aggregator

thegarbz writes: Denuvo, the darling of the DRM industry was once considered by publishers to be the final solution to piracy. Slashdot has documented the slow decline of Denuvo from stories in 2014, and 2016 where publishers were praising Denuvo's success at mitigating piracy for weeks, to its slow decline last year where games were being cracked within "hours" of release. The popular wisdom of publishers in the past considered DRM worth while as it thwarts piracy during the critical sales spike when games are first released. Last week saw Hitman 2, the latest Denuvo protected game get cracked in a short time. The kicker, the game isn't officially released until this Thursday. Publishers are now eroding the potential sale day advantage of DRM through the latest practice of offering games for early release in an attempt to secure an ever larger number of pre-orders for popular titles. This leads to the obvious question: Does DRM make financial sense to include in titles if they risk being cracked before release date? Conversely, does releasing games early to selected customers make financial sense if it results in the DRM being cracked before release?

Read more of this story at Slashdot.

Doxing rivals, stealing each other's files, and poking around Nintendo's servers are all a normal part of the ballooning Nintendo Switch hacking and piracy scenes. Joseph Cox, reports for Motherboard: The Switch piracy community -- much of which operates on the gamer-focused chat app Discord -- is full of ingenuity, technical breakthroughs, and evolving cat-and-mouse games between the multi-billion dollar Nintendo and the passionate hackers who love the company but nonetheless illegally steal its games. Pirates deploy malware to steal each other's files so they can download more games themselves. Groups deliberately plant code into others' Switches so they no longer work. And some people in the scene have been doxed, meaning they've had their personal information published online. Pirating games for the Switch is not technically straightforward. Instead, there's a complex supply chain constantly grinding away that helps people source and play unreleased games. There are reverse engineers who figure out how Nintendo's own tools work, so hackers can then use them for their own advantage. There are coders who make programs to streamline the process of downloading or running games. Reviewers, developers, or YouTubers with access to games before general Switch users often leak unlock codes or other information to small groups, which then may trickle out to the wider community. [...] To release a game, pirates may dump a copy from the physical cartridge; they can do this before the game releases in the United States by sourcing the cartridge from an Australian store, which releases earlier because of the time difference. But this only gets a game out one or two days before official release. For the more sought-after and early dumps, pirates often manage to grab a copy from Nintendo's eShop, the company's digital download game store that is built into the Switch. Here, pirates will likely use a piece of hacker-made software on their computers to talk to Nintendo's servers, one pirate who uploads large archives of games explained to Motherboard in an online chat. The files can sometimes be downloaded early by anyone (by design), and are encrypted and need a so-called "titlekey" to unlock them and make the game playable. Further reading: Nintendo 'Wins' $12 Million From Pirate ROM Site Operators.

Read more of this story at Slashdot.

Facebook and the French government are working together to look at the social media company's efforts to moderate content on its site. "At the start of 2019, French regulators will launch an informal investigation on algorithm-powered and human moderation," reports TechCrunch. "Facebook is willing to cooperate and give unprecedented access to its internal processes." From the report: Regulators will look at multiple steps: how flagging works, how Facebook identifies problematic content, how Facebook decides if it's problematic or not and what happens when Facebook takes down a post, a video or an image. This type of investigation is reminiscent of banking and nuclear regulation. It involves deep cooperation so that regulators can certify that a company is doing everything right. It's still unclear who's going to be in charge of this investigation. There could be regulators from France's telecom regulator (ARCEP), from the government's tech team (DINSIC), from the TV and radio regulator (CSA)... There's one thing for sure, the French government wants to focus on hate speech for now, so don't expect anyone from the privacy regulator (CNIL). The investigation isn't going to be limited to talking with the moderation teams and looking at their guidelines. The French government wants to find algorithmic bias and test data sets against Facebook's automated moderation tools.

Read more of this story at Slashdot.

The American Cable Association (ACA), an industry group that represents over 700 small and medium-sized cable operators, wants antitrust regulators to investigate whether Comcast-NBCUniversal is abusing its power to hurt smaller television and internet service providers. The group has "asked U.S. Assistant Attorney General Makan Delrahim to 'immediately' open an investigation into Comcast's practices," reports The Verge. Comcast is denying the claims, and while the Justice Department hasn't publicly responded, that may change soon. President Donald Trump tweeted about the ACA's claims earlier this afternoon. From the report: The ACA claims Comcast has a uniquely powerful hold on the U.S. cable industry because it controls a large chunk of "must have" programming like NBC's regional sports channels. The group argues that the Comcast "has shown a willingness to harm rivals" in the past, even while bound by a 2011 consent decree that expired earlier this year. The letter is dated November 6th but was published today, after Fox Business Networks reported on its existence last week. Contra Trump's description, the letter doesn't seem to describe "routine" violations of antitrust law. It's primarily arguing that there's a huge risk of Comcast abusing its market position, while explaining just how much damage could result if Comcast did so. The ACA has put forward more concrete claims in the past, though -- like a 2017 complaint that Comcast was forcing smaller cable providers to bundle unwanted NBC-owned channels into TV packages, driving up their costs. The ACA's letter also raises concerns involving Hulu, suggesting that Comcast could effectively hold the service hostage. "We have heard from ACA members that they fear that ComcastNBCU may restrict, if it is not already restricting, their ability to access Hulu and make it available to their customers as an alternative to their cable offerings," reads the letter.

Read more of this story at Slashdot.

ZDNet's Steven J. Vaughan-Nichols argues that the founder of Oculus, Palmer Luckey, wasn't fired because of his political views, as a recently-published Wall Street Journal article suggests, but because the virtual-reality company lost a $500 million intellectual property theft case to game maker ZeniMax. An anonymous reader shares the report: According to The Wall Street Journal, Palmer Luckey, the founder of Oculus, a virtual reality company, was fired by Facebook because "he donated $10,000 to an anti-Hillary Clinton group" during the 2016 U.S. Presidential campaign. But the article fails to mention a simple little fact: On Feb. 1, 2017, Oculus lost an intellectual property (IP) theft case against game maker ZeniMax, to the tune of $500 million. So, if one of your employees just cost your company a cool half-billion bucks for doing wrong what would you do? Well, Facebook isn't saying, even now, but on March 30, 2017, it let Luckey go. Yes, Luckey also lied about his political moves, which went well beyond donating to an anti-Hillary billboard campaign. But let's look at the record. Everyone knew he'd lied by Feb. 22, 2016. Was he fired then? No. Was he fired after being found guilty of stealing ZeniMax's trade secrets? Yes. Officially, Facebook stated: "All details associated with specific personnel matters are kept strictly confidential. This is our policy for all employees, no matter their seniority. But we can say unequivocally that Palmer's departure was not due to his political views." Let me spell it out for you: He made some political waves. Nothing happened. He cost Facebook $500 million. He was fired. Can anyone here seriously not draw the lines between the dots?

Read more of this story at Slashdot.

schwit1 shares a report from Apple Insider: A woman from Schenectady, N.Y. accused of being the driver in a shooting used Apple's remote wipe feature to destroy evidence on her iPhone X that might have been related to the event. The iPhone was seized as evidence in the case, but police say that shortly after she triggered the remote wipe, an option available via Find My iPhone in iCloud. Normally the tool is intended for people with lost or stolen devices. The suspected driver, Juelle Grant, was arrested on November 2nd and charged with two counts of tampering with physical evidence, and one count of hindering prosecution. As Apple Insider notes, only one of the tampering counts is connected to the iPhone.

Read more of this story at Slashdot.

While the European Union has worked hard to strengthen its copyright laws in recent years, one country in the heart of the continent chooses its own path. Switzerland is not part of the EU, which means that its policies deviate quite a bit from its neighbors. According to Hollywood, that's not helping creators. From a report: Responding to recent submission to the United States Trade Representative (USTR), the MPAA has identified several foreign "trade barriers" around the world. In Hollywood's case, many of these are related to piracy. One of the countries that's highlighted, in rather harsh terms, is Switzerland. According to the MPAA, the country's copyright law is "wholly inadequate" which, among other things, makes it "extremely attractive" to host illegal sites. "Switzerland's copyright law is wholly inadequate, lacking crucial mechanisms needed for enforcement in the digital era," MPAA writes. [...] The European country has plans to update its laws, but the proposed changes are not significant improvements, Hollywood's trade group notes.

Read more of this story at Slashdot.

Your phone knows where you shop, where you work and where you sleep. Hedge funds are very interested in such data, so they are buying it. From a report: When Tesla Chief Executive Elon Musk said the car maker would work around the clock to boost production of its Model 3 sedan, the number crunchers at Thasos Group decided to watch. They circled Tesla's 370 acres in Fremont, Calif., on an online map, creating a digital corral to isolate smartphone location signals that emanated from within it. Thasos, which leases databases of trillions of geographic coordinates collected by smartphone apps, set its computers to find the pings created at Tesla's factory, then shared the data with its hedge-fund clients [Editor's note: the link may be paywalled; alternative source], showing the overnight shift swelled 30% from June to October. Last month, many on Wall Street were surprised when Tesla disclosed a rare quarterly profit, the result of Model 3 production that had nearly doubled in three months. Shares shot up 9.1% the next day. Thasos is at the vanguard of companies trying to help traders get ahead of stock moves like that using so-called alternative data. Such suppliers might examine mine slag heaps from outer space, analyze credit-card spending data or sort through construction permits. Thasos's specialty is spewing out of your smartphone. Thasos gets data from about 1,000 apps, many of which need to know a phone's location to be effective, like those providing weather forecasts, driving directions or the whereabouts of the nearest ATM. Smartphone users, wittingly or not, share their location when they use such apps. Before Thasos gets the data, suppliers scrub it of personally identifiable information, Mr. Skibiski said. It is just time-stamped strings of longitude and latitude. But with more than 100 million phones providing such coordinates, Thasos says it can paint detailed pictures of the ebb and flow of people, and thus their money.

Read more of this story at Slashdot.

harrymcc writes: Content-distribution network Cloudflare has introduced iOS and Android versions of 1.1.1.1, a free service which helps shield you from snoops by replacing your standard DNS with its encrypted (and speedy) alternative. The mobile incarnation of the PC service it launched last April, the apps don't require you to do anything other than downloaded and install them, give your device permission to install a VPN, and flip a switch -- making them approachable for the masses, not just geeks.

Read more of this story at Slashdot.

You can have a disaster-free Election Day in the social media age, writes New York Times columnist Kevin Roose, "but it turns out that it takes constant vigilance from law enforcement agencies, academic researchers and digital security experts for months on end." It takes an ad hoc "war room" at Facebook headquarters with dozens of staff members working round-the-clock shifts. It takes hordes of journalists and fact checkers willing to police the service for false news stories and hoaxes so that they can be contained before spreading to millions. And even if you avoid major problems from bad actors domestically, you might still need to disclose, as Facebook did late Tuesday night, that you kicked off yet another group of what appeared to be Kremlin-linked trolls... Most days, digging up large-scale misinformation on Facebook was as easy as finding baby photos or birthday greetings... Facebook was generally responsive to these problems after they were publicly called out. But its scale means that even people who work there are often in the dark... Other days, combing through Facebook falsehoods has felt like watching a nation poison itself in slow motion. A recent study by the Oxford Internet Institute, a department at the University of Oxford, found that 25 percent of all election-related content shared on Facebook and Twitter during the midterm election season could be classified as "junk news"... Facebook has framed its struggle as an "arms race" between itself and the bad actors trying to exploit its services. But that mischaracterizes the nature of the problem. This is not two sovereign countries locked in battle, or an intelligence agency trying to stop a nefarious foreign plot. This is a rich and successful corporation that built a giant machine to convert attention into advertising revenue, made billions of dollars by letting that machine run with limited oversight, and is now frantically trying to clean up the mess that has resulted... It's worth asking, over the long term, why a single American company is in the position of protecting free and fair elections all over the world. Despite whatever progress has been made, the article complains that "It took sustained pressure from lawmakers, regulators, researchers, journalists, employees, investors and users to force the company to pay more attention to misinformation and threats of election interference. Facebook has shown, time and again, that it behaves responsibly only when placed under a well-lit microscope. "So as our collective attention fades from the midterms, it seems certain that outsiders will need to continue to hold the company accountable, and push it to do more to safeguard its users -- in every country, during every election season -- from a flood of lies and manipulation."

Read more of this story at Slashdot.

"Despite probing and trolling, a Russian cyberattack is the dog that did not bark in Tuesday's midterm elections," writes national security columnist Eli Lake. This is the assessment of the Department of Homeland Security, which says there were no signs of a coordinated campaign to disrupt U.S. voting. This welcome news raises a relevant and important question: Were cyber adversaries actually deterred from infiltrating voter databases and changing election results...? In September the White House unveiled a new policy aimed at deterring Russia, China, Iran and North Korea from hacking U.S. computer networks in general and the midterms in particular. National security adviser John Bolton acknowledged as much last week when he said the U.S. government was undertaking "offensive cyber operations" aimed at "defending the integrity of our electoral process." There aren't many details. Reportedly this entailed sending texts, pop-ups, emails and direct messages warning Russian trolls and military hackers not to disrupt the midterms. U.S. officials tell me much more is going on that remains classified. It is part of a new approach from the Trump administration that purports to unleash U.S. Cyber Command to hack the hackers back, to fight them in their networks as opposed to America's. Bolton has said the policy reverses previous restrictions on military hackers to disrupt the networks from which rival powers attack the U.S. Sometimes this is called "persistent engagement" or "defend forward." And it represents a shift in the broader U.S. approach to engaging adversaries in cyberspace.... The difference now is that America's cyber warriors will routinely try to disrupt cyberattacks before they begin... The object of cyberdeterrence is not to get an adversary to never use cyberweapons. It's to prevent attacks of certain critical systems such as voter registration databases, electrical grids and missile command-and-control systems. The theory, at least, is to force adversaries to devote resources they would otherwise use to attack the U.S. to better secure their own networks. Jason Healey, a historian of cyber conflicts at Columbia University's School for International and Public Affairs, asks "How much of cyberspace will survive the war?" warning that "persistent engagement" could lead to a dangerous miscalculation by an adversarial nation-state -- or even worse, a spiral of escalation, with other state's following America's lead, changing the open Internet into more of a battleground.

Read more of this story at Slashdot.

An anonymous reader quotes the Bay Area Newsgroup: A former Tesla global supply manager was indicted Thursday by federal prosecutors alleging he embezzled more than $9 million from the Palo Alto electric car maker. Salil Parulekar, 32, is charged with felony wire fraud and aggravated identity theft. Parulekar oversaw Tesla's dealings with certain auto parts and services vendors, and used that position to divert to a German auto parts company $9.3 million in payments intended for a Taiwanese supplier, according to the indictment. ... Parulekar, who was living in San Jose and working for Tesla in 2016 and 2017, falsified invoices, created fake accounts-payable documents, and impersonated an employee of the Taiwanese supplier to trick Tesla's accounts-payable department into switching the bank account information of the Taiwanese and German companies, the indictment alleged. That Taiwanese firm's complaints to Tesla about missing money went to Parulekar, who responded by sending fake documents purporting to show the payments were made, the indictment claimed.

Read more of this story at Slashdot.

An anonymous reader quotes Fortune: Facebook is the least trustworthy of all major tech companies when it comes to safeguarding user data, according to a new national poll conducted for Fortune, highlighting the major challenges the company faces following a series of recent privacy blunders. Only 22% of Americans said that they trust Facebook with their personal information, far less than Amazon (49%), Google (41%), Microsoft (40%), and Apple (39%).... In question after question, respondents ranked the company last in terms of leadership, ethics, trust, and image... Public mistrust extended to Zuckerberg, Facebook's public face during its privacy crisis and who once said that Facebook has "a responsibility to protect your information, If we can't, we don't deserve it." The company subsequently fell victim to a hack but continued operating as usual, including debuting a video-conferencing device intended to be used in people's living rooms or kitchens and that further extends Facebook's reach into more areas outside of personal computers and smartphones. Only 59% of respondents said they were "at least somewhat confident" in Zuckerberg's leadership in the ethical use of data and privacy information, ranking him last among four other tech CEOS... As for Facebook, the social networking giant may have a difficult time regaining public trust because of its repeated problems. Consumers are more likely to forgive a company if they believe a problem was an aberration rather than a systemic failure by its leadership, Harris Poll CEO John Gerzema said. The article concludes that "For now, the public isn't in a forgiving mood when it comes to Facebook and Zuckerberg."

Read more of this story at Slashdot.

According to federal contracting documents, the U.S. Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) have hidden an undisclosed number of covert surveillance cameras inside streetlights around the country. Quartz reports: According to government procurement data, the DEA has paid a Houston, Texas company called Cowboy Streetlight Concealments LLC roughly $22,000 since June 2018 for "video recording and reproducing equipment." ICE paid out about $28,000 to Cowboy Streetlight Concealments over the same period of time. It's unclear where the DEA and ICE streetlight cameras have been installed, or where the next deployments will take place. ICE offices in Dallas, Houston, and San Antonio have provided funding for recent acquisitions from Cowboy Streetlight Concealments; the DEA's most recent purchases were funded by the agency's Office of Investigative Technology, which is located in Lorton, Virginia. "We do streetlight concealments and camera enclosures," Christie Crawford, who owns Cowboy Streetlight Concealments with her husband, told Quartz. "Basically, there's businesses out there that will build concealments for the government and that's what we do. They specify what's best for them, and we make it. And that's about all I can probably say."

Read more of this story at Slashdot.

An anonymous reader quotes a report from CNBC: Facebook on Friday became the latest tech company to end a policy of requiring employees to settle claims of sexual harassment through private arbitration, according to a report by the Wall Street Journal. It will now allow employees to take these types of claims to court. Tech companies have long used arbitration as a method for handling instances of sexual harassment to prevent employees from suing them in court, but that's starting to change. Facebook's move comes shortly after a similar move this week by Google, which came after thousands of its employees walked out in protest last week over its handling of sexual harassment complaints. Additionally, Facebook changed its policy on office dating and will now require employees who are director level or higher to disclose if they are dating a colleague, the report said. Previously, the company only required disclosure if an employee was dating someone they supervised, according to the report.

Read more of this story at Slashdot.

Late last month, HealthCare.gov suffered a data breach exposing 75,000 customers. Details were sparse at the time of the breach, but have now learned that hackers obtained "inappropriate access" to a number of broker and agent accounts, which "engaged in excessive searching" of the government's healthcare marketplace systems. TechCrunch reports: [The Centers for Medicare and Medicaid Services (CMS)] didn't say how the attackers gained access to the accounts, but said it shut off the affected accounts "immediately." In a letter sent to affected customers this week (and buried on the Healthcare.gov website), CMS disclosed that sensitive personal data -- including partial Social Security numbers, immigration status and some tax information -- may have been taken. According to the letter, the data included name, date of birth, address, sex, and the last four digits of the Social Security number (SSN), if SSN was provided on the application. Other information could include expected income, tax filing status, family relationships, whether the applicant is a citizen or an immigrant, immigration document types and numbers, employer name, pregnancy status, health insurance status, and more. The government did say that no bank account information was stolen.

Read more of this story at Slashdot.

In a new agreement between tech giants Amazon and Apple, shoppers will soon see a selection of the latest Apple products on Amazon.com. This is not good news for everyone. Motherboard: John Bumstead is a computer refurbisher who, every year, saves thousands of laptops from the shredder. He buys MacBooks en masse from electronics recyclers, fixes them, then sells them on Amazon Marketplace or wholesales them to vendors who do the same. Friday morning, Bumstead got an email from Amazon informing him that he'd no longer be allowed to sell Apple computers on the platform, thanks to a new agreement between Apple and Amazon that will only allow "authorized resellers" to sell Apple products. "As part of a new agreement with Apple, we are working with a select group of authorized resellers to offer an expanded selection of Apple and Beats products, including new releases, in Amazon's stores," the email says. "You are receiving this message because you are currently selling, or have previously sold, Apple or Beats products. Your existing offers for those products will soon be removed from Amazon's online store in the United States. Please contact Apple if you would like to apply to become an authorized reseller on Amazon." As the email notes, this is part of a new agreement between two of the largest companies in the world that will allow Amazon to sell new Apple products around the world; in exchange, Amazon agreed to let Apple pick-and-choose who is allowed to sell Apple products on the site.

Read more of this story at Slashdot.

wiredmikey writes from a report via SecurityWeek: A vulnerability in systems operated by Da Jiang Innovations (DJI) -- the world's largest drone manufacturer -- allowed anybody in the world to have full access to a drone user's DJI account. A successful attacker would be able to obtain cloud-based flight records, stored photographs, user PII including credit card details -- and a real-time view from the drone's camera and microphone. Check Point Researchers (who discovered and reported the vulnerability) told SecurityWeek, "The vulnerability is a unique opportunity for malicious actors to gain priceless information -- you have an eye in the sky. Organizations are moving towards automated flights, sometimes with dozens of drones patrolling across sensitive facilities. With this vulnerability you could take over the accounts and see and hear everything that the drones see or hear. This is a huge opportunity for malicious actors."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Georgia's secretary of state and candidate for state governor in the midterm election, Brian Kemp, has taken the unusual, if not unprecedented step of posting the personal details of 291,164 absentee voters online for anyone to download. Kemp's office posted an Excel file on its website within hours of the results of the general election, exposing the names and addresses of state residents who mailed in an absentee ballot -- including their reason why, such as if a person is "disabled" or "elderly." The file, according to the web page, allows Georgia residents to "check the status of your mail-in absentee ballot." Millions of Americans across the country mail in their completed ballots ahead of election day, particularly if getting to a polling place is difficult -- such as if a person is disabled, elderly or traveling. When reached, Georgia secretary of state's press secretary Candice Broce told TechCrunch that all of the data "is clearly designated as public information under state law," and denied that the data was "confidential or sensitive." "State law requires the public availability of voter lists, including names and address of registered voters," she said in an email. "While the data may already be public, it is not publicly available in aggregate like this," said security expert Jake Williams, founder of Rendition Infosec, who lives in Georgia. Williams took issue with the reasons that the state gave for each absentee ballot, saying it "could be used by criminals to target currently unoccupied properties." "Releasing this data in aggregate could be seen as suppressing future absentee voters in Georgia who do not want their information released in this manner," he said.

Read more of this story at Slashdot.

Hungarian state's monopoly over national mobile payment services has been ruled illegal by the European Court of Justice. "The ruling would require the end of exclusive control over Hungarian mobile payments exercised since July 2014 by state-owned firm Nemzeti Mobilfizetesi Zrt," reports Reuters. "This exclusive operation 'is contrary to EU law,' the bloc's top court said in a statement." "Even if the services provided under that system constitute services of general economic interest, their supply cannot be reserved to a state monopoly," the court added.

Read more of this story at Slashdot.