aggregator

California Man Sentenced To 20 Years In Deadly Kansas 'Swatting'

Slashdot - Your Rights Online - So, 2019-03-30 02:50
slipped_bit writes: Tyler R. Barriss, 26, who pleaded guilty to multiple counts of "swatting" attempts, including the case that caused an innocent man to be killed by police in 2017, has been sentenced to 20 years in prison. The case in 2017 was all because of a dispute between two online players over a $1.50 bet in the "Call of Duty: WWII" video game. A total of 51 federal charges related to fake calls and threats were made against Barriss. "Barriss' prosecution in Wichita consolidated other federal cases that had initially been filed against him in California and the District of Columbia involving similar calls and threats he made," reports FOX 4 Kansas City. "Prosecutors had asked for a 25-year sentence, while the defense had sought a 20-year term." "The intended target in Wichita, Shane Gaskill, 20, and the man who allegedly recruited Barriss, Casey Viner, 19, of North College Hill, Ohio, are charged as co-conspirators," the report adds. "Authorities say Viner provided Barriss with an address for Gaskill that Gaskill had previously given to Viner. Authorities also say that when Gaskill noticed Barriss was following him on Twitter, he gave Barriss that old address and taunted him to 'try something.'"

Read more of this story at Slashdot.

Security Researcher Pleads Guilty To Hacking Into Microsoft and Nintendo

Slashdot - Your Rights Online - Pt, 2019-03-29 03:30
24-year-old security researcher Zammis Clark pleaded guilty today to hacking into Microsoft and Nintendo servers and stealing confidential information. Clark, known online as Slipstream or Raylee, "was charged on multiple counts of computer misuse offenses in a London Crown Court on Thursday, and pleaded guilty to hacking into Microsoft and Nintendo networks," reports The Verge. From the report: Prosecutors revealed that Clark had gained access to a Microsoft server on January 24th, 2017 using an internal username and password, and then uploaded a web shell to remotely access Microsoft's network freely for at least three weeks. Clark then uploaded multiple shells which allowed him to search through Microsoft's network, upload files, and download data. In total, around 43,000 files were stolen after Clark targeted Microsoft's internal Windows flighting servers. These servers contain confidential copies of pre-release versions of Windows, and are used to distribute early beta code to developers working on Windows. Clark targeted unique build numbers to gain information on pre-release versions of Windows in around 7,500 searches for unreleased products, codenames, and build numbers. Clark then shared access to Microsoft's servers through an Internet Relay Chat (IRC) server chatroom, allowing other individuals to access and steal confidential information. Prosecutors say other hackers from France, Germany, the United Arab Emirates, and other countries were then able to access Microsoft's servers. Police found the stolen files on Clark's home computer after a joint investigation involving Microsoft's cyber team, the FBI, EUROPOL, and the NCA's National Cyber Crime Unit (NCCU). [...] The Microsoft intrusion ended when Clark uploaded malware onto Microsoft's network, and he was subsequently arrested in June, 2017. Clark was then bailed without any restrictions on his computer use, and went on to hack into Nintendo's internal network in March last year. Clark gained access through Virtual Private Networks (VPNs) and used similar software to hack into Nintendo's highly confidential game development servers. These servers store development code for unreleased games, and Clark was able to steal 2,365 usernames and passwords until Nintendo eventually discovered the breach in May 2018. Nintendo estimates the cost of damages between $913,000 and $1.8 million, and Microsoft previously provided the court with a vague estimate of around $2 million in damages. 26-year-old Thomas Hounsell, known in the Windows community for running the now discontinued BuildFeed website, appeared alongside Clark in court on Thursday for using Clark's Microsoft server breach to conduct more than 1,000 searches for products, codenames, and build numbers over a 17-day period, the report adds.

Read more of this story at Slashdot.

Russia Orders Major VPN Providers To Block 'Banned' Sites

Slashdot - Your Rights Online - Pt, 2019-03-29 02:50
Russian authorities have ordered ten major VPN providers to begin blocking sites on the country's blacklist. "NordVPN, ExpressVPN, IPVanish and HideMyAss are among those affected," reports TorrentFreak. "TorGuard also received a notification and has pulled its services out of Russia with immediate effect." From the report: During the past few days, telecoms watch Roscomnadzor says it sent compliance notifications to 10 major VPN services with servers inside Russia -- NordVPN, ExpressVPN, TorGuard, IPVanish, VPN Unlimited, VyprVPN, Kaspersky Secure Connection, HideMyAss!, Hola VPN, and OpenVPN. The government agency is demanding that the affected services begin interfacing with the FGIS database, blocking the sites listed within. Several other local companies -- search giant Yandex, Sputnik, Mail.ru, and Rambler -- are already connected to the database and filtering as required. "In accordance with paragraph 5 of Article 15.8 of the Federal Law No. 149-FZ of 27.07.2006 'On Information, Information Technology and on Protection of Information' hereby we are informing you about the necessity to get connected to the Federal state informational system of the blocked information sources and networks [FGIS] within thirty working days from the receipt [of this notice]," the notice reads. A notice received by TorGuard reveals that the provider was indeed given just under a month to comply. The notice also details the consequences for not doing so, i.e being placed on the blacklist with the rest of the banned sites so it cannot operate in Russia. The demand from Roscomnadzor sent to TorGuard and the other companies also requires that they hand over information to the authorities, including details of their operators and places of business. The notice itself states that for foreign entities, Russian authorities require the full entity name, country of residence, tax number and/or trade register number, postal and email address details, plus other information.

Read more of this story at Slashdot.

Researchers Find 36 New Security Flaws In LTE Protocol

Slashdot - Your Rights Online - Cz, 2019-03-28 23:30
An anonymous reader quotes a report from ZDNet: A group of academics from South Korea have identified 36 new vulnerabilities in the Long-Term Evolution (LTE) standard used by thousands of mobile networks and hundreds of millions of users across the world. The vulnerabilities allow attackers to disrupt mobile base stations, block incoming calls to a device, disconnect users from a mobile network, send spoofed SMS messages, and eavesdrop and manipulate user data traffic. They were discovered by a four-person research team from the Korea Advanced Institute of Science and Technology Constitution (KAIST), and documented in a research paper they intend to present at the IEEE Symposium on Security and Privacy in late May 2019. The Korean researchers said they found 51 LTE vulnerabilities, of which 36 are new, and 15 have been first identified by other research groups in the past. They discovered this sheer number of flaws by using a technique known as fuzzing --a code testing method that inputs a large quantity of random data into an application and analyzes the output for abnormalities, which, in turn, give developers a hint about the presence of possible bugs. The resulting vulnerabilities, see image below or this Google Docs sheet, were located in both the design and implementation of the LTE standard among the different carriers and device vendors. The KAIST team said it notified both the 3GPP (industry body behind LTE standard) and the GSMA (industry body that represents mobile operators), but also the corresponding baseband chipset vendors and network equipment vendors on whose hardware they performed the LTEFuzz tests.

Read more of this story at Slashdot.

Zuckerberg is Sitting on More Data About What People Want To Do Online Than Anyone Else in the World, Former Facebook Chief Security Officer Says

Slashdot - Your Rights Online - Cz, 2019-03-28 22:50
Former Facebook executive Alex Stamos explained how Facebook's Mark Zuckerberg is able to consistently make decisions that only make sense with the benefit of hindsight. From a report: "Mark Zuckerberg is sitting on more data about what people want to do online than anyone else in the world," said Stamos, who was speaking at the Washington Post's technology and policy conference on Wednesday evening. He cited the acquisitions of private messaging WhatsApp in 2014 for $19 billion, and photo-sharing service Instagram in 2012 for $1 billion, as examples of bets "that people think are insane but turn out to be prophetic because he knows the direction the world is going," Stamos said. Further reading: Facebook Used Its VPN App To Track Competitors, Documents Reveal.

Read more of this story at Slashdot.

Office Depot and Support.com To Pay $35 Million To Settle FTC Allegations That They Charged Users Millions in 'Fake' Malware Cleanup Fees

Slashdot - Your Rights Online - Cz, 2019-03-28 16:50
Office Depot and Support.com have coughed up $35 million after they were accused of lying to people that their PCs were infected with malware in order to charge them cleanup fees. From a report: Late Wednesday, the pair of businesses settled a lawsuit brought against them by the US Federal Trade Commission, which alleged staff at the tech duo falsely claimed software nasties were lingering on customers' computers to make a fast buck. The lawsuit, filed in southern Florida, claimed the two companies, including Office Depot subsidiary OfficeMax, from 2009 until November 2016 misrepresented the state of consumers' computers by using a sales tool designed to convince people to pay for diagnostic and repair services. "In numerous instances throughout this time period, Defendants used the PC Health Check Program to report to Office Depot Companies customers that the scan had found or identified 'Malware Symptoms' when it had not done so," the complaint stated. "Additionally, in numerous instances, the PC Health Check Program falsely reported to consumers that the program had found 'infections' on the consumer's computer." According to the watchdog's complaint, the PC Health Check Program was incapable of finding malware. Support.com allegedly programmed the software so that whenever an Office Depot Company employee checked any one of four checkboxes describing a generic concern, like slowness, before the scan started, the scan would automatically report the detection of malware symptoms, and for a time, infections.

Read more of this story at Slashdot.

French Gas Stations Robbed After Forgetting To Change Gas Pump PINs

Slashdot - Your Rights Online - Cz, 2019-03-28 05:30
An anonymous reader quotes a report from ZDNet: French authorities have arrested five men who stole over 120,000 liters (26,400 gallons) of fuel from gas stations around Paris by unlocking gas pumps using a special remote. The five-man team operated with the help of a special remote they bought online and which could unlock a particular brand of gas pumps installed at Total gas stations. The hack was possible because some gas station managers didn't change the gas pump's default lock code from the standard 0000. Hackers would use this simple PIN code to reset fuel prices and remove any fill-up limits. Crooks would operate in small teams of two to three individuals who visited gas stations at night using two vehicles. A man in a first car would use the remote to unlock the gas station, and then a second car, usually a van, would come along seconds later to fill a giant tanker installed in the back of the vehicle with as much as 2,000 or 3,000 liters in one go. The group advertised the fuel they stole on social media, providing a time and place where customers could come and refuel their vehicles or pick up orders for gasoline and diesel at smaller prices. Police uncovered the scheme in April 2018, when they arrested a suspect in possession of a remote used in the hack. "Five men, part of the same gang, were arrested on Monday, according to Le Parisien, who first reported the scheme last November," the report adds.

Read more of this story at Slashdot.

'Making Amazon Look Bad': Microsoft Is Backing a Major Tax On Itself and Amazon

Slashdot - Your Rights Online - Cz, 2019-03-28 03:30
Microsoft is urging lawmakers in Washington to increase the tax burden on itself and Amazon (Warning: source may be paywalled; alternative source) to help pay for a new higher education fund. "The bill, which was introduced Monday by Rep. Drew Hansen and Rep. Gerry Pollet among others, "would pour about a billion dollars over the next four years into a 'workforce education account,' to be spent on more financial aid as well as more degree slots in high-demand subjects such as computer science, engineering and nursing," The Seattle Times reports. Microsoft and Amazon would be the only two companies included in the highest tax bracket. From the report: The premise now is to put a surcharge on businesses that benefit the most from a highly skilled workforce. That means high-tech of course, as well as professional services firms. The bill proposes increasing the state business and occupation tax by 20 percent on about 40 categories of technical services, such as telecom, engineering, medical and finance. And by 33 percent on tech firms with more than $25 billion in annual revenue. But here's where this goes off the charts, into politically unheard-of territory. It mandates a top rate, a whopping 67 percent business tax increase, for those "advanced computing businesses" with "worldwide gross revenue of more than one hundred billion dollars" per year. There are only two businesses headquartered here that fit that rarefied description. And one of them, Microsoft, is the tax's biggest booster. But that other company that would also be most on the hook? Apparently it isn't so thrilled to have been volunteered for civic duty by one of its chief rivals. "Amazon was surprised to be included in such a public 'hey, let's do this' by Microsoft," said Rep. Gael Tarleton, D-Seattle, who said she heard that lament directly from an Amazon lobbyist. Added Pollet: "Amazon has groused in meetings down here that Microsoft is doing this mostly as a way of making Amazon look bad."

Read more of this story at Slashdot.

Microsoft Takes Control of 99 Domains Operated By Iranian State Hackers

Slashdot - Your Rights Online - Cz, 2019-03-28 02:10
An anonymous reader quotes a report from ZDNet: Court documents unsealed today revealed that Microsoft has been waging a secret battle against a group of Iranian government-sponsored hackers. The OS maker sued and won a restraining order that allowed it to take control of 99 web domains that had been previously owned and operated by a group of Iranian hackers known in cyber-security circles as APT35, Phosphorus, Charming Kitten, and the Ajax Security Team. The domains had been used as part of spear-phishing campaigns aimed at users in the US and across the world. APT35 hackers had registered these domains to incorporate the names of well-known brands, such as Microsoft, Yahoo, and others. The domains were then used to collect login credentials for users the group had tricked into accessing their sites. The tactic is decades old but is still extremely successful at tricking users into unwittingly disclosing usernames and passwords, even today. Some of the domains Microsoft has confiscated include the likes of outlook-verify.net, yahoo-verify.net, verification-live.com, and myaccount-services.net. Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.

Read more of this story at Slashdot.

California Law Banning Paper Receipts Clears First Hurdle In State Legislature

Slashdot - Your Rights Online - Cz, 2019-03-28 00:50
In January, California Assemblyman Phil Ting (D-San Francisco) introduced a law barring retailers from printing paper receipts unless a customer requests one. Otherwise they'd be required to provide proof-of-purchase receipts "only in electronic form." The bill has cleared its first hurdle in the sate Legislature on Monday as it passed the Nature Resources Committee in a 6-3 vote, despite concerns from some industry groups that say the switch should be driven by the market, not a government mandate. The Los Angeles Times reports: Assembly Bill 161 by Assemblyman Phil Ting (D-San Francisco) said his bill is an easy way to reduce paper waste in the state while addressing consumers' frustrations with excessively long receipts. Customers have taken to social media for years to complain and poke fun at the size of their receipts, particularly at CVS drugstore, posting pictures of the coupon-packed printouts measuring taller than a refrigerator. The paper that receipts are printed on is generally too thin to be made from recycled material, according to a legislative analysis of the bill. Once they are thrown away, the Department of Resources Recycling and Recovery, or CalRecycle, said the use of chemicals on paper receipts makes them undesirable to recyclers. The American Forest and Paper Assn., a paper industry group that opposes the bill, estimates that the United States generates 180,000 tons of paper receipts each year. That, the group points out, is a small percentage of total paper waste. The bill would give businesses until 2022 to provide customers electronic receipts, or a paper printout available on request. Violators would receive two warnings before being levied a $25-per-day fine. The maximum annual fine would be $300. The bill exempts cash-only and smaller businesses with gross receipts under $1 million a year from the electronic receipt requirement.

Read more of this story at Slashdot.

Facebook To Fight Belgian Ban On Tracking Users (And Even Non-Users)

Slashdot - Your Rights Online - Cz, 2019-03-28 00:10
Last year, a Belgian court ruled that Facebook would have to stop tracking Belgian internet users and delete the data it's already gathered on them, or face fines of about $280,000 a day. "Belgium's data-protection regulators have targeted the company since at least 2015 when a court ordered it to stop storing non-users' personal data," Mercury News reported at the time. Facebook is now fighting the Belgian court's decision, and will go "face to face with the Belgian data protection authority in a Brussels appeals court for a two-day hearing starting on Wednesday," reports Bloomberg. From the report: Armed with new powers since the introduction of stronger European Union data protection rules, Belgium's privacy watchdog argues Facebook "still violates the fundamental rights of millions of residents of Belgium." The Brussels Court of First Instance in February 2018 ruled that Facebook doesn't provide people with enough information about how and why it collects data on their web use, or what it does with the information. "Facebook then uses that information to profile your surfing behavior and uses that profile to show you targeted advertising, such as advertising about products and services from commercial companies, messages from political parties, etc," the Belgian regulator said in an emailed statement on Wednesday. Belgium's data protection authority last year won the court's backing for its attack against Facebook's use of cookies, social plug-ins -- the "like" or "share" buttons -- and tracking technologies that are invisible to the naked eye to collect data on people's behavior during their visits to other sites. Facebook understands "that people want more information and control over the data Facebook receives from other websites and apps that use our services," the company said in a statement. "That's why we are developing Clear History, that will let you to see the websites and apps that send us information when you use them, disconnect this information from your account, and turn off our ability to store it associated with your account going forward," it said. "We have also made a number of changes to help people understand how our tools work and explain the choices they have, including through our privacy updates."

Read more of this story at Slashdot.

Senators Demand To Know Why Election Vendors Still Sell Voting Machines With 'Known Vulnerabilities'

Slashdot - Your Rights Online - Śr, 2019-03-27 23:30
An anonymous reader quotes a report from TechCrunch: Four senior senators have called on the largest U.S. voting machine makers to explain why they continue to sell devices with "known vulnerabilities," ahead of upcoming critical elections. The letter, sent Wednesday, calls on election equipment makers ES&S, Dominion Voting and Hart InterCivic to explain why they continue to sell decades-old machines, which the senators say contain security flaws that could undermine the results of elections if exploited. "The integrity of our elections is directly tied to the machines we vote on," said the letter sent by Sens. Amy Klobuchar (D-MN), Mark Warner (D-VA), Jack Reed (D-RI) and Gary Peters (D-MI), the most senior Democrats on the Rules, Intelligence, Armed Services and Homeland Security committees, respectively. "Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price," the letter adds. Their primary concern is that the three companies have more than 90 percent of the U.S. election equipment market share but their voting machines lack paper ballots or auditability, making it impossible to know if a vote was accurately counted in the event of a bug. Yet, these are the same devices tens of millions of voters will use in the upcoming 2020 presidential election. ES&S spokesperson Katina Granger said it will respond to the letter it received. The ranking Democrats say paper ballots are "basic necessities" for a reliable voting system, but the companies still produce machines that don't produce paper results.

Read more of this story at Slashdot.

IBM Accused of Violating Federal Anti-Age Discrimination Law

Slashdot - Your Rights Online - Śr, 2019-03-27 22:10
A group of ex-employees filed a lawsuit that accuses the tech giant of failing to comply with a law requiring companies to disclose the ages of people over 40 who have been laid off. The suit also alleges that the company has improperly prevented workers from combining to challenge their ousters. From a report: It is the second broad legal action against IBM since a 2018 ProPublica story that documented widespread age discrimination by the company in its global restructuring. The former employees are asking the court to invalidate a written agreement that IBM requires its employees to sign to receive severance pay. Under the document's provisions, workers agree to give up any right to challenge their dismissal in court. Until now, most age-related legal actions contesting an IBM layoff have been brought by the rare ex-worker who refused to sign the agreement and left without severance. If the district court were to agree that IBM's separation agreement is invalid, it could open the company up to lawsuits by tens of thousands of older workers IBM has laid off in recent years. Today's lawsuit and the string of other cases filed in the wake of ProPublica's story face steep odds as a result of decisions by the Supreme Court and federal appeals courts that curtailed workers' ability to challenge employers' staffing decisions. The rationale is to limit what federal judges view as cumbersome, costly cases that hamstring both employers and the courts.

Read more of this story at Slashdot.

FTC Fines Four Operations Responsible For Billions of Illegal Robocalls

Slashdot - Your Rights Online - Śr, 2019-03-27 21:36
Four companies that made billions of illegal robocalls have been caught and fined. From a report: The Federal Trade Commission on Tuesday said the agency reached settlements with four operations responsible for billions of illegal robocalls pitching debt-relief services, home security systems, fake charities, auto warranties and Google search results services. The companies were charged with violating the FTC Act, as well as the agency's Telemarketing Sales Rule and its Do Not Call provisions. "We have brought dozens of cases targeting illegal robocalls, and fighting unwanted calls remains one of our highest priorities," said Andrew Smith, director of the Bureau of Consumer Protection at the FTC, in a release. "We also have great advice on call-blocking services and how to reduce unwanted calls at [our website.]" The settlements come as the agency focuses on combating illegal robocalls. The four companies, NetDotSolutions, Higher Goals Marketing, Veterans of America and Pointbreak Media, are banned by court orders from robocalling and most telemarketing activities, according to the FTC's release. Further reading: FTC Tells ISPs To Disclose Exactly What Information They Collect On Users and What It's For.

Read more of this story at Slashdot.

Airbnb Has a Hidden-Camera Problem

Slashdot - Your Rights Online - Śr, 2019-03-27 20:10
Airbnb says it's cracking down on hosts who record guests. But is it doing enough? From a report: Airbnb's rules allow cameras outdoors and in living rooms and common areas, but never in bathrooms or anywhere guests plan to sleep, including rooms with foldout beds. Starting in early 2018, Airbnb added another layer of disclosure: If hosts indicate they have cameras anywhere on their property, guests receive a pop-up informing them where the cameras are located and where they are aimed. To book the property, the guests must click "agree," indicating that they're aware of the cameras and consent to being filmed. Of course, hosts have plenty of reason to train cameras on the homes they rent out to strangers. They can catch guests who attempt to steal, or who trash the place, or who initially say they're traveling alone, then show up to a property with five people. A representative for Airbnb's Trust & Safety communications department told me the company tries to filter out hosts who may attempt to surveil guests by matching them against sex-offender and felony databases. The company also uses risk scores to flag suspicious behavior, in addition to reviewing and booting hosts with consistently poor scores. If a guest contacts Airbnb's Trust & Safety team with a complaint about a camera, employees offer new accommodations if necessary and open an investigation into the host. [...] But four guests who found cameras in their rentals told The Atlantic the company has inconsistently applied its own rules when investigating their claims, providing them with incorrect information and making recommendations that they say risked putting them in harm's way. "There have been super terrible examples of privacy violations by AirBnB hosts, e.g., people have found cameras hidden in alarm clocks in their bedrooms," wrote Jeff Bigham, a computer-science professor at Carnegie Mellon whose claim was initially denied after he reported cameras in his rental. "I feel like our experience is in some ways more insidious. If you find a truly hidden camera in your bedroom or bathroom, Airbnb will support you. If you find an undisclosed camera in the private living room, Airbnb will not support you."

Read more of this story at Slashdot.

Bank of America Tech Chief Is Skeptical of Blockchain Even Though The Company Has the Most Patents For It

Slashdot - Your Rights Online - Śr, 2019-03-27 12:00
Bank of America tech and operations chief Cathy Bessant said she is bearish on blockchain, the technology underpinning cryptocurrencies. "I will be curious to see what the actual volume of usage is on the JPM Coin in a year," she said. Slashdot reader technocrattobe shares a report from CNBC: "What I am is open-minded," Bessant said recently in an interview at the bank's New York tower. "In my private scoreboard, in the closet, I am bearish." Bessant is wading into the debate about the blockchain, whose proponents have claimed will be as significant as the internet. A blockchain is an encrypted database that runs on multiple computers, potentially cutting out the need for centralized authorities like banks or governments to settle transactions between parties. The technology got a boost from rival J.P. Morgan Chase, which revealed last month that it created the first cryptocurrency backed by a major U.S. bank to facilitate blockchain-related payments. But Bessant, who oversees 95,000 technology workers and was named the most powerful woman in banking last year, is a pragmatist. She started out at Bank of America in 1982 as a commercial banker, eventually rising to a series of top roles, including head of corporate banking and chief marketing officer. She has run the bank's global technology and operations division since 2010. Most of what she sees doesn't make sense for finance or significantly improve upon existing methods. She said it's a technology in search of a use case, rather than something designed specifically to solve existing problems. "I haven't seen one [use case] that even scales beyond an individual or a small set of transactions," Bessant said. "All of the big tech companies will come and say 'blockchain, blockchain, blockchain.' I say, 'Show me the use case. You bring me the use case and I'll try it.'" She added: "I want it to work. Spiritually, I want it to make us better, faster, cheaper, more transparent, more, you know, all of those things." The report notes that Bank of America "has applied for or received 82 blockchain-related patents, more than any other financial firm, including payment companies Mastercard and PayPal."

Read more of this story at Slashdot.

Mike Pence Tells NASA To Accelerate Human Missions To the Moon 'By Any Means Necessary'

Slashdot - Your Rights Online - Śr, 2019-03-27 09:00
Today at the fifth meeting of the National Space Council, Vice President Mike Pence said the Trump administration is committed to sending humans back to the Moon by 2024, four years earlier than NASA's previous target of 2028. The Verge reports: Pence, speaking at NASA's Marshall Space Flight Center in Huntsville, Alabama, noted that the administration will meet this goal "by any means necessary." He called on NASA to adopt new policies and argued that the space agency would need to embrace "a new mindset that begins with setting bold goals and staying on schedule." To do that, he said the administration may consider ditching some of NASA's current contractors -- which are currently developing new vehicles to take humans into deep space -- and using commercially developed rockets instead. "If commercial rockets are the only way to get American astronauts to the Moon in the next five years, then commercial rockets it will be," said Pence. "Urgency must be our watch word." However, Pence offered few clear recommendations and changes that would help to accelerate NASA's return, apart from potentially switching rockets and contractors. "It was rhetoric about 'by all means possible' and 'we'll provide the resources necessary' and 'leadership is essential,'" John Logsdon, a space policy expert at George Washington University, tells The Verge. "I mean, they're all good words. But the devil's in the details."

Read more of this story at Slashdot.

Bill That Would Restore Net Neutrality Moves Forward Despite Telecom's Best Efforts To Kill It

Slashdot - Your Rights Online - Śr, 2019-03-27 05:30
An anonymous reader quotes a report from Motherboard: Last month, Democrats introduced a simple three page bill that would do one thing: restore FCC net neutrality rules and the agency's authority over ISPs, both stripped away by a hugely-controversial decision by the agency in late 2017. Tuesday morning, the Save the Internet Act passed through a key House committee vote and markup session -- despite some last-minute efforts by big telecom to weaken the bill. "Net neutrality is coming back with a vengeance," said Evan Greer, deputy director of consumer group Fight for the Future said in a statement. "Politicians are slowly learning that they can't get away with shilling for big telecom anymore," Greer said. "We're harnessing the power of the Internet to save it, and any lawmaker who stands in our way will soon face the wrath of their constituents, who overwhelmingly want lawmakers to restore these basic protections." Greer told Motherboard that several last minute amendments were introduced by lawmakers during the markup period in an attempt to water down the bill, but all were pulled in the wake of widespread public interest in the hearing. "It seems like the GOP retreated a bit given after the huge swell of public support," said Greer, who told Motherboard that 300,000 people watched the organization's livestream of the markup process. That attention "really emboldened the Democrats and shored up the ones that were wobbling," Greer said.

Read more of this story at Slashdot.

FTC Tells ISPs To Disclose Exactly What Information They Collect On Users and What It's For

Slashdot - Your Rights Online - Śr, 2019-03-27 01:30
An anonymous reader quotes a report from TechCrunch: The Federal Trade Commission, in what could be considered a prelude to new regulatory action, has issued an order to several major internet service providers requiring them to share every detail of their data collection practices. The information could expose patterns of abuse or otherwise troubling data use against which the FTC -- or states -- may want to take action. The letters requesting info went to Comcast, Google, T-Mobile, and both the fixed and wireless sub-companies of Verizon and AT&T. These "represent a range of large and small ISPs, as well as fixed and mobile Internet providers," an FTC spokesperson said. I'm not sure which is mean to be the small one, but welcome any information the agency can extract from any of them. To be clear, the FTC already has consumer protection rules in place and could already go after an internet provider if it were found to be abusing the privacy of its users -- you know, selling their location to anyone who asks or the like. (Still no action there, by the way.) But the evolving media and telecom landscape, in which we see enormous companies devouring one another to best provide as many complementary services as possible, requires constant reevaluation. As the agency writes in a press release: "The FTC is initiating this study to better understand Internet service providers' privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content." The report provides this example as to the kind of situation the FTC is concerned about: "If Verizon wants to offer not just the connection you get on your phone, but the media you request, the ads you are served, and the tracking you never heard of, it needs to show that these businesses are not somehow shirking rules behind the scenes." "For instance, if Verizon Wireless says it doesn't collect or share information about what sites you visit, but the mysterious VZ Snooping Co (fictitious, I should add) scoops all that up and then sells it for peanuts to its sister company, that could amount to a deceptive practice," TechCrunch adds. "Of course it's rarely that simple (though don't rule it out), but the only way to be sure is to comprehensively question everyone involved and carefully compare the answers with real-world practices."

Read more of this story at Slashdot.

ASUS Releases Fix For ShadowHammer Malware Attack

Slashdot - Your Rights Online - Wt, 2019-03-26 23:30
Iwastheone shares a report from Engadget: ASUS may have inadvertently pushed malware to some of its computers through its update tool, but it at least it has a fix ready to go. The PC maker has released a new version of its Live Update software for laptops that addresses the ShadowHammer backdoor attack. It also promised "multiple security verification mechanisms" to reduce the chances of further attacks, and started using an "enhanced end-to-end encryption mechanism." There are upgrades to the behind-the-scenes server system to prevent future attacks, ASUS added. The company simultaneously reiterated the narrow scope of ShadowHammer, noting that the malware targeted a "very small and specific user group." It's believed to be an Advanced Persistent Threat -- that is, a state-backed assault against organizations rather than everyday users. Other ASUS devices weren't affected, according to a notice. While the fix is reassuring, it also raises questions as to why the systems weren't locked down earlier. Update tools are prime targets for hackers precisely because they're both trusted and have deep access to the operating system -- tight security is necessary to prevent an intruder from hijacking the process.

Read more of this story at Slashdot.