aggregator

An anonymous reader quotes a report from Motherboard: Tuesday, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against AT&T and two data brokers over their sale of AT&T customers' real-time location data. The lawsuit seeks an injunction against AT&T, which would ban the company from selling any more customer location data and ensure that any already sold data is destroyed. The move comes after multiple Motherboard investigations found AT&T, T-Mobile, Sprint, and Verizon sold their customers' data to so-called location aggregators, which then ended up in the hands of bounty hunters and bail bondsman. The lawsuit, focused on those impacted in California, represents three Californian AT&T customers. Katherine Scott, Carolyn Jewel, and George Pontis are all AT&T customers who were unaware the company sold access to their location. The class action complaint says the three didn't consent to the sale of their location data. The complaint alleges that AT&T violated the Federal Communications Act by not properly protecting customers' real-time location data; and the California Unfair Competition Law and the California Consumers Legal Remedies Act for misleading its customers around the sale of such data. It also alleges AT&T and the location aggregators it sold data through violated the California Constitutional Right to Privacy. The lawsuit highlights AT&T's Privacy Policy that says "We will not sell your personal information to anyone, for any purpose. Period." An AT&T spokesperson said in a statement "While we haven't seen this complaint, based on our understanding of what it alleges we will fight it. Location-based services like roadside assistance, fraud protection, and medical device alerts have clear and even life-saving benefits. We only share location data with customer consent. We stopped sharing location data with aggregators after reports of misuse."

Read more of this story at Slashdot.

A broker that helped sell AT&T customers' real-time location data says it will fight a class action lawsuit against it. From a report: The broker, called LocationSmart, was involved in a number of data selling and cybersecurity incidents, including selling location data that ended up in the hands of bounty hunters. "LocationSmart will fight this lawsuit because the allegations of wrongdoing are meritless and rest on recycled falsehoods," a LocationSmart spokesperson said in an emailed statement. LocationSmart did not point to any specific part of the lawsuit to support these claims. On Tuesday, activist group the Electronic Frontier Foundation (EFF) and law firm Pierce Bainbridge filed a class action lawsuit against LocationSmart, another data broker called Zumigo, and telecom giant AT&T. The lawsuit's plaintiffs are three California residents who say they did not consent to AT&T selling their real-time location data through the data brokers. The lawsuit alleges all three companies violated the California Constitutional Right to Privacy, and seeks monetary damages as well as an injunction against AT&T to ensure the deletion of any sold data.

Read more of this story at Slashdot.

An anonymous reader shares a report: A former Microsoft worker has been arrested and charged with mail fraud, in an alleged scheme to steal $10 million worth of digital currency from his ex-employer and use the funds to finance extravagant purchases, including a Tesla and lakefront home. Volodymyr Kvashuk, a 25-year-old software developer and Ukrainian citizen who worked for Microsoft from 2016 to 2018, allegedly took advantage of a testing program meant to simulate customer purchases. He made test accounts to obtain Microsoft gift cards and then sold some or all of them through online resellers.

Read more of this story at Slashdot.

The database of Bulgaria's National Revenue Agency (NRA), which was hacked over the weekend and sent to local reporters, is now being shared on hacking forums, ZDNet has learned from sources in the threat intelligence community. From a report: Download links to the hacked database have been shared by a hacked data trader known as Instakilla, believed to be operating out of Bulgaria. ZDNet obtained a copy of the database and verified its authenticity with local sources, and this is a copy of the same database sent to local media over the weekend. The database contains 57 folders, 10.7 GB in size, and holds personal and financial information consistent with what Bulgarian newspapers reported receiving over the weekend. This includes personally identifiable information, tax information, from both the NRA, and from other government agencies who shared their data.

Read more of this story at Slashdot.

Todd Austin, a professor at the University of Michigan, is working on an approach known as Morpheus that aims to frustrate hackers trying to gain control of microchips by presenting them with a rapidly changing target. At a conference in Detroit this week organized by the U.S. Defense Department's Defense Advanced Research Projects Agency (DARPA), Austin described how the prototype Morpheus chip works. MIT Technology Review reports: The aim is to make it incredibly difficult for hackers to exploit key software that helps govern the chip's operation. Morpheus does this by repeatedly randomizing elements of the code that attackers need access to in order to compromise the hardware. This can be achieved without disrupting the software applications that are powered by the processor. Austin has been able to get the chip's code "churning" to happen once every 50 milliseconds -- way faster than needed to frustrate the most powerful automated hacking tools. So even if hackers find a vulnerability, the information needed to exploit it disappears in the blink of an eye. There's a cost to all this: the technology causes a slight drop in performance and requires somewhat bigger chips. The military may accept this trade-off in return for greater security on the battlefield, but it could limit Morpheus's appeal to businesses and consumers. Austin said a prototype has already resisted every known variant of a widely-used hacking technique known as a control-flow attack, which does things like tampering with the way a processor handles memory in order to allow hackers to sneak in malware. More tests lie ahead. A team of U.S. national security experts will soon begin probing the prototype chip to see if they can compromise its defenses, and Austin also plans to post some of Morpheus's code online so that other researchers can try to find flaws in it, too.

Read more of this story at Slashdot.

Oakland, California has followed San Francisco and Somerville, Massachusetts in banning the use of facial recognition in public spaces. Motherboard reports: A city ordinance passed Tuesday night which prohibits the city of Oakland from "acquiring, obtaining, retaining, requesting, or accessing" facial recognition technology, which it defines as "an automated or semi-automated process that assists in identifying or verifying an individual based on an individual's face." The ordinance amends a 2018 law which requires any city staff member to get approval from the chair of Oakland's Privacy Advisory Commission before "seeking or soliciting funds" for surveillance technology. State and federal funding for surveillance technology must also be approved by the chair, per the ordinance. According to a public memo by Rebecca Kaplan, Oakland City Council President, the ban was instituted on the basis that facial recognition is often inaccurate, lacks established ethical standards, is invasive in nature, and has a high potential for government abuse.

Read more of this story at Slashdot.

An executive at Google said the company's plan to launch a censored search engine in China has been "terminated." The project was reportedly put on hold last year but rumors that it remained active persisted. From a report: "We have terminated Project Dragonfly," Google executive Karan Bhatia told the U.S. Senate Judiciary Committee. Buzzfeed, which reported the new comments, said it was the first public confirmation that Dragonfly had ended. A spokesman for Google later confirmed to the site that Google currently had no plans to launch search in China and that no work was being done to that end.

Read more of this story at Slashdot.

A flaw in the Bluetooth communication protocol may expose modern device users to tracking and could leak their ID, researchers claim. From a report: The vulnerability can be used to spy on users despite native OS protections that are in place and impacts Bluetooth devices on Windows 10, iOS, and macOS machines. This includes iPhones, iPads, Apple Watch models, MacBooks, and Microsoft tablets & laptops. On Wednesday, researchers from Boston University David Starobinski and Johannes Becker presented the results of their research at the 19th Privacy Enhancing Technologies Symposium, taking place in Stockholm, Sweden. According to the research paper, Tracking Anonymized Bluetooth Devices, many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but the team found that it is possible to circumvent the randomization of these addresses to permanently monitor a specific device. Android is immune as the OS does not continually send out advertising messages, the researchers said.

Read more of this story at Slashdot.

FaceApp, an app that applies filters to photos, is having another moment in the spotlight this week. An anonymous reader shares a report: The app has gone viral again after first doing so two years ago or so. The effect has gotten better but these apps, like many other one-off viral apps, tend to come and go in waves driven by influencer networks or paid promotion. We first covered this particular AI photo editor from a team of Russian developers about two years ago. It has gone viral again now due to some features that allow you to edit a person's face to make it appear older or younger. You may remember at one point it had an issue because it enabled what amounted to digital blackface by changing a person from one ethnicity to another. In this current wave of virality, some new questions are floating around about FaceApp. The first is whether it uploads your camera roll in the background. We found no evidence of this and neither did security researcher and Guardian App CEO Will Strafach or researcher Baptiste Robert. The second is how it allows you to pick photos without giving photo access to the app.

Read more of this story at Slashdot.

President Trump said this week his administration will "take a look" into Google following statements made earlier this week by billionaire tech investor Peter Thiel. From a report: "Billionaire Tech Investor Peter Thiel believes Google should be investigated for treason," Trump said in a tweet. "He accuses Google of working with the Chinese Government... A great and brilliant guy who knows this subject better than anyone! The Trump Administration will take a look!" On Sunday, Thiel, a Facebook board member, said that the FBI and the CIA should investigate Google to see if it has been infiltrated by Chinese intelligence. "Number one, how many foreign intelligence agencies have infiltrated your Manhattan Project for AI (artificial intelligence)?" Thiel said, according to Axios. "Number two, does Google's senior management consider itself to have been thoroughly infiltrated by Chinese intelligence? Number three, is it because they consider themselves to be so thoroughly infiltrated that they have engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military," Thiel said during the National Conservatism Conference in Washington.

Read more of this story at Slashdot.

Former Supreme Court Justice John Paul Stevens passed away Tuesday evening of complications following a stroke he suffered on July 15. He was 99 years old. An anonymous Slashdot reader shares a lightly edited version of Ars Technica's 2010 story that originally marked his retirement from the Supreme Court: In April 2010, the Supreme Court's most senior justice, John Paul Stevens, announced his retirement. In the weeks that followed, hundreds of articles were written about his career and his legacy. While most articles focus on 'hot button' issues such as flag burning, terrorism, and affirmative action, Stevens' tech policy record has largely been ignored. When Justice Stevens joined the court, many of the technologies we now take for granted -- the PC, packet-switched networks, home video recording -- were in their infancy. During his 35-year tenure on the bench, Stevens penned decisions that laid the foundation for the tremendous innovations that followed in each of these areas. For example, Stevens penned the 1978 decision that shielded the software industry from the patent system in its formative years. In 1984, Hollywood's effort to ban the VCR failed by just one Supreme Court vote; Stevens wrote the majority opinion. And in 1997, he wrote the majority opinion striking down the worst provisions of the Communications Decency Act and ensuring that the Internet would have robust First Amendment protections. Indeed, Justice Stevens probably deserves more credit than any other justice for the innovations that occurred under his watch. And given how central those technologies have become to the American economy, Stevens' tech policy work may prove one of his most enduring legacies. In this feature, we review Justice Stevens' tech policy decisions and salute the justice who helped make possible DRM-free media devices, uncensored Internet connections, free software, and much more. As the report mentions, Stevens was the Supreme Court's cryptographer. "Stevens attended the University of Chicago, graduating in 1941. On December 6 -- the day before the Japanese attacked Pearl Harbor -- Stevens enrolled in the Navy's correspondence course on cryptography." "Stevens spent the war in a Navy bunker in Hawaii, doing traffic analysis in an effort to determine the location of Japanese ships," the report adds. "He was an English major, not a mathematician, but he proved to have a knack for cryptographic work."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: More than 220,000 unserved rural homes and businesses in 24 states will get broadband access because of funding authorized yesterday by the Federal Communications Commission, the agency said. In all, the FCC authorized more than $563 million for distribution to ISPs over the next decade. It's the latest payout from the commission's Connect America Fund, which was created in 2011. Under program rules, ISPs that receive funding must build out to 40 percent of the required homes and businesses within three years and an additional 20 percent each year until completing the buildout at the end of the sixth year. The money is being distributed primarily to smaller ISPs in Alabama, Arkansas, California, Colorado, Delaware, Illinois, Indiana, Iowa, Kansas, Kentucky, Maryland, Michigan, Minnesota, Mississippi, Missouri, Nebraska, Nevada, New York, North Carolina, North Dakota, Ohio, Oklahoma, Texas, and Virginia. Verizon, which is getting $18.5 million to serve 7,767 homes and businesses in New York, is the biggest home Internet provider on the list. All the ISPs committed to provide speeds of at least 25Mbps downstream and 3Mbps upstream, but many of the funded projects are for higher speeds of 100Mbps/20Mbps or 1Gbps/500Mbps. Speeds promised by each ISP are detailed in the two announcements.

Read more of this story at Slashdot.

On Saturday night in New York City a power outage struck Midtown Manhattan, hitting Hell's Kitchen north to Lincoln Center and from Fifth Avenue west to the Hudson River. The blackout darkened the huge, electric billboards of Times Square, forced Broadway shows to cancel performances, and even disabled some subway lines. But what caused it? From a report: According to reports, the outage was caused by a transformer fire within the affected region. Power was fully restored by early the following morning. [...] Saturday's blackout was most likely caused by a disabled transformer at an area substation. There are at least 50 of those in New York City, which are fed in turn by at least 24, higher-voltage transmission substations. When it comes to power, New York is unusual because of the city's age and the density of its population, both residential and commercial. That produces different risks and consequences. In Atlanta, where I live, storms often down trees, which take out aboveground power lines. In the West, where wildfires are becoming more common, flames frequently dismantle power infrastructure (sometimes the power lines themselves cause the fires). But across the whole of New York City -- not just Manhattan -- more than 80 percent of both customers and the electrical load are serviced by underground distribution from area substations. That makes smaller problems less frequent, but bigger issues more severe. When a transformer goes down in a populous place like Manhattan, it has a greater impact than it would on Long Island, say, or in Westchester County, where density is lower. The amount of power that central Manhattan uses on a regular basis also contributes to that impact. Times Square, the theater district, hundreds of skyscrapers -- it's a substantial load. In New York's case, supplying that load is not usually the problem. Generating facilities can be located near or far away from where their power is used, and New York City draws power from a couple dozen plants. Some of it is imported from upstate. But much of New York's power is still generated locally, in large part at plants along the waterfront of Queens. Those plants are older, and more susceptible to disruption from local calamities, especially severe weather. When peak demand surges -- most common during heat waves, such as the ones that struck the region in 2006 and 2011 -- the older, less efficient generating stations have a harder time keeping up, and brownouts or blackouts become more likely. [...] But new risks associated with climate change, cyberwarfare, and other factors haven't necessarily been accounted for in the design and operation of utility infrastructure. The perils build on one another. Climate change amplifies the frequency of heat waves, which increases electrical load, which puts greater pressure on infrastructure. At the same time, it increases the likelihood of superstorms that can cause flooding, fire, and other disasters that might disrupt nodes in the network. When utility operators designed their equipment years or decades ago, they made assumptions about load, storm surge, and other factors. Those estimates might no longer apply.

Read more of this story at Slashdot.

Rhode Island is one of about a dozen states that prohibit the release of 911 recordings or transcripts without the written consent of the caller or by court order. The goal generally is to protect the privacy of callers in what may be one of the most stressful moments of their lives. From a report: But Rhode Island's restrictive law also keeps families in the dark about how the state's 911 system has responded to calls involving their loved ones, and it has left the public oblivious to troubling gaps in how the system is performing, according to an investigation by The Public's Radio and ProPublica. In March, the news organizations reported on the 2018 death of a 6-month-old baby in Warwick after a Rhode Island 911 call taker failed to give CPR instructions to the family. The lapse came to light after a family member who took part in the 911 call requested a copy of the recording. In June, the news organizations reported on the death of Rena Fleury, a 45-year-old woman who collapsed while watching her son's high school football game in Cumberland last year. Four unidentified bystanders called 911. But none of the 911 call takers recognized that Fleury was in cardiac arrest. And none of them instructed the callers to perform CPR. The 911 recordings for Fleury were never made public. An emergency physician who treated Fleury testified about what happened during a state House committee hearing in March. Across the country, recordings of 911 calls for accidents, medical emergencies, mass shootings and natural disasters have provided insight into the workings of public safety systems and, in some cases, revealed critical failings.

Read more of this story at Slashdot.

US mobile network operator Sprint said hackers broke into an unknown number of customer accounts via the Samsung.com "add a line" website. From a report: "On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com 'add a line' website," Sprint said in a letter it is sending impacted customers. "The personal information of yours that may have been viewed includes the following: phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services," the US telco said. Sprint said the information hackers had access to did not pose "a substantial risk of fraud or identity theft," although, many might disagree with its assessment. The company said it re-secured all compromised accounts by resetting PIN codes, three days later, on June 25.

Read more of this story at Slashdot.

Android app developers intentionally delayed updating their applications to work on top of Android 6.0, so they could continue to have access to an older permission-requesting mechanism that granted them easy access to large quantities of user data, research published by the University of Maryland last month has revealed. From a report: The central focus of this research was the release of Android (Marshmallow) 6.0 in October 2015. The main innovation added in Android 6.0 was the ability for users to approve app permissions on a per-permission basis, selecting which permissions they wanted to allow an app to have. [...] In research published in June, two University of Maryland academics say they conducted tests between April 2016 and March 2018 to see how many apps initially coded to work on older Android SDKs were updated to work on the newer Android 6.0 SDK. The research duo says they installed 13,599 of the most popular Android apps on test devices. Each month, the research team would update the apps and scan the apps' code to see if they were updated for the newer Android 6.0 release. "We find that an app's likelihood of delaying upgrade to the latest platform version increases with an increase in the ratio of dangerous permissions sought by the apps, indicating that apps prefer to retain control over access to the users' private information," said Raveesh K. Mayya and Siva Viswanathan, the two academics behind the research.

Read more of this story at Slashdot.

Amazon.com has a promotion for U.S. shoppers on Prime Day, the 48-hour marketing blitz that started Monday: Earn $10 of credit if you let Amazon track the websites you visit. From a report: The deal is for new installations of the Amazon Assistant, a comparison-shopping tool that customers can add to their web browsers. It fetches Amazon's price for products that users see on Walmart.com, Target.com and elsewhere. In order to work, the assistant needs access to users' web activity, including the links and some page content they view. The catch, as Amazon explains in the fine print, is the company can use this data to improve its general marketing, products and services, unrelated to the shopping assistant. The terms underscore the power consumers routinely give to Amazon and other big technology companies when using their free services. In this case, Amazon gains potential insight into how it should tailor marketing and how it could stamp out the retail competition.

Read more of this story at Slashdot.

An anonymous reader quotes a report from CNBC: Wind turbines in Scotland generated 9,831,320 megawatt hours between January and June 2019, WWF Scotland said Monday. The numbers, which were supplied by WeatherEnergy, mean that Scottish wind generated enough electricity to power the equivalent of 4.47 million homes for six months. That is almost double the number of homes in Scotland, according to WWF Scotland. By 2030, the Scottish government says it wants to produce half of the country's energy consumption from renewables. It is also targeting an "almost completely" decarbonized energy system by 2050. "Up and down the country, we are all benefiting from cleaner energy and so is the climate," Robin Parker, climate and energy policy manager at WWF Scotland, said in a statement Monday. "These figures show harnessing Scotland's plentiful onshore wind potential can provide clean, green electricity for millions of homes across not only Scotland, but England as well," Parker added.

Read more of this story at Slashdot.

In a press conference Monday, Treasury Secretary Steven Mnuchin said Facebook's proposed digital currency, Libra, "could be misused by money launderers and terrorist financiers" and that it was a "national security issue." CNBC reports: "Cryptocurrencies such as bitcoin have been exploited to support billions of dollars of illicit activity like cyber crime, tax evasion, extortion, ransomware, illicit drugs and human trafficking," Mnuchin said, adding that he is "not comfortable today" with Facebook's launch. "They have a lot of work to do," he said. The press conference comes days after President Donald Trump said in a tweet that he was "not a fan" of cryptocurrencies like bitcoin. He also suggested Facebook, which plans on launching the global cryptocurrency next year, would need a bank charter to do so. Bitcoin dropped sharply on Monday following the president's criticism on Twitter. The world's first and most valuable digital currency fell roughly 10% to a low of $9,872 to start the week. "The president does have concerns as it relates to bitcoin and cryptocurrencies -- those are legitimate concerns that we have been working on for a long period of time," Mnuchin said. In response to the Treasury secretary's comments, Facebook told CNBC that "they anticipated critical feedback from regulators, central banks, lawmakers around the world." The tech giant also said they announced Libra a year before its anticipated launch date, "so that we could have those conversations."

Read more of this story at Slashdot.

Fun and games on Facebook may have serious consequences for the foolish. That was the message delivered by the US Air Force, who have responded to a Facebook's group's efforts to have 450,000 people storm a top secret military base. From a report: Conspiracy theorists have always believed that Area 51 in Nevada holds information about extra-terrestrial activities on our planet, possibly including actual alien remains and aircraft. That belief spawned a Facebook group suggesting that a wave of humanity could overwhelm the defenses at the base and discover the truth. More than 400,000 people have joined a Facebook event page calling for storming Area 51, with many more indicating interest. The proposed event is scheduled for Sept. 20. "We will all meet up at the Area 51 Alien Center tourist attraction and coordinate our entry," the event description reads. "If we naruto run, we can move faster than their bullets. Lets see them aliens."

Read more of this story at Slashdot.