aggregator

Ajit Pai Backs Out of Planned CES 2018 Appearance

Slashdot - Your Rights Online - Cz, 2018-01-04 03:05
New submitter sdinfoserv writes: Ajit Pai, the most hated person in tech since Darl McBride, backed out of a speaking engagement at CES 2018. Apparently he lacks the spine to justify himself before the group of individuals his decisions affect most. Consumer Technology Association head Gary Shapiro announced: "Unfortunately, Federal Communications Commission Chairman Ajit Pai is unable to attend CES 2018. We look forward to our next opportunity to host a technology policy discussion with him before a public audience."

Read more of this story at Slashdot.

After Beating Cable Lobby, Colorado City Moves Ahead With Muni Broadband

Slashdot - Your Rights Online - Cz, 2018-01-04 02:20
Last night, the city council in Fort Collins, Colorado, voted to move ahead with a municipal fiber broadband network providing gigabit speeds, two months after the cable industry failed to stop the project. Ars Technica reports: Last night's city council vote came after residents of Fort Collins approved a ballot question that authorized the city to build a broadband network. The ballot question, passed in November, didn't guarantee that the network would be built because city council approval was still required, but that hurdle is now cleared. Residents approved the ballot question despite an anti-municipal broadband lobbying campaign backed by groups funded by Comcast and CenturyLink. The Fort Collins City Council voted 7-0 to approve the broadband-related measures, a city government spokesperson confirmed to Ars today. While the Federal Communications Commission has voted to eliminate the nation's net neutrality rules, the municipal broadband network will be neutral and without data caps. "The network will deliver a 'net-neutral' competitive unfettered data offering that does not impose caps or usage limits on one use of data over another (i.e., does not limit streaming or charge rates based on type of use)," a new planning document says. "All application providers (data, voice, video, cloud services) are equally able to provide their services, and consumers' access to advanced data opens up the marketplace." The city will also be developing policies to protect consumers' privacy. The city intends to provide gigabit service for $70 a month or less and a cheaper Internet tier.

Read more of this story at Slashdot.

2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices

Slashdot - Your Rights Online - Cz, 2018-01-04 00:20
chicksdaddy quotes a report from The Security Ledger: Security researchers say that serious security vulnerabilities linger in GPS software by the China-based firm ThinkRace more than two years after the hole was discovered and reported to the firm, The Security Ledger reports. Data including a GPS enabled device's location, serial number, assigned phone number and model and type of device can be accessed by any user with access to the GPS service. In some cases, other information is available including the device's location history going back 1 week. In some cases, malicious actors could also send commands to the device via SMS including those used to activate or deactivate GEO fencing alarms features, such as those used on child-tracking devices. The vulnerabilities affect hundreds of thousands of connected devices that use the GPS services, from smart watches, to vehicle GPS trackers, fitness trackers, pet trackers and more. At issue are security holes in back-end GPS tracking services that go by names like amber360.com, kiddo-track.com, carzongps.com and tourrun.net, according to Michael Gruhn, an independent security researcher who noted the insecure behavior in a location tracker he acquired and has helped raise awareness of the widespread flaws. Working with researcher Vangelis Stykas, Gruhn discovered scores of seemingly identical GPS services, many of which have little security, allowing low-skill hackers to directly access data on GPS tracking devices. Alas, news about the security holes is not new. In fact, the security holes in ThinkRace's GPS services are identical to those discovered by New Zealand researcher Lachlan Temple in 2015 and publicly disclosed at the time. Temple's research focused on one type of device: a portable GPS tracker that plugged into a vehicle's On Board Diagnostic (or OBD) port. However, Stykas and Gruhn say that they have discovered the same holes spread across a much wider range of APIs (application program interfaces) and services linked to ThinkRace.

Read more of this story at Slashdot.

Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users

Slashdot - Your Rights Online - Śr, 2018-01-03 23:00
An anonymous reader quotes a report from Hot Hardware: The tech blogosphere lit up yesterday afternoon after reports of a critical bug in modern Intel processors has the potential to seriously impact systems running Windows, Linux and macOS. The alleged bug is so severe that it cannot be corrected with a microcode update, and instead, OS manufacturers are being forced to address the issue with software updates, which in some instances requires a redesign of the kernel software. Some early performance benchmarks have even suggested that patches to fix the bug could result in a performance hit of as much as 30 percent. Since reports on the issues of exploded over the past 24 hours, Intel is looking to cut through the noise and tell its side of the story. The details of the exploit and software/firmware updates to address the matter at hand were scheduled to go live next week. However, Intel says that it is speaking out early to combat "inaccurate media reports." Intel acknowledges that the exploit has "the potential to improperly gather sensitive data from computing devices that are operating as designed." The company further goes on state that "these exploits do not have the potential to corrupt, modify or delete data." The company goes on to state that the "average computer user" will be negligibly affected by any software fixes, and that any negative performance outcomes "will be mitigated over time." In a classic case of trying to point fingers at everyone else, Intel says that "many different vendors' processors" are vulnerable to these exploits. You can read the full statement here.

Read more of this story at Slashdot.

Mozilla Will Delete Firefox Crash Reports Collected by Accident

Slashdot - Your Rights Online - Śr, 2018-01-03 18:40
Catalin Cimpanu, writing for BleepingComputer: Mozilla said last week it would delete all telemetry data collected because of a bug in the Firefox crash reporter. According to Mozilla engineers, Firefox has been collecting information on crashed background tabs from users' browsers since Firefox 52, released in March 2017. Firefox versions released in that time span did not respect user-set privacy settings and automatically auto-submitted crash reports to Mozilla servers. The browser maker fixed the issue with the release of Firefox 57.0.3. Crash reports are not fully-anonymized.

Read more of this story at Slashdot.

The FCC Is Still Tweaking Its Net Neutrality Repeal

Slashdot - Your Rights Online - Śr, 2018-01-03 15:00
An anonymous reader quotes a report from TechCrunch: You may think, from the pomp accompanying the FCC's vote in December to repeal the 2015 net neutrality rules, that the deed was accomplished. Not so -- in fact, the order hasn't even reached its final form: the Commission is still working on it. But while it may be frustrating, this is business as usual for regulations like this, and concerned advocates should conserve their outrage for when it's really needed. The "Restoring Internet Freedom" rule voted on last month was based on a final draft circulated several weeks before the meeting at which it would be adopted. But as reports at the time noted, significant edits (i.e. not fixing typos) were still going into the draft the day before the FCC voted. Additional citations, changes in wording and more serious adjustments may be underway. It may sound like some serious shenanigans are being pulled, but this is how the sausage was always made, and it's actually one of Chairman Ajit Pai's handful of commendable efforts that the process is, in some ways at least, more open to the public. The question of exactly what is being changed, however, we will have ample time to investigate: The rules will soon be entered into the federal register, at which point they both come into effect and come under intense scrutiny and legal opposition.

Read more of this story at Slashdot.

Spotify Hit With $1.6 Billion Copyright Lawsuit

Slashdot - Your Rights Online - Śr, 2018-01-03 02:05
The Wixen Music Publishing company, which administers song compositions by Tom Petty, Dan Auerbach, Rivers Cuomo, Stevie Nicks, Neil Young, and others, has hit Spotify with a copyright lawsuit seeking $1.6 billion in damages. The publishing company filed the lawsuit on December 29, alleging the streaming giant is using Petty's "Free Fallin" and tens of thousands of other songs without license or compensation. SPIN reports: Back in September, Wixen objected to a $43 million settlement Spotify had arranged over another class action lawsuit brought by David Lowery (of Cracker and Camper van Beethoven) and Melissa Ferrick, stating it was "procedurally and substantively unfair to Settlement Class Members because it prevents meaningful participation by rights holders and offers them an unfair dollar amount in light of Spotify's ongoing, willful copyright infringement of their works." A judge has yet to rule on that settlement, and in the meantime, Wixen has moved to file its own lawsuit, which purports "as much as 21 percent of the 30 million songs on Spotify are unlicensed," according to The Hollywood Reporter. "Spotify brazenly disregards United States Copyright law and has committed willful, ongoing copyright infringement," the complaint reads. "Wixen notified Spotify that it had neither obtained a direct or compulsory mechanical license for the use of the Works. For these reasons and the foregoing, Wixen is entitled to the maximum statutory relief."

Read more of this story at Slashdot.

US Calls On Iran To Unblock Social Media Sites Amid Protests

Slashdot - Your Rights Online - Śr, 2018-01-03 01:20
The Trump administration is calling on the government of Iran to stop blocking Instagram and other social media sites while encouraging Iranians to use special software to circumvent controls. "The great Iranian people have been repressed for many years," President Trump tweeted yesterday. "They are hungry for food & for freedom. Along with human rights, the wealth of Iran is being looted. Time for change!" ABC News reports: Undersecretary of State Steve Goldstein, in charge of public diplomacy, said the U.S. wants Iran's government to "open these sites" including the photo-sharing platform Instagram and the messaging app Telegram. "They are legitimate avenues for communication," Goldstein said. "People in Iran should be able to access those sites." Iranians seeking to evade the blocks can use virtual private networks, Goldstein said. Known as VPNs, the services create encrypted data "tunnels" between computers and are used in many countries to access overseas websites blocked by the local government. Despite the blocks, the United States is working to maintain communication with Iranians in the Farsi language, including through official accounts on Facebook, Twitter and other platforms. The State Department also was to distribute videos of top U.S. officials encouraging the protesters through those and other sites.

Read more of this story at Slashdot.

New Bill Could Finally Get Rid of Paperless Voting Machines

Slashdot - Your Rights Online - Wt, 2018-01-02 23:20
An anonymous reader quotes a report from Ars Technica: A bipartisan group of six senators has introduced legislation that would take a huge step toward securing elections in the United States. Called the Secure Elections Act, the bill aims to eliminate insecure paperless voting machines from American elections while promoting routine audits that would dramatically reduce the danger of interference from foreign governments. "With the 2018 elections just around the corner, Russia will be back to interfere again," said co-sponsor Sen. Kamala Harris (D-Calif.). So a group of senators led by James Lankford (R-Okla.) wants to shore up the security of American voting systems ahead of the 2018 and 2020 elections. And the senators have focused on two major changes that have broad support from voting security experts. The first objective is to get rid of paperless electronic voting machines. Computer scientists have been warning for more than a decade that these machines are vulnerable to hacking and can't be meaningfully audited. States have begun moving away from paperless systems, but budget constraints have forced some to continue relying on insecure paperless equipment. The Secure Elections Act would give states grants specifically earmarked for replacing these systems with more secure systems that use voter-verified paper ballots. The legislation's second big idea is to encourage states to perform routine post-election audits based on modern statistical techniques. Many states today only conduct recounts in the event of very close election outcomes. And these recounts involve counting a fixed percentage of ballots. That often leads to either counting way too many ballots (wasting taxpayer money) or too few (failing to fully verify the election outcome). The Lankford bill would encourage states to adopt more statistically sophisticated procedures to count as many ballots as needed to verify an election result was correct -- and no more.

Read more of this story at Slashdot.

Toutiao, One of China's Most Popular News Apps, is Discovering the Risks Involved in Giving People Exactly What They Want Online

Slashdot - Your Rights Online - Wt, 2018-01-02 19:43
The New York Times reports: One of the world's most valuable start-ups got that way by using artificial intelligence to satisfy Chinese internet users' voracious appetite for news and entertainment. Every day, its smartphone app feeds 120 million people personalized streams of buzzy news stories, videos of dogs frolicking in snow, GIFs of traffic mishaps and listicles such as "The World's Ugliest Celebrities." Now the company is discovering the risks involved, under China's censorship regime, in giving the people exactly what they want. The makers of the popular news app Jinri Toutiao unveiled moves this week to allay rising concerns from the authorities (Editor's note: the link may be paywalled; alternative source). Last week, the Beijing bureau of China's top internet regulator accused Toutiao of "spreading pornographic and vulgar information" and "causing a negative impact on public opinion online," and ordered that updates to several popular sections of the app be halted for 24 hours. In response, the app's parent company, Beijing Bytedance Technology, took down or temporarily suspended the accounts of more than 1,100 bloggers that it said had been publishing "low-quality content" on the app. It also replaced Toutiao's "Society" section with a new section called "New Era," which is heavy on state media coverage of government decisions.

Read more of this story at Slashdot.

Big Tech and Democracy Need To Work Together, Microsoft Executives Say

Slashdot - Your Rights Online - Wt, 2018-01-02 18:10
From a report: It's not often that Big Tech calls for more government action. But two top Microsoft executives -- Brad Smith, president and chief legal officer, and Carol Ann Browne, director of executive communications -- write in a tech trends forecast out today. "2018 will be a year when democratic governments can either work together to safeguard electoral processes or face a future where democracy is more fragile. [T]his needs to include work to protect campaigns from hacking, address social media issues, ensure the integrity of voting results, and protect vital census processes," they wrote.

Read more of this story at Slashdot.

China's WeChat Denies Storing User Chats

Slashdot - Your Rights Online - Wt, 2018-01-02 16:40
WeChat, China's most popular messenger app, on Tuesday denied storing users' chat histories, after a top businessman was quoted in media reports as saying he believed Tencent was monitoring everyone's account. From a report: " WeChat does not store any users' chat history. That is only stored in users' mobiles, computers and other terminals," WeChat said in a post on the social media platform. "WeChat will not use any content from user chats for big data analysis. Because of WeChat's technical model that does not store or analyse user chats, the rumour that 'we are watching your WeChat everyday' is pure misunderstanding." More than 900 million people use WeChat.

Read more of this story at Slashdot.

People Are Using PornHub To Stream 'Hamilton' and 'Zootopia'

Slashdot - Your Rights Online - Wt, 2018-01-02 16:00
An anonymous reader shares a report: There's more on PornHub than pornography. People are using the streaming-video site -- a sort of YouTube for pornography where users can upload and watch adult videos -- to stream pirated copies of high-profile titles like the Broadway musical Hamilton and Disney's animated movie Zootopia. Where YouTube has been fighting for years to keep pornography off its site, PornHub now finds itself in the position of having to purge its platform of videos that are decidedly safe for work. The full, 75-minute first act of the historical, Tony Award-winning play, Hamilton -- with its original cast, including creator and star Lin-Manuel Miranda -- is on PornHub, one Twitter user discovered. As the most sought after ticket in town, the play just set a new high-water mark (paywall) for Broadway after taking in $3.8 million at the box office for the week ending Dec. 24.

Read more of this story at Slashdot.

Germany Starts Enforcing Hate Speech Law

Slashdot - Your Rights Online - Pn, 2018-01-01 17:00
Germany is set to start enforcing a law that demands social media sites move quickly to remove hate speech, fake news and illegal material. From a report: Sites that do not remove "obviously illegal" posts could face fines of up to 50m euro ($60m). The law gives the networks 24 hours to act after they have been told about law-breaking material. Social networks and media sites with more than two million members will fall under the law's provisions. Facebook, Twitter and YouTube will be the law's main focus but it is also likely to be applied to Reddit, Tumblr and Russian social network VK. Other sites such as Vimeo and Flickr could also be caught up in its provisions.

Read more of this story at Slashdot.

Congo Shuts Down Internet Services 'Indefinitely'

Slashdot - Your Rights Online - Pn, 2018-01-01 07:34
On Saturday Engadget wrote: Authoritarian leaders are fond of severing communications in a bid to hold on to power, and that tradition sadly isn't going away. The Democratic Republic of Congo's government has ordered telecoms to cut internet and SMS access ahead of planned mass protests against President Joseph Kabila, whose administration has continuously delayed elections to replace him. Telecom minister Emery Okundji told Reuters that it was a response to "violence that is being prepared," but people aren't buying that argument. Officials had already banned demonstrations, and the country has history of cutting communications and blocking social network access in a bid to quash dissent. And today in the wake of deadly protests, Congo announced that the internet shutdown will continue "indefinitely." The New York Times reports: At least eight people were killed and a dozen altar boys arrested in the Democratic Republic of Congo on Sunday after security forces cracked down on planned church protests against President Joseph Kabila's refusal to leave office before coming elections... Congolese security forces set up checkpoints across Kinshasa, and the government issued an order to shut down text messaging and internet services indefinitely across the country for what it called "reasons of state security."

Read more of this story at Slashdot.

EFF Applauds 'Massive Change' to HTTPS

Slashdot - Your Rights Online - N, 2017-12-31 23:44
"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates... Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically... The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

Read more of this story at Slashdot.

Kansas Swatting Perpetrator 'SWauTistic' Interviewed on Twitter

Slashdot - Your Rights Online - N, 2017-12-31 21:39
"That kids house that I swatted is on the news," tweeted "SWauTistic" -- before he realized he'd gotten somebody killed. Security researcher Brian Krebs reveals what happened next. When it became apparent that a man had been killed as a result of the swatting, Swautistic tweeted that he didn't get anyone killed because he didn't pull the trigger. Swautistic soon changed his Twitter handle to @GoredTutor36, but KrebsOnSecurity managed to obtain several weeks' worth of tweets from Swautistic before his account was renamed. Those tweets indicate that Swautistic is a serial swatter -- meaning he has claimed responsibility for a number of other recent false reports to the police. Among the recent hoaxes he's taken credit for include a false report of a bomb threat at the U.S. Federal Communications Commission (FCC) that disrupted a high-profile public meeting on the net neutrality debate. Swautistic also has claimed responsibility for a hoax bomb threat that forced the evacuation of the Dallas Convention Center, and another bomb threat at a high school in Panama City, Fla, among others. After tweeting about the incident extensively Friday afternoon, KrebsOnSecurity was contacted by someone in control of the @GoredTutor36 Twitter account. GoredTutor36 said he's been the victim of swatting attempts himself, and that this was the reason he decided to start swatting others. He said the thrill of it "comes from having to hide from police via net connections." Asked about the FCC incident, @GoredTutor36 acknowledged it was his bomb threat. "Yep. Raped em," he wrote. "Bomb threats are more fun and cooler than swats in my opinion and I should have just stuck to that," he wrote. "But I began making $ doing some swat requests." Krebs' article also links to a police briefing with playback from the 911 call. "There is no question that police officers and first responders across the country need a great deal more training to bring the number of police shootings way down..." Krebs argues. "Also, all police officers and dispatchers need to be trained on what swatting is, how to spot the signs of a hoax, and how to minimize the risk of anyone getting harmed when responding to reports about hostage situations or bomb threats." But he also argues that filing a false police report should be reclassified as a felony in all states.

Read more of this story at Slashdot.

Tech Bros Bought Sex Trafficking Victims Using Amazon and Microsoft Work Emails

Slashdot - Your Rights Online - N, 2017-12-31 14:34
An anonymous reader writes: Newsweek's National Politics Correspondent reports on "a horny nest of prostitution 'hobbyists' at tech giants Microsoft, Amazon and other firms in Seattle," citing "hundreds" of emails "fired off by employees at major tech companies hoping to hook up with trafficked Asian women" between 2014 and 2016, "67 sent from Microsoft, 63 sent from Amazon email accounts and dozens more sent from some of Seattle's premier tech companies and others based elsewhere but with offices in Seattle, including T-Mobile and Oracle, as well as many local, smaller tech firms." Many of the emails came from a sting operation against online prostitution review boards, and were obtained through a public records request to the King County Prosecutor's Office. "They were on their work accounts because Seattle pimps routinely asked first-time sex-buyers to prove they were not cops by sending an employee email or badge," reports Newsweek, criticizing "the widespread and often nonchalant attitude toward buying sex from trafficked women, a process made shockingly more efficient by internet technology... A study commissioned by the Department of Justice found that Seattle has the fastest-growing sex industry in the United States, more than doubling in size between 2005 and 2012. That boom correlates neatly with the boom of the tech sector there... Some of these men spent $30,000 to $50,000 a year, according to authorities." A lawyer for some of the men argues that Seattle's tech giants aren't conducting any training to increase employees' compassion for trafficked women in brothels. The director of research for a national anti-trafficking group cites the time Uber analyzed ride-sharing data and reported a correlation between high-crime neighborhoods and frequent Uber trips -- including people paying for prostitutes. "They made a map using their ride-share data, like it was a funny thing they could do with their data. It was done so flippantly."

Read more of this story at Slashdot.

Iran Cuts Internet Access and Threatens Telegram Following Mass Protests

Slashdot - Your Rights Online - N, 2017-12-31 04:22
Long-time Slashdot reader cold fjord writes: As seething discontent has boiled over in Iran leading to mass protests, protesters have taken to the streets and social media to register their discontent... The government has been closing schools and shutting down transportation. Now, as mass protests in Iran go into their third day there are reports that internet access is being cut in cities with protests occurring. Social media has been a tool for documenting the protests and brutal crackdowns against them. Iran previously cut off internet access during the Green Movement protests following the 2009 elections. At the same time the Iranian government is cutting internet access they have called on Telegram, reportedly used by more than 40 million Iranians, to close the channels used by protesters. Telegram is now closing channels used by the protesters while Telegram itself may be shut down in Iran.

Read more of this story at Slashdot.

Louisana Police Bust an Infamous Nigerian Email Spam Scammer

Slashdot - Your Rights Online - N, 2017-12-31 00:04
MojoKid writes: You have probably at some point been contacted via email spam by someone claiming you are the beneficiary in a will of a Nigerian prince. As the scam goes, all you have to do is submit your personal information and Western Union some funds to process the necessary paperwork, and in return you will receive millions of dollars. One of the people behind the popular scam, Michael Neu, has been arrested by police in Slidell, Louisiana. This may come as a shocker, but Neu is not a prince, nor is he Nigerian. He is a 67-year-old male possibly of German descent (based on his last name) who is facing 269 counts of wire fraud and money laundering for his alleged role as a middle man in the scheme. According to Slidell police, some of the money obtained by Neu was wired to co-conspirators who do actually live in Nigera.

Read more of this story at Slashdot.