aggregator

Fourth US Navy Collision This Year Raises Suspicion of Cyber-Attacks

Slashdot - Your Rights Online - Wt, 2017-08-22 23:20
An anonymous reader quotes a report from The Next Web: Early Monday morning a U.S. Navy Destroyer collided with a merchant vessel off the coast of Singapore. The U.S. Navy initially reported that 10 sailors were missing, and today found "some of the remains" in flooded compartments. While Americans mourn the loss of our brave warriors, top brass is looking for answers. Monday's crash involving the USS John McCain is the fourth in the area, and possibly the most difficult to understand. So far this year 17 U.S. sailors have died in the Pacific southeast due to seemingly accidental collisions with civilian vessels. Should four collisions in the same geographical area be chalked up to coincidence? Could a military vessel be hacked? In essence, what if GPS spoofing or administrative lockout caused personnel to be unaware of any imminent danger or unable to respond? The Chief of Naval Operations (CNO) says there's no reason to think it was a cyber-attack, but they're looking into it: "2 clarify Re: possibility of cyber intrusion or sabotage, no indications right now...but review will consider all possibilities," tweeted Adm. John Richardson. The obvious suspects -- if a sovereign nation is behind any alleged attacks -- would be Russia, China, and North Korea, all of whom have reasonable access to the location of all four incidents. It may be chilling to imagine such a bold risk, but it's not outlandish to think a government might be testing cyber-attack capabilities in the field.

Read more of this story at Slashdot.

Getting NASA To Comply With Simple FOIA Requests Is a Nightmare

Slashdot - Your Rights Online - Wt, 2017-08-22 22:40
From a report on Motherboard: Freedom of Information Act requests are used by journalists, private citizens, and government watchdogs to acquire public documents from government agencies. FOIAing NASA, however, can be an exercise in futility. In one recent case, Motherboard requested all emails from a specific NASA email address with a specific subject line. Other government agencies have completed similar requests with no problems. NASA, however, said it was "unclear what specific NASA records you are requesting." Possibly the only way to be more specific is to knock on NASA's door and show them a printout of what an email is. JPat Brown, executive editor of public records platform MuckRock, explained similarly frustrating experiences with NASA. "Even in cases where we've requested specific contracts by name and number, NASA has claimed that our request was too broad, and added insult to injury with a form letter rejection that includes the sentence 'we are not required to hunt for needles in bureaucratic haystacks,'" Brown told Motherboard in an email. Brown added that NASA has refused to process records unless presented with a requester's home address, something that is not included in the relevant code; and makes it more difficult for requests to obtain 'media' status.

Read more of this story at Slashdot.

Let Consumers Sue Companies

Slashdot - Your Rights Online - Wt, 2017-08-22 22:00
Richard Cordray, the director of the Consumer Financial Protection Bureau, writes: When a data breach at Home Depot in 2014 led to losses for banks nationwide, a group of banks filed a class-action lawsuit seeking compensation. Companies have the choice of taking legal action together. Yet consumers are frequently blocked from exercising the same legal right when they believe that companies have wronged them. That's because many contracts for products like credit cards and bank accounts have mandatory arbitration clauses that prevent consumers from joining group lawsuits, forcing them to go it alone. For example, a group lawsuit against Wells Fargo for secretly opening phony bank accounts was blocked by arbitration clauses that pushed individual consumers into closed-door proceedings. In 2010, the Consumer Financial Protection Bureau was authorized to study mandatory arbitration and write rules consistent with the study. After five years of work, we recently finalized a rule to stop companies from denying groups of consumers the option of going to court when they are treated unfairly. Opponents have unleashed attacks to overturn the rule, and the House just passed legislation to that end. Before the Senate decides whether to protect companies or consumers, it's worth correcting the record. First, opponents claim that plaintiffs are better served by acting individually than by joining a group lawsuit. This claim is not supported by facts or common sense. Our study contained revealing data on the results of group lawsuits and individual actions. We found that group lawsuits get more money back to more people. In five years of group lawsuits, we tallied an average of $220 million paid to 6.8 million consumers per year. Yet in the arbitration cases we studied, on average, 16 people per year recovered less than $100,000 total. It is true that the average payouts are higher in individual suits. But that is because very few people go through arbitration, and they generally do so only when thousands of dollars are at stake, whereas the typical group lawsuit seeks to recover small amounts for many people. Almost nobody spends time or money fighting a small fee on their own. As one judge noted, "only a lunatic or a fanatic sues for $30."

Read more of this story at Slashdot.

Estonia Proposes Estcoin, a Government Backed Cryptocurrency, Issued Via an Initial Coin Offering After e-Residency Success

Slashdot - Your Rights Online - Wt, 2017-08-22 21:20
Estonia is living up to its digital reputation and setting tongues wagging with its latest idea: its very own digital currency issued via an initial coin offering (ICO). From a report: The buzz word of the moment in the heady world of cyptocurrencies, ICOs, are being used to raise cash via a digital token that's issued to investors. What investors get back in return depends what the company offers, much like crowdfunding, but can be some sort of stake in the company or merely being able to use the blockchain-based software it's building. But what's on offer in a potential ICO of a nation state? That's exactly what Estonia wants to work out. The head of its innovative e-residency programme has said the country is considering what the issuance of "estcoin", the country's very own digital currency, would look like. In a blog post, Kaspar Korjus said: "Estcoins could be managed by the Republic of Estonia, but accessed by anyone in the world through its e-Residency programme and launched through an Initial Coin Offering (ICO)."

Read more of this story at Slashdot.

Popular Weather App AccuWeather Caught Sending User Location Data, Even When Location Sharing is Off

Slashdot - Your Rights Online - Wt, 2017-08-22 20:40
Zack Whittaker, reporting for ZDNet: Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing. AccuWeather is one of the most popular weather apps in Apple's app store, with a near perfect four-star rating and millions of downloads to its name. But what the app doesn't say is that it sends sensitive data to a firm designed to monetize user locations without users' explicit permission. Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn't have permission to access the device's precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours. That data can be correlated with public data to reveal an approximate location of a user's device. We independently verified the findings, and were able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router's MAC address and public data.

Read more of this story at Slashdot.

Sonos Says Users Must Accept New Privacy Policy Or Devices May Cease To Function

Slashdot - Your Rights Online - Wt, 2017-08-22 18:00
An anonymous reader writes: Sonos has confirmed that existing customers will not be given an option to opt out of its new privacy policy, leaving customers with sound systems that may eventually "cease to function". It comes as the home sound system maker prepares to begin collecting audio settings, error data, and other account data before the launch of its smart speaker integration in the near future. A spokesperson for the home sound system maker told ZDNet that, "if a customer chooses not to acknowledge the privacy statement, the customer will not be able to update the software on their Sonos system, and over time the functionality of the product will decrease. The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function."

Read more of this story at Slashdot.

Two-Factor Authentication Fail: Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency

Slashdot - Your Rights Online - Wt, 2017-08-22 17:25
Reader Cludge shares an NYT report: Hackers have discovered that one of the most central elements of online security -- the mobile phone number -- is also one of the easiest to steal. In a growing number of online attacks, hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim's phone number to a device under the control of the hackers. Once they get control of the phone number, they can reset the passwords on every account that uses the phone number as a security backup -- as services like Google, Twitter and Facebook suggest. "My iPad restarted, my phone restarted and my computer restarted, and that's when I got the cold sweat and was like, 'O.K., this is really serious,'" said Chris Burniske, a virtual currency investor who lost control of his phone number late last year. A wide array of people have complained about being successfully targeted by this sort of attack, including a Black Lives Matter activist and the chief technologist of the Federal Trade Commission. The commission's own data shows that the number of so-called phone hijackings has been rising. In January 2013, there were 1,038 such incidents reported; by January 2016, that number had increased to 2,658. But a particularly concentrated wave of attacks has hit those with the most obviously valuable online accounts: virtual currency fanatics like Mr. Burniske. Within minutes of getting control of Mr. Burniske's phone, his attackers had changed the password on his virtual currency wallet and drained the contents -- some $150,000 at today's values. Most victims of these attacks in the virtual currency community have not wanted to acknowledge it publicly for fear of provoking their adversaries. But in interviews, dozens of prominent people in the industry acknowledged that they had been victimized in recent months.

Read more of this story at Slashdot.

China Relaunches World's Fastest Train

Slashdot - Your Rights Online - Wt, 2017-08-22 09:00
China has decided to relaunch the world's fastest train service following a fatal crash in 2011, where the high speed train service reduced its upper limit from its then-record holding 350 km/h (217 miles/hour) to 250-300 km/h (155-186 miles/hour). Fortune reports: Government-controlled website Thepaper.cn reported that seven pairs of bullet trains will be operating under the name "Fuxing," meaning rejuvenation, according to the South China Morning Post. The trains will once again run at 350 km/h, with a maximum speed of 400 km/h (248 mph). It is reported that the train service will boast a monitoring system that will automatically slow the trains in case of emergency. The Beijing-Shanghai line will begin operating on 21 September and will shorten the nearly 820 mile journey by an hour, to four hours thirty minutes. Nearly 600 million people use this route each year, providing a reported $1 billion in profits . Other routes include Beijing-Tianjin-Hebei, which will begin operation today.

Read more of this story at Slashdot.