aggregator

Apple Sued By State Farm Over Alleged iPhone Fire

Slashdot - Your Rights Online - N, 2017-07-23 23:18
An anonymous reader quotes CNET: Insurer State Farm and one of its customers, Wisconsin resident Xai Thao, allege that one of Apple's older iPhones had a defective battery that led to a fire last year. A lawsuit filed on Thursday by both State Farm and Thao claims that her iPhone 4S "failed" and "started a fire at Thao's home." The lawsuit further claims that "preliminary investigations show evidence of a significant and localized heating event in the battery area of the iPhone." It also declares that there were "remnants of internal shorting, indicating that an internal failure of the iPhone's battery caused the fire"... The State Farm lawsuit says that Thao's iPhone was "in a defective and unreasonably dangerous condition" when she bought it in 2014. The suit is claiming in excess of $75,000 in damages.

Read more of this story at Slashdot.

UK To Require Drone Registration And Safety Exams

Slashdot - Your Rights Online - N, 2017-07-23 21:10
An anonymous reader quotes Bloomberg: Drones will have to be registered and their users required to pass safety tests under new rules to be announced by the U.K.'s Department for Transport... Registration will be mandated for owners of drones 250 grams (8.8 ounces) or larger after research found that drones as small as 400 grams (14 ounces) could damage the windscreens of helicopters. Other security measures like "geo-fencing" -- GPS-based technology programmed into drones to prevent them from flying into sensitive areas such as prisons and airports -- are also under consideration, according to a statement from the department. The BBC points out that "There is no time frame or firm plans as to how the new rules will be enforced and the Department of Transport admitted that 'the nuts and bolts still have to be ironed out.'" "The UK government says 22 incidents involving commercial airliners and drones were investigated between January and April of this year," adds TechRadar, "with police unable to trace the owners of the drones -- one of the reasons for the new legislation."

Read more of this story at Slashdot.

Microsoft Launches A Counterattack Against Russia's 'Fancy Bear' Hackers

Slashdot - Your Rights Online - N, 2017-07-23 09:42
Kevin Poulsen writes on the Daily Beast: It turns out Microsoft has something even more formidable than Moscow's malware: Lawyers. Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft's trademarks... Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear... Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like "livemicrosoft[.]net" or "rsshotmail[.]com" that Fancy Bear registers under aliases for about $10 each. Once under Microsoft's control, the domains get redirected from Russia's servers to the company's, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers' network of automated spies. "In other words," Microsoft outside counsel Sten Jenson explained in a court filing last year, "any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server."

Read more of this story at Slashdot.

Are Nondisparagement Agreements Silencing Employee Complaints?

Slashdot - Your Rights Online - N, 2017-07-23 06:38
cdreimer writes, "According to a report in the New York Times, 'nondisparagement agreements are increasingly included in employment contracts and legal settlements' to hide abuses that would otherwise be made public." The Times reports: Employment lawyers say nondisparagement agreements have helped enable a culture of secrecy. In particular, the tech start-up world has been roiled by accounts of workplace sexual harassment, and nondisparagement clauses have played a significant role in keeping those accusations secret... Nondisparagement clauses are not limited to legal settlements. They are increasingly found in standard employment contracts in many industries, sometimes in a simple offer letter that helps to create a blanket of silence around a company. Their use has become particularly widespread in tech employment contracts, from venture investment firms and start-ups to the biggest companies in Silicon Valley, including Google... Employees increasingly "have to give up their constitutional right to speak freely about their experiences if they want to be part of the work force," said Nancy E. Smith, a partner at the law firm Smith Mullin. Three different tech industry employees told the Times "they are not allowed to acknowledge that the agreements even exist." And Google "declined to comment" for the article.

Read more of this story at Slashdot.

Let's Encrypt Criticized Over Speedy HTTPS Certifications

Slashdot - Your Rights Online - So, 2017-07-22 20:34
100 million HTTPS certificates were issued in the last year by Let's Encrypt -- a free certificate authority founded by Mozilla, Cisco and the Electronic Frontier Foundation -- and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting? msm1267 shared this article from Kaspersky Lab's ThreatPost blog: [S]ome critics are sounding alarm bells and warning that Let's Encrypt might be guilty of going too far, too fast, and delivering too much of a good thing without the right checks and balances in place. The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls... Critics do not contend Let's Encrypt is responsible for these types of abuses. Rather, because it is the 800-pound gorilla when it comes to issuing basic domain validation certificates, critics believe Let's Encrypt could do a better job vetting applicants to weed out bad actors... "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm... Josh Aas, executive director of the Internet Security Research Group, the organization that oversees Let's Encrypt, points out that its role is not to police the internet, rather its mission is to make communications secure. He added that, unlike commercial certificate authorities, it keeps a searchable public database of every single domain it issues. "When people get surprised at the number of PayPal phishing sites and get worked up about it, the reason they know about it is because we allow anyone to search our records," he said. Many other certificate authorities keep their databases of issued certificates private, citing competitive reasons and that customers don't want to broadcast the names of their servers... The reason people treat us like a punching bag is that we are big and we are transparent. " The criticism intensified after Let's Encrypt announced they'd soon offer wildcard certificates for subdomains. But the article also cites security researcher Scott Helme, who "argued if encryption is to be available to all then that includes the small percent of bad actors. 'I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."

Read more of this story at Slashdot.

Facebook Petitioned To Change License For ReactJS

Slashdot - Your Rights Online - So, 2017-07-22 16:34
mpol writes: The Apache Software Foundation issued a notice last weekend indicating that it has added Facebook's BSD+Patents [ROCKSDB] license to its Category X list of disallowed licenses for Apache Project Management Committee members. This is the license that Facebook uses for most of its open source projects. The RocksDB software project from Facebook already changed its license to a dual Apache 2 and GPL 2. Users are now petitioning on GitHub to have Facebook change the license of React.JS as well. React.JS is a well-known and often used JavaScript Framework for frontend development. It is licensed as BSD + Patents. If you use React.JS and agreed to its license, and you decide to sue Facebook for patent issues, you are no longer allowed to use React.JS or any Facebook software released under this license.

Read more of this story at Slashdot.

Kodi Magazine 'Directs Readers To Pirate Content'

Slashdot - Your Rights Online - So, 2017-07-22 09:00
An anonymous reader writes: A British magazine is directing readers to copyright-infringing software, the Federation Against Copyright Theft (Fact) has said. Kodi is a free, legal media player for computers -- but software add-ons can make it possible to download pirated content. The Complete Guide to Kodi magazine instructs readers on how to download such add-ons. Dennis Publishing has not yet responded to a BBC request for comment. The magazine is available at a number of retailers including WH Smith, Waterstones and Amazon. It was spotted on sale by cyber-security researcher Kevin Beaumont. It repeatedly warns readers of the dangers of accessing pirated content online, but one article lists a series of software packages alongside screenshots promoting "free TV", "popular albums" and "world sport". "Check before you stream and use them at your own risk," the guide says, before adding that readers should stay "on the right side of the law."

Read more of this story at Slashdot.

Intel Accuses Qualcomm of Trying To Kill Mobile Chip Competition

Slashdot - Your Rights Online - Pt, 2017-07-21 22:08
Intel has jumped into the fray surrounding the Apple-Qualcomm patent spat by accusing the world's biggest maker of mobile phone chips of trying to use the courts to snuff out competition. From a report: The chip giant made the allegation late Thursday in a public statement (PDF) to US International Trade Commission. The commission had requested the statement as part of its investigation into Qualcomm's accusation that Apple's iPhones of infringe six of Qualcomm's mobile patents. Specifically, Intel said, the case is about quashing competition from Intel, which described itself as "Qualcomm's only remaining competitor" in the market for chips for cellular phones. "Qualcomm did not initiate this investigation to stop the alleged infringement of its patent rights; rather, its complaint is a transparent effort to stave off lawful competition from Qualcomm's only remaining rival," Intel said in its statement. "This twisted use of the Commission's process is just the latest in a long line of anticompetitive strategies that Qualcomm has used to quash incipient and potential competitors and avoid competition on the merits."

Read more of this story at Slashdot.

Sean Spicer Resigns as White House Press Secretary After Objecting To Scaramucci Hire

Slashdot - Your Rights Online - Pt, 2017-07-21 20:10
CNBC reports: White House press secretary Sean Spicer abruptly resigned Friday after opposing President Donald Trump's appointment of Anthony Scaramucci as communications director. The president asked Spicer to stay in his role, but Spicer said appointing Scaramucci was a major mistake, The New York Times, citing a person with direct knowledge of the conversation. NBC News confirmed the resignation with two people familiar with the matter. Spicer tweeted later that he will continue to serve through August. White House chief of staff Reince Priebus was said to have advocated naming Spicer as press secretary. The two worked at the Republican National Committee before joining the administration. Following Spicer's resignation, Priebus said he supports Scaramucci "100 percent," according to news reports.

Read more of this story at Slashdot.

Disney Facing VFX Firm's Injunction Bid on Three Blockbuster Films

Slashdot - Your Rights Online - Pt, 2017-07-21 16:40
From a report: 'Guardians of the Galaxy,' 'Avengers: Age of Ultron' and 'Beauty and the Beast' are now under the microscope for use of facial capture technology. Upping the stakes over a technology called "performance motion capture," Rearden LLC is going after The Walt Disney Company in a lawsuit filed this week. The plaintiff, a firm incubated by Silicon Valley entrepreneur Steve Perlman, is demanding an injunction prohibiting Disney from distributing Guardians of the Galaxy, Avengers: Age of Ultron and Beauty and the Beast. The new lawsuit comes a year after Rearden scored a startling injunction against two Chinese firms that purchased allegedly stolen technology known as MOVA, which was being licensed by Digital Domain 3.0. At the time, some legal observers were reading the ruling as notice to Hollywood studios that the facial motion capture technology was out of play. According to Rearden's latest lawsuit in California federal court, Disney didn't listen. "Disney used the stolen MOVA Contour systems and methods, made derivative works, and reproduced, distributed, performed, and displayed at least Guardians of the Galaxy, Avengers: Age of Ultron, and Beauty and the Beast, in knowing or willfully blind violation of Rearden Mova LLC's intellectual property rights."

Read more of this story at Slashdot.

FTC Probing Allegations of Amazon's Deceptive Discounting

Slashdot - Your Rights Online - Pt, 2017-07-21 15:00
An anonymous reader quotes a report from Reuters: As part of its review of Amazon's agreement to buy Whole Foods, the Federal Trade Commission is looking into allegations that Amazon misleads customers about its pricing discounts, according to a source close to the probe. The FTC is probing a complaint brought by the advocacy group Consumer Watchdog, which looked at some 1,000 products on Amazon's website in June and found that Amazon put reference prices, or list prices, on about 46 percent of them. An analysis found that in 61 percent of products with reference prices, Amazon's reference prices were higher than it had sold the same product in the previous 90 days, Consumer Watchdog said in a letter to the FTC dated July 6. Amazon said in a statement that Consumer Watchdog's study was "deeply flawed." "The conclusions the Consumer Watchdog group reached are flat out wrong," Amazon said. "We validate the reference prices provided by manufacturers, vendors and sellers against actual prices recently found across Amazon and other retailers."

Read more of this story at Slashdot.

AlphaBay Owner Used Email Address For Both AlphaBay and LinkedIn Profile.

Slashdot - Your Rights Online - Pt, 2017-07-21 12:00
BarbaraHudson writes: The Register is reporting that Alexandre Cazes, the 25-year-old Canadian running the dark web site AlphaBay, was using a hotmail address easily connected to him via his Linkdin profile to administer the site. From the report: "[A]ccording to U.S. prosecutors, he used his real email address, albeit a Hotmail address -- Pimp_Alex_91@hotmail.com -- as the administrator password for the marketplace software. As a result, every new user received a welcome email from that address when they signed up to the site, and everyone using its password recovery tool also received an email from that address. However, rather than carefully set up and then abandon that email address, it turns out that Alexandre Cazes -- Pimp Alex -- had been using that address for years. Cazes had also used his Pimp Alex Hotmail address as well as an email address from his own business -- EBX Technologies -- to set up online bank accounts and crypto-currency accounts. How did law enforcement know that Cazes was behind EBX Technologies? It was on his LinkedIn profile." BarbaraHudson adds: "His laptop wasn't encrypted, so expect more arrests as AlphaBay users are tracked down."

Read more of this story at Slashdot.

Judge Rules That Government Can Force Glassdoor To Unmask Anonymous Users Online

Slashdot - Your Rights Online - Pt, 2017-07-21 02:45
pogopop77 shares a report from Ars Technica: An appeals court will soon decide whether the U.S. government can unmask anonymous users of Glassdoor -- and the entire proceeding is set to happen in secret. Federal investigators sent a subpoena asking for the identities of more than 100 anonymous users of the business-review site Glassdoor, who apparently posted reviews of a company that's under investigation for potential fraud related to its contracting practices. The government later scaled back its demand to just eight users. Prosecutors believe these eight Glassdoor users are "third-party witnesses to certain business practices relevant to [the] investigation." The name of the company under investigation is redacted from all public briefs. Glassdoor made a compromise proposal to the government: it would notify the users in question about the government's subpoena and then provide identifying information about users who were willing to participate. The government rejected that idea. At that point, Glassdoor lawyered up and headed to court, seeking to have the subpoena thrown out. Lawyers for Glassdoor argued that its users have a First Amendment right to speak anonymously. While the company has "no desire to interfere" with the investigation, if its users were forcibly identified, the investigation "could have a chilling effect on both Glassdoor's reviewers' and readers' willingness to use glassdoor.com," states Glassdoor's motion (PDF). The government opposed the motion, though, and prevailed in district court.

Read more of this story at Slashdot.

Apple Flies Top Privacy Executives Into Australia To Lobby Against Proposed Encryption Laws

Slashdot - Your Rights Online - Pt, 2017-07-21 02:05
An anonymous reader quotes a report from Patently Apple: Last week Patently Apple posted a report titled "Australia proposed new Laws Compelling Companies like Facebook & Apple to Provide Access to Encrypted Messages." Days later, Australia's Prime Minister spoke about the encryption problem with the Australian press as noted in the video in our report. Now we're learning that Apple has flown in top executives to lobby Turnbull government on encryption laws. It sounds like a showdown is on the horizon. This is the second time this month that Apple has flown executives into Australia to lobby the government according to a Sydney publication. Apple executives met with Attorney-General George Brandis and senior staff in Prime Minister Malcolm Turnbull's office on Tuesday to discuss the company's concerns about the legal changes, which could see tech companies compelled to provide access to locked phones and third party messaging applications. Apple has argued in the meetings that as a starting point it does not want the updated laws to block tech companies from using encryption on their devices, nor for companies to have to provide decryption keys to allow access to secure communications. The company has argued that if it is compelled to provide a software "back door" into its phones to help law enforcement agencies catch criminals and terrorists, this would reduce the security for all users. It also says it has provided significant assistance to police agencies engaged in investigations, when asked. UPDATE 07/20/17: Headline has been updated to clarify that Apple is lobbying against the proposed encryption laws in Australia.

Read more of this story at Slashdot.

Alleged Dark Web Kingpin Doxed Himself With His Personal Hotmail Address

Slashdot - Your Rights Online - Pt, 2017-07-21 01:20
Joseph Cox, reporting for Motherboard: On Thursday, US authorities announced the seizure of the largest dark web marketplace AlphaBay. Europol and Dutch police also claimed seizure of Hansa, another popular market. In their dark web investigations, law enforcement have increasingly turned to hacking tools, including the deployment of browser exploits on a mass scale. But tracking down the alleged AlphaBay administrator was much more mundane, officials said. Alexandre Cazes, who US authorities say used the handle alpha02 as administrator of the site, allegedly left his personal email in a welcome message to new AlphaBay members, according to the forfeiture complaint published on Thursday. The news echoes the arrest of Ross Ulbricht, the convicted creator of the original Silk Road, who made a similar security mistake. "In December 2016, law enforcement learned that CAZES' personal email was included in the header of AlphaBay's 'welcome email' to new users in December 2014," the complaint reads. Users received this message once they signed up to AlphaBay's forum and entered an email address. Cazes' email address -- Pimp_Alex_91@hotmail.com -- was also included in the header of the AlphaBay forum password recovery process, the complaint adds. From there, investigators found the address was linked to an Alexandre Cazes, and discovered his alleged front company, EBX Technologies.

Read more of this story at Slashdot.

Authorities Take Down Hansa Dark Web Market, Confirm AlphaBay Takedown

Slashdot - Your Rights Online - Pt, 2017-07-21 00:00
An anonymous reader writes via Bleeping Computer: Today, in coordinated press releases, the U.S. Department of Justice (DOJ) and Europol announced the takedown of two Dark Web marketplaces -- AlphaBay and Hansa Market. First to fall was the Hansa Market after Dutch officers seized control over their servers located inside one of the country's hosting providers. Dutch Police seized Hansa servers on June 20, but the site was allowed to operate for one more month as officers gathered more evidence about its clientele. The Hansa honeypot received an influx of new users as the FBI shut down AlphaBay on July 5, a day after it took control over servers on July 4. Europol and the FBI say they collected mountains of evidence such as "usernames and passwords of thousands of buyers and sellers of illicit commodities" and "delivery addresses for a large number of orders." FBI Active Director McCabe said AlphaBay was ten times larger than Silk Road, with over 350,000 listings. In opposition, Silk Road, which authorities seized in November 2013, listed a meager 14,000 listings for illicit goods and services at the time authorities took down the service.

Read more of this story at Slashdot.

FCC Says It Has No Documentation of Cyberattack That It Claims Happened

Slashdot - Your Rights Online - Cz, 2017-07-20 23:20
An anonymous reader quotes a report from The Hill: The Federal Communications Commission (FCC) declined to reveal analysis proving that it was the victim of a cyberattack in May. The agency claimed at the time that its Electronic Comment Filing System (ECFS) did not actually crash because of a large amount of traffic on the site prompted by John Oliver telling viewers to file comments in favor of net neutrality on his HBO show, Last Week Tonight. Instead, the FCC said that the ECFS went down as a result of a DDoS attack. In its response to Gizmodo's FOIA request, the FCC said that the attack "did not result in written documentation." "Based on a review of the logs, we have already provided a detailed description of what happened. We stand by our career IT staff's analysis of the evidence in our possession," an FCC spokesperson said when asked for comment on the matter.

Read more of this story at Slashdot.

US Ends Controversial Laptop Ban On Flights From Middle East

Slashdot - Your Rights Online - Cz, 2017-07-20 16:00
The United States has ended a four-month ban on passengers carrying laptops onboard US-bound flights from certain airports in the Middle East and North Africa, bringing to an end one of the controversial travel restrictions imposed by President Donald Trump's administration. From a report: Riyadh's King Khalid international airport was the last of 10 airports to be exempted from the ban, the US department of homeland security (DHS) confirmed in a tweet late on Wednesday local time. Middle East carriers have blamed Trump's travel restrictions, which include banning citizens of some Muslim-majority countries from visiting the United States, for a downturn in demand on US routes. In March, the United States banned large electronics in cabins on flights from 10 airports in the Middle East and North Africa over concerns that explosives could be concealed in the devices taken onboard aircraft. The ban has been lifted on the nine airlines affected -- Emirates, Etihad Airways, Qatar Airways, Turkish Airlines, Saudi Arabian Airlines, Royal Jordanian , Kuwait Airways, EgyptAir and Royal Air Maroc -- which are the only carriers to fly direct to the US from the region. A ban on citizens of six Muslim-majority countries -- Iran, Libya, Somalia, Sudan, Syria, and Yemen, -- remains in place, though has been limited after several US court hearings challenged the restrictions.

Read more of this story at Slashdot.

US House Panel Approves Broad Proposal On Self-Driving Cars

Slashdot - Your Rights Online - Cz, 2017-07-20 15:00
An anonymous reader quotes a report from Reuters: A U.S. House panel on Wednesday approved a sweeping proposal by voice vote to allow automakers to deploy up to 100,000 self-driving vehicles without meeting existing auto safety standards and bar states from imposing driverless car rules. Representative Robert Latta, a Republican who heads the Energy and Commerce Committee subcommittee overseeing consumer protection, said he would continue to consider changes before the full committee votes on the measure, expected next week. The full U.S. House of Representatives will not take up the bill until it reconvenes in September after the summer recess. The measure, which would be the first significant federal legislation aimed at speeding self-driving cars to market, would require automakers to submit safety assessment reports to U.S. regulators, but would not require pre-market approval of advanced vehicle technologies. Automakers would have to show self-driving cars "function as intended and contain fail safe features" to get exemptions from safety standards but the Transportation Department could not "condition deployment or testing of highly automated vehicles on review of safety assessment certifications," the draft measure unveiled late Monday said.

Read more of this story at Slashdot.

Game of Thrones Pirates Being Monitored By HBO, Warnings On The Way

Slashdot - Your Rights Online - Cz, 2017-07-20 03:25
HBO is leaving no stones unturned in keeping Game of Thrones' piracy under control. The company is monitoring various popular torrent swarms and sending thousands of warnings targeted at internet subscribers whose connections are used to share the season 7 premiere of the popular TV series, reports TorrentFreak: Soon after the first episode of the new season appeared online Sunday evening, the company's anti-piracy partner IP Echelon started sending warnings targeted at torrenting pirates. The warnings in question include the IP-addresses of alleged BitTorrent users and ask the associated ISPs to alert their subscribers, in order to prevent further infringements. "We have information leading us to believe that the IP address xx.xxx.xxx.xx was used to download or share Game of Thrones without authorization," the notification begins. "HBO owns the copyright or exclusive rights to Game of Thrones, and the unauthorized download or distribution constitutes copyright infringement. Downloading unauthorized or unknown content is also a security risk for computers, devices, and networks." Under US copyright law, ISPs are not obligated to forward these emails, which are sent as a DMCA notification. However, many do as a courtesy to the affected rightsholders. The warnings are not targeted at a single swarm but cover a wide variety of torrents. TorrentFreak has already seen takedown notices for the following files, but it's likely that many more are being tracked.

Read more of this story at Slashdot.