aggregator

65 Percent of Major US Banks Have Failed Web Security Testing, Says Report

Slashdot - Your Rights Online - Wt, 2017-07-04 03:55
According to IBS Intelligence, websites run by some of the largest banks in the U.S. have scored the poorest in a new security and privacy analysis audit. "The non-profit Online Trust Alliance (OTA) anonymously audited more than 1,000 websites, ranking their security and privacy practices," reports IBS Intelligence. "None of the sites investigated knew about the test." From the report: In the firm's Online Trust Audit & Honor Roll for 2017 many U.S. banks were among the worst for security and privacy. The industry had both the most failing grades and the least "Honor Roll" recipients. For firms to receive the Honor Roll award, they must achieve an overall score of 80% or higher across three categories: consumer protection, security and privacy. A failure in any of the three squashes its chance entirely. Look away now if you're a U.S. banking customer, as only 27% of the 100 largest banks in the country made the grade. The figure represents a 28% drop from 2016. According to the OTA, the sector had been showing signs of improvement. Yet, due to "increased breaches, low privacy scores and low levels of email authentication," things have slipped. Large banks were found to have moderately good website security (17% of failures) but dropped the ball when it came to their email security (45%) and privacy (34%).

Read more of this story at Slashdot.

Norway To Ban the Use of Oil For Heating Buildings By 2020

Slashdot - Your Rights Online - Wt, 2017-07-04 03:25
Norway, which is the largest producer of oil and natural gas outside of the Middle East, is set to become the first country in the world to ban the use of gas to heat buildings. The country plans to pass legislation that will stop the use of both oil and paraffin to warm buildings from 2020 onwards. The Independent reports: Vidar Helgesenlaid, the nation's Environment Minister, laid out the plans in a statement, saying: "Those using fossil oil for heating must find other options by 2020." The country advises its citizens to research alternatives to oil such as heat pumps, hydroelectricity, and even special stoves that burn wood chips. By some stage, the legislation could be widened to include restrictions on using natural gas to heat buildings. The Ministry of Climate and Environment said the ban would apply to both new and old buildings and cover both private homes and the public space of businesses and state-owned facilities. The ministry says the plans are expected to lessen Norway's emissions of heat-trapping greenhouse gases by an estimated 340,000 tons per year, compared to overall national emissions of 53.9 million tons in 2015.

Read more of this story at Slashdot.

Apple Tests 3-D Face Scanning To Unlock Next iPhone: Bloomberg

Slashdot - Your Rights Online - Wt, 2017-07-04 01:20
Five years ago, Apple made fingerprint scanners on smartphones popular. Now the company may have found a better technology to replace it. According to Mark Gurman of Bloomberg, the Cupertino-based company is exploring 3D facial detection as a replacement for Touch ID fingerprint authentication. From the article: This is powered by a new 3-D sensor, added the people, who asked not to be identified discussing technology that's still in development. The company is also testing eye scanning to augment the system, one of the people said. The sensor's speed and accuracy are focal points of the feature. It can scan a user's face and unlock the iPhone within a few hundred milliseconds, the person said. It is designed to work even if the device is laying flat on a table, rather than just close up to the face. The feature is still being tested and may not appear with the new device. However, the intent is for it to replace the Touch ID fingerprint scanner, according to the person.

Read more of this story at Slashdot.

Warner Bros., Tolkien Estate Settle $80 Million 'Hobbit' Lawsuit

Slashdot - Your Rights Online - Wt, 2017-07-04 00:00
Five years later and it appears Warner Bros. and the estate of author J.R.R. Tolkien have settled their lawsuit over the digital exploitation of The Hobbit and The Lord of the Rings. "The Tolkien Estate and book publisher HarperCollins filed a $80 million lawsuit in 2012 alleging that Warners, its New Line subsidiary and Rings/Hobbit rightsholder Saul Zaentz Co. infringed copyright and breached contract by overstepping their authority," reports Hollywood Reporter. "The plaintiffs claimed that a decades-old rights agreement entitled the studio to create only 'tangible' merchandise based on the books, not other digital exploitations that the estate called highly offensive." From the report: The lawsuit brought the two sides into a new battle. Previously, New Line and the Tolkien Estate had fought over profit participation, coming to a deal in 2009 pegged as being worth more than $100 million. As Warner Bros. readied a Peter Jackson big-screen adaptation of The Hobbit, the Tolkien Estate began investigating digital exploitations when its attorney received a spam e-mail about the Lord of the Rings: The Fellowship of the Ring: Online Slot Game. The subsequent complaint filed in court talked about irreparable harm to Tolkien's legacy and reputation from the prospect of everything from online games to housing developments. In reaction, Warner Bros. filed counterclaims, alleging that repudiation of a 1969 contract and 2010 regrant caused the studio to miss out on millions in Hobbit licensing and decreased exposure to the Jackson films. Warners contended that digital exploitations was both customary and within its scope of rights. Those counterclaims became the subject of a side fight over whether Warners could sue for being sued. The 9th Circuit Court of Appeals agreed that Warner Bros. had properly asserted contract claims.

Read more of this story at Slashdot.

Facebook Can Track Your Browsing Even After You've Logged Out, Judge Says

Slashdot - Your Rights Online - Pn, 2017-07-03 22:40
A U.S. judge has dismissed nationwide litigation accusing Facebook of tracking users' internet activity even after they logged out of the social media website. From a report: The plaintiffs alleged that Facebook used the "like" buttons found on other websites to track which sites they visited, meaning that the Menlo Park, California-headquartered company could build up detailed records of their browsing history. The plaintiffs argued that this violated federal and state privacy and wiretapping laws. US district judge Edward Davila in San Jose, California, dismissed the case because he said that the plaintiffs failed to show that they had a reasonable expectation of privacy or suffered any realistic economic harm or loss. Davila said that plaintiffs could have taken steps to keep their browsing histories private, for example by using the Digital Advertising Alliance's opt-out tool or using "incognito mode", and failed to show that Facebook illegally "intercepted" or eavesdropped on their communications.

Read more of this story at Slashdot.

Russia Behind Cyber-attack, Says Ukraine's Security Service

Slashdot - Your Rights Online - Pn, 2017-07-03 18:41
Ukraine says it has discovered who the perpetrators of last week's destructive ransomware attack are. From a report: Ukraine says it has proof that Russian security services were involved in the cyber-attack that targeted businesses around the world last week. The country's security service, the SBU, said it had obtained data that points to a link with an attack on the nation's capital, Kiev, in December. Ukrainian firms were among the first to report issues with malicious software on Tuesday, before the virus spread. Moscow denied any involvement, adding that the allegations were "unfounded". The virus, which disrupted IT systems across the globe, froze computers and demanded a ransom be paid in the digital currency Bitcoin, which is untraceable. Further reading: The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise.

Read more of this story at Slashdot.

Google's DeepMind and UK Hospitals Made Illegal Deal For Health Data, Says Watchdog

Slashdot - Your Rights Online - Pn, 2017-07-03 18:00
A deal between UK hospitals and Google's AI subsidiary DeepMind "failed to comply with data protection law," according to the UK's data watchdog. From a report: The Information Commissioner's Office (ICO) made its ruling today after a year-long investigation into the agreement, which saw DeepMind process 1.6 million patient records belonging to UK citizens for the Royal Free Trust -- a group of three London hospitals. The deal was originally struck in 2015, and has since been superseded by a new agreement. At the time, DeepMind and the Royal Free said the data was being shared to develop an app named Streams, which would alert doctors if patients were at risk from a condition called acute kidney injury. An investigation by the New Scientist revealed that the terms of the agreement were more broad than hand been originally implied. DeepMind has since made new deals to deploy Streams in other UK hospitals.

Read more of this story at Slashdot.

US Lifts Laptop Restriction For Flights From Abu Dhabi

Slashdot - Your Rights Online - Pn, 2017-07-03 16:40
The United States has lifted a ban on laptops in cabins on flights from Abu Dhabi to the United States, saying Etihad Airways had put in place required tighter security measures. From a report: Etihad welcomed the decision on Sunday and credited a facility at Abu Dhabi International Airport where passengers clear U.S. immigration before they land in the United States for "superior security advantages" that had allowed it to satisfy U.S. requirements. Transportation Security Administration officials have checked that the measures had been implemented correctly, according to the Department of Homeland Security (DHS). U.S. officials assessed the airport on Saturday night, Abdul Majeed al-Khoori, acting chief executive of operator Abu Dhabi Airports told Reuters on Monday. The disruption to passengers from the new measures will be "very minimal" with the processing time for those traveling to the United States unchanged, he said by phone.

Read more of this story at Slashdot.

Seattle Minimum Wage Study Has Serious Flaws

Slashdot - Your Rights Online - Pn, 2017-07-03 13:34
"Remember the story from last week about how the new Seattle minimum wage law was hurting workers?" writes Slashdot reader PopeRatzo. "Well, it turns out that there are some problems with the study's methodology." The Washington Post reports: First, their data exclude workers at businesses that have more than one location; in other words, while workers at a standalone mom-and-pop restaurant show up in their results, workers at Starbucks and McDonald's don't. Almost 40 percent of workers in Washington state work at multi-location businesses, and since Seattle's minimum wage increase has been larger at large businesses than at small ones -- right now, a worker at a company with more than 500 employees is guaranteed $13.50 an hour, while a worker at a company with fewer than 500 employees is guaranteed only $11 an hour -- these workers' exclusion from the study's results is an especially germane problem (note that low-wage workers in Seattle have had an incentive to switch from small firms to large firms since the minimum wage started rising). In earlier work, in fact, the University of Washington team's results were different depending on whether these workers were included in their analysis; including them made the effects of the minimum wage look more positive. Second, the University of Washington team does not present enough data for us to assess the validity of its "synthetic control" in Washington -- that is, the set of areas to which they compare the results they observe in Seattle. The Seattle labor market is not necessarily comparable to other labor markets in the state, and given some of the researchers' implausible results, it's hard to believe the comparison group they chose is an appropriate one. Suggesting Seattle's booming labor market may have skewed the study's results, two nonpartisan economists concluded it "suffers from a number of data and methodological problems that bias the study in the direction of finding job loss, even where there may have been no job loss at all." And the Washington Post also notes the researchers findings are suspiciously "out of step with a large body of research," including another study from U.C. Berkeley researchers [PDF] which determined Seattle's wage increase "is having its intended effect."

Read more of this story at Slashdot.

Should Kaspersky Lab Show Its Source Code To The US Government?

Slashdot - Your Rights Online - Pn, 2017-07-03 01:34
Today the CEO of Kaspersky Lab said he's willing to show the company's source code to the U.S. government, testify before Congress, and even move part of his research work to the U.S. to dispel suspicious about his company. The Associated Press reports: Kaspersky, a mathematical engineer who attended a KGB-sponsored school and once worked for Russia's Ministry of Defense, has long been eyed suspiciously by his competitors, particularly as his anti-virus products became popular in the U.S. market. Some speculate that Kaspersky, an engaging speaker and a fixture of the conference circuit, kept his Soviet-era intelligence connections. Others say it's unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President Vladimir Putin. No firm evidence has ever been produced to back up the claims... Like many cybersecurity outfits in the U.S. and elsewhere, some Kaspersky employees are former spies. Kaspersky acknowledged having ex-Russian intelligence workers on his staff, mainly "in our sales department for their relationship with the government sector." But he added that his company's internal network was too segregated for a single rogue employee to abuse it. "It's almost not possible," he said. "Because to do that, you have to have not just one person in the company, but a group of people that have access to different parts of our technological processes. It's too complicated." And he insisted his company would never knowingly cooperate with any country's offensive cyber operations. A key Democrat on the Senate Armed Services Committee has told ABC that "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure." Meanwhile, Slashdot reader Kiralan shares this article from Gizmodo noting Kaspersky Lab "has worked with both Moscow and the FBI in the past, often serving as a go-between to help the two governments cooperate." But setting the precedent of gaining trust through source code access is dangerous, as is capitulating to those demands. Russia has been making the same requests of private companies recently. Major technology companies like Cisco, IBM, Hewlett Packard Enterprise, McAfee, and SAP have agreed to give the Russian government access to "code for security products such as firewalls, anti-virus applications and software containing encryption," according to Reuters. Security firm Symantec pointedly refused to cooperate with Russian demands last week. "It poses a risk to the integrity of our products that we are not willing to accept," a Symantec spokesperson said in a statement.

Read more of this story at Slashdot.

The US Considers A Remote Identification System For Drones

Slashdot - Your Rights Online - N, 2017-07-02 23:34
An anonymous reader quotes Engadget: The FAA is still trying to figure out the best way to regulate drones to ensure safety. Last week, a committee tasked with tackling the issue met for the first time, including representatives from Amazon, Ford and NYPD. One of the items discussed was a better way to identify registered drones from the ground since any ID numbers are pretty much invisible while the UAV is airborne... As Recode notes, Congress is working to restore mandatory registration which would be key to tying a drone to its owner for the purposes of any remote identification... Back in March, [drone manufacturer] DJI proposed what it calls an "electronic identification framework" for all drones that would give authorities in the U.S. information about the owner when necessary. That proposal includes using the radio tech DJI says is already on most drones to transmit details like location and registration number. EPIC (Electronic Privacy Information Center) made a similar recommendation back in January 2016... [T]he FAA committee is scheduled to meet again on July 18th. Any formal recommendations are currently due to the agency by September 30th.

Read more of this story at Slashdot.