aggregator

How One Man Lost His Life Savings in a SIM Hack

Slashdot - Your Rights Online - N, 2020-03-15 00:11
Long-time Slashdot reader smooth wombat quotes CNN: Robert Ross was sitting in his San Francisco home office in October 2018 when he noticed the bars on his phone had disappeared and he had no cell coverage. A few hours later, he had lost $1 million⦠"I was at home at my desk and I noticed a notification on my iPhone for a withdrawal request from one of my financial institutions, and I thought, 'That's weird. I didn't make a withdrawal request,'" Ross recalled. "Then I looked back at my phone and I saw that I had no service...." Ross was the victim of a SIM hack, an attack that occurs when hackers take over a victim's phone number by transferring it to a SIM card they control. By taking over his cellphone number, a hacker was able to gain access to his email address and ultimately his life-savings, Ross said in an interview with CNN Business... An arrest was made in Ross' case, and the suspect has pleaded not guilty... He is suing AT&T for what he alleges was a failure by the company to protect his "sensitive and confidential account data" that resulted in "massive violations" of his privacy and "the theft of more than $1 million," according to the lawsuit.

Read more of this story at Slashdot.

Group Builds Massive New Library of Censored Articles Inside Minecraft

Slashdot - Your Rights Online - So, 2020-03-14 21:34
In countries where websites, blogs and a free press are strictly limited, Minecraft "is still accessible by everyone," notes the official official web site for Reporters Without Borders (an international nonprofit defending freedom of information): Reporters Without Borders used this backdoor to build "The Uncensored Library": A library that is now accessible on an open server for Minecraft players around the globe. The library is filled with books, containing articles that were censored in their country of origin. These articles are now available again within Minecraft hidden from government surveillance technology inside a computer game. The books can be read by everyone on the server, but their content cannot be changed. The library is growing, with more and more books being added to overcome censorship. On March 12 — the World Day Against Cyber Censorship — the Uncensored Library will open its doors, giving young people around the world access to independent information, through a medium they can playfully interact with. The campaign runs under the hashtag: #TruthFindsAWay... Additional to banned articles from journalists, visitors of The Uncensored Library can find the Reporters Sans Frontières World Press Freedom Index and reports on the current press freedom situation of 180 countries in the world. They spent three months working with the design studio BlockWorks to assemble 12.5 million blocks into a vast structure with a neoclassical architecture. You can see it in a short film at uncensoredlibrary.com, or access it in Minecraft at visit.uncensoredlibrary.com

Read more of this story at Slashdot.

900 Million Secrets From 8 Years of 'Whisper' App Were Left Exposed Online

Slashdot - Your Rights Online - So, 2020-03-14 18:34
Long-time Slashdot reader AmiMoJo shares a startling report from the Washington Post: Whisper, the secret-sharing app that called itself the "safest place on the Internet," left years of users' most intimate confessions exposed on the Web tied to their age, location and other details, raising alarm among cybersecurity researchers that users could have been unmasked or blackmailed. The data exposure, discovered by independent researchers and shown to The Washington Post, allowed anyone to access all of the location data and other information tied to anonymous "whispers" posted to the popular social app, which has claimed hundreds of millions of users. The records were viewable on a non-password-protected database open to the public Web. A Post reporter was able to freely browse and search through the records, many of which involved children: A search of users who had listed their age as 15 returned 1.3 million results. The cybersecurity consultants Matthew Porter and Dan Ehrlich, who lead the advisory group Twelve Security, said they were able to access nearly 900 million user records from the app's release in 2012 to the present day. The researchers alerted federal law-enforcement officials and the company to the exposure. Shortly after researchers and The Post contacted the company on Monday, access to the data was removed.

Read more of this story at Slashdot.

Should Google Notify Web Sites About Right-to-Be-Forgotten Requests?

Slashdot - Your Rights Online - So, 2020-03-14 17:34
An anonymous reader quotes VentureBeat: Sweden's Data Protection Authority (DPA) has slapped Google with a 75 million kronor ($8 million) fine for "failure to comply" with Europe's General Data Protection Regulation (GDPR) after the internet giant reportedly failed to adequately remove search result links under right-to-be-forgotten requests. In a notable twist, the DPA also demanded that Google refrain from informing website operators their URLs will be de-indexed... Rather than asking website operators to remove a web page, Google — and other search engines — are required to hide the page from European search results. Since the ruling took effect, Google has received millions of de-indexing requests, though it reports that fewer than 45% have been fulfilled... The crux of the Swedish DPA's complaint is that Google did not "properly remove" two search result listings after it was instructed to do so back in 2017. "In one of the cases, Google has done a too narrow interpretation of what web addresses needed to be removed from the search result listing," the DPA wrote in its statement. "In the second case, Google has failed to remove the search result listing without undue delay." But inadequate and tardy removals are only part of the issue, according to Sweden's DPA, which also argues that Google should keep website operators in the dark about removal requests... If Google's latest fine is upheld — the company has three weeks to appeal — it would rank among the seven largest GDPR penalties of all time. Google confirmed to VentureBeat that it does indeed intend to file an appeal. "We disagree with this decision on principle and plan to appeal," the spokesperson said.

Read more of this story at Slashdot.

Responding to Coronavirus Pandemic, Trump Eliminates Interest on US Students Loans

Slashdot - Your Rights Online - So, 2020-03-14 09:00
An anonymous reader quotes Politico: President Donald Trump on Friday said that he would eliminate the interest on federal student loans "until further notice" as part of a package of emergency executive actions designed to address the economic fallout from the coronavirus pandemic... The unprecedented move will provide relief to the more than 42 million Americans who owe more than $1.5 trillion in outstanding federal student loans... It's not clear how much money the interest waiver will save borrowers, but it could be billions of dollars, depending on how long the Trump administration keeps the policy in place. In fiscal 2019 alone, the Education Department reported that it charged more than $100 billion in interest on all federal student loans... The Education Department on Friday was still determining the mechanics of how to carry out Trump's announcement.

Read more of this story at Slashdot.

Pentagon 'Wishes To Reconsider' $10 Billion JEDI Contract Given To Microsoft

Slashdot - Your Rights Online - Pt, 2020-03-13 22:50
An anonymous reader quotes a report from CNN Business: The U.S. Department of Defense on Thursday said it wishes to re-evaluate its decision to award the Pentagon's multibillion-dollar cloud contract with Microsoft, signaling a potential victory for Amazon in its protest of the award. The department "wishes to reconsider its award decision in response to the other technical challenges presented by AWS," it said in a court filing, referring to Amazon Web Services. The agency said it does not anticipate needing to discuss the matter with either AWS or Microsoft. The contract -- called Joint Enterprise Defense Infrastructure, or JEDI -- involves providing cloud storage of sensitive military data and technology, such as artificial intelligence, to the Department of Defense, and could result in revenue of up to $10 billion over 10 years. Amazon Web Services lost the contract to Microsoft's Azure cloud business in October, a decision that surprised many industry experts given Amazon's leadership in the industry. Amazon filed a suit with the U.S. Court of Federal Claims contesting the decision, arguing that it was politically motivated by President Donald Trump's dislike of Amazon CEO Jeff Bezos and the Washington Post, which Bezos owns. "We look forward to complete, fair, and effective corrective action that fully insulates the re-evaluation from political influence and corrects the many issues affecting the initial flawed award," Amazon Web Services said in a statement. Microsoft, meanwhile, said it supports the "decision to reconsider a small number of factors as it is likely the fastest way to resolve all issues and quickly provide the needed modern technology to people across our armed forces."

Read more of this story at Slashdot.

ProtonMail Could Reroute Connections Through Google To Circumvent Censorship

Slashdot - Your Rights Online - Pt, 2020-03-13 20:48
Proton Technologies, the company behind encrypted email provider ProtonMail, has announced plans to circumvent censorship by routing connections to its servers through third-party infrastructure, which may include Google -- a company that ProtonMail has long been critical of over its privacy practices. From a report: Proton, which was founded out of Switzerland in 2013 by academic researchers working on particle physics projects at CERN, promises ProtonMail users full privacy via client-side encryption, meaning that nobody can intercept and read their emails -- it has frequently positioned itself as the antithesis of Gmail, which serves as a vital cog in Google's advertising wheel. ProtonMail, on the other hand, has emerged as a prominent privacy-focused alternative, used by companies and individuals -- including White House staffers and activists -- wishing to sidestep snoopers. Thus, ProtonMail has faced its fair share of censorship, with the likes of Turkey, Belarus, and Russia all blocking the service in recent times. This is something that Proton is now pushing harder to counter with its new backup solution. The new tool, which will be deployed over the next few weeks in the ProtonMail desktop and mobile apps, is designed to sidestep any blocks imposed by network administrators, internet service providers (ISPs), or governments.

Read more of this story at Slashdot.

Senate Bill Seeks To Ban Chinese App TikTok From Government Work Phones

Slashdot - Your Rights Online - Pt, 2020-03-13 03:30
On Thursday, Sen. Josh Hawley (R-MO) and Sen. Rick Scott (R-FL) introduced legislation to further restrict the use of the popular viral video app TikTok on government devices. TechCrunch reports: The bill seeks to expand existing federal guidance prohibiting use of TikTok to encompass any U.S. government-issued device. The legislation is the most recent effort by U.S. lawmakers to limit Chinese-built tech software, devices and components for fear that those products have the potential to be leveraged by the Chinese government. While other Asia-based social apps have struggled to gain a global foothold, TikTok quickly amassed more than a billion users worldwide and became a household name alongside American social media stalwarts like Facebook and YouTube. The app is owned by Beijing-based tech startup ByteDance. Growth does appear to be slowing for ByteDance, but the app's ubiquity raises alarms among China hawks like Hawley, who warns that the app could be compelled to share data with the Chinese government. In a release with the bill's text, Sen. Scott called TikTok a "risk to our networks and a threat to our national security." "As many of our federal agencies have already recognized, TikTok is a major security risk to the United States, and it has no place on government devices," Hawley said.

Read more of this story at Slashdot.

Firefox 74 Slams Facebook In Solitary Confinement: Browser Add-On Stops Social Network Stalking Users Across the Web

Slashdot - Your Rights Online - Pt, 2020-03-13 00:10
Tim Anderson reporting via The Register: The first thing users will see after updating to Mozilla's latest browser, Firefox 74, is a prompt to install the Facebook Container add-on. The Facebook Container add-on is not new, but has been enhanced in its latest version, 2.1.0, with the ability to add custom sites to the container so that you can "login with Facebook wherever you need to." The purpose of the Facebook Container is to let you continue to use Facebook but without having the social network site track your browsing elsewhere. "Installing this extension closes your Facebook tabs, deletes your Facebook cookies, and logs you out of Facebook," say the docs. When you visit Facebook and log in, the cookies it plants are isolated to the container. This prevents Facebook Like buttons and embedded comments from working on other sites. There is also an issue with sites that require or offer a Facebook login, which you can now overcome by adding those sites to the container. Sites are added by clicking a fence icon and selecting "Allow site in Facebook container." The effect is like having two web browsers, one in which you are logged into Facebook and subject to potential tracking on any site which has Facebook content, and another where Facebook has no knowledge of you.

Read more of this story at Slashdot.

Comcast Accidentally Published 200,000 'Unlisted' Phone Numbers

Slashdot - Your Rights Online - Cz, 2020-03-12 21:30
An anonymous reader quotes a report from Ars Technica: Comcast mistakenly published the names, phone numbers, and addresses of nearly 200,000 customers who paid monthly fees to make their numbers unlisted. The names and numbers were made available on Ecolisting, a directory run by Comcast, and picked up by third-party directories. After discovering the mistake, Comcast shut Ecolisting down, gave $100 credits to affected customers, and advised them that they can change their phone numbers at no charge. This is similar to a mistake in the early 2010s that resulted in Comcast paying a $33 million settlement in 2015. The Denver Post reported last week: "For years, customers have had the ability to pay a small sum per month to ensure their phone numbers and personal information remain off of telephone and online directories. But in January and February, thousands of people across the country received letters from Xfinity telling them the company had inadvertently published personal information on Comcast's online directory, Ecolisting.com. The issue affected 2 percent of Comcast's 9.9 million voice customers, the company said." In a statement to Ars, Comcast said, "We have corrected this issue for our identified customers, apologized to them for this error, and given them an additional $100 credit. We are working with our customers directly to address this issue and help make it right, and are taking steps to prevent this from happening again." Comcast also warned that "this information could be available on online directories or through other public sources that Comcast does not control." If that's the case, the company advises contacting those online directories directly and/or changing your Xfinity Voice telephone number.

Read more of this story at Slashdot.

White House Told Federal Health Agency To Classify Coronavirus Deliberations

Slashdot - Your Rights Online - Cz, 2020-03-12 20:50
The White House has ordered federal health officials to treat top-level coronavirus meetings as classified, an unusual step that has restricted information and hampered the U.S. government's response to the contagion, Reuters is reporting, citing four Trump administration officials. From the report: The officials said that dozens of classified discussions about such topics as the scope of infections, quarantines and travel restrictions have been held since mid-January in a high-security meeting room at the Department of Health & Human Services (HHS), a key player in the fight against the coronavirus. Staffers without security clearances, including government experts, were excluded from the interagency meetings, which included video conference calls, the sources said. "We had some very critical people who did not have security clearances who could not go," one official said. "These should not be classified meetings. It was unnecessary." The sources said the National Security Council (NSC), which advises the president on security issues, ordered the classification. "This came directly from the White House," one official said.

Read more of this story at Slashdot.

IBM Takes Airbnb To Court Over Historic Patents

Slashdot - Your Rights Online - Cz, 2020-03-12 19:30
IBM is taking Airbnb to court over what it claims is the illegal use of four patents -- the latest in a string of suits against online companies involving historic and arguably broad innovations -- in a move that threatens to cast a shadow over the short-term rental company's road to a proposed IPO. From a report: The computing giant has accused Airbnb of "building its business" by using patents relating to functions such as "presenting advertising in an interactive service" and "improved navigation using bookmarks." "After almost six years of unsuccessful discussions with Airbnb to reach a fair and reasonable patent licence agreement, we had no alternative but to file legal action to protect our intellectual property rights," IBM said. "Airbnb has chosen to ignore our patents and use our technology without compensation."

Read more of this story at Slashdot.

ACLU Sues Homeland Security Over Airport Face Recognition Program Secrecy

Slashdot - Your Rights Online - Cz, 2020-03-12 18:56
A leading civil liberties group is suing Homeland Security, claiming the agency is keeping the details of its airport face recognition program secret, which it says raises "profound civil liberties concerns." From a report: The American Civil Liberties Union filed the lawsuit in a New York federal court on Thursday, demanding that the agency turns over records to understand the scope of its airport face recognition system. The group wants to know who Homeland Security works with -- including private companies and airlines -- as well as internal policies and guidance on how the system is used. The face recognition system is part of a recent government initiative to scan the faces of travelers both arriving and departing the United States. Homeland Security claims the system will help crack down on immigration violations, such as visitors overstaying their visas. Although U.S. citizens can opt-out of having their faces scanned, it's not always openly advertised. Already more than a dozen U.S. airports have already rolled out the face scanning technology, with many more to go before the U.S. government hits its target of enrolling the largest 20 airports in the country by 2021.

Read more of this story at Slashdot.

Coronavirus: Trump Suspends Travel From Europe To US

Slashdot - Your Rights Online - Cz, 2020-03-12 04:10
President Trump announced he will restrict travel from Europe to the U.S. for the next 30 days in a bid to combat the spread of the coronavirus. The "strong but necessary" restrictions will not apply to the UK, where 460 cases of the virus have now been confirmed. "To keep new cases from entering our shores, we will be suspending all travel from Europe to the United States," Mr Trump said in a televised speech from the Oval Office. "The new rules will go into effect Friday at midnight," he added. The BBC reports: Mr Trump also announced plans to provide billions of dollars in loans to small businesses, in an attempt to stymie the effect of the coronavirus outbreak on the US economy. He also urged Congress to pass major tax relief measures as part of an "aggressive and comprehensive effort" to combat the virus. "We are marshalling the full power of the federal government and the private sector to protect the American people," he said. Earlier today, the World Health Organization announced that the COVID-19 virus is now officially a pandemic. Globally, the virus has swept into at least 114 countries and killed more than 4,000 people. There are 1,135 confirmed cases of the virus across the U.S., with 38 deaths. UPDATE 2:22 AM UTC: Tom Hanks and his wife Rita Wilson have tested positive for the coronavirus. Also, the NBA announced it has suspended its season "until further notice" after a player on the Utah Jazz tested positive for the virus.

Read more of this story at Slashdot.

India Used Facial Recognition Tech To Identify 1,100 Individuals at a Recent Riot

Slashdot - Your Rights Online - Śr, 2020-03-11 20:05
Law enforcement agencies in India used facial recognition to identify more than 1,100 individuals who took part in communal violence in the national capital last month, a top minister said in the lower house of the parliament on Wednesday. From a report: In what is the first admission of its kind in the country, Amit Shah, India's home minister, said the law enforcement agencies deployed a facial recognition system, and fed it with images from government-issued identity cards, including 12-digit Aadhaar that has been issued to more than a billion Indians and driving licenses, "among other databases," to identify alleged culprits in the communal violence in northeast Delhi on February 25 and 26. "This is a software. It does not see faith. It does not see clothes. It only sees the face and through the face the person is caught," said Shah, responding to an individual who had urged New Delhi to not drag innocent people into the facial surveillance. The admission further demonstrates how the Indian government has rushed to deploy facial recognition technology in the absence of regulation overseeing its usage. Critics have urged the government to hold consultations and formulate a law before deploying the technology.

Read more of this story at Slashdot.

European Lawmakers Propose a 'Right To Repair' For Mobiles and Laptops

Slashdot - Your Rights Online - Śr, 2020-03-11 18:05
The European Commission has set out a plan to move towards a 'right to repair' for electronics devices, such as mobile phones, tablets and laptops. From a report: More generally it wants to restrict single-use products, tackle "premature obsolescence" and ban the destruction of unsold durable goods -- in order to make sustainable products the norm. The proposals are part of a circular economy action plan that's intended to deliver on a Commission pledge to transition the bloc to carbon neutrality by 2050. By extending the lifespan of products, via measures which target design and production to encourage repair, reuse and recycling, the policy push aims to reduce resource use and shrink the environmental impact of buying and selling stuff. The Commission also wants to arm EU consumers with reliable information about reparability and durability -- to empower them to make greener product choices.

Read more of this story at Slashdot.

Surveillance Company Banjo Used a Secret Company and Fake Apps To Scrape Social Media

Slashdot - Your Rights Online - Śr, 2020-03-11 15:00
An anonymous reader quotes a report from Motherboard: Banjo, an artificial intelligence firm that works with police used a shadow company to create an array of Android and iOS apps that looked innocuous but were specifically designed to secretly scrape social media, Motherboard has learned. The news signifies an abuse of data by a government contractor, with Banjo going far beyond what companies which scrape social networks usually do. Banjo created a secret company named Pink Unicorn Labs, according to three former Banjo employees, with two of them adding that the company developed the apps. This was done to avoid detection by social networks, two of the former employees said. Three of the apps created by Pink Unicorn Labs were called "One Direction Fan App," "EDM Fan App," and "Formula Racing App." Motherboard found these three apps on archive sites and downloaded and analyzed them, as did an independent expert. The apps -- which appear to have been originally compiled in 2015 and were on the Play Store until 2016 according to Google -- outwardly had no connection to Banjo, but an analysis of its code indicates connections to the company. This aspect of Banjo's operation has some similarities with the Cambridge Analytica scandal, with multiple sources comparing the two incidents. [...] The company has not publicly explained how it specifically scrapes social media apps. Motherboard found the apps developed by Pink Unicorn Labs included code mentioning signing into Facebook, Twitter, Instagram, Russian social media app VK, FourSquare, Google Plus, and Chinese social network Sina Weibo. The apps could have scraped social media "by sending the saved login token to a server for Banjo to use later, or by using the app itself to scrape information," reports Motherboard, noting that it's not entirely clear which method Banjo used. "Motherboard found that the apps when opened made web requests to the domain 'pulapi.com,' likely referring to Pink Unicorn Labs, but the site that would provide a response to the app is currently down." Last weekend, Motherboard reported that Banjo signed a $20.7 million contract with Utah in 2019 that granted the company access to the state's traffic, CCTV, and public safety cameras. "Banjo promises to combine that input with a range of other data such as satellites and social media posts to create a system that it claims alerts law enforcement of crimes or events in real-time."

Read more of this story at Slashdot.

Judge: Amazon 'Likely To Succeed' on Key Issue in Pentagon Lawsuit

Slashdot - Your Rights Online - Wt, 2020-03-10 20:41
A federal judge said in court documents that Amazon's protest lawsuit over rival Microsoft being awarded a highly lucrative defense project was "likely to succeed on the merits" of one of its main arguments. From a report: In October, Microsoft was awarded the Pentagon's Joint Enterprise Defense Infrastructure (JEDI) cloud computing contract after the Trump administration and other lawmakers intervened on the tech giant's behalf. The document provides some insight into how U.S. Court of Federal Claims Judge Patricia Campbell-Smith might rule on the case. To the chagrin of Microsoft and the Department of Defense, Campbell-Smith last month halted production on the JEDI cloud system, saying in her decision that the Pentagon erred in how it evaluated prices for competing proposals from the two tech companies.

Read more of this story at Slashdot.

Spying Concerns Raised Over Iran's Official COVID-19 Detection App

Slashdot - Your Rights Online - Wt, 2020-03-10 16:01
Catalin Cimpanu, reporting for ZDNet: Google has removed an Android app from the official Play Store that was developed by the Iranian government to test and keep track of COVID-19 (coronavirus) infections. Before being removed from the Play Store, controversy surrounded the app, and several users accused the Iranian government of using the COVID-19 scare to trick citizens into installing the app and then collecting phone numbers and real-time geo-location data. In hindsight of accusations, ZDNet has asked Lukas Stefanko, an Android malware researcher at ESET, to review the app for any malicious or spyware-like behavior. "Based on the analysis of the app's APK, the app is not a malicious Trojan or spyware," Stefanko told ZDNet earlier this week. A Google spokesperson did not respond to a request for comment on the reasons the app was removed; however, sources familiar with Play Store policies told ZDNet that the app was most likely taken down because of its misleading claims -- namely that it could detect COVID-19 infections, something that is impossible through an app.

Read more of this story at Slashdot.

Popular VPN and Ad-Blocking Apps Are Secretly Harvesting User Data

Slashdot - Your Rights Online - Wt, 2020-03-10 15:00
An anonymous reader quotes a report from BuzzFeed News: Sensor Tower, a popular analytics platform for tech developers and investors, has been secretly collecting data from millions of people who have installed popular VPN and ad-blocking apps for Android and iOS, a BuzzFeed News investigation has found. These apps, which don't disclose their connection to the company or reveal that they feed user data to Sensor Tower's products, have more than 35 million downloads. Since 2015, Sensor Tower has owned at least 20 Android and iOS apps. Four of these -- Free and Unlimited VPN, Luna VPN, Mobile Data, and Adblock Focus -- were recently available in the Google Play store. Adblock Focus and Luna VPN were in Apple's App Store. Apple removed Adblock Focus and Google removed Mobile Data after being contacted by BuzzFeed News. The companies said they continue to investigate. Once installed, Sensor Tower's apps prompt users to install a root certificate, a small file that lets its issuer access all traffic and data passing through a phone. The company told BuzzFeed News it only collects anonymized usage and analytics data, which is integrated into its products. Sensor Tower's app intelligence platform is used by developers, venture capitalists, publishers, and others to track the popularity, usage trends, and revenue of apps. Randy Nelson, Sensor Tower's head of mobile insights, said the company's apps do not collect sensitive data or personally identifiable information and that "the vast majority of these apps listed are now defunct (inactive) and a few are in the process of sunsetting." But, as BuzzFeed points out, most of the apps are no longer available "because they were removed due to policy violations."

Read more of this story at Slashdot.