aggregator

European Parliament Committee Endorses End-To-End Encryption

Slashdot - Your Rights Online - N, 2017-06-18 13:21
The civil liberties committee of the European Parliament has released a draft proposal "in direct contrast to the increasingly loud voices around the world to introduce regulations or weaken encryption," according to an anonymous Slashdot reader. Tom's Hardware reports: The draft recommends a regulation that will enforce end-to-end encryption on all communications to protect European Union citizens' fundamental privacy rights. The committee also recommended a ban on backdoors. Article 7 of the E.U.'s Charter of Fundamental Rights says that E.U. citizens have a right to personal privacy, as well as privacy in their family life and at home. According to the EP committee, the privacy of communications between individuals is also an important dimension of this right... We've lately seen some EU member states push for increased surveillance and even backdoors in encrypted communications, so there seems to be some conflict here between what the European Parliament institutional bodies may want and what some member states do. However, if this proposal for the new Regulation on Privacy and Electronic Communications passes, it should significantly increase the privacy of E.U. citizens' communications, and it won't be so easy to roll back the changes to add backdoors in the future. Security researcher Lukasz Olejnik says "the fact that policy is seriously considering these kind of aspects is unprecedented."

Read more of this story at Slashdot.

Ask Slashdot: How Do You Prepare For The Theft Of Your PC?

Slashdot - Your Rights Online - N, 2017-06-18 09:18
A security-conscious Slashdot reader has theft insurance -- but worries whether it covers PC theft. And besides the hassles of recreating every customization after restoring from backups, there's also the issue of keeping personal data private. I currently keep important information on a hidden, encrypted partition so an ordinary thief won't get much off of it, but that is about the extent of my preparation... What would you do? Some sort of beacon to let you know where your stuff is? Remote wipe? Online backup? There's a couple of issues here -- including privacy, data recovery, deterrence, compensation -- each leading to different ways to answer the question: what can you actually do to prepare for the possibility? So use the comments to share your own experiences. How have you prepared for the theft of your PC?

Read more of this story at Slashdot.

What Happens When Software Companies Are Liable For Security Vulnerabilities?

Slashdot - Your Rights Online - N, 2017-06-18 01:06
mikeatTB shares an article from TechRepublic: Software engineers have largely failed at security. Even with the move toward more agile development and DevOps, vulnerabilities continue to take off... Things have been this way for decades, but the status quo might soon be rocked as software takes an increasingly starring role in an expanding range of products whose failure could result in bodily harm and even death. Anything less than such a threat might not be able to budge software engineers into taking greater security precautions. While agile and DevOps are belatedly taking on the problems of creating secure software, the original Agile Manifesto did not acknowledge the threat of vulnerabilities as a problem, but focused on "working software [as] the primary measure of progress..." "People are doing exactly what they are being incentivized to do," says Joshua Corman, director of the Cyber Statecraft Initiative for the Atlantic Council and a founder of the Rugged Manifesto, a riff on the original Agile Manifesto with a skew toward security. "There is no software liability and there is no standard of care or 'building code' for software, so as a result, there are security holes in your [products] that are allowing attackers to compromise you over and over." Instead, almost every software program comes with a disclaimer to dodge liability for issues caused by the software. End-User License Agreements (EULAs) have been the primary way that software makers have escaped liability for vulnerabilities for the past three decades. Experts see that changing, however. The article suggests incentives for security should be built into the development process -- with one security professional warning that in the future, "legal precedent will likely result in companies absorbing the risk of open source code."

Read more of this story at Slashdot.

Pentagon Cyberweapons 'Disappointing' Against ISIS

Slashdot - Your Rights Online - So, 2017-06-17 17:38
An anonymous reader quotes the New York Times: It has been more than a year since the Pentagon announced that it was opening a new line of combat against the Islamic State, directing Cyber Command, then six years old, to mount computer-network attacks... "In general, there was some sense of disappointment in the overall ability for cyberoperations to land a major blow against ISIS," or the Islamic State, said Joshua Geltzer, who was the senior director for counterterrorism at the National Security Council until March. "This is just much harder in practice than people think..." Even one of the rare successes against the Islamic State belongs at least in part to Israel, which was America's partner in the attacks against Iran's nuclear facilities. Top Israeli cyberoperators penetrated a small cell of extremist bombmakers in Syria months ago, the officials said. That was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers... The information helped prompt a ban in March on large electronic devices in carry-on luggage on flights from 10 airports in eight Muslim-majority countries to the United States and Britain. Citing military officials, the Times also reports that "locking Islamic State propaganda specialists out of their accounts -- or using the coordinates of their phones and computers to target them for a drone attack -- is now standard operating procedure."

Read more of this story at Slashdot.

Snowden's Former Employer Under Criminal Investigation For Fraudulent Billing

Slashdot - Your Rights Online - So, 2017-06-17 16:34
McGruber writes: Booz Allen Hamilton, the contracting firm that was Edward Snowden's employer when he leaked classified information from the NSA has announced that it is under a federal civil and criminal investigation of its billing practices. The disclosure in a regulatory filing sent shares of parent company Booz Allen Hamilton Holding Corp. tumbling $7.33, or 18.6 percent, to $32 in Friday trading.

Read more of this story at Slashdot.

Air Force Budget Reveals How Much SpaceX Undercuts Launch Prices

Slashdot - Your Rights Online - So, 2017-06-17 12:00
An anonymous reader quotes a report from Ars Technica: In 2014, the U.S. Government Accountability Office issued a report on cost estimates for the U.S. Air Force's program to launch national security payloads, which at the time consisted of a fleet of rockets maintained and flown entirely by United Launch Alliance (ULA). The report was critical of the non-transparent nature of ULA's launch prices and noted that the government "lacked sufficient knowledge to negotiate fair and reasonable launch prices" with the monopoly. At around the same time, the new space rocket company SpaceX began to aggressively pursue the opportunity to launch national security payloads for the government. SpaceX claimed to offer a substantially lower price for delivering satellites into various orbits around Earth. But because of the lack of transparency, comparing prices was difficult. The Air Force recently released budget estimates for fiscal year 2018, and these include a run out into the early 2020s. For these years, the budget combines the fixed price rocket and ELC contract costs into a single budget line. (See page 109 of this document). They are strikingly high. According to the Air Force estimate, the "unit cost" of a single rocket launch in fiscal year 2020 is $422 million, and $424 million for a year later. SpaceX sells basic commercial launches of its Falcon 9 rocket for about $65 million. But, for military launches, there are additional range costs and service contracts that add tens of millions of dollars to the total price. It therefore seems possible that SpaceX is taking a loss or launching at little or no profit to undercut its rival and gain market share in the high-volume military launch market. Elon Musk retweeted the article, adding "$300M cost diff between SpaceX and Boeing/Lockheed exceeds avg value of satellite, so flying with SpaceX means satellite is basically free."

Read more of this story at Slashdot.

Firm Responsible For Mirai-Infected Webcams Hires Software Firm To Make Its Products More Secure

Slashdot - Your Rights Online - So, 2017-06-17 02:30
chicksdaddy writes from a report via The Security Ledger: After seeding the globe with hackable DVRs and webcams, Zhejiang Dahua Technology Co., Ltd. of Hangzhou, China will be working with the U.S. firm Synopsys to "enhance the security of its Internet of Things (IoT) devices and solutions." Dahua, based in Hangzhou, China said it will with Mountain View based Synopsys to "enhance the security of its Internet of Things (IoT) devices and solutions." In a joint statement, the companies said Dahua will be adopting secure "software development life cycle (SDLC) and supply chain" practices using Synopsys technologies in an effort to reduce the number of "vulnerabilities that can jeopardize our products," according to a statement attributed to Fu Liquan, Dahua's Chairman, The Security Ledger reports. Dahua's cameras and digital video recorders (DVRs) figured prominently in the Mirai botnet, which launched massive denial of service attacks against websites in Europe and the U.S., including the French web hosting firm OVH, security news site Krebsonsecurity.com and the New Hampshire based managed DNS provider Dyn. Cybercriminals behind the botnet apparently exploited an overflow vulnerability in the web interface for cameras and DVRs to gain access to the underlying Linux operating system and install the Mirai software, according to research by the firm Level3. In March, Dahua was called out for another, serious vulnerability in eleven models of video recorders and IP cameras. Namely: a back door account that gave remote attackers full control of vulnerable devices without the need to authenticate to the device. The flaw was first disclosed on the Full Disclosure mailing list and described as "like a damn Hollywood hack, click on one button and you are in."

Read more of this story at Slashdot.

Alleged KickassTorrents Owner Considers 'Voluntary Surrender' To the US

Slashdot - Your Rights Online - So, 2017-06-17 02:00
An anonymous reader quotes a report from TorrentFreak: Earlier this year a Polish court ruled that Artem Vaulin, the alleged owner of the defunct torrent site KickassTorrents, can be extradited to the United States. The decision came as a disappointment to the defense team, which quickly announced an appeal. Vaulin has since been released on bail and currently resides in a Warsaw apartment. His release has made it easier to communicate with his attorneys in the United States, who have started negotiations with the U.S. Government. While the extradition appeal is still ongoing, it now appears that under the right conditions Vaulin might consider traveling to the United States voluntarily, so he can "resolve" the pending charges. This is what the defense team states in a motion for a status conference (pdf), which was submitted earlier this week.

Read more of this story at Slashdot.

Movie Piracy Cost Australian Network 'Hundreds of Millions of Dollars'

Slashdot - Your Rights Online - Pt, 2017-06-16 22:10
Film television piracy and illegal downloads are partly to blame for Australian broadcaster Ten Network's woes, according to Village Roadshow co-chief executive Graham Burke. From a report: He said piracy had cost Ten "hundreds of millions of dollars" in potential advertising revenue because of lower ratings resulting from pirated versions of films supplied by 21st Century Fox under an onerous output deal with the Hollywood studio. He said copies of Fox's Leonardo DiCaprio movie The Revenant and The Peanuts Movie were stolen last year and shared illegally via a piracy website. "Piracy is a much bigger channel and an illicit economy than the three main commercial networks combined. It is ripping off viewers from legitimate, taxpaying enterprises," Mr Burke said. "The product that Ten is buying from 21st Century Fox and is now arriving have been pirated out of sight."

Read more of this story at Slashdot.

Facebook Exposes Employee Data To Terrorists

Slashdot - Your Rights Online - Pt, 2017-06-16 20:10
An anonymous reader writes: The Guardian is reporting that Facebook accidentally exposed the personal information of the moderators that remove terrorist content to the groups that posted that very content. From the article it looks like 6 of them actually had their profiles viewed. From the article, "The security lapse affected more than 1,000 workers across 22 departments at Facebook who used the company's moderation software to review and remove inappropriate content from the platform, including sexual material, hate speech and terrorist propaganda." What are Facebook's responsibilities here?

Read more of this story at Slashdot.

Putin Claims Russia Proposed a Cyber War Treaty In 2015 But the Obama Admin Ignored Them

Slashdot - Your Rights Online - Pt, 2017-06-16 18:00
An anonymous reader writes: Russian president Vladimir Putin (who denies any Russian part in the hacking) claims the Obama administration ignored a proposal in 2015 that might have avoided all of this. His administration suggested working out a cyber treaty with the US but was ignored by Obama officials, Putin told film director Oliver Stone in Showtime's four-part series broadcast this week. "A year and a half ago, in fall 2015, we made proposal to our American partners that we work through these issues and conclude a treaty on the rules of behavior in this sphere," he said in Stone's documentary The Putin Interviews. "The American side was silent, they didn't reply to us."

Read more of this story at Slashdot.

EU Poised To Fine Google More Than $1 Billion in Antitrust Case

Slashdot - Your Rights Online - Pt, 2017-06-16 16:40
Google is braced for a fine of potentially more than 1bn euro ($1.18 billion) as Brussels prepares to make the first of three antitrust decisions on the search group's practices, the first sanction by a leading competition regulator on the way it operates. From a report: The penalty, expected to be announced in the coming weeks, could exceed the record 1.1 billion euro bill slapped on Intel, in 2009 for anti-competitive behavior in the computer-chip market, the two people told The Times. The European Commission's antitrust body declined to comment to MarketWatch on the FT report, but referred to the latest steps taken in the case against Google. In July last year, the commission reiterated its conclusion that the search giant had "abused its dominant position by systematically favoring its comparison shopping service in its search result pages." Google and its parent company Alphabet were then given 10 weeks to respond to the findings. Reuters reported last month that Google had attempted to settle the dispute with the EU three times in the last six years, but the sides had failed to reach a compromise.

Read more of this story at Slashdot.

Amazon Granted a Patent That Prevents In-Store Shoppers From Online Price Checking

Slashdot - Your Rights Online - Pt, 2017-06-16 15:00
An anonymous reader quotes a report from The Verge: Amazon's long been a go-to for people to online price compare while shopping at brick-and-mortars. Now, a new patent granted to the company could prevent people from doing just that inside Amazon's own stores. The patent, titled "Physical Store Online Shopping Control," details a mechanism where a retailer can intercept network requests like URLs and search terms that happen on its in-store Wi-Fi, then act upon them in various ways. The document details in great length how a retailer like Amazon would use this information to its benefit. If, for example, the retailer sees you're trying to access a competitor's website to price check an item, it could compare the requested content to what's offered in-store and then send price comparison information or a coupon to your browser instead. Or it could suggest a complementary item, or even block content outright. Amazon's patent also lets the retailer know your physical whereabouts, saying, "the location may be triangulated utilizing information received from a multitude of wireless access points." The retailer can then use this information to try and upsell you on items in your immediate area or direct a sales representative to your location.

Read more of this story at Slashdot.

Trump Orders Government To Stop Work On Y2K Bug, 17 Years Later

Slashdot - Your Rights Online - Pt, 2017-06-16 05:30
The federal government will finally stop preparing for the Y2K bug, seventeen years after it came and went. Yes, you read that right. Bloomberg reports: The Trump administration announced Thursday that it would eliminate dozens of paperwork requirements for federal agencies, including an obscure rule that requires them to continue providing updates on their preparedness for a bug that afflicted some computers at the turn of the century. As another example, the Pentagon will be freed from a requirement that it file a report every time a small business vendor is paid, a task that consumed some 1,200 man-hours every year. Seven of the more than 50 paperwork requirements the White House eliminated on Thursday dealt with the Y2K bug, according to a memo OMB released. Officials at the agency estimate the changes could save tens of thousands of man-hours across the federal government. The agency didn't provide an estimate of how much time is currently spent on Y2K paperwork, but Linda Springer, an OMB senior adviser, acknowledged that it isn't a lot since those requirements are already often ignored in practice.

Read more of this story at Slashdot.

Six Companies Awarded $258 Million From US Government To Build Exascale Supercomputers

Slashdot - Your Rights Online - Pt, 2017-06-16 03:45
The U.S. Department of Energy will be investing $258 million to help six leading technology firms -- AMD, Cray Inc., Hewlett Packard Enterprise, IBM, Intel, and Nvidia -- research and build exascale supercomputers. Digital Trends reports: The funding will be allocated to them over the course of a three-year period, with each company providing 40 percent of the overall project cost, contributing to an overall investment of $430 million in the project. "Continued U.S. leadership in high performance computing is essential to our security, prosperity, and economic competitiveness as a nation," U.S. Secretary of Energy Rick Perry said. "These awards will enable leading U.S. technology firms to marshal their formidable skills, expertise, and resources in the global race for the next stage in supercomputing -- exascale-capable systems." The funding will finance research and development in three key areas; hardware technology, software technology, and application development. There are hopes that one of the companies involved in the initiative will be able to deliver an exascale-capable supercomputer by 2021.

Read more of this story at Slashdot.

CIA Created 'CherryBlossom' Toolkit For Hacking Hundreds of Routers Models

Slashdot - Your Rights Online - Pt, 2017-06-16 03:05
An anonymous reader writes: After a two-week hiatus, WikiLeaks dumped new files as part of the Vault 7 series -- documents about a CIA tool named CherryBlossom, a multi-purpose framework developed for hacking hundreds of home router models. The tool is by far one of the most sophisticated CIA malware frameworks in the CIA's possession. The purpose of CherryBlossom is to allow operatives to interact and control SOHO routers on the victim's network. The tool can sniff, log, and redirect the user's Internet traffic, open a VPN to the victim's local network, execute actions based on predefined rules, alert operators when the victim becomes active, and more. A 24-page document included with the CherryBlossom docs lists over 200 router models from 21 vendors that the CIA could hack. The biggest names on this list are Apple, D-Link, Belkin, Aironet (Cisco), Linksys, and Motorola.

Read more of this story at Slashdot.

eBay Urges Customers To Oppose Washington Internet Tax

Slashdot - Your Rights Online - Pt, 2017-06-16 02:05
An anonymous reader quotes a report from KNKX: If you live in Washington state, you might have gotten the email from eBay. It begins: "The Washington State Legislature is threatening to impose new Internet sales tax burdens on you." It goes on to urge the recipient to send a form letter to Washington lawmakers opposing "harmful tax laws." So what's this about? EBay's Brian Bieron said the company is alerting its customers to a proposal to require out-of-state retailers to collect sales tax from Washington residents. "It's the right of all of our users to know when new tax policies would impact their ability to sell online or shop online, we think that they want to know and they want to get involved," Bieron said. The fact eBay is emailing its customer base now indicates the company is concerned the internet tax bill will be part of a final budget deal in Olympia. Washington House Democrats and Senate Republicans are currently trying to hash out a compromise budget that fully fund schools. That agreement will likely include some additional sources of tax revenue. Of all the choices on the table, capturing sales tax from more online sales might prove the most palatable to tax-averse Republicans. House Democrats estimate the proposal could bring in an estimated $341 million over the next two years.

Read more of this story at Slashdot.

Dubai Airport Will Use Biometric Scanning By 2020 To Replace Entry With Passport

Slashdot - Your Rights Online - Pt, 2017-06-16 00:40
dryriver quotes a report from Gulf News: For visitors or residents coming in to Dubai, a new face-recognition software in the offing at the Dubai International Airport will enable them to walk straight to the baggage claim area after deplaning without having to stop at passport control. British start-up ObjectTech announced that they will work with the Dubai government to install biometric tunnels that scan people's faces as they walk to baggage reclaim. The "biometric border" walkway takes a 3D scan of people's faces as they enter the airport and checks it against a digital passport using face-recognition software. If this project is completed, passengers arriving at Dubai airport will be able to step off their flight and walk straight to baggage reclaim via biometric verification tunnels -- allowing them to be registered into the country using a pre-approved and entirely digitized passport.

Read more of this story at Slashdot.

Japan Passes Controversial 'Anti-Conspiracy' Bill

Slashdot - Your Rights Online - Pt, 2017-06-16 00:00
An anonymous reader quotes a report from Virtual Privacy Network Blog, News: Earlier today, after an intentionally rushed consideration process, Japan's Prime Minister Shinzo Abe passed a new mass surveillance law conveniently called the "anti-conspiracy bill." With the vague wording of the bill, anyone suspected of planning any of [the 277 acts listed in the bill] could be put under targeted surveillance. Of course, the Japanese government has promised not to overstep their boundaries and emphasized that the new law is only meant to increase security before the 2020 Olympics. Among the noted crimes that would be punishable in Japan under the new anti-terrorism law is copyright violation, which is a criminal offense not a civil offense in Japan. Both the Japanese Bar Association and the United Nation's Special Rapporteur have spoken out against the law, saying that it will severely curtail civil liberties in Japan. BBC laid out some of the most ridiculous things that someone in Japan can now catch a potentially terrorism-related charge for even planning or discussing on social media the acts of: Copying music; Conducting sit-ins to protest against the construction of apartment buildings; Using forged stamps; Competing in a motor boat race without a license; Mushroom picking in conservation forests; Avoiding paying consumption tax. The stated rationale of the government is that these now-illegal acts, such as copying music to CDs or foraging for mushrooms in conservation forests, could be used to fund terrorist activities. Hence, planning or thinking about them is bad. If this sounds like the Thought Police, that's because it is.

Read more of this story at Slashdot.

Netflix Changes Course, Says It Will 'Never Outgrow' Fight For Net Neutrality

Slashdot - Your Rights Online - Cz, 2017-06-15 21:20
After a few months of wishy-washy statements on net neutrality indicating that the company had largely given up on it, Netflix is changing course. From a report: On July 12, the video streaming company will join Amazon, Reddit, Pornhub, Imgur, and more to incorporate slowed-down or disrupted service to raise awareness for the importance of strong net neutrality guidelines, giving visitors to its site a taste of what a future without a free and open internet could look like. The protest, organized by Fight for the Future, freepress, and Demand Progress, takes place five days before the first deadline for comments on the FCC's proposal to roll back net neutrality protections. The change in heart comes days after Netflix CEO Reed Hastings said, "[Net neutrality is] not narrowly important to us because we're big enough to get the deals we want."

Read more of this story at Slashdot.