aggregator

Australia Wants To Use Face Recognition For Porn Age Verification

Slashdot - Your Rights Online - Pn, 2019-10-28 21:50
An anonymous reader quotes a report from Ars Technica: Lawmakers in Australia (like their counterparts in the United Kingdom) are looking for an effective way to limit kids' access to online pornography. Australia's Department of Home Affairs has a possible solution: face-recognition technology. "Home Affairs is developing a Face Verification Service which matches a person's photo against images used on one of their evidence of identity documents to help verify their identity," the government agency wrote in a recent regulatory filing. "This could assist in age verification, for example by preventing a minor from using their parent's driver license to circumvent age verification controls." Australia's government face-matching system has been years in the making. In 2016, the government announced that (in the words of CNET) "the first phase of its new biometric Face Verification Service (FVS) is up and running, giving a number of government departments and the Australian Federal Police the ability to share and match digital photos of faces." Initially, the system was fairly limited. It only included photos of people who had applied to become Australian citizens. And use of the database was supposed to be limited to a handful of government agencies with a compelling need for it. But since then, the government has steadily expanded the system. Photos from other sources were added to the database. And Australia has been trying to develop a more sophisticated Face Identification Service that can identify unknown persons. "The Face Verification Service is not yet fully operational," the government acknowledges. "Whilst it is intended to be made available to private sector organizations in future, this will be subject to the passage of the Identity-matching Services Bill 2019 which is currently before Parliament."

Read more of this story at Slashdot.

Comcast Argues 'We've Never Sold Customers' Data'

Slashdot - Your Rights Online - Pn, 2019-10-28 05:34
An anonymous reader quotes MediaPost: Faced with a new controversy related to online privacy, Comcast said this week that it doesn't draw on information about the sites broadband users visit for advertising or targeting. The company said Thursday that it deletes information every 24 hours about the domain names people navigate to online. "Millions of Comcast customers look up billions of addresses online every day," Chief Privacy Officer Christin McMeley wrote on the company's blog. "We've never used that data for any sort of marketing or advertising -- and we have never sold it to anyone." The company's statement came one day after the publication Motherboard reported on Comcast's efforts to rally opposition on Capitol Hill to Google's plan to encrypt domain names... "While cloaked as enhancing user privacy, Google's DNS encryption will in fact vastly expand Google's control over and use of customer data, and will result in the complete commercialization of DNS data for Google's own ends," [Comcast's] presentation states. Google has said its plans were mischaracterized by broadband organizations, and that it has no intention of centralizing the web, or changing people's existing DNS providers to Google by default. "Any claim that we are trying to become the centralized encrypted DNS provider is inaccurate," a company spokesperson said last month... One day after Motherboard posted the material reportedly prepared by Comcast, the cable provider touted its privacy policies in a blog post. "Where you go on the Internet is your business, not ours," McMeley wrote. "As your Internet Service Provider, we do not track the websites you visit or apps you use through your broadband connection. Because we don't track that information, we don't use it to build a profile about you and we have never sold that information to anyone." Several years ago, Comcast opposed Federal Communications Commission privacy regulations that would have required broadband providers to obtain consumers' opt-in consent before drawing on their web-browsing activity for advertising. The FCC passed those rules in 2016, but the regulations were revoked by Congress the following year.

Read more of this story at Slashdot.

How the 2018 Olympic Cyberattack Was Traced To Russian Hackers

Slashdot - Your Rights Online - N, 2019-10-27 13:34
Sparrowvsrevolution writes: In a lengthy article, Wired tells a newly detailed narrative of the cyberattack on the 2018 Winter Olympic games, which hit the Olympics network during the opening ceremony. The piece details how the malware used in that attack was designed to incorporate multiple sophisticated false flags, and how forensic analysts overcame those red herrings to eventually trace the attack to a specific unit of Russia's GRU military intelligence agency. It's a good read. Wired calls it "perhaps the most deceptive hacking operation in history," but they finally get an answer from a 28-year-old former anarchist punk turned security researcher at the Reston, Virginia, office of the security and private intelligence firm FireEye. The tell-tale clue: the malware used "a certain common set of hacking tools called PowerShell Empire." He soon deduced that the source of that signal in the noise was a common tool used to create each one of the booby-trapped documents. It was an open source program, easily found online, called Malicious Macro Generator. Michael Matonis speculated that the hackers had chosen the program in order to blend in with a crowd of other malware authors, but it had ultimately had the opposite effect, setting them apart as a distinct set... When he looked at the command and control servers that the malware connected back to -- the strings that would control the puppetry of any successful infections -- all but a few of the IP addresses of those machines overlapped too... Matonis began painstakingly checking every IP address his hackers had used as a command and control server in their campaign of malicious Word document phishing; he wanted to see what domains those IP addresses had hosted... At the end of his long chain of internet-address connections, Matonis had found a fingerprint that linked the Olympics attackers back to a hacking operation that directly targeted the 2016 US election. Not only had he solved the whodunit of Olympic Destroyer's origin, he'd gone further, showing that the culprit had been implicated in the most notorious hacking campaign ever to hit the American political system.

Read more of this story at Slashdot.

America's Trade Commission Accused of 'Rewarding Bad Actors' Posting Fake Online Reviews

Slashdot - Your Rights Online - So, 2019-10-26 23:34
Ars Technica quotes the CEO of a fraudulent-review tracking company who says that fake reviews online have now reached 'epidemic proportions". But two U.S. regulators say that's just the beginning: Commissioners Rohit Chopra and Rebecca Slaughter of the Federal Trade Commission say it's about to get a lot worse, and they know who to blame: their own agency. The FTC this week brought its first case against a company for enlisting its employees in a coordinated fake-review campaign to boost sales. Chopra and Slaughter say the decision reached by their fellow commissioners could usher in even more review fraud. The settlement did not require the company to admit fault, notify customers of the fraud, or turn over any ill-gotten gains. "Dishonest firms may come to conclude that posting fake reviews is a viable strategy, given the proposed outcome here," Chopra said in a statement dissenting from the FTC's decision, joined by Slaughter. "Honest firms, who are the biggest victims of this fraud, may be wondering if they are losing out by following the law. Consumers may come to lack confidence that reviews are truthful...." [T]he FTC voted 3â"2 to allow Sunday Riley to settle the charges by agreeing not to post future fake reviews, without admitting fault. Chopra and Slaughter say the settlement will ultimately do more harm than good and that it tells companies there's little risk in engaging in online review fraud; even if regulators find the fake reviews, the company won't face a meaningful punishment, the dissenters say. FTC staffers told Ars Technica that it's extraordinarily rare for the FTC to get a fake-review case "as straightforward, prosecutable, and evidence-rich" as this one. The FTC's investigation began when an inside whistle-blower shared a company email on Reddit in which employees "were given step-by-step directions on how to post fake reviews" -- and on how to avoid detection.

Read more of this story at Slashdot.

Russian Cyberattackers Stole Iranian Tools, Then Attacked 35 Countries

Slashdot - Your Rights Online - So, 2019-10-26 22:34
An anonymous reader quotes Bloomberg News: A Russia-linked group is believed to have utilized Iranian tools to conduct cyber attacks against dozens of countries, in an apparent effort to mask their identities, according to joint advisories by the U.S. and the U.K. The group, known as Turla, used tools from suspected Iran-based hacking groups and deployed them against old and new targets. In order to acquire the tools, Turla "comprised the suspected Iran-based hacking groups themselves," according to the U.S. National Security Agency and the U.K.'s National Cyber Security Centre, which released the advisories on Monday. The original owners of the tools "were almost certainly not aware of, or complicit with, Turla's use of their implants," the agencies said. The attacks, against more than 35 countries, would appear to the victims as coming from Iran.

Read more of this story at Slashdot.

Calculation Errors and Inadequate Peer Review Led To Miami Bridge's Collapse

Slashdot - Your Rights Online - So, 2019-10-26 17:34
America's National Transportation Safety Board has now officially determined the probable causes of a Florida pedestrian bridge's collapse in March of 2018: load and capacity calculation errors made by FIGG Bridge Engineers. Slashdot reader McGruber shares their report: Contributing to the collapse was Louis Berger's inadequate peer review, which failed to detect FIGG's calculation errors in its design of the main span truss member 11/12 nodal region and connection to the bridge deck. The FIGG engineer of record's failure to identify the significance of structural cracking observed in this node before the collapse, and failure to obtain an independent peer review of the remedial plan to address the cracking, further contributed to the collapse... Six of the eight lanes of the roadway traveling under the bridge were open at the time of the collapse. The failure of FIGG, MCM, Bolton Perez and Associates Consulting Engineers, FIU and the Florida Department of Transportation to cease bridge work and close SW 8th Street to protect public safety contributed to the severity of the collapse outcome, said the NTSB during the meeting. "Errors in bridge design, inadequate peer review and poor engineering judgment led to the collapse of this bridge," said NTSB Chairman Robert Sumwalt. "The failure of all concerned parties, to recognize and take action on the threat to public safety presented by the significant observed bridge structure distress prior to the collapse, led to the tragic loss of life in this preventable accident." The report also concludes that Louis Berger "was not qualified by the Florida Department of Transportation to conduct an independent peer review" -- and that Florida's Department of Transportation "should have verified Louis Berger's qualifications as an independent peer review firm as part of FDOT's oversight of local agency program projects."

Read more of this story at Slashdot.

Microsoft Beats Amazon To Win the Pentagon's $10 Billion JEDI Cloud Contract

Slashdot - Your Rights Online - So, 2019-10-26 04:20
An anonymous reader quotes a report from The Verge: The U.S. government has awarded a giant $10 billion cloud contract to Microsoft, the Department of Defense has confirmed. Known as Joint Enterprise Defense Infrastructure (JEDI), the contract will provide the Pentagon with cloud services for basic storage and power all the way up to artificial intelligence processing, machine learning, and the ability to process mission-critical workloads. It's a key contract for Microsoft as the company battles Amazon for cloud dominance, and for a while it was up in the air as to whether Microsoft or Amazon would win this particular one. IBM and Oracle were both eliminated for the bidding back in April, leaving just Microsoft and Amazon as the only companies that could meet the requirements. The contract has been controversial throughout the bidding process, and Oracle lost a legal challenge after it claimed the contract has conflicts of interest. The contract will last for 10 years and is likely to be resisted by employees, who have in the past have called on the company to drop its HoloLens U.S. Army contract and stop its work with ICE.

Read more of this story at Slashdot.

Man Sues AT&T, Saying He Lost $1.8 Million In Cryptocurrency With SIM Card Hack

Slashdot - Your Rights Online - So, 2019-10-26 02:02
A California man is suing AT&T after he says one of its employees allowed a hacker to access his cell phone number that resulted in his data being compromised and more than $1.8 million in cryptocurrency stolen from his accounts. ABC News reports: Seth Shapiro says that an AT&T employee allowed a hacker to swap his phone number from his phone to a separate device, which resulted in "the compromise of highly sensitive personal and financial information and the theft of more than $1.8 million," according to court documents. The process of so-called "SIM swapping" allows hackers a way to gain access to all the information tied to a phone number potentially giving them access to every email, photo, app and more on the phone. The complaint filed on Oct. 17 claims that while third parties had control over his AT&T wireless number, "they used that control to access and reset the passwords for Mr. Shapiro's accounts on cryptocurrency exchange platforms, including KuCoin, Bittrex, Wax, Coinbase, Huobi, Crytopia, LiveCoin, HitBTC, Coss.io, Liqui, and Bitfinex." The digital currency "was accessed by the hackers utilizing their control over Mr. Shapiro's AT&T wireless number," the court documents added. The lawsuit alleges that hackers were able to access "accounts on various cryptocurrency exchange platforms, including the accounts he controlled on behalf of his business venture. The hackers then transferred Mr. Shapiro's currency from Mr. Shapiro's accounts into accounts that they controlled." "In all, they stole more than $1.8 million from Mr. Shapiro in the two consecutive SIM swap attacks on May 16, 2018," the complaint added. AT&T told ABC News in a statement that they dispute the Shapiro's allegations and shared information on how customers can help keep themselves safe from SIM swaps. "We dispute these allegations and look forward to presenting our case in court," the statement said. "Customers can learn how to help protect themselves from this scam by going here -- https://about.att.com/sites/cyberaware/ni/blog/sim_swap."

Read more of this story at Slashdot.

Netflix and Spotify Might Be Required To Issue Emergency Alerts From the Government Just Like TV and Radio

Slashdot - Your Rights Online - Pt, 2019-10-25 19:40
Streaming services like Netflix, Disney+, and Spotify might be required to issue emergency alerts from the government if U.S. lawmakers have their way. From a report: TV and radio stations operating in the U.S. are required by law to issue emergency warnings, like the infamous fake missile alert for Hawaii issued in early 2018, but lawmakers want to bring those alerts to more platforms, as viewers use more and more internet-based services. The legislation, dubbed the Reliable Emergency Alert Distribution Improvement (READI) Act, has bipartisan support and is being introduced in the Senate by Democrat Brian Schatz of Hawaii and Republican John Thune of South Dakota. A bipartisan group of Representatives in the House have a similar bill that has already been introduced. The legislation would also make it illegal for consumers to opt out of federal emergency alerts on their phones and would require alerts by the U.S. president and FEMA to be repeated. TV and radio stations are currently only required to issue an alert once. "When a missile alert went out across Hawai'i last year, some people never got the message on their phones, while others missed it on their TVs and radios. Even though it was a false alarm, the missile alert exposed real flaws in the way people receive emergency alerts," Senator Schatz said in a statement posted to his website.

Read more of this story at Slashdot.

Mozilla: Cloudflare Doesn't Pay Us For Any DoH Traffic

Slashdot - Your Rights Online - Pt, 2019-10-25 15:00
An anonymous reader writes: Mozilla said today that "no money is being exchanged to route DNS requests to Cloudflare" as part of the DNS-over-HTTPS (DoH) feature that is currently being gradually enabled for Firefox users in the US. The browser maker has been coming under heavy criticism lately for its partnership with Cloudflare. Many detractors say that by using Cloudflare as the default DoH resolver for Firefox, Mozilla will help centralize a large chunk of DNS traffic on Cloudflare's service. Critics of this decision include regular users, but also ISP-backed lobby groups, according to a recent report citing leaked documents. But according to Mozilla, they're not getting paid for this, and are only doing it for Firefox user privacy.

Read more of this story at Slashdot.

BBC News Launches 'Dark Web' Tor Mirror

Slashdot - Your Rights Online - Pt, 2019-10-25 01:20
sandbagger writes: The BBC has made its international news website available via the Tor network, in a bid to thwart censorship attempts. The browser can obscure who is using it and what data is being accessed, which can help people avoid government surveillance and censorship. Countries including China, Iran and Vietnam are among those who have tried to block access to the BBC News website or programs. Instead of visiting bbc.co.uk/news or bbc.com/news, users of the Tor browser can visit the new bbcnewsv2vjtpsuy.onion web address. Clicking this web address will not work in a regular web browser.

Read more of this story at Slashdot.

TikTok Raises National Security Concerns in Congress as Schumer, Cotton Ask for Federal Review

Slashdot - Your Rights Online - Cz, 2019-10-24 20:00
Two senior members of Congress, Senate Minority Leader Charles E. Schumer (D-N.Y.) and Sen. Tom Cotton (R-Ark.), asked U.S. intelligence officials late Wednesday to determine whether the Chinese-owned social-networking app TikTok poses "national security risks." From a report: In a letter to Joseph Maguire, the director of national intelligence, the lawmakers questioned TikTok's data-collection practices and whether the app adheres to censorship rules directed by the Chinese government that could limit what U.S. users see. TikTok, which provides users a feed of short videos, has become wildly popular among teenagers worldwide. "With over 110 million downloads in the U.S. alone, TikTok is a potential counterintelligence threat we cannot ignore," wrote Schumer and Cotton, who sits on the Senate Intelligence Committee. "Given these concerns, we ask that the Intelligence Community conduct an assessment of the national security risks posed by TikTok and other China-based content platforms operating in the U.S. and brief Congress on these findings."

Read more of this story at Slashdot.

40 Major Music Festivals Have Pledged Not To Use Facial Recognition Technology

Slashdot - Your Rights Online - Cz, 2019-10-24 17:20
Forty of the world's largest music festivals -- including SXSW, Coachella, Pitchfork, and Bonnaroo -- have gone on the record to promise that they will not use facial recognition technology at their events, following a campaign launched by musicians and activists to ban the technology. From a report: Today, organizers of the campaign are declaring victory. "It's so important that people don't just learn about how scary and dangerous surveillance technology like facial recognition is but also learn about successful efforts to stop it," Evan Greer, the deputy director of Fight For the Future, a digital rights rights advocacy group that spearheaded the campaign, told Motherboard. This victory for digital rights activists and musicians is the first major setback to commercial facial recognition companies in the United States, and could have ripples beyond the industry. In recent years, many music events have become increasingly Orwellian experiences. Biometric surveillance companies and venture capitalists have identified music festivals as a huge potential market for facial recognition technologies, which can be marketed as a way for concertgoers to bypass long lines. But musicians and activists have concerns.

Read more of this story at Slashdot.

Open Database Leaked 179GB In Customer, US Government, and Military Records

Slashdot - Your Rights Online - Cz, 2019-10-24 02:50
An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers. ZDNet reports: On Monday, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group. Autoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing. In a report shared with ZDNet, the researchers said the open Elasticsearch database was discovered through vpnMentor's web mapping project. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within. The team says that "thousands" of individuals were impacted, although due to ethical reasons it was not possible to examine every record in the leaking database to come up with a specific number. Hundreds of thousands of booking reservations for guests were available to view and data including full names, dates of birth, home addresses, phone numbers, dates and travel costs, some check-in times and room numbers, and masked credit card details were also exposed. Some of the records were logs for U.S. Army generals visiting Russia and Israel, the report says. In total, the AWS-hosted database contained over 179GB of data.

Read more of this story at Slashdot.

EU Data Watchdog Raises Concerns Over Microsoft Contracts

Slashdot - Your Rights Online - Cz, 2019-10-24 00:10
An anonymous reader quotes a report from Reuters: Microsoft's contracts with European Union institutions do not fully protect data in line with EU law, the European Data Protection Supervisor (EDPS) said in initial findings published on Monday. The EDPS, the EU's data watchdog, opened an investigation in April to assess whether contracts between Microsoft and EU institutions such as the European Commission fully complied with the bloc's data protection rules. "Though the investigation is still ongoing, preliminary results reveal serious concerns over compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services," the EDPS says in a statement. "We are committed to helping our customers comply with GDPR, Regulation 2018/1725 and other applicable laws," a Microsoft spokesman said. "We are in discussions with our customers in the EU institutions and will soon announce contractual changes that will address concerns such as those raised by the EDPS."

Read more of this story at Slashdot.

Comcast Is Lobbying Against Encryption That Could Prevent it From Learning Your Browsing History

Slashdot - Your Rights Online - Śr, 2019-10-23 18:10
Internet giant Comcast is lobbying U.S. lawmakers against plans to encrypt web traffic that would make it harder for internet service providers (ISPs) to determine your browsing history, Motherboard reported Wednesday, citing a lobbying presentation. From the report: The plan, which Google intends to implement soon, would enforce the encryption of DNS data made using Chrome, meaning the sites you visit. Privacy activists have praised Google's move. But ISPs are pushing back as part of a wider lobbying effort against encrypted DNS, according to the presentation. Technologists and activists say this encryption would make it harder for ISPs to leverage data for things such as targeted advertising, as well as block some forms of censorship by authoritarian regimes. Mozilla, which makes Firefox, is also planning a version of this encryption. "The slides overall are extremely misleading and inaccurate, and frankly I would be somewhat embarrassed if my team had provided that slide deck to policy makers," Marshall Erwin, senior director of trust and safety at Mozilla, told Motherboard in a phone call after reviewing sections of the slide deck. "We are trying to essentially shift the power to collect and monetize peoples' data away from ISPs and providing users with control and a set of default protections," he added, regarding Mozilla's changes.

Read more of this story at Slashdot.

'Hyperstealth' Invisibility Cloak Developed For Military Use

Slashdot - Your Rights Online - Śr, 2019-10-23 12:00
Freshly Exhumed shares a report from Futurism: Canada's Hyperstealth Biotechnology already manufactures camouflage uniforms for militaries across the globe. But now, the company has patented a new "Quantum Stealth" material that disguises a military's soldiers -- or even its tanks, aircraft, and ships -- by making anything behind it seem invisible. Earlier in October, Hyperstealth filed a patent for the material, which doesn't require a power source and is both paper-thin and inexpensive -- all traits that could make it appealing for use on the battlefield. Alongside the news of the patent application, Hyperstealth released more than 100-minutes worth of footage describing and demonstrating the material.

Read more of this story at Slashdot.

Facebook To Face $35 Billion Class-Action Lawsuit Over Misuse of Facial Recognition Data

Slashdot - Your Rights Online - Śr, 2019-10-23 05:30
A federal court has reportedly said that Facebook will have to face a class-action lawsuit for allegedly misusing users' facial recognition data in Illinois. The lawsuit could cost the company up to $35 billion. Firstpost reports: Facebook has been trying to avoid the lawsuit for a few years now. The lawsuit began in 2015 when Illinois users accused Facebook of violating that state's Biometric Information Privacy Act in collecting biometric data. The U.S. court, however, has denied Facebook's request for an en banc hearing before the full slate of ninth circuit judges that could have halted the case. Now the case will go to trial unless the Supreme Court intercedes. Facebook allegedly accomplished the said misuse of facial recognition data through its 'Tag Suggestions' feature, which allowed users to recognize their Facebook friends from previously uploaded photos. The suit alleges that Illinois citizens didn't consent to having their uploaded photos scanned with facial recognition and weren't informed of how long the data would be saved when the mapping started in 2011. According to the report, Facebook could face $1,000 to $5,000 in penalties per user for 7 million people, which could sum to a maximum of $35 billion.

Read more of this story at Slashdot.

Japanese Hotel Chain Sorry That Hackers May Have Watched Guests Through Bedside Robots

Slashdot - Your Rights Online - Śr, 2019-10-23 01:30
Japanese hotel chain HIS Group has apologized for ignoring warnings that its in-room robots were hackable to allow pervs to remotely view video footage from the devices. The Register reports: The Henn na Hotel is staffed by robots: guests can be checked in by humanoid or dinosaur reception bots before proceeding to their room. Facial recognition tech will let customers into their room and then a bedside robot will assist with other requirements. However several weeks ago a security researcher revealed on Twitter that he had warned HIS Group in July about the bed-bots being easily accessible, noting they sported "unsigned code" allowing a user to tap an NFC tag to the back of robot's head and allow access via the streaming app of their choice. Having heard nothing, the researcher made the hack public on October 13. The vulnerability allows guests to gain access to cameras and microphones in the robot remotely so they could watch and listen to anyone in the room in the future. The hotel is one of a chain of 10 in Japan which use a variety of robots instead of meat-based staff. So far the reference is only to Tapia robots at one hotel, although it is not clear if the rest of the chain uses different devices. The HIS Group tweeted: "We apologize for any uneasiness caused," according to the Tokyo Reporter. The paper was told that the company had decided the risks of unauthorized access were low, however, the robots have now been updated.

Read more of this story at Slashdot.

US Senators Want Social Media Users To Be Able To Take Their Data With Them

Slashdot - Your Rights Online - Wt, 2019-10-22 23:35
Three U.S. lawmakers active in tech issues introduced a bill on Tuesday that would require social networks like Facebook to allow users to pack up their data and go elsewhere, they said in a statement. From a report: The senators, Republican Josh Hawley and Democrats Mark Warner and Richard Blumenthal, offered the bill at a time when there is growing concern that Facebook, along with Alphabet's Google, have become so powerful that smaller rivals are unable to lure away their users. The bill currently does not have a counterpart in the U.S. House of Representatives, which it will need to become law. The bill would require communications platforms with more than 100 million monthly active members -- Facebook has more than two billion -- to allow its users to easily move, or port, their data to another network, Warner's office said in a statement. Under the bill the companies would be required to maintain an interface to facilitate interoperability. Or users would be allowed to choose another company to manage a user's account settings, content, and online interactions, the statement said.

Read more of this story at Slashdot.