aggregator

Bitcoin Transactions Lead To Arrest of Major Drug Dealer

Slashdot - Your Rights Online - So, 2017-10-07 23:34
"Drug dealer caught because of BitCoin usage," writes Slashdot reader DogDude. TechSpot reports: 38-year-old French national Gal Vallerius stands accused of acting as an administrator, senior moderator, and vendor for dark web marketplace Dream Market, where visitors can purchase anything from heroin to stolen financial data. Upon arriving at Atlanta international airport on August 31, Vallerius was arrested and his laptop searched. U.S. Drug Enforcement Administration agents allegedly discovered $500,000 of Bitcoin and Bitcoin cash on the computer, as well a Tor installation and a PGP encryption key for someone called OxyMonster... In addition to his role with the site, agents had identified OxyMonster as a major seller of Oxycontin and crystal meth. "OxyMonster's vendor profile featured listings for Schedule II controlled substances Oxycontin and Ritalin," testified DEA agent Austin Love. "His profile listed 60 prior sales and five-star reviews from buyers. In addition, his profile stated that he ships from France to anywhere in Europe." Investigators discovered OxyMonster's real identity by tracing outgoing Bitcoin transactions from his tip jar to wallets registered to Vallerius. Agents then checked his Twitter and Instagram accounts, where they found many writing similarities, including regular use of quotation marks, double exclamation marks, and the word "cheers," as well as intermittent French posts. The evidence led to a warrant being issued for Vallerius' arrest. U.S. investigators had been monitoring the site for nearly two years, but got their break when Vallerius flew to the U.S. for a beard-growing competition in Austin, Texas. He now faces a life sentence for conspiracy to distribute controlled substances.

Read more of this story at Slashdot.

White House Chief of Staff's Phone Was Reportedly Hacked Months Ago

Slashdot - Your Rights Online - So, 2017-10-07 03:00
93 Escort Wagon writes: The personal cellphone belonging to Trump's Chief of Staff, John Kelly, may have been compromised, Reuters reports in a story originating from Politico. This may have happened as early as last December. The issue was discovered when Kelly submitted the phone to the White House's tech support crew during the summer, complaining that the phone would not update correctly.

Read more of this story at Slashdot.

Disqus Confirms Over 17.5 Million Email Addresses Were Stolen In 2012 Hack of Its Comments Tool

Slashdot - Your Rights Online - So, 2017-10-07 02:20
Disqus, a company that builds and provides a web-based comment plugin for news websites, said Friday that hackers stole more than 17.5 million email addresses in a data breach in July 2012. "About a third of those accounts contained passwords, salted and hashed using the weak SHA-1 algorithm, which has largely been deprecated in recent years in favor of stronger password scramblers," reports ZDNet. From the report: Some of the exposed user information dates back to 2007. Many of the accounts don't have passwords because they signed up to the commenting tool using a third-party service, like Facebook or Google. The theft was only discovered this week after the database was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned, who then informed Disqus of the breach. The company said in a blog post, posted less than a day after Hunt's private disclosure, that although there was no evidence of unauthorized logins, affected users will be emailed about the breach. Users whose passwords were exposed will have their passwords force-reset. The company warned users who have used their Disqus password on other sites to change the password on those accounts.

Read more of this story at Slashdot.

Sprint, T-Mobile Could Announce a Merger By Month's End

Slashdot - Your Rights Online - So, 2017-10-07 01:00
Last month, it was reported that T-Mobile is close to agreeing tentative terms on a deal to merge with Sprint. Now, it appears that negotiations between the two companies are almost complete. Android Police reports: The report claims that Sprint and T-Mobile are putting the finishing touches on the merger, which will likely be announced at the quarterly earnings report at the end of this month. Some of the current discussion topics include Sprint's valuation (estimated to be around $29 billion), the location of the combined company's headquarters, and appointments to the executive management team. The merge is not expected to include a breakup/termination fee, meaning if one company backed out of the deal, there would be no financial penalty. This would align both companies to lobby government regulators for approval without any conflicts of interest. After AT&T called off its buyout of T-Mobile in 2011 due to government opposition, the company paid a $4 billion breakup fee to T-Mobile, which helped strengthen T-Mobile as a competitor. The report notes that while T-Mobile and Sprint's quarterly earnings reports have not been set, T-Mobile's was on October 24 last year, and Sprint's was the next day.

Read more of this story at Slashdot.

Regulate Facebook Like AIM

Slashdot - Your Rights Online - Pt, 2017-10-06 23:40
New submitter gooddogsgotoheaven shares a report from Motherboard arguing why the U.S. government should regulate Facebook like AIM: Sixteen years ago, the FCC approved a merger between American Online and Time Warner, but with several conditions. As part of the deal, AOL was required to make its web portal compatible with other chat apps. The government stopped AOL from building a closed system where everyone had to use AIM, meaning it had to adopt interoperability -- the ability to be compatible with other computer systems. The FCC required AOL to be compatible with at least one instant messaging rival immediately after the merger went through. Within six months, the FCC required AOL to make its portal compatible with at least two other rivals, or face penalties. The FCC's decision changed how we communicate with each other on the internet. By forcing AIM to make room for competition, a range of messaging apps and services, as well as social networks emerged. Instead of being limited to AIM, people who used AOL's portal could choose other platforms. If Facebook were forced to make room for other services on its platform in the same way AOL made room for other chat apps, new services could emerge. "Facebook has to allow people to access their relationships however they want through other businesses or tools that are not controlled by Facebook," Matt Stoller, a fellow at the Open Markets Institute, said. "Having them control and mediate the structure of those relationships -- that's not right." Of course, people can opt out of Facebook and choose to use other, smaller social networks. But those businesses are essentially unable to thrive because of the hold Facebook has on how we communicate online. All our friends and family are already on Facebook, and because the platform is not regulated to allow competition, it's incredibly difficult for other, newer ones to emerge.

Read more of this story at Slashdot.

US Jobs Dropped By 33,000 In September, Likely Due To Storms

Slashdot - Your Rights Online - Pt, 2017-10-06 16:40
An anonymous reader shares an NPR report: The U.S. economy shed 33,000 jobs in September, according to the latest report from the Bureau of Labor Statistics, while unemployment fell to 4.2 percent. The September payrolls drop broke a nearly 7-year streak of continuous job gains. But economists caution that the drop is likely representing the short-term consequences of bad weather, not a long-term shift in the job market. Before this report, the economy had added an average of about 175,000 jobs per month; the unemployment rate has been at 4.3 or 4.4 percent since April. Job growth in September was expected to be lower than usual because of the effects of several devastating hurricanes. Economists did not generally predict an actual decline, but a not-so-stellar report was widely anticipated.

Read more of this story at Slashdot.

Vice President Pence Vows US Astronauts Will Return To the Moon

Slashdot - Your Rights Online - Pt, 2017-10-06 09:00
Before astronauts go to Mars, they will return to the Moon, Vice President Mike Pence said in a Wall Street Journal op-ed yesterday and in a speech at the National Air and Space Museum today. He touts "humans exploration and discovery" as the new focus of America's space program. This "means establishing a renewed American presence on the moon, a vital strategic goal. And from the foundation of the moon, America will be the first nation to bring mankind to Mars." Engadget reports: There have been two prevailing (and opposing) views when it comes to U.S. endeavors in human spaceflight. One camp maintains that returning to the moon is a mistake. NASA has already been there; it should work hard and set our sights on Mars and beyond. The other feels that Mars is too much of a reach, and that the moon will be easier to achieve in a short time frame. Mars may be a medium-to-long-term goal, but NASA should use the moon as a jumping-off point. It's not surprising that the Trump administration is valuing short-term gains over a longer, more ambitious project. The U.S. will get to Mars eventually, according to Pence, but the moon is where the current focus lies.

Read more of this story at Slashdot.

Uber's iOS App Had Secret Permissions That Allowed It to Copy Your Phone Screen, Researchers Say

Slashdot - Your Rights Online - Pt, 2017-10-06 00:40
To improve functionality between Uber's app and the Apple Watch, Apple allowed Uber to use a powerful tool that could record a user's iPhone screen, even if Uber's app was only running in the background, security researchers told news outlet Gizmodo. From a report: After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app. The screen recording capability comes from what's called an "entitlement" -- a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay. This particular entitlement, however, was intended to improve memory management for the Apple Watch. The entitlement isn't common and would require Apple's explicit permission to use, the researchers explained. Will Strafach, a security researcher and CEO of Sudo Security Group, said he couldn't find any other apps with the entitlement live on the App Store. "It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature," Strafach said. "Considering Uber's past privacy issues I am very curious how they convinced Apple to allow this."

Read more of this story at Slashdot.

Toymaker Mattel Cancels AI Babysitter After Privacy Complaints

Slashdot - Your Rights Online - Cz, 2017-10-05 21:35
An anonymous reader shares a report: Toymaker Mattel has shelved plans to build an "all-in-one voice-controlled smart baby monitor," after complaints about the device were raised by privacy advocates and child psychologists. According to a report from The Washington Post, the company said in a statement that the device, named Aristotle, did not "fully align with Mattel's new technology strategy" and would not be "[brought] to the marketplace." Aristotle was unveiled back in January this year by Mattel's Nabi brand. It combined the smart speaker and digital assistant functionality of Amazon's Echo with a connected camera that acted as a baby monitor. But the Aristotle was intended to be a much more active presence in children's lives than an Echo speaker, with Mattel claiming it would read them bedtime stories, soothe them if they cried in the night, and even teach them their ABCs. A petition asking Mattel not to release the Aristotle gained more than 15,000 signatories.

Read more of this story at Slashdot.

Russian Hackers Exploited Kaspersky Antivirus To Steal NSA Data on US Cyber Defense: WSJ

Slashdot - Your Rights Online - Cz, 2017-10-05 19:35
An NSA contractor brought home highly classified documents that detailed how the U.S. penetrates foreign computer networks and defends against cyberattacks. The contractor used Kaspersky antivirus on his home computer, which hackers working for the Russian government exploited to steal the documents, the WSJ reported on Thursday (the link could be paywalled; alternative source), citing multiple people with knowledge of the matter. From the report: The hackers appear to have targeted the contractor after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said. The theft, which hasn't been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S. The incident occurred in 2015 but wasn't discovered until spring of last year, said the people familiar with the matter. Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said. Ahead of the publication of WSJ report, Kaspersky founder Eugene Kaspersky tweeted, "New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats."

Read more of this story at Slashdot.

Mattel's New Baby Monitor Uses AI To Soothe Babies and Lawmakers Aren't Happy About It

Slashdot - Your Rights Online - Cz, 2017-10-05 15:00
Mattel has a new kid-focused smart hub called Aristotle, which can switch on a night light if it hears a baby crying to soothe the child (Warning: source may be paywalled; alternative source). The device is also designed to keep changing its activities, even to the point where it can help a preteen with homework, learning about the child along the way. Given the privacy concerns, lawmakers are worried that the always-on device could build an "in-depth profile of children and their family." Jezebel reports: The $299 Aristotle is similar in spirit to the Amazon Echo, only the scope of its features is much broader -- and scarier. Last week, Senator Ed Markey and Representative Joe Barton sent a letter to Mattel CEO Margaret Giorgiadis about their issues with the tablet, which tracks things like kids' eating and sleeping habits when they're young, and adapts to answering their questions about long division and sex or whatever as they grow up. According to nabi, the Mattel brand that developed the device, the Aristotle is meant to "provide parents with a platform that simplifies parenting, while helping them nurture, teach, and protect their young ones." Not everyone is on board. But Markey and Barton aren't the only ones squicked by Aristotle's capabilities. Buzzfeed reports that privacy experts, parents and child psychologists are also concerned that the device "encourages babies to form bonds with inanimate objects and use information it collects for targeted advertising," so much so that a petition has been launched to prevent it from going to market.

Read more of this story at Slashdot.

Facebook Fought Rules That Could Have Exposed Fake Russian Ads

Slashdot - Your Rights Online - Cz, 2017-10-05 02:45
According to Bloomberg, Facebook has for years fought to avoid being transparent about who's behind election-related ads online. "Since 2011, Facebook has asked the Federal Election Commission for blanket exemptions from political advertising disclosure rules -- transparency that could have helped it avoid the current crisis over Russia ad spending ahead of the 2016 U.S. election," reports Bloomberg. From the report: Communications law requires traditional media like TV and radio to track and disclose political ad buyers. The rule doesn't apply online, an exemption that's helped Facebook's self-serve advertising business generate hundreds of millions of dollars in political campaign spots. When the company was smaller, the issue was debated in some policy corners of Washington. Now that the social network is such a powerful political tool, with more than 2 billion users, the topic is at the center of a debate about the future of American democracy. Back in 2011, Facebook argued for the exemption for the same reasons as internet search giant Google: its ads are too small and have a character limit, leaving no room for language saying who paid for a campaign, according to documents on the FEC's website. Some FEC commissioners agreed, while others argued that Facebook could provide a clickable web link to get more information about the ad. Facebook wouldn't budge. It warned that FEC proposals for more political ad disclosure could hinder free speech in a 2011 opinion written by Marc Elias, a high-powered Democratic lawyer who later became general counsel for Hillary Clinton's 2016 campaign. Colin Stretch, a top Facebook lawyer, said the agency "should not stand in the way of innovation," and warned that such rules would quickly become obsolete. When it came time for the FEC to decide in June 2011, the agency's six commissioners split on a 3-3 vote. Facebook didn't get its exemption, so an advertiser using its platform was still subject to a 2006 ruling by the FEC requiring disclosure. But the company allowed ads to run without those disclaimers, leaving it up to ad buyers to comply.

Read more of this story at Slashdot.

US Congress Investigates Patent 'Gifts' That Evade Inter Partes Review

Slashdot - Your Rights Online - Cz, 2017-10-05 00:40
AnalogDiehard writes: Congress created the Inter Partes Review (IPR) in 2012 within the U.S. Patent Office Patent Trials and Appeals Board (PTAB) as a faster and cheaper way to challenge and invalidate bad patents. The IPR expense is a fraction of the cost of a multimillion dollar patent court trial; it is loved by patent challengers and hated by patent owners. The pharmaceutical company Allergen has exploited a novel tactic to evade the IPR process: they hand them to a Native American Indian tribe for safekeeping. Under the arrangement, the tribes earn millions in royalties as long as the patents are valid, they license them back to Allergan, and the patents under the tribes' ownership is immune from lawsuits via sovereign immunity. Under the colonial-era concept of "sovereign immunity" which is codified in the 11th amendment, certain groups like states, universities, and tribes are immune from lawsuits, thus the drug patents are shielded from the IPR process leaving only a full blown multimillion dollar court trial for generic drug companies. This tactic is also attracting the attention of non-practicing entities -- the polite term for "patent trolls" -- and one such NPE company has already exploited sovereign immunity with the intention to sue Apple for infringement. But court cases have limited the scope of sovereign immunity (especially for commercial activity), and now Congress is investigating Allergan over the tactic that has Congress not only greatly concerned about competition in the drug industry (and exorbitant prices of pharmaceuticals), but also the questionable use of the sovereign immunity law. The four lawmakers who signed the letter to Allergan state: "The unconventional maneuver has received considerable criticism from the generic competitors challenging the drug's patents under the process Congress created (IPR) to enable timelier review of such challenges (read: a fraction of the cost of a court trial)." The letter also notes that the key ingredient in the patent was set to expire in 2014 and that Allergan had filed more patents to extend patent protection to 2024, a signal that Congress is watching for exploitation of patent law to enable "perpetual patents" widely used by the pharmaceuticals.

Read more of this story at Slashdot.

US Senate Panel Approves Self-Driving Car Legislation

Slashdot - Your Rights Online - Śr, 2017-10-04 23:20
An anonymous reader quotes a report from Reuters: The U.S. Senate Commerce Committee on Wednesday unanimously approved a bill to speed self-driving cars to market without human controls and bar states from imposing regulatory road blocks. The bill still must be approved by the full Senate. The U.S. House passed a similar version last month unanimously. General Motors Co, Alphabet Inc, Ford Motor Co and others have lobbied for the landmark legislation. Despite some complaints from Republicans, the Senate bill does not speed approval of self-driving technology for large commercial trucks after labor unions raised safety and employment concerns. The measure, the first significant federal legislation aimed at speeding self-driving cars to market, would allow automakers to win exemptions from current safety rules that prohibit vehicles without human controls. States could still set rules on registration, licensing, liability, insurance and safety inspections, but not performance standards.

Read more of this story at Slashdot.

Artificial Intelligence Has 'Great Potential, But We Need To Steer Carefully,' LinkedIn Co-founder Says

Slashdot - Your Rights Online - Śr, 2017-10-04 22:40
LinkedIn co-founder Reid Hoffman joined other tech moguls in voicing concern about artificial intelligence on Wednesday. From a report: "It has great potential, but we need to steer carefully," Hoffman said on Halftime Report. Hoffman stressed corporate transparency when asked what happens if companies use AI to attack nation-states. The possibility of manipulating how people consume information remains an unanswered question. During last year's U.S. presidential election, Facebook advertisements linked to Russia mainly focused on the states of Michigan and Wisconsin, and Hoffman says information battles are "in the very early days." AI must be improved, Hoffman says, to "[hold] corporations accountable" when nation-states are using the technology to attack. "Corporations normally deal with other corporations, not with governments," Hoffman said. The "ultimate" solution, he says, is "having more kinds of functions and features within AI that show abhorrent patterns." That way patterns raise a red flag for humans to investigate, Hoffman noted.

Read more of this story at Slashdot.

IRS Awards $7 Million Fraud Prevention Contract To Equifax

Slashdot - Your Rights Online - Śr, 2017-10-04 15:00
An anonymous reader quotes a report from Politico: The IRS will pay Equifax $7.25 million to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week, even as lawmakers lash the embattled company about a massive security breach that exposed personal information of as many as 145.5 million Americans. A contract award for Equifax's data services was posted to the Federal Business Opportunities database Sept. 30 -- the final day of the fiscal year. The credit agency will "verify taxpayer identity" and "assist in ongoing identity verification and validations" at the IRS, according to the award. The notice describes the contract as a "sole source order," meaning Equifax is the only company deemed capable of providing the service. It says the order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract. Lawmakers on both sides of the aisle blasted the IRS decision.

Read more of this story at Slashdot.

Judge Blasts Waymo V. Uber Lawyers, Delays Trial Until December

Slashdot - Your Rights Online - Śr, 2017-10-04 05:30
An anonymous reader quotes a report from Ars Technica: The federal judge presiding in the Waymo v. Uber lawsuit has delayed trial for another two months after castigating lawyers on both sides of the case for being dishonest and telling "half-truths." "I'm going to give you a schedule, and we're not going to argue about it," U.S. District Judge William Alsup said after a one-hour hearing today. "We're going to pick the jury on November 29. We will start the trial on December 4, and it will run until December 20." The trial will decide whether Uber has misappropriated trade secrets from Waymo, Google's self-driving car spinoff. Over the course of a 90-minute hearing today, the two sides had a heated dispute over what documents were produced and when depositions happened. Waymo lawyer Charles Verhoeven said that tens of thousands of documents were only handed over after the U.S. Court of Appeals for the Federal Circuit recently ruled that Uber must hand over the "due diligence" report produced by Stroz Friedberg. "To say that this volume is surprising is an understatement," said Verhoeven. "It's shocking. It's unbelievable."

Read more of this story at Slashdot.

US Studying Ways To End Use of Social Security Numbers For ID

Slashdot - Your Rights Online - Śr, 2017-10-04 03:25
wiredmikey quotes a report from Security Week: U.S. officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans, Rob Joyce, the White House cybersecurity coordinator, said Tuesday. Joyce told a forum at the Washington Post that officials were studying ways to use "modern cryptographic identifiers" to replace social security numbers. "I feel very strongly that the social security number has outlived its usefulness," Joyce said. "It's a flawed system." For years, social security numbers have been used by Americans to open bank accounts or establish their identity when applying for credit. But stolen social security numbers can be used by criminals to open bogus accounts or for other types of identity theft. Joyce said the administration has asked officials from several agencies to come up with ideas for "a better system" which may involve cryptography. This may involve "a public and private key" including "something that could be revoked if it has been compromised," Joyce added.

Read more of this story at Slashdot.

Former Equifax CEO Blames Breach On One Individual Who Failed To Deploy Patch

Slashdot - Your Rights Online - Śr, 2017-10-04 00:40
Equifax's recently departed CEO is blaming the largest data breach in history on a single person who failed to deploy a patch. TechCrunch reports: Hackers exposed the Social Security numbers, drivers licenses and other sensitive info of 143 million Americans earlier this summer by exploiting a vulnerability in Apache's Struts software, according to testimony heard today from former CEO Richard Smith. However, a patch for that vulnerability had been available for months before the breach occurred. Now several top Equifax execs are being taken to task for failing to protect the information of millions of U.S. citizens. In a live stream before the Digital Commerce and Consumer Protection subcommittee of the House Energy and Commerce committee, Smith testified the Struts vulnerability had been discussed when it was first announced by CERT on March 8th. Smith said when he started with Equifax 12 years ago there was no one in cybersecurity. The company has poured a quarter of a billion dollars into cybersecurity in the last three years and today boasts a 225 person team. However, Smith had an interesting explainer for how this easy fix slipped by 225 people's notice -- one person didn't do their job. "The human error was that the individual who's responsible for communicating in the organization to apply the patch, did not," Smith, who did not name this individual, told the committee.

Read more of this story at Slashdot.

Yahoo Triples Estimate of Breached Accounts To 3 Billion

Slashdot - Your Rights Online - Wt, 2017-10-03 23:20
An anonymous reader shares a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): A massive data breach at Yahoo in 2013 was far more extensive than previously disclosed, affecting all of its 3 billion user accounts, new parent company Verizon Communications Inc. said on Tuesday. The figure, which Verizon said was based on new information, is three times the 1 billion accounts Yahoo said were affected when it first disclosed the breach in December 2016. The new disclosure, four months after Verizon completed its acquisition of Yahoo, shows that executives are still coming to grips with the extent of the security problem in what was already the largest hacking incident in history by number of users. A spokesman for Oath, the new name of Verizon's Yahoo unit, said the company determined last week that the break-in was much worse than thought, after it received new information from outside the company. He declined to elaborate on the source of that information. Compromised customer information included usernames, passwords, and in some cases telephone numbers and dates of birth, the spokesman said.

Read more of this story at Slashdot.