aggregator

Last-Minute TikTok Deal Averts Shutdown

Slashdot - Your Rights Online - N, 2020-09-20 06:30
"President Donald Trump said Saturday he's given his 'blessing' to a proposed deal that would see the popular video-sharing app TikTok partner with Oracle and Walmart and form a U.S. company," reports CBS News: Mr. Trump has targeted Chinese-owned TikTok for national security and data privacy concerns in the latest flashpoint in the rising tensions between Washington and Beijing. The president's support for a deal comes just a day after the Commerce Department announced restrictions that if put in place could eventually make it nearly impossible for TikTok's legions of younger fans to use the app. Mr. Trump said if completed the deal would create a new company likely to be based in Texas... TikTok said Oracle and Walmart could acquire up to a cumulative 20% stake in the new company in a financing round to be held before an initial public offering of stock, which Walmart said could happen within the next year. Oracle's stake would be 12.5%, and Walmart's would be 7.5%, the companies said in separate statements. The deal will make Oracle responsible for hosting all TikTok's U.S. user data and securing computer systems to ensure U.S. national security requirements are satisfied. Walmart said it will provide its ecommerce, fulfillment, payments and other services to the new company. "We are pleased that the proposal by TikTok, Oracle, and Walmart will resolve the security concerns of the U.S. administration and settle questions around TikTok's future in the U.S.," TikTok said in a statement. "According to a source close to the matter, ByteDance would keep the rest of the shares," reports a public TV station in Australia. "But since the Chinese company is 40 per cent owned by American investors, TikTok would eventually be majority American-owned." Today America's Treasury Department told CBS that the deal still needs to close with Oracle and Walmart, and those documents and conditions then need to be approved by government regulatory. But because of today's announcement, "the department said Saturday that it will delay the barring of TikTok from U.S. app stores until Sept. 27 at 11:59 p.m."

Read more of this story at Slashdot.

US Spy Plane Impersonates A Malaysian Aircraft

Slashdot - Your Rights Online - So, 2020-09-19 19:34
Popular Mechanics reports: A U.S. Air Force aircraft electronically impersonated a Malaysian plane while flying over the South China Sea this week. The RC-135W Rivet Joint reconnaissance aircraft flew off China's Hainan island on Tuesday, coming within 55 miles of the Chinese mainland. The caper was outed on Twitter by a think tank operated by the Chinese government, which provided enough details for independent verification. The plane's International Civil Aviation Organization (ICAO) Mode-S number, a 24-bit identifier assigned to all aircraft and broadcast by onboard transponder, was AE01CE. The Mode S system provides big-picture situational awareness and improves aviation safety. At some point, the plane's Mode-S number suddenly changed, from AE01CE to 750548. That's the ICAO number for an unknown Malaysian aircraft... The RC-135W Rivet Joint is a converted Boeing 707 jetliner designed to collect electronic intelligence for later analysis... It's not clear why the RC-135W flew where it did. The flight probably coincided with Chinese military exercises, likely air or naval, or even a missile test. It's also worth pointing out that China's nuclear ballistic missile submarine force is based at Yulin on Hainan Island. It's also not clear why the RC-135W engaged in the deception. Steffan Watkins, a Canadian open source intelligence researcher, tells Popular Mechanics. "If the reconnaissance is happening outside sovereign airspace, there is no pressing need to engage in that sort of deception. It's perfectly legal, and done in plain sight off the coast of Russia, Syria, and Crimea all the time — literally, every day there are RC-135s off the coast of Russia, with their transponders on, and broadcasting exactly who they are. I can't explain the difference with China. Why the difference in emissions posture and obfuscation....?" The announcement is likely a warning to the Pentagon that the Chinese military sees through the deception, and that it's watching the watchers.

Read more of this story at Slashdot.

At Least 10 Amazon Employees Took Bribes from Sellers, Indictment Alleges

Slashdot - Your Rights Online - So, 2020-09-19 16:34
CBS News reports: Six people allegedly conspired to bribe Amazon employees and contractors in order to gain a competitive advantage on the retailer's marketplace, federal prosecutors announced Friday. According to the U.S. Department of Justice, those charged posed as consultants and worked with third-party sellers whose products had previously been removed from Amazon Marketplace get the items back on the platform. The six then paid a total of more than $100,000 in bribes to least 10 Amazon employees in exchange for their restoring the banned products or services, the indictment alleges. The products included household goods, consumer electronics and dietary supplements, prosecutors said. "The ultimate victim from this criminal conduct is the buying public, who get inferior or even dangerous goods that should have been removed from the marketplace," U.S. Attorney Brian Moran said in a statement. "As the world moves increasingly to online commerce, we must ensure that the marketplace is not corrupted with unfair advantages obtained by bribes and kickbacks...." The six accused face up to five years in prison for commercial bribery and up to 20 years for wire fraud. One of the six actually worked for Amazon at the beginning of the scheme, according to the article, which notes that their tactics included temporarily suspending the accounts of competitors. One FBI agent in Seattle tells CBS, "What's equally concerning is that, not only did they attempt to increase sales of their own products, but they sought to damage and discredit their competitors."

Read more of this story at Slashdot.

Iranian Hackers Found Way Into Encrypted Apps, Researchers Say

Slashdot - Your Rights Online - So, 2020-09-19 05:30
An anonymous reader quotes a report from The New York Times: Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems -- a capability Iran was not previously known to possess, according to two digital security reports released Friday. The operation not only targets domestic dissidents, religious and ethnic minorities and antigovernment activists abroad, but can also be used to spy on the general public inside Iran, said the reports byCheck Point Software Technologies, a cybersecurity technology firm, andthe Miaan Group, a human rights organization that focuses on digital security in the Middle East. The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought to be secure mobile phones and computers belonging to the targets, overcoming obstacles created by encrypted applications such as Telegram and, according to Miaan, even gaining access to information on WhatsApp. Both are popular messaging tools in Iran. The hackers also have created malware disguised as Android applications, the reports said. [...] According to the report by Check Point's intelligence unit, the cyberespionage operation was set up in 2014, and its full range of capabilities went undetected for six years. Miaan traced the first the operation to February 2018 from a malicious email targeting a Sufi religious group in Iran after a violent confrontation between its members and Iranian security forces. It traced the malware used in that attack and further attacks in June 2020 to a private technology firm in Iran's northeast city of Mashhad named Andromedaa. Miaan researchers determined that Andromedaa had a pattern of attacking activists, ethnic minority groups and separatist opposition groups but also had developed phishing and malware tools that could target the general public. The hackers appeared to have a clear goal: stealing information about Iranian opposition groups in Europe and the United States and spying on Iranians who often use mobile applications to plan protests, according to the Miaan report. [...] According to Check Point, the hackers use a variety of infiltration techniques, including phishing, but the most widespread method is sending what appear to be tempting documents and applications to carefully selected targets. [...] The spyware enabled the attackers to gain access to almost any file, log clipboard data, take screenshots and steal information. According to Miaan, one application empowered hackers to download data stored on WhatsApp. In addition, the attackers discovered a weakness in the installation protocols of several encrypted applications including Telegram, which had always been deemed relatively secure, enabling them to steal the apps' installation files. These files, in turn, allow the attackers to make full use of the victims' Telegram accounts. "Although the attackers cannot decipher the encrypted communications of Telegram, their strategy makes it unnecessary," the report adds. "Rather, they use the stolen installation files to create Telegram logins to activate the app in the victims' names on another device. This enables the attackers to secretly monitor all Telegram activity of the victims."

Read more of this story at Slashdot.

Facebook Accused of Watching Instagram Users Through Cameras

Slashdot - Your Rights Online - So, 2020-09-19 03:20
Facebook is again being sued for allegedly spying on Instagram users, this time through the unauthorized use of their mobile phone cameras. Bloomberg reports: The lawsuit springs from media reports in July that the photo-sharing app appeared to be accessing iPhone cameras even when they weren't actively being used. Facebook denied the reports and blamed a bug, which it said it was correcting, for triggering what it described as false notifications that Instagram was accessing iPhone cameras. In the complaint filed Thursday in federal court in San Francisco, New Jersey Instagram user Brittany Conditi contends the app's use of the camera is intentional and done for the purpose of collecting "lucrative and valuable data on its users that it would not otherwise have access to." By "obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes," Instagram and Facebook are able to collect "valuable insights and market research," according to the complaint.

Read more of this story at Slashdot.

Tesla Wins Lawsuit Against Whistleblower Accused of Hacks

Slashdot - Your Rights Online - So, 2020-09-19 00:20
An anonymous reader writes: The US District Court of Nevada awarded Tesla a win in its lawsuit against a former employee, filed two years ago. You may recall CEO Elon Musk referred to this incident in a previously leaked email calling on employees to be "extremely vigilant." Martin Tripp, who worked at the company's Nevada Gigafactory, was accused of hacking the automaker and supplying sensitive information to unnamed third parties. Reuters reported Friday the court ruled in Tesla's favor and dismissed Tripp's motion to file another reply to the court. Tesla did not immediately respond to a request for comment, but according to Reuters, the court will grant Tesla's motion to seal the case. Tripp originally entered the spotlight two years ago after seeking whistleblower protections and accusing Tesla of "some really scary things." He told The Washington Post he was the individual who provided information to the media and accused Tesla of building Model 3 sedans with punctured batteries. Tesla, in turn, accused Tripp of making false claims to the media. Tripp also denied any allegations he hacked Tesla, saying, "I don't have the patience for coding." The automaker previously named Tripp as a disgruntled employee angry after not receiving a promotion and accused him of aiding the theft of confidential photos and videos documenting Tesla's manufacturing process.

Read more of this story at Slashdot.

CEO of Cyber Fraud Startup NS8 Arrested By FBI, Facing Fraud Charges

Slashdot - Your Rights Online - Pt, 2020-09-18 22:20
An anonymous reader quotes a report from Forbes: The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas. Adam Rogas, who abruptly resigned from NS8 earlier this month, is accused of misleading investors who poured in $123 million to his company earlier this year, a deal in which he allegedly pocketed more than $17 million. "Adam Rogas was the proverbial fox guarding the henhouse," acting Manhattan U.S. Attorney Audrey Strauss said in a press statement. "While raising over $100 million from investors for his fraud prevention company, Rogas himself allegedly was engaging in a brazen fraud." NS8 launched in 2016 to provide online fraud detection and prevention software for small businesses. More than 200 NS8 employees were laid off last week after executives told them the company was under investigation by the SEC for fraud. The news was startling for many, considering the company had announced a $123 million Series A funding round in June, led by global VC firm Lightspeed Venture Partners. In a statement, NS8 said that its board "has learned that much of the company's revenue and customer information had been fabricated by Mr. Rogas." The company added that no other employees or stakeholders had been charged and that it is cooperating with federal investigators. In its complaint, filed in the Southern District of New York, the Justice Department alleged that from January 2019 to February 2020, between 40% and 95% of NS8's assets were made up. During that period, the agency alleged, Rogas presented doctored bank statements to reflect over $40 million in fictitious revenue. Charges by the Justice Department carry penalties up to 20 years in prison. Rogas is expected to face a judge in Nevada on Friday.

Read more of this story at Slashdot.

Encrochat Investigation Finds Corrupt Cops Leaking Information To Criminals

Slashdot - Your Rights Online - Pt, 2020-09-18 05:30
An anonymous reader quotes a report from Motherboard: After searching through some of the tens of millions of encrypted messages pulled from Encrochat devices, Dutch police have launched a new investigation team that will look specifically into corruption, the police force announced on Wednesday. In some cases authorities are looking to identify police who leaked information to organized criminals. The news broadens the scope of the Encrochat investigations, which have focused heavily on drug trafficking and organized crime more generally. Earlier this year, French authorities hacked into Encrochat phones en masse to retrieve message content, and then shared those communications with various other law enforcement agencies. "Criminal investigations into possible corruption are currently underway and there are likely to be more in the near future. In addition to investigations into drug trafficking and money laundering, investigations into corruption are also given top priority," Chief of Police Henk van Essen said in a Politie press release. Encrochat was an encrypted phone company that took base Android units, made physical alterations to them, and added its own software. Encrochat devices sent messages with end-to-end encryption, meaning only the intended recipient was supposed to be able to read them. The phones also had a remote wipe feature, letting users destroy communications if they lost physical control of the device, as well as a dual-boot system that let users open an innocuous looking operating system, or the second one containing their more sensitive information. The phones were particularly popular with criminals, including drug traffickers and hitmen. There are indications Encrochat may have had legitimate users too, however. Other Encrochat customers are allegedly those involved in corruption, including police themselves, the press release suggests.

Read more of this story at Slashdot.

US Charges Chinese and Malaysian Hackers In Global Hacking Campaign

Slashdot - Your Rights Online - Pt, 2020-09-18 02:23
schwit1 shares a report from NewsNation Now: The Justice Department has charged five Chinese citizens with hacks targeting more than 100 companies and institutions in the United States and elsewhere, including social media and video game companies as well as universities and telecommunications providers, officials said Wednesday. The five defendants remain fugitives, but prosecutors say two Malaysian businessmen accused of conspiring with the alleged hackers to profit off the attacks on video game companies were arrested in that country this week and face extradition proceedings. The indictments announced Wednesday are part of a broader effort by the Trump administration to call out cybercrimes by China.

Read more of this story at Slashdot.

DuckDuckGo Is Growing Fast

Slashdot - Your Rights Online - Pt, 2020-09-18 02:02
An anonymous reader quotes a report from BleepingComputer: DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform. While Google remains the most popular search engine, DuckDuckGo has gained a great deal of traction in recent months as more and more users have begun to value their privacy on the internet. DuckDuckGo saw over 2 billion searches and 4 million app/extension installations, and the company also said that they have over 65 million active users. DuckDuckGo could shatter its old traffic record if the same growth trend continues. Even though DuckDuckGo is growing rapidly, it still controls less than 2 percent of all search volume in the United States. However, DuckDuckGo's growth trend has continued throughout the year, mainly due to Google and other companies' privacy scandal.

Read more of this story at Slashdot.

WeChat Users Won't Be Targeted By Trump's Order, US Says

Slashdot - Your Rights Online - Pt, 2020-09-18 00:02
An anonymous reader quotes a report from Bloomberg: WeChat users who download the Chinese app for personal or business communications won't be targeted by President Donald Trump's executive order that will prohibit using the app for some transactions, the U.S. said. The U.S. Commerce Department plans to clarify by Sept. 20 which transactions will be prohibited. But it doesn't intend to define "the relevant transactions in such a way that would impose criminal or civil liability on such users," according to a government filing Wednesday in federal court in San Francisco. The U.S. WeChat Users Alliance is seeking a preliminary injunction against Trump's executive order. A hearing on the request is scheduled for Thursday. According to the WeChat users group, Trump's Aug. 6 order would sunder the primary and often exclusive channel many U.S. residents use to communicate with family and friends in both China and the U.S. WeChat is also used to run businesses and non-profit organizations, practice religion and as a source news. WeChat is so integral to Chinese and Chinese Americans' lives that a ban would be like "losing a limb" for some users, the group claims. "Having first failed to articulate any actual national security concern, the administration's latest 'assurances' that users can keep using WeChat, and exchange their personal and business information, only further illustrates the hollowness and pre-textual nature of defendants' 'national security' rationales," the group said in a court filing.

Read more of this story at Slashdot.

A Utah Company Claims It Invented Contact Tracing Tech

Slashdot - Your Rights Online - Cz, 2020-09-17 20:48
In the fight against Covid-19, contact tracing apps have so far largely been disappointments -- in the United States, at least. Proposed in the spring as a way to help quickly stifle viral outbreaks by tracking down potential exposures using smartphones, they were stunted by technical glitches, concerns over privacy, and the US's fragmented, haphazard pandemic response. Now, they may become mired in a fight over patents. From a report: The challenge comes from Blyncsy, a Salt Lake City-based maker of software that helps cities gather and analyze mobility data. In recent weeks, the company has sent claims seeking the equivalent of $1 per resident to states that have released or plan to release contact tracing apps, including Pennsylvania, North Dakota, South Dakota, and Virginia. The company holds three patents related to contact tracing. One of them, granted in February 2019, for "tracking proximity relationships and uses thereof," describes methods of tracking the spread of "contagion" using technology such as Bluetooth, Wi-Fi, and cellular signals. Apps launched by public health agencies during the Covid-19 pandemic infringe upon it, the company says. In April, Blyncsy launched a portal for others to request a license for its technology and submit plans for a privacy review. That was shortly after Google and Apple jointly announced an effort to get contact tracing technology in the hands of state and national governments, using Bluetooth features on the companies' smartphones. Blyncsy did not get any takers. "State governments have taken it upon themselves to roll out a solution in their name in which they're using our property without compensation," says Blyncsy CEO Mark Pittman. He describes the current crop of contact tracing apps as "fly-by-night" efforts and says his patent fight is driven by concerns about their privacy and effectiveness, not an attempt to profit.

Read more of this story at Slashdot.

Google 'Formally' Bans Stalkerware Apps From the Play Store

Slashdot - Your Rights Online - Cz, 2020-09-17 18:46
Google has updated its Play Store rules to impose a "formal" ban on stalkerware apps, but the company has left a pretty huge loophole in place for stalkerware to be uploaded on the official store as child-tracking applications. From a report: Stalkerware is a term used to describe apps that track a user's movements, snoop on calls and messages, and record other apps' activity. Stalkerware, also known as spouseware, is usually advertised to users as a way to discover cheating partners, track children while outside their homes, and as a way to keep an eye on employees at work. The primary feature of all stalkerware apps, regardless if they're intended to be used on smartphones or laptops, is that these apps can be installed and run without the device owner's knowledge, operating in the operating system's background. Over the past decade, the Play Store has hosted hundreds of applications that fit into the stalkerware category. Google, which has intervened to take down stalkerware apps when they've been pointed out by security researchers, has usually avoided making public statements on the topic.

Read more of this story at Slashdot.

Software Could Help Reform Policing -- If Only Police Unions Wanted It

Slashdot - Your Rights Online - Cz, 2020-09-17 05:30
tedlistens writes: The CEO of Taser maker Axon, Rick Smith, has a lot of high-tech ideas for fixing policing. One idea for identifying potentially abusive behavior is AI, integrated with the company's increasingly ubiquitous body cameras and the footage they produce. In a patent application filed last month, Axon describes the ability to search video not only for words and locations but also for clothing, weapons, buildings, and other objects. AI could also tag footage to enable searches for things such as "the characteristics [of] the sounds or words of the audio," including "the volume (e.g., intensity), tone (e.g., menacing, threatening, helpful, kind), frequency range, or emotions (e.g., anger, elation) of a word or a sound." Building that kind of software is a difficult task, and in the realm of law enforcement, one with particularly high stakes. But Smith also faces a more low-tech challenge, he tells Fast Company: making his ideas acceptable both to intransigent police unions and to the communities those police serve. Of course, right now many of those communities aren't calling for more technology for their police but for deep reform, if not deep budget cuts. And police officers aren't exactly clamoring for more scrutiny, especially if it's being done by a computer.

Read more of this story at Slashdot.

Piratebay.Org Sold For $50,000 At Auction, ThePiratebay.com Up Next

Slashdot - Your Rights Online - Cz, 2020-09-17 04:02
Several Pirate Bay-related domains become available again this month after their owner failed to renew the registration. Yesterday, Piratebay.org was sold in a Dropcatch auction for $50,000 and ThePiratebay.com will follow soon. Both domains were previously registered to the official Pirate Bay site. TorrentFreak reports: Over the years the Pirate Bay team had many 'backup' domains available, just in case something happened. That included various exotic TLDs but the site also owned Piratebay.org and ThePiratebay.com. We use the past tense because both domains expired recently. The domains listed Pirate Bay co-founder Fredrik Neij as the registrant and until recently the same Swedish address was listed in Whois data. For reasons unknown, however, the registrant let both Piratebay.org and ThePiratebay.com expire. This isn't a problem for the torrent site really. The domains were never used as the site's main address. ThePiratebay.com did forward to the original .org domain at one point, but that's about it. None of this means that the domains are not valuable to outsiders though. This became apparent in an auction yesterday, where Piratebay.org (without the the) was sold for $50,000 to a bidder named 'clvrfls.' The bid below ended up being the winning one. The Piratebay.org domain failed to renew earlier this month after which the professional 'drop catch' service Dropcatch.com scooped it up. They auctioned the domain off, which is a common practice, and it proved quite lucrative. What the new owner will do with the domain is unclear. It has a substantial number of backlinks and there will be plenty of type-in traffic as well. [...] ThePiratebay.com is expected to drop later this week and is listed at a pending delete auction, and ThePiratebay.net and Piratebay.net will drop in a few days as well.

Read more of this story at Slashdot.

Facebook Will Release Its First AR Glasses in 2021

Slashdot - Your Rights Online - Śr, 2020-09-16 20:03
During Facebook Connect -- the replacement for the AR/VR event previously known as Oculus Connect -- Facebook CEO Mark Zuckerberg said today that the company is planning to release its first pair of augmented reality glasses in 2021. From a report: While the company's Oculus unit has become a leading provider of VR headsets, Facebook has touted AR as the next major frontier for computing, and this release date could spread the next-generation technology to the masses earlier than expected. Zuckerberg confirmed that it has been working with Ray-Ban, owned by fashion eyewear company Luxottica, to create the product, and suggested that it will be cosmetically appealing. The companies haven't yet revealed imagery of the glasses, but it's important to note that there are at least two stages to Facebook's plans -- an initial AR wearable with basic functionality, then a future fully functional device with more features. Facebook confirmed its multiple prototype strategy last year.

Read more of this story at Slashdot.

Cambridge Staff 'Fobbed Off' At Meeting Over ARM Sale To Nvidia, Says Union

Slashdot - Your Rights Online - Śr, 2020-09-16 15:00
An anonymous reader quotes a report from The Guardian: Opposition to the $40 billion sale of the UK's largest tech firm, Arm Holdings, is mounting, as the trade union Unite said staff concerned about their future had been "fobbed off" and the company's local MP urged the government to act. The government has so far declined to say whether it will consider deploying powers to block the deal or attach conditions, despite pressure from Labour, trade unions and Arm's outspoken co-founder Hermann Hauser. On Tuesday, Unite said members who worked for Arm at its Cambridge headquarters had been kept in the dark and fobbed off in an internal meeting, with senior figures telling them any transaction was at least 18 months away. Unite called on the government to prevent the sale, saying ministers should be "protecting tech firms from being hollowed out by detrimental takeovers and providing the investment needed for the sector as a whole to flourish." Daniel Zeichner, the Labour MP whose constituency includes Arm's headquarters, will meet union officials and employees on Friday. Speaking in the House of Commons on Tuesday, he called on the government to secure a legally binding guarantee to protect jobs as well as an exemption from US foreign investment rules. On Monday, ARM co-founder Hermann Hauser penned an open letter to the UK's Prime Minister Boris Johnson in which he says that he is "extremely concerned" about the deal and how it will impact jobs in the country, Arm's business model and the future of the country's economic sovereignty independent of the U.S. and U.S. interests. A spokesperson for Arm said: "Communication sessions have been ongoing with employees at a global, regional and departmental level since the deal was made public. Together, [Arm CEO] Simon Segars and [Nvidia CEO] Jensen Huang held multiple interactive communications sessions with Arm employees, providing them with the highest levels of transparency within the legal constraints of the situation. It was also clearly communicated that the regulatory process does not have a specific timetable and employees will be kept informed as we get more information relating to the initial estimate of 18 months."

Read more of this story at Slashdot.

Europe's Top Court Says Net Neutrality Rules Bar 'Zero Rating'

Slashdot - Your Rights Online - Śr, 2020-09-16 02:50
The European Union's top court has handed down its first decision on the bloc's net neutrality rules -- interpreting the law as precluding the use of commercial 'zero rating' by Internet services providers. TechCrunch reports: 'Zero rating' refers to the practice of ISPs offering certain apps/services 'tariff free' by excluding their data consumption. It's controversial because it can have the effect of penalizing and/or blocking the use of non-zero-rated apps/services, which may be inaccessible while the zero rated apps/services are not -- which in turn undermines the principal of net neutrality with its promise of fair competition via an equal and level playing field for all things digital. The pan-EU net neutrality regulation came into force in 2016 amid much controversy over concerns it would undermine rather than bolster a level playing field online. So the Court of Justice of the EU (CJEU)'s first ruling interpreting the regulation is an important moment for regional digital rights watchers. A Budapest court hearing two actions against Telenor, related to two of its 'zero rating' packages, made a reference to the CJEU for a preliminary ruling on how to interpret and apply Article 3(1) and (2) of the regulation -- which safeguards a number of rights for end users of Internet access services and prohibits service providers from putting in place agreements or commercial practices limiting the exercise of those rights -- and Article 3(3), which lays down a general obligation of "equal and non-discriminatory treatment of traffic." The court found that 'zero rating' agreements that combine a 'zero tariff' with measures blocking or slowing down traffic linked to the use of 'non-zero tariff' services and applications are indeed liable to limit the exercise of end users' rights within the meaning of the regulation and on a significant part of the market. It also found that no assessment of the effect of measures blocking or slowing down traffic on the exercise of end users' rights is required by the regulation, while measures applied for commercial (rather than technical) reasons must be regarded as automatically incompatible. The full CJEU judgement is available here.

Read more of this story at Slashdot.

Personal Information of Roughly 46,000 Veterans Exposed In VA Hack

Slashdot - Your Rights Online - Śr, 2020-09-16 01:30
An anonymous reader quotes a report from CNN: The Department of Veterans Affairs said Monday that roughly 46,000 veterans had their personal information, including Social Security numbers, exposed in a data breach in which "unauthorized users" gained access to an online application used for making health care payments. A preliminary review of the incident indicated that the hackers accessed the application "to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols," according to the department's announcement. "The Financial Services Center (FSC) determined one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the- medical treatment of Veterans. The FSC took the application offline and reported the breach to VA's Privacy Office," the statement said. "To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology," it added. The department is taking steps to alert veterans whose information was compromised. "To protect these Veterans, the FSC is alerting the affected individuals, including the next-of-kin of those who are deceased, of the potential risk to their personal information. The department is also offering access to credit monitoring services, at no cost, to those whose social security numbers may have been compromised," Monday's statement said. "Veterans whose information was involved are advised to follow the instructions in the letter to protect their data. There is no action needed from Veterans if they did not receive an alert by mail, as their personal information was not involved in the incident," it adds.

Read more of this story at Slashdot.

A Bug In Joe Biden's Campaign App Gave Anyone Access To Millions of Voter Files

Slashdot - Your Rights Online - Śr, 2020-09-16 00:50
schwit1 shares a report from TechCrunch: A privacy bug in Democratic presidential candidate Joe Biden's official campaign app allowed anyone to look up sensitive voter information on millions of Americans, a security researcher has found. The campaign app, Vote Joe, allows Biden supporters to encourage friends and family members to vote in the upcoming U.S. presidential election by uploading their phone's contact lists to see if their friends and family members are registered to vote. The app uploads and matches the user's contacts with voter data supplied from TargetSmart, a political marketing firm that claims to have files on more than 191 million Americans. When a match is found, the app displays the voter's name, age and birthday, and which recent election they voted in. This, the app says, helps users find people you know and encourage them to get involved." While much of this data can already be public, the bug made it easy for anyone to access any voter's information by using the app. The App Analyst, a mobile expert who detailed his findings on his eponymous blog, found that he could trick the app into pulling in anyone's information by creating a contact on his phone with the voter's name. The Biden campaign fixed the bug and pushed out an app update on Friday. "We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed," Matt Hill, a spokesperson for the Biden campaign, told TechCrunch. "We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so."

Read more of this story at Slashdot.