aggregator

Report Reveals In-App Purchase Scams In the App Store

Slashdot - Your Rights Online - Wt, 2017-06-13 03:25
In a Medium article titled How to Make $80,000 Per Month On the Apple App Store, Johnny Lin uncovers a scamming trend in which apps advertising fake services are making thousands of dollars a month from in-app purchases. The practice works by manipulating search ads to promote dubious apps in the App Store and then preys on unsuspecting users via the in-app purchase mechanism. MacRumors reports: "I scrolled down the list in the Productivity category and saw apps from well-known companies like Dropbox, Evernote, and Microsoft," said Lin. "That was to be expected. But what's this? The #10 Top Grossing Productivity app (as of June 7th, 2017) was an app called 'Mobile protection :Clean & Security VPN.' Given the terrible title of this app (inconsistent capitalization, misplaced colon, and grammatically nonsensical 'Clean & Security VPN?'), I was sure this was a bug in the rankings algorithm. So I check Sensor Tower for an estimate of the app's revenue, which showed ... $80,000 per month?? That couldn't possibly be right. Now I was really curious." To learn how this could be, Lin installed and ran the app, and was soon prompted to start a "free trial" for an "anti-virus scanner" (iOS does not need anti-virus software thanks to Apple's sandboxing rules for individual apps). Tapping on the trial offer then threw up a Touch ID authentication prompt containing the text "You will pay $99.99 for a 7-day subscription starting Jun 9, 2017." Lin was one touch away from paying $400 a month for a non-existent service offered by a scammer. Lin dug deeper and found several other similar apps making money off the same scam, suggesting a wider disturbing trend, with scam apps regularly showing up in the App Store's top grossing lists.

Read more of this story at Slashdot.

'COVFEFE Act' Would Make Social Media a Presidential Record

Slashdot - Your Rights Online - Pn, 2017-06-12 23:20
An anonymous reader quotes a report from The Hill: Rep. Mike Quigley (D-Ill.) introduced legislation Monday to classify presidential social media posts -- including President Trump's much-discussed tweets -- as presidential records. The Communications Over Various Feeds Electronically for Engagement (COVFEFE) Act, which has the same acronym as an infamous Trump Twitter typo last month, would amend the Presidential Records Act to include "social media." Presidential records must be preserved, according to the Presidential Records Act, which would make it potentially illegal for the president to delete tweets. "President Trump's frequent, unfiltered use of his personal Twitter account as a means of official communication is unprecedented. If the President is going to take to social media to make sudden public policy proclamations, we must ensure that these statements are documented and preserved for future reference. Tweets are powerful, and the President must be held accountable for every post," said Quigley in a statement. Most people took the "covfefe" tweet to be a typo, although press secretary Sean Spicer told the media that the term was used intentionally. "The president and a small group of people know exactly what he meant," he said.

Read more of this story at Slashdot.

Microsoft Wins Xbox Class-Action Fight at US Supreme Court

Slashdot - Your Rights Online - Pn, 2017-06-12 22:40
The U.S. Supreme Court on Monday ruled in favor of Microsoft in its bid to fend off class action claims by Xbox 360 owners who said the popular videogame console gouges discs because of a design defect. From a report: The court, in a 8-0 ruling, overturned a 2015 decision by the San Francisco-based 9th U.S. Circuit Court of Appeals that allowed console owners to appeal the dismissal of their class action lawsuit by a federal judge in Seattle in 2012. Typically parties cannot appeal a class certification ruling until the entire case has reached a conclusion. But the 9th Circuit allowed the console owners to voluntarily dismiss their lawsuit so they could immediately appeal the denial of a class certification. Justice Ruth Bader Ginsburg, writing on behalf of the court, said such a move was not permitted because a voluntary dismissal of a lawsuit is not a final decision and thus cannot be appealed. The approach sought by the plaintiffs would undermine litigation rules "designed to guard against piecemeal appeals," Ginsburg wrote.

Read more of this story at Slashdot.

Researchers Have Found a Way To Root Out Identity Thieves By Analyzing Their Mouse Movements With AI

Slashdot - Your Rights Online - Pn, 2017-06-12 22:00
An anonymous reader shares an article: In the study, published recently in PLoS One, the researchers quizzed 40 respondents about their personal details. Half of the respondents were asked to answer the questions truthfully, but the other half were given details about fake identities they had to memorize and use in the quiz. The computer quiz kept track of the movement of each respondent's mouse as they answered the questions, and noted how the fakes differed from the truth-tellers when they moved the cursor from the bottom of the screen to the answers at the top. The quiz consisted of 12 questions like, "Do you live in Padua?" and "Are you Italian?" That covered details an identity thief could easily remember and answer, but then the quiz threw them a curve ball. "What is your zodiac sign," it asked in the second series of 12 questions, which were designed to be easy for the genuine respondents, but more difficult for the fakers to work out. After the researchers took the mouse-movement data collected from the quizzes and trained a machine-learning algorithm to analyze it, they found that was indeed the case. It was able to discern the fake responses from the real ones 95% of the time.

Read more of this story at Slashdot.

Opioid Dealers Embrace the Dark Web To Send Deadly Drugs by Mail

Slashdot - Your Rights Online - Pn, 2017-06-12 18:40
Anonymous online sales are surging, and people are dying. Despite dozens of arrests, new merchants -- many based in Asia -- quickly pop up. From a report on the New York Times: In a growing number of arrests and overdoses, law enforcement officials say, the drugs are being bought online. Internet sales have allowed powerful synthetic opioids such as fentanyl -- the fastest-growing cause of overdoses nationwide -- to reach living rooms in nearly every region of the country, as they arrive in small packages in the mail (syndicated source). The authorities have been frustrated in their efforts to crack down on the trade because these sites generally exist on the so-called dark web, where buyers can visit anonymously using special browsers and make purchases with virtual currencies like Bitcoin. The problem of dark web sales appeared to have been stamped out in 2013, when the authorities took down the most famous online marketplace for drugs, known as Silk Road. But since then, countless successors have popped up, making the drugs readily available to tens of thousands of customers who would not otherwise have had access to them. Among the dead are two 13-year-olds, Grant Seaver and Ryan Ainsworth, who died last fall in the wealthy resort town of Park City, Utah, after taking a synthetic opioid known as U-47700 or Pinky. The boys had received the powder from another local teenager, who bought the drugs on the dark web using Bitcoin, according to the Park City police chief.

Read more of this story at Slashdot.

Amazon Sues Former AWS VP Over Non-Compete Deal

Slashdot - Your Rights Online - Pn, 2017-06-12 18:00
Reader joshtops shares a report: Amazon.com is alleging that one of its former high-ranking executives violated a non-compete agreement when he accepted a job at Bellevue-based Smartsheet, GeekWire has learned. In a lawsuit filed Friday in King County Superior Court, Amazon alleges that Gene Farrell, who served as Vice President of the AWS Enterprise Applications -- EC2 Windows team, violated a non-compete agreement when he took the new job as head of product June 1 at the heavily-funded Bellevue online workplace collaboration platform. "This move is unthinkable," Amazon wrote in a motion for a temporary restraining order that would bar Farrell from working at Smartsheet. "he cannot possibly forget everything he knows about AWS's products and plans while he is working to develop products for its competitor." The suit also notes: "Farrell's role as "Head of Product" at Smartsheet will necessarily involve development of and strategy regarding competing cloud-based productivity products, including but not limited to those for project management, collaboration, and/or automation, and will therefore breach the Noncompetition Agreement and threaten the disclosure of Amazon's highly confidential information," Amazon wrote in its lawsuit.

Read more of this story at Slashdot.

Sharp To Americans: You Don't Want to Buy a Sharp-Brand TV

Slashdot - Your Rights Online - Pn, 2017-06-12 16:40
Sharp has sued China's Hisense Electric, which licensed the Sharp brand for televisions sold in the U.S., accusing Hisense of putting the Sharp name on poor-quality TVs and deceptively advertising them (alternative source). From a report: The court action is the latest effort by Osaka-based Sharp to retrieve the right to use its own name when selling TVs in one of the world's largest markets. Sharp is trying to recover its position as a global maker of consumer electronics. Hisense rejected the allegations and said it was selling high-quality televisions under the Sharp name. The dispute illustrates the risks when the owner of a well-known brand name gives up control over products sold under that name.

Read more of this story at Slashdot.

US Government Task Force Urges Cash Incentives For Ditching Insecure Medical Devices

Slashdot - Your Rights Online - N, 2017-06-11 23:34
chicksdaddy shares this report from The Security Ledger: The healthcare sector in the U.S. is in critical condition and in dire need of an overhaul to address widespread and systemic information security weakness that puts patient privacy and even safety at risk, a Congressional Task Force has concluded... On the controversial issue of medical device security, the report suggests that the Federal government and industry might use incentives akin to the "cash for clunkers" car buyback program to encourage healthcare organizations to jettison insecure, legacy medical equipment... The report released to members of both the U.S. Senate and House of Representatives on Friday concludes that the U.S. healthcare system is plagued by weaknesses, from the leadership and governance of information security within healthcare organizations, to the security of medical devices and medical laboratories to hiring and user awareness. Many of the risks directly affect patient safety, the group found. It comes amid growing threats to healthcare organizations, including a ransomware outbreak that affected scores of hospitals in the United Kingdom. Joshua Corman, the Director of the Cyber Statecraft Initiative at The Atlantic Council, argues that currently "Healthcare is target rich and resource poor," adding a special warning about the heavy usage of internet-connected healthcare equipment. "If you can't afford to protect it, you can't afford to connect it."

Read more of this story at Slashdot.

The US Can't Leave The Paris Climate Deal Until 2020

Slashdot - Your Rights Online - N, 2017-06-11 17:34
An anonymous reader quotes the New York Times: Last week, President Trump announced that the United States would withdraw from the Paris climate agreement. But it will take more than one speech to pull out: Under the rules of the deal, which the White House says it will follow, the earliest any country can leave is November 4, 2020. That means the United States will remain a party to the accord for nearly all of Mr. Trump's current term... Nov. 4, 2019 is the earliest date that the United States can submit a written notice to the United Nations that it is withdrawing from the Paris deal -- exactly three years after it came into force. As soon as that happens, the United States can leave the accord in exactly one year... If a new president enters the White House on Jan. 20, 2021, he or she could easily submit a written notice to the United Nations that the United States would like to rejoin the Paris accord. Within 30 days, the United States could re-enter the agreement and submit a new pledge for how the country plans to tackle climate change. The article also acknowledges "a growing coalition of states, cities and companies that are pledging to do as much as they can to meet the United States' climate goals on their own."

Read more of this story at Slashdot.

Delays In Unlocking Cellphones Seized In Inauguration Day Protests?

Slashdot - Your Rights Online - N, 2017-06-11 03:10
Cellphone data may play a key role in prosecuting people arrested at inauguration day protests, according to an article shared by Slashdot reader Mosquito Bites. A U.S. attorney acknowledged that "the government recovered cell phones from more than 100 indicted defendants and other un-indicted arrested" in a filing last March, adding "The government is in the process of extracting data from the Rioter Cell Phones pursuant to lawfully issued search warrants, and expects to be in a position to produce all of the data from the searchers Rioter Cell Phones in the next several weeks." But 11 weeks later, it's a different story. Prosecutors "have provided defense lawyers with access to hundreds of hours of video footage from January 20, but have yet to turn over data extracted from more than 100 cell phones seized during the arrests, according to lawyers who spoke with BuzzFeed News." In addition, they report that now more than half the 200-plus defendants "are vowing not to cooperate with prosecutors, even in the face of a new set of felony charges that carry stiff maximum prison sentences."

Read more of this story at Slashdot.

New iOS 11 Settings Will Stop Apps From Tracking Your Location

Slashdot - Your Rights Online - N, 2017-06-11 00:02
An anonymous reader quotes The Verge: Apple is giving users the option to enable much stricter location rules with iOS 11, according to MacRumors. The company began this effort last year by adding a new option to iOS 10 that grants apps access to your location only while they're actively being used. But this "while in use" setting is up to developers to actually enable. The vast majority of popular apps did integrate that new feature. Others, however -- Uber chief among them -- still force iPhone users to choose between always or never providing location data. The latter choice breaks the functionality of an app like Uber, leaving customers with really only one option. Apple seems poised to eliminate this false choice in iOS 11 by making the "while in use" restriction available for every app.

Read more of this story at Slashdot.

No, Your Phone Didn't Ring. So Why Voice Mail From a Telemarketer?

Slashdot - Your Rights Online - So, 2017-06-10 17:34
Slashdot reader midwestsilentone tipped us off to a growing problem. Lifehacker reports: New technology allows telemarketers to leave ringless voicemail messages, and it's a method that's gaining traction. While there are laws to regulate businesses when they call consumers, some groups argue that ringless voicemail shouldn't count. The New York Times reports,"ringless voicemail providers and pro-business groups...argue that these messages should not qualify as calls and, therefore, should be exempt from consumer protection laws that ban similar types of telephone marketing"... After receiving a petition from a ringless voicemail provider, the Federal Trade Commission has started to collect public comments on this issue. So what can you do about it? First, you can head here to leave your public comment and if you're getting these voicemails, you can file a complaint with the FCC here. Presumably that only applies if you're in the U.S. But I'd be curious to hear how many Slashdot readers have experienced this.

Read more of this story at Slashdot.

British PM Seeks Ban On Encryption After Terror Attack

Slashdot - Your Rights Online - So, 2017-06-10 16:30
"British Prime Minister Theresa May has used last Saturday's terrorist attack to again push for a ban on encryption," according to ITWire. Slashdot reader troublemaker_23 shared their article, which quotes this strong rebuttal from Cory Doctorow: Use deliberately compromised cryptography, that has a back door that only the "good guys" are supposed to have the keys to, and you have effectively no security. You might as well skywrite it as encrypt it with pre-broken, sabotaged encryption... Theresa May doesn't understand technology very well, so she doesn't actually know what she's asking for. For Theresa May's proposal to work, she will need to stop Britons from installing software that comes from software creators who are out of her jurisdiction... any politician caught spouting off about back doors is unfit for office anywhere but Hogwarts, which is also the only educational institution whose computer science department believes in 'golden keys' that only let the right sort of people break your encryption.

Read more of this story at Slashdot.

Researcher Wants To Protect Whistleblowers Against Hidden Printer Dots

Slashdot - Your Rights Online - So, 2017-06-10 15:00
An anonymous reader writes: "Gabor Szathmari, a security researcher for CryptoAUSTRALIA, is working on a method of improving the security of leaked documents by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers," reports Bleeping Computer. "Szathmari's work was inspired by the case of a 25-year-old woman, Reality Leigh Winner, who was recently charged with leaking top-secret NSA documents to a news outlet." According to several researchers, Winner might have been caught after The Intercept had shared some of the leaked documents with the NSA. These documents had the invisible markings left behind by laser printers, which included the printer's serial number and the date and time when the document was printed. This allowed the NSA to track down Winner and arrest her even before she was able to publish the leaked documents. Now, Szatmari has submitted a pull request to the PDF Redact Tools, a project for securely redacting and stripping metadata from documents before publishing. Szathmari's pull request adds a code routine to the PDF Redact Tools project that would allow app operators to convert documents to black and white before publishing. "The black and white conversion will convert colors like the faded yellow dots to white," Szathmari said in an interview. Ironically, the project is managed by First Look Media, the parent company behind The Intercept news outlet.

Read more of this story at Slashdot.

Pirate Bay Founder: We've Lost the Internet, It's All About Damage Control Now

Slashdot - Your Rights Online - So, 2017-06-10 05:30
Mar Masson Maack reports via The Next Web: At its inception, the internet was a beautifully idealistic and equal place. But the world sucks and we've continuously made it more and more centralized, taking power away from users and handing it over to big companies. And the worst thing is that we can't fix it -- we can only make it slightly less awful. That was pretty much the core of Pirate Bay's co-founder, Peter Sunde's talk at tech festival Brain Bar Budapest. TNW sat down with the pessimistic activist and controversial figure to discuss how screwed we actually are when it comes to decentralizing the internet. In Sunde's opinion, people focus too much on what might happen, instead of what is happening. He often gets questions about how a digitally bleak future could look like, but the truth is that we're living it: "Everything has gone wrong. That's the thing, it's not about what will happen in the future it's about what's going on right now. We've centralized all of our data to a guy called Mark Zuckerberg, who's basically the biggest dictator in the world as he wasn't elected by anyone. Trump is basically in control over this data that Zuckerberg has, so I think we're already there. Everything that could go wrong has gone wrong and I don't think there's a way for us to stop it." One of the most important things to realize is that the problem isn't a technological one. "The internet was made to be decentralized," says Sunde, "but we keep centralizing everything on top of the internet."

Read more of this story at Slashdot.

Prosectors Say the Kansas Shooting of Garmin Engineers Was a Hate Crime

Slashdot - Your Rights Online - So, 2017-06-10 00:00
An anonymous reader quotes a report from The Verge: Federal prosecutors have filed a hate crime charge against 51-year-old Kansas resident Adam Purinton, according to the Department of Justice. Purinton, who is accused of shooting three people in an Olathe bar, reportedly told a local Garmin engineer to "get out of my country" before opening fire. Purinton is currently being held on first-degree murder charges filed by local prosecutors. Today's indictment accuses Purinton of committing murder "because of Kuchibhotla's actual and perceived race, color, religion and national origin," with additional charges for the attempted murder of Madasani and violations of federal firearm statutes. The Justice Department declined to say whether it will pursue the death penalty, although it is authorized by the hate crime statute.

Read more of this story at Slashdot.

Intel: Steer Clear Of Our Patents

Slashdot - Your Rights Online - Pt, 2017-06-09 18:40
An anonymous reader writes: Intel posted a long blog post yesterday touting the success and evolution of its 40-year-old x86 microprocessor -- the one that powered the first IBM personal computer in 1978 and still powers the majority of PCs and laptops. But it wasn't just a stroll down memory lane. Intel ended the post with a reminder that it won't tolerate infringement on its portfolio of patents, including those surrounding x86. The company wrote, "Intel invests enormous resources to advance its dynamic x86 ISA, and therefore Intel must protect these investments with a strong patent portfolio and other intellectual property rights. [...] Intel carefully protects its x86 innovations, and we do not widely license others to use them. Over the past 30 years, Intel has vigilantly enforced its intellectual property rights against infringement by third-party microprocessors. [...] Only time will tell if new attempts to emulate Intel's x86 ISA will meet a different fate. Intel welcomes lawful competition, and we are confident that Intel's microprocessors, which have been specifically optimized to implement Intel's x86 ISA for almost four decades, will deliver amazing experiences, consistency across applications, and a full breadth of consumer offerings, full manageability and IT integration for the enterprise. However, we do not welcome unlawful infringement of our patents, and we fully expect other companies to continue to respect Intel's intellectual property rights. Also read: Intel Fires Warning Shot At Qualcomm and Microsoft Over Windows 10 ARM Emulation.

Read more of this story at Slashdot.

CEO of Defunct Silicon Valley Startup Indicted For Allegedly Tricking Employees Into Working For Free

Slashdot - Your Rights Online - Pt, 2017-06-09 17:21
The founder and CEO of a shuttered Silicon Valley startup has been indicted for tricking employees into working without pay and for lying about his credentials and financing. From a report: In an indictment unsealed this week, Isaac Choi, founder and CEO of failed Silicon Valley job search startup WrkRiot, was charged with five counts of wire fraud for allegedly defrauding former employees. Problems at the upstart surfaced in August when Penny Kim, former head of marketing for the company, published an account of her experience at an unnamed biz. She said the unspecified outfit failed to pay her and forged wire transfer confirmations to make it appear it had transferred owed funds. After it emerged that Kim was talking about WrkRiot, the company threatened legal action. By the end of August, when former CTO Al Brown acknowledged being the person referred to as "Charlie" in Kim's post and corroborated her claims, WrkRiot had shut down its website and Facebook page.

Read more of this story at Slashdot.

AT&T Uses Forced Arbitration To Overcharge Customers, Senators Say

Slashdot - Your Rights Online - Pt, 2017-06-09 15:00
An anonymous reader quotes a report from Ars Technica: Five Democratic US senators allege that AT&T's use of forced arbitration clauses has helped the company charge higher prices than the ones it advertises to customers. The senators pointed to a CBS News investigation that described "more than 4,000 complaints against AT&T and [subsidiary] DirecTV related to deals, promotions and overcharging in the past two years." But customers have little recourse because they are forced to settle disputes with AT&T in arbitration, according to Sen. Al Franken (D-Minn.), Richard Blumenthal (D-Conn.), Ron Wyden (D-Ore.), Patrick Leahy (D-Vt.), and Edward Markey (D-Mass.). "Forced arbitration provisions in telecommunications contracts erode Americans' ability to seek justice in the courts by forcing them into a privatized system that is inherently biased in favor of providers and which offers virtually no way to challenge a biased outcome," the senators wrote in a letter yesterday to AT&T CEO Randall Stephenson. "Forced arbitration requires consumers to sign away their constitutional right to hold providers accountable in court just to access modern-day essentials like mobile phone, Internet, and pay-TV services." Forced arbitration provisions such as AT&T's also "include a class action waiver; language which strips consumers of the right to band together with other consumers to challenge a provider's widespread wrongdoing," they wrote.

Read more of this story at Slashdot.

Theresa May Loses Overall Majority In UK Parliament

Slashdot - Your Rights Online - Pt, 2017-06-09 08:15
Prime Minister Theresa May of Britain has lost her overall majority in Parliament on Thursday, plunging Britain into a period of renewed political chaos less than two weeks before it is scheduled to begin negotiations over withdrawing from the European Union. While May's Conservative party won the most seats, the party didn't win enough to govern without the support of minority parties. CNN reports: It was devastating result for May, who had called the election three years earlier than required by law, convinced by opinion polls that placed her far ahead of opposition Labour Party leader Jeremy Corbyn. The result also plunges Britain into a period of renewed political chaos, with Brexit talks likely to be delayed and May's personal authority shredded. There was already talk in Conservative circles that she might have to resign, less than a year after taking over from David Cameron, who resigned following the Brexit referendum. The pound fell on currency markets in the wake of the results. After the result was declared in her constituency of Maidenhead, May gave a faltering speech. "At this time more than anything else, this country needs a period of stability," she said, suggesting she would attempt to form a government even if her party loses its majority. Corbyn said the early results showed May had lost her mandate and called for her to resign. Further reading: New York Times

Read more of this story at Slashdot.