aggregator

Qualcomm Says Apple Broke Contract, Hindered Performance of Its Chipsets

Slashdot - Your Rights Online - Wt, 2017-04-11 19:20
Qualcomm has filed a 139-page rebuttal of a lawsuit lodged by Apple in January in which the US chipmaker counterclaimed that the iPhone giant was "misrepresenting facts and making false statements." From a report on ArsTechnica: It alleged that Apple had "breached" and "mischaracterized" deals it had in place with Qualcomm and accused the Tim Cook-run firm of interfering with the chipmaker's "long-standing agreements" with iPhone and iPad manufacturers, such as Foxconn. In a statement, Qualcomm said, "Apple effectively chose to limit the performance of the Qualcomm-based iPhones by not taking advantage of the full potential speed of which Qualcomm's modems are capable. Apple's actions were intended to prevent consumers from realizing that iPhones containing Qualcomm chipsets performed far better than iPhones containing chipsets supplied by Intel."

Read more of this story at Slashdot.

Sorry America, Your Taxes Aren't High

Slashdot - Your Rights Online - Wt, 2017-04-11 18:40
Americans generally feel they're being over-taxed, especially around this time of the year. But is that really true? An article on Bloomberg investigates: The Organization for Economic Cooperation and Development analyzed how 35 countries tax wage-earners, making it possible to compare tax burdens across the world's biggest economies. Each year, the OECD measures what it calls the "tax wedge," the gap between what a worker gets paid and what they actually spend or save. Included are income taxes, payroll taxes, and any tax credits or rebates that supplement worker income. Excluded are the countless other ways that governments levy taxes, such as sales and value-added taxes, property taxes, and taxes on investment income and gains. Guess who came out at the top of the list? No. Not the U.S. At the top are Belgium and France, while workers in Chile and New Zealand are taxed the least. America is in the bottom third.

Read more of this story at Slashdot.

Google Schools US Government About Gender Pay Gap

Slashdot - Your Rights Online - Wt, 2017-04-11 16:00
Google wants the US government to know that it takes gender pay equity very seriously -- and is baffled by the contention that a gap exists at the tech giant. From a report: In responding to allegations lodged by the US Department of Labor that Google systematically pays its female employees less than it pays men, the search giant said in a blog post that employee gender doesn't factor into compensation decisions. Google described the process that it arrives at suggested compensation as "extremely scientific and robust," relying on the employee's role, job level and location, as well as recent performance ratings. What isn't considered in determining pay is whether the employee is male or female -- that information is masked out to those making the compensation decisions, Eileen Naughton, Google vice president for People Operations, explained in the post late Tuesday. "The analysts who calculate the suggested amounts do not have access to employees' gender data," Naughton wrote. "An employee's manager has limited discretion to adjust the suggested amount, providing they cite a legitimate adjustment rationale.

Read more of this story at Slashdot.

DMCA 'Safe Harbor' Up In the Air For Online Sites That Use Moderators

Slashdot - Your Rights Online - Wt, 2017-04-11 02:05
"The Digital Millennium Copyright Act's so-called 'safe harbor' defense to infringement is under fire from a paparazzi photo agency," reports Ars Technica. "A new court ruling says the defense may not always be available to websites that host content submitted by third parties." The safe harbor provision "allow[s] websites to be free from legal liability for infringing content posted by their users -- so long as the website timely removes that content at the request of the rights holder," explains Ars. From the report: [A] San Francisco-based federal appeals court is ruling that, if a website uses moderators to review content posted by third parties, the safe harbor privilege may not apply. That's according to a Friday decision in a dispute brought by Mavrix Photographs against LiveJournal, which hosts the popular celebrity fan forum "Oh No they Didn't." The site hosted Mavrix-owned photos of Beyonce Knowles, Katy Perry, and other stars without authorization. LiveJournal claimed it was immune from copyright liability because it removed the photos. Mavrix claimed that the site's use of voluntary moderators removed the safe-harbor provision. The 9th U.S. Circuit Court of Appeals sided with Mavrix to a degree, but the court wants to know how much influence the moderators had on what was and was not published. With that, the court sent the case back to a lower court in Los Angeles to figure that out, perhaps in a trial. The highly nuanced decision overturned a lower court ruling that said LiveJournal was protected by safe harbor. The lower court said LiveJournal does not solicit any specific infringing material from its users or edit the content of its users' posts.

Read more of this story at Slashdot.

Americans Support Letting Cities Build Their Own Broadband Networks, Pew Finds

Slashdot - Your Rights Online - Wt, 2017-04-11 01:20
An anonymous reader quotes a report from The Verge: Most Americans want to let local governments build out internet service if the internet providers in their area aren't any good, according to the Pew Research Center. In a phone survey of over 4,000 people last month, Pew found that 70 percent of respondents agreed that local governments should have the power to start their own high-speed networks if current offerings are "too expensive or not good enough." The results show an overwhelming support for municipal broadband -- networks that are at least somewhat run by local governments -- at a time when encouraging broadband buildout is a top federal priority. But despite the support, in much of the US, building out municipal networks just isn't possible. More than 20 states have passed laws banning local governments from starting their own broadband service, largely at the behest of internet providers that want to avoid competition at all cost. Though Pew's survey found some positive results for municipal broadband, it found less support for broadband subsidies for low-income homes. Under half of all Americans, 44 percent, said they supported subsidies, while nearly everyone else surveyed said they felt internet service "is affordable enough" that most households should be able to pay for it. (At the same time, nearly half of all people surveyed said they didn't know what speed of internet they received.)

Read more of this story at Slashdot.

Thousands of Fake Google Maps Listings Redirect Users To Fraudulent Sites

Slashdot - Your Rights Online - Wt, 2017-04-11 00:20
An anonymous reader quotes a report from BleepingComputer: Tens of thousands of fake listings are added to Google Maps each month, redirecting users to fraudulent websites selling phony or overpriced services, or are part of some referral scam. Researchers say that 74% of these abusive listings were for local businesses in the U.S. and India, mainly in pockets around certain local hotspots, especially in large metropolitan areas such as New York, Chicago, Houston, or Los Angeles. In most cases, the scheme was simple. A customer in need of a locksmith or electrician would search Google Maps for a local company. If he navigated to the website of a fake business or called its number, a call center operator posing as the business' representative would send over an unaccredited contractor that would charge much more than regular professionals. If a customer's situation were urgent, the contractor would often charge more than the initial agreed upon price. Researchers said that 40.3% of all the listings for fake companies they found focused on on-call services, such as locksmiths, plumbers, and electricians, and were for customers who were desperate to resolve issues. Further, overall, operators of fake listings managed to hijack 0.5% of Google Maps' outbound traffic for the studied period.

Read more of this story at Slashdot.

FCC Kills Plan To Allow Mobile Phone Conversations On Flights

Slashdot - Your Rights Online - Pn, 2017-04-10 23:20
An anonymous reader quotes a report from PCWorld: On Monday, the U.S. Federal Communications Commission killed a plan to allow mobile phone calls during commercial airline flights. Since 2013, the FCC and the Federal Aviation Administration have considered allowing airline passengers to talk on the phones during flights, although the FAA also proposed rules requiring airlines to give passengers notice if they planned to allow phone calls. The plan to allow mobile phone calls on flights drew sharp objections from some passengers and flight attendants who had visions of dozens of passengers trying to talk over each other for entire flights. But FCC Chairman Ajit Pai on Monday killed his agency's 2013 proceeding that sought to relax rules governing the use of mobile phones on airplanes. Under the FCC proposal, airlines would have decided if they allowed mobile phone conversations during flights.

Read more of this story at Slashdot.

Amazon's Third-Party Sellers Hit By Hackers

Slashdot - Your Rights Online - Pn, 2017-04-10 21:20
Hackers are targeting the growing population of third-party sellers on Amazon.com using stolen credentials to post fake deals and steal cash. From a report: In recent weeks, attackers have changed the bank-deposit information on Amazon accounts of active sellers to steal tens of thousands of dollars from each (Editor's note: the link could be paywalled; alternative source), according to several sellers and advisers. Attackers also have hacked into the Amazon accounts of sellers who haven't used them recently to post nonexistent merchandise for sale at steep discounts in an attempt to pocket the cash, those people say. The fraud stems largely from email and password credentials stolen from previously hacked accounts and then sold on what's dubbed the "dark web," a network of anonymous internet servers where hackers communicate and trade illicit information. Such hacks previously have favored sites such as PayPal and eBay, but Amazon recently has become a target of choice, according to cybersecurity experts.

Read more of this story at Slashdot.

Russian Arrested in Spain 'Over US Election Hacking'

Slashdot - Your Rights Online - Pn, 2017-04-10 20:00
Spanish police have arrested a Russian programmer for alleged involvement in "hacking" the US election, BBC reported Monday, citing local press reports. From the report: Pyotr Levashov, arrested on 7 April in Barcelona, has now been remanded in custody. A "legal source" also told the AFP news agency that Mr Levashov was the subject of an extradition request by the US. The request is due to be examined by Spain's national criminal court, the agency added. El Confidencial, a Spanish news website, has said that Mr Levashov's arrest warrant was issued by US authorities over suspected "hacking" that helped Donald Trump's campaign.

Read more of this story at Slashdot.

Spyware Firms in Breach of Global Sanctions

Slashdot - Your Rights Online - Pn, 2017-04-10 16:40
From a report on Al Jazeera: Spy equipment producers are breaking laws and circumventing international sanctions by agreeing to sell stock to countries known for human rights abuses, and to clients who do not declare the end user -- meaning surveillance tools could easily fall into the hands of armed groups, corporations, governments cracking down on dissent, or opposition leaders, an exclusive investigation by Al Jazeera reveals. During "Spy Merchants", a four-month undercover operation, Al Jazeera secretly filmed representatives of two Italian companies and one Chinese business agreeing to sell spyware that is capable of tracking millions of people online and able to intercept phone calls and text messages without anyone finding out. The vendors boasted of being able to side-step the law by using sister and shell companies and explained how to possibly circumvent export regulations by lying about the details of shipments and using third countries exempted from certain rules as stopping places.

Read more of this story at Slashdot.

Bitcoin Exchange Sues Wells Fargo Over Massive Wire Transfer Suspension

Slashdot - Your Rights Online - N, 2017-04-09 21:39
An anonymous reader quotes this report from the cryptocurrency news site Bitcoin.com: Bitfinex, on Wednesday, filed a lawsuit against Wells Fargo for suspending its outgoing U.S. dollars wire transfers. In addition to "a preliminary and permanent injunction against Wells Fargo," the exchange is seeking compensatory damages in excess of $75,000 and any additional relief the court may deem fair as well as a jury trial for the case... The court document states that Bitfinex is a customer of four Taiwan-based banks but is not itself a customer of Wells Fargo. However, its banks in Taiwan use Wells Fargo as a correspondent bank to process U.S. dollar wire transfers, which is a normal practice in cross-border payments. "So far, close to US$180M in funds is locked up in Wells Fargo accounts," writes The Merkle, "with no clear path to a resolution in sight." But a Bitfinex representative on social media pointed out that "Funds are not frozen," adding that Wells Fargo is just a correspondent bank, and "They have chosen to block wire transfers between us and our customers which we are challenging in court." Another post from BFX_Brandon states that "If we allow them to simply flip a switch and disrupt business, then there becomes a precedence in the Bitcoin industry beyond just Bitfinex, so we believe it is the appropriate time to take action."

Read more of this story at Slashdot.

A Huge Trove of Patient Data Leaks, Thanks To Telemarketers' Bad Security

Slashdot - Your Rights Online - N, 2017-04-09 18:39
"A trove of records containing personal and health information on close to a million people was exposed after a former developer working at a telemarketing company uploaded a backup of its database to the internet," writes ZDNet. An anonymous reader quotes their report: The data contained personal and health-related information, such as names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, health insurance information, and other data relating to the types of health problems the individuals have regarding the products they need, though many of the records were truncated or incomplete. An examination showed that the database was used to market products to thousands of customers by telemarketers at HealthNow -- no longer a registered business as of 2015. Several records we've seen included customized notes written by staff who were tasked with calling customers, such as when they are home and any other relevant information on the subject. The database apparently lingered online for years in an AWS instance until it was discovered two weeks ago in search results from Shodan by a Twitter user calling himself Flash Gordon. Databreaches.net, which investigated the breach with ZDNet, believes this as a teachable moment. "Before you give your personal or health insurance information to telemarketers or firms that call to offer you supplies for diabetes or back pain or other conditions, think twice."

Read more of this story at Slashdot.

Server Snafu Exposes Ask.com User Search Queries Via Internal Status Page

Slashdot - Your Rights Online - N, 2017-04-09 09:34
"The Ask.com search engine went through some sort of technical issue late Friday night, as its servers were exposing the internal Apache server status page, revealing recently processed search queries," reports BleepingComputer. An anonymous reader writes: The issue is now fixed, but a copy of the server status page with some search queries can still be viewed in Google's search engine cache. "Some of the weirdest search queries were collected by users in a Hacker News thread," reports BleepingComputer, adding "As you'd expect, the server page included plenty of searches for porn." The issue also affected localized Ask.com servers, such as uk.ask.com/server-status, us.ask.com/server-status, and de.ask.com/server-status, but no user data was exposed, as the search queries passed through load balancers and already hid user IPs.

Read more of this story at Slashdot.

US Hacker Sets Off 156 Sirens At Midnight

Slashdot - Your Rights Online - N, 2017-04-09 06:34
"I had the displeasure of being awoken at midnight to the sounds of civil-defense/air-raid sirens," writes very-long-time Slashdot reader SigIO, blaming "some schmuck with a twisted sense of humor." The Dallas News reports: Rocky Vaz, director of Dallas' Office of Emergency Management, said that all 156 of the city's sirens were activated more than a dozen times... Dallas officials blame computer hacking for setting off emergency sirens throughout the city early Saturday... It took until about 1:20 a.m. to silence them for good because the emergency system had to be deactivated. The system remained shut down Saturday while crews safeguarded it from another hack. The city has figured out how the emergency system was compromised and is working to prevent it from happening again, he said... The city said the system should be restored Sunday or Monday. City officials reported 4,400 calls to their 9-1-1 emergency phone number in the first four hours of Saturday morning, with over 800 occurring in that first 15 minutes when all 156 sirens started going off simultaneously.

Read more of this story at Slashdot.

Hacker Group Leaks 'NSA's Top Secret Arsenal of Digital Weapons'

Slashdot - Your Rights Online - So, 2017-04-08 21:55
Hacker group 'The Shadow Brokers', which last year allegedly released top-secret tools that the National Security Agency had used to break into the networks of foreign governments and other espionage targets, today said it is disappointed with President Donald Trump, and released more such alleged tools. From a report on Motherboard: On Saturday, The Shadow Brokers, a hacker or group of hackers that has previously dumped NSA hacking tools, released more alleged exploits. The group published a password for an encrypted cache of files they distributed last year. "Be considering this our form of protest," the group wrote in a rambling, politically loaded rant published on Medium. Back in August, The Shadow Brokers released a number of exploits stolen from the NSA. Many of these affected hardware firewalls, from companies such as Cisco and Juniper. At the time, the group also dumped another cache allegedly containing more hacking tools, and said they would release the corresponding password to the winner of a bitcoin auction. That fund-raising effort was ultimately unsuccessful, and The Shadow Brokers claimed they were calling the whole thing off in January. But now, anyone can unlock the auction data dump. (Motherboard confirmed that the password did indeed decrypt the original auction file). In a series of tweets, Edward Snowden said, "NSA just lost control of its Top Secret arsenal of digital weapons; hackers leaked it. 1) https://github.com/x0rz/EQGRP 2) For those who have never heard of the hacker group behind today's leak of NSA's cyberweapons, last year's story." He adds, "quick review of the ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library, but there's still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal."

Read more of this story at Slashdot.

IRS Warns Tax Info Leaked By US Financial Aid Site

Slashdot - Your Rights Online - So, 2017-04-08 21:34
"Hackers accessed the data of up to 100,000 people through a tool that helps students get financial aid," writes CNN. An anonymous reader quotes their report: IRS Commissioner John Koskinen testified before the Senate Finance Committee Thursday that a breach had been discovered in the fall. In September, he said, his agency discovered that fraudsters could use someone's personal data to fill out a financial aid application, and the "Data Retrieval Tool" would populate the application with tax information. That information could be used to file false tax returns. The commissioner said fewer than 8,000 of these returns were processed, and refunds were issued totaling $30 million... In October, the IRS told the Department of Education that the system could be abused by criminals, but because up to 15 million people use the system for convenience, they kept it available. However, in February, the agency witnessed a pattern of fraudulent activity, and it shut down the automated tool in March. Now financial aid seekers will have to manually enter their parents' reported income from previous tax years -- at least until a new version of the tool comes online next October. In the meantime, the IRS is alerting 100,000 users who started an application but didn't finish it, warning them that their tax information may have been compromised.

Read more of this story at Slashdot.

Google Announces Android Cross-Licensing Program 'PAX' -- But Why?

Slashdot - Your Rights Online - So, 2017-04-08 20:34
"Linux and open-source software have had to contend with intellectual property legal challenges for years," writes ZDNet. "Now, Google has started a new effort to bring peace to potential Android IP sore points: PAX... a royalty-free, community-patent cross-license." PAX is starting with nine members: Google, Samsung Electronics, LG Electronics, HTC, Foxconn Technology Group, Coolpad, BQ, HMD Global, and Allview. These companies own more than 230,000 global patents. PAX's purpose is to create a "community-driven [patent] clearinghouse, developed together with our Android partners, [that] ensures that innovation and consumer choice -- not patent threats -- will continue to be key drivers of our Android ecosystem. PAX is free to join and open to anyone." Slashdot reader Andy Updegroved writes: The question is why? The announcement and the related website are extremely brief, and although everyone is invited to get a copy of the cross license, Google reserves the right to decide first whether your motives are pure and you can keep a secret. And so far, the only members of the "PAX Community" listed are existing Google business partners. Is Google aware of some new patent tempest brewing just over the horizon, about to burst into public view? And will any other company names and logos be added to the PAX Community Web page? We'll just have to stay tuned to find out. Andy Updegrove tells ZDNet it does involve "formal cross-licenses between participants, and therefore enforceable rights, but not an infrastructure to do more (at least insofar as one can tell from the initial announcement)."

Read more of this story at Slashdot.

Should The FBI Have Arrested 'The Hacker Who Hacked No One'?

Slashdot - Your Rights Online - So, 2017-04-08 17:34
Last week The Daily Beast ran an article about the FBI's arrest of "the hacker who hacked no one." In December they'd arrested 26-year-old Taylor Huddleston, "the author of a remote administration tool, or RAT, called NanoCore that happens to be popular with hackers." It's been "linked to intrusions in at least 10 countries," reported Kevin Poulsen, but "as Huddleston sees it, he's a victim himself -- hackers have been pirating his program for years and using it to commit crimes." The article quotes Huddleston's lawyer, as well as a Cornell law professor who warns of the "chilling effect" of its implications on programmers. But it also says security experts who examined the software are "inherently skeptical" of Huddleston's claim that the software was intended for legal use, since that's "a common claim amongst RAT authors." Security researcher Brian Krebs also sees "a more complex and nuanced picture" after "a closer look at the government's side of the story -- as well as public postings left behind by the accused and his alleged accomplices." Click through for the rest of the story.

Read more of this story at Slashdot.

Ransomware Asks For High Score Instead of Money

Slashdot - Your Rights Online - So, 2017-04-08 15:00
An anonymous reader quotes a report from Ars Technica: Rensenware" forces players to get a high score in a difficult PC shoot-em-up to decrypt their files. As Malware Hunter Team noted yesterday, users on systems infected with Rensenware are faced with the usual ransomware-style warning that "your precious data like documents, musics, pictures, and some kinda project files" have been "encrypted with highly strong encryption algorithm." The only way to break the encryption lock, according to the warning, is to "score 0.2 billion in LUNATIC level" on TH12 ~ Undefined Fantastic Object. That's easier said than done, as this gameplay video of the "bullet hell" style Japanese shooter shows. As you may have guessed from the specifics here, the Rensenware bug was created more in the spirit of fun than maliciousness. After Rensenware was publicized on Twitter, its creator, who goes by Tvple Eraser on Twitter and often posts in Korean, released an apology for releasing what he admitted was "a kind of highly-fatal malware." The apology is embedded in a Rensenware "forcer" tool that Tvple Eraser has released to manipulate the game's memory directly, getting around the malware's encryption without the need to play the game (assuming you have a copy installed, that is). While the original Rensenware source code has been taken down from the creator's Github page, a new "cut" version has taken its place, showing off the original joke without any actually malicious forced encryption.

Read more of this story at Slashdot.

Google Accused of 'Extreme' Gender Pay Discrimination By US Labor Department

Slashdot - Your Rights Online - So, 2017-04-08 04:00
The U.S. Department of Labor is accusing Google of discriminating against its female employees and violating federal employment laws with its salaries for women. "We found systemic compensation disparities against women pretty much across the entire workforce," Janette Wipper, a Department of Labor regional director, testified in court in San Francisco on Friday. The Guardian reports: Google strongly denied the accusations of inequities, claiming it did not have a gender pay gap. The allegations emerged at a hearing in federal court as part of a lawsuit the DoL filed against Google in January, seeking to compel the company to provide salary data and documents to the government. Google is a federal contractor, which means it is required to allow the DoL to inspect and copy records and information about its its compliance with equal opportunity laws. Last year, the department's office of federal contract compliance programs requested job and salary history for Google employees, along with names and contact information, as part of the compliance review. Google, however, repeatedly refused to hand over the data, which was a violation of its contractual obligations with the federal government, according to the DoL's lawsuit. Labor officials detailed the government's discrimination claims against Google at the Friday hearing while making the case for why the company should be forced to comply with the DoL's requests for documents. Wipper said the department found pay disparities in a 2015 snapshot of salaries and said officials needed earlier compensation data to evaluate the root of the problem and needed to be able to confidentially interview employees.

Read more of this story at Slashdot.