aggregator

Thousands of Zoom Video Calls Left Exposed on Open Web

Slashdot - Your Rights Online - Pt, 2020-04-03 22:02
Thousands of personal Zoom videos have been left viewable on the open Web, highlighting the privacy risks to millions of Americans as they shift many of their personal interactions to video calls in an age of social distancing. From a report: Many of the videos appear to have been recorded through Zoom's software and saved onto separate online storage space without a password. But because Zoom names every video recording in an identical way, a simple online search can reveal a long stream of videos that anyone can download and watch. Zoom videos are not recorded by default, though call hosts can choose to save them to Zoom servers or their own computers. There's no indication that live-streamed videos or videos saved onto Zoom's servers are publicly visible. But many participants in Zoom calls may be surprised to find their faces, voices and personal information exposed because a call host can record a large group call without participants' consent.

Read more of this story at Slashdot.

Facebook Wanted NSO Spyware To Monitor Users, NSO CEO Claims

Slashdot - Your Rights Online - Pt, 2020-04-03 17:24
Facebook representatives approached controversial surveillance vendor NSO Group to try and buy a tool that could help Facebook better monitor a subset of its users, according to an extraordinary court filing from NSO in an ongoing lawsuit. From a report: Facebook is currently suing NSO for how the hacking firm leveraged a vulnerability in WhatsApp to help governments hack users. NSO sells a product called Pegasus, which allows operators to remotely infect cell phones and lift data from them. According to a declaration from NSO CEO Shalev Hulio, two Facebook representatives approached NSO in October 2017 and asked to purchase the right to use certain capabilities of Pegasus. At the time, Facebook was in the early stages of deploying a VPN product called Onavo Protect, which, unbeknownst to some users, analyzed the web traffic of users who downloaded it to see what other apps they were using. According to the court documents, it seems the Facebook representatives were not interested in buying parts of Pegasus as a hacking tool to remotely break into phones, but more as a way to more effectively monitor phones of users who had already installed Onavo.

Read more of this story at Slashdot.

'Call of Duty' Wins First Amendment Victory Over Use of Humvees

Slashdot - Your Rights Online - Pt, 2020-04-03 05:30
An anonymous reader quotes a report from The Hollywood Reporter: Call of Duty maker Activision has prevailed in a closely watched trademark dispute brought by AM General, the government contractor for Humvees. On Tuesday, a New York federal judge responded favorably to Activision's argument that it had a First Amendment right to depict contemporary warfare in its game by featuring Humvees. "If realism is an artistic goal, then the presence in modern warfare games of vehicles employed by actual militaries undoubtedly furthers that goal," writes U.S. District Court Judge George B. Daniels in granting summary judgment in favor of Activision. The video game publisher fought AM General's claims along with Major League Gaming Corp., a professional esports organization. The dispute was potentially worth tens of millions of dollars, and the discussion attracted intellectual property professors and the Electronic Software Association to weigh in with amicus briefs. You can read the full opinion here.

Read more of this story at Slashdot.

New York Finally Legalizes Electric Bikes and Scooters

Slashdot - Your Rights Online - Pt, 2020-04-03 02:50
Included in New York's tentative budget agreement reached on April 1st is a provision that would legalize throttle-based bikes and scooters. The Verge reports: The budget language almost exactly mirrors a bill that passed the New York State Legislature last year but was inexplicably vetoed at the last minute by Gov. Andrew Cuomo. It changes state law to legalize e-bikes and scooters but would give localities the ability to decide for themselves how to regulate the vehicles. Throttle-based e-bikes favored by delivery workers would be legal, and dockless scooter services like Bird and Lime would need to be permitted by municipalities before launching. Scooters would stay illegal in Manhattan, though the city could eventually overrule that provision. The budget language would create three classes of e-bikes: Class 1 is pedal-assisted with no throttle; Class 2 is throttle-assisted with a maximum speed of 20 mph; and Class 3 is throttle-powered with a maximum speed of 25 mph. E-scooters would be capped at 15 mph, and riders under 18 years of age would be required to wear a helmet. Helmets would also be required for riders of Class 3 e-bikes. (Food delivery workers, who favor these bikes, are already required by law to wear helmets.) But the budget is undoubtedly a huge win for delivery workers and immigrant rights groups that have been fighting for nearly a decade to overturn the rules.

Read more of this story at Slashdot.

FCC To Vote On Adding 6Ghz Band To Wi-Fi 6 To Improve Speeds

Slashdot - Your Rights Online - Pt, 2020-04-03 01:30
An anonymous reader quotes a report from Gizmodo: Devices with Wi-Fi 6 started rolling out at the end of 2019, but now, a new vote proposed by the FCC could open up the 6Ghz band to unlicensed wifi and add a massive speed boost to wireless gadgets. Backed by Chairman Pai, the FCC vote is scheduled to take place on April 23rd, and if passed would add 1200MHz of available bandwidth to the usable wifi spectrum which the FCC says would "effectively increase the amount of spectrum available for Wi-Fi almost by a factor of five." Not only would this improve things like latency and download and uploads speeds, because the 6Ghz band was previously mostly used to support things like wireless backhaul, microwave services, and a limited number of public safety services, new 6GHz wifi devices wouldn't really have to compete with other gadgets for spectrum, unlike the existing 2.4Ghz wifi band which often suffers from interference caused by household appliances. The move is also seeing widespread industry support from a number of groups including the Wi-Fi Alliance, which earlier this year announced the creation of the Wi-Fi 6E which incorporates the 6Ghz band into current wireless standards. A number of tech companies also approve of the proposal, including Qualcomm, Intel, Facebook, Cisco and Apple.

Read more of this story at Slashdot.

Moscow To Launch Mandatory Surveillance App To Track Residents In Coronavirus Lockdown

Slashdot - Your Rights Online - Cz, 2020-04-02 22:50
An anonymous reader quotes a report from NPR: City authorities in Moscow are rolling out new digital "social monitoring" tools targeting the public, after what officials say were constant violations of the city's quarantine imposed this week to fight the spread of the new coronavirus. Under restrictions in place since Monday, most of the city's 12 million residents must remain indoors, barring a few exceptions -- like trips to the supermarket or pharmacy, taking out the trash or briefly walking the dog. But starting Thursday, Muscovites will have their movements tracked through a mandatory app required on their smartphones. Don't have one? The city says it will lend out devices. In addition, Moscow residents will be obligated to register for a government-issued QR code -- a small square matrix bar code containing personal data. What information the codes will hold isn't yet clear. But Russians must present it on their smartphones or carry a printout of their QR profiles to present to police, when requested. (City officials say they're also preparing to educate the public -- and elder Russians, in particular -- on what a QR code actually is.) The new tools will merge with existing street cameras and face recognition software to quickly identify residents who stray from their homes and/or quarantines, say authorities. President Putin also signed a bill into law on Wednesday that introduces criminal penalties for skipping quarantine and infecting others. They include fines and up to seven years in prison.

Read more of this story at Slashdot.

Trump Issues Order Under Defense Production Act To Secure More Ventilators

Slashdot - Your Rights Online - Cz, 2020-04-02 22:04
President Trump moved to use the Defense Production Act, a Korean War-era national security mobilization law, to secure supplies companies need to make ventilators. From a report: "My order to the Secretary of Health and Human Services and the Secretary of Homeland Security will help domestic manufacturers like General Electric, Hill-Rom, Medtronic, ResMed, Royal Philips, and Vyaire Medical secure the supplies they need to build ventilators needed to defeat the virus," Mr. Trump said in statement that accompanied his order. He praised the companies and other domestic manufacturers for ramping up production of the machines and said the order "will save lives by removing obstacles in the supply chain that threaten the rapid production of ventilators."

Read more of this story at Slashdot.

The Internet is Now Rife With Places Where You Can Organize Zoom-bombing Raids

Slashdot - Your Rights Online - Cz, 2020-04-02 21:37
The internet is rife with online communities where users can go and share Zoom conference codes and request that pranksters connect and hurl insults, play pornographic material, or make death threats against other participants -- in a practice called Zoom-bombing or a Zoom raid. From a report: ZDNet began tracking the tactic since mid-March when the term was first coined following a TechCrunch article. Ever since then, Zoom-bombing incidents have increased, as articles in major news outlets like the New York Times and the BBC have made the practice a favorite pastime for all the teenagers stuck in their homes during the current coronavirus (COVID-19) quarantines. From a niche prank that started on a derelict Discord channel, Zoom-bombing has now spread to enormous proportions -- being so rampant these days that the FBI sent a nationwide alert last week, urging companies, schools, and universities to take steps to secure their Zoom channels. But as Zoom-bombing became more popular, more pranksters wanted to join on the fun, and more users wanted their friends' Zoom meetings disrupted. And as the old saying goes; where there's a demand, there's always a supply. Over the course of the past week, the number of places on the public internet where you can request a zoom raid from a gang of bored teenagers has exploded.

Read more of this story at Slashdot.

SpaceX Bans Zoom Over Privacy Concerns

Slashdot - Your Rights Online - Cz, 2020-04-02 17:24
Elon Musk's rocket company SpaceX has banned its employees from using video conferencing app Zoom, citing "significant privacy and security concerns," according to a memo seen by Reuters, days after U.S. law enforcement warned users about the security of the popular app. From a report: SpaceX's ban on Zoom Video illustrates the mounting challenges facing aerospace manufacturers as they develop technology deemed vital to national security while also trying to keep employees safe from the fast-spreading respiratory illness. In an email dated March 28, SpaceX told employees that all access to Zoom had been disabled with immediate effect. "We understand that many of us were using this tool for conferences and meeting support," SpaceX said in the message. "Please use email, text or phone as alternate means of communication." NASA, one of SpaceX's biggest customers, also prohibits its employees from using Zoom, said Stephanie Schierholz, a spokeswoman for the U.S. space agency. The Federal Bureau of Investigation's Boston office on Monday issued a warning about Zoom, telling users not to make meetings on the site public or share links widely after it received two reports of unidentified individuals invading school sessions, a phenomenon known as "zoombombing."

Read more of this story at Slashdot.

A Feature on Zoom Secretly Displayed Data From People's LinkedIn Profiles

Slashdot - Your Rights Online - Cz, 2020-04-02 16:44
After an inquiry from The New York Times reporters, Zoom said it would disable a data-mining feature that could be used to snoop on participants during meetings without their knowledge. From a report: For Americans sheltering at home during the coronavirus pandemic, the Zoom videoconferencing platform has become a lifeline, enabling millions of people to easily keep in touch with family members, friends, students, teachers and work colleagues. But what many people may not know is that, until Thursday, a data-mining feature on Zoom allowed some participants to surreptitiously access LinkedIn profile data about other users -- without Zoom asking for their permission during the meeting or even notifying them that someone else was snooping on them. The undisclosed data mining adds to growing concerns about Zoom's business practices at a moment when public schools, health providers, employers, fitness trainers, prime ministers and queer dance parties are embracing the platform. An analysis by The New York Times found that when people signed in to a meeting, Zoom's software automatically sent their names and email addresses to a company system it used to match them with their LinkedIn profiles.

Read more of this story at Slashdot.

Hospitals Tell Doctors They'll Be Fired If They Speak Out About Lack of Gear

Slashdot - Your Rights Online - Cz, 2020-04-02 00:50
schwit1 shares a report from Bloomberg, commenting: "And the claim that this is about protecting 'patient privacy' is b***shit." From the report: Ming Lin, an emergency room physician in Washington state, said he was told Friday he was out of a job because he'd given an interview to a newspaper about a Facebook post detailing what he believed to be inadequate protective equipment and testing. In Chicago, a nurse was fired after emailing colleagues that she wanted to wear a more protective mask while on duty. In New York, the NYU Langone Health system has warned employees they could be terminated if they talk to the media without authorization." Doctors are a famously independent profession, where individual medical judgment on what's best for the patient is prized over administrative dictates. That's reared its head during the Covid-19 outbreak, with many physicians, nurses and other health-care workers taking to social media to express deep concerns about the lack of protective gear or much-needed patient-care equipment like respirators. Some posts have gone viral and are being shared hundreds of thousands of times, often tagged with #GetMePPE. Privacy laws prohibit disclosing specific patient information, but they don't bar discussing general working conditions. The report notes that not all hospitals are blocking staff from talking to the press. "New York's Mount Sinai has been scheduling media interviews for nurses, physicians and trainees to help the public understand the severity of the crisis," reports Bloomberg. "The University of California San Francisco Medical Center has gotten hundreds of such calls and encouraged workers to talk to reporters."

Read more of this story at Slashdot.

Microsoft President Calls Washington State's New Facial Recognition Law 'a Significant Breakthrough'

Slashdot - Your Rights Online - Cz, 2020-04-02 00:10
Microsoft President Brad Smith took a break from responding to the COVID-19 outbreak this week to praise Washington state's landmark facial recognition regulations. Washington Gov. Jay Inslee signed a bill Tuesday that establishes rules specifically governing facial recognition software. From a report: Smith called the law an "early and important model" and "a significant breakthrough" in a blog post published Tuesday. Some cities have enacted their own facial recognition rules, but Washington is the first to establish statewide regulations. "This balanced approach ensures that facial recognition can be used as a tool to protect the public, but only in ways that respect fundamental rights and serve the public interest," Smith said. The new law requires public agencies to regularly report on their use of facial recognition technology and test the software for fairness and accuracy. Law enforcement agencies must obtain a warrant before using facial recognition software in investigations unless there is an emergency. The bill also establishes a task force to study the use of facial recognition by government agencies. Under the bill, public entities using facial recognition software to make decisions that produce "legal effects" must ensure a human reviews the results. That category includes decisions that could affect a person's job, financial services, housing, insurance, and education.

Read more of this story at Slashdot.

Cloudflare Launches a DNS-Based Parental Control Service

Slashdot - Your Rights Online - Śr, 2020-04-01 22:50
Cloudflare introduced today '1.1.1.1 for Families,' a privacy-focused DNS resolver designed to help parents in their efforts to safeguard their children's online security and privacyââââââ by automatically filtering out bad sites. From a report: This new tool makes it simple for parents to add protection from malware and adult content to the entire home network, allowing them to focus on working from home instead of worrying about their kids' online safety. "1.1.1.1 for Families leverages Cloudflare's global network to ensure that it is fast and secure around the world," Cloudflare's CEO Matthew Prince said in an announcement published today.

Read more of this story at Slashdot.

OpenWRT Code-Execution Bug Puts Millions of Devices At Risk

Slashdot - Your Rights Online - Śr, 2020-04-01 12:00
Dan Goodin writes via Ars Technica: For almost three years, OpenWRT -- the open source operating system that powers home routers and other types of embedded systems -- has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital signature verifications are easy to bypass, a researcher said. Security researcher Guido Vranken, however, recently found that updates and installation files were delivered over unencrypted HTTPs connections, which are open to attacks that allow adversaries to completely replace legitimate updates with malicious ones. The researcher also found that it was trivial for attackers with moderate experience to bypass digital-signature checks that verify a downloaded update as the legitimate one offered by OpenWTR maintainers. The combination of those two lapses makes it possible to send a malicious update that vulnerable devices will automatically install. [...] The researcher said that OpenWRT maintainers have released a stopgap solution that partially mitigates the risk the bug poses. The mitigation requires new installations to be "set out from a well-formed list that would not sidestep the hash verification. However, this is not an adequate long-term solution because an attacker can simply provide an older package list that was signed by the OpenWRT maintainers." From there, attackers can use the same exploits they would use on devices that haven't received the mitigation. OpenWRT maintainers didn't immediately respond to questions asking why installation and update files are delivered over HTTP and when a longer-term fix might be available. In the meantime, OpenWRT users should install either version 18.06.7 or 19.07.1, both of which were released in February. These updates provide the stopgap mitigation.

Read more of this story at Slashdot.

Marriott Discloses New Data Breach Impacting 5.2 Million Guests

Slashdot - Your Rights Online - Śr, 2020-04-01 02:30
An anonymous reader quotes a report from CNET: Marriott International said Tuesday that names, mailing addresses, loyalty account numbers and other personal information of an estimated 5.2 million guests may've been exposed in a data breach. This is the second major security incident to hit the hotel group in less than two years. Marriott said it spotted that an "unexpected amount" of guest information may've been accessed at the end of February using the login credentials of two employees at a franchise property. The hotel group said information exposed may include names, addresses, emails, phone numbers and birthdays as well as loyalty account details and information like room preferences. Marriott said the investigation is ongoing but that it doesn't believe credit card numbers, passport information or driver's license numbers were exposed. In 2018, Marriott announced that hackers compromised the reservation database for its Starwood division, exposing records of up to 383 million guests and more than 5 million passport numbers.

Read more of this story at Slashdot.

Zoom is Leaking Peoples' Email Addresses and Photos To Strangers

Slashdot - Your Rights Online - Wt, 2020-03-31 22:01
Popular video-conferencing Zoom is leaking personal information of at least thousands of users, including their email address and photo, and giving strangers the ability to attempt to start a video call with them through Zoom. From a report: The issue lies in Zoom's "Company Directory" setting, which automatically adds other people to a user's lists of contacts if they signed up with an email address that shares the same domain. This can make it easier to find a specific colleague to call when the domain belongs to an individual company. But multiple Zoom users say they signed up with personal email addresses, and Zoom pooled them together with thousands of other people as if they all worked for the same company, exposing their personal information to one another.

Read more of this story at Slashdot.

Authors, Publishers Condemn the 'National Emergency Library' As 'Piracy'

Slashdot - Your Rights Online - Wt, 2020-03-31 05:30
An anonymous reader quotes a report from NPR: Last week, when the Internet Archive announced its "National Emergency Library," expanding access to more than a million digitized works, the group explained the move as a goodwill gesture in the time of coronavirus. With so many brick-and-mortar libraries forced to close their doors, in other words, the group was opening up its lending program: Now, instead of its usual policy of just one digital copy per reader for a 14-day period, many frustrated readers could borrow copies of the same book during the same time -- and could do so through the end of June or the end of the global pandemic, whichever came sooner. But there's one major issue that several media outlets, including NPR, failed to mention in covering the decision: Many writers and publishers say the website, even before the creation of this National Emergency Library, has been sharing full digital copies of their books without their permission. And over the weekend, dozens of prominent authors, from Colson Whitehead and Neil Gaiman to Alexander Chee, made clear that they were upset with the Internet Archive's model -- and doubly so now, with the expansion of lending services and its timing. "With mean writing incomes of only $20,300 a year prior to the crisis, authors, like others, are now struggling all the more â" from cancelled book tours and loss of freelance work, income supplementing jobs, and speaking engagements," the Authors Guild, a professional group that provides legal assistance to writers, said in a statement released Friday. "And now they are supposed to swallow this new pill, which robs them of their rights to introduce their books to digital formats as many hundreds of midlist authors do when their books go out of print, and which all but guarantees that author incomes and publisher revenues will decline even further." "Acting as a piracy site -- of which there already are too many -- the Internet Archive tramples on authors' rights by giving away their books to the world," the guild added. The Internet Archive pushed back against this characterization with a lengthy rebuttal. Brewster Kahle of the Internet Archive said the group "uses the same controls limiting access to these works as the publishers themselves, with encrypted files that are meant to disappear from the user's computer after a brief period," reports NPR. "The copies the group lends, Kahle said, are owned by the Internet Archive -- either through donations, straight-up purchases or collaborations with brick-and-mortar libraries."

Read more of this story at Slashdot.

Court Finds Algorithm Bias Studies Don't Violate US Anti-Hacking Law

Slashdot - Your Rights Online - Pn, 2020-03-30 13:34
"A federal court in D.C. has ruled in a lawsuit against Attorney General William Barr that studies aimed at detecting discrimination in online algorithms don't violate the Computer Fraud and Abuse Act," reports Engadget: The government argued that the Act made it illegal to violate a site's terms of service through some investigative methods (such as submitting false info for research), but Judge John Bates determined that the terms only raised the possibility of civil liability, not criminal cases. Bates observed that many sites' terms of service (which are frequently buried, cryptic or both) didn't provide a good-enough notice to make people criminally liable, and that it's problematic for private sites to define criminal liability. The judge also found that the government was using an overly broad interpretation when it's supposed to use a narrow view whenever there's ambiguity. "Researchers who test online platforms for discriminatory and rights-violating data practices perform a public service," wrote the staff attorney for the American Civil Liberties Union (which filed the suit "on behalf of academic researchers, computer scientists, and journalists who wish to investigate companies' online practices.") "They should not fear federal prosecution for conducting the 21st-century equivalent of anti-discrimination audit testing." Their announcement notes it's the kind of testing used by journalists "who exposed that advertisers were using Facebook's ad-targeting algorithm to exclude users from receiving job, housing, or credit ads based on race, gender, age, or other classes protected from discrimination in federal and state civil rights laws."

Read more of this story at Slashdot.

What Happens When Epidemiologists are Undermined By Politics?

Slashdot - Your Rights Online - Pn, 2020-03-30 09:34
Earlier this month Slashdot covered the Imperial College in London forecast of "what happens if the U.S. does absolutely nothing to combat COVID-19," which predicted 2.2 million deaths just in the U.S. and another 510,000 in Great Britain. The paper was co-written by Neil Ferguson, one of the world's leading epidemiologists, and "launched leaders in both countries into action," according to the Washington Post. Earlier this month Ferguson posted on Twitter that Microsoft and GitHub are working to "document, refactor and extend" the thousands of lines of C code written over 13 years ago to run pandemic simulations, "to allow others to use [it] without the multiple days training it would currently require (and which we don't have time to give)." But the Washington Post's national health correspondent and senior political reporter look at a new twist this week: In recent days, a growing contingent of Trump supporters have pushed the narrative that health experts are part of a deep-state plot to hurt Trump's reelection efforts by damaging the economy and keeping the United States shut down as long as possible. Trump himself pushed this idea in the early days of the outbreak... After Ferguson gave new testimony to British officials Wednesday...Fox News host Laura Ingraham wrongly stated that in his testimony Ferguson's projection had been "corrected." The chyron on her show Thursday night stated, "Faulty models may be skewing COVID-19 data...." But in fact, Ferguson had not revised his projections in his testimony, which he made clear in interviews and Twitter. His earlier study had made clear the estimate of 500,000 deaths in Britain and 2.2 million in the United States projected what could happen if both took absolutely no action against the coronavirus. The new estimate of 20,000 deaths in Britain was a projected result now that Britain had implemented strict restrictions, which this week came to include a full lockdown... [O]ne factor many modelers failed to predict was how politicized their work would become in the era of President Trump, and how that in turn could affect their models.

Read more of this story at Slashdot.

Ask Slashdot: Should the Internet Be A Public Utility?

Slashdot - Your Rights Online - Pn, 2020-03-30 06:34
The pandemic has "proven conclusively that the internet should be a public utility," argues Quartz. "It's a basic necessity in the 21st century, like running water, gas, and electricity. Indeed, the United Nations in 2016 declared that internet access is a human right." Sure, you could theoretically survive without it, just as you might light your home with candles or warm it by fire. Just as you could arguably trek to the closest freshwater source and walk back with buckets of the life-sustaining stuff. But in wealthy societies, like the U.S., those are absurd notions. Living under such conditions is virtually impossible and endangers everyone... [T]hough we have a whole lot of social woes to contend with right now -- pressing medical and economic needs -- it's not too soon to recognize that internet service providers' profits are not the top priority and that lack of access exacerbates existing class divides.... Increasingly, towns, cities, and states are taking a close look at Chattanooga, Tennessee, which built its own high-speed fiber-optic internet network in 2009. A 2018 Consumer Reports survey found the city's broadband was rated best in the US. There are already more than 500 communities nationwide operating public networks or leveraging their massive contracts with broadband providers to ensure free wiring of schools, libraries, and other publicly-accessible wifi hotspots. This patchwork approach to public access is taking hold across the U.S. and there is a growing understanding that internet access is a social issue that has to be addressed by governments, not private companies operating with profit as their sole motivator. Perhaps after the pandemic panic gives way to a new state of normalcy, the people will demand inexpensive and reliable high-quality broadband, and maybe private internet service providers will have to sing a different tune. An anonymous reader asked how exactly this could be accomplished, and long-time Slashdot reader Futurepower(R) suggested towns and cities should own the fiber lines, and then rent it out "to as many Internet-providing companies as are interested." But the original submission also asks, "If you aren't convinced yet, why not?" So share your own opinions in the comments. Should the internet be a public utility?

Read more of this story at Slashdot.