aggregator

Tech Leaders Speak Out Against Trump Ban on Transgender Troops

Slashdot - Your Rights Online - Śr, 2017-07-26 22:00
Technology executives, including Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichai took to social media to voice their displeasure over President Donald Trump's latest stance on transgendered people in the military. "I am grateful to the transgender members of the military for their service," Google CEO Sundar Pichai said. Apple CEO Tim Cook said, "We are indebted to all who serve. Discrimination against anyone holds everyone back." Brad Smith, Microsoft President and Chief Legal Officer said, "We honor and respect all who serve, including the transgender members of our military." Salesforce said it "believes in equality for all. We support and thank all U.S. service members, including transgender Americans." Facebook CEO Mark Zuckerberg said, "Everyone should be able to serve their country -- no matter who they are." Veteran entrepreneur Max Levchin urged support for transgender people across party lines. "Trans kids, soldiers etc need our support today and to know they are valued & respected regardless of politics. Let us not be divided." Uber told news outlet Axios, "We owe the deepest debt of gratitude to all those who volunteer to serve in the US Armed Forces and defend our values. These patriotic Americans deserve to be honored and respected, not turned away because of who they are." Twitter CEO Jack Dorsey said, "Discrimination in any form is wrong for all of us."

Read more of this story at Slashdot.

Some Low-Cost Android Phones Come at a Price -- Your Privacy

Slashdot - Your Rights Online - Śr, 2017-07-26 20:08
Cheap phones are coming at the price of your privacy, security analysts discovered. From a report: At $60, the BLU R1 HD is the top-selling phone on Amazon. Last November, researchers caught it secretly sending private data to China. Shanghai Adups Technology, the group behind the spying software on the BLU R1 HD, called it a mistake. But analysts at Kryptowire found the software provider is still making the same "mistake" on other phones. At the Black Hat security conference in Las Vegas on Wednesday, researchers from Kryptowire, a security firm, revealed that Adups' software is still sending a device's data to the company's server in Shanghai without alerting people. But now, it's being more secretive about it. "They replaced them with nicer versions," Ryan Johnson, a research engineer and co-founder at Kryptowire, said. "I have captured the network traffic of them using the Command and Control channel when they did it." An Adups spokeswoman said that it had resolved the issues in 2016 and that the issues "are not existing anymore." Kryptowire said it has observed the company sending data without telling users on at least three different phones.

Read more of this story at Slashdot.

Apple-Supplier Foxconn To Announce New Factory in Wisconsin in Much-needed Win For Trump and Scott Walker

Slashdot - Your Rights Online - Śr, 2017-07-26 19:20
An anonymous reader shares a Washington Post report: Foxconn, one of the world's largest electronics manufacturers, will unveil plans Wednesday evening to build a new factory in southeastern Wisconsin (alternative source), delivering a much-needed win for President Trump and Gov. Scott Walker, according to four officials with knowledge of the announcement. The facility will make flat-screen displays and will be located in Southeast Wisconsin within House Speaker Paul Ryan's congressional district. It is not clear how many jobs would be created. Shortly after Trump was elected, Foxconn's chairman Terry Gou said his company would invest at least $7 billion in the United States and create between 30,000 and 50,000 jobs. If it follows through with that commitment, Foxconn would become a major employer on par with Chrysler. In April, Gou spent more than two hours at the White House.

Read more of this story at Slashdot.

Kaspersky Launches Its Free Antivirus Software Worldwide

Slashdot - Your Rights Online - Śr, 2017-07-26 18:00
Kaspersky has finally launched its free antivirus software after a year-and-a-half of testing it in select regions. From a report: While the software was only available in Russia, Ukraine, Belarus, China and in Nordic countries during its trial run, Kaspersky is releasing it worldwide. The free antivirus doesn't have VPN, Parental Controls and Online Payment Protection its paid counterpart offers, but it has all the essential features you need to protect your PC. It can scan files and emails, protect your PC while you use the web and quarantine malware that infects your system. The company says the software isn't riddled with advertisements like other free antivirus offerings. Instead of trying to make ad money off your patronage, Kaspersky will use the data you contribute to improve machine learning across its products. The free antivirus will be available in the US, Canada and most Asia-Pacific countries over the next couple of days, if it isn't yet. After this initial release, the company will roll it out in other regions from September to November.

Read more of this story at Slashdot.

Donald Trump Says US Military Will Not Allow Transgender People To Serve

Slashdot - Your Rights Online - Śr, 2017-07-26 16:03
Donald Trump said on Wednesday he would not allow transgender individuals to serve in the US military in any capacity. From a report: The US president tweeted: "After consultation with my Generals and military experts, please be advised that the United States Government will not accept or allow ... transgender individuals to serve in any capacity in the U.S. Military." He added: "Our military must be focused on decisive and overwhelming ... victory and cannot be burdened with the tremendous medical costs and disruption that transgender in the military would entail." Trump's decision marks a sharp reversal of a policy initiated under Barack Obama, in which the Pentagon ended a longtime ban on transgender people from serving openly in the military. As a candidate, Trump cast himself as a supporter of LGBT rights and indicated he would uphold certain Obama-era policies designed to protect transgender people.

Read more of this story at Slashdot.

China Forces Muslim Minority To Install Spyware On Their Phones

Slashdot - Your Rights Online - Śr, 2017-07-26 02:05
An anonymous reader quotes a report from Bleeping Computer: Chinese authorities in the province of Xinjiang are forcing locals of the Uyghur Muslim minority to install an app on their phones that will allow the government to scan their device for "terrorist propaganda," local media reports. In reality, the app creates MD5 hashes for the user's files and matches them against a database of known terrorist content. The app also makes copies of the user's Weibo and WeChat databases and uploads it to a government server, along with the user's IMEI, IMSI, and WiFi login information. The app is called Jingwang (Citizen Safety) and was developed by police forces from Urumqi, Xinjiang's capital. Authorities launched the app in April, and also included the ability to report suspicious activity to the police. At the start of July, Xinjiang officials started sending WeChat messages in Uyghur and Chinese to locals, asking them to install the app or face detainment of up to 10 days. Police have also stopped people on the street to check if they installed the app. Several were detained for refusing to install it. Locals are now sharing the locations of checkpoints online, so others can avoid getting arrested.

Read more of this story at Slashdot.

Cloudflare Wants to Eliminate 'Moot' Pirate Site Blocking Threat

Slashdot - Your Rights Online - Śr, 2017-07-26 00:40
Cloudflare is not happy with the RIAA's efforts to hold the company liable for pirate websites on its network. From a report: Representing various major record labels, the RIAA filed a lawsuit against MP3Skull in 2015. Last year a Florida federal court sided with the RIAA, awarding the labels more than $22 million in damages. In addition, it issued a permanent injunction which allowed the RIAA to take over the site's domain names. Despite the multi-million dollar verdict, MP3Skull continued to operate using a variety of new domain names, which were subsequently targeted by the RIAA's legal team. As the site refused to shut down, the RIAA eventually moved up the chain targeting CDN provider Cloudflare with the permanent injunction. The RIAA argued that Cloudflare was operating "in active concert or participation" with the pirates. Cloudflare objected and argued that the DMCA shielded the company from the broad blocking requirements. However, the court ruled that the DMCA doesn't apply in this case, opening the door to widespread anti-piracy filtering. The court stressed that, before issuing an injunction against Cloudflare, it still had to be determined whether the CDN provider is "in active concert or participation" with the pirate site. [...] Cloudflare now wants the dangerous anti-piracy filtering order to be thrown out. The company submitted a motion to vacate the order late last week, arguing that the issue is moot. In fact, it has been for a while for some of the contended domain names. The CDN provider says it researched the domain names listed in the injunction and found that only three of the twenty domains used Cloudflare's services at the time the RIAA asked the court to clarify its order. Some had never used CloudFlare's services at all, they say.

Read more of this story at Slashdot.

House Panel Wants Google, Facebook, AT&T CEOs To Testify On Internet Rules

Slashdot - Your Rights Online - Wt, 2017-07-25 20:00
The chairman of the U.S. House Energy and Commerce Committee on Tuesday asked the chief executives of Alphabet, Facebook, Amazon.com, AT&T, Verizon Communications and other companies to testify at a Sept. 7 hearing on the future of net neutrality rules. From a report: The U.S. Federal Communications Commission is considering tossing out 2015 Obama administration net neutrality rules that reclassified internet service like a public utility. The rules bar providers from blocking, slowing or offering paid prioritization of websites. Many internet providers want Congress to step in and write permanent rules. Other chief executives asked to testify include the heads of Comcast, Netflix and Charter. Some companies including Facebook said they were reviewing the letter but none immediately said if they will testify.

Read more of this story at Slashdot.

It Looks Like Facebook Is Also Building a Smart Speaker With Touch Screen

Slashdot - Your Rights Online - Wt, 2017-07-25 18:00
From a report: Facebook may launch its own smart home gadget to get you messaging more friends and looking at more photos. DigiTimes reports from Taiwan that Facebook is building a 15-inch touch screen smart speaker. Citing sources from the "upstream supply chain", Chinese iPhone manufacturer Pegatron is building the device for a Q1 2018 launch, with a small pilot run having already been produced. It's said to have been designed by Facebook secretive new hardware lab Building 8, using an LG in-cell touch screen with magnesium-aluminum-alloy chassis. While no further details are known about the speaker's functionality, it could potentially extend Facebook's feed of photos and videos plus its dominant messaging platform into the bedroom, living room, or kitchen.

Read more of this story at Slashdot.

Global Network of Labs Will Test Security of Medical Devices

Slashdot - Your Rights Online - Wt, 2017-07-25 05:30
chicksdaddy shares a report from The Security Ledger: Amid increasing concerns about cyber threats to healthcare environments, a global network of labs will test the security of medical devices, according to an announcement on Monday by a consortium of healthcare industry firms, universities and technology firms, The Security Ledger reports. The "World Health Information Security Testing Labs (or "WHISTL") will adopt a model akin to the Underwriters Laboratory, which started out testing electrical devices, and focus on issues related to cyber security and privacy, helping medical device makers "address the public health challenges" created by connected health devices and complex, connected healthcare environments, according to a statement by The Medical Device Innovation, Safety and Security Consortium. "MDISS WHISTL facilities will dramatically improve access to medical device security know-how while protecting patient privacy and the intellectual property of our various stakeholders," said Dr. Nordenberg, MD, Executive Director of MDISS. The labs will be one of the only independent, open and non-profit network of labs specifically designed for the needs of medical field, including medical device designers, hospital IT, and clinical engineering professionals. Experts will assess the security of medical devices using standards and specifications designed by testing organizations like Underwriters Labs. Evaluations will include application security testing like "fuzzing," static code analysis and penetration testing of devices. Any vulnerabilities found will be reported directly to manufacturers in accordance with best practices, and publicly disclosed to the international medical device vulnerability database (MDVIPER) which is maintained by MDISS and the National Health Information Sharing and Analysis Center (NH-ISAC). The group says it plans for 10 new device testing labs by the end of the year including in the U.S. in states like New York to Indiana, Tennessee and California and outside North America in the UK, Israel, Finland, and Singapore. The WHISTL facilities will work with Underwriters Labs as well as AAMI, the Association for the Advancement of Medical Instrumentation. Specifically, MDISS labs will base its work on the UL Cybersecurity Assurance Program specifications (UL CAP) and follow testing standards developed by both groups including the UL 2900 and AAMI 80001 standards.

Read more of this story at Slashdot.

Democrats Propose New Competition Laws That Would 'Break Up Big Companies If They're Hurting Consumers'

Slashdot - Your Rights Online - Wt, 2017-07-25 00:50
An anonymous reader quotes a report from Ars Technica: Senate and House Democratic leaders today proposed new antitrust laws that could prevent many of the biggest mergers and break up monopolies in broadband and other industries. "Right now our antitrust laws are designed to allow huge corporations to merge, padding the pockets of investors but sending costs skyrocketing for everything from cable bills and airline tickets to food and health care," US Senate Minority Leader Chuck Schumer (D-NY) wrote in a New York Times opinion piece. "We are going to fight to allow regulators to break up big companies if they're hurting consumers and to make it harder for companies to merge if it reduces competition." The "Better Deal" unveiled by Schumer and House Democratic Leader Nancy Pelosi (D-Calif.) was described in several documents that can be found in an Axios story. The plan for "cracking down on corporate monopolies" lists five industries that Democrats say are in particular need of change, specifically airlines, cable and telecom, the beer industry, food, and eyeglasses. The Democrats' plan for lowering the cost of prescription drugs is detailed in a separate document. The Democrats didn't single out any internet providers that they want broken up, but they did say they want to stop AT&T's proposed $85.4 billion purchase of Time Warner: "Consolidation in the telecommunications is not just between cable or phone providers; increasingly, large firms are trying to buy up content providers. Currently, AT&T is trying to buy Time Warner. If AT&T succeeds in this deal, it will have more power to restrict the content access of its 135 million wireless and 25.5 million pay-TV subscribers. This will only enable the resulting behemoths to promote their own programming, unfairly discriminate against other distributors and their ability to offer highly desired content, and further restrict small businesses from successfully competing in the market."

Read more of this story at Slashdot.

Wisconsin Company Will Let Employees Use Microchip Implants To Buy Snacks, Open Doors

Slashdot - Your Rights Online - Pn, 2017-07-24 23:30
A Wisconsin company called Three Square Market will soon offer employees implantable chips to open doors, buy snacks, log in to computers, and use office equipment like copy machines. The chips use near field communication (NFC) technology and will be implanted between the thumb and forefinger of participating employees. According to The Verge, around 50 people are supposedly getting the optional implants. From the report: NFC chips are already used in a couple of workplaces in Europe; The Los Angeles Times reported on startup workspace Epicenter's chip program earlier this year. In the US, installing them is also a form of simple biohacking. They're essentially an extension of the chips you'd find in contactless smart cards or microchipped pets: passive devices that store very small amounts of information. A Swedish rail company also lets people use implants as a substitute for fare cards. 32M CEO Todd Westby is clearly trying to head off misunderstandings and paranoia by saying that they contain "no GPS tracking at all" -- because again, it's comparable to an office keycard here.

Read more of this story at Slashdot.

Sweden Accidentally Leaks Personal Details of Nearly All Citizens

Slashdot - Your Rights Online - Pn, 2017-07-24 22:50
An anonymous reader quotes a report from The Hacker News: Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military. The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation program, the weight capacity of all roads and bridges, and much more. The incident is believed to be one of the worst government information security disasters ever. In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks. However, the Swedish Transport Agency uploaded IBM's entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs. The transport agency then emailed the entire database in messages to marketers that subscribe to it. And what's terrible is that the messages were sent in clear text. When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.

Read more of this story at Slashdot.

Ask Slashdot: How Can You Avoid Routers With Locked Firmware?

Slashdot - Your Rights Online - Pn, 2017-07-24 09:30
thejynxed writes: Awhile ago the FCC in the USA implemented a rule that required manufacturers to restrict end-users from tampering with the radio outputs on wi-fi routers. It was predicted that manufacturers would take the lazy way out by locking down the firmware/bootloaders of the routers entirely instead of partitioning off access to the radio transmit power and channel ranges. This has apparently proven to be the case, as even now routers that were previously marketed as "Open Source Ready" or "DD-WRT Compatible" are coming with locked firmware. In my case, having noticed this trend, I purchased three routers from Belkin, Buffalo, and Netgear in Canada, the UK, and Germany respectively, instead of the USA, and the results: All three routers had locked firmware/bootloaders, with no downgrade rights and no way to install Tomato, DD-WRT, OpenWRT, etc. It seems the FCC rule is an example of the wide-reaching effect of US law on the products sold in other nations, etc. So, does anyone know a good source of unlocked routers or other technical information on how to bypass this ridiculous outcome of FCC over-reach and manufacturer laziness? The FCC later specified that they were not trying to block Open Source firmware modifications -- so leave your best suggestions in the comments. How can you avoid routers with locked firmware?

Read more of this story at Slashdot.

US Agency Revokes All State Discounts For Kaspersky Products

Slashdot - Your Rights Online - Pn, 2017-07-24 06:30
The U.S. General Services Administration has removed Kapersky Lab from its list of approved vendors for federal systems, which also eliminates the discounts it previously offered to state governments. Long-time Slashdot reader Rick Zeman writes: "The agency's statement suggested a vulnerability exists in Kaspersky that could give the Russian government backdoor access to the systems it protects, though they offered no explanation or evidence of it," reports the Washington Post. Kaspersky, of course, denies this, offering their source code up for U.S. Government review... "Three current and former defense contractors told The Post that they knew of no specific warnings circulated about Kaspersky in recent years, but it has become an unwritten rule at the Pentagon not to include Kaspersky as a potential vendor on new projects." "The lack of information from the GSA underscores a disconnect between local officials and the federal government about cybersecurity," the Post reports, adding that "the GSA's move on July 11 has left state and local governments to speculate about the risks of sticking with the company or abandoning taxpayer-funded contracts, sometimes at great cost." The Post also quotes a cybersecurity expert at a prominent think tank -- the Center for Strategic and International Studies -- who believes that "it's difficult, if not impossible" for a company like Kaspersky to be headquartered in Moscow "if you don't cooperate with the government and the intelligence services."

Read more of this story at Slashdot.

Apple Sued By State Farm Over Alleged iPhone Fire

Slashdot - Your Rights Online - N, 2017-07-23 23:18
An anonymous reader quotes CNET: Insurer State Farm and one of its customers, Wisconsin resident Xai Thao, allege that one of Apple's older iPhones had a defective battery that led to a fire last year. A lawsuit filed on Thursday by both State Farm and Thao claims that her iPhone 4S "failed" and "started a fire at Thao's home." The lawsuit further claims that "preliminary investigations show evidence of a significant and localized heating event in the battery area of the iPhone." It also declares that there were "remnants of internal shorting, indicating that an internal failure of the iPhone's battery caused the fire"... The State Farm lawsuit says that Thao's iPhone was "in a defective and unreasonably dangerous condition" when she bought it in 2014. The suit is claiming in excess of $75,000 in damages.

Read more of this story at Slashdot.

UK To Require Drone Registration And Safety Exams

Slashdot - Your Rights Online - N, 2017-07-23 21:10
An anonymous reader quotes Bloomberg: Drones will have to be registered and their users required to pass safety tests under new rules to be announced by the U.K.'s Department for Transport... Registration will be mandated for owners of drones 250 grams (8.8 ounces) or larger after research found that drones as small as 400 grams (14 ounces) could damage the windscreens of helicopters. Other security measures like "geo-fencing" -- GPS-based technology programmed into drones to prevent them from flying into sensitive areas such as prisons and airports -- are also under consideration, according to a statement from the department. The BBC points out that "There is no time frame or firm plans as to how the new rules will be enforced and the Department of Transport admitted that 'the nuts and bolts still have to be ironed out.'" "The UK government says 22 incidents involving commercial airliners and drones were investigated between January and April of this year," adds TechRadar, "with police unable to trace the owners of the drones -- one of the reasons for the new legislation."

Read more of this story at Slashdot.

Microsoft Launches A Counterattack Against Russia's 'Fancy Bear' Hackers

Slashdot - Your Rights Online - N, 2017-07-23 09:42
Kevin Poulsen writes on the Daily Beast: It turns out Microsoft has something even more formidable than Moscow's malware: Lawyers. Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft's trademarks... Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear... Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like "livemicrosoft[.]net" or "rsshotmail[.]com" that Fancy Bear registers under aliases for about $10 each. Once under Microsoft's control, the domains get redirected from Russia's servers to the company's, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers' network of automated spies. "In other words," Microsoft outside counsel Sten Jenson explained in a court filing last year, "any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server."

Read more of this story at Slashdot.

Are Nondisparagement Agreements Silencing Employee Complaints?

Slashdot - Your Rights Online - N, 2017-07-23 06:38
cdreimer writes, "According to a report in the New York Times, 'nondisparagement agreements are increasingly included in employment contracts and legal settlements' to hide abuses that would otherwise be made public." The Times reports: Employment lawyers say nondisparagement agreements have helped enable a culture of secrecy. In particular, the tech start-up world has been roiled by accounts of workplace sexual harassment, and nondisparagement clauses have played a significant role in keeping those accusations secret... Nondisparagement clauses are not limited to legal settlements. They are increasingly found in standard employment contracts in many industries, sometimes in a simple offer letter that helps to create a blanket of silence around a company. Their use has become particularly widespread in tech employment contracts, from venture investment firms and start-ups to the biggest companies in Silicon Valley, including Google... Employees increasingly "have to give up their constitutional right to speak freely about their experiences if they want to be part of the work force," said Nancy E. Smith, a partner at the law firm Smith Mullin. Three different tech industry employees told the Times "they are not allowed to acknowledge that the agreements even exist." And Google "declined to comment" for the article.

Read more of this story at Slashdot.

Let's Encrypt Criticized Over Speedy HTTPS Certifications

Slashdot - Your Rights Online - So, 2017-07-22 20:34
100 million HTTPS certificates were issued in the last year by Let's Encrypt -- a free certificate authority founded by Mozilla, Cisco and the Electronic Frontier Foundation -- and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting? msm1267 shared this article from Kaspersky Lab's ThreatPost blog: [S]ome critics are sounding alarm bells and warning that Let's Encrypt might be guilty of going too far, too fast, and delivering too much of a good thing without the right checks and balances in place. The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls... Critics do not contend Let's Encrypt is responsible for these types of abuses. Rather, because it is the 800-pound gorilla when it comes to issuing basic domain validation certificates, critics believe Let's Encrypt could do a better job vetting applicants to weed out bad actors... "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm... Josh Aas, executive director of the Internet Security Research Group, the organization that oversees Let's Encrypt, points out that its role is not to police the internet, rather its mission is to make communications secure. He added that, unlike commercial certificate authorities, it keeps a searchable public database of every single domain it issues. "When people get surprised at the number of PayPal phishing sites and get worked up about it, the reason they know about it is because we allow anyone to search our records," he said. Many other certificate authorities keep their databases of issued certificates private, citing competitive reasons and that customers don't want to broadcast the names of their servers... The reason people treat us like a punching bag is that we are big and we are transparent. " The criticism intensified after Let's Encrypt announced they'd soon offer wildcard certificates for subdomains. But the article also cites security researcher Scott Helme, who "argued if encryption is to be available to all then that includes the small percent of bad actors. 'I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."

Read more of this story at Slashdot.