aggregator

US Set To Give Huawei Another 90 Days To Buy From American Suppliers

Slashdot - Your Rights Online - So, 2019-08-17 15:00
An anonymous reader quotes a report from Reuters: The U.S. Commerce Department is expected to extend a reprieve given to Huawei Technologies that permits the Chinese firm to buy supplies from U.S. companies so that it can service existing customers, two sources familiar with the situation said. The "temporary general license" will be extended for Huawei for 90 days, the sources said. Commerce initially allowed Huawei to purchase some American-made goods in May shortly after blacklisting the company in a move aimed at minimizing disruption for its customers, many of which operate networks in rural America. An extension will renew an agreement set to lapse on August 19, continuing the Chinese company's ability to maintain existing telecommunications networks and provide software updates to Huawei handsets. The situation surrounding the license, which has become a key bargaining chip for the United States in its trade negotiations with China, remains fluid and the decision to continue the Huawei reprieve could change ahead of the Monday deadline, the sources said.

Read more of this story at Slashdot.

Huge Survey of Firmware Finds No Security Gains In 15 Years

Slashdot - Your Rights Online - So, 2019-08-17 01:20
A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and other major vendors. The Security Ledger reports: "Nobody is trying," said Sarah Zatko, the Chief Scientist at the Cyber Independent Testing Lab (CITL), a non-profit organization that conducts independent tests of software security. "We found no consistency in a vendor or product line doing better or showing improvement. There was no evidence that anybody is making a concerted effort to address the safety hygiene of their products," she said. The CITL study surveyed firmware from 18 vendors including ASUS, D-link, Linksys, NETGEAR, Ubiquiti and others. In all, more than 6,000 firmware versions were analyzed, totaling close to 3 million binaries created from 2003 to 2018. It is the first longitudinal study of IoT software safety, according to Zatko. CITL researchers studied publicly available firmware images and evaluated them for the presence of standard security features such as the use of non-executable stacks, Address Space Layout Randomization (ASLR) and stack guards, which prevent buffer overflow attacks. The results were not encouraging. Time and again, firmware from commonly used manufacturers failed to implement basic security features even when researchers studied the most recent versions of the firmware. For example: firmware for the ASUS RT-AC55U wifi router did not employ ASLR or stack guards to protect against buffer overflow attacks. Nor did it employ a non-executable stack to protect against "stack smashing," another variety of overflow attack. CITL found the same was true of firmware for Ubiquiti's UAP AC PRO wireless access points, as well as DLink's DWL-6600 access point. Router firmware by vendors like Linksys and NETGEAR performed only slightly better on CITL's assessment. CITL researchers also "found no clear progress in any protection category over time," reports The Security Ledger. "Researchers documented 299 positive changes in firmware security scores over the 15 years covered by the study... but 370 negative changes over the same period. Looking across its entire data set, in fact, firmware security actually appeared to get worse over time, not better." On the bright side, the survey found that almost all recent router firmware by Linksys and NETGEAR boasted non-executable stacks. "However, those same firmware binaries did not employ other common security features like ASLR or stack guards, or did so only rarely," says the report.

Read more of this story at Slashdot.

Judge Orders Georgia To Switch To Paper Ballots For 2020 Elections

Slashdot - Your Rights Online - So, 2019-08-17 00:00
An anonymous reader quotes a report from Ars Technica: Election security advocates scored a major victory on Thursday as a federal judge issued a 153-page ruling ordering Georgia officials to stop using its outdated electronic voting machines by the end of the year. The judge accepted the state's argument that it would be too disruptive to switch to paper ballots for municipal elections being held in November 2019. But she refused to extend that logic into 2020, concluding that the state had plenty of time to phase out its outdated touchscreen machines before then. The state of Georgia was already planning to phase out its ancient touchscreen electronic voting machines in favor of a new system based on ballot-marking machines. Georgia hopes to have the new machines in place in time for a presidential primary election in March 2020. In principle, that switch should address many of the critics' concerns. The danger, security advocates said, was that the schedule could slip and Georgia could then fall back on its old, insecure electronic machines in the March primary and possibly in the November 2020 general election as well. The new ruling by Judge Amy Totenberg slams the door shut on that possibility. If Georgia isn't able to switch to its new high-tech system, it will be required to fall back on a low-tech system of paper ballots rather than continue using the insecure and buggy machines it has used for well over a decade. Alex Halderman, a University of Michigan computer scientist who served as the plaintiffs' star witness in the case, hailed the judge's ruling. "The court's ruling recognizes that Georgia's voting machines are so insecure, they're unconstitutional," Halderman said in an email to Ars. "That's a huge win for election security that will reverberate across other states that have equally vulnerable systems."

Read more of this story at Slashdot.

Disney Fights Streaming Account Sharing With Help From Cable Industry

Slashdot - Your Rights Online - Pt, 2019-08-16 03:30
Disney and Charter Communications are teaming up to fight account sharing in an attempt to prevent multiple people from using a single account to access streaming video services. Ars Technica reports: The battle against account sharing was announced as Disney and the nation's second-biggest cable company struck a new distribution agreement involving Disney's Hulu, ESPN+, and the forthcoming Disney+. Customers could still buy those online services directly from Disney, but the new deal would also let them make those purchases through Charter's Spectrum TV service. If you buy a Disney service through Charter, be aware that the companies will work together to prevent you from sharing a login with friends. Disney and Charter said in their announcement yesterday that they have "agreed to work together on piracy mitigation. The two companies will work together to implement business rules and techniques to address such issues as unauthorized access and password sharing." The crackdown could target people who use Charter TV account logins to sign into Disney services online. Charter CEO Tom Rutledge has complained about account sharing several times over the past few years while criticizing TV networks for not fully locking down their content. "There's lots of extra streams, there's lots of extra passwords, there's lots of people who could get free service," Rutledge said at an industry conference in 2017. He argues that password sharing has helped people avoid buying cable TV. ESPN has also complained about account sharing, calling it piracy. Another possibility is that Charter could monitor usage of its broadband network to help Disney fight account sharing. For example, Disney could track the IP addresses of users signing in to its services, and Charter could match those IP addresses to those of its broadband customers.

Read more of this story at Slashdot.

LGBT Video-Makers Sue YouTube Claiming Discrimination

Slashdot - Your Rights Online - Pt, 2019-08-16 01:30
AmiMoJo shares a report from the BBC: A group of YouTube video-makers is suing it and parent company Google, claiming both discriminate against LGBT-themed videos and their creators. The group claims YouTube restricts advertising on LGBT videos and limits their reach and discoverability. But YouTube said sexual orientation and gender identity played no role in deciding whether videos could earn ad revenue or appear in search results. A group is hoping a jury will hear its case in California. The legal action makes a wide range of claims, including that YouTube: - Removes advertising from videos featuring "trigger words" such as "gay" or "lesbian" - Often labels LGBT-themed videos as "sensitive" or "mature" and restricts them from appearing in search results or recommendations - Does not do enough to filter harassment and hate speech in the comments section "Our policies have no notion of sexual orientation or gender identity and our systems do not restrict or demonetize videos based on these factors or the inclusion of terms like 'gay' or 'transgender,'" spokesman Alex Joseph said. "In addition, we have strong policies prohibiting hate speech and we quickly remove content that violates our policies and terminate accounts that do so repeatedly."

Read more of this story at Slashdot.

India Shut Down Kashmir's Internet Access

Slashdot - Your Rights Online - Pt, 2019-08-16 00:10
An anonymous reader quotes a report from The New York Times: Masroor Nazir, a pharmacist in Kashmir's biggest city, Srinagar, has some advice for people in the region: Do not get sick, because he may not have any medicine left to help. "We used the internet for everything," said Mr. Nazir, 28, whose pharmacy is near the city's famed clock tower. He said he normally went online to order new drugs and to fulfill requests from other pharmacies in more rural parts of Kashmir Valley. But now, "we cannot do anything." As the Indian government's shutdown of internet and phone service in the contested region enters its 11th day, Kashmir has become paralyzed. Shopkeepers said that vital supplies like insulin and baby food, which they typically ordered online, were running out. Cash was scarce, as metal shutters covered the doors and windows of banks and A.T.M.s, which relied on the internet for every transaction. Doctors said they could not communicate with their patients. Only a few government locations with landlines have been available for the public to make phone calls, with long waits to get a few minutes of access. The information blockade was an integral part of India's unilateral decision last week to wipe out the autonomy of Jammu and Kashmir, an area of 12.5 million people that is claimed by both India and Pakistan and has long been a source of tension. That has brought everyday transactions, family communications, online entertainment and the flow of money and information to a halt.According to Access Now, a global digital rights group, India is the world leader in shutting down the internet. The country has blocked the internet 134 times, compared with 12 shutdowns in Pakistan, the No. 2 country. "Shutting down the internet has become the first go-to the moment the police think there will be any kind of disturbance," said Mishi Choudhary, founder of SFLC.in, a legal advocacy group in New Delhi that has tracked the sharp rise in web shutdowns in India since 2012.

Read more of this story at Slashdot.

Unique Kaspersky AV User ID Allowed 3rd-Party Web Tracking

Slashdot - Your Rights Online - Cz, 2019-08-15 21:30
Kaspersky antivirus solutions injected in the web pages visited by its users an identification number unique for each system. This started in late 2015 and could be used to track a user's browsing interests. From a report: Versions of the antivirus product, paid and free, up to 2019, displayed this behavior that allows tracking regardless of the web browser used, even when users started private sessions. Signaled by c't magazine editor Ronald Eikenberg, the problem was that a JavaScript from a Kaspersky server loaded from an address that included a unique ID for every user. Scripts on a website can read the HTML source and glean the Kaspersky identifier, which Eikenberg determined to remain unchanged on the system.

Read more of this story at Slashdot.

Trump Administration Asks Congress To Reauthorize NSA's Deactivated Call Records Program

Slashdot - Your Rights Online - Cz, 2019-08-15 20:10
Breaking a long silence about a high-profile National Security Agency program that sifts records of Americans' telephone calls and text messages in search of terrorists, the Trump administration on Thursday acknowledged for the first time that the system has been indefinitely shut down -- but asked Congress to extend its legal basis anyway. From a report: In a letter to Congress delivered on Thursday and obtained by The New York Times, the administration urged lawmakers to make permanent the legal authority for the National Security Agency to gain access to logs of Americans' domestic communications, the USA Freedom Act. The law, enacted after the intelligence contractor Edward J. Snowden revealed the existence of the program in 2013, is set to expire in December, but the Trump administration wants it made permanent. The unclassified letter, signed on Wednesday by Dan Coats in one of his last acts as the director of National Intelligence, also conceded that the N.S.A. has indefinitely shut down that program after recurring technical difficulties repeatedly caused it to collect more records than it had legal authority to gather. That fact has previously been reported, but the administration had refused to officially confirm its status.

Read more of this story at Slashdot.

Researchers Found World-Readable Database Used To Secure Buildings Around the Globe

Slashdot - Your Rights Online - Cz, 2019-08-15 03:30
Researchers said they have found a publicly accessible database containing almost 28 million records -- including plain-text passwords, face photos, and personal information -- that was used to secure buildings around the world. Ars Technica reports: Researchers from vpnMentor reported on Wednesday that the database was used by the Web-based Biostar 2 security system sold by South Korea-based Suprema. Biostar uses facial recognition and fingerprint scans to identify people authorized to enter warehouses, municipal buildings, businesses, and banks. vpnMentor said the system has more than 1.5 million installations in a wide range of countries including the U.S., the UK, Indonesia, India, and Sri Lanka. According to vpnMentor, the 23-gigabyte database contained more than 27.8 million records used by Biostar to secure customer facilities. The data included usernames, passwords and user IDs in plaintext, building access logs, employee records including start dates, personal details, mobile device data, and face images. The researchers said the data also included more than 1 million records containing actual fingerprint scans, but the report provided no data to support the claim. "The vpnMentor researchers said they discovered the exposed database on August 5 and privately reported the finding two days later," reports Ars Technica. "The data wasn't secured until Tuesday, six days later."

Read more of this story at Slashdot.

Working On Microsoft's Cortana Is Laborious and Poorly Paid

Slashdot - Your Rights Online - Cz, 2019-08-15 02:50
An anonymous reader quotes a report from Motherboard: Apple, Google, Amazon, and most recently Facebook have been found hiring human workers to transcribe audio captured by their own products. Motherboard found Microsoft does the same for some Skype calls, and is still doing so despite other companies suspending their reliance on contractors. A cache of leaked documents obtained by Motherboard gives insight into what the human contractors behind the development of tech giants' artificial intelligence services are actually doing: laborious, repetitive tasks that are designed to improve the automated interpretation of human speech. This means tasks tech giants have promised are completed by virtual assistants and artificial intelligence are trained by the monotonous work of people. The work is magnified by the large footprint of speech recognition tools: Microsoft's Cortana product, similar to Apple's Siri, is implemented in Windows 10 machines and Xbox One consoles, and is also available as on iOS, Android, and smart speakers. The instruction manuals on classifying this sort of data go on for hundreds of pages, with a dizzying number of options for contractors to follow to classify data, or punctuation style guides they're told to follow. The contractor said they are expected to work on around 200 pieces of data an hour, and noted they've heard personal and sensitive information in Cortana recordings. A document obtained by Motherboard corroborates that for some work contractors need to complete at least 200 tasks an hour. The pay for this work varies. One contract obtained by Motherboard shows pay at $12 an hour, with the possibility of contractors being able to reach $13 an hour as a bonus. A contract for a different task shows $14 an hour, with a potential bonus of $15 an hour. A Microsoft spokesperson told Motherboard in an emailed statement, "We're always looking to improve transparency and help customers make more informed choices. Our disclosures have been clear that we use customer content from Cortana and Skype Translator to improve these products, we engage third party expertise to assist in this process, and we take steps to de-identify this content to protect people's privacy."

Read more of this story at Slashdot.

Credit Karma Glitch Exposed Users To Other People's Accounts

Slashdot - Your Rights Online - Cz, 2019-08-15 01:30
Users of credit monitoring site Credit Karma have took to Reddit and Twitter to complain that they were served other people's account information when they logged in. TechCrunch has confirmed several screenshots that show other people's accounts, including details about their credit card accounts and their current balance. When contacted, a Credit Karma spokesperson said these users "experienced a technical malfunction that has now been fixed," and that there's "no evidence of a data breach." The company didn't say for how long customers were experiencing issues. TechCrunch reports: One user told TechCrunch that after they were served another person's full credit report, they messaged the user on LinkedIn "to let him know his data was compromised." Another user told us this: "The reports are split into two sections: Credit Factors -- things like number of accounts, inquiries, utilization; and Credit Reports -- personal information like name, address, etc.. The Credit Reports section was my own information, but the Credit Factors section definitely wasn't. It listed four credit card accounts (I have more like 20 on my report), a missed payment (I'm 100% on time with payments), a Honda auto loan (never had one with Honda), student loan financing (mine are paid off and too old to appear on my report), and cards with an issuer that I have no relationship with (Discover)." Another user who was affected said they could read another person's Credit Factors -- including derogatory credit marks -- but that the Credit Report tab with that user's personal information, like names and addresses, was blank. One user said that the login page was pulled offline for a brief period. "We'll be right back," the login page read instead.

Read more of this story at Slashdot.

Capital One Hacker Stole 'Terabytes' of Data From More Than 30 Companies, Court Docs Reveal

Slashdot - Your Rights Online - Śr, 2019-08-14 19:23
Paige A. Thompson, the hacker accused of breaching US bank Capital One, is also believed to have stolen data from more than 30 other companies, US prosecutors said in new court documents filed today and obtained by ZDNet. From the report: "The government's investigation over the last two weeks has revealed that Thompson's theft of Capital One's data was only one part of her criminal conduct," US officials said in a memorandum for extending Thompson's detention period. "The servers seized from Thompson's bedroom during the search of Thompson's residence, include not only data stolen from Capital One, but also multiple terabytes of data stolen by Thompson from more than 30 other companies, educational institutions, and other entities." US prosecutors said the "data varies significantly in both type and amount," but, based on currently available information, "much of the data appears not to be data containing personal identifying information."

Read more of this story at Slashdot.

Major Breach Found in Biometrics System Used By Banks, UK Police and Defence Firms

Slashdot - Your Rights Online - Śr, 2019-08-14 18:42
The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks, The Guardian reported Wednesday. From the report: Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings. Last month, Suprema announced its Biostar 2 platform was integrated into another access control system -- AEOS. AEOS is used by 5,700 organisations in 83 countries, including governments, banks and the UK Metropolitan police. The Israeli security researchers Noam Rotem and Ran Locar working with vpnmentor, a service that reviews virtual private network services, have been running a side project to scans ports looking for familiar IP blocks, and then use these blocks to find holes in companies' systems that could potentially lead to data breaches. In a search last week, the researchers found Biostar 2's database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data.

Read more of this story at Slashdot.

Huawei Technicians Helped African Governments Spy on Political Opponents

Slashdot - Your Rights Online - Śr, 2019-08-14 18:02
phalse phace writes: A WSJ investigation appears to have uncovered multiple instances where the African governments in Uganda and Zambia, with the help of Huawei technicians, used Huawei's communications equipment to spy on and censor political opponents and its citizens. From the report, writes phalse phace: Huawei Technologies dominates African markets, where it has sold security tools that governments use for digital surveillance and censorship. But Huawei employees have provided other services, not disclosed publicly. Technicians from the Chinese powerhouse have, in at least two cases, personally helped African governments spy on their political opponents, including intercepting their encrypted communications and social media, and using cell data to track their whereabouts, according to senior security officials working directly with the Huawei employees in these countries. It should be noted that while the findings "show how Huawei employees have used the company's technology and other companies' products to support the domestic spying of those governments," the investigation didn't turn up evidence of spying by or on behalf of Beijing in Africa. Nor did it find that Huawei executives in China knew of, directed or approved the activities described. It also didn't find that there was something particular about the technology in Huawei's network that made such activities possible. Details of the operations, however, offer evidence that Huawei employees played a direct role in government efforts to intercept the private communications of opponents.

Read more of this story at Slashdot.

FBI Seeks To Monitor Facebook, Oversee Mass Social Media Data Collection

Slashdot - Your Rights Online - Śr, 2019-08-14 12:00
The FBI is planning to aggressively harvest information from Facebook and Twitter. Citing the The Wall Street Journal, ZDNet reports that the FBI "has recently sought proposals from third-party vendors for technological solutions able to harvest publicly-available information in bulk from Facebook, Twitter, and other social media outlets." From the report: The law enforcement agency says the data collected will be used "to proactively identify and reactively monitor threats to the United States and its interests." Law enforcement has requested the means to "obtain the full social media profile of persons-of-interest and their affiliation to any organization or groups," to keep track of users based on their neighborhood, and keyword searches, among other tool functions. Vendors have until August 27 to submit their proposals. While the FBI believes that such tools can work in harmony with privacy safeguards and civil liberties, the mass collection of names, photos, and IDs -- when combined with information from other sources -- may do just the opposite.

Read more of this story at Slashdot.

FAA Bans Recalled MacBook Pros From Flights

Slashdot - Your Rights Online - Śr, 2019-08-14 04:02
The U.S. Federal Aviation Administration has banned select MacBook Pro laptops on flights after Apple recently said that some units had batteries that posed a fire risk. In a statement, the FAA said it was "aware of the recalled batteries that are used in some Apple MacBook Pro laptops" and stated that it alerted major U.S. airlines about the recall. Bloomberg reports: The watchdog also reminded airlines to follow 2016 safety instructions for goods with recalled batteries, which means that the affected Apple laptops should not be taken on flights as cargo or in carry-on baggage by passengers. The Apple laptops in question are some 15-inch MacBook Pros sold between September 2015 and February 2017. Apple issued the recall in June, saying it had "determined that, in a limited number of older generation 15-inch MacBook Pro units, the battery may overheat and pose a fire safety risk." This week, four airlines with cargo operations managed by Total Cargo Expertise -- TUI Group Airlines, Thomas Cook Airlines, Air Italy, and Air Transat -- implemented a ban, barring the laptops from being brought onto the carriers' planes as cargo, according to an internal notice obtained by Bloomberg News. A spokesperson for TUI Group Airlines said airport staff and flight attendants will start making announcements about these MacBook Pros at the gate and before takeoff. Laptops that have replaced batteries won't be impacted, the spokesperson said. The company also posted a notice on its website banning the recalled computers on board, in both cargo and passenger areas of its planes. It's unclear what efforts will, if any, be made at U.S. airports.

Read more of this story at Slashdot.

Researcher Makes Legit-Looking iPhone Lightning Cables That Will Hijack Your Computer

Slashdot - Your Rights Online - Śr, 2019-08-14 02:45
A researcher known as MG has modified Lightning cables with extra components to let him remotely connect to the computers that the cables are connected to. "It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable," MG said. Motherboard reports: One idea is to take this malicious tool, dubbed O.MG Cable, and swap it for a target's legitimate one. MG suggested you may even give the malicious version as a gift to the target -- the cables even come with some of the correct little pieces of packaging holding them together. MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer. The cable comes with various payloads, or scripts and commands that an attacker can run on the victim's machine. A hacker can also remotely "kill" the USB implant, hopefully hiding some evidence of its use or existence. MG made the cables by hand, painstakingly modifying real Apple cables to include the implant. "In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way," he said. MG did point to other researchers who worked on the implant and graphical user interface. He is selling the cables for $200 each.

Read more of this story at Slashdot.

Websites Can Discriminate Against You Even If You Don't Use Them, California Supreme Court Rules

Slashdot - Your Rights Online - Śr, 2019-08-14 01:20
Nearly four years ago, a lone bankruptcy lawyer sued Square, the payment processor run by Twitter CEO Jack Dorsey, challenging the app's terms of use -- despite never signing up. As of yesterday, the case will proceed, thanks to an opinion issued by the California Supreme Court that could have wide-reaching implications for online businesses. Gizmodo reports: The first thing you need to know is that, for whatever reason, Square's Prohibited Goods and Services policies include "bankruptcy attorneys or collection agencies," which you'll recall is plaintiff Robert White's line of work. California, where this case was tried and where a plurality of online services are headquartered, is also home to a state law -- the Unruh Civil Rights Act -- which provides broad protections against discrimination of many kinds, including occupation. But the question remained as to whether White needed to have entered into an agreement with Square (by agreeing to the terms of service) in order to have experienced said discrimination barring his "full and equal access" to the service. For the time being at least: no. "In general, a person suffers discrimination under the Act when the person presents himself or herself to a business with an intent to use its services but encounters an exclusionary policy or practice that prevents him or her from using those services," Justice Goodwin Liu wrote in court's unanimous opinion. "We conclude that this rule applies to online businesses and that visiting a website with intent to use its services is, for purposes of standing, equivalent to presenting oneself for services at a brick-and-mortar store." The Supreme Court noted that the merits of White's case -- beyond his having standing -- were outside its purview, and that "mere awareness of a business's discriminatory policy or practice is not enough for standing under the Act," but that "entering into an agreement with the business is not required."

Read more of this story at Slashdot.

Amazon's Facial Recognition Misidentified 1 in 5 California Lawmakers as Criminals

Slashdot - Your Rights Online - Śr, 2019-08-14 00:05
The ACLU tested Rekognition, Amazon's facial recognition technology, on photographs of California lawmakers. It matched 26 of them to mugshots. From a report: In a recent test of Amazon's facial recognition software, the American Civil Liberties Union of Northern California revealed that it mistook 26 California lawmakers as people arrested for crimes. The ACLU used Rekognition, Amazon's facial recognition software, to evaluate 120 photos of lawmakers against a database of 25,000 arrest photos, ACLU attorney Matt Cagle said at a press conference on Tuesday. One in five lawmaker photographs were falsely matched to mugshots, exposing the frailties of an emerging technology widely adopted by law enforcement. The ACLU used the default Rekognition settings, which match identity at 80 percent confidence, Cagle said. Assembly member Phil Ting was among those whose picture was falsely matched to an arrest photo. He's also an active advocate for limiting facial recognition technology: in February, he introduced a bill, co-sponsored by the ACLU, that bans the use of facial recognition and other biometric surveillance on police-worn body cameras.

Read more of this story at Slashdot.

$3 Million Fortnite Winner Becomes Latest Swatting Target

Slashdot - Your Rights Online - Wt, 2019-08-13 23:20
An anonymous reader quotes a report from Ars Technica: Kotaku reports that Kyle "Bugha" Giersdorf was streaming a Fortnite game late Sunday when he abruptly left his desk and abandoned the game with the livestream still running. The cause? His father coming to tell him that armed police were at the front door. Fortunately, Bugha returned unharmed to the stream several minutes later. "That was definitely a new one," he can be heard saying on a recording of the stream. "I got swatted." The comparatively quick and peaceful resolution of the issue was in part due to sheer good luck. "I was lucky because the one officer, yeah, he lives in our neighborhood," Bugha explained on the stream. Bugha won $3 million for his first-place finish in the first-ever Fortnite World Cup in July and even appeared on The Tonight Show to talk about his win with host Jimmy Fallon. He is also all of 16 years old, and so a threat against him also involved his parents, whose personal information may have been easy to find. "Swatting" occurs when someone places a hoax emergency call to a police department, hoping to mobilize an emergency response (i.e., a SWAT team) to the victim's home. Bugha was lucky in that the officers who responded to his address were of a mood to ask questions first. Not all swatting victims are so lucky. In 2017, a Kansas man named Andrew Finch was killed during a swatting event even though he was not the intended target. The man behind the hoax call was sentenced to 20 years in prison earlier this year for his role in Finch's death.

Read more of this story at Slashdot.