aggregator

Call of Duty Gaming Community Points To 'Swatting' In Wichita Police Shooting

Slashdot - Your Rights Online - So, 2017-12-30 15:00
schwit1 shares a report from The Daily Dot: A man was killed by police Thursday night in Wichita, Kansas, when officers responded to a false report of a hostage situation. The online gaming community is saying the dead man was the victim of a swatting prank, where trolls call in a fake emergency and force SWAT teams to descend on a target's house. If that's true, this would be the first reported swatting-related death. Wichita deputy police chief Troy Livingston told the Wichita Eagle that police were responding to a report that a man fighting with his parents had accidentally shot his dad in the head and was holding his mom, brother and sister hostage. When police arrived, "A male came to the front door," Livingston told the Eagle. "As he came to the front door, one of our officers discharged his weapon." The man at the door was identified by the Eagle as 28-year-old Andrew Finch. Finch's mother told reporters "he was not a gamer," but the online Call of Duty community claims his death was the result of a gamer feud which Finch may not have even been a part of. UPDATE: The New York Daily News reports police in Los Angeles have now arrested 25-year-old gamer Tyler Barriss, who the paper describes as "an alleged serial 'prankster'..." "Barriss gave cops Finch's address, mistakenly believing it belonged to a person he had feuded with over a $1 or $2 Call of Duty wager."

Read more of this story at Slashdot.

Kodi Media Player Arrives On the Xbox One

Slashdot - Your Rights Online - So, 2017-12-30 12:00
The Kodi media player is now available to download on your Xbox One, making it one of the best Xbox One exclusives of the year. The Verge reports: Kodi is a very capable player that's highly expandable thanks to third-party add-ons like live TV and DVR services -- something Microsoft isn't going to provide. But Kodi is perhaps best known as the go to app for piracy due to a wide variety of plugins that let you illegally stream television shows, professional sports, and films from the comfort of your living room. This has led to a cottage industry of so-called "Kodi boxes," often built around cheap HDMI dongles like Amazon's Fire TV sticks. While the XBMC Foundation has attempted to distance itself from the illegal third-party plugins, it's also benefited from the exposure. In a blog post, Kodi warns that the Xbox One download isn't finished and may contain missing features and bugs. Fun fact: Kodi began life fifteen years ago as the XBMP (Xbox Media Player). The only way to get the open-source player running on an original Xbox was to hack the console. XBMP eventually evolved into XBMC (Xbox Media Center), which then became Kodi.

Read more of this story at Slashdot.

Facebook's Uneven Enforcement of Hate Speech Rules Allows Vile Posts To Stay Up

Slashdot - Your Rights Online - So, 2017-12-30 02:45
ProPublica has found inconsistent rulings on hate speech after analyzing more than 900 Facebook posts submitted to them as part of a crowd-sourced investigation into how the world's largest social network implements its hate-speech rules. "Based on this small fraction of Facebook posts, its content reviewers often make different calls on items with similar content, and don't always abide by the company's complex guidelines," reports ProPublica. "Even when they do follow the rules, racist or sexist language may survive scrutiny because it is not sufficiently derogatory or violent to meet Facebook's definition of hate speech." From the report: We asked Facebook to explain its decisions on a sample of 49 items, sent in by people who maintained that content reviewers had erred, mostly by leaving hate speech up, or in a few instances by deleting legitimate expression. In 22 cases, Facebook said its reviewers had made a mistake. In 19, it defended the rulings. In six cases, Facebook said the content did violate its rules but its reviewers had not actually judged it one way or the other because users had not flagged it correctly, or the author had deleted it. In the other two cases, it said it didn't have enough information to respond. "We're sorry for the mistakes we have made -- they do not reflect the community we want to help build," Facebook Vice President Justin Osofsky said in a statement. "We must do better." He said Facebook will double the size of its safety and security team, which includes content reviewers and other employees, to 20,000 people in 2018, in an effort to enforce its rules better. He added that Facebook deletes about 66,000 posts reported as hate speech each week, but that not everything offensive qualifies as hate speech. "Our policies allow content that may be controversial and at times even distasteful, but it does not cross the line into hate speech," he said. "This may include criticism of public figures, religions, professions, and political ideologies."

Read more of this story at Slashdot.

300,000 Users Exposed In Ancestry.com Data Leak

Slashdot - Your Rights Online - So, 2017-12-30 02:03
Dangerous_Minds shares a report from ThreatPost: Ancestry.com said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet. In a statement issued over the weekend, Chief Information Security Officer of Ancestry.com Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server. On Wednesday, Ancestry.com told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb's infrastructure, and is not linked to Ancestry.com's site and services. Ancestry.com said RootsWeb has "millions" of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards. The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server. "Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers," Blackham wrote.

Read more of this story at Slashdot.

That Game on Your Phone May Be Tracking What You're Watching on TV

Slashdot - Your Rights Online - Pt, 2017-12-29 19:20
Rick Zeman writes: The New York Times (may be paywalled) has an article describing how some apps track TV and movie viewing even when the loaded app isn't currently active. These seemingly innocuous games, geared towards both adults and children work by "using a smartphone's microphone. For instance, Alphonso's software can detail what people watch by identifying audio signals in TV ads and shows, sometimes even matching that information with the places people visit and the movies they see. The information can then be used to target ads more precisely...." While these apps, mostly available on Google play, with some available on the Apple Store, do offer an opt opt, it's not clear when consumers see "permission for microphone access for ads," it may not be clear to a user that, "Oh, this means it's going to be listening to what I do all the time to see if I'm watching 'Monday Night Football."'One advertising executive summarizes thusly: "It's not what's legal. It is what's not creepy."

Read more of this story at Slashdot.

Two Romanians Charged With Hacking Washington DC Police Surveillance Cameras Days Before Trump's Inauguration

Slashdot - Your Rights Online - Pt, 2017-12-29 16:40
US prosecutors have charged two Romanians with hacking Washington DC police computers linked to surveillance cameras just days before President Donald Trump's inauguration. From a report on BBC: The pair are being held in Romania, having been arrested at Bucharest Otopeni airport on 15 December. Mihai Alexandru Isvanca, 25, and Eveline Cismaru, 28, allegedly accessed 123 outdoor surveillance cameras as part of a suspected ransomware scheme. Mr Trump was sworn in on 20 January. The US Department of Justice said the case was "of the highest priority" because of the security surrounding the presidential inauguration. The perpetrators intended to use the camera computers to send ransomware to more than 179,600 email addresses and extort money from victims, the justice department said in a statement.

Read more of this story at Slashdot.

Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner

Slashdot - Your Rights Online - Pt, 2017-12-29 16:00
Catalin Cimpanu, reporting for BleepingComputer: A Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks. The extension does not ask for user permission before hijacking their CPUs to mine Monero all the time the Chrome browser is open. Named "Archive Poster," the extension is advertised as a mod for Tumblr that allows users an easier way to "reblog, queue, draft, and like posts right from another blog's archive." According to users reviews, around the start of December the extension has incorporated the infamous Coinhive in-browser miner in its source code.

Read more of this story at Slashdot.

A Manager of the Exmo Bitcoin Exchange Has Been Kidnapped In Ukraine

Slashdot - Your Rights Online - Pt, 2017-12-29 12:00
CaptainDork shares a report from BBC: A manager of the Exmo Bitcoin exchange has been kidnapped in Ukraine. According to Russian and Ukrainian media reports Pavel Lerner, 40, was kidnapped while leaving his office in Kiev's Obolon district on December 26th. The reports said he was dragged into a black Mercedes-Benz by men wearing balaclavas. Police in Kiev confirmed to the BBC that a man had been kidnapped on the day in question, but would not confirm his identity. A spokeswoman said that the matter was currently under investigation, and that more information would be made public later on. Mr Lerner is a prominent Russian blockchain expert and the news of his kidnapping has stunned many in the international cryptocurrency community.

Read more of this story at Slashdot.

Windows 10 Visits To US Government Sites Surpass Windows 7 For the First Time

Slashdot - Your Rights Online - Pt, 2017-12-29 03:00
In what may be a signal of changing attitudes for Windows 10, visits to U.S. government sites via Windows 10 have surpassed Windows 7 for the first time. On MSFT reports: This United States government website reports that of the 2.54 billion visits to U.S. Government websites over the past 90 days, 20.9% came from Windows 10, and 20.7% from Windows 7. Interestingly, Windows 8.1 came in at 2.7%, Windows 8 .05%, and other OS 0.8%. The numbers are a bit niche and could be just from a holiday bump based on the sites 90-day average, but they still do give a solid number comparison for the state of various OS and browser stats. When it comes to browser share, Edge was not popularly used to visit U.S. Government websites. Chrome was on top with 44.4%, Followed up Safari with 27.6%, Internet Explorer at 12.3%, and then Firefox at 5.9% and Edge at 3.9%. Though all these government percentages may be bleak for Microsoft, the latest AdDuplex December report also shows strong adoption for Windows 10 Fall Creators Update, so things can only go up from Microsoft from here on out.

Read more of this story at Slashdot.

Italian Clothing Company Defeats Apple, Wins the Right To Use Steve Jobs' Name

Slashdot - Your Rights Online - Pt, 2017-12-29 02:20
An Italian clothing company that uses the name "Steve Jobs" as its brand will be able to continue using the moniker after winning a multi-year legal battle, reports Italian site la Repubblica Napoli. Mac Rumors reports: Brothers Vincenzo and Giacomo Barbato named their clothing brand "Steve Jobs" in 2012 after learning that Apple had not trademarked his name. "We did our market research and we noticed that Apple, one of the best known companies in the world, never thought about registering its founder's brand, so we decided to do it," the two told la Repubblica Napoli. The Barbatos designed a logo that resembles Apple's own, choosing the letter "J" with a bite taken out of the side. Apple, of course, sued the two brothers for using Jobs' name and a logo that mimics the Apple logo. In 2014, the European Union's Intellectual Property Office ruled in favor of the Barbatos and rejected Apple's trademark opposition. While the outcome of the legal battle was decided in 2014, Vincenzo and Giacomo Barbato have been unable to discuss the case until now, as their claim on the brand was not settled until 2017. The two told la Repubblica Napoli that Apple went after the logo, something that may have been a mistake. The Intellectual Property Office decided that the "J" logo that appears bitten was not infringing on Apple's own designs as a letter is not edible and thus the cutout in the letter cannot be perceived as a bite. The report goes on to note that the company plans to produce electronic devices under the Steve Jobs brand.

Read more of this story at Slashdot.

People Who Know How the News Is Made Resist Conspiratorial Thinking

Slashdot - Your Rights Online - Cz, 2017-12-28 23:00
An anonymous reader quotes a report from Ars Technica: Conspiracy theories, like the world being flat or the Moon landings faked, have proven notoriously difficult to stomp out. Add a partisan twist to the issue, and the challenge becomes even harder. Even near the end of his second term, barely a quarter of Republicans were willing to state that President Obama was born in the U.S. If we're seeking to have an informed electorate, then this poses a bit of a problem. But a recent study suggests a very simple solution helps limit the appeal of conspiracy theories: news media literacy. This isn't knowledge of the news, per se, but knowledge of the companies and processes that help create the news. While the study doesn't identify how the two are connected, its authors suggest that an understanding of the media landscape helps foster a healthy skepticism. [...] "Despite popular conceptions," the authors point out, "[conspiratorial thinking] is not the sole province of the proverbial nut-job." When mixed in with the sort of motivated reasoning that ideology can, well, motivate, crazed ideas can become relatively mainstream. Witness the number of polls that indicated the majority of Republicans thought Obama wasn't born in the U.S., even after he shared his birth certificate. While something that induces a healthy skepticism of information sources might be expected to help with this, it's certainly not guaranteed, as motivated reasoning has been shown to be capable of overriding education and knowledge on relevant topics. [...] As a whole, the expected connection held up: "for both conservatives and liberals, more knowledge of the news media system related to decreased endorsement of liberal conspiracies." And, conversely, the people who did agree with conspiracy theories tended to know very little about how the news media operated.

Read more of this story at Slashdot.

Web Trackers Exploit Flaw In Browser Login Managers To Steal Usernames

Slashdot - Your Rights Online - Cz, 2017-12-28 12:00
An anonymous reader writes: Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain. This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers. Experts say that web trackers can embed hidden login forms on sites where the tracking scripts are loaded. Because of the way the login managers work, the browser will fill these fields with the user's login information, such as username and passwords. The trick is an old one, known for more than a decade but until now it's only been used by hackers trying to collect login information during XSS (cross-site scripting) attacks. Princeton researchers say they recently found two web tracking services that utilize hidden login forms to collect login information. The two services are Adthink (audienceinsights.net) and OnAudience (behavioralengine.com), and Princeton researchers said they identified scripts from these two that collected login info on 1,110 sites found on the Alexa Top 1 Million sites list. A demo page has been created to show how the tracking works.

Read more of this story at Slashdot.

FBI Software For Analyzing Fingerprints Contains Russian-Made Code, Whistleblowers Say

Slashdot - Your Rights Online - Cz, 2017-12-28 05:30
schwit1 shares an exclusive report via BuzzFeed: The fingerprint-analysis software used by the FBI and more than 18,000 other U.S. law enforcement agencies contains code created by a Russian firm with close ties to the Kremlin, according to documents and two whistleblowers. The allegations raise concerns that Russian hackers could gain backdoor access to sensitive biometric information on millions of Americans, or even compromise wider national security and law enforcement computer systems. The Russian code was inserted into the fingerprint-analysis software by a French company, said the two whistleblowers, who are former employees of that company. The firm -- then a subsidiary of the massive Paris-based conglomerate Safran -- deliberately concealed from the FBI the fact that it had purchased the Russian code in a secret deal, they said. The Russian company whose code ended up in the FBI's fingerprint-analysis software has Kremlin connections that should raise similar national security concerns, said the whistleblowers, both French nationals who worked in Russia. The Russian company, Papillon AO, boasts in its own publications about its close cooperation with various Russian ministries as well as the Federal Security Service -- the intelligence agency known as the FSB that is a successor of the Soviet-era KGB and has been implicated in other hacks of U.S. targets. Cybersecurity experts said the danger of using the Russian-made code couldn't be assessed without examining the code itself. But "the fact that there were connections to the FSB would make me nervous to use this software," said Tim Evans, who worked as director of operational policy for the National Security Agency's elite cyberintelligence unit known as Tailored Access Operations and now helps run the cybersecurity firm Adlumin. The FBI's overhaul of its fingerprint-recognition technology, unveiled in 2011, was part of a larger initiative known as Next Generation Identification to expand the bureau's use of biometrics, including face- and iris-recognition technology. The TSA also relies on the FBI fingerprint database.

Read more of this story at Slashdot.

Empirical Research Reveals Three Big Problems With How Patents Are Vetted

Slashdot - Your Rights Online - Cz, 2017-12-28 03:30
An anonymous reader quotes a report from Ars Technica: If you've read our coverage of the Electronic Frontier Foundation's "Stupid Patent of the Month" series, you know America has a patent quality problem. People apply for patents on ideas that are obvious, vague, or were invented years earlier. Too often, applications get approved and low-quality patents fall into the hands of patent trolls, creating headaches for real innovators. Why don't more low-quality patents get rejected? A recent paper published by the Brookings Institution offers fascinating insights into this question. Written by legal scholars Michael Frakes and Melissa Wasserman, the paper identifies three ways the patent process encourages approval of low-quality patents: -The United States Patent and Trademark Office (USPTO) is funded by fees -- and the agency gets more fees if it approves an application. -Unlimited opportunities to refile rejected applications means sometimes granting a patent is the only way to get rid of a persistent applicant. -Patent examiners are given less time to review patent applications as they gain seniority, leading to less thorough reviews. None of these observations is entirely new. But what sets Frakes and Wasserman's work apart is that they have convincing empirical evidence for all three theories. They have data showing that these features of the patent system systematically bias it in the direction of granting more patents. Which means that if we reformed the patent process in the ways they advocate, we'd likely wind up with fewer bogus patents floating around.

Read more of this story at Slashdot.

Some Sonos and Bose Speakers Are Being Hijacked To Play Ghostly Sounds

Slashdot - Your Rights Online - Cz, 2017-12-28 01:30
An anonymous reader quotes a report from The Verge: Researchers at Trend Micro have found that certain models of Sonos and Bose speakers have vulnerabilities that leave them open to hijacking, as reported by Wired. The accessible speakers are being exploited by hackers that are using them to play spooky sounds, Alexa commands, and Rick Astley tracks. Only a small percentage of speakers by the two companies are actually affected, including some of the Sonos Play:1, the Sonos One, and the Bose SoundTouch. All it takes is for the speaker to be connected to a misconfigured network and a simple internet scan. Once the speaker is discovered via the scan, the API it uses to talk to apps can be utilized to tell the speakers to play any audio file hosted at a specific URL. Of all the models, between 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices were found by Trend Micro to be open to audio hacking.

Read more of this story at Slashdot.

Russia Is Accusing the US of 'Direct Interference' In Its Elections

Slashdot - Your Rights Online - Cz, 2017-12-28 00:50
schwit1 shares a report from Business Insider (alternative source): Russian Foreign Ministry spokeswoman Maria Zakharova on Tuesday accused the U.S. of a "direct interference in our electoral process and internal affairs" following the State Department's criticism of Russia's decision to bar opposition leader Alexey Navalny from running in the upcoming presidential election against Vladimir Putin. "This State Department statement, which I'm sure will be repeated, is a direct interference in our electoral process and internal affairs," Zakharova wrote Tuesday on Facebook. In a statement shared with Business Insider on Tuesday night, a State Department spokesperson expressed concern over the Russian government's "ongoing crackdown against independent voices, from journalists to civil society activists and opposition politicians." "These actions indicate the Russian government has failed to protect space in Russia for the exercise of human rights and fundamental freedoms," the statement said. "More broadly, we urge the government of Russia to hold genuine elections that are transparent, fair, and free and that guarantee the free expression of the will of the people, consistent with its international human rights obligations." Zakharova pushed back. "And these people expressed outrage over alleged Russian 'interference' in their electoral process for an entire year?!" she said. "Pointing out that the Kremlin is interfering in its own election is not interference," adds schwit1.

Read more of this story at Slashdot.

Piracy Notices Can Mess With Your Thermostat, ISP Warns

Slashdot - Your Rights Online - Śr, 2017-12-27 19:22
U.S. Internet provider Armstrong has warned persistent pirates on its network of limiting their access to the thermostats if they didn't play by its rules. From a report: Our attention was caught by a recent letter the company sent to one of its users. The ISP points out that it received multiple copyright infringement notices, urging the customer to stop, or else. [...] While reduced Internet speeds are bad enough, there's another scary prospect. The reduced service level may also prevent subscribers from controlling their thermostat remotely. Not ideal during the winter. "Please be advised that this may affect other services which you may have connected to your internet service, such as the ability to control your thermostat remotely or video monitoring services." Accused pirates who want their full service restored, and regain control over their thermostats, have to answer some copyright questions and read an educational piece about copyright infringement.

Read more of this story at Slashdot.

Vietnam Deploys 10,000 Cyber Warriors to Fight 'Wrongful Views'

Slashdot - Your Rights Online - Śr, 2017-12-27 18:44
Vietnam is deploying a 10,000-member military cyber warfare unit to combat what the government sees as a growing threat of "wrongful views" proliferating on the internet, Bloomberg reported on Wednesday, citing local media reports. From the report: Force 47 has worked pro-actively against distorted information, Tuoi Tre newspaper reported, citing Nguyen Trong Nghia, deputy head of the general politics department under the Vietnam People's Military. The disclosure of the unit comes as the Communist government pressures YouTube and Facebook to remove videos and accounts seen damaging the reputations of leaders or promoting anti-party views. Facebook this year removed 159 accounts at Vietnam's behest, while YouTube took down 4,500 videos, or 90 percent of what the government requested, according to VietnamNet news, which cited Minister of Information and Communications Truong Minh Tuan last week. The National Assembly is debating a cybersecurity bill that would require technology companies to store certain data on servers in the country.

Read more of this story at Slashdot.

Beware: 'Digmine' Cryptocurrency Bot Is Spreading Via Facebook Messenger

Slashdot - Your Rights Online - Śr, 2017-12-27 02:03
Cybersecurity firm Trend Micro has discovered a cryptocurrency bot that is being spread through Facebook Messenger. The bot, dubbed Digmine, was discovered in South Korea and has since been found in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. TechSpot explains: Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension. Extensions can only be downloaded from the Chrome Web Store, but this is bypassed using the command line. Once the malware infects a system, a modified version of XMRig -- a Monero mining tool -- is installed. This mines the cryptocurrency in the background using a victim's CPU, sending all profits back to the hackers. Additionally, the Chrome extension is also used to spread Digmine. If someone has their Facebook account set to log in automatically, the fake video file link will be sent to all their friends via Messenger. The malware could also be used to take over a Facebook account entirely. The good news is that Digmine only works through the Chrome desktop version of Messenger. Right now, opening the malicious file via the Facebook/Messenger app or mobile webpage won't have the same effect. After Trend Micro revealed its findings, Facebook said it had taken down any links connected to Digmine.

Read more of this story at Slashdot.

The Library of Congress Will Stop Archiving Every Public Tweet On January 1st

Slashdot - Your Rights Online - Wt, 2017-12-26 22:45
An anonymous reader quotes a report from Gizmodo: In 2010, the Library of Congress started archiving every single public tweet that was published on Twitter. It even retroactively acquired all tweets dating back to 2006. But the Library of Congress will stop archiving every tweet on December 31, 2017. The Library of Congress issued a white paper this month saying that it was proud of its comprehensive collection of tweets from the first 12 years of Twitter, but that it's completely unnecessary for it to continue. Instead, the organization will only collect tweets that it deems historically significant. For instance, President Trump's tweets are almost certainly still going to be saved for future generations. One reason that the Library is stopping the comprehensive archive? The social media company's controversial change to allow 280 character tweets. The Library's halt on collection of all tweets puts Twitter more in line with the way that other digital collections are archived, including websites. The Library of Congress only archives websites on a selective basis, unlike the nonprofit, non-governmental organization the Internet Archive, which has a much broader goal of archiving everything online with its Wayback Machine. The Library of Congress also noted that many tweets include photos and video and that it has only been collecting text, making some of its collection worthless.

Read more of this story at Slashdot.