatening, professional, and courteous manner." "Provide a business card," the instructions read. After Neimod had been engaged in conversation, the team was instructed to flatter the hacker by "acknowledging his engineering/programming aptitude." They were also told to reference his stated aim of not "facilitating piracy" with his hacks but point out Nintendo's concerns that a release of his hack could do just that. Whether Neimod complied or resisted, Nintendo prepared for both eventualities. The following slide, posted to Twitter by Eclipse-TT, shows a flow chart that begins with instructions for the "Knock and Talk Team," details a staging area, rules of engagement, and plans for what should happen when things go to plan -- or otherwise. The Nintendo "Final Enforcement Proposal" document describes a "carrot and stick" approach, with the stick being a laundry list of potential offenses committed by Neimod under Belgian law and the carrot representing a number of sweeteners that might be of interest to the hacker. If cooperation was achieved, Nintendo suggested it could refrain from filing a criminal complaint. It may also enter into a "bounty" contract with Neimod with payments made for finding and documenting exploits. Within certain parameters, his discoveries could still be announced to the public, allowing him to retain "bragging rights." This could help Nintendo's image, the company wrote.

Read more of this story at Slashdot.

Russia Lawmakers Pass Bills That Could Block Social Media Sites

Slashdot - Your Rights Online - Cz, 2020-12-24 01:20
Russian lawmakers have approved a range of new measures that could further stifle dissent and allow tighter restrictions on online content -- including blocking websites like YouTube and Twitter. NPR reports: One bill would allow for the blocking of foreign websites that it says "discriminate" against Russian media. A second law would allow it to levy large fines against companies that don't take down content banned in the country. A third law would establish jail terms for those convicted of making slanderous comments online or in the media. A person found guilty of slander could face up to two years in jail and be fined up to 1 million rubles (about $13,300), Reuters reports. The bills were passed by Russia's lower house, the State Duma. If they become law, as expected, they would mean that Russia could block websites like YouTube, Facebook and Twitter that label content produced by Russian state media outlets as being just that. Under the legislation, Russian authorities will be able to block or slow down such sites.

Read more of this story at Slashdot.

Oracle's Hidden Hand Is Behind the Google Antitrust Lawsuits

Slashdot - Your Rights Online - Cz, 2020-12-24 00:02
An anonymous reader quotes a report from Bloomberg: With great fanfare last week, 44 attorneys general hit Google with two antitrust complaints, following a landmark lawsuit the Justice Department and 11 states lodged against the Alphabet Inc. unit in October. What's less known is that Oracle Corp. spent years working behind the scenes to convince regulators and law enforcement agencies in Washington, more than 30 states, the European Union, Australia and at least three other countries to rein in Google's huge search-and-advertising business. Those efforts are paying off. Officials in more than a dozen of the states that sued Google received what has been called Oracle's "black box" presentation showing how Google tracks users' personal information, said Ken Glueck, Oracle's top Washington lobbyist and the architect of the company's antitrust campaign against Google. Glueck outlined for Bloomberg the presentation, which often entails putting an Android phone inside a black briefcase to show how Google collects users' location details -- even when the phones aren't in use -- and confirmed the contours of the pressure campaign. "I couldn't be happier," said Glueck about the barrage of lawsuits. "As far as I can tell, there are more states suing Google than there are states." Oracle has fallen behind the tech giants in the marketplace, yet is notching one legal and regulatory win after another against them, Google especially. In response, Google spokesman Jose Castaneda denounced Oracle's "cloak-and-dagger lobbying campaign," saying "while Oracle describes itself as the biggest data broker on the planet, we're focused on keeping consumers' information safe and secure."

Read more of this story at Slashdot.

DHS Is Looking Into Backdoors In Smart TVs By China's TCL

Slashdot - Your Rights Online - Śr, 2020-12-23 04:02
chicksdaddy shares a report from The Security Ledger: The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports last month in The Security Ledger and elsewhere that the devices may give the company "back door" access to deployed sets, The Security Ledger reports. Speaking at The Heritage Foundation, a conservative think tank, Acting DHS Secretary Chad Wolf said that DHS is "reviewing entities such as the Chinese manufacturer TCL." "This year it was discovered that TCL incorporated backdoors into all of its TV sets exposing users to cyber breaches and data exfiltration. TCL also receives CCP state support to compete in the global electronics market, which has propelled it to the third largest television manufacturer in the world," Wolf said, according to a version of prepared remarks published by DHS. His talk was entitled "Homeland Security and the China Challenge." As reported last month, independent researchers John Jackson -- an application security engineer for Shutter Stock -- and a researcher using the handle Sick Codes identified and described two serious software security holes affecting TCL brand television sets and would allow an unprivileged remote attacker on the adjacent network to download most system files from the TV set up to and including images, personal data and security tokens for connected applications. The flaw could lead to serious critical information disclosure, the researchers warned. Both flaws affect TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below, according to the official CVE reports. In an interview with The Security Ledger, the researcher Sick Codes said that a TCL TV set he was monitoring was patched for the CVE-2020-27403 vulnerability without any notice from the company and no visible notification on the device itself. In a statement to The Security Ledger, TCL disputed that account. By TCL's account, the patched vulnerability was linked to a feature called "Magic Connect" and an Android APK by the name of T-Cast, which allows users to "stream user content from a mobile device." T-Cast was never installed on televisions distributed in the USA or Canada, TCL said. For TCL smart TV sets outside of North America that did contain T-Cast, the APK was "updated to resolve this issue," the company said. That application update may explain why the TCL TV set studied by the researchers suddenly stopped exhibiting the vulnerability. In his address on Monday, Acting Secretary Wolf said the warning about TCL will be part of a broader "business advisory" cautioning against using data services and equipment from firms linked to the People's Republic of China (PRC). This advisory will highlight "numerous examples of the PRC government leveraging PRC institutions like businesses, organizations, and citizens to covertly access and obtain the sensitive data of businesses to advance its economic and national security goals," Wolf said. "DHS flags instances where Chinese companies illicitly collect data on American consumers or steal intellectual property. CCP-aligned firms rake in tremendous profits as a result," he said.

Read more of this story at Slashdot.

France Bans Use of Drones To Police Protests In Paris

Slashdot - Your Rights Online - Śr, 2020-12-23 03:25
France's top administrative court has backed privacy campaigners by imposing a ban on police use of drones for covering public protests in Paris. The BBC reports: The Council of State said Paris police prefect Didier Lallement should halt "without delay" drone surveillance of gatherings on public roads. The ruling comes weeks after MPs backed a controversial security bill that includes police use of drones. Its main aim is to regulate how people share film or photos of police. Privacy rights group La Quadrature du Net (LQDN) has argued that the bill's main measures violate freedom of expression and that drones equipped with cameras cannot keep the peace but track individuals instead. The Council of State ruled there was "serious doubt over the legality" of drones without a prior text authorizing and setting out their use. LQDN said the only way the government could legalize drone surveillance now was in providing "impossible proof" that it was absolutely necessary to maintain law and order. The decision is the second setback in months for Parisian authorities' drone plans. In May, the same court ruled that drones could not be used in the capital to track people in breach of France's strict lockdown rules.

Read more of this story at Slashdot.

MIT Electrical Engineer Selected For US Senate

Slashdot - Your Rights Online - Śr, 2020-12-23 02:45
oort99 writes: MIT Electrical Engineering graduate and California Secretary of State Alex Padilla has been selected by California governor Gavin Newsom to replace Kamala Harris. He will join Steve Daines and Martin Heinrich as one of three U.S. Senators with engineering credentials currently serving in the Senate. "Padilla, 47, the son of Mexican immigrants, will be the first Latino from the state to hold the position," notes NPR. "Padilla has been California's secretary of state since 2015. Previously, he was a state senator and Los Angeles city councilman." Since Harris was first elected in 2016, Padilla will fill the seat by appointment until 2022 when an election will be held for the next full six-year term.

Read more of this story at Slashdot.