aggregator

Unsent Text On Mobile Counts As a Will, Australian Court Finds

Slashdot - Your Rights Online - Śr, 2017-10-11 18:11
A court in Australia has accepted an unsent, draft text message on a dead man's mobile phone as an official will. The 55-year-old man had composed a text message addressed to his brother, in which he gave "all that I have" to his brother and nephew. From a report: The Supreme Court in Brisbane heard the 55-year-old took his own life in October 2016, after composing a text addressed to his brother, which indicated his brother and nephew should "keep all that I have," because he was unhappy with this wife. A friend found the text message in the drafts folder of the man's mobile phone, which was found near his body. The unsent message detailed how to access the man's bank account details and where he wanted his ashes to be buried.

Read more of this story at Slashdot.

Israeli Spies 'Watched Russian Agents Breach Kaspersky Software'

Slashdot - Your Rights Online - Śr, 2017-10-11 16:10
Israeli spies looked on as Russian hackers breached Kaspersky cyber-security software two years ago, according to reports. From a report: The Russians were allegedly attempting to gather data on US intelligence programs, according to the New York Times and Washington Post. Israeli agents made the discovery after breaching the software themselves. Kaspersky has said it was neither involved in nor aware of the situation and denies collusion with authorities. Last month, the US government decided to stop using the Russian firm's software on its computers. The Israelis are said to have notified the US, which led to the ban on Kaspersky programs. The New York Times said that the situation had been described by "multiple people who have been briefed on the matter."

Read more of this story at Slashdot.

Justice Department To Be More Aggressive In Seeking Encrypted Data From Tech Companies

Slashdot - Your Rights Online - Śr, 2017-10-11 15:00
An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): The Justice Department signaled Tuesday it intends to take a more aggressive posture in seeking access to encrypted information from technology companies, setting the stage for another round of clashes in the tug of war between privacy and public safety. Deputy Attorney General Rod Rosenstein issued the warning in a speech in Annapolis, Md., saying that negotiating with technology companies hasn't worked. "Warrant-proof encryption is not just a law enforcement problem," Mr. Rosenstein said at a conference at the U.S. Naval Academy. "The public bears the cost. When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost." Mr. Rosenstein didn't say what precise steps the Justice Department or Trump administration would take. Measures could include seeking court orders to compel companies to cooperate or a push for legislation. A Justice Department official said no specific plans were in the works and Mr. Rosenstein's speech was intended to spur public awareness and discussion of the issue because companies "have no incentive to address this on their own."

Read more of this story at Slashdot.

OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users

Slashdot - Your Rights Online - Śr, 2017-10-11 05:30
An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site. Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Read more of this story at Slashdot.

Symantec CEO: Source Code Reviews Pose Unacceptable Risk

Slashdot - Your Rights Online - Śr, 2017-10-11 03:30
In an exclusive report from Reuters, Symantec's CEO says it is no longer allowing governments to review the source code of its software because of fears the agreements would compromise the security of its products. From the report: Tech companies have been under increasing pressure to allow the Russian government to examine source code, the closely guarded inner workings of software, in exchange for approvals to sell products in Russia. Symantec's decision highlights a growing tension for U.S. technology companies that must weigh their role as protectors of U.S. cybersecurity as they pursue business with some of Washington's adversaries, including Russia and China, according to security experts. While Symantec once allowed the reviews, Clark said that he now sees the security threats as too great. At a time of increased nation-state hacking, Symantec concluded the risk of losing customer confidence by allowing reviews was not worth the business the company could win, he said.

Read more of this story at Slashdot.

Equifax Increases Number of Britons Affected By Data Breach To 700,000

Slashdot - Your Rights Online - Śr, 2017-10-11 02:50
phalse phace writes: You know those 400,000 Britons that were exposed in Equifax's data breach? Well, it turns out the number is actually closer to 700,000. The Telegraph reports: "Equifax has just admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised. The company originally estimated that the number of people affected in the UK was 'fewer than 400,000.' But on Tuesday night it emerged that cyber criminals had targeted 15.2 million records in the UK. It said 693,665 people could have had their data exposed, including email addresses, passwords, driving license numbers, phone numbers. The stolen data included partial credit card details of less than 15,000 customers."

Read more of this story at Slashdot.

Security, Privacy Focused Librem 5 Linux Smartphone Successfully Crowdfunded

Slashdot - Your Rights Online - Śr, 2017-10-11 02:10
prisoninmate shares a report from Softpedia: Believe it or not, Purism's Librem 5 security and privacy-focused smartphone has been successfully crowdfunded a few hours ago when it reached and even passed its goal of $1.5 million, with 13 days left. Librem 5 wants to be an open source and truly free mobile phone designed with security and privacy in mind, powered by a GNU/Linux operating system based on Debian GNU/Linux and running only Open Source software apps on top of a popular desktop environment like KDE Plasma Mobile or GNOME Shell. Featuring a 5-inch screen, Librem 5 is compatible with 2G, 3G, 4G, GSM, UMTS, and LTE mobile networks. Under the hood, it uses an i.MX 6 or i.MX 8 processor with separate baseband modem to offer you the protection you need in today's communication challenges, where you're being monitored by lots of government agencies.

Read more of this story at Slashdot.

Dutch Government Confirms Plan To Ban New Petrol, Diesel Cars By 2030

Slashdot - Your Rights Online - Śr, 2017-10-11 01:30
An anonymous reader quotes a report from Electrek: Today, the new Dutch government presented its detailed plan for the coming years and it includes making all new cars emission-free by 2030 -- virtually banning petrol- and diesel-powered cars in favor of battery-powered vehicles. The four coalition parties have been negotiating their plans since the election in March and now after over 200 days, they have finally released the plan they agreed upon. NL Times posted all the main points of the plan and in "transportation," it includes: By 2030 all cars in the Netherlands must be emission free. While some local publications are reporting "all cars," we are told that it would be for "all new cars" as it is the case for the countries with similar bans under consideration. The potential for the ban has been under consideration in the country since last year. The year 2025, like in Norway, has been mentioned, but they apparently decided for the less ambitious goal of 2030.

Read more of this story at Slashdot.

Amazon Is Reportedly Building a Doorbell That Lets Drivers Into Your House

Slashdot - Your Rights Online - Śr, 2017-10-11 00:50
According to CNBC, Amazon is working with Phrame, a maker of smart license plates that allow items to be delivered to a car's trunk, to build a smart doorbell that would give delivery drivers one-time access to a person's home to drop off items. From the report: Phrame's product fits around a license plate and contains a secure box that holds the keys to the car. Users unlock the box with their smartphone, and can grant access to others -- such as delivery drivers -- remotely. The new initiatives are part of Amazon's effort to go beyond convenience and fix problems associated with unattended delivery. As more consumers shop online and have their packages shipped to their homes, valuable items are often left unattended for hours. Web retailers are dealing with products getting damaged by bad weather as well as the rise of so-called porch pirates, who steal items from doorsteps. Amazon also has an incentive to reduce the number of lost packages, as they can be costly.

Read more of this story at Slashdot.

North Korean Hackers Stole U.S.-South Korean Military Plans, Lawmaker Says

Slashdot - Your Rights Online - Wt, 2017-10-10 22:50
North Korean hackers stole a vast cache of data, including classified wartime contingency plans jointly drawn by the United States and South Korea, when they breached the computer network of the South Korean military last year, a South Korean lawmaker said Tuesday (alternative source). From a report: One of the plans included the South Korean military's plan to remove the North Korean leader, Kim Jong-un, referred to as a "decapitation" plan, should war break out on the Korean Peninsula, the lawmaker, Rhee Cheol-hee, told reporters. Mr. Rhee, a member of the governing Democratic Party who serves on the defense committee of the National Assembly, said he only recently learned of the scale of the North Korean hacking attack, which was first discovered in September last year. It was not known whether any of the military's top secrets were leaked, although Mr. Rhee said that nearly 300 lower-classification confidential documents were stolen. The military has not yet identified nearly 80 percent of the 235 gigabytes of leaked data, he said.

Read more of this story at Slashdot.

It's Illegal to Pirate Films in Iran, Unless You're the Government

Slashdot - Your Rights Online - Wt, 2017-10-10 22:10
An anonymous reader shares a report: While legal "pirating" exists in Iran, six administrators of the Iranian pirate movie site TinyMoviez have been arrested by Iranian authorities. This was a website the Iranian national broadcaster had used to download and nationally air movies in the past. The exact date of the arrests are unknown, but Tehran's Prosecutor General announced the arrests on September 26, 2017. The website is still online, but users haven't been able to download content from it since September 19, 2017. Now TinyMoviez administrators are finding themselves on the wrong side of Iran's odd and often pirating friendly copyright laws. Iran's copyright law is a quagmire when it comes to understanding what rights exists for creators of an original piece of work, and what rights exist for those wanting to re-distribute original works, such as movies. Meanwhile, Article 8 gives the government broad powers to reproduce work that is not its own. This means that the government is exempt from Article 23, which criminalizes the theft of another's work.

Read more of this story at Slashdot.

PSA: Microsoft Is Using Cortana To Read Your Private Skype Conversations

Slashdot - Your Rights Online - Wt, 2017-10-10 12:00
BrianFagioli shares a report from BetaNews: With Cortana's in-context assistance, it's easier to keep your conversations going by having Cortana suggest useful information based on your chat, like restaurant options or movie reviews. And if you're in a time crunch? Cortana also suggests smart replies, allowing you to respond to any message quickly and easily -- without typing a thing," says The Skype Team. The team further says, "Cortana can also help you organize your day -- no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled. So, whether you're talking about weekend plans or an important work appointment, nothing will slip through the cracks." So, here's the deal, folks. In order for this magical "in-context" technology to work, Cortana is constantly reading your private conversations. If you use Skype on mobile to discuss private matters with your friends or family, Cortana is constantly analyzing what you type. Talking about secret business plans with a colleague? Yup, Microsoft's assistant is reading those too. Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions. With that said, there is the potential for abuse. Microsoft could use Cortana's analysis to spy on you for things like advertising or worse, and that stinks. Is it really worth the risk to have smart replies and suggested calendar entries? I don't know about you, but I'd rather not have my Skype conversations read by Microsoft.

Read more of this story at Slashdot.

Equifax Made Salary, Work History Available To Anyone With Your SSN and DOB

Slashdot - Your Rights Online - Wt, 2017-10-10 05:30
An anonymous reader quotes a report from KrebsOnSecurity: In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown number of Americans. Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax. At issue is a service provided by Equifax's TALX division called The Work Number. The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it. The Work Number also allows anyone whose employer uses the service to provide proof of their income when purchasing a home or applying for a loan. The homepage for this Equifax service wants to assure visitors that "Your personal information is protected." "With your consent your personal data can be retrieved only by credentialed verifiers," Equifax assures us, referring mainly to banks and other entities that request salary data for purposes of setting credit limits. Sadly, this isn't anywhere near true because most employers who contribute data to The Work Number -- including Fortune 100 firms, government agencies and universities -- rely on horribly weak authentication for access to the information.

Read more of this story at Slashdot.

Face ID Is Coming To the iPad Pro Next Year, Says Report

Slashdot - Your Rights Online - Wt, 2017-10-10 02:10
According to MacRumors, KGI Securities analyst Ming-Chi Kuo said iPad Pro models set to be released in 2018 will come equipped with a TrueDepth Camera and will support Face ID. Apple is believed to be adding TrueDepth cameras to the iPad Pro to introduce a user experience that's consistent with the iPhone X and boost competitiveness. From the report: According to Kuo, TrueDepth Cameras will be limited to the iPad Pro, which is Apple's main flagship tablet device. Kuo also predicts 2018 iPhone models will adopt the new camera technology coming in the iPhone X, as he has mentioned in a previous note: "We predict iOS devices to be equipped with TrueDepth Camera in 2018F will include iPhone X and 2018 new iPhone and iPad models. Because of this, we believe more developers will pay attention to TrueDepth Camera/ facial recognition related applications. We expect Apple's (U.S.) major promotion of facial recognition related applications will encourage the Android camp to also dedicate more resources to developing hardware and facial recognition applications."

Read more of this story at Slashdot.

SpaceX's Mars Vision Puts Pressure on NASA's Manned Exploration Programs

Slashdot - Your Rights Online - Pn, 2017-10-09 18:45
An anonymous reader shares a report: Entrepreneur Elon Musk's announcement late last month accelerating plans for manned flights to Mars ratchets up political and public relations pressure on NASA's efforts to reach the same goal. With Musk publicly laying out a much faster schedule than NASA -- while contending his vision is less expensive and could be financed primarily with private funds -- a debate unlike any before is shaping up over the direction of U.S. space policy. Industry officials and space experts consider the proposal by Musk's Space Exploration to land people on the red planet around the middle of the next decade extremely optimistic. Some supporters concede the deadline appears ambitious even for reaching the moon, while Musk himself acknowledged some of his projected dates are merely "aspirational." But the National Aeronautics and Space Administration doesn't envision getting astronauts to Mars until at least a decade later, a timeline NASA is finding increasingly hard to defend in the face of criticism that it is too slow.

Read more of this story at Slashdot.

Ask Slashdot: Is Deliberately Misleading People On the Internet Free Speech?

Slashdot - Your Rights Online - Pn, 2017-10-09 05:34
Slashdot reader dryriver writes: Before anyone cries "free speech must always be free," let me qualify the question. Under a myriad of different internet sites and blogs are these click-through adverts that promise quick "miracle cures" for everything from toenail fungus to hair loss to tinnitus to age-related skin wrinkles to cancer. A lot of the ads begin with copy that reads "This one weird trick cures....." Most of the "cures" on offer are complete and utter crap designed to lift a few dollars from the credit cards of hundreds of thousands of gullible internet users. The IQ boosting pills that supposedly give you "amazing mental focus after just 2 weeks" don't work at all. Neither do any of the anti-ageing or anti-wrinkle creams, regardless of which "miracle berry" extract they put in them this year. And if you try to cure your cancer with an Internet remedy rather than seeing a doctor, you may actually wind up dead. So the question -- is peddling this stuff online really "free speech"? You are promising something grandiose in exchange for hard cash that you know doesn't deliver any benefits at all. Long-time Slashdot reader apraetor counters, "But how do you determine what is 'true'?" And Slashdot reader ToTheStars argues "It's already established that making claims about medicine is subject to scrutiny by the FDA (or the relevant authority in your jurisdiction)." But are other things the equivalent of yelling "fire" in a crowded movie theatre? Leave your best thoughts in the comments. Is deliberately misleading people on the internet free speech?

Read more of this story at Slashdot.

The Case Against Biometric IDs

Slashdot - Your Rights Online - Pn, 2017-10-09 01:34
"The White House and Equifax Agree: Social Security Numbers Should Go," reads a headline at Bloomberg. Securities lawyer Jerri-Lynn Scofield tears down one proposed alternative: a universal biometric identity system (possibly using fingerprints and an iris scan) with further numeric verification. Presto Vivace shared the article: Using a biometric system when the basic problem of securing and safeguarding data have yet to be solved will only worsen, not address, the hacking problem. What we're being asked to do is to turn over our biometric information, and then trust those to whom we do so to safeguard that data. Given the current status of database security, corporate and governmental accountability, etc.: How do you think that is going to play out...? [M]aybe we should rethink the whole impulse to centralize such data collection, for starters. And, after such a thought experiment, then further focus on obvious measures to safeguard such information -- such as installing regular software patches that could have prevented the Equifax hack -- should be the priority. And, how about bringing back a concept in rather short supply in C-suites -- that of accountability? Perhaps measures to increase that might be a better idea than gee whiz misdirected techno-wizardry... The Equifax hack has revealed the sad and sorry state of cybersecurity. But inviting the biometric ID fairy to drop by and replace the existing Social Security number is not the solution. The article calls biometric identification systems "another source of data to be mined by corporations, and surveilled by those who want to do so. And it would ultimately not foil identity theft." It suggests currently biometric ids are a distraction from the push to change the credit bureau business model -- for example, requiring consumers to opt-in to the collection of their personal data.

Read more of this story at Slashdot.

Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI

Slashdot - Your Rights Online - N, 2017-10-08 16:54
An anonymous reader writes: "VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity," writes Bleeping Computer, "but a recent criminal case shows that at least some do store user activity logs." According to the FBI, VPN providers played a key role in identifying an aggressive cyberstalker by providing detailed logs to authorities, even if they claimed in their privacy policies that they don't. The suspect is a 24-year-old man that hacked his roommate, published her private journal, made sexually explicit collages, sent threats to schools in the victim's name, and registered accounts on adult portals, sending men to the victim's house... FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."

Read more of this story at Slashdot.

Google Accused of Racketeering. Lawsuit Claims 'Pattern' Of Trade Secret Thefts

Slashdot - Your Rights Online - N, 2017-10-08 05:34
schwit1 quotes the Mercury News: In an explosive new allegation, a renowned architect has accused Google of racketeering, saying in a lawsuit the company has a pattern of stealing trade secrets from people it first invites to collaborate. Architect Eli Attia spent 50 years developing what his lawsuit calls "game-changing new technology" for building construction. Google in 2010 struck a deal to work with him on commercializing it as software, and Attia moved with his family from New York to Palo Alto to focus on the initiative, code-named "Project Genie." The project was undertaken in Google's secretive "Google X" unit for experimental "moonshots." But then Google and its co-founders Larry Page and Sergey Brin "plotted to squeeze Attia out of the project" and pretended to kill it but used Attia's technology to "surreptitiously" spin off Project Genie into a new company, according to the lawsuit... This week, a judge in Santa Clara County Superior Court approved the addition of racketeering claims to the lawsuit originally filed in 2014. Attia's legal team uncovered six other incidents in which Google had engaged in a "substantially similar fact pattern of misappropriation of trade secrets" from other people or companies, according to a July 25 legal filing from Attia. Wired reported yesterday that Project Loon -- also a Google X project -- "is embroiled in a lawsuit with Space Data, a small company accusing Alphabet of patent infringement, misappropriation of trade secrets, and breach of contract following a failed acquisition bid." The lawyer for the racketeering suit complains Google can deploy a "virtually unlimited budget to fight these things in court."

Read more of this story at Slashdot.

HP Enterprise Let Russia Scrutinize The Pentagon's Cyberdefense Software

Slashdot - Your Rights Online - N, 2017-10-08 00:34
"A Russian defense agency was allowed to review the cyberdefense software used by the Pentagon to protect its computer networks," writes new submitter quonset. "This according to Russian regulatory records and interviews with people with direct knowledge of the issue." Reuters reports: The Russian review of ArcSight's source code, the closely guarded internal instructions of the software, was part of Hewlett Packard Enterprise's effort to win the certification required to sell the product to Russia's public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman. Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack. "It's a huge security vulnerability," said Greg Martin, a former security architect for ArcSight. "You are definitely giving inner access and potential exploits to an adversary." It's another example of the problems security companies face when they try to do business internationally, according to Reuters. "One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that U.S. intelligence services have not placed spy tools in the software." Long-time Slashdot reader bbsguru has his own worries. "So, opening your code for review because it is demanded by a potential customer? What could possibly go wrong? HPE may find out, and the U.S. Military is among the many clients depending on the answer."

Read more of this story at Slashdot.