aggregator

Nearly 200,000 Wi-Fi Cameras Are Open To Hacking

Slashdot - Your Rights Online - Pt, 2017-03-10 03:05
An anonymous reader quotes a report from BleepingComputer: What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking. The flaws affect a generically named product called Wireless IP Camera (P2P) WIFICAM, manufactured by a (currently unnamed) Chinese company, who sells it as a white-label product to several other camera vendors. Security researcher Pierre Kim says the firmware produced by this Chinese vendor comes with several flaws, which have all made their way down the line into the products of other companies that bought the white-label (unbranded) camera. In total, nearly 1,250 camera models based on the original camera are affected. At the heart of many of these issues is the GoAhead web server, which allows camera owners to manage their device via a web-based dashboard. According to Kim, the cameras are affected by a total of seven security flaws. Yesterday, Kim said that around 185,000 vulnerable cameras could be easily identified via Shodan. Today, the same query yields 198,500 vulnerable cameras. Proof-of-concept exploit code for each of the seven flaws is available on Kim's blog, along with a list of all the 1,250+ vulnerable camera models.

Read more of this story at Slashdot.

Filmmakers Take Dutch State To Court Over Lost Piracy Revenue

Slashdot - Your Rights Online - Pt, 2017-03-10 00:40
An anonymous reader quotes a report from TorrentFreak: A coalition of Dutch film and TV producers is following through on their threat to file a lawsuit against the local Government. The filmmakers hold the authorities responsible for the country's high piracy rates. They claim the government tolerated and even encouraged unauthorized downloading for years and want to see compensation as a result. Last year the Dutch Government denied these allegations, noting that the filmmakers could go after downloaders directly if they want to recoup their losses. However, they are not backing down. On Tuesday a group of film and TV show companies issued a summons announcing their legal action, NRC reports. Through the court they hope to hold the Government liable, and if that's the case, a separate damages procedure will likely follow.

Read more of this story at Slashdot.

Despite Netflix and Amazon Prime, Most of the World Watches Pirated Content

Slashdot - Your Rights Online - Cz, 2017-03-09 20:40
An anonymous reader shares a TechInAsia report: More than half of the people surveyed across the world still watch pirated movies and TV shows, a new survey shows. The study, conducted by digital security firm Irdeto, asked more than 25,000 adults across 30 countries about video watching trends. Here's what it found: 52 percent of those surveyed said they watch pirated videos. 48 said they would stop, or watch less illegal content after they were told about the damaging effects of piracy on the media industry. While many recognize that producing or sharing pirated video is illegal (70 percent), far fewer people are aware that streaming or downloading is also against the law (59 percent).

Read more of this story at Slashdot.

Digital Privacy at the U.S Border: A New How-To Guide from EFF

Electronic Frontier Foundation - Cz, 2017-03-09 18:03
Protect Yourself While Traveling To and From the U.S.

San Francisco - Increasingly frequent and invasive searches at the U.S. border have raised questions for those of us who want to protect the private data on our computers, phones, and other digital devices. A new guide released today by the Electronic Frontier Foundation (EFF) gives travelers the facts they need in order to prepare for border crossings while protecting their digital information.

“Digital Privacy at the U.S. Border” helps everyone do a risk assessment, evaluating personal factors like immigration status, travel history, and the sensitivity of the data you are carrying. Depending on which devices come with you on your trip, your gadgets can include information like your client files for work, your political leanings and those of your friends, and even your tax return. Assessing your risk factors helps you choose a path to proactively protect yourself, which might mean leaving some devices at home, moving some information off of your devices and into the cloud, and using encryption. EFF’s guide also explains why some protections, like fingerprint locking of a phone, are less secure than other methods.

“Border agents have more power than police officers normally do, and people crossing the border have less privacy than they usually expect,” said EFF Staff Attorney Sophia Cope. “Border agents may demand that you unlock your phone, provide your laptop password, or disclose your social media handles. Yet this is where many of us store our most sensitive personal information. We hope this guide makes preparing for your trip and protecting your devices easier and more effective.”

Many travelers are confused about what is legal at the border, and the consequences for running afoul of a border agent can run the gamut from indefinite seizure of your phone and computer, to denial of entry for foreign visitors, although American citizens always have the right to re-enter the country. EFF’s new guide hopes to clear up misinformation while recognizing that there is no “one size fits all” approach to crossing into the United States. In addition to the full report, EFF has also created a pocket guide for helping people concerned with data protection.

“The border is not a Constitution-free zone, but sometimes the rules are less protective of travelers and some border agents can be aggressive,” said EFF Senior Staff Attorney Adam Schwartz. “That can put unprepared travelers in a no-win dilemma at the U.S. border. We need clearer legal protections for everyone, but in the meantime, our report and pocket guides aim to put more power back into the hands of travelers.”

For “Digital Privacy at the U.S. Border”:
https://www.eff.org/wp/digital-privacy-us-border-2017

For EFF’s pocket guide:
https://www.eff.org/document/eff-border-search-pocket-guide

For EFF’s summary of your constitutional rights:
https://www.eff.org/document/digital-privacy-us-border

Contact:  SophiaCopeStaff Attorneysophia@eff.org AdamSchwartzSenior Staff Attorneyadam@eff.org
Share this: Join EFF

How Wiretaps Actually Work

Slashdot - Your Rights Online - Cz, 2017-03-09 18:00
David Kris, assistant attorney general for national security from 2009 to 2011, has responded to the recent accusations made by president Donald Trump. On Saturday, Trump accused former president Obama of orchestrating a "Nixon/Watergate" plot to tap the phones at his Trump Tower headquarters in the run-up to last fall's election. He writes in an opinion piece for The Washington Post: First, the U.S. government needs probable cause, signatures from government officials and advance approval from a federal court before engaging in wiretapping in the United States. There are some narrow exceptions, for things such as short-term emergencies, which are then reviewed by a judge promptly after the fact. This is not something that the president simply orders. Under the law governing foreign intelligence wiretaps, the government has to show probable cause that a "facility" is being used or about to be used by a "foreign power" -- e.g., a foreign government or an international terrorist group -- or by an "agent of a foreign power." A facility is something like a telephone number or an email address. Second, there is no requirement that the facility being wiretapped be owned, leased or listed in the name of the person who is committing the offense or is the agent of a foreign power. [...] Third, government officials, including the president, don't normally speak publicly about wiretaps. Indeed, it is in some cases a federal crime to disclose a wiretap without authorization, including not only the information obtained from the wiretap, but also the mere existence of a wiretap with an intent to obstruct it. With respect to intelligence wiretaps, there is an additional issue: They are always classified, and disclosure of classified information is also generally a crime. The president enjoys authority over classified information, of course, but at a minimum it would be highly irregular to disclose an intelligence wiretap via Twitter.

Read more of this story at Slashdot.

Samsung Group Chief Denies All Charges as 'Trial of the Century' Begins

Slashdot - Your Rights Online - Cz, 2017-03-09 17:20
An anonymous reader shares a Fortune report: The head of South Korea's Samsung Group, Jay Y. Lee, denies all charges against him, his lawyer said on Thursday, at the start of what the special prosecutor said could be the "trial of the century" amid a political scandal that has rocked the country. Lee has been charged with bribery, embezzlement and other offenses in a corruption scandal that has already led to the impeachment of President Park Geun-hye. Lee, who is being detained at Seoul Detention Centre, did not attend court. A defendant does not have to turn up during a preparatory hearing, held to organize evidence and set dates for witness testimony. The date of the next hearing will be decided next week. Lee's defense denied all charges against him on his behalf, saying that the special prosecution's indictment cites conversations, evidence or witnesses the prosecution did not actually hear, investigate or interview according to the rules -- or states opinions that are not facts.

Read more of this story at Slashdot.

China Expresses Concern at Revelations in Wikileaks Dump of Hacked CIA Data

Slashdot - Your Rights Online - Cz, 2017-03-09 16:40
China has expressed concern over revelations in a trove of data released by Wikileaks purporting to show that the CIA can hack all manner of devices, including those made by Chinese companies. From a report on Reuters: Dozens of firms rushed to contain the damage from possible security weak points following the anti-secrecy organization's revelations, although some said they needed more details of what the U.S. intelligence agency was up to. Widely-used routers from Silicon Valley-based Cisco were listed as targets, as were those supplied by Chinese vendors Huawei and ZTE and Taiwan supplier Zyxel for their devices used in China and Pakistan. "We urge the U.S. side to stop listening in, monitoring, stealing secrets and internet hacking against China and other countries," Chinese Foreign Ministry spokesman Geng Shuang told a daily news briefing.

Read more of this story at Slashdot.

Uber Admits Its Ghost Driver 'Greyball' Tool Was Used To Thwart Regulators, Vows To Stop

Slashdot - Your Rights Online - Cz, 2017-03-09 16:00
Uber has admitted it used a tool to thwart city regulators, and announced a review of its controversial Greyball technology. From a report on USA Today: Greyballing, a play on blackballing, was a way for Uber officials to remotely provide ghost driver information to a targeted individual. A March 3 report on the program in The New York Times cited a 2014 example where a regulator in Portland, Ore., a city in which Uber was operating without approval at the time, was unable to hail a car because of his Greyball-powered app. "We have started a review of the different ways this technology has been used to date," Joe Sullivan, Uber's chief security officer, wrote in a blog post. "In addition, we are expressly prohibiting its use to target action by local regulators going forward."

Read more of this story at Slashdot.

FCC Investigating Coast-To-Coast 911 Outage For AT&T Wireless Users

Slashdot - Your Rights Online - Cz, 2017-03-09 09:00
AT&T says it has fixed a nationwide outage that prevented its wireless customers from making 911 emergency calls. "Service has been restored for wireless customers affected by an issue connecting to 911. We apologize to those affected," the company officials said in a statement. The outage was serious enough to gain the attention of the Federal Communications Commission. The FCC chairman, Ajit Pai, said via Twitter that they are investigating what went wrong. NBC News reports: The company didn't say how widespread the outage was, but as reports poured in from across the country, Karima Holmes, director of unified communications for the Washington, D.C., government, said her office had been "advised there is a nationwide outage for AT&T." At 10:20 p.m. ET, about 10 minutes before AT&T gave the all-clear, DownDetector, a site that monitors internet traffic for real-time information on wireless and broadband carriers, indicated that outage reports for AT&T were clustered most prominently around New York City, Philadelphia, Washington, D.C., Chicago, Miami, Dallas, Houston, San Francisco, Los Angeles and Seattle. But emergency authorities across the country confirmed 911 outages and publicized direct police, fire and ambulance dispatch telephone numbers that AT&T customers should call in emergencies.

Read more of this story at Slashdot.

Ask Slashdot: Should You Use Password Managers?

Slashdot - Your Rights Online - Cz, 2017-03-09 02:20
New submitter informaticsDude writes: What do Slashdot users recommend regarding the use of password managers? The recent election underscored the hackability of many personal accounts. One solution is to use different passwords for every digital experience. But, of course, humans are lousy at remembering large numbers of large random strings. Another solution is to use a password manager. However, password managers have been hacked in the past, in which case you lose everything. How do Slashdot users balance the competing risks? What is a person to do?

Read more of this story at Slashdot.

GOP Senators' New Bill Would Let ISPs Sell Your Web Browsing Data

Slashdot - Your Rights Online - Cz, 2017-03-09 01:40
Yesterday, Sen. Jeff Flake (R-Ariz.) and 23 Republican co-sponsors introduced a resolution that would overturn new privacy rules for internet service providers. "If the Federal Communications Commission rules are eliminated, ISPs would not have to get consumers' explicit consent before selling or sharing web browsing data and other privacy information with advertisers and other third parties," reports Ars Technica. "The measure would use lawmakers' power under the Congressional Review Act to ensure that the FCC rulemaking 'shall have no force or effect.' The resolution would also prevent the FCC from issuing similar regulations in the future." From the report: Flake's announcement said he's trying to "protect consumers from overreaching Internet regulation." Flake also said that the resolution "empowers consumers to make informed choices on if and how their data can be shared," but he did not explain how it will achieve that. The privacy order had several major components. The requirement to get the opt-in consent of consumers before sharing information covered geo-location data, financial and health information, children's information, Social Security numbers, Web browsing history, app usage history, and the content of communications. This requirement is supposed to take effect on December 4, 2017. The rulemaking had a data security component that required ISPs to take "reasonable" steps to protect customers' information from theft and data breaches. This was supposed to take effect on March 2, but the FCC under newly appointed Chairman Ajit Pai halted the rule's implementation. Another set of requirements related to data breach notifications is scheduled to take effect on June 2. Flake's resolution would prevent all of those requirements from being implemented. He said that this "is the first step toward restoring the [Federal Trade Commission's] light-touch, consumer-friendly approach." Giving the FTC authority over Internet service providers would require further FCC or Congressional action because the FTC is not allowed to regulate common carriers, a designation currently applied to ISPs.

Read more of this story at Slashdot.

Apple Says It's Already Fixed Many WikiLeaks Security Issues

Slashdot - Your Rights Online - Cz, 2017-03-09 00:00
An anonymous reader quotes a report from USA Today: Apple says many of the vulnerabilities to its devices and software that came to light in WikiLeaks' revelations of CIA cyber weapons were already fixed in its latest updates. Late Tuesday, Apple emailed the following statement to USA TODAY: "Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates." For its part, Samsung emailed its own statement Wednesday: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."

Read more of this story at Slashdot.

Federal Criminal Probe Being Opened Into WikiLeaks' Publication of CIA Documents

Slashdot - Your Rights Online - Śr, 2017-03-08 20:00
A federal criminal investigation is being opened into WikiLeaks' publication of documents detailing alleged CIA hacking operations, CNN reports citing several U.S. officials. From the report: The officials said the FBI and CIA are coordinating reviews of the matter. The investigation is looking into how the documents came into WikiLeaks' possession and whether they might have been leaked by an employee or contractor. The CIA is also trying to determine if there are other unpublished documents WikiLeaks may have. The documents published so far are largely genuine, officials said, though they are not yet certain if all of them are and whether some of the documents may have been altered. One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas. Security expert Robert Graham, wrote on Tuesday: The CIA didn't remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There's no evidence of them doing so remotely over the Internet. The CIA didn't defeat Signal/WhatsApp encryption. The CIA has some exploits for Android/iPhone. If they can get on your phone, then, of course they can record audio and screenshots. Technically, this bypasses/defeats encryption -- but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening. [...] This hurts the CIA a lot. Already, one AV researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak. We can develop anti-virus and intrusion-detection signatures based on this information that will defeat much of what we read in these documents. This would put a multi-year delay in the CIA's development efforts. Plus, it'll now go on a witch-hunt looking for the leaker, which will erode morale.

Read more of this story at Slashdot.

Big Tech Lobbying Is On the Verge of Killing Right To Repair Legislation In Minnesota

Slashdot - Your Rights Online - Śr, 2017-03-08 19:20
Jason Koebler, writing for Motherboard: Statehouse employees in Minnesota say that lobbying efforts by big tech companies and John Deere are on the verge of killing right to repair legislation in the state that would have made it easier for consumers and small businesses to fix their electronics. According to two of the bill's sponsors, the bill, which would have introduced "fair repair" requirements for manufacturers in the state, will not get a hearing that's necessary to move the legislation forward. Minnesota Senate rules automatically kills any bills that do not have a hearing scheduled by a certain date (this year, it's March 10). Last year, tech industry lobbying killed a similar bill in New York. "Unfortunately, it's not going to make deadline this session," Republican Sen. David Osmek, one of the sponsors, told me in an email. Osmek would not give additional specifics about his colleagues' concerns with the bill, but a legislative assistant for the bill's other sponsor told me that electronic manufacturer lobbying is likely to blame, while another source close to the legislature told me that tractor manufacturer John Deere -- a long time enemy of fair repair -- helped kill the bill as well.

Read more of this story at Slashdot.

Hey CIA, You Held On To Security Flaw Information -- But Now It's Out. That's Not How It Should Work

Slashdot - Your Rights Online - Śr, 2017-03-08 16:40
Cindy Cohn, writing for EFF: The dark side of this story is that the documents confirm that the CIA holds on to security vulnerabilities in software and devices -- including Android phones, iPhones, and Samsung televisions -- that millions of people around the world rely on. The agency appears to have failed to accurately assess the risk of not disclosing vulnerabilities to responsible vendors and failed to follow even the limited Vulnerabilities Equities Process. As these leaks show, we're all made less safe by the CIA's decision to keep -- rather than ensure the patching of -- vulnerabilities. Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans.

Read more of this story at Slashdot.

WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault 7'

Slashdot - Your Rights Online - Śr, 2017-03-08 02:45
Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux. 2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s). 3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on. 4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them. 5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest. 6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said. You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."

Read more of this story at Slashdot.

Ask Slashdot: How Do You Best Protect Client Files From Wireless Hacking?

Slashdot - Your Rights Online - Śr, 2017-03-08 02:05
dryriver writes: A client has given you confidential digital files containing a design for a not-yet-public consumer product. You need to work on those files on a Windows 10 PC that has a wireless chipset built into it. What can you do, assuming that you have to work under Windows 10, that would make 3rd party wireless access to this PC difficult or impossible? I can imagine that under a more transparent, open-source, power-user OS like Linux, it would be a piece of cake to kill all wireless access completely and reliably even if the system contains wireless hardware. But what about a I-like-to-phone-home-sometimes, non open-source OS like Windows 10 that is nowhere near as open and transparent? Is there a good strategy for making outside wireless access to a Windows 10 machine difficult or impossible?

Read more of this story at Slashdot.

Trump Renominates Ajit Pai For Five More Years at the FCC

Slashdot - Your Rights Online - Śr, 2017-03-08 00:40
According to Axios, Bloomberg, and several other publications, President Trump has nominated FCC chairman Ajit Pai for a second five-year term at the commission. "Pai's current term ended last June, though he's been able to stick around through the end of the year even without reconfirmation," reports The Verge. From the report: The nomination comes just days after Pai sat down with the president for a meeting, during which they're said to have "reconnected" but without actually discussing anything the commission is actively considering. Pai will need confirmation from the Senate for the nomination to be approved. He was first nominated in 2012 to fill the slot of a commissioner. With approval, he'll be able to stick around through at least the entirety of Trump's current term. The question now is when Trump will nominate people to fill the two slots still vacant at the commission. The FCC remains short staffed, with only three out of five seated leaders, which somewhat limits how quickly Pai is able to get through his agenda.

Read more of this story at Slashdot.

China's ZTE Pleads Guilty, Will Pay $1.19 Billion For Violating US Trade Sanctions

Slashdot - Your Rights Online - Wt, 2017-03-07 23:20
An anonymous reader quotes a report from Reuters: Chinese telecom equipment maker ZTE Corp will plead guilty and pay $1.19 billion ($892 million in the Iran case) to settle allegations it violated U.S. laws that restrict the sale of American-made technology to Iran and North Korea, the company and U.S. government agencies said on Tuesday. ZTE entered into an agreement to plead guilty to conspiring to violate the International Emergency Economic Powers Act, obstruction of justice and making a material false statement, the U.S. Justice Department said. The Commerce Department investigation followed reports by Reuters in 2012 that ZTE had signed contracts to ship millions of dollars worth of hardware and software from some of the best-known U.S. technology companies to Iran's largest telecoms carrier. Between January 2010 and January 2016, ZTE directly or indirectly shipped approximately $32 million of U.S.-origin items to Iran without obtaining the proper export licenses from the U.S. government. ZTE then lied to federal investigators during the investigation when it insisted that the shipments had stopped, Justice said. It also took actions involving 283 shipments of controlled items to North Korea, authorities said. Shipped items included routers, microprocessors and servers controlled under export regulations for security, encryption and anti-terrorism reasons.

Read more of this story at Slashdot.

WikiLeaks Reveals CIA's Secret Hacking Tools and Spy Operations

Slashdot - Your Rights Online - Wt, 2017-03-07 16:41
Mark Wilson, writing for BetaNews: WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive. The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe. WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. In a statement, WikiLeaks said CIA has tools to bypass the encryption mechanisms imposed by popular instant messenger apps Signal, Confide, WhatsApp (used by more than a billion people), and Telegram.

Read more of this story at Slashdot.