aggregator

Now is your chance to voice your opinion on the $26 billion merger of T-Mobile and Sprint. The FCC is now accepting comments as well as formal petitions to deny the merger until August 27th. The companies and supporters of the deal can then file oppositions to those petitions by September 17th, while a final round of replies has a deadline of October 9th. Engadget reports: Anyone can file petitions to deny, and you might expect to see some from consumer advocacy groups and industry experts who may be concerned over the reduction in the number of national carriers from four to three. The FCC has laid out a 180-day review timeline to determine whether the merger is in the public interest, but that's more of a guideline and there's no required deadline for the agency to issue a decision.

Read more of this story at Slashdot.

A crowdfunded project, known as "PeerTube," has blown through its initial goal with 53,100 euros collected in forty-two days. The project aims to be "a fully decentralized version of YouTube, whose computer code is freely accessible and editable, and where videos are shared between users without relying on a central system." The goal is PeerTube to officially launch by October. Quariety reports: PeerTube relies on a decentralized and federative system. In other words, there is no higher authority that manages, broadcasts and moderates the content offered, as is the case with YouTube, but a network of "instances." Created by one or more administrators, these communities are governed according to principles specific to each of them. Anyone can freely watch the videos without registering, but to upload a video, you must choose from the list of existing instances, or create your own if you have the necessary technical knowledge. At the moment, 141 instances are proposed. Most do not have specifics, but one can find communities centered on a theme or open to a particular region of the world. In all, more than 4,000 people are currently registered on PeerTube, for a total of 338,000 views for 11,000 videos. The project does not display ads, unlike YouTube. "In terms of monetization, we wanted to make a neutral tool," says Pouhiou, communication officer for Framasoft, the origin of PeerTube. The site will rely on a "support" button at the start, but "people will be able to code their own monetization system" in the future.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: New York City's largest taxi driver advocacy group is hailing a legal decision by the New York State Unemployment Insurance Appeal Board, which ruled last Friday that three out-of-work Uber drivers can be considered employees for the purpose of unemployment benefits. The decision was first reported Thursday by Politico. In other words, three men -- and possibly other "similarly situated" Uber drivers who had quit over low pay or who were deactivated from the Uber platform -- can get paid. "The decision means that New York Uber drivers can file for unemployment insurance and likely receive it," Veena Dubal, a labor law professor at the University of California Hastings College of the Law in San Francisco, emailed Ars. "Uber may appeal the decision to state court, but for now, it's good law."

Read more of this story at Slashdot.

Venmo, the mobile payments app, won't say why it exposes users' data to the world whenever they make a transaction. ZDNet: Hang Do Thi Duc, a Berlin-based privacy researcher found that every time someone sent or received money using the PayPal-owned mobile app (which had over seven million users in 2017), the transaction was "public" by default and was broadcast on Venmo's API. In other words, everyone can see your transactions -- even without the app. The company did not respond to ZDNet's queries, but in a blanket statement said it takes privacy of users seriously. Further reading: People Are Using Venmo To Spy On Cheating Spouses.

Read more of this story at Slashdot.

Zorro shares a report from Defense One: Four days before U.S. and Russian leaders met in Helsinki, hackers from China launched a wave of brute-force attacks on internet-connected devices in Finland, seeking to gain control of gear that could collect audio or visual intelligence, a new report says. Traffic aimed at remote command-and-control features for Finnish internet-connected devices began to spike July 12, according to a July 19 report by Seattle-based cybersecurity company F5. China generally originates the largest chunk of such attacks; in May, Chinese attacks accounted for 29 percent of the total. But as attacks began to spike on July 12, China's share rose to 34 percent, the report said. Attacks jumped 2,800 percent. The China-based hackers' primary target was SSH (or Secure Shell) Port 22 -- not a physical destination but a specific set of instructions for routing a message to the right destination when the message hits the server. "SSH brute force attacks are commonly used to exploit systems and [internet of things, or IOT] devices online," the report says. "SSH is often used by IoT devices for 'secure' remote administration." The report notes that attack traffic came from the U.S., France, and Italy as well, but the U.S. and French traffic kept with its averages. "Russian attack traffic dropped considerably from third, its usual spot, to fifth," reports Defense One. "German attack traffic jumped."

Read more of this story at Slashdot.

FCC commissioners unanimously voted on a Hearing Designation Order (HDO) to send the proposed sale of Tribune Media properties to Sinclair to a judge, where the merger is expected to cease. Engadget reports: Earlier this week, FCC chairman Ajit Pai raised "serious concerns" about Sinclair's selloff of 21 stations it had proposed in order to remain under station ownership limits post-merger. Had Sinclair declined to sell off some stations, its 173 broadcast stations in 81 markets, combined with Tribune's 42 stations in 33 markets would reach 72 percent of U.S. TV households. The FCC's National TV Ownership rule "does not limit the number of TV stations a single entity may own nationwide so long as the station group collectively reaches no more than 39 percent of all U.S. TV households." But the rule is more flexible for stations that broadcast using UHF frequencies. Pai, who has been accused of aiding the merger by relaxing the ownership regulations, said Monday that Sinclair's plan would allow the company "to control those stations in practice, even if not in name, in violation of the law." He noted that, "When the FCC confronts disputed issues like these, the Communications Act does not allow it to approve a transaction."

Read more of this story at Slashdot.

An anonymous reader shares a report: FBI Director Christopher Wray said Wednesday that unless the U.S. government and private industry are able to come to a compromise on the issue of default encryption on consumer devices, legislation may be how the debate is ultimately decided. "I think there should be [room for compromise]," Wray said Wednesday night at a national security conference in Aspen, Colorado. "I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear." Wray described the issue of "Going Dark" because of encryption as a "significant" and "growing" problem for federal, state and local law enforcement as well as foreign law enforcement and intelligence agencies. He claims strong encryption on mobile phones keeps law enforcement from gaining access to key evidence as it relates to active criminal investigations. "People are less safe as a result of it," he said.

Read more of this story at Slashdot.

Senators in Hawaii and South Dakota have introduced a bill, called the "Reliable Emergency Alert Distribution Improvement (READI) act, that would "explore" broadcasting alerts to "online streaming services, such as Netflix and Spotify," amongst other changes to the Emergency Alert System. TechCrunch reports: Some of the other things the bill touches on: - Users on many phones can currently disable federal alerts; they want to get rid of that option - Building a better system for reporting false alarms and figuring out what happened - Updating the system to better prevent false alarms, and to better retract them when they do happen

Read more of this story at Slashdot.

An anonymous reader shares a report: Microsoft detected and helped block hacking attempts against three congressional candidates this year, a company executive said Thursday, marking the first known example of cyber interference in the midterm elections. "Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks," said Tom Burt, Microsoft's vice president for security and trust, at the Aspen Security Forum. "And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections." Burt declined to name the targets but said they were "people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint." Microsoft took down the fake domain and worked with the federal government to block the phishing messages.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: The U.S. Food and Drug Administration seems to have soured on nondairy milk-alternative products that use the term "milk" in their marketing and labeling -- like popular soy and almond milk products. In a talk hosted by Politico, FDA Commissioner Scott Gottlieb announced Tuesday that the FDA will soon issue a new guidance on the use of the term. But he added that products aren't abiding by FDA policies as they stand now. He referenced a so-called "standard of identity" policy that regulates how milk is defined and should be identified. "If you look at our standard of identity -- there is a reference somewhere in the standard of identity to a lactating animal," he said. "And, you know, an almond doesn't lactate, I will confess." He went on to explain that the issue is that the agency hasn't been enforcing its own policy or putting the squeeze on product makers -- and that it's time to get abreast of the labeling language. But, he admitted, curtailing the wording of non-moo juice labeling isn't an easy task because it means that the agency has to change its "regulatory posture." "I can't just do it unilaterally," Gottlieb said. Hence, the agency is putting together a new guidance for manufacturers to help skim the fat from the market. Gottlieb said the agency will soon tap the public for comments on the terminology and hopes to wring out a new policy within a year.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Popular Mechanics: A salvage company has located the remains of a Russian warship lost during the the Russo-Japanese War. The battle-damaged cruiser Dmitrii Donskoi was scuttled off the coast of Korea in 1905, reportedly carrying a cargo of gold worth an estimated $130 billion in today's dollars. An international consortium of companies plans to salvage the gold. According to the Telegraph, the Donskoi was found less than a mile off the coast of Ulleung island, at a depth of 1,423 feet in the Sea of Japan. A submersible descended to the wreck and captured an image of the ship's name on the stern in the Cyrillic alphabet. The South Korean Shinil Group, which discovered the wreck, plans to recover the gold sometime later this year with help from companies in China, Canada, and the U.K. At the time of her sinking Donskoi was reportedly carrying 5,500 boxes of gold bars and 200 tons of gold coins with a street value today of $130 billion. That's more than twice Russia's 2017 defense budget, which was $61 billion. If the treasure does materialize, the Russian government will receive half of the recovered amount. The money that's not going to Russia will reportedly be invested in a railroad line linking North Korea, South Korea, and Russia. A small percentage (10%) will also be invested in tourism projects on Ulleungdo Island, including a museum dedicated to the vessel.

Read more of this story at Slashdot.

Facebook has repeatedly referenced to lawmakers a "threshold" that must be reached before the platform decides to ban a particular page for violating the site's policies, but it hasn't discussed its guidelines publicly. Motherboard has obtained internal Facebook documents laying out what this threshold is for multiple types of different content, including some instances of hate speech. From the report: One Facebook moderator training document for hate speech says that for Pages -- Facebook's feature for sections dedicated to, say, a band, organization, public figure, or business -- the Page admin has to receive 5 "strikes" within 90 days for the Page itself to be deleted. Alternatively, Facebook moderators are told to remove a Page if at least 30 percent of the content posted by other people within 90 days violates Facebook's community standards. A similar 30 percent-or-over policy exists for Facebook Groups, according to the document. In a similar vein, another hate speech document says that a profile should be taken down if there are 5 or more pieces of content from the user which indicate hate propaganda, photos of the user present with another identifiable leader, or other related violations. Although the documents obtained by Motherboard were created recently, Facebook's policies change regularly, so whether these exact parameters remain in force is unclear. Of course this still depends on moderators identifying and labeling posts as violating to reach that threshold. [...] Another document focused on sexual content says moderators should unpublish Pages and Groups under the basis of sexual solicitation if there are over 2 "elements," such as the Page description, title, photo, or pinned post, that include either explicit solicitation of nude imagery, or, if the page is more subtle, includes either a method of contact or a location. This slide again reiterates the over 30 percent and 5 admin posts rules found in the hate speech document.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Engadget: Yesterday, during the Joint Conference on Artificial Intelligence, the Future of Life Institute announced that more than 2,400 individuals and 160 companies and organizations have signed a pledge, declaring that they will "neither participate in nor support the development, manufacture, trade or use of lethal autonomous weapons." The signatories, representing 90 countries, also call on governments to pass laws against such weapons. Google DeepMind and the Xprize Foundation are among the groups who've signed on while Elon Musk and DeepMind co-founders Demis Hassabis, Shane Legg and Mustafa Suleyman have made the pledge as well. "Thousands of AI researchers agree that by removing the risk, attributability and difficulty of taking human lives, lethal autonomous weapons could become powerful instruments of violence and oppression, especially when linked to surveillance and data systems," says the pledge. It adds that those who sign agree that "the decision to take a human life should never be delegated to a machine." "I'm excited to see AI leaders shifting from talk to action, implementing a policy that politicians have thus far failed to put into effect," Future of Life Institute President Max Tegmark said in a statement. "AI has huge potential to help the world -- if we stigmatize and prevent its abuse. AI weapons that autonomously decide to kill people are as disgusting and destabilizing as bioweapons, and should be dealt with in the same way."

Read more of this story at Slashdot.

On Monday, IBM asked a jury to award the company $167 million in a lawsuit against deals site Groupon for using patented technology without authorization. The patents involve e-commerce technology that had already been licensed to Amazon, Facebook, and Alphabet for between $20 million and $50 million per company. "Most big companies have taken licenses to these patents," IBM's lawyer, John Desmarais, said. "Groupon has not. The new kid on the block refuses to take responsibility for using these inventions." Reuters reports: Groupon lawyer J. David Hadden argued that IBM was overreading the scope of its patents and claiming ownership of building blocks of the internet. "A key question for you in this case is whether these patents cover the world wide web," Hadden told jurors. "They do not and that is because IBM did not invent the world wide web." An IBM executive is expected to testify during the two-week trial about licensing deals with technology companies like Amazon and Google, providing a rare glimpse into IBM's efforts to derive revenue from its large patent portfolio. The Armonk, New York-based company invests heavily in research and development and has secured more U.S. patents than any other company for the past 25 years.

Read more of this story at Slashdot.

Hackers account for 90% of of e-commerce sites' global login traffic, according to a report by cyber security firm Shape Security. They reportedly use programs to apply stolen data acquired on the dark web -- all in an effort to login to websites and grab something of value like cash, airline points, or merchandise. Quartz reports: These attacks are successful as often as 3% of the time, and the costs quickly add up for businesses, Shape says. This type of fraud costs the e-commerce sector about $6 billion a year, while the consumer banking industry loses out on about $1.7 billion annually. The hotel and airline businesses are also major targets -- the theft of loyalty points is a thing -- costing a combined $700 million every year. The process starts when hackers break into databases and steal login information. Some of the best known "data spills" took place at Equifax and Yahoo, but they happen fairly regularly -- there were 51 reported breaches last year, compromising 2.3 billion credentials, according to Shape. Taking over bank accounts is one way to monetize stolen login information -- in the US, community banks are attacked far more than any other industry group. According to Shape's data, that sector is attacked more than 200 million times each day. Shape says the number of reported credential breaches was roughly stable at 51 last year, compared with 52 in 2016. The best way consumers can minimize these attacks is by changing their passwords.

Read more of this story at Slashdot.

An anonymous reader shares a report: RoboCent, a Virginia Beach-based political robocall firm, has exposed the personal details of hundreds of thousands of US voters, according to the findings of a security researcher who stumbled upon the company's database online. The researcher, Bob Diachenko of Kromtech Security, says he discovered the data using a recently launched online service called GrayhatWarfare that allows users to search publicly exposed Amazon Web Services data storage buckets. Such buckets should never be left exposed to public access, as they could hold sensitive data.

Read more of this story at Slashdot.

Six months ago Apple caused controversy by announcing its intentions to move Chinese users' iCloud keys out of the US and into China, in order to comply with Chinese law. From a report: Now, that data, which includes emails, text messages and pictures, is being looked after by government-owned mobile operator China Telecom. And users and human rights activists alike have big concerns. The move has unsurprisingly been praised by state media, with Chinese consumers being told they can now expect faster speeds and greater connectivity. But as comments on Weibo (China's equivalent of Twitter) reveal, users have major privacy worries, claiming the government -- known for its extreme citizen surveillance methods -- will now be able to check personal data whenever it wishes.

Read more of this story at Slashdot.

Jeff Grubb, reporting for VentureBeat: Over the weekend, some thrifty gamers spotted a deal on Amazon. A downloadable version of the tough strategy survival sim Frostpunk was available on the Amazon Marketplace from a third-party seller for $3, which is a 90 percent discount from the standard $30 price. But after looking into the game, some customers who dropped the three bucks had some questions. For example, why does the metadata for this version of Frostpunk refer to the DRM-free version that people can buy from GOG. [...] So I reached out to Amazon, and it provided the following statement from a company spokesperson: "Our customers trust that when they make a purchase through Amazon's store --either directly from Amazon or from its third-party sellers -- they will receive authentic products, and we take any claims that endanger that trust seriously. We strictly prohibit the sale of counterfeit products, and these games have been removed." That's all it would say on this.

Read more of this story at Slashdot.

The 2nd Circuit denies an immediate appeal in a case that challenges how news organizations used embedded photos of Tom Brady. The Hollywood Reporter: Back in February, a New York judge caused a bit of a freakout by issuing a copyright decision regarding the embedding of a copyrighted photo of NFL superstar Tom Brady. Now comes another surprise with potentially big ramifications to the future of embedding and in-line linking: The 2nd Circuit Court of Appeals has denied an interlocutory appeal. Justin Goldman is the plaintiff in the lawsuit after finding the photo of the New England Patriots quarterback he shot and uploaded to Snapchat go viral. Many news organizations embedded social media posts that took Goldman's photo in stories about whether the Boston Celtics would recruit NBA star Kevin Durant with Brady's assistance. Breitbart, Heavy, Time, Yahoo, Vox Media, Gannett Company, Herald Media, Boston Globe Media Partners and New England Sports Network were defendants in the lawsuit, but many of these companies have since settled. Heavy has not, and in February, U.S. District Court Judge Katherine Forrest shocked many legal observers with a decision that refused to apply the "Server Test," where the direct liability of a website publisher for copyright infringement turns on whether the image is hosted on the publisher's own server or is embedded or linked from a third-party server. Although the Server Test has been adopted in other jurisdictions, Forrest wrote, "The plain language of the Copyright Act, the legislative history undergirding its enactment, and subsequent Supreme Court jurisprudence provide no basis for a rule that allows the physical location or possession of an image to determine who may or may not have 'displayed' a work within the meaning of the Copyright Act." She added, "Nowhere does the Copyright Act suggest that possession of an image is necessary in order to display it. Indeed, the purpose and language of the Act support the opposite view."

Read more of this story at Slashdot.

Lorenzo Franceschi-Bicchierai of Motherboard has a chilling story on how hackers flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victim's weakness? Phone numbers. He writes: First, criminals call a cell phone carrier's tech support number pretending to be their target. They explain to the company's employee that they "lost" their SIM card, requesting their phone number be transferred, or ported, to a new SIM card that the hackers themselves already own. With a bit of social engineering -- perhaps by providing the victim's Social Security Number or home address (which is often available from one of the many data breaches that have happened in the last few years) -- the criminals convince the employee that they really are who they claim to be, at which point the employee ports the phone number to the new SIM card. Game over.

Read more of this story at Slashdot.