aggregator

WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools

Slashdot - Your Rights Online - Cz, 2017-11-09 23:40
An anonymous reader quotes a report from Motherboard: WikiLeaks published new alleged material from the CIA on Thursday, releasing source code from a tool called Hive, which allows its operators to control malware it installed on different devices. WikiLeaks previously released documentation pertaining to the tool, but this is the first time WikiLeaks has released extensive source code for any CIA spying tool. This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the code from the CIA hacking tools revealed as part of Vault 7. "This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components," WikiLeaks said in its press release for Vault 8. "Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention." In its release, WikiLeaks said that materials published as part of Vault 8 will "not contain zero-days or similar security vulnerabilities which could be repurposed by others."

Read more of this story at Slashdot.

Federal Prosecutors Charge Man With Hiring Hackers To Sabotage Former Employer

Slashdot - Your Rights Online - Cz, 2017-11-09 03:05
According to the Associated Press, federal prosecutors have charged a man with paying computer hackers to sabotage websites affiliated with his former employer. From the report: The FBI says the case represents a growing form of cybercrime in which professional hackers are paid to inflict damage on individuals, businesses and others who rely on digital devices connected to the web. Prosecutors say 46-year-old John Kelsey Gammell hired hackers to bring down Washburn Computer Group in Monticello, but also made monthly payments between July 2015 and September 2016 to damage web networks connected to the Minnesota Judicial Branch, Hennepin County and several banks. The Star Tribune reports Gammell's attorney, Rachel Paulose, has argued her client didn't personally attack Washburn. Paulose has asked a federal magistrate to throw out evidence the FBI obtained from an unnamed researcher because that data could have been obtained by hacking.

Read more of this story at Slashdot.

Nearly a Third of Millennials Say They'd Rather Own Bitcoin Than Stocks

Slashdot - Your Rights Online - Cz, 2017-11-09 02:05
An anonymous reader quotes a report from Bloomberg: A survey by venture capital firm Blockchain Capital found that about 30 percent of those in the 18-to-34 age range would rather own $1,000 worth of Bitcoin than $1,000 of government bonds or stocks. The study of more than 2,000 people found that 42 percent of millennials are at least somewhat familiar with bitcoin, compared with 15 percent among those ages 65 and up. Bitcoin rose more than 6 percent Wednesday to as much as $7,545, helping to push the value of the total cryptocurrency market above $200 billion for the first time, according to CoinMarketcap. The digital asset has soared more than 600 percent this year, compared with gains of 15 percent for the S&P 500 Index -- which might explain millennials' attraction.

Read more of this story at Slashdot.

Nearly Half of Colorado Counties Have Rejected a Comcast-Backed Law Restricting City-Run Internet

Slashdot - Your Rights Online - Cz, 2017-11-09 00:40
bumblebaetuna shares a report from Motherboard: In Tuesday's Coordinated Election, two Colorado counties voted on ballot measures to exempt themselves from a state law prohibiting city-run internet services. Both Eagle County and Boulder County voters approved the measures, bringing the total number of Colorado counties that have rejected the state law to 31 -- nearly half of the state's 64 counties. Senate Bill 152 -- which was lobbied for by Big Telecom -- became law in Colorado in 2005, and prohibits municipalities in the state from providing city-run broadband services. Some cities prefer to build their own broadband network, which delivers internet like a utility to residents, and is maintained through subscription costs. But ever since SB 152 was enacted, Colorado communities have to first bring forward a ballot measure asking voters to exempt the area from the state law before they can even consider starting a municipal broadband service. So that's what many of them have done. In addition to the 31 counties that have voted to overrule the state restrictions, dozens of municipalities in the state have also passed similar ballot measures. Including cities, towns, and counties, more than 100 communities in Colorado have pushed back against the 12-year-old prohibition, according to the Institute for Local Self Reliance.

Read more of this story at Slashdot.

Justice Department Tells Time Warner It Must Sell CNN Or DirecTV To Approve Its AT&T Merger

Slashdot - Your Rights Online - Cz, 2017-11-09 00:00
An anonymous reader quotes a report from The New York Times (Warning: source may be paywalled; alternative source): The Justice Department has called on AT&T and Time Warner to sell Turner Broadcasting, the group of cable channels that includes CNN, as a potential requirement for approving the companies' pending $85.4 billion deal, people briefed on the matter said on Wednesday. The other potential way the merger could win approval would be for AT&T to sell its DirecTV division, two of these people added. As originally envisioned, combining AT&T and Time Warner would yield a giant company offering wireless and broadband internet service, DirecTV, the Warner Brothers movie studio and cable channels like HBO and CNN. If the Justice Department formally makes either demand a requisite for approval, AT&T and Time Warner would almost certainly take the matter to court to challenge the government's legal basis for blocking their deal.

Read more of this story at Slashdot.

Flaw Crippling Millions of Crypto Keys Is Worse Than First Disclosed

Slashdot - Your Rights Online - Śr, 2017-11-08 05:30
An anonymous reader quotes a report from Ars Technica: A crippling flaw affecting millions -- and possibly hundreds of millions -- of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents. The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. When researchers first disclosed the flaw three weeks ago, they estimated it would cost an attacker renting time on a commercial cloud service an average of $38 and 25 minutes to break a vulnerable 1024-bit key and $20,000 and nine days for a 2048-bit key. Organizations known to use keys vulnerable to ROCA—named for the Return of the Coppersmith Attack the factorization method is based on—have largely downplayed the severity of the weakness. On Sunday, researchers Daniel J. Bernstein and Tanja Lange reported they developed an attack that was 25 percent more efficient than the one created by original ROCA researchers. The new attack was solely the result of Bernstein and Lange based only on the public disclosure information from October 16, which at the time omitted specifics of the factorization attack in an attempt to increase the time hackers would need to carry out real-world attacks. After creating their more efficient attack, they submitted it to the original researchers. The release last week of the original attack may help to improve attacks further and to stoke additional improvements from other researchers as well.

Read more of this story at Slashdot.

Israeli Company Sues Apple Over Dual-Lens Cameras In iPhone 7 Plus, iPhone 8 Plus

Slashdot - Your Rights Online - Śr, 2017-11-08 02:05
Corephotonics, an Israeli maker of dual-lens camera technologies for smartphones, has filed a lawsuit against Apple this week alleging that the iPhone 7 Plus and iPhone 8 Plus infringe upon four of its patents. Mac Rumors reports: The patents, filed with the U.S. Patent and Trademark Office between November 2013 and June 2016, relate to dual-lens camera technologies appropriate for smartphones, including optical zoom and a mini telephoto lens assembly: U.S. Patent No. 9,402,032; U.S. Patent No. 9,568,712; U.S. Patent No. 9,185,291; U.S. Patent No. 9,538,152. Corephotonics alleges that the two iPhone models copy its patented telephoto lens design, optical zoom method, and a method for intelligently fusing images from the wide-angle and telephoto lenses to improve image quality. iPhone X isn't listed as an infringing product, despite having a dual-lens camera, perhaps because the device launched just four days ago.

Read more of this story at Slashdot.

The US Is Now the Only Country In the World To Reject the Paris Climate Deal

Slashdot - Your Rights Online - Śr, 2017-11-08 00:00
An anonymous reader quotes a report from The Verge: Today, Syria announced that it would sign the Paris climate agreement -- a landmark deal that commits almost 200 countries to reducing greenhouse gas emissions to fight global warming. With Nicaragua also joining the deal last month, the United States is now the only country in the world that opposes it. In June, President Donald Trump announced that the U.S. will withdraw from the Paris climate accord, unless it is renegotiated to be "fair" to the United States. But other countries in the deal, such as France, Germany, and Italy, said that's not possible. The Trump administration is also taking steps to roll back regulations passed under former President Barack Obama to achieve the emissions reduction goals set under the Paris deal. The U.S. is the second largest emitter of heat-trapping greenhouse gases in the world after China. "With Syria's decision, the relentless commitment of the global community to deliver on Paris is more evident than ever," Paula Caballero, director of the climate change program at the World Resources Institute, told the Times. "The U.S.'s stark isolation should give Trump reason to reconsider his ill-advised announcement and join the rest of the world in tackling climate change."

Read more of this story at Slashdot.

How Cloudflare Uses Lava Lamps To Encrypt the Internet

Slashdot - Your Rights Online - Wt, 2017-11-07 23:20
YouTuber Tom Scott was invited to visit Cloudflare's San Francisco headquarters to check out the company's wall of lava lamps. These decorative novelty items -- while neat to look at -- serve a special purpose for the internet security company. Cloudflare takes pictures and video of the lava lamps to turn them into "a stream of random, unpredictable bytes," which is used to help create the keys that encrypt the traffic that flow through Cloudflare's network. ZDNet reports: Cloudflare is a DNS service which also offers distributed denial-of-service (DDoS) attack protection, security, free SSL, encryption, and domain name services. Cloudflare is known for providing good standards of encryption, but it seems the secret is out -- this reputation is built in part on lava lamps. Roughly 10 percent of the Internet's traffic passes through Cloudflare, and as the firm deals with so much encrypted traffic, many random numbers are required. According to Nick Sullivan, Cloudfare's head of cryptography, this is where the lava lamps shine. Instead of relying on code to generate these numbers for cryptographic purposes, the lava lamps and the random lights, swirling blobs and movements are recorded and photographs are taken. The information is then fed into a data center and Linux kernels which then seed random number generators used to create keys to encrypt traffic. "Every time you take a picture with a camera there's going to be some sort of static, some sort of noise," Sullivan said. "So it's not only just where the bubbles are flowing through the lava lamp; it is the state of the air, the ambient light -- every tiny change impacts the stream of data." Cloudflare also reportedly uses a "chaotic pendulum" in its London office to generate randomness, and in Singapore, they use a radioactive source.

Read more of this story at Slashdot.

How Facebook Figures Out Everyone You've Ever Met

Slashdot - Your Rights Online - Wt, 2017-11-07 18:40
"I deleted Facebook after it recommended as People You May Know a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email," an attorney told Gizmodo. Kashmir Hill, a reporter at the news outlet, who recently documented how Facebook figured out a connection between her and a family member she did not know existed, shares several more instances others have reported and explains how Facebook gathers information. She reports: Behind the Facebook profile you've built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users. Contact information you've never given the network gets associated with your account, making it easier for Facebook to more completely map your social connections. Because shadow-profile connections happen inside Facebook's algorithmic black box, people can't see how deep the data-mining of their lives truly is, until an uncanny recommendation pops up. Facebook isn't scanning the work email of the attorney above. But it likely has her work email address on file, even if she never gave it to Facebook herself. If anyone who has the lawyer's address in their contacts has chosen to share it with Facebook, the company can link her to anyone else who has it, such as the defense counsel in one of her cases. Facebook will not confirm how it makes specific People You May Know connections, and a Facebook spokesperson suggested that there could be other plausible explanations for most of those examples -- "mutual friendships," or people being "in the same city/network." The spokesperson did say that of the stories on the list, the lawyer was the likeliest case for a shadow-profile connection. Handing over address books is one of the first steps Facebook asks people to take when they initially sign up, so that they can "Find Friends." The problem with all this, Hill writes, is that Facebook doesn't explicitly say the scale at which it would be using the contact information it gleans from a user's address book. Furthermore, most people are not aware that Facebook is using contact information taken from their phones for these purposes.

Read more of this story at Slashdot.

Many Employers Are Using Tools To Monitor Their Staff's Web-browsing Patterns, Keystrokes, Social Media Posts

Slashdot - Your Rights Online - Wt, 2017-11-07 16:40
Olivia Solon, reporting for The Guardian: How can an employer make sure its remote workers aren't slacking off? In the case of talent management company Crossover, the answer is to take photos of them every 10 minutes through their webcam. The pictures are taken by Crossover's productivity tool, WorkSmart, and combine with screenshots of their workstations along with other data -- including app use and keystrokes -- to come up with a "focus score" and an "intensity score" that can be used to assess the value of freelancers. Today's workplace surveillance software is a digital panopticon that began with email and phone monitoring but now includes keeping track of web-browsing patterns, text messages, screenshots, keystrokes, social media posts, private messaging apps like WhatsApp and even face-to-face interactions with co-workers. Crossover's Sanjeev Patni insists that workers get over the initial self-consciousness after a few days and accept the need for such monitoring as they do CCTV in shopping malls.

Read more of this story at Slashdot.

Microsoft Releases Standards For Highly Secure Windows 10 Devices

Slashdot - Your Rights Online - Wt, 2017-11-07 04:05
An anonymous reader writes from a report via BleepingComputer: Yesterday, Microsoft released new standards that consumers should follow in order to have a highly secure Windows 10 device. These standards include the type of hardware that should be included with Windows 10 systems and the minimum firmware features. The hardware standards are broken up into 6 categories, which are minimum specs for processor generation, processor architecture, virtualization, trusted platform modules (TPM), platform boot verification, and RAM. Similarly, firmware features should support at least UEFI 2.4 or later, Secure Boot, Secure MOR 2 or later, and support the Windows UEFI Firmware Capsule Update specification.

Read more of this story at Slashdot.

US Court Grants ISPs and Search Engine Blockade of Sci-Hub

Slashdot - Your Rights Online - Wt, 2017-11-07 03:25
Sci-Hub, a scientific research piracy site home to thousands of research papers, has suffered another blow in a U.S. federal court. According to TorrentFreak, "The American Chemical Society has won a default judgment of $4.8 million for alleged copyright infringement against the site. In addition, the publisher was granted an unprecedented injunction which requires search engines and ISPs to block the platform." This comes after a $15 million fine was imposed on Sci-Hub by a New York federal judge earlier this year. From the report: Just before the weekend, U.S. District Judge Leonie Brinkema issued a final decision which is a clear win for ACS. The publisher was awarded the maximum statutory damages of $4.8 million for 32 infringing works, as well as a permanent injunction. The injunction is not limited to domain name registrars and hosting companies, but expands to search engines, ISPs and hosting companies too, who can be ordered to stop linking to or offering services to Sci-Hub. The injunction means that Internet providers, such as Comcast, can be requested to block users from accessing Sci-Hub. That's a big deal since pirate site blockades are not common in the United States. The same is true for search engine blocking of copyright-infringing sites. "Ordered that any person or entity in active concert or participation with Defendant Sci-Hub and with notice of the injunction, including any Internet search engines, web hosting and Internet service providers, domain name registrars, and domain name registries, cease facilitating access to any or all domain names and websites through which Sci-Hub engages in unlawful access to, use, reproduction, and distribution of ACS's trademarks or copyrighted works," the injunction reads.

Read more of this story at Slashdot.

Should Private Companies Be Allowed To Hit Back At Hackers?

Slashdot - Your Rights Online - Wt, 2017-11-07 02:05
An anonymous reader quotes a report from Motherboard: The former director of the NSA and the U.S. military's cybersecurity branch doesn't believe private companies should be allowed to hit back at hackers. "If it starts a war, you can't have companies starting a war. That's an inherently governmental responsibility, and plus the chances of a company getting it wrong are fairly high," Alexander said during a meeting with a small group of reporters on Monday. During a keynote he gave at a cybersecurity conference in Manhattan, Alexander hit back at defenders of the extremely common, although rarely discussed or acknowledged, practice of revenge hacking, or hack back. During his talk, Alexander said that no company, especially those attacked by nation state hackers, should ever be allowed to try to retaliate on its own. Using the example of Sony, which was famously hacked by North Korea in late 2014, Alexander said that if Sony had gone after the hackers, it might have prompted them to throw artillery into South Korea once they saw someone attacking them back. "We can give Sony six guys from my old place there," he said, presumably referring to the NSA, "and they'd beat up North Korea like red-headed stepchild -- no pun intended." But that's not a good idea because it could escalate a conflict, and "that's an inherently governmental responsibility. So if Sony can't defend it, the government has to." Instead, Keith argued that the U.S. government should be able to not only hit back at hackers -- as it already does -- but should also have more powers and responsibilities when it comes to stopping hackers before they even get in. Private companies should share more data with the U.S. government to prevent breaches, ha said.

Read more of this story at Slashdot.

Apple Wins $120 Million From Samsung In Slide-To-Unlock Patent Battle

Slashdot - Your Rights Online - Wt, 2017-11-07 00:40
Apple has finally claimed victory over Samsung to the count of $120 million. "The Supreme Court said today that it wouldn't hear an appeal of the patent infringement case, first decided in 2014, which has been bouncing through appeals courts in the years since," reports The Verge. From the report: The case revolved around Apple's famous slide-to-unlock patent and, among others, its less-famous quick links patent, which covered software that automatically turned information like a phone number into a tappable link. Samsung was found to have infringed both patents. The ruling was overturned almost two years later, and then reinstated once again less than a year after that. From there, Samsung appealed to the Supreme Court, which is where the case met its end today. Naturally, Samsung isn't pleased with the outcome. "Our argument was supported by many who believed that the Court should hear the case to reinstate fair standards that promote innovation and prevent abuse of the patent system," a Samsung representative said in a statement. The company also said the ruling would let Apple "unjustly profit" from an invalid patent.

Read more of this story at Slashdot.

Trump’s Blocking People From His Twitter Account Violates the First Amendment, EFF Tells Court

Electronic Frontier Foundation - Pn, 2017-11-06 22:37

New York, New York—President Donald Trump's blocking of people on Twitter who criticize him violates their constitutional right to receive government messages transmitted through social media and participate in the forums created by them, the Electronic Frontier Foundation (EFF) told a court today.

Public agencies and officials, from city mayors and county sheriff offices to U.S. Secretaries of State and members of Congress, routinely use social media to communicate opinions, official positions, services, and important public safety and policy messages. Twitter has become a vital communications tool for government, allowing local and federal officials to transmit information when natural disasters such as hurricanes and wildfires strike, hold online town halls, and answer citizens’ questions about programs.

President Trump’s frequent use of Twitter to communicate policy decisions, air opinions on local and global events and leaders, and broadcast calls for congressional action has become a hallmark of his administration. In July, the Knight First Amendment Institute filed suit in the U.S. District Court for the Southern District of New York alleging the president and his communications team violated the First Amendment by blocking seven people from the @realDonaldTrump Twitter account because they criticized the president or his policies. The seven individuals include a university professor, a surgeon, a comedy writer, a community organizer, an author, a legal analyst, and a police officer.

In a brief filed today siding with the plaintiffs, EFF maintains that President Trump’s use of his Twitter account is akin to past presidents’ adoption of new communication technologies to engage directly with the public. President Franklin D. Roosevelt delivered “fireside chats” with Americans over the radio, while presidential debates began being televised in the 1960s. It would be impermissible for a president to block certain individuals from receiving their messages, whether delivered by bullhorn, radio, or television. It should be the same for communications delivered by Twitter.

On the local level, mayors use their Twitter feeds to direct residents to emergency services during storms and hurricanes, while fire chiefs use their feeds to transmit evacuation orders and emergency contact information. Citizens rely heavily on these channels for authoritative and reliable information in times of public safety crisis. It’s unthinkable, and unconstitutional, that certain people would be blocked from these messages because they sent a tweet criticizing the official or office maintaining the Twitter account.

“Governmental use of social media platforms to communicate to and with the public, and allow the public to communicate with each other, is pervasive. It is seen all across the country, at every level of government. It is now the rule of democratic engagement, not the exception,” said EFF Civil Liberties Director David Greene. “The First Amendment prohibits the exclusion of individuals from these forums based on their viewpoint. President Trump’s blocking of people on Twitter because he doesn’t like their views infringes on their right to receive public messages from government and participate in the democratic process.”

For the brief:
https://www.eff.org/document/knight-first-amendment-institute-v-trump

For information about the lawsuit:
https://knightcolumbia.org/content/knight-institute-v-trump-lawsuit-challenging-president-trumps-blocking-critics-twitter

Contact: David Greene

One in Four UK Workers Maliciously Leaks Business Data Via Email, Study Says

Slashdot - Your Rights Online - Pn, 2017-11-06 20:53
From a report: New research into insider threats reveals that 24 percent of UK employees have deliberately shared confidential business information outside their company. The study from privacy and risk management specialist Egress Software Technologies also shows that almost half (46 percent) of respondents say they have received a panicked email recall request, which is not surprising given more than a third (37 percent) say they don't always check emails before sending them. The survey of 2,000 UK workers who regularly use email as part of their jobs shows the biggest human factor in sending emails in error is listed as 'rushing' (68 percent). However alcohol also plays a part in eight percent of all wrongly sent emails -- where are these people working!? Autofill technology, meanwhile, caused almost half (42 percent) to select the wrong recipient in the list.

Read more of this story at Slashdot.

Afghanistan Clarifies It Will Not Block WhatsApp, Telegram

Slashdot - Your Rights Online - Pn, 2017-11-06 18:02
The Afghan government will not block the instant messaging services WhatsApp and Telegram, a spokesman told news agency Reuters on Monday, following days of controversy after reports the services would be suspended. From a report: "Government of Afghanistan isn't going to ban any social media platforms. WhatsApp and Telegram to continue operating in Afghanistan," Javid Faisal, deputy spokesman to government Chief Executive Abdullah Abdullah wrote on Twitter. The row over instant messaging services began after a letter from Afghanistan's telecoms regulator to Internet service providers telling them to block the services "without delay" was circulated on social media platforms last week.

Read more of this story at Slashdot.

'Panama Papers' Group Strikes Again with 'Paradise Papers'

Slashdot - Your Rights Online - Pn, 2017-11-06 02:43
Long-time Slashdot reader Freshly Exhumed tipped us off to a new document leak that's just revealed massive tax havens used by the world's most wealthy and powerful people. An anonymous reader quotes the Guardian: The material, which has come from two offshore service providers and the company registries of 19 tax havens, was obtained by the German newspaper Suddeutsche Zeitung and shared by the International Consortium of Investigative Journalists with partners including the Guardian, the BBC and the New York Times. The project has been called the Paradise Papers. It's the same group responsible for the Panama Papers, and the Guardian reports that in these 13.4 million new files, journalists have discovered: "How Twitter and Facebook received hundreds of millions of dollars in investments that can be traced back to Russian state financial institutions." "Aggressive tax avoidance by multinational corporations, including Nike and Apple." "Extensive offshore dealings by Donald Trump's cabinet members, advisers and donors, including substantial payments from a firm co-owned by Vladimir Putin's son-in-law to the shipping group of the US commerce secretary, Wilbur Ross." "The tax-avoiding Cayman Islands trust managed by the Canadian prime minister Justin Trudeau's chief moneyman." "The publication of this investigation, for which more than 380 journalists have spent a year combing through data that stretches back 70 years, comes at a time of growing global income inequality," reports the Guardian. "Meanwhile, multinational companies are shifting a growing share of profits offshore -- €600 billion in the last year alone -- the leading economist Gabriel Zucman will reveal in a study to be published later this week. "Tax havens are one of the key engines of the rise in global inequality," he said."

Read more of this story at Slashdot.

Fake WhatsApp App Downloaded 1 Million Times

Slashdot - Your Rights Online - N, 2017-11-05 01:34
An anonymous reader quotes Fortune: Reddit users yesterday spotted an extremely convincing spoofed copy of the popular WhatsApp messenger on Google Play. The fake was downloaded by more than 1 million users, who instead of a messaging tool wound up with a bundle of ads... The fake WhatsApp was nearly indistinguishable from the real thing thanks to an invisible space placed at the end of the developer's name. One of the security hounds discussing the case on Reddit pointed out that this was not an isolated incident, even for WhatsApp. A search for "WhatsApp" on Google Play currently shows no fewer than seven spoof apps using slight variations on the developer name "WhatsApp Inc.", including versions with extra spaces, asterisks, or commas. All of them have four-star review averages, presumably thanks to industrial-scale subversion of Play's review system.

Read more of this story at Slashdot.