aggregator

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018

Slashdot - Your Rights Online - Wt, 2017-03-07 15:00
prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.

Read more of this story at Slashdot.

Amazon Shares Data With Arkansas Prosecutor In Murder Case

Slashdot - Your Rights Online - Wt, 2017-03-07 04:05
An anonymous reader quotes a report from Associated Press: Amazon dropped its fight against a subpoena issued in an Arkansas murder case after the defendant said he wouldn't mind if the technology giant shared information that may have been gathered by an Amazon Echo smart speaker. James Andrew Bates has pleaded not guilty to first-degree murder in the death of Victor Collins, who was found dead in a hot tub at Bates' home. In paperwork filed Monday, Bates said Amazon could share the information and Amazon said it handed over material on Friday. The Echo "listens" for key words and may have recorded what went on before Collins was found dead in November 2015. Amazon had fought a subpoena, citing its customers' privacy rights. A hearing had been set for Wednesday on whether any information gathered was even pertinent.

Read more of this story at Slashdot.

Sprint 'Betting Big On Trump,' Could Merge With T-Mobile Or Comcast

Slashdot - Your Rights Online - Pn, 2017-03-06 23:20
An anonymous reader quotes a report from Ars Technica: Speculation that Sprint will merge with T-Mobile USA or another competitor has ramped up since the inauguration of President Donald Trump. That continued Friday when a report from The New York Times suggested that Sprint could be combined with either T-Mobile or Comcast, the nation's largest cable company. Masayoshi Son, founder and CEO of Sprint owner SoftBank, "and his financial advisers are weighing several major possible deals for Sprint," the Times wrote. "Be it a tie-up with T-Mobile U.S., Sprint's closest competitor, or a more ambitious marriage with the cable colossus Comcast, a transaction would allow Mr. Son to fulfill a long-held ambition to invest aggressively in wireless networks in the United States and enable next-generation mobile technology." Titled "The World's Top Tech Investor Is Betting Big on Trump," the Times report says that "the Trump administration's push for lighter regulation and lower taxes has been a powerful lure for cash-rich investors the world over." SoftBank, which is based in Japan, had several of its executives "spen[d] a day in Washington talking to senior members of Mr. Trump's economic team" last month, according to bankers who were briefed on the meetings, the Times report said. U.S. regulators opposed wireless consolidation during the Obama administration, preventing potential mergers between AT&T and T-Mobile and later between Sprint and T-Mobile. With four major nationwide carriers, U.S. wireless competition recently led to an expansion of unlimited data plans.

Read more of this story at Slashdot.

Streaming Pirate Content Isn't Illegal, UK Trading Standards Says

Slashdot - Your Rights Online - Pn, 2017-03-06 22:00
Every day millions of people use PCs, tablets, phones and Kodi-style devices to stream pirated content, but is it illegal? According to Trading Standards, local UK authorities tasked with investigating commercial organizations, if users only stream and don't download, they're likely exempt from copyright law. An anonymous reader shares a TorrentFreak report: "Accessing premium paid-for content without a subscription is considered by the industry as unlawful access, although streaming something online, rather than downloading a file, is likely to be exempt from copyright laws," the spokesperson added. This statement certainly carries some weight. Although in a different region of the UK, Trading Standards is the driving force behind the prosecution of Kodi box seller Brian Thompson who entered a not guilty plea in January. He'll face a trial in a couple of months but it now seems more clear than ever that his customers and millions like them around the country are not breaking the law, a position that's shared by the EU Commission.

Read more of this story at Slashdot.

New York State To Launch Electric Vehicle Rebate

Slashdot - Your Rights Online - Pn, 2017-03-06 21:20
An anonymous reader shares an AP report: New York state will soon launch a rebate intended to make electric vehicles more price competitive with traditional cars. Officials said they'll launch the initiative by April 1. The rebate of up to $2,000 will be available for zero-emission and plug-in electric hybrid vehicles. It's part of an effort to reduce automotive carbon emissions, the state's largest climate change contributor. "We want to make electric vehicles a mainstream option," said state Assemblywoman Amy Paulin, a Westchester County Democrat who leads the Assembly energy committee. "They are becoming more affordable and we need to encourage them." Environmentalists supported the rebate when it was approved by lawmakers in 2016 and have been eagerly awaiting the launch.

Read more of this story at Slashdot.

Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation

Slashdot - Your Rights Online - Pn, 2017-03-06 20:40
One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37bn email addresses thanks to a faulty backup. From a report: A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security." Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected." The leaked, and unprotected, database is what's behind the sending of over a billion spam emails every day -- helped, as Vickery points out, by "a lot of automation, years of research, and fair bit of illegal hacking techniques." But it's more than a database that has leaked -- it's River City Media's entire operation.

Read more of this story at Slashdot.

Exploit that Caused iPhones To Repeatedly Dial 911 Reveals Grave Cybersecurity Threat, Say Experts

Slashdot - Your Rights Online - Pn, 2017-03-06 17:20
Ben Lovejoy, writing for 9to5Mac: We reported back in October on an iOS exploit that caused iPhones to repeatedly dial 911 without user intervention. It was said then that the volume of calls meant one 911 center was in 'immediate danger' of losing service, while two other centers had been at risk -- but a full investigation has now concluded that the incident was much more serious than it appeared at the time. It was initially thought that a few hundred calls were generated in a short time, but investigators now believe that one tweeted link that activated the exploit was clicked on 117,502 times, each click triggering a 911 call. The WSJ reports that law-enforcement officials and 911 experts fear that a targeted attack using the same technique could prove devastating. Of the 6,500 911 call centers nationwide, just 420 are believed to have implemented a cybersecurity program designed to protect them from this kind of attack.

Read more of this story at Slashdot.

The US Waged A Secret Cyber War Against North Korean Missiles

Slashdot - Your Rights Online - Pn, 2017-03-06 07:14
Early Monday morning North Korea fired four ballistic missiles into the sea of Japan, lending a new urgency to Saturday's revelation from the New York Times of America's "secret cyberwar" with North Korea. Slashdot reader Frosty Piss summarizes its suspected effects succinctly: "Soon after ex-President Obama ordered the secret program three years ago, North Korean missiles began exploding, veering off course, or crashing into the sea." The Times reports the program was started when Obama "concluded that the $300 billion spent since the Eisenhower era on traditional anti-missile systems...had failed the core purpose of protecting the continental United States," with tests of missile interceptors showing an overall failure rate of at least 56%. But after interviewing government officials, the Times concludes that the U.S. "still does not have the ability to effectively counter the North Korean nuclear and missile programs." Options include escalating the cyber and electronic warfare, trying to negotiate a freeze, asking the Chinese to cut off trade and support, or preparing for direct missile strikes on the launch sites, "which Obama also considered, but there is little chance of hitting every target." The New York Times article concludes: The White House is looking at military options against North Korea, a senior Trump administration official said. Putting U.S. tactical nuclear weapons back in South Korea -- they were withdrawn a quarter-century ago -- is also under consideration, even if that step could accelerate an arms race with the North.

Read more of this story at Slashdot.

Sprint Wins $140M Verdict Against Time Warner Cable For Infringing VoIP Patents

Slashdot - Your Rights Online - Pn, 2017-03-06 04:52
Sprint "may have just scored its biggest payout yet," reports Ars Technica, pointing out that Sprint's been filing lawsuits over its VoIP patents for more than a decade. An anonymous reader quotes their report: On Friday, a jury in Sprint's home district of Kansas City said that Time Warner Cable, now part of Charter Communications, must pay $139.8 million for infringing several patents related to VoIP technology. The jury found that TWC's infringement was willful, which means that the judge could increase the damage award up to three times its value... Sprint filed the lawsuits that led to Friday's verdict in 2011, when it sued TWC along with Comcast, Cox, and Cable One, saying the competing companies violated 12 different Sprint VoIP patents. The article points out that Comcast's response was to immediately file a countersuit, which so far has resulted in an early $7.5 million verdict in their favor.

Read more of this story at Slashdot.

FBI Dismisses Child Porn Case Rather Than Reveal Their Tor Browser Exploit

Slashdot - Your Rights Online - Pn, 2017-03-06 01:47
An anonymous reader writes: Federal prosecutors just dropped charges against a child pornography suspect rather than reveal the source code for their Tor exploit. Of the 200 cases they're prosecuting nationwide, this is only the second one where the FBI has asked that the case be dismissed. "Disclosure is not currently an option," federal prosecutors wrote in a court ruling Friday. The Department of Justice is still prosecuting 135 different people believed to have accessed an illegal child pornography web site. Before shutting it down, the FBI seized the site and operated it themselves for 13 more days, which allowed them to deploy malware to expose the users' real IP addresses.

Read more of this story at Slashdot.

Local Police Departments Are Building Their Own DNA Databases

Slashdot - Your Rights Online - N, 2017-03-05 16:34
Slashdot reader schwit1 quotes the Associated Press: Dozens of police departments around the U.S. are amassing their own DNA databases to track criminals, a move critics say is a way around regulations governing state and national databases that restrict who can provide genetic samples and how long that information is held. The local agencies create the rules for their databases, in some cases allowing samples to be taken from children or from people never arrested for a crime. Police chiefs say having their own collections helps them solve cases faster because they can avoid the backlogs that plague state and federal repositories... Frederick Harran, the public safety director in Bensalem Township, Pennsylvania...said he knows of about 60 departments using local databases... "The local databases have very, very little regulations and very few limits, and the law just hasn't caught up to them," said Jason Kreig, a law professor at the University of Arizona who has studied the issue. One ACLU attorney cites a case where local police officers in California took DNA samples from children without even obtaining a court order first.

Read more of this story at Slashdot.

Ask Slashdot: How Would You Handle A Bogus Copyright Infringement Notice?

Slashdot - Your Rights Online - N, 2017-03-05 13:34
Very long-time Slashdot reader Andy Smith writes: Yesterday I received an email from my ISP telling me that I had illegally downloaded an animated film called Cubo and the Two Strings. I'd never heard of the film and hadn't downloaded it. The accusation came from a government-approved group called Get It Right From a Genuine Site. I contacted that group and was directed to their FAQ. Worryingly, there's no way to correct a false report. The entire FAQ is written from the position that either you, or someone on your network, definitely downloaded what you're accused of downloading. Their advice to avoid any problems with your ISP is simply to not download anything illegally again. But if they can get it wrong once, then surely they can get it wrong again. How widespread is this problem? What safeguards are in place to ensure that people aren't falsely accused? Why has the government allowed this scheme to operate without the accused having some right to defend themselves? After advising users to check their wifi password -- and confront all the network's users about whether they've downloaded Cubo and the Two Strings -- the site concludes simply that "If there is no further activity identified for an IP address associated with your account, you will NOT receive further Educational Emails." Six weeks ago the U.K. government reported that "The campaign has now reached 21% of the population and, whilst piracy levels remain constant, it has decreased significantly among those exposed to the campaign." Have any other Slashdot users experienced problems with bogus copyright infringement notifications? And if so, how did you handle it?

Read more of this story at Slashdot.

The City of Munich Might Stick With Linux

Slashdot - Your Rights Online - N, 2017-03-05 06:34
Munich's "LiMux" project brought FOSS software to their city's IT administration -- until a vote last month on whether to abandon Linux and return to Windows. "Since this decision was reached, the majority of media have reported that a final call was made to halt LiMux and switch back to Microsoft software," reports the Free Software Foundation Europe. "This is, however, not an accurate representation of the outcome of the city council meeting." An anonymous reader quotes their report: The opposing parties were overruled, but the decision was amended such that the strategy document must specify which LiMux-applications will no longer be needed, the extent in which prior investments must be written off, and a rough calculation of the overall costs of the desired unification... [Only then will the city council make their final decision...] We succeeded thus far in forcing the mayor Dieter Reiter to postpone the final decision, and this was possible through the unwavering pressure created by joint efforts between The Document Foundation, KDE, OSBA, and the FSFE together with all the individuals who wrote to city council members and took the issue to the media. Although the mandate is highly suggestive in that it suggests that the existing vendor-neutral approach is to be replaced with a proprietary solution, it leaves the door open... The new mandate buys us some time. And we will keep going. Some politicians said they'd never received this much input from the public before, and the Free Software Foundation Europe says the city's issues were caused "from organizational problems, including lack of clear structures and responsibilities," which should not be attributed to the Linux operating system. "LiMux as such is still one of the best examples of how to create a vendor-neutral administration based on Free Software."

Read more of this story at Slashdot.

US Suspends 'Expedited' H-1B Visas

Slashdot - Your Rights Online - So, 2017-03-04 23:25
"Starting April 3, 2017, U.S. Citizenship and Immigration Services will temporarily suspend premium processing for all H-1B petitions," read Friday's announcement, which says the suspension "may last up to 6 months." Slashdot reader elrous0 sees it as part of the "ongoing efforts to curb abuses in the controversial H-1B program." The San Francisco Chronicle reports: While it could be difficult to divorce the move Friday from the Trump administration's broader immigration crackdown, some experts believed the agency's decision to be apolitical. "It has everything to do with an understaffed, overworked, U.S. Citizenship and Immigration Services," said Jason Finkelman, an Austin, Texas, immigration attorney, adding that the wait time for an H-1B visa in California is currently about eight months. However, Vivek Wadhwa, an adjunct professor at Carnegie Mellon University's Silicon Valley campus in NASA Ames Research Center at Moffett Field, said the suspension seems like a message from the government that you "can't buy your way into America." Whatever the motivation, Engadget believes this will impact large tech companies. "Financial Times quotes a lawyer saying that 'close to 100 percent' of applications from companies like Microsoft utilize the option."

Read more of this story at Slashdot.

FCC Chair Wants Carriers To Block Robocalls From Spoofed Numbers

Slashdot - Your Rights Online - So, 2017-03-04 15:00
An anonymous reader quotes a report from Ars Technica: The FCC in 2015 made it clear that voice service providers can offer call blocking tools to customers, but commissioners said at the time that more needed to be done about Caller ID spoofing. FCC Chairman Ajit Pai has now scheduled a preliminary vote for March 23 on new rules designed to solve the problem. "One particularly pernicious category of robocalls is spoofed robocalls -- i.e., robocalls where the caller ID is faked, hiding the caller's true identity," the proposal says. "Fraudsters bombard consumers' phones at all hours of the day with spoofed robocalls, which in some cases lure consumers into scams (e.g., when a caller claims to be collecting money owed to the Internal Revenue Service) or lead to identity theft." The proposed rules would let providers "block spoofed robocalls when the spoofed Caller ID can't possibly be valid." Providers would be able to block numbers that aren't valid under the North American Numbering Plan and block valid numbers that haven't been allocated to any phone company. They'd also be able to block valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber. The proposal would also codify the FCC's previous guidance that phone companies can block calls when requested by the spoofed number's subscriber. The upcoming vote on March 23 is for a Notice of Proposed Rulemaking (NPRM), which means the rules won't take effect immediately. The FCC uses NPRMs to seek comment on proposals before issuing final rules.

Read more of this story at Slashdot.

Bill Would Legalize Active Defense Against Hacks

Slashdot - Your Rights Online - So, 2017-03-04 03:30
Trailrunner7 quotes a report from On the Wire: A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack. Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as the Active Cyber Defense Certainty Act, the legislation seeks to amend the CFAA, the much-maligned 1986 law that is used in most computer crime prosecutions. The proposed legislation includes the caveat that victims can't take any actions that destroy data on another person's computer, causes physical injury to someone, or creates a threat to public safety. The concept of active defense has been a controversial one in the security community for several years, with many experts saying the potential downside outweighs any upside. Not to mention that it's generally illegal.

Read more of this story at Slashdot.

Uber Has Been Using a Secretive Program To Identify Enforcement Officers And Prevent Them From Hailing Cars

Slashdot - Your Rights Online - So, 2017-03-04 01:30
Uber has been using a secretive program to evade authorities for years, particularly at times when city regulators were trying to block the ride-hailing service, according to a new report by the New York Times. From the report: Uber is using a tool called "Greyball" to work identify requests made by certain users and deny them service, according to the report. The application, later renamed the "violation of terms of service" or VTOS program, is said to employ data analysis on info collected by the Uber app to identify individuals violating Uber's terms of service, and blocks riders from being able to hail rides who fall into that category -- including, according to the report, members of code enforcement authorities or city officials who are attempting to gather data about Uber offering service where it's currently prohibited. The report claims that that Uber's "violation of terms of service" or VTOS program, briefly known as Greyball, began around 2014, and has sign-off from Uber's legal team.In a statement, Uber said, "This program denies ride requests to users who are violating our terms of service -- whether that's people aiming to physically harm drivers, competitors looking to disrupt our operations, or opponents who collude with officials on secret 'stings' meant to entrap drivers." Journalists, putting things in context. Russell Brandom, a reporter at The Verge said, This is the kind of thing a DA would put in front of a judge if they wanted to subpoena Uber's business records for an entire city. Matt Rosoff, editorial director at CNBC Digital added, I've been a tech journalist on and off for 21 years and I can't remember any company having a worse month news cycle-wise than Uber is now.

Read more of this story at Slashdot.

Canadian DMCA In Action: Court Awards Massive Damages In Modchip Case

Slashdot - Your Rights Online - So, 2017-03-04 00:50
New submitter google20000 shares a report from Michael Geist: The Federal Court of Canada has issued a massive damage award in the first major Canadian digital lock copyright ruling involving circumvention of technological protection measures. The ruling, which is the first to conduct an extensive examination of the anti-circumvention rules established in 2012, adopts expansive interpretations to the digital lock protections and narrow views of the exceptions. The case launched by Nintendo confirms that Canada has tough anti-piracy laws with one of the most aggressive digital lock laws in the world and will fuel calls to re-examine the effectiveness of the anti-circumvention exceptions in the 2017 copyright review. The case stems from a lawsuit launched by video game maker Nintendo against Go Cyber Shopping, a modchip seller that operated a retail store in Waterloo, Ontario and several online stores. Go Cyber Shopping offered a wide range of products that allow users to circumvent the digital lock controls on the Nintendo gaming console (such as the Wii) and play unauthorized games including "homebrew" games. Go Cyber Shopping argued that it provided other services but the court says that it did not tender any evidence in that regard. The court concluded that the modchip seller engaged in copyright infringement and circumvented technological protection measures. In fact, it went out of its way to emphasize the importance of TPM protection. It adopted a broad interpretation of a technological protection measure -- rejecting a UK case that used a narrower interpretation -- in favor of an approach that covers access controls that go beyond restrictions on copying.

Read more of this story at Slashdot.

California Government On the Dangers of Cellphones

Slashdot - Your Rights Online - So, 2017-03-04 00:10
mi quotes a report from CBS Local: After keeping it hidden for years, California's Department of Public Health has released a draft document outlining health officials' concerns about cellphone radiation exposure. The previously unpublished document was released this week after a judge indicated she would order the documents be disclosed. Health officials' overall recommendation is to "increase the distance between you and your phone" by using a headset, the speaker phone function and text messaging. Health officials recommend not sleeping near your phone and not carry it in your pocket or directly on your body, unless it is off. The fact sheet also states that "EMFs can pass deeper into a child's brain than and adult's" so suggests parents limit their child's cellphone use to texting, important call and emergencies.

Read more of this story at Slashdot.

Apple Is Expanding Its War With Qualcomm

Slashdot - Your Rights Online - Pt, 2017-03-03 20:17
Apple has opened a new front in its global patent war with Qualcomm. From a report: The Cupertino, Calif.-based company has sued Qualcomm in a U.K. court, accusing the chipmaker of violating patents and design concepts Apple owns. Details on exactly which patents Qualcomm has violated and why Apple believes Qualcomm has violated the patents were not disclosed in the public court records, according to Bloomberg, which earlier reported on the lawsuit. The lawsuit is the latest in a string of disputes Apple and Qualcomm have engaged in around the world. The main dispute resides in the U.S., where Apple has accused Qualcomm of using its position as a prominent chipmaker to hurt competition in the mobile marketplace. Apple, which has used Qualcomm chips for its iPhone's wireless connectivity, claims Qualcomm owes the company $1 billion in rebates the chip maker allegedly held back after Apple spoke to South Korean regulators about Qualcomm's business practices.

Read more of this story at Slashdot.