aggregator

turkeydance writes: In Oregon, a state known for its avid bicycling culture, the state legislature's approval of the first bike tax in the nation has fallen flat with riders. Democratic Gov. Kate Brown is expected to sign the sweeping $5.3 billion transportation package, which includes a $15 excise tax on the sale of bicycles costing more than $200 with a wheel diameter of at least 26 inches. Even though the funding has been earmarked for improvements that will benefit cyclists, the tax has managed to irk both anti-tax Republicans and environmentally conscious bikers. The bike tax is aimed at raising $1.2 million per year in order to improve and expand paths and trails for bicyclists and pedestrians. Supporters point out that Oregon has no sales tax, which means buyers won't be dinged twice for their new wheels.

Read more of this story at Slashdot.

New submitter thegreatbob writes: Perhaps you've noticed in the last 5 years or so, progressively more entities have been providing the ability to reveal the contents of a password field. While this ability is, in many cases (especially on devices with lousy keyboards), legitimately useful, it does seem to be a reasonable source of concern. Fast forward to today; I was setting up a new router (cheapest dual-band router money can, from Tenda) and I was almost horrified to discover that it does not mask any of its passwords by default. So I ask Slashdot: is password masking really on its way out, and does password masking do anything beyond preventing the casual shoulder-surfer?

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission has denied a request to extend the deadline for filing public comments on its plan to overturn net neutrality rules, and the FCC is refusing to release the text of more than 40,000 net neutrality complaints that it has received since June 2015. The National Hispanic Media Coalition (NHMC) filed a Freedom of Information Act (FoIA) request in May of this year for tens of thousands of net neutrality complaints that Internet users filed against their ISPs. The NHMC argues that the details of these complaints are crucial for analyzing FCC Chairman Ajit Pai's proposal to overturn net neutrality rules. The coalition also asked the FCC to extend the initial comment deadline until 60 days after the commission fully complies with the FoIA request. A deadline extension would have given people more time to file public comments on the plan to eliminate net neutrality rules. Instead, the FCC yesterday denied the motion for an extension and said that it will only provide the text for a fraction of the complaints, because providing them all would be too burdensome.

Read more of this story at Slashdot.

chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."

Read more of this story at Slashdot.

New submitter Aliciadivo writes: A nasty vulnerability found in Axis security cameras could allow hackers to take full control of several types of Internet of Things devices, and in some cases, software programs, too. The Senrio research team found that devices and software programs using an open source software library called gSOAP to enable their product to communicate to the internet could be affected. Stephen Ridley, founder of Senrio, said: "I bet you all these other manufacturers have the same vulnerability throughout their product lines as well. It's a vulnerability in virtually every IoT device [...] Every kind of device you can possibly think of." A spokesperson for ONVIF, an electronics industry consortium that includes Axis and has includes some members that use gSOAP, said it has notified its members of the flaw, but it's not "up to each member to handle this in the way they best see fit." Also, gSOAP "is not in any way mandated by the ONVIF specifications, but as SOAP is the base for the ONVIF API, it is possible that ONVIF members would be affected." Hundreds of thousands of devices might be affected, as a search for the term "Axis" on Shodan, an engine that scours the internet for vulnerable devices, returns around 14,000 results. You can view Senrio Labs' video on the exploit (which they refer to as the "Devil's Ivy Exploit") here.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: President Donald Trump has said he's going to set more limits on the H-1B visa program, which allows tens of thousands of technology workers into the U.S. each year. But yesterday, the Department of Homeland Security moved to expand another type of visa, the H-2B, which allows lower-skilled workers in on a seasonal basis. The Department of Homeland Security said yesterday it is going to allow an additional 15,000 workers to come in under the H-2B visa category, which is typically used by U.S. businesses in industries like tourism, construction, and seafood processing. The program normally allows for 66,000 visas, split between the two halves of the year. That means the DHS increase, announced yesterday, represents an increase of more than 40 percent for the second half of 2017. Businesses can begin applying for the additional visas right away, as long as they attest under penalty of perjury that their business will "suffer irreparable harm" if it can't employ additional H-2B workers in 2017. The expansion is a temporary one, and it only applies to the current year.

Read more of this story at Slashdot.

An anonymous reader shares a report: Last week, Twitter's security team purged nearly 90,000 fake accounts after outside researchers discovered a massive botnet peddling links to fake "dating" and "romance" services. The accounts had already generated more than 8.5 million posts aimed at driving users to a variety of subscription-based scam websites with promises of -- you guessed it -- hot internet sex. The accounts were first identified by ZeroFOX, a Baltimore-based security firm that specializes in social-media threat detection. The researchers dubbed the botnet "SIREN" after sea-nymphs described in Greek mythology as half-bird half-woman creatures whose sweet songs often lured horny, drunken sailors to their rocky deaths. ZeroFOX's research into SIREN offers a rare glimpse into how efficient scammers have become at bypassing Twitter's anti-spam techniques. Further, it demonstrates how effective these types of botnets can be: The since-deleted accounts collectively generated upwards of 30 million clicks -- easily trackable since the links all used Google's URL shortening service.

Read more of this story at Slashdot.

An anonymous reader shares a report: California already prohibits companies from enforcing noncompetes within the state, but a Bay Area life sciences company is asking a state court to go even further. Veeva Systems is suing three of its East Coast-based competitors and asking a California Superior Court judge to declare that it has the right to hire employees who have signed such agreements. Veeva also wants a court to limit the use of non-disparagement and confidentiality agreements. "Non-compete agreements are bad," the company said in its suit. "These agreements limit employment opportunities. They suppress wages. They keep employees trapped in jobs they do not want, and they keep employees from fairly competing with their former employers. These agreements restrict fair and robust competition for employees."

Read more of this story at Slashdot.

Google is adding a set of features to its security roster to prevent a second run of last month's massive phishing attack. From a report: The company is adding warnings and interstitial screens to warn users that an app they are about to use is unverified and could put their account data at risk. This so-called "unverified app" screen will land on all new web apps that connect to Google user accounts to prevent a malicious app from appearing legitimate. Any Google Chrome user landing on a hacked or malicious website will recognize the prompt as the red warning screen. Some existing apps will also have to go through the same verification process as new apps, Google said. Google also said it will add those warnings to its Apps Scripts, which let Google use custom macros and add-ons for its productivity apps, like Google Docs.

Read more of this story at Slashdot.

Eva Dou, reporting for WSJ: China's already formidable internet censors have demonstrated a new strength -- the ability to delete images in one-on-one chats as they are being transmitted, making them disappear before receivers see them. The ability is part of a broader technology push by Beijing's censors to step up surveillance and get ahead of activists and others communicating online in China (Editor's note: the link could be paywalled; alternative source). Displays of this new image-filtering capability kicked into high gear last week as Chinese dissident Liu Xiaobo lay dying from liver cancer and politically minded Chinese tried to pay tribute to him, according to activists and a new research report. Wu Yangwei, a friend of the long-jailed Nobel Peace Prize laureate, said he used popular messaging app WeChat to send friends a photo of a haggard Mr. Liu embracing his wife. Mr. Wu believed the transmissions were successful, but he said his friends never saw them. "Sometimes you can get around censors by rotating the photo," said Mr. Wu, a writer better known by his pen name, Ye Du. "But that doesn't always work." There were disruptions on Tuesday to another popular messaging app, Facebook's WhatsApp, with many China-based users saying they were unable to send photos and videos without the use of software that circumvents Chinese internet controls. Text messages appeared to be largely unaffected.

Read more of this story at Slashdot.

Some industrial software companies in the UK are "likely to have been compromised" by hackers, according to a document reportedly produced by British spy agency GCHQ. A copy of the document from the National Cyber Security Centre (NCSC) -- part of GCHQ -- was obtained by technology website Motherboard. From a report: A follow-up by the BBC indicated that the document was legitimate. There have been reports about similar cyber-attacks around the world lately. Modern, computer-based industrial control systems manage equipment in facilities such as power stations. And attacks attempting to compromise such systems had become more common recently, one security researcher said. The NCSC report specifically discusses the threat to the energy and manufacturing sectors. It also cites connections from multiple UK internet addresses to systems associated with "advanced state-sponsored hostile threat actors" as evidence of hackers targeting energy and manufacturing organisations.

Read more of this story at Slashdot.

An anonymous reader writes: "Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system," reports Bleeping Computer. "ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections. The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements. Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method 'should never crash a target,' the expert says. 'Chance should be nearly 0%,' Wang adds." Combining his exploit with the original ETERNALSYNERGY exploit would allow a hacker to target all Windows versions except Windows 10. This is about 75% of all Windows PCs. The exploit code is available for download from Wang's GitHub or ExploitDB. Sheila A. Berta, a security researcher for Telefonica's Eleven Paths security unit, has published a step-by-step guide on how to use Wang's exploit.

Read more of this story at Slashdot.

schwit1 quotes a report from Defense One: Even if the cop who pulls you over doesn't recognize you, the body camera on his chest eventually just might. Device-maker Motorola will work with artificial intelligence software startup Neurala to build "real-time learning for a person of interest search" on products such as the Si500 body camera for police, the firm announced Monday. Italian-born neuroscientist and Neurala founder Massimiliano Versace has created patent-pending image recognition and machine learning technology. It's similar to other machine learning methods but far more scalable, so a device carried by that cop on his shoulder can learn to recognize shapes and -- potentially faces -- as quickly and reliably as a much larger and more powerful computer. It works by mimicking the mammalian brain, rather than the way computers have worked traditionally. Versace's research was funded, in part, by the Defense Advanced Research Projects Agency or DARPA under a program called SyNAPSE. In a 2010 paper for IEEE Spectrum, he describes the breakthrough. Basically, a tiny constellation of processors do the work of different parts of the brain -- which is sometimes called neuromorphic computation -- or "computation that can be divided up between hardware that processes like the body of a neuron and hardware that processes the way dendrites and axons do." Versace's research shows that AIs can learn in that environment using a lot less code.

Read more of this story at Slashdot.

New submitter cdreimer shares a report from The New York Times (Warning: source may be paywalled; alternate source): Tens of thousands of people who took out private loans to pay for college but have not been able to keep up payments may get their debts wiped away because critical paperwork is missing. The troubled loans, which total at least $5 billion, are at the center of a protracted legal dispute between the student borrowers and a group of creditors who have aggressively pursued them in court after they fell behind on payments. Judges have already dismissed dozens of lawsuits against former students, essentially wiping out their debt, because documents proving who owns the loans are missing. A review of court records by The New York Times shows that many other collection cases are deeply flawed, with incomplete ownership records and mass-produced documentation. Some of the problems playing out now in the $108 billion private student loan market are reminiscent of those that arose from the subprime mortgage crisis a decade ago, when billions of dollars in subprime mortgage loans were ruled uncollectable by courts because of missing or fake documentation. And like those troubled mortgages, private student loans -- which come with higher interest rates and fewer consumer protections than federal loans -- are often targeted at the most vulnerable borrowers, like those attending for-profit schools. At the center of the storm is one of the nation's largest owners of private student loans, the National Collegiate Student Loan Trusts. It is struggling to prove in court that it has the legal paperwork showing ownership of its loans, which were originally made by banks and then sold to investors. National Collegiate is an umbrella name for 15 trusts that hold 800,000 private student loans, totaling $12 billion. More than $5 billion of that debt is in default, according to court filings.

Read more of this story at Slashdot.

FCC Plan to Scuttle Open Internet Rule 'Disastrous' For the Future of the Internet, Experts Say

Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the FCC to keep in place net neutrality rules, which are essential to prevent cable companies like Comcast and Verizon from controlling, censoring, and discriminating against their subscribers’ favorite Internet content.

In comments submitted today, EFF came out strongly in opposition to the FCC’s plan to reverse the agency’s 2015 open Internet rules, which were designed to guarantee that service providers treat everyone’s content equally. The reversal would send a clear signal that those providers can engage in data discrimination, such as blocking websites, slowing down Internet speeds for certain content—known as throttling—and charging subscribers fees to access movies, social media, and other entertainment content over “fast lanes.” Comcast, Verizon, and AT&T supply Internet service to millions of Americans, many of whom have no other alternatives for high-speed access. Given the lack of competition, the potential for abuse is very real.

EFF’s comments join those of many other user advocates, leading computer engineers, entrepreneurs, faith communities, libraries, educators, tech giants, and start-ups that are fighting for a free and open Internet. Last week those players gave the Internet a taste of what a world without net neutrality would look like by temporarily blocking and throttling their content. Such scenarios aren’t merely possible—they are likely, EFF said in its comments. Internet service providers (ISPs) have already demonstrated that they are willing to discriminate against competitors and block content for their own benefit, while harming the Internet experience of users.

“ISPs have incentives to shape Internet traffic and the FCC knows full well of instances where consumers have been harmed. AT&T blocked data sent by Apple’s FaceTime software, Comcast has interfered with Internet traffic generated by certain applications, and ISPs have rerouted users’ web searches to websites they didn’t request or expect,” said EFF Senior Staff Attorney Mitch Stoltz. “These are just some examples of ISPs controlling our Internet experience. Users pay them to connect to the Internet, not decide for them what they can see and do there.”

Nearly 200 computer scientists, network engineers, and Internet professionals also submitted comments today highlighting deep flaws in the FCC’s technical description of how the Internet works. The FCC is attempting to pass off its incorrect technical analysis to justify its plan to reclassify ISPs so they are not subject to net neutrality rules. The engineers’ submission—signed by such experts as Vint Cerf, co-designer of the Internet’s fundamental protocols; Mitch Kapor, a personal computer industry pioneer and EFF co-founder; and programmer Sarah Allen, who led the team that created Flash video—sets the record straight about how the Internet works and how rolling back net neutrality would have disastrous effects on Internet innovation.

“We are concerned that the FCC (or at least Chairman Pai and the authors of the Notice of Proposed Rulemaking) appears to lack a fundamental understanding of what the Internet’s technology promises to provide, how the Internet actually works, which entities in the Internet ecosystem provide which services, and what the similarities and differences are between the Internet and other telecommunications systems the FCC regulates as telecommunications services,” the letter said.

“It is clear to us that if the FCC were to reclassify broadband access service providers as information services, and thereby put the bright-line, light-touch rules from the Open Internet Order in jeopardy, the result could be a disastrous decrease in the overall value of the Internet.”

For EFF’s comments:
https://www.eff.org/document/eff-comments-fcc-nn

For the engineers’ letter:
https://www.eff.org/document/internet-engineers-commentsfcc-nn

For more about EFF’s campaign to keep net neutrality:
https://www.eff.org/issues/net-neutrality

Contact: Mitch StoltzCorynne McSherry

An anonymous reader quotes a report from PBS: After months of delay, the Trump administration is finalizing plans to revamp the nation's military command for defensive and offensive cyber operations in hopes of intensifying America's ability to wage cyberwar against the Islamic State group and other foes, according to U.S. officials. Under the plans, U.S. Cyber Command would eventually be split off from the intelligence-focused National Security Agency. The goal, they said, is to give U.S. Cyber Command more autonomy, freeing it from any constraints that stem from working alongside the NSA, which is responsible for monitoring and collecting telephone, internet and other intelligence data from around the world -- a responsibility that can sometimes clash with military operations against enemy forces. Making cyber an independent military command will put the fight in digital space on the same footing as more traditional realms of battle on land, in the air, at sea and in space. The move reflects the escalating threat of cyberattacks and intrusions from other nation states, terrorist groups and hackers, and comes as the U.S. faces ever-widening fears about Russian hacking following Moscow's efforts to meddle in the 2016 American election.

Read more of this story at Slashdot.

An anonymous reader shares a report: A U.S. federal appeals court on Monday upheld nondisclosure rules that allow the FBI to secretly issue surveillance orders for customer data to communications firms, a ruling that dealt a blow to privacy advocates. A unanimous three-judge panel on the 9th U.S. Circuit Court of Appeals in San Francisco sided with a lower court ruling in finding that rules permitting the FBI to send national security letters under gag orders are appropriate and do not violate the First Amendment of the U.S. Constitution's free speech protections. Content distribution firm CloudFlare and phone network operator CREDO Mobile had sued the government in order to notify customers of five national security letters received between 2011 and 2013.

Read more of this story at Slashdot.

Reader dryriver shares an article: A nine-month countdown to the introduction of compulsory age checks on online pornography seen from the UK has begun. The April 2018 goal to protect under-18s was revealed as digital minister Matt Hancock signed the commencement order for the Digital Economy Act, which introduces the requirement. But details as to how the scheme will work have yet to be finalised. Experts who advised ministers said the targeted date seemed "unrealistic". The act also sets out other new laws including punishing the use of bots to snatch up scores of concert tickets, and mandating the provision of subtitles on catch-up TV. The age-check requirement applies to any website or other online platform that provides pornography "on a commercial basis" to people in the UK. It allows a regulator to fine any business that refuses to comply and to ask third-party payment services to withdraw support. The watchdog will also be able to force internet providers to block access to non-compliant services.

Read more of this story at Slashdot.

The EFF complains that "the very companies who spent millions of dollars lobbying in D.C. to repeal our federal broadband privacy rights are now fighting state attempts to protect consumers because they supposedly prefer a federal rule." The EFF urges Californians to phone their state senator ahead of a crucial back-to-back committee hearings on Tuesday. An anonymous reader writes: "Congress stole your online privacy. Let's seize it back," begins an email that the EFF is sending to California supporters. It warns that "Big Telecom has massive amounts of money to spend on an army of lobbyists. But if Internet users from across California unite with one voice, we can defeat their misinformation campaign... Don't let the big ISPs coopt our privacy." The EFF's site points out that more than 83% of Americans support the privacy regulations which were repealed in March by the U.S. Congress, according to a new poll released last week. That's even more than the 77% of Americans who support keeping current net neutrality protections in place, according to the same poll. The EFF now hopes that California's newly-proposed legislation could become a model for privacy-protecting laws in other states. And back in Silicon Valley, the San Jose Mercury News writes that California "has an obligation to take a lead in establishing the basic privacy rights of consumers using the Internet. Beyond being the right thing to do for the whole country, building trust in tech products is an essential long-term business strategy for the industry that was born in this region." The EFF has also compiled an interesting list of past instances where ISPs have already tried to exploit the personal information of their customers for profit.

Read more of this story at Slashdot.

An anonymous reader quotes the Independent:Australian Prime Minister Malcolm Turnbull has said the laws of mathematics come second to the law of the land in a row over privacy and encryption... When challenged by a technology journalist over whether it was possible to tackle the problem of criminals using encryption -- given that platform providers claim they are currently unable to break into the messages even if required to do so by law -- the Prime Minister raised eyebrows as he made his reply. "Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia," he said... "The important thing is to recognise the challenge and call on the companies for assistance. I am sure they know morally they should... They have to face up to their responsibility." Facebook has already issued a statement saying that they "appreciate the important work law enforcement does, and we understand the need to carry out investigations. That's why we already have a protocol in place to respond to any requests we can. "At the same time, weakening encrypted systems for them would mean weakening it for everyone."

Read more of this story at Slashdot.