aggregator

Estonia Is Enhancing the Security of Its Digital Identities

Slashdot - Your Rights Online - Śr, 2017-11-01 16:40
Estonia is upgrading the security of ID cards and digital IDs used by citizens, residents and e-residents. A new certificates update has been developed based on advanced elliptic-curve cryptography, which is more secure and faster than the SSL certificates previously used. From a report: This certificate update will protect users from a potential security vulnerability that the Estonian government announced last month had been identified by a group of security researchers. It has now been confirmed that the vulnerability is contained in software that had previously been installed on the embedded chip used in ID cards around the world, including those issued by Estonia between 16 October 2014 and 25 October 2017. Although the problem is international, minimising the risk and developing a solution has been a top priority for Estonia since the government was informed. However, there has still been no reported incidents of any Estonian digital ID or ID card being misused in the way described by the researchers. Considerable resources and expertise would be required for this so the risk for most people affected has always been low.

Read more of this story at Slashdot.

Russia's Anti-VPN Law Goes Into Effect

Slashdot - Your Rights Online - Śr, 2017-11-01 15:00
An anonymous reader quotes a report from The Register: A Russian law that bans the use or provision of virtual private networks (VPNs) will come into effect Wednesday. The legislation will require ISPs to block websites that offer VPNs and similar proxy services that are used by millions of Russians to circumvent state-imposed internet censorship. It was signed by President Vladimir Putin on July 29 and was justified as a necessary measure to prevent the spread of extremism online. Its real impact, however, will be to make it much harder for ordinary Russians to access websites ISPs are instructed to block connections to by Russian regulator Roskomnadzor, aka the Federal Service for Supervision of Communications, Information Technology and Mass Media. The law is just one part of a concerted effort by the Russian government to restrict access to information online. While Russia does not appear to be going the same route as China -- which has a country wide, constantly maintained censorship apparatus, known as the Great Firewall of China -- it is clearly following its lead. At the same time as Putin signed the VPN legislation, he signed another that will come into effect in January. That law, like a similar one passed by the Chinese government earlier this year, will require operators of messaging services to verify their users' identities through phone numbers. And it will require operators to introduce systems to cut off any users that are deemed by the Russian government to be spreading illegal content.

Read more of this story at Slashdot.

Verizon Wants To Ban States From Protecting Your Privacy

Slashdot - Your Rights Online - Śr, 2017-11-01 01:20
DSLReports that Verizon sent a letter and white paper last week to the FCC, insisting that "the FCC has ample authority to pre-empt state efforts to protect consumer privacy, and should act to prevent states from doing so." Verizon's letter reads in part: "Allowing every State and locality to chart its own course for regulating broadband is a recipe for disaster. It would impose localized and likely inconsistent burdens on an inherently interstate service, would drive up costs, and would frustrate federal efforts to encourage investment and deployment by restoring the free market that long characterized Internet access service." From the report: But there's several things Verizon is ignoring here. One being that the only reason states are trying to pass privacy laws is because Verizon lobbyists convinced former Verizon lawyer and FCC boss Ajit Pai that it was a good idea to kill the FCC's relatively modest rules. It's also worth noting that ISPs like Verizon (and the lawmakers paid to love them) have cried about protecting "states rights" when states try to pass protectionist laws hamstringing competitors, but in this case appears eager to trample those same state rights should states actually try and protect consumers. Verizon makes it abundantly clear it's also worried that when the FCC votes to kill net neutrality rules later this year, states will similarly try to pass their own rules protecting consumers, something Verizon clearly doesn't want. "States and localities have given strong indications that they are prepared to take a similar approach to net neutrality laws if they are dissatisfied with the result of the Restoring Internet Freedom proceeding," complains Verizon, again ignoring that its lawsuits are the reason that's happening.

Read more of this story at Slashdot.

Vendor Tracks LinkedIn Profile Changes To Alert Client Employers

Slashdot - Your Rights Online - Wt, 2017-10-31 23:20
dcblogs shares a report from TechTarget: IT managers have long had the ability and right to monitor employee behavior on internal networks. Now, HR managers are getting similar capabilities thanks to cloud-based services -- but for tracking employee activity outside of their employer's network. A controversy and court fight is swelling over its potential impact on employee privacy. A San Francisco-based startup, hiQ Labs Inc., offers products based on its analysis of publicly available LinkedIn data. One is Keeper, which identifies employees at risk of being recruited away, and another is Skill Mapper, which analyzes employee skills. The profile data is collected by software bots. The clients of hiQ's service may learn whether a LinkedIn member is a flight risk thanks to an individual risk score: high (red), medium (yellow) or low (green), according to court papers. LinkedIn is in court fighting this, but so far it's losing. A federal judge recently took exception to the use of the CFAA in this case "to punish hiQ for accessing publicly available data." The judge warned such an interpretation "could profoundly impact open access to the internet."

Read more of this story at Slashdot.

New VibWrite System Uses Finger Vibrations To Authenticate Users

Slashdot - Your Rights Online - Wt, 2017-10-31 22:40
An anonymous reader quotes a report from Bleeping Computer: Rutgers engineers have created a new authentication system called VibWrite. The system relies on placing an inexpensive vibration motor and receiver on a solid surface, such as wood, metal, plastic, glass, etc.. The motor sends vibrations to the receiver. When the user touches the surface with one of his fingers, the vibration waves are modified to create a unique signature per user and per finger. Rutgers researchers say that VibWrite is more secure when users are asked to draw a pattern or enter a code on a PIN pad drawn on the solid surface. This also generates a unique fingerprint, but far more complex than just touching the surface with one finger. During two tests, VibWrite verified users with a 95% accuracy and a 3% false positive rate. The only problem researchers encountered in the live trials was that some users had to draw the pattern or enter the PIN number several times before they passed the VibWrite authentication test. Besides improvements to the accuracy with which VibWrite can detect finger vibrations, researchers also plan to look into how VibWrite will behave in outdoor environments to account for varying temperatures, humidity, winds, wetness, dust, dirt, and other conditions. This new novel user authentication system is described in full in a research paper entitled "VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration."

Read more of this story at Slashdot.

Three Women Suing Microsoft for Bias Want To Add 8,630 Peers

Slashdot - Your Rights Online - Wt, 2017-10-31 18:42
A reader shares a report: A lawsuit accusing Microsoft of discriminating against women in technical and engineering roles is poised to grow a lot bigger if it wins class-action status. With the technology sector awash in challenges to white male dominance, the three women spearheading the case against Microsoft told a Seattle federal judge they want to represent about 8,630 peers who have worked for the company since 2012. The women said their expert consultants have determined that discrimination at the Redmond, Washington-based company cost female employees more than 500 promotions and $100 million to $238 million in pay, according to Oct. 27 court filings. They also accused the software maker of maintaining "an abusive, toxic 'boy's club' atmosphere, where women are ignored, abused, or degraded." Microsoft said it strongly disagrees with the allegations, saying the filings "mischaracterize data and other information."

Read more of this story at Slashdot.

Apple Is Designing iPhones, iPads That Would Drop Qualcomm Components

Slashdot - Your Rights Online - Wt, 2017-10-31 15:00
An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): Apple, locked in an intensifying legal fight with Qualcomm, is designing iPhones and iPads for next year that would jettison the chipmaker's components, according to people familiar with the matter. Apple is considering building the devices only with modem chips from Intel and possibly MediaTek because San Diego, Calif.-based Qualcomm has withheld software critical to testing its chips in iPhone and iPad prototypes, according to one of the people. Apple's planned move for next year involve the modem chips that handle communications between wireless devices and cellular networks. Qualcomm is by far the biggest supplier of such chips for the current wireless standard. The Apple plans indicate the battle with Qualcomm could spill beyond the courtroom feud over patents into another important Qualcomm business where it has the potential to send ripples through the smartphone supply chain.

Read more of this story at Slashdot.

Facebook Says 126 Million Americans May Have Seen Russia-Linked Political Posts

Slashdot - Your Rights Online - Wt, 2017-10-31 02:50
Facebook said on Monday that Russia-based operatives published about 80,000 posts on the social network over a two-year period in an effort to sway U.S. politics and that about 126 million Americans may have seen the posts during that time. Reuters reports: Facebook's latest data on the Russia-linked posts - possibly reaching around half of the U.S. population of voting age - far exceeds the company's previous disclosures. It was included in written testimony provided to U.S. lawmakers, and seen by Reuters, ahead of key hearings with social media and technology companies about Russian meddling in elections on Capitol Hill this week. Twitter separately has found 2,752 accounts linked to Russian operatives, a source familiar with the company's written testimony said. That estimate is up from a tally of 201 accounts that Twitter reported in September. Google, owned by Alphabet, said in a statement on Monday it had found $4,700 in Russia-linked ad spending during the 2016 U.S. election cycle, and that it would build a database of election ads. Facebook's general counsel, Colin Stretch, said in the written testimony that the 80,000 posts from Russia's Internet Research Agency were a tiny fraction of content on Facebook, equal to one out of 23,000 posts.

Read more of this story at Slashdot.

Calgary Police Cellphone Surveillance Device Must Remain Top Secret, Judge Rules

Slashdot - Your Rights Online - Wt, 2017-10-31 02:10
Freshly Exhumed writes from a report via CBC.ca: To protect police investigative techniques that may or may not have been used in a Calgary Police Service investigation, their controversial cellphone surveillance device will remain so secretive not even the make and model can be released to the public, according to a court ruling released Monday. The MDI (Mobile Device Identifier) technology -- colloquially called a StingRay after Harris Corporation's IMSI device, which mimics cell towers and intercepts data from nearby phones -- is controversial in part because in at least one Canadian case, prosecutors have taken watered down plea deals rather than disclose information related to the device.

Read more of this story at Slashdot.

A Surge of Sites and Apps Are Exhausting Your CPU To Mine Cryptocurrency

Slashdot - Your Rights Online - Wt, 2017-10-31 01:30
Dan Goodin, writing for ArsTechnica: The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites. The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App. Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms -- including Magento, Joomla, and Drupal -- are also being hacked in large numbers to run the Coinhive programming interface.

Read more of this story at Slashdot.

BlackBerry CEO Promises To Try To Break Customers' Encryption If the US Government Asks Him To

Slashdot - Your Rights Online - Wt, 2017-10-31 00:10
An anonymous reader writes from a report via Techdirt that claims the company has "chosen to proclaim its willingness to hack into its own customers' devices if the government asks." From the report: From a Forbes article: "[CEO John] Chen, speaking at a press Q&A during the BlackBerry Security Summit in London on Tuesday, claimed that it wasn't so simple for BlackBerry to crack its own protections. 'Only when the government gives us a court order we will start tracking it. Then the question is: how good is the encryption? 'Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done.'" Oddly, this came coupled with Chen's assertions its user protections were better than Apple's and its version of the Android operating system more secure than the one offered by competitors. This proactive hacking offer may be pointed to in the future by DOJ and FBI officials as evidence Apple, et al aren't doing nearly enough to cooperate with U.S. law enforcement. Of course, Chen's willingness to try doesn't guarantee the company will be able to decrypt communications of certain users. Blackberry may be opening up to law enforcement but it won't be sharing anything more with its remaining users. From the Forbes article: "Chen also said there were no plans for a transparency report that would reveal more about the company's work with government. 'No one has really asked us for it. We don't really have a policy on whether we will do it or not. Just like every major technology company that deals with telecoms, we obviously have quite a number of requests around the world.'"

Read more of this story at Slashdot.

Indiana Is Purging Voters Using Software That's 99 Percent Inaccurate, Lawsuit Alleges

Slashdot - Your Rights Online - Pn, 2017-10-30 22:12
An anonymous reader quotes a report from The Daily Beast: More than 99 percent of voter fraud identified by a GOP-backed program is false, a study by Harvard, Yale, and Microsoft researchers found. Now Indiana is using the faulty program to de-register voters without warning. In July, Indiana rolled out a new law allowing county officials to purge voter registrations on the spot, based on information from a dubious database aimed at preventing voter fraud. That database, the Interstate Voter Registration Crosscheck Program, identifies people in different states who share the same name and birthdate. Crosscheck has long been criticized as using vague criteria that disproportionately target people of color. Now Indiana voters who share a name and birthdate with another American can have their registrations removed without warning -- a system ripe for abuse, a new lawsuit claims. Crosscheck's premise is simple. The program aims to crack down on people "double voting" in multiple states, by listing people who share a first name, last name, and birthdate. Indiana has used Crosscheck for years. But until July, the state had a series of checks on the program. If Crosscheck found that an Indiana resident's name and birthdate matched that of a person in another state, Indiana law used to require officials to ask that person to confirm their address, or wait until that person went two general election cycles without voting, before the person's name was purged from Indiana voter rolls. Under the state's new law, officials can scrub a voter from the rolls immediately. That's a problem for Indiana residents, particularly people of color, a Friday lawsuit from Common Cause and the American Civil Liberties Union argues.

Read more of this story at Slashdot.

How Kodi Took Over Piracy

Slashdot - Your Rights Online - Pn, 2017-10-30 21:31
A reader shares a report: For years, piracy persisted mainly in the realm of torrents, with sites like The Pirate Bay and Demonoid connecting internet denizens to premium content gratis. But a confluence of factors have sent torrent usage plummeting from 23 percent of all North American daily internet traffic in 2011 to under 5 percent last year. Legal crackdowns shuttered prominent torrent sites. Paid alternatives like Netflix and Hulu made it easier just to pay up. And then there were the "fully loaded" Kodi boxes -- otherwise vanilla streaming devices that come with, or make easily accessible, so-called addons that seek out unlicensed content -- that deliver pirated movies and TV shows with push-button ease. "Kodi and the plugin system and the people who made these plugins have just dumbed down the process," says Dan Deeth, spokesperson for network-equipment company Sandvine. "It's easy for anyone to use. It's kind of set it and forget it. Like the Ron Popeil turkey roaster." Kodi itself is just a media player; the majority of addons aren't piracy focused, and lots of Kodi devices without illicit software plug-ins are utterly uncontroversial. Still, that Kodi has swallowed piracy may not surprise some of you; a full six percent of North American households have a Kodi device configured to access unlicensed content, according to a recent Sandvine study. But the story of how a popular, open-source media player called XBMC became a pirate's paradise might. And with a legal crackdown looming, the Kodi ecosystem's present may matter less than its uncertain future.

Read more of this story at Slashdot.

Google Denies Demoting the Pirate Bay In Some Countries

Slashdot - Your Rights Online - Pn, 2017-10-30 16:40
An anonymous reader writes: Google and The Pirate Bay have had an interesting relationship over the years, to say the least. This week, users pointed out that The Pirate Bay can appear significantly lower down in search results (and definitely not on the first page), depending on which country you are searching in. We reached out to Google, and it denied the allegations that it was demoting the site. TorrentFreak first spotted the odd behavior. The publication used Chrome in incognito mode to search for "The Pirate Bay" in Google with different IP addresses to see where the site's thepiratebay.org domain showed up. An IP address in the U.K., for example, would result in The Pirate Bay showing up on the fifth or sixth page, while an IP address in the U.S. would bring back The Pirate Bay as the top result.

Read more of this story at Slashdot.

Heathrow Airport Security Files Found on USB Stick In The Street

Slashdot - Your Rights Online - N, 2017-10-29 22:34
"The BBC is reporting a security probe after security data about Heathrow was discovered on a USB found on the street," writes long-time Slashdot readers Martin S. From the article: The Sunday Mirror reported that the USB stick had 76 folders with maps, videos and documents, including details of measures used to protect the Queen. A man found it in west London and handed it into the paper, it said. Heathrow said all of its security plans had been reviewed and it was "confident" the airport was secure. "We have also launched an internal investigation to understand how this happened and are taking steps to prevent a similar occurrence in future," it said. The Mirror reports that the USB stick was not encrypted and did not require a password, according to an article shared by Slashdot reader rastos1. Insiders "admitted it sparked a 'very, very urgent' probe, and that it posed 'a risk to national security'."

Read more of this story at Slashdot.

While Equifax Victims Sue, Congress Limits Financial Class Actions

Slashdot - Your Rights Online - N, 2017-10-29 20:34
An anonymous reader quotes a local NBC news report: Stories are starting to pour in about those impacted by last month's massive Equifax data breach, which compromised the private information of more than 140 million people. Katie Van Fleet of Seattle says she's spent months trying to regain her stolen identity, and says it has been stolen more than a dozen times. "I kept receiving letters from Kohl's, from Macy's, from Home Depot, from Old Navy saying 'thank you for your application,'" she said to CNN affiliate KCPQ. But she says she's never applied for credit from any of those places. Instead, Van Fleet and her attorney Catherine Fleming say they believe her personal data was stolen during the massive Equifax security breach... Fleming has filed a class-action lawsuit against Equifax, saying they were negligent in losing private information on more than 140 million Americans... "Countless people, I mean, I've really, truly lost count, and the stories that like Katie's, the stories I hear are heart-wrenching," Fleming said. But are things about to get worse? Marketwatch reports: It will become harder for consumers to sue their banks or companies like Equifax... The Senate voted Tuesday night to overturn a rule the Consumer Financial Protection Bureau worked on for more than five years. The final version of the rule banned companies from putting "mandatory arbitration clauses" in their contracts, language that prohibits consumers from bringing class-action lawsuits against them. It applies to institutions that sell financial products, including bank accounts and credit cards. Consumer advocates say it's good news for companies like Wells Fargo or Equifax, which have both had class-action lawsuits filed against them, and bad news for their customers... Lisa Gilbert, the vice president of legislative affairs at Public Citizen, a nonprofit based in Washington, D.C., said the Senate vote shouldn't impact cases that are already ongoing. However, there will "certainly" be more forced arbitration clauses in contracts in the future, and fewer cases brought against companies, she said.

Read more of this story at Slashdot.

Portuguese ISP Shows What The Net Looks Like Without Net Neutrality

Slashdot - Your Rights Online - N, 2017-10-29 19:34
"In Portugal, with no net neutrality, internet providers are starting to split the net into packages," argues a California congressman -- retweeting a stunning graphic. An anonymous reader quotes BoingBoing's Cory Doctorow: Since 2006, Net Neutrality activists have been warning that a non-Neutral internet will be an invitation to ISPs to create "plans" where you have to choose which established services you can access, shutting out new entrants to the market and allowing the companies with the deepest pockets to permanently dominate the internet... the Portuguese non-neutral ISP MEO has mistaken a warning for a suggestion, and offers a series of "plans" for its mobile data service where you pay €5 to access a handful of messaging services, €5 more to use social media; and €5 more for video-streaming services. The congressman notes this arrangement offers "a huge advantage for entrenched companies, but it totally ices out startups trying to get in front of people, which stifles innovation."

Read more of this story at Slashdot.