aggregator

Court Rejects FCC Request To Delay Net Neutrality Case

Slashdot - Your Rights Online - Pt, 2019-01-18 03:30
A federal appeals court denied the FCC's request to postpone oral arguments in a court battle over the agency's decision to repeal its net neutrality rules. The FCC had asked for the hearing to be postponed since the commission's workforce has largely been furloughed due to the partial government shutdown. The hearing remains set for February 1. The Hill reports: After the FCC repealed the rules requiring internet service providers to treat all web traffic equally in December of 2017, a coalition of consumer groups and state attorneys general sued to reverse the move, arguing that the agency failed to justify it. The FCC asked the three-judge panel from the D.C. Circuit Court of Appeals to delay oral arguments out of "an abundance of caution" due to its lapse of funding. Net neutrality groups opposed the motion, arguing that there is an urgent need to settle the legal questions surrounding the FCC's order.

Read more of this story at Slashdot.

Twitter Bug Exposed Some Android Users' Protected Tweets For Years

Slashdot - Your Rights Online - Pt, 2019-01-18 01:30
Twitter disclosed on its Help Center page today that some Android users had their private tweets revealed for years due to a security flaw. "The issue caused the Twitter for Android app to disable the 'Protect your Tweets' setting for some Android users who made changes to their account settings, such as changing the email address associated with their account, between November 3rd, 2014 and January 14th, 2019," reports The Verge. From the report: Though the company says the issue was fixed earlier this week and that iOS or web users weren't affected, it doesn't yet know how many Android accounts were affected. Twitter says it's reached out to affected users and turned the setting back on for them, but it still recommends that users review their privacy settings to make sure it reflects their desired preferences.

Read more of this story at Slashdot.

Oklahoma Government Data Leak Exposes FBI Investigation Records, Millions of Department Files

Slashdot - Your Rights Online - Pt, 2019-01-18 00:10
An anonymous reader quotes a report from ZDNet: Researchers have disclosed the existence of a server exposed to the public which not only contained terabytes of confidential government data but information relating to FBI investigations. According to UpGuard cybersecurity researchers Greg Pollock and Chris Vickery, the open storage server belonged to the Oklahoma Department of Securities (ODS), a U.S. government department which deals with securities cases and complaints. The database was found through the Shodan search engine which registered the system as publicly accessible on November 30, 2018. The UpGuard team stumbled across the database on December 7th and notified the department a day later after verifying what they were working with. To ODS' credit, the department removed public access to the server on the same day. In order to examine the security breach, the team was able to download the server's contents. The oldest records dated back to 1986 and the most recent was timestamped in 2016. In total, three terabytes of information representing millions of files. Contents ranged from personal data to system credentials and internal communication records. ODS said in a statement to ZDNet: "All state IP addresses, and many city and county addresses, are registered to OMES, but the agency has no visibility into the computer systems at the Oklahoma Department of Securities. For the past eight years the state has been working to consolidate all IT infrastructure under OMES and ODS had the option to consolidate its systems voluntarily and they did not."

Read more of this story at Slashdot.

Apple CEO Tim Cook Calls For Laws To Tackle 'Shadow Economy' of Data Firms

Slashdot - Your Rights Online - Cz, 2019-01-17 16:45
Apple's chief executive has called for regulation to tackle the "shadow economy" of data brokers -- intermediaries who trade in the personal information of largely unsuspecting consumers -- as the company continues its push to be seen as supportive of privacy. Tim Cook, in an op-ed for Time Magazine published on Thursday, said: One of the biggest challenges in protecting privacy is that many of the violations are invisible. For example, you might have bought a product from an online retailer -- something most of us have done. But what the retailer doesn't tell you is that it then turned around and sold or transferred information about your purchase to a "data broker" -- a company that exists purely to collect your information, package it and sell it to yet another buyer. The trail disappears before you even know there is a trail. Right now, all of these secondary markets for your information exist in a shadow economy that's largely unchecked -- out of sight of consumers, regulators and lawmakers. Let's be clear: you never signed up for that. We think every user should have the chance to say, "Wait a minute. That's my information that you're selling, and I didn't consent." Meaningful, comprehensive federal privacy legislation should not only aim to put consumers in control of their data, it should also shine a light on actors trafficking in your data behind the scenes. Some state laws are looking to accomplish just that, but right now there is no federal standard protecting Americans from these practices. That's why we believe the Federal Trade Commission should establish a data-broker clearinghouse, requiring all data brokers to register, enabling consumers to track the transactions that have bundled and sold their data from place to place, and giving users the power to delete their data on demand, freely, easily and online, once and for all.

Read more of this story at Slashdot.

Collection 1 Data Breach Exposes More Than 772 Million Email Addresses

Slashdot - Your Rights Online - Cz, 2019-01-17 09:00
A collection of almost 773 million unique email addresses and just under 22 million unique passwords were exposed on cloud service MEGA. Security researcher Troy Hunt said the collection of data, dubbed Collection #1, totaled over 12,000 separate files and more than 87GB of data. ZDNet reports: "What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see." Some passwords, including his own, have been "dehashed", that is converted back to plain text. Hunt said he gained the information after multiple people reached out to him with concerns over the data on MEGA, with the Collection #1 dump also being discussed on a hacking forum. "The post on the forum referenced 'a collection of 2000+ dehashed databases and Combos stored by topic' and provided a directory listing of 2,890 of the files," Hunt wrote. The collection has since been removed. You can visit Hunt's Have I Been Pwned service to see if you are affected by this breach.

Read more of this story at Slashdot.

Key West Moves To Ban Sunscreens That Could Damage Reefs

Slashdot - Your Rights Online - Cz, 2019-01-17 04:10
Yesterday, the Key West City Commission unanimously voted to ban the sale of sunscreens that contain two ingredients -- oxybenzone and octinoxate -- that a growing body of scientific evidence says harm coral reefs. The measure must now be reviewed again by the commission before it becomes law. The second vote is scheduled for February 5th. Miami Herald reports: Environmental researchers have published studies showing how these two ingredients, which accumulate in the water from bathers or from wastewater discharges, can damage coral reefs through bleaching and harming the corals' DNA. In some instances, the corals can die. A Feburary 2016 study in the Archives of Environmental Contamination and Toxicology examining the impact of oxybenzone in corals in Hawaii and the U.S. Virgin Islands concluded that the sunscreen ingredient "poses a hazard to coral reef conservation and threatens the resiliency of coral reefs to climate change.'' Last year, Hawaii banned the sale or distribution of any sunscreens containing oxybenzone and octinoxate, a measure that will go into effect on Jan. 1, 2021. It was the first state in the nation to implement such a ban. In Florida, the website for the South Florida Reef Ambassador Initiative, which falls under the state's Department of Environmental Protection, tells divers to "Avoid sunscreens with Oxybenzone and Avobenzone. The benzones are compounds that are lethal to coral reproduction in very small amounts." Experts who have studied the issue say sunscreens with zinc oxide or titanium dioxide, which are minerals, also block ultraviolet rays. They create a barrier on the skin that deflect the sun's rays .

Read more of this story at Slashdot.

Marco Rubio Introduces Privacy Bill To Create Federal Regulations On Data Collection

Slashdot - Your Rights Online - Cz, 2019-01-17 02:10
An anonymous reader quotes a report from Fortune: Senator Marco Rubio (R-Fla.) introduced a bill Wednesday aimed at creating federal standards of privacy protection for major internet companies like Facebook, Amazon, and Google. The bill, titled the American Data Dissemination Act, requires the Federal Trade Commission to make suggestions for regulation based on the Privacy Act of 1974. Congress would then have to pass legislation within two years, or the FTC will gain the power to write the rules itself (under current laws, the FTC can only enforce existing rules). While Rubio's bill is intended to reign in the data collection and dissemination of companies like Facebook, Amazon, Apple, Google, and Netflix, it also requires any final legislation to protect small businesses from being stifled by new rules. The caveat comes when one considers states' rights to create their own privacy laws. Under Rubio's legislation, any national regulations would preempt state laws -- even if the state's are more strict. "While we may have disagreements on the best path forward, no one believes a privacy law that only bolsters the largest companies with the resources to comply and stifles our start-up marketplace is the right approach," Rubio wrote in an op-ed for The Hill, announcing his bill.

Read more of this story at Slashdot.

Federal Prosecutors Are Investigating Huawei For Allegedly Stealing Trade Secrets, Says Report

Slashdot - Your Rights Online - Cz, 2019-01-17 01:30
According to The Wall Street Journal, federal prosecutors have launched a criminal investigation to see if Huawei allegedly stole trade secrets from U.S. companies. The probe is reportedly built out of civil lawsuits against the telecommunications firm. The Hill reports: People familiar with the probe told the Journal that it is at an advanced stage and that an indictment could soon be coming. Huawei has long faced scrutiny from both lawmakers and national security officials, who have labeled the firm as a national security threat over its ties to the Chinese government. The company has denied that characterization, and China this week called for other countries to end âoethe groundless fabrications and unreasonable restrictionsâ on Huawei and other firms.

Read more of this story at Slashdot.

Hackers Broke Into An SEC Database and Made Millions From Inside Information, Says DOJ

Slashdot - Your Rights Online - Śr, 2019-01-16 03:45
Federal prosecutors unveiled charges in an international stock-trading scheme that involved hacking into the Securities and Exchange Commission's EDGAR corporate filing system. "The scheme allegedly netted $4.1 million for fraudsters from the U.S., Russia and Ukraine," reports CNBC. "Using 157 corporate earnings announcements, the group was able to execute trades on material nonpublic information. Most of those filings were 'test filings,' which corporations upload to the SEC's website." From the report: The scheme involves seven individuals and operated from May to at least October 2016. Prosecutors said the traders were part of the same group that previously hacked into newswire services. Carpenito, in a press conference Tuesday, said the thefts included thousands of valuable, private business documents. "After hacking into the EDGAR system they stole drafts of [these] reports before the information was disseminated to the general public," he said. Those documents included quarterly earnings, mergers and acquisitions plans and other sensitive news, and the criminals were able to view it before it was released as a public filing, thus affecting the individual companies' stock prices. The alleged hackers executed trades on the reports and also sold them to other illicit traders. One inside trader made $270,000 in a single day, according to Carpenito. The hackers used malicious software sent via email to SEC employees. Then, after planting the software on the SEC computers, they sent the information they were able to gather from the EDGAR system to servers in Lithuania, where they either used it or distributed the data to other criminals, Carpenito said.

Read more of this story at Slashdot.

Apple Maps Gooses DuckDuckGo In Search Privacy Partnership

Slashdot - Your Rights Online - Śr, 2019-01-16 03:25
Search engine DuckDuckGo now displays location information from Apple Maps in its search results. "DuckDuckGo now uses Apple Maps both for small maps in location-related search results and for larger, interactive search results that appear in a separate maps tab," reports CNET. "That replaces a combination including MapBox, OpenStreetMap and homegrown technology." From the report: The top reason DuckDuckGo argues you should try it is that it doesn't keep any personal information on you and what you searched for, unlike search leader Google. That dovetails nicely with Apple's sustained push to improve online privacy. But maintaining your privacy can be tough when you're looking for location-related information. DuckDuckGo says it's struck a balance, though. It doesn't send personally identifiable information such as your computer's Internet Protocol network address, to Apple or other third parties, DuckDuckGo said. "For local searches, where your approximate location information is sent by your browser to us, we discard it immediately after use," the company added.

Read more of this story at Slashdot.

Project Alias Hacks Amazon Echo and Google Home To Protect Your Privacy

Slashdot - Your Rights Online - Śr, 2019-01-16 01:20
fahrbot-bot writes: The gadget, called Alias, is an always-listening speaker, designed to fit on top of an Amazon Echo or Google Home, where it looks like a mass of melted candle wax. It's composed of a 3D-printed top layer, a mic array, a Raspberry Pi, and two speakers. It only connects to the internet during the initial setup process. Alias stays "off the grid" while you're using it, preventing your conversations from leaving the device. When the Alias hears its own (customizable) wake word, it'll stop broadcasting white noise and wake up Alexa or Google Assistant so you can use them as normal.

Read more of this story at Slashdot.

US Now Says All Online Gambling Illegal, Not Just Sports Bets

Slashdot - Your Rights Online - Śr, 2019-01-16 00:40
An anonymous reader quotes a report from Bloomberg: The U.S. Justice Department's decision that all internet gambling is illegal will cast a pall on the industry as businesses and state lotteries evaluate the implications of the change and the government's plans to enforce it. The U.S. now says federal law bars all internet gambling, reversing its position from 2011 that only sports betting is prohibited under a law passed 50 years earlier. Although the federal law specifically prohibits transmission of wagers and related information across state lines, the Justice Department's new interpretation will impact all online gambling because as a practical matter it's difficult to guarantee that no payments are routed through other states, said Aaron Swerdlow, an attorney with Glaser Weil Fink Howard Avchen & Shapiro LLP in Los Angeles. The reversal was prompted by the department's criminal division, which prosecutes illegal gambling. The opinion issued about seven years ago that the 1961 Wire Act only banned sports gambling was a misinterpretation of the statute, according to a 23-page opinion by the department's Office of Legal Counsel dated Nov. 2 and made public Monday. The new reading of the law probably will be tested in the courts as judges may entertain challenges to the government's view of the law's scope, the Justice Department said. It may also affect states that began selling lottery tickets online after the 2011 opinion, as well as casinos that offer online gambling. In contrast, the Supreme Court last May "cleared the way [...] for states to legalize sports betting, striking down a 1992 federal law that had prohibited most states from authorizing sports betting."

Read more of this story at Slashdot.

Ajit Pai Gives Carriers Free Pass on Privacy Violations During FCC Shutdown

Slashdot - Your Rights Online - Wt, 2019-01-15 21:21
Federal Communications Commission Chairman Ajit Pai refused to brief a Congressional committee Monday about mobile carriers' ability to share their subscribers' location data with third parties. From a report: House Commerce Committee Chairman Frank Pallone, Jr. (D-N.J.) asked Pai for an "emergency briefing" to explain why the FCC "has yet to end wireless carriers' unauthorized disclosure of consumers' real-time location data," and for an update on "what actions the FCC has taken to address this issue to date." Pai's FCC could take action, despite the 2017 repeal of the commission's broadband privacy rules. Phone carriers are legally required to protect "Customer Proprietary Network Information [CPNI]," and the FCC's definition of CPNI includes location data. [...] Pai did not agree with Pallone, it turns out. "Today, FCC Chairman Ajit Pai refused to brief Energy and Commerce Committee staff on the real-time tracking of cell phone location[s]," Pallone said in a statement yesterday. "In a phone conversation today, his staff asserted that these egregious actions are not a threat to the safety of human life or property that the FCC will address during the Trump shutdown."

Read more of this story at Slashdot.

Trump Administration Proposes Rules Allowing Drones To Operate At Night, Over Populated Areas

Slashdot - Your Rights Online - Wt, 2019-01-15 04:10
The Trump administration is proposing rules that would allow drones to operate over popular areas and end a requirement for special permits for night use. The goal is to "help speed commercial use of small unmanned aerial vehicles in the United States," reports Reuters. From the report: The proposals, drafted by the Federal Aviation Administration of the U.S. Transportation Department, come amid concerns about dangers that drones potentially pose to aircraft and populated areas. The FAA said that in developing the proposals its challenge was to "balance the need to mitigate the risk small unmanned aircraft pose to other aircraft and to people and property on the ground without inhibiting innovation." The FAA is proposing ending requirements that drone operators get waivers to operate at night. Through 2017, the FAA granted 1,233 waivers and "has not received any reports of (drone) accidents," it said. The FAA would require that drones have "an anti-collision light illuminated and visible for at least three statute miles," as well as testing and training. Under the FAA's proposals, operators would be able to fly small unmanned aircraft weighing 0.55 pounds (0.25 kg) or less over populated areas without any additional restrictions. For drones weighing more than 0.55 pounds, however, a manufacturer would need to demonstrate that if an "unmanned aircraft crashed into a person, the resulting injury would be below a certain severity threshold." Those larger drones could not have exposed rotating parts that could lacerate human skin and could not operate over people if they have any safety defects, the FAA said. The FAA would prohibit operations of the largest drones over any open-air assembly of people. The report also mentions that the FAA is "proposing allowing discretionary waivers for operations over moving vehicles, for operations over people that would not otherwise meet the standards outlined in its proposal, and for those that do not meet its anti-collision lighting requirement."

Read more of this story at Slashdot.

Tesla Proposes Microgrids With Solar and Batteries To Power Greek Islands

Slashdot - Your Rights Online - Wt, 2019-01-15 02:50
Tesla is proposing ways to modernize the electric grid of Greece's many islands in the Mediterranean sea with microgrids and renewable energy to reduce their dependence on fossil fuels. "Several Greek islands are relatively remote and rely heavily on fossil fuels to power their electric grid," notes Electrek. From the report: The Greek Minister of Environment and Energy, Mr. George Stathakis, confirmed last week that they have met with Tesla to discuss the deployment of microgrids in Greek islands. They issued the following statement (translated from Greek via Capital.gr): "[...] The extremely interesting thing that emerged from the meeting is that technological progress has now significantly reduced the cost of energy storage. At the same time, successful competitions for new RES investments in Greece, led to an equally significant reduction in the cost of energy production. As a result, the conversion of the islands to RES, apart from being environmentally useful, is now also economically viable. In this context, cooperation with Tesla can prove to be extremely beneficial, as the American company officials have highlighted, showing strong interest in the initiatives promoted by the Ministry for 'smart' and 'energy' islands." Tesla has reportedly already suggested a pilot project to demonstrate their microgrid system in the region. The government would like it to be on the island of Limnos. The idea is to install a large solar array and combine it with an energy storage facility to store the excess energy during the day and use it at night when the sun is not shining.

Read more of this story at Slashdot.

Tidal Under Criminal Investigation In Norway Over 'Faked' Streams

Slashdot - Your Rights Online - Wt, 2019-01-15 02:10
An anonymous reader quotes a report from Engadget: High-fidelity music streaming service Tidal is under criminal investigation in Norway for allegedly inflating album streams for Beyonce's Lemonade and Kanye West's The Life of Pablo. The alleged faking of streaming numbers was exposed last year by Norwegian newspaper Dagens Naeringsliv (DN), which said it had obtained a hard drive with the tampered data. Around 1.3 million accounts were supposedly used to lift the play counts of said albums by "several hundred million," with Tidal paying out higher royalty fees to the two artists and their record labels as a result. In the wake of the report, a Norwegian songwriter's association known as Tono filed an official police complaint against Tidal. The Jay-Z-owned streaming service denied the accusations and subsequently launched an internal review to be conducted by a third-party cyber security company, which is still ongoing. Today, DN revealed that Norway's National Authority for Investigation and Prosecution of Economic and Environmental Crime (Okokrim) has begun an investigation into data manipulation at Tidal. Though still in its early stages, Okokrim says that at least four former Tidal employees (including its former head of business intelligence -- responsible for analyzing streams) have been interrogated in front of a judge as part of the investigation. The quartet have faced a total of 25 hours of questioning thus far. Three former staffers reportedly recognized signs of meddling with the albums and contacted a lawyer before notifying Tidal. "All three individuals resigned from the company in 2016 after signing what a DN source called 'the gold standard of confidentiality contracts,'" reports Engadget.

Read more of this story at Slashdot.

Hack Allows Escape of Play-With-Docker Containers

Slashdot - Your Rights Online - Wt, 2019-01-15 01:30
secwatcher quotes a report from Threatpost: Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the proof-of-concept attack. "The team was able to escape the container and run code remotely right on the host, which has obvious security implications," wrote researchers in a technical write-up posted Monday. Play-with-Docker is an open source free in-browser online playground designed to help developers learn how to use containers. While Play-with-Docker has the support of Docker, it was not created by nor is it maintained by the firm. The environment approximates having the Alpine Linux Virtual Machine in browser, allowing users to build and run Docker containers in various configurations. The vulnerability was reported to the developers of the platform on November 6. On January 7, the bug was patched. As for how many instances of Play-with-Docker may have been affected, "CyberArk estimated there were as many as 200 instances of containers running on the platform it analyzed," reports Threatpost. "It also estimates the domain receives 100,000 monthly site visitors."

Read more of this story at Slashdot.

Apple Wanted To Use Qualcomm Chips For Its 2018 iPhones, But Qualcomm Refused Because of Companies' Licensing Dispute

Slashdot - Your Rights Online - Wt, 2019-01-15 00:50
Apple's operating chief said on Monday that Qualcomm refused to sell its 4G LTE processors to the company due to the companies' licensing dispute. According to CNET, that decision "had a ripple effect on how quickly Apple can make the shift to 5G." From the report: Qualcomm continues to provide Apple with chips for its older iPhones, including the iPhone 7 and 7 Plus, Apple COO Jeff Williams testified Monday during the US Federal Trade Commission's trial against Qualcomm. But it won't provide Apple with processors for the newest iPhones, designed since the two began fighting over patents, he said. And Williams believes the royalty rate Apple paid for using Qualcomm patents -- $7.50 per iPhone -- is too high. The FTC has accused Qualcomm of operating a monopoly in wireless chips, forcing customers like Apple to work with it exclusively and charging excessive licensing fees for its technology. The FTC has said that Qualcomm forced Apple to pay licensing fees for its technology in exchange for using its chips in iPhones. The trial kicked off Jan. 4 in US District Court in San Jose, California. Testimony covers negotiations and events that occurred before March 2018 and can't encompass anything after that date. Apple is expected to only use Intel chips in its next iPhones, something that will make Apple late to the market for 5G phones. "By the 2019 holiday season, every major Android vendor in the U.S. will have a 5G phone available," reports CNET. "But Intel's 5G modem isn't expected to hit phones until 2020."

Read more of this story at Slashdot.

Feds Can't Force You To Unlock Your iPhone With Finger Or Face, Judge Rules

Slashdot - Your Rights Online - Pn, 2019-01-14 22:57
A California judge has ruled that American cops can't force people to unlock a mobile phone with their face or finger. The ruling goes further to protect people's private lives from government searches than any before and is being hailed as a potentially landmark decision. From a report: Previously, U.S. judges had ruled that police were allowed to force unlock devices like Apple's iPhone with biometrics, such as fingerprints, faces or irises. That was despite the fact feds weren't permitted to force a suspect to divulge a passcode. But according to a ruling uncovered by Forbes, all logins are equal. The order came from the U.S. District Court for the Northern District of California in the denial of a search warrant for an unspecified property in Oakland. The warrant was filed as part of an investigation into a Facebook extortion crime, in which a victim was asked to pay up or have an "embarassing" video of them publicly released. The cops had some suspects in mind and wanted to raid their property. In doing so, the feds also wanted to open up any phone on the premises via facial recognition, a fingerprint or an iris.

Read more of this story at Slashdot.

Aaron Swartz's Federal Judge Gives Anonymous Hacker 10 Years In Prison For DDoS Attacks On Children's Hospitals

Slashdot - Your Rights Online - N, 2019-01-13 22:20
Danngggg writes: Many will remember Martin Gottesfeld since he was arrested on a speedboat coming from Cuba. He volunteered at trial that he and his wife had just been denied political asylum by Castro. Gottesfeld has said he did it to defend the life of an innocent child named Justina Pelletier. On Thursday, the same judge that over saw the Aaron Swartz case sentenced the Anonymous hacktivist to 10 years in federal prison for a DDoS of Boston Children's Hospital, Harvard-affiliated hospitals, and Wayside Youth and Family. The sentence included $440,000 in restitution, 3 years supervised release, and other conditions. The week before, Gottesfeld docketed a 690-page affidavit (including exhibits) documenting the judge's conflicts of interest and why he doesn't belong anywhere near the case. That's available on the FreeMartyG website. Local news spoke to his wife after the sentencing hearing as well.

Read more of this story at Slashdot.