aggregator

How The FBI Used Geek Squad To Increase Secret Public Surveillance

Slashdot - Your Rights Online - N, 2017-03-12 10:34
In 2011 a gynecology doctor took his computer for repairs at Best Buy's Geek Squad. But the repair technician was a paid FBI informant -- one of several working at Geek Squad -- and the doctor was ultimately charged with possessing child pornography, according to OC Weekly. An anonymous reader quotes their new report: Recently unsealed records reveal a much more extensive secret relationship than previously known between the FBI and Best Buy's Geek Squad, including evidence the agency trained company technicians on law-enforcement operational tactics, shared lists of targeted citizens and, to covertly increase surveillance of the public, encouraged searches of computers even when unrelated to a customer's request for repairs. Assistant United States Attorney M. Anthony Brown last year labeled allegations of a hidden partnership as "wild speculation." But more than a dozen summaries of FBI memoranda filed inside Orange County's Ronald Reagan Federal Courthouse this month in USA v. Mark Rettenmaier contradict the official line... Other records show how [Geek Squad supervisor Justin] Meade's job gave him "excellent and frequent" access for "several years" to computers belonging to unwitting Best Buy customers, though agents considered him "underutilized" and wanted him "tasked" to search devices "on a more consistent basis"... evidence demonstrates company employees routinely snooped for the agency, contemplated "writing a software program" specifically to aid the FBI in rifling through its customers' computers without probable cause for any crime that had been committed, and were "under the direction and control of the FBI." The doctor's lawyer argues Best Buy became an unofficial wing of the FBI by offering $500 for every time they found evidence leading to criminal charges.

Read more of this story at Slashdot.

Will Montana Become America's Third State To Ditch Daylight Savings Time?

Slashdot - Your Rights Online - N, 2017-03-12 02:34
"Okay...twice every year Slashdot disses Daylight savings time," writes turkeydance, bringing a story from Montana, where lawmakers are proposing that the state should stop setting their clocks forward by one hour every spring. Similar legislation in several past sessions...failed to advance even out of committee. But SB206 passed committee unanimously and once on the floor, more than twice as many senators voted for it as against it. Now the House will take up SB206 during the session's second half, and likely with a renewed focus on the history of daylight saving time and what it would mean for Montana to become only the third state in the country not to observe it. Daylight savings time has been opposed by a grassroots group of Montana farmers and ranchers, who have to sync their work schedule to the sun rather than the time on the clock, but similar legislation has also been introduced in Texas, California, Iowa, New Mexico, Michigan, Rhode Island, Wisconsin, and Washington. Daylight savings time was originally introduced as an energy-saving measure during World Wars I and II, and returned during the 1970s energy crisis. There's just one problem, reports Live Science. "No one really knows whether daylight saving time saves energy at all. Research is decidedly mixed on the subject, with some studies actually finding that daylight saving time boosts energy consumption."

Read more of this story at Slashdot.

Munich's IT Lead: 'No Compelling Reason' To Switch Back To Windows From Linux

Slashdot - Your Rights Online - N, 2017-03-12 01:34
"The man who runs Munich's central IT says there is no practical reason for the city to write off millions of euros and years of work to ditch its Linux-based OS for Windows," reports TechRepublic. Long-time Slashdot reader Qbertino summarizes a German-language article: Karl-Heinz Schneider, lead of Munich's local system house company IT@M, goes on to claim, "We do not see pressing technical reasons to switch to MS and MS Office... The council [in their recent plans] didn't even follow the analysts' suggestion to stick with using LibreOffice." Furthermore, Schneider stated that "System failures that angered citizens in recent years never were related to the LiMux project, but due to new bureaucratic procedures..." and apparently decisions by unqualified personnel at the administrative level, as Munich's administration itself states.

Read more of this story at Slashdot.

A Prenda Copyright Troll Finally Pleaded Guilty

Slashdot - Your Rights Online - N, 2017-03-12 00:34
"One of the attorneys behind the Prenda Law 'copyright trolling' scheme has pleaded guilty to federal charges of fraud and money laundering," reports Ars Technica. Long-time Slashdot reader Freshly Exhumed shares this article from the law blog Popehat: The factual basis section -- which Steele admits is true (as to facts he knows) or that the government can prove (as to facts he doesn't know directly) -- is a startling 16 pages long [PDF] and lavishly documents the entire scheme, complete with many details that accusers have been pointing out for years. In short, Steele admits that he and Hansmeier used sham entities to obtain the copyright to (or in some cases film) porn, uploaded it to file-sharing websites, and then filed "false and deceptive" copyright suits against downloaders designed to conceal their role in distributing the films and their stake in the outcomes. They lied to courts themselves, sent others to court to lie, lied at depositions, lied in sworn affidavits, created sham entities as plaintiffs, created fraudulent hacking allegations to try to obtain discovery into the identity of downloaders, used "ruse defendants" (strawmen, in effect) to get courts to approve broad discovery into IP addresses. Facing a maximum of 40 years in prison, Steele could get his sentence reduced if he testifies against Hansmeier, according to the article, and "Steele appears to have pinned all of his hopes on that option... I've seen a lot of plea agreements in a lot of federal cases, and I don't recall another one that so clearly conveyed the defendant utterly surrendering and accepting everything the government demanded, all in hopes of talking his sentence down later."

Read more of this story at Slashdot.

New 'USG' Firewalls Protect USB Drives From Malicious Attacks

Slashdot - Your Rights Online - So, 2017-03-11 23:34
A developer has created the USG, "a small, portable hardware USB firewall...to prevent malicious USB sticks and devices laden with malware from infecting your computer." An anonymous reader quotes ZDNet: The problem is that most computers automatically trust every USB device that's plugged in, which means malicious code can run without warning... Cars, cash registers, and some ATMs also come with USB ports, all of which can be vulnerable to cyberattacks from a single USB stick. That's where the USG firewall comes in...a simple hardware serial link that only accepts a very few select number of safe commands, which prevents the device from executing system commands or intercepting network traffic. That means the data can flow from the USB device, but [it] effectively blocks other USB exploits. The firmware has been open sourced, and the technical specifications have also been released online "to allow anyone to build their own from readily available development boards."

Read more of this story at Slashdot.

IEEE-USA Criticizes Failure To Reform The H-!B Program

Slashdot - Your Rights Online - So, 2017-03-11 19:34
Slashdot reader Tekla Perry writes: IEEE USA says H-1B visas are a tool used to avoid paying U.S. wages. "For every visa used by Google to hire a talented non-American for $126,000, ten Americans are replaced by outsourcing companies paying their H-1B workers $65,000," says the current IEEE USA president, writing with the past president and president-elect. The outsourcing companies, Infosys, Cognizant, Wipro, and Tata Consultancy in 2014 "used 21,695 visas, or more than 25 percent of all private-sector H-1B visas used that year. Microsoft, Google, Facebook, and Uber, for comparison, used only 1,763 visas, or 2 percent," they say. On Friday, IEEE-USA also issued a new criticism about the lack of progress in reforming the H-1B program, saying "At least 50,000 Americans will lose their jobs this year because the president has yet to fulfill the promise he made to millions who voted for him."

Read more of this story at Slashdot.

Police Allegedly Threaten A UK Photographer With Seizure Of All His Computers

Slashdot - Your Rights Online - So, 2017-03-11 17:34
Andy Smith is a Scotland-based news photographer (and a long-time reader of Slashdot). He writes Recently the police wanted to seize some of my work photos to use as evidence in a prosecution... Rather than trying (and likely failing) to get a warrant to seize the photos, the prosecutor used a tactic that nobody had heard of before: He got a warrant to seize all of my cameras, computers, memory cards, etc, even though the photos were in a secure location, not at my home or in my possession. I was then given 24 hours to retrieve and hand over the photos, or the police would raid my home and take everything, effectively ending my career. His blog post describes erasing every computer and memory card, though he believes the police only wanted the leverage that came from threatening to seize them. But the journalists' union advised him to surrender the photos, since otherwise his equipment could be held for over a year -- so he complied. "I regret my decision. Everyone on this side of the case has reassured me that it was the right thing to do, but it wasn't." "As for the warrant, it remains active, with no time limit. I now conduct my work knowing that the police could raid my home at any time, without warning, and take everything."

Read more of this story at Slashdot.

California Says Autonomous Cars Don't Need Human Drivers

Slashdot - Your Rights Online - So, 2017-03-11 15:00
Currently, California law requires that all self-driving cars used for testing purposes be done with a human behind the wheel, so that they can take control if necessary. While California has been fairly strict on how self-driving cars are to be used in the state, they appear to be relaxing several of the rules. "The state's Department of Motor Vehicles released proposed regulations Friday for autonomous vehicles, dropping an earlier requirement that a human driver had to be present while testing on public roads," reports Bloomberg. "The DMV also backed down on a previous rule that vehicles needed a steering wheel and pedals for the operator to take back control." From the report: "When we think of driverless vehicles they can either have conventional controls, which are steering wheels, pedals, things like that, or they cannot," said California DMV Chief Counsel Brian Soublet during a conference call with reporters. If companies test vehicles without conventional controls, they have to show the California DMV that they have approval from the National Highway Traffic Safety Administration, he added. NHTSA said in early 2016 that self-driving software systems, not just humans, can be considered drivers. "If California was going to keep that level of development activity in the state, what they did was necessary and timely," said Eric Noble, president of The CarLab, an automotive consulting firm. "They kind of had to do it because at some point manufacturers can't move autonomous vehicles forward without getting controls out of cars." The proposed regulations have a 45-day public comment period that ends April 24. That will be followed by a public hearing. During Friday's conference call, the California DMV said the rules should be completed by the end of the year.

Read more of this story at Slashdot.

Malware Found Preinstalled On 38 Android Phones Used By 2 Companies

Slashdot - Your Rights Online - So, 2017-03-11 12:00
An anonymous reader quotes a report from Ars Technica: An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren't part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected. Most of the malicious apps were info stealers and programs that displayed ads on the phones. One malicious ad-display app, dubbed "Loki," gains powerful system privileges on the devices it infects. Another app was a mobile ransomware title known as "Slocker," which uses Tor to conceal the identity of its operators. Check Point didn't disclose the names of the companies that owned the infected phones. Padon said it's not clear if the two companies were specifically targeted or if the infections were part of a broader, more opportunistic campaign. The presence of ransomware and other easy-to-detect malware seems to suggest the latter. Check Point also doesn't know where the infected phones were obtained. One of the affected parties was a "large telecommunications company" and the other was a "multinational technology company."

Read more of this story at Slashdot.

New Bill Would Allow Employers To Demand Genetic Testing From Workers

Slashdot - Your Rights Online - So, 2017-03-11 05:30
capedgirardeau quotes a report from Business Insider: A little-noticed bill moving through the U.S. Congress would allow companies to require employees to undergo genetic testing or risk paying a penalty of thousands of dollars, and would let employers see that genetic and other health information. Giving employers such power is now prohibited by U.S. law, including the 2008 genetic privacy and nondiscrimination law known as GINA. The new bill gets around that landmark law by stating explicitly that GINA and other protections do not apply when genetic tests are part of a "workplace wellness" program. The bill, HR 1313, was approved by a House committee on Wednesday, with all 22 Republicans supporting it and all 17 Democrats opposed. The 2008 genetic law prohibits a group health plan -- the kind employers have -- from asking, let alone requiring, someone to undergo a genetic test. It also prohibits that specifically for "underwriting purposes," which is where wellness programs come in. "Underwriting purposes" includes basing insurance deductibles, rebates, rewards, or other financial incentives on completing a health risk assessment or health screenings. In addition, any genetic information can be provided to the employer only in a de-identified, aggregated form, rather than in a way that reveals which individual has which genetic profile. There is a big exception, however: As long as employers make providing genetic information "voluntary," they can ask employees for it. Under the House bill, none of the protections for health and genetic information provided by GINA or the disabilities law would apply to workplace wellness programs as long as they complied with the ACA's very limited requirements for the programs. As a result, employers could demand that employees undergo genetic testing and health screenings.

Read more of this story at Slashdot.

Intel Security Releases Detection Tool For EFI Rootkits After CIA Leak

Slashdot - Your Rights Online - So, 2017-03-11 02:05
After WikiLeaks revealed data exposing information about the CIA's arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a "Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant." The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system's hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system's current EFI or against an EFI image previously extracted from a system.

Read more of this story at Slashdot.

MAC Address Randomization Flaws Leave Android and iOS Phones Open To Tracking

Slashdot - Your Rights Online - So, 2017-03-11 01:20
New submitter cryptizard writes: Modern Android and iOS versions include a technology called MAC address randomization to prevent passive tracking of users as they move from location to location. Unfortunately, researchers have revealed that this technology is implemented sporadically by device manufacturers and is often deployed with significant flaws that allow it to be easily defeated. A research paper [published by U.S. Naval Academy researchers] highlights a number of flaws in both Android and iOS that allow an adversary to track users even when their phones are using randomized MAC addresses. Most significantly, they demonstrate that a flaw in the way wireless chipsets handle low-level control messages can be exploited to track 100% of devices, regardless of manufacturer or operating system.

Read more of this story at Slashdot.

Message For AMD: Open PSP Will Improve Security, Hinder Intel

Slashdot - Your Rights Online - So, 2017-03-11 00:40
futuristicrabbit writes: AMD has faced calls from Edward Snowden, Libreboot and the Reddit community to release the source code to the AMD Secure Processor (PSP), a network-capable co-processor which some believe has the capacity to act as a backdoor. Opening the PSP would not only have security benefits, but would provide AMD with a competitive advantage against rival chipmaker Intel. Lisa Su, the CEO of AMD, is reportedly seriously considering the change, and the community is working hard to make sure she makes the right decision. In an AMD AMA post via Reddit, user 1n5aN1aC provided several arguments for why the company should release the PSP source code to the Coreboot / Libreboot project (or publicly). The arguments center around security, economic incentives, advertising, brand perception, and mindshare. AMD replied: "Thanks for the inquiry. Currently we do not have plans to release source code but you make a good argument for reasons to do so. We will evaluate and find a way to work with security vendors and the community to everyone's benefit." The product manager for AMD, AMD_james, continued in response to a follow-up comment that claims AMD is "not considering it all but only want to appease the potential buyers." AMD_james replied: "Thanks for the feedback. Please believe me that this has CEO level attention and AMD is investigating the steps and resources necessary to support this. It is not the work of a minute, so please bear with us as we define what we can do." What are your arguments for (or against) the idea of AMD releasing the source code to the AMD Secure Processor?

Read more of this story at Slashdot.

Blogger Wins Libel Damages Over Columnist's Tweets

Slashdot - Your Rights Online - So, 2017-03-11 00:00
eionmac shares a report that details a legal battle in which a food blogger won thousands of dollars in libel damages "after a row over two tweets." BBC reports: Food blogger Jack Monroe has won 24,000 British pounds damages, plus legal costs, in a libel action against columnist Katie Hopkins after a row over two tweets. Ms Monroe sued the writer over two war memorial tweets she said caused "serious harm" to her reputation. Ms Hopkins posted tweets in May 2015 asking her if she had "scrawled on any memorials recently." Ms Monroe said that meant she had either vandalized a war memorial or "condoned or approved" of it. Mr Justice Warby also ordered Ms Hopkins -- a columnist for the Mail Online -- to pay an initial 107,000 British pounds towards the campaigner's legal costs within 28 days. He ruled that the tweets had caused "Ms Monroe real and substantial distress" and she was entitled to "fair and reasonable compensation."

Read more of this story at Slashdot.

The SEC Just Handed Bitcoin a Huge Setback

Slashdot - Your Rights Online - Pt, 2017-03-10 23:40
The SEC has decided to deny an application for the first exchange-traded product that tracks the price of bitcoin, according to an order posted on the regulator's website. From a report: In an order today, the commission found that the proposed fund was too susceptible to fraud, due to the unregulated nature of Bitcoin. The result is a major setback for the fund, and a frustrating false start for the crypto-currency at large. The ETF is essentially a common stock fund pegged to the price of Bitcoin, allowing investors to purchase Bitcoin without the work of establishing a personal wallet. (In concrete terms, the ETFs investors will be buying shares whose price will always be the same as the price of a single bitcoin, similar to an equivalent investment in gold or cattle.) Without a wallet, investors still won't be able to spend Bitcoin, but they can buy and sell it at market price, adding more liquidity to the Bitcoin system overall.

Read more of this story at Slashdot.

Oculus CTO John Carmack Is Suing ZeniMax For $22.5 Million

Slashdot - Your Rights Online - Pt, 2017-03-10 23:20
An anonymous reader quotes a report from TechCrunch: The feud between Oculus and ZeniMax Media is opening up once again, this time with the CTO of Oculus, John Carmack, suing his former employer for earnings that he claims are still owed to him. The suit is largely unrelated to the $6 billion trade secrets suit which ended last month with a $500 million judgment against Oculus. Instead, Carmack is suing ZeniMax Media for $22.5 million that he says has not been paid to him for the 2009 sale of his game studio, id Software, known for such pioneering video game classics as Doom and Quake. The lawsuit reveals that ZeniMax Media paid $150 million for the game studio. The document details that Carmack was set to earn $45 million from the id acquisition. In 2011, Carmack converted half of that note into a half-million shares of ZeniMax common stock, but has yet to receive the other half of his earnings in cash or common stock from the company, despite formal requests being made. The lawsuit was reported first by Dallas News.

Read more of this story at Slashdot.

Alphabet's Waymo Asks Judge To Block Uber From Using Self-Driving Car Secrets

Slashdot - Your Rights Online - Pt, 2017-03-10 22:00
Waymo, Alphabet's self-driving spinoff from Google, is formally asking a judge to block Uber from operating its autonomous vehicles, according to new documents filed in Waymo's lawsuit against Uber. From a report on The Verge: The lawsuit, which was filed last month, alleges that Uber stole key elements of its self-driving car technology from Google. Uber has called the accusations "baseless." Today in federal court, Waymo filed the sworn testimony of Gary Brown, a forensic security engineer with Google since 2013. Citing logs from Google's secure network, Brown claims that Anthony Levandowski, a former Google engineer who now runs Uber's self-driving car program, downloaded 14,000 files from a Google repository that contain design files, schematics, and other confidential information pertaining to its self-driving car project. Levandowski used his personal laptop to download the files, a fact that Brown says made it easy to track.

Read more of this story at Slashdot.

U.S. Jobs, Pay Show Solid Gains in Trump's First Full Month

Slashdot - Your Rights Online - Pt, 2017-03-10 19:20
Two anonymous reader share a Bloomberg report: U.S. employers added jobs at an above-average pace for a second month on outsized gains in construction and manufacturing while wage growth picked up, as the labor market continued its steady improvement in the new year. The 235,000 increase followed a 238,000 rise in January that was more than previously estimated, the best back-to-back rise since July, a Labor Department report showed Friday in Washington. The unemployment rate fell to 4.7 percent, and wages grew 2.8 percent from February 2016. While unseasonably warm weather may have boosted the payrolls count, the data represent President Donald Trump's first full month in office and coincide with a surge in economic optimism following his election victory.

Read more of this story at Slashdot.

Google's reCAPTCHA Turns 'Invisible,' Will Separate Bots From People Without Challenges

Slashdot - Your Rights Online - Pt, 2017-03-10 04:25
Google is making CAPTCHAs invisible using "a combination of machine learning and advanced risk analysis that adapts to new and emerging threats." Ars Technica reports: The old reCAPTCHA system was pretty easy -- just a simple "I'm not a robot" checkbox would get people through your sign-up page. The new version is even simpler, and it doesn't use a challenge or checkbox. It works invisibly in the background, somehow, to identify bots from humans. Google doesn't go into much detail on how it works, only saying that the system uses "a combination of machine learning and advanced risk analysis that adapts to new and emerging threats." More detailed information on how the system works would probably also help bot-makers crack it, so don't expect details to pop up any time soon. When sites switch over to the invisible CAPTCHA system, most users won't see CAPTCHAs at all, not even the "I'm not a robot" checkbox. If you are flagged as "suspicious" by the system, then it will display the usual challenges.

Read more of this story at Slashdot.

EU Court Sets Limit On 'Right To Be Forgotten' In Company Registers

Slashdot - Your Rights Online - Pt, 2017-03-10 03:45
The European Union's top court ruled in May 2014 that people could ask search engines, such as Google or Microsoft's Bing, to remove inadequate or irrelevant information from the web results produced from searches for people's names. Today, the court is limiting the so-called "right to be forgotten" principle, ruling that individuals cannot demand that personal data be erased from company records in an official register. Reuters reports: In Thursday's ruling the European Court of Justice said that company registers needed to be public to ensure legal certainty and to protect the interests of third parties. Company registers only contained a limited amount of personal information and, as executives in companies should disclose their identity and functions, it said. This did not constitute too severe an interference in their private lives and personal data. However, the court said there might be specific situations in which access to personal data in company registers could be limited, such as a long period after a company's dissolution. But this should be determined on a case-by-case basis.

Read more of this story at Slashdot.