aggregator

Tor Browser Will Feature More Rust Code

Slashdot - Your Rights Online - Pn, 2017-04-03 05:49
An anonymous reader writes: "The Tor Browser, a heavily modified version of the Firefox browser with many privacy-enhancing features, will include more code written in the Rust programming language," reports BleepingComputer. In a meeting held last week in Amsterdam, Tor developers decided to slowly start using Rust to replace the C++ code. The decision comes after Mozilla started shipping Rust components with Firefox in 2016. Furthermore, Rust is a memory-safe(r) language than C++, the language used for Firefox and the customized Tor code, which means less memory corruption errors. Less of these errors means better privacy for all. "Part of our interest in using safer languages like Rust in Tor is because a tiny mistake in C could have real consequences for real people," Tor developer Isis Agora Lovecruft posted on Twitter, adding "Also the barrier to entry for contributing to large OSS projects written in C is insanely high."

Read more of this story at Slashdot.

This Year's H-1B Visa Applications Look A Lot Like Last Year's

Slashdot - Your Rights Online - N, 2017-04-02 20:34
"This year's round of H-1B visa program applications was scheduled to launch Monday, and it was largely absent of President Donald Trump's proposed policy changes," writes Newsweek. An anonymous reader quotes their report: The U.S. Citizenship and Immigration Services last updated its online page dedicated to the program, which granted visas to skilled foreign workers, Wednesday with the rules mostly similar to those of last year and quotas remaining the same. These requirements were set to launch despite Trump's vow to reform the program on the grounds that companies exploited it to fill jobs once held by U.S. citizens who earned higher wages. An alleged draft of an executive order was leaked last month and widely circulated, raising fears that the administration was preparing to gut the program. These measures were never announced. "There was a window in which the White House could have made serious reforms," Russ Harrison, head of government relations for the Institute of Electrical and Electronics Engineers-USA, told The Wall Street Journal. "For whatever reason, they decided not to take it."

Read more of this story at Slashdot.

How To Protect Your Privacy Online

Slashdot - Your Rights Online - N, 2017-04-02 19:34
Though the U.S. Congress voted to roll back privacy rules, broadband customers can still opt-out of targeted advertising from Comcast, Charter, AT&T, and T-Mobile. But an anonymous reader explains why that's not enough: "It's not clear that opting out will prevent ISPs from putting your data to use," reports The Verge, adding "you're opting out of seeing ads, but not out of providing data." Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, tells NPR that consumers can also "call their providers and opt out of having their information shared." But he also suggests a grass roots effort, calling this "an opportunity to pressure companies to implement good practices and for consumers to say 'I think that you should require opt-in consent and if you're not, why not?'" To try to stop the creation of that data, Brian Krebs has also posted a guide for choosing a VPN provider, and shared a useful link to a chart comparing VPN providers that was recommended by the EFF. This may help avoid some of the problems reported with VPN services, and Krebs also recommends Tor as a free (albeit possibly slower) option, while sharing an informational link describing Tor's own limitations. I'm curious what steps Slashdot's readers are taking (if any) to protect their own privacy online?

Read more of this story at Slashdot.

EFF Issues April Fool's Day Newsletter

Slashdot - Your Rights Online - N, 2017-04-02 03:34
An anonymous reader writes: There were some surprises in today's edition of the EFF's "EFFector" newsletter. Noting that it's their sqrt(-1)th issue, they report that the EU will protect the privacy of its data by building a 30-foot wall around the United States. "Only U.S. tech companies that comply with EU privacy restrictions and prohibit U.S. government access to their data will be given fiber optic grappling hooks to transport Europeans' data across the Atlantic, over the wall, and back to their U.S.-based servers." The newsletter also reports that the bipartisan leaders of the U.S. House and Senate Intelligence Committees "apologized during a press conference this morning for failing to provide rigorous supervision of the intelligence community." And the newsletter also reports that Deadpool won an Oscar after PricewaterhouseCoopers mistakenly handed the presenters an envelope with a list of the most-frequently torrent-ed movie of 2016. But perhaps its most unexpected headline is "Comcast to Assimilate with the Borg." The Borg said the deal would increase its market share, nationwide reach, and overall reputation for evil -- while Comcast claimed that the deal would boost competition.

Read more of this story at Slashdot.

Connecticut May Become First US State To Allow Deadly Police Drones

Slashdot - Your Rights Online - N, 2017-04-02 00:34
According to Reuters, Connecticut lawmakers are considering a new bill that would allow police to equip drones with potentially lethal weapons. The bill, which was approved overwhelmingly by the state legislature's judiciary committee on Wednesday, actually aims to ban weaponized drones, but exempts the ban from law enforcement agencies. From the report: Connecticut would become the first U.S. state to allow law enforcement agencies to use drones equipped with deadly weapons if a bill opposed by civil libertarians becomes law. The legislation was introduced as a complete ban on weaponized drones but just before the committee vote it was amended to exclude police from the restriction. "Data shows police force is disproportionately used on minority communities, and we believe that armed drones would be used in urban centers and on minority communities," said David McGuire, executive director of the American Civil Liberties Union in Connecticut. "That's not the kind of precedent we want to set here," McGuire said of the prospect that Connecticut would become the first state to allow police to use lethally armed drones. If Connecticut's Democratic-controlled House passes the bill it will move to the Senate, which is split evenly between Democrats and Republicans.

Read more of this story at Slashdot.

Trump Extends Obama Executive Order On Cyberattacks

Slashdot - Your Rights Online - So, 2017-04-01 23:34
"U.S. President Donald Trump is extending by one year special powers introduced by former President Barack Obama that allow the government to issue sanctions against people and organizations engaged in significant cyberattacks and cybercrime against the U.S.," according to InfoWorld. An anonymous reader quotes their report: Executive Order 13694 was introduced on April 1, 2015, and was due to expire on Saturday, but the president sent a letter to Congress on Wednesday evening informing it of his plans to keep it active. Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States," Trump wrote in the letter. "Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities." The executive order gave the U.S. new powers to retaliate for hacking of critical infrastructure, major denial of service attacks or large scale economic hacking. It was expanded in December 2016 to include election-related systems and used to sanction Russian agents and organizations for their alleged role in a series of attacks during the presidential election.

Read more of this story at Slashdot.

Trump Extends Obama Executive Order On Cyberattacks [Flagged]

Slashdot - Your Rights Online - So, 2017-04-01 23:34
"U.S. President Donald Trump is extending by one year special powers introduced by former President Barack Obama that allow the government to issue sanctions against people and organizations engaged in significant cyberattacks and cybercrime against the U.S.," according to InfoWorld. An anonymous reader quotes their report: Executive Order 13694 was introduced on April 1, 2015, and was due to expire on Saturday, but the president sent a letter to Congress on Wednesday evening informing it of his plans to keep it active. Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States," Trump wrote in the letter. "Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities." The executive order gave the U.S. new powers to retaliate for hacking of critical infrastructure, major denial of service attacks or large scale economic hacking. It was expanded in December 2016 to include election-related systems and used to sanction Russian agents and organizations for their alleged role in a series of attacks during the presidential election.

Read more of this story at Slashdot.

New UBI Program Launches In Canada To 'Define Our Future'

Slashdot - Your Rights Online - So, 2017-04-01 09:00
As automation continues to replace human workers, a universal basic income program will begin paying $1,689 per month to select Ontario residents later this year, as Canada joins other countries testing a UBI (which include America, Scotland, the Netherlands, Finland, India, Rwanda, Kenya and Uganda). An anonymous reader quotes the Toronto Star: Public support in Ontario for the province's three-year UBI project to be launched this spring in three Ontario communities is remarkably strong. The 35,000 Ontarians canvassed by Queen's Park for their input were near-unanimous in supporting the UBI projects. And they insisted that a UBI augment, rather than replace, existing welfare, medical and other social supports... A well-designed UBI equates to freedom. Freedom from exploitative employers. Freedom to launch a small business or develop an invention despite a lack of employment income. Liberation from the "poverty trap," where taking a paying job means surrendering welfare and other benefits... Fact is, job scarcity in traditional vocations is acute, worsening and permanent. In 2013, two Oxford professors forecast that about 45 per cent of U.S. jobs could be eliminated by automation within the next 20 years. And a more recent report by researchers at Indiana's Ball State University found that 88 per cent of U.S. job loss has been caused by automation, not globalization. Interestingly, the U.S. launched a Universal Basic Income pilot program which ran for three years starting in 1968. It was run by 36-year-old Donald Rumsfeld (who would later become Secretary of Defense) working with special assistant Dick Cheney (who went on to become America's vice president from 2001-2009). U.S. representatives even voted to replace welfare with a UBI, but the measure ultimately failed in the Senate.

Read more of this story at Slashdot.

Net Neutrality Is Trump's Next Target, Administration Says

Slashdot - Your Rights Online - So, 2017-04-01 04:05
An anonymous reader quotes a report from Fierce Telecom: During a press event yesterday, White House spokesman Sean Spicer said that next up on President Trump's telecom agenda is to roll back the FCC's 2015 Open Internet net neutrality rules. However, according to some reports, that might not happen as quickly as Congress' recent move to rescind rules that prevented internet service providers from selling users' data. As noted by the New York Times, Spicer said that President Trump had "pledged to reverse this overreach" created by net neutrality. He said the FCC's net neutrality rules, passed in 2015, are an example of "bureaucrats in Washington" placing unfair restrictions on internet service providers, essentially "picking winners and losers" in the telecom market. In comments aimed at the wider telecom market, Spicer said Trump will "continue to fight Washington red tape that stifles American innovation, job creation and economic growth." However, as the NYT reports, the process to repeal net neutrality likely won't follow the same procedure as Congress' recent vote to remove broadband privacy rules -- since those rules were only a year old, Congress was able to use the Congressional Review Act to move forward with its action. The FCC's net neutrality rules, however, are more than two years old and so can't be reviewed by that same act. Thus, it may fall on newly installed FCC Chairman Ajit Pai to rescind the FCC's Open Internet rules, which he voted against when he was a commissioner at the agency under former chief Tom Wheeler.

Read more of this story at Slashdot.

Net Neutrality Is Trump's Next Target, Administration Says [Flagged]

Slashdot - Your Rights Online - So, 2017-04-01 04:05
An anonymous reader quotes a report from Fierce Telecom: During a press event yesterday, White House spokesman Sean Spicer said that next up on President Trump's telecom agenda is to roll back the FCC's 2015 Open Internet net neutrality rules. However, according to some reports, that might not happen as quickly as Congress' recent move to rescind rules that prevented internet service providers from selling users' data. As noted by the New York Times, Spicer said that President Trump had "pledged to reverse this overreach" created by net neutrality. He said the FCC's net neutrality rules, passed in 2015, are an example of "bureaucrats in Washington" placing unfair restrictions on internet service providers, essentially "picking winners and losers" in the telecom market. In comments aimed at the wider telecom market, Spicer said Trump will "continue to fight Washington red tape that stifles American innovation, job creation and economic growth." However, as the NYT reports, the process to repeal net neutrality likely won't follow the same procedure as Congress' recent vote to remove broadband privacy rules -- since those rules were only a year old, Congress was able to use the Congressional Review Act to move forward with its action. The FCC's net neutrality rules, however, are more than two years old and so can't be reviewed by that same act. Thus, it may fall on newly installed FCC Chairman Ajit Pai to rescind the FCC's Open Internet rules, which he voted against when he was a commissioner at the agency under former chief Tom Wheeler.

Read more of this story at Slashdot.

USB Canary Sends An SMS When Someone Tinkers With Your USB Ports

Slashdot - Your Rights Online - So, 2017-04-01 02:05
An anonymous reader quotes a report from BleepingComputer: A new tool released on GitHub last week can help paranoid sysadmins keep track of whenever someone plugs in or disconnects an USB-based device from high-value workstations. Called USB Canary, this tool is coded in Python and currently, works only on Linux (versions for Windows and Mac are in the works). The tool works by watching USB ports for any activity while the computer is locked, which generally means the owner has left his desk. If an USB device is plugged in or unplugged, USB Canary can perform one of two actions, or both. It can alert the owner by sending an SMS message via the Twilio API, or it can post a message in a Slack channel, which can be monitored by other co-workers. USB Canary can prove to be a very useful tool for large organizations that feature strict PC policies. For example, if you really want to enforce a "No USB drives" at work, this could be the tool for the job. Further, with modifications, it could be used for logging USB activity on air-gapped systems.

Read more of this story at Slashdot.

Rogue System Administrator Faces 10 Years In Prison For Shutting Down Servers, Deleting Core Files On the Day He Was Fired

Slashdot - Your Rights Online - So, 2017-04-01 01:20
Joe Venzor, a former employee at boot manufacturer Lucchese, had a near total meltdown after he got fired from his IT system administrator position. According to TechSpot, he shut down the company's email and application servers and deleted the core system files. Venzor now faces up to 10 years in prison and a $250,000 fine. From the report: Venzor was let go from his position at the company's help desk and immediately turned volatile. He left the building at 10:30AM and by 11:30, the company's email and application servers had been shut down. Because of this, all activities ground to a halt at the factory and employees had to be sent home. When the remaining IT staff tried to restart them, they discovered the core system files had been deleted and their account permissions had been demoted. Eventually the company was forced to hire a contractor to clean up all of the damage, but this resulted in weeks of backlog and lost orders. While recovering from the attack was difficult, finding out who did it was simple. Venzor was clearly the prime suspect given the timing of the incident, so they checked his account history. They discovered he had collected usernames and passwords of his IT colleagues, created a backdoor account disguised as an office printer, and used that account from his official work computer.

Read more of this story at Slashdot.

This is Why Australia Hasn't Had a Recession in Over 25 Years

Slashdot - Your Rights Online - Pt, 2017-03-31 23:20
Australia is close to seizing the global crown for the longest streak of economic growth thanks to a mixture of policy guile and outrageous fortune. From a report: While growth is being underpinned by population gains and resource exports to China, failure to spur productivity has meant stagnant living standards and electoral discontent; a property bubble fueled by record-low interest rates has driven household debt to levels that threaten financial stability; and a timid government facing political gridlock could lose the nation's prized AAA rating as early as May because of spiraling budget deficits. Australia's last recession -- defined locally as two straight quarters of contraction -- occurred in 1991 and was a devastating conclusion to eight years of reform designed to create an open, flexible and competitive economy. But it also proved cathartic, paving the way for a low-inflation, productivity-driven expansion. As momentum started waning, China's re-emergence as a pre-eminent global economic power sent demand for Australian resources skyrocketing, helping shield the nation from the worst of the global financial crisis. But the post-crisis return of the boom proved ephemeral, failing to boost government coffers and pushing the local currency higher, eroding competitiveness and driving another nail into the coffin of a fading manufacturing sector.

Read more of this story at Slashdot.

Amazon Bans Sales of Media Player Boxes That Promote Piracy

Slashdot - Your Rights Online - Pt, 2017-03-31 22:40
Amazon is taking a tough stance against vendors who sell fully-loaded Kodi boxes and other "pirate" media players through its platform. From a report: The store now explicitly bans media players that "promote" or "suggest" the facilitation of piracy. Sellers who violate this policy, of which there are still a few around, risk having their inventory destroyed. [...] While Kodi itself is a neutral platform, millions of people use third-party add-ons to turn it into the ultimate pirate machine. In some cases, the pirate add-ons are put onto the devices by vendors, who sell these "fully-loaded" boxes through their own stores or marketplaces such as Amazon. The ecommerce giant appears to be well aware of the controversy, as it recently published an updated policy clarifying that pirate media players are not permitted on the platform. Merely 'suggesting' that devices can be used for infringing purposes is enough to have them delisted.

Read more of this story at Slashdot.

Verizon, AT&T, Comcast Say They Will Not Sell Customer Browsing Histories

Slashdot - Your Rights Online - Pt, 2017-03-31 22:00
Comcast, Verizon, AT&T Inc said Friday they would not sell customers' individual internet browsing information, days after the U.S. Congress approved legislation reversing Obama administration era internet privacy rules. From a report on Reuters: The bill would repeal regulations adopted in October by the Federal Communications Commission under former President Barack Obama requiring internet service providers to do more to protect customers' privacy than websites like Alphabet's Google or Facebook. The easing of restrictions has sparked growing anger on social media sites. "We do not sell our broadband customers' individual web browsing history. We did not do it before the FCC's rules were adopted, and we have no plans to do so," said Gerard Lewis, Comcast's chief privacy officer. He added Comcast is revising its privacy policy to make more clear that "we do not sell our customers' individual web browsing information to third parties." Verizon does not sell personal web browsing histories and has no plans to do so in the future, said spokesman Richard Young.

Read more of this story at Slashdot.

CIA Tricked Antivirus Programs, Claims WikiLeaks

Slashdot - Your Rights Online - Pt, 2017-03-31 20:40
Reader Mark Wilson writes: Today, WikiLeaks published the third installment of its Vault 7 CIA leaks. We've already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone exploits. Now we have Marble to look at. A collection of 676 source code files, the Marble cache reveals details of the CIA's Marble Framework tool, used to hide the true source of CIA malware, and sometimes going as far as appearing to originate from countries other than the US. The source code for Marble Framework is tiny -- WikiLeaks has provided it in a zip file that's only around 0.5MB. WikiLeaks explains that the tool is used by the CIA to hide the fact that it is behind malware attacks that are unleashed on targets: "Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA. Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivalent of a specialized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA. Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code."

Read more of this story at Slashdot.

Millions of Websites Affected By Unpatched Flaw in Microsoft IIS 6 Web Server

Slashdot - Your Rights Online - Pt, 2017-03-31 17:20
A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that's no longer supported but still widely used. From a report on PCWorld: The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003. Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.

Read more of this story at Slashdot.

Minnesota Senate Votes To Bar Selling ISP Data

Slashdot - Your Rights Online - Pt, 2017-03-31 15:00
Kagato quotes a report from St. Paul Pioneer Press: In a surprise move, the Minnesota Senate on Wednesday voted to bar internet service providers from selling their users' personal data without express written consent. The move was a reaction to a Tuesday vote in Congress to lift a ban on that practice imposed in 2016 by the Federal Communication Commission. Sen. Ron Latz, DFL-St. Louis Park, offered the amendment onto the Senate's economic development budget bill, saying it was urgently needed to protect Minnesotans' privacy after the congressional vote. Latz's amendment was challenged under Senate rules on the grounds that it would impose a cost on a state agency and thus needed to go through committee rather than be added on the floor. Republican Sen. Warren Limmer, of Maple Grove, broke with his party to overturn the Senate president's ruling and allow the internet privacy amendment to continue by a single vote. Once the amendment cleared this procedural hurdle, it was overwhelmingly added to the bill on a 66-1 vote. The lone critic, Sen. David Osmek, R-Mound, said Latz's amendment needed more study and review before being adopted. The Register reports that Illinois has also fought back against Tuesday's vote by approving two new privacy measures. "On Thursday, the state's Cybersecurity, Data Analytics and IT Committee approved two new privacy measures," reports The Register. "One would allow state residents to demand what data companies such as Comcast, Verizon, Google and Facebook is sharing about them. The other would require consent before an app can track users' locations."

Read more of this story at Slashdot.

House Approves Bill To Force Public Release of EPA Science

Slashdot - Your Rights Online - Pt, 2017-03-31 03:25
schwit1 quotes a report from Associated Press: House Republicans are taking aim at the Environmental Protection Agency, targeting the way officials use science to develop new regulations. A bill approved Wednesday by the GOP-controlled House would require that data used to support new regulations to protect human health and the environment be released to the public. Rep. Lamar Smith, R-Texas, said "the days of 'trust me' science are over," adding that the House bill would restore confidence in the EPA's decision-making process. Connecticut Rep. Elizabeth Esty and other Democrats said the bill would cripple EPA's ability to conduct scientific research based on confidential medical information and risks privacy violations by exposing sensitive patient data. The bill was approved 228-194 and now goes to the Senate. According to The Hill, "The bill would also require that any scientific studies be replicable, and allow anyone who signs a confidentiality agreement to view redacted personal or trade information in data."

Read more of this story at Slashdot.

IBM Technology Creates Smart Wingman For Self-Driving Cars

Slashdot - Your Rights Online - Pt, 2017-03-31 01:20
coondoggie quotes a report from Network World: IBM said that it has patented a machine learning technology that defines how to shift control of an autonomous vehicle between a human driver and a vehicle control processor in the event of a potential emergency. Basically the patented IBM system employs onboard sensors and artificial intelligence to determine potential safety concerns and control whether self-driving vehicles are operated autonomously or by surrendering control to a human driver. The idea is that if a self-driving vehicle experiences an operational glitch like a faulty braking system, a burned-out headlight, poor visibility, bad road conditions, it could decide whether the on-board self-driving vehicle control processor or a human driver is in a better position to handle that anomaly. If the comparison determines that the vehicle control processor is better able to handle the anomaly, the vehicle is placed in autonomous mode," IBM stated. "The technology would be a smart wingman for both the human and the self-driving vehicle," said James Kozloski, manager, Computational Neuroscience and Multiscale Brain Modeling, IBM Research and co-inventor on the patent.

Read more of this story at Slashdot.