aggregator

'Dozens of Email Accounts' Were Hacked At US Treasury

Slashdot - Your Rights Online - Śr, 2020-12-23 00:02
An anonymous reader quotes a report from Reuters: Dozens of email accounts at the U.S. Treasury Department were compromised by the powerful hackers responsible for a wide-ranging espionage campaign against U.S. government agencies, the office of U.S. Senator Ron Wyden said on Monday. In a written statement, Wyden's office said that Senate Finance Committee staff were briefed that the hack of the Treasury Department appears to have been a significant one, "the full depth of which isn't known." Wyden, the most senior Democrat on the committee, said that Microsoft notified the agency that dozens of email accounts had been compromised and that the hackers also penetrated the systems at Treasury's Departmental Offices division, which is home to its top officials. "Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen," the statement said, although it added that the Internal Revenue Service said there was no evidence the tax agency was compromised or that taxpayer data was affected. A Wyden aide said the hackers were able to access the Treasury officials' Microsoft-hosted inboxes after taking control of the cryptographic key used by Treasury's "single sign on" infrastructure -- a service used in many organizations so that employees can access a variety of services with a single username and password. The aide quoted Treasury officials as saying Mnuchin's inbox was not among those affected. Wyden's statement contrasts Treasury Secretary Steven Mnuchin, who told CNBC earlier in the day that "the good news is there has been no damage, nor have we seen any large amounts of information displaced." He added: "I can assure you, we are completely on top of this."

Read more of this story at Slashdot.

New York Halts Use of Facial Recognition in Schools

Slashdot - Your Rights Online - Wt, 2020-12-22 20:49
Gov. Andrew M. Cuomo signed a bill Tuesday suspending the use of facial recognition and other kinds of biometric technology in schools in New York, also directing a study of whether its use is appropriate in schools. The legislation places a moratorium on schools purchasing and using biometric identifying technology until at least July 1, 2022 or until the report is completed and the state Education Department commissioner authorizes its use. The rule applies to both public and private schools in New York. In a statement, ACLU said. "This is a victory for student privacy and students of color, who are disproportionately harmed by this flawed and biased technology. New York has led the way, and now other states should follow."

Read more of this story at Slashdot.

Law Enforcement Take Down Three Bulletproof VPN Providers

Slashdot - Your Rights Online - Wt, 2020-12-22 20:04
Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims. From a report: The three services were active at insorg.org, safe-inet.com, and safe-inet.net before the domains were seized and replaced with law enforcement banners on Monday. The services have been active for more than a decade, are believed to be operated by the same individual/group, and have been heavily advertised on both Russian and English-speaking underground cybercrime forums, where they were sold for prices ranging from $1.3/day to $190/year. According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep.

Read more of this story at Slashdot.

2,000 Parents Demand Major Academic Publisher Drop Proctorio Surveillance Tech

Slashdot - Your Rights Online - Wt, 2020-12-22 19:25
Digital rights group Fight for the Future has unveiled an open letter signed by 2,000 parents calling on McGraw-Hill Publishing to end its relationship with Proctorio, one of many proctoring apps that offers services that digital rights groups have called "indistinguishable from spyware." From a report: As the pandemic has pushed schooling into virtual classrooms, a host of software vendors have stepped up to offer their latest surveillance tools. Some, like Proctorio, offer technologies that claim to fight cheating by tracking head and eye movements, without any evidence that their algorithms do anything but make students anxious (and thus perform worse). Others rely on facial recognition technology, which is itself rife with racial bias, and have regularly failed to verify the identities of students of color at various points while taking state bar exams, forcing the test to end. Proctorio is one of a few companies that has come under scrutiny from privacy groups not only for invasive surveillance, but exhaustive data extraction that collects sensitive student data including biometrics. The company is perhaps unique in its attempts to silence critics of its surveillance programs. Proctorio has deployed lawsuits to silence critics, forcing one University of British Columbia learning technology specialist to exhaust his personal and emergency savings due to a lawsuit meant to silence his online criticisms of the company. Proctorio has also targeted students and abused Twitter's DMCA takedown process to further suppress valid criticisms of its proctoring software. Further reading: Proctoring Software Company Used DMCA To Take Down a Student's Critical Tweets; and Cheating-Detection Software Provokes 'School-Surveillance Revolt'.

Read more of this story at Slashdot.

Firefox To Ship 'Network Partitioning' As a New Anti-Tracking Defense

Slashdot - Your Rights Online - Wt, 2020-12-22 05:30
An anonymous reader quotes a report from ZDNet: Firefox 85, scheduled to be released next month, in January 2021, will ship with a feature named Network Partitioning as a new form of anti-tracking protection. The feature is based on "Client-Side Storage Partitioning," a new standard currently being developed by the World Wide Web Consortium's Privacy Community Group. "Network Partitioning is highly technical, but to simplify it somewhat; your browser has many ways it can save data from websites, not just via cookies," privacy researcher Zach Edwards told ZDNet in an interview this week. "These other storage mechanisms include the HTTP cache, image cache, favicon cache, font cache, CORS-preflight cache, and a variety of other caches and storage mechanisms that can be used to track people across websites." Edwards says all these data storage systems are shared among websites. The difference is that Network Partitioning will allow Firefox to save resources like the cache, favicons, CSS files, images, and more, on a per-website basis, rather than together, in the same pool. This makes it harder for websites and third-parties like ad and web analytics companies to track users since they can't probe for the presence of other sites' data in this shared pool. The Mozilla team expects [...] performance issues for sites loaded in Firefox, but it's willing to take the hit just to improve the privacy of its users.

Read more of this story at Slashdot.

Fired COVID-19 Data Manager Rebekah Jones Sues FDLE Over Raid On Her Home

Slashdot - Your Rights Online - Wt, 2020-12-22 04:10
Former Department of Health data manager Rebekah Jones has filed a lawsuit (PDF) against the Florida Department of Law Enforcement, saying the Dec. 7 morning raid on her house was a "sham" to retaliate against her for not altering COVID-19 data. Tallahassee.com reports: Jones was fired in May for failing to change COVID-19 data, and soon launched her own online data dashboard. Gov. Ron DeSantis said her firing was because she disobeyed superiors; she said it was because she wouldn't alter data to cast Florida in a more favorable light to justify the governor's plans to reopen the state's economy. In the lawsuit filed Sunday night against FDLE Commissioner Rick Swearingen, the department and several agents in Leon County Circuit Civil Court, Jones claims her constitutional rights were violated, including against unlawful search and seizure. She is seeking in excess of $100,000, according to the lawsuit's cover sheet. She also claims she was unnecessarily roughed up. "We are trying to achieve some kind of redress," said Rick Johnson, the lead attorney in both the civil suit and a separate whistleblower case. "This is still America. This is the kind of thing that happens in tinhorn dictatorships in third world countries." Swearingen has defended the actions of the agents he said were "vilified" by the media. He blamed Jones for any risk of danger to herself or her family. He reiterated those comments in a statement released later Monday. "As I have said before, I am proud of the professionalism shown by our FDLE agents as they served a legal search warrant on the residence of Rebekah Jones. Our criminal investigation continues, and while I have not seen this lawsuit, I believe the facts will come out in court," Swearingen said.

Read more of this story at Slashdot.

YouTube Class Action: Same IP Address Used To Upload 'Pirate' Movies and File DMCA Notices

Slashdot - Your Rights Online - Wt, 2020-12-22 02:10
An anonymous reader quotes a report from TorrentFreak: YouTube says it has found a "smoking gun" to prove that a class-action lawsuit filed by Grammy award-winning musician Maria Schneider and Pirate Monitor Ltd was filed in bad faith. According to the Google-owned platform, the same IP address used to upload 'pirate' movies to the platform also sent DMCA notices targeting the same batch of content. In a motion to dismiss filed in November, Pirate Monitor said YouTube had provided no "hard evidence" to back up these damaging claims, demanding that the court disregard the allegations and reject calls for the right to an injunction to prevent Pirate Monitor from submitting wrongful DMCA notices in the future. YouTube now provides a taster of some of the supporting evidence it has on file. "Pirate Monitor devised an elaborate scheme to prove itself sufficiently trustworthy to use YouTube's advanced copyright management tools," YouTube begins. "Through agents using pseudonyms to hide their identities, Pirate Monitor uploaded some two thousand videos to YouTube, each time representing that the content did not infringe anyone's copyright. Shortly thereafter, Pirate Monitor invoked the notice-and-takedown provisions of the Digital Millennium Copyright Act to demand that YouTube remove the same videos its agents had just uploaded." In all, YouTube processed nearly 2,000 DMCA notices it received by Pirate Monitor in the fall of 2019. All of the targeted videos had a uniform length, around 30 seconds each, generated from "obscure Hungarian movies". They had been uploaded in bulk from users with IP addresses allocated to Pakistan. [...] While the nature of the uploads is indeed suspicious, YouTube says that it also found what it describes as a "smoking gun", i.e evidence that the uploads and DMCA notices were being sent by the same entity. "After considerable digging, YouTube found a smoking gun. In November 2019, amidst a raft of takedown notices from Pirate Monitor, one of the 'RansomNova' users that had been uploading clips via IP addresses in Pakistan logged into their YouTube account from a computer connected to the Internet via an IP address in Hungary," YouTube explains. The opposition to Pirate Monitor's motion to dismiss can be found here.

Read more of this story at Slashdot.

The COVID-19 Stimulus Bill Would Make Illegal Streaming a Felony

Slashdot - Your Rights Online - Wt, 2020-12-22 00:10
An anonymous reader quotes a report from The Hollywood Reporter: Providing relief via direct assistance and loans to struggling individuals and businesses hit hard by COVID-19 has been a priority for federal lawmakers this past month. But a gigantic spending bill has also become the opportunity to smuggle in some other line items including those of special interest to the entertainment community. Perhaps most surprising, according to the text of the bill being circulated, illegal streaming for commercial profit could become a felony. It's been less than two weeks since Sen. Thom Tillis (R-NC) released his proposal to increase the penalties for those who would dare stream unlicensed works. In doing so, the North Carolina senator flirted with danger. About a decade ago, Minnesota Sen. Amy Klobuchar made a similar proposal before it ended up dying as people worried about sending Justin Bieber to jail. This time, Tillis' attempt was winning better reviews for more narrowly tailoring the provisions toward commercial operators rather than users. That said, it's had very little time to circulate before evidently becoming part of the spending package. If passed, illegal streaming of works including movies and musical works could carry up to 10 years in jail. That's not the only copyright change either. The spending bill also appears to adopt a long-discussed plan to create a small claims adjudication system within the U.S. Copyright Office. [...] Among the other parts of the omnibus bill of interest to Hollywood is an extension of Section 181, a tax provision that allows for immediate deduction of television and film production costs up to $15 million. That incentive was scheduled to expire at the end of the year, but would now get an additional five years.

Read more of this story at Slashdot.

Civil Rights Groups Move To Block Expansion of Facial Recognition in Airports

Slashdot - Your Rights Online - Pn, 2020-12-21 23:30
A coalition of civil rights groups led by the American Civil Liberties Union have filed an objection to the proposed expansion of Customs and Border Protections facial recognition at land and sea ports. The National Immigration Law Center, Fight for the Future, and the Electronic Frontier Foundation are also participating in the motion, alongside twelve others. From a report: Filed in November, CBP's proposed rule would expand the biometric exit system, authorizing the collection of facial images from any non-citizen entering the country. But in a filing on Monday, the final day of the comment period, the coalition argued that those measures are too extreme. "CBP's proposed use of face surveillance at airports, sea ports, and the land border would put the United States on an extraordinarily dangerous path toward the normalization of this surveillance," said Ashley Gorski, senior staff attorney with the ACLU's National Security Project, in a statement to reporters. "The deployment of this society-changing technology is unnecessary and unjustified." The filing raises a variety of legal objections to the expansion, in particular arguing that Congress did not intend to authorize long-term facial recognition when it mandated biometric exit tracking in 1996. At the time, Congress left the specific method open to interpretation, but the technology for algorithmic facial recognition from a video feed was not yet developed enough to be considered.

Read more of this story at Slashdot.

Apple, Google, Microsoft, and Mozilla Ban Kazakhstan's MitM HTTPS Certificate

Slashdot - Your Rights Online - Pn, 2020-12-21 22:13
Browser makers Apple, Google, Microsoft, and Mozilla, have banned a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country's capital, the city of Nur-Sultan (formerly Astana). From a report: The certificate had been in use since December 6, 2020, when Kazakh officials forced local internet service providers to block Nur-Sultan residents from accessing foreign sites unless they had a specific digital certificate issued by the government installed on their devices. While users were able to access most foreign-hosted sites, access was blocked to sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix, unless they had the certificate installed. Kazakh officials justified their actions claiming they were carrying out a cybersecurity training exercise for government agencies, telecoms, and private companies. Officials cited that cyberattacks targeting "Kazakhstan's segment of the internet" grew 2.7 times during the current COVID-19 pandemic as the primary reason for launching the exercise. The government's explanation did, however, make zero technical sense, as certificates can't prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers. After today's ban, even if users have the certificate installed, browsers like Chrome, Edge, Mozilla, and Safari, will refuse to use them, preventing Kazakh officials from intercepting user data.

Read more of this story at Slashdot.

Dozens of Journalists' iPhones Hacked With NSO 'Zero-Click' Spyware, Says Citizen Lab

Slashdot - Your Rights Online - Pn, 2020-12-21 16:46
Citizen Lab researchers say they have found evidence that dozens of journalists had their iPhones silently compromised with spyware known to be used by nation states. From a report: For more than the past year, London-based reporter Rania Dridi and at least 36 journalists, producers and executives working for the Al Jazeera news agency were targeted with a so-called "zero-click" attack that exploited a now-fixed vulnerability in Apple's iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link. Citizen Lab, the internet watchdog at the University of Toronto, was asked to investigate earlier this year after one of the victims, Al Jazeera investigative journalist Tamer Almisshal, suspected that his phone may have been hacked. In a technical report out Sunday and shared with TechCrunch, the researchers say they believe the journalists' iPhones were infected with the Pegasus spyware, developed by Israel-based NSO Group. The researchers analyzed Almisshal's iPhone and found it had between July and August connected to servers known to be used by NSO for delivering the Pegasus spyware. The device revealed a burst of network activity that suggests that the spyware may have been delivered silently over iMessage. Logs from the phone show that the spyware was likely able to secretly record the microphone and phone calls, take photos using the phone's camera, access the victim's passwords, and track the phone's location.

Read more of this story at Slashdot.

How Do US Government Agencies Verify Security Software from Private Contractors?

Slashdot - Your Rights Online - Pn, 2020-12-21 13:34
A recent article at Politico argues that the U.S. government "doesn't do much to verify the security of software from private contractors. And that's how suspected Russian hackers got in." The federal government conducts only cursory security inspections of the software it buys from private companies for a wide range of activities, from managing databases to operating internal chat applications. That created the blind spot that suspected Russian hackers exploited to breach the Treasury Department, the Department of Homeland Security, the National Institutes of Health and other agencies... Attacks on vendors in the software supply chain represent a known issue that needs to be prioritized, said Rep. Jim Langevin (D-R.I.), the co-founder of the Congressional Cybersecurity Caucus. "The SolarWinds incident... underscores that supply chain security is a topic that needs to be front and center," Langevin said.... He said Congress needs to "incentivize" the companies to make their software more secure, which could require expensive changes. Some others are calling for regulation. Private companies regularly deploy software with undiscovered bugs because developers lack the time, skill or incentive to fully inspect them. Long-time open source advocate Steven J. Vaughan-Nichols argues another issue is the closed-source nature of SolarWinds' software: Proprietary software — a black box where you can never know what's really going on — is now, always has been, and always will be more of a security problem. I would no more trust anything mission critical to proprietary software than I would drive a car at night without lights or a fastened seat belt... A fundamental open source principle is that by bringing many eyeballs to programs more errors will be caught. That doesn't mean all errors are caught, just a lot more than those by a single proprietary company... Just consider the sheer number of serious Windows bugs — does a month go by without one? — compared to those of Linux... In short, proprietary software companies, like SolarWinds, are still making huge security blunders, which are hidden from users until the damage is done.

Read more of this story at Slashdot.

Facebook's Criticism of Apple's Tracking Change Called 'Laughable' by EFF

Slashdot - Your Rights Online - N, 2020-12-20 21:37
The MacRumors site writes: Facebook's recent criticism directed at Apple over an upcoming tracking-related privacy measure is "laughable," according to the Electronic Frontier Foundation (EFF), a non-profit organization that defends civil liberties in the digital world. Facebook has claimed that Apple's new opt-in tracking policy will hurt small businesses who benefit from personalized advertising, but the EFF believes that Facebook's campaign against Apple is really about "what Facebook stands to lose if its users learn more about exactly what it and other data brokers are up to behind the scenes," noting that Facebook has "built a massive empire around the concept of tracking everything you do...." According to the EFF, a number of studies have shown that most of the money made from targeted advertising does not reach app developers, and instead goes to third-party data brokers like Facebook, Google, and lesser-known firms. "Facebook touts itself in this case as protecting small businesses, and that couldn't be further from the truth," the EFF said. "Facebook has locked them into a situation in which they are forced to be sneaky and adverse to their own customers. The answer cannot be to defend that broken system at the cost of their own users' privacy and control." "This is really about who benefits from the normalization of surveillance-powered advertising..." argues the EFF. And they ultimately come down in support of Apple's new privacy changes. "Here, Apple is right and Facebook is wrong."

Read more of this story at Slashdot.

Capella Space Defends High-Resolution Satellite Photos Described as 'Eerily Observant'

Slashdot - Your Rights Online - N, 2020-12-20 04:34
"A new satellite from Capella Space was described as "pretty creepy" by Bustle's technology site Input: Like other hunks of metal currently orbiting Earth, the Capella-2 satellite's onboard radar system makes it capable of producing ludicrously high-resolution visuals from its data. More unconventional is the service Capella has launched to match: the government or private customers can, at any time, request a view of anything on the planet that's visible from the sky... The Capella-2's system of cameras and sensors is nothing short of magnificent. The satellite uses something called Synthetic Aperture Radar (SAR), a technology used by NASA since the 1970s, to detect the Earth's surface through even the densest of clouds. SAR sends a 9.65 GHz radio signal toward the Earth and interprets the signal as it returns, using that data to form a visual... The Capella-2 is now the highest-resolution commercial SAR satellite in the world, capable of 50 cm x 50 cm resolution imaging. Other satellites are only capable of resolution up to about five meters.... Once Capella's full squadron of satellites is airborne, the company will have the ability to quickly snap views of just about any place in the world. That power could quickly be abused if left unchecked. The article notes Capella already has a contract with the U.S. Air Force, adding "It's not much of a stretch to imagine high-resolution SAR technology turning into a tool for national surveillance... "Right now there's just one Capella-2 satellite roaming around in the atmosphere, so that functionality is somewhat limited. Capella plans to launch six additional satellites with similar capabilities in the next year." In response on Friday Capella Space penned a blog post reminding readers that their satellite "does not see through buildings," and that at 50-centimeter resolution "What it cannot do...is see people, license plates or reveal any personally identifiable information. Unlike other technologies that have recently been under scrutiny for privacy infringement such as cell phone geolocation data or automatic license plate readers, SAR imaging specializes in a macro view of the world to see the general patterns of life. "Our company was founded on the belief that technology in space can significantly benefit life on Earth, and invading privacy does not help that mission. Part of that also means thoroughly vetting our customers and partners to ensure they will use our information for ethical purposes."

Read more of this story at Slashdot.

Apple-Criticizing Banner Ads Now Added to Some of Facebook's iOS Apps

Slashdot - Your Rights Online - N, 2020-12-20 00:34
Facebook added banner ads criticizing Apple into some of its iOS apps, 9to5Mac reports, in its ongoing war against Apple's new privacy changes: By tapping the Learn More button, the app opens an article written by Facebook in which the company says Apple's policies announced at WWDC 2020 with iOS 14 will "harm the growth of business and the free internet." Facebook refers both to the new App Store privacy labels and also an option in iOS 14 that prevents apps from tracking users. The fact that Facebook is now showing these messages in its iOS apps criticizing Apple demonstrates that the company is trying to get popular appeal to change Apple's mind about its new App Store privacy rules. That's because Facebook is one of the companies that will be most impacted by Apple's new privacy policies as its social networks rely heavily on ads and personal data from users. In a statement to 9to5Mac, Apple said it doesn't want to force Facebook to change its business model, but the company expects Facebook to be more transparent about how it collects data from users and let them choose whether or not to offer such data.

Read more of this story at Slashdot.

FAA and Boeing 'Inappropriately Coached' Pilots In 737 MAX Testing

Slashdot - Your Rights Online - So, 2020-12-19 12:00
Boeing officials "inappropriately coached" test pilots during recertification efforts after two fatal 737 MAX crashes killed 346 people, according to a lengthy congressional report released on Friday. Reuters reports: The report from the Senate Commerce Committee Republican staff said testing this year of a key safety system known as MCAS tied to both fatal crashes was contrary to proper protocol. The committee concluded Federal Aviation Administration (FAA) and Boeing officials "had established a pre-determined outcome to reaffirm a long-held human factor assumption related to pilot reaction time ... It appears, in this instance, FAA and Boeing were attempting to cover up important information that may have contributed to the 737 MAX tragedies." The report citing a whistleblower who alleged Boeing officials encouraged test pilots to "remember, get right on that pickle switch" prior to the exercise that resulted in pilot reaction in approximately four seconds, while another pilot in a separate test reacted in approximately 16 seconds. The report also noted Southwest Airlines was able to operate more than 150,000 flights carrying 17.2 million passengers on jets without confirmation that required maintenance had been completed. The Senate report said the Southwest flights "put millions of passengers at potential risk." Boeing said Friday it takes "seriously the committee's findings and will continue to review the report in full."

Read more of this story at Slashdot.

Tech Giants Will Block Kazakhstan's Web Surveillance Efforts Again

Slashdot - Your Rights Online - So, 2020-12-19 03:30
Apple, Google, Microsoft and Mozilla have teamed up to block the Kazakhstan government's attempts to force its citizens to install a "national security certificate" on every internet-capable device in the country. "That government-issued root certificate would allow authorities to keep tabs on people's online traffic, essentially becoming a back door to access citizens' data," reports Engadget. From the report: In its announcement, Mozilla said it was recently informed that ISPs in Kazakhstan have recently started telling customers that they're required to install the digital certificate to be able to access foreign websites. ZDNet reported earlier this month that Kazakh IPS have been cutting people's access to websites like Google, Twitter, Facebook, Instagram and Netflix unless they install the certificate. When users in Kazakhstan who complied with their ISPs' demand try to access websites on their devices, they'll get an error telling them that the certificate shouldn't be trusted. The companies are also encouraging those users to research the use if VPN or the Tor Browser for web browsing and to change the passwords for their accounts. The Kazakhstan's government made a similar attempt back in 2015 and then again in 2019, but tech giants did what they're doing now to put a stop to those plans.

Read more of this story at Slashdot.

DOJ Case Against Google Likely Won't Go To Trial Until Late 2023, Judge Says

Slashdot - Your Rights Online - So, 2020-12-19 02:50
The Justice Department's antitrust lawsuit against Google likely won't go to trial until late 2023, Judge Amit Mehta said at a status hearing on Friday. Both parties agreed that seemed like a likely timeline and the judge set September 12, 2023, as a tentative date to start the trial. CNBC reports: The proposed timeline shows just how long Google (and likely Facebook) will be fighting antitrust challenges from the U.S. government. Google now faces three lawsuits from different groups of states and the DOJ, some of which could be consolidated before the same judge. That means both that scrutiny of Google's business is likely to remain in the spotlight for several years, and that any changes potentially ordered by the court would also take a long time. In the short-term, that's good news for investors, who don't have to worry about immediate structural changes that could hurt the company's value, such as spin-offs of key business units. But it also means that Google will be facing a major distraction, and could be tentative about entering new business areas and making big acquisitions, for years to come. Mehta had indicated at previous status hearings that he wants to keep the case moving along quickly. But the proposed timeframe shows that even a relatively fast process can take years. A lawyer for the DOJ estimated the trial could last ten to 12 weeks, though a lawyer for Google said he expected it would take much less time assuming the case goes to trial. Mehta said he was setting "the over/under" line at five and a half weeks.

Read more of this story at Slashdot.

Microsoft: 2021 Is the Year Passwords Die

Slashdot - Your Rights Online - So, 2020-12-19 01:30
Usama Jawad writes via Neowin: has been a proponent of passwordless technology for quite some time, saying that it wants traditional and unsafe passwords to die. To that end, it has invested in various solutions over the past few years such as Windows Hello, Microsoft Authenticator, FIDO2 security keys, and a palm vein authentication system, among other things. Now, the company has highlighted the strides it made to kill off passwords in 2020, and has stated that it plans to make them a thing of the past for all its customers in 2021. Microsoft noted that almost 80% of all cyberattacks target passwords, and one in 250 corporate accounts get compromised each month due to this. That said, the company is making an effort to transition people to passwordless solutions. In November 2019, 100 million people were using Microsoft's passwordless sign-in. This number grew to 150 million by May 2020, which goes to show how millions of people are ready to ditch passwords due to the inconvenience of remembering them, coupled with how insecure they can be. [...] 2021 is the year in which Microsoft plans to make passwords obsolete for all its customers. It is currently developing new APIs and a UX for managing FIDO2 security keys, and is also aiming to deliver a "converged registration portal," where customers can manage their passwordless credentials. While it hopes that 2021 marks a return to the "old normal," the company has emphasized that going passwordless will make online lives significantly easier.

Read more of this story at Slashdot.

Law Banning 'Rental' Fees For Customer-Owned Routers Takes Effect Sunday

Slashdot - Your Rights Online - So, 2020-12-19 00:10
An anonymous reader quotes a report from Ars Technica: Broadband and TV providers will finally be required to stop charging "rental" fees for equipment that customers own themselves, thanks to a new US law that takes effect on Sunday. The bogus fees were outlawed by the Television Viewer Protection Act (TVPA), which was approved by Congress and signed by President Trump in December 2019. The law was originally scheduled to take effect on June 20, but Congress gave the Federal Communications Commission leeway to delay enforcement by six months if the FCC "finds that good cause exists for such an additional extension." The FCC in April granted the six-month delay to ISPs, claiming that providers needed more time to comply because of the coronavirus pandemic. That decision delayed implementation of the new requirements until December 20, 2020. The law's implementation will "put an end to the unconscionable business practice of charging consumers a rental fee for cable modem routers even if consumers do not use them!" consumer-advocacy group Public Knowledge said in a blog post. "This common-sense correction will permit consumers to continue to use their own equipment, and not be forced to pay for something they neither asked for nor needed." [...] The new law, passed as part of a budget bill, creates a "consumer right to accurate equipment charges" that prohibits TV and broadband providers from charging for "covered equipment provided by the consumer." Covered equipment is defined as "equipment (such as a router) employed on the premises of a person... to provide [TV service] or to provide fixed broadband Internet access service." The companies may not charge rental or lease fees in cases when "the provider has not provided the equipment to the consumer; or the consumer has returned the equipment to the provider." The law also includes a right to transparency that requires TV providers to inform customers of the total monthly charges, including all company-imposed fees and a good-faith estimate of all government-imposed fees and taxes, before they enter into a contract. This notice must specify the amount of promotional discounts and when those discounts will expire. The law also gives customers a 24-hour period in which they can cancel new TV service without penalty. The new rule won't prevent TV providers from raising prices on existing customers, even when they're under contract. But the new transparency requirement is a step in the right direction.

Read more of this story at Slashdot.