aggregator

Security Firm Keeper Sues News Reporter Over Vulnerability Story

Slashdot - Your Rights Online - Cz, 2017-12-21 17:20
Zack Whittaker, writing for ZDNet: Keeper, a password manager software maker, has filed a lawsuit against a news reporter and its publication after a story was posted reporting a vulnerability disclosure. Dan Goodin, security editor at Ars Technica, was named defendant in a suit filed Tuesday by Chicago-based Keeper Security, which accused Goodin of "false and misleading statements" about the company's password manager. Goodin's story, posted December 15, cited Google security researcher Tavis Ormandy, who said in a vulnerability disclosure report he posted a day earlier that a security flaw in Keeper allowed "any website to steal any password" through the password manager's browser extension.

Read more of this story at Slashdot.

Windows 10 Facial Recognition Feature Can Be Bypassed with a Photo

Slashdot - Your Rights Online - Cz, 2017-12-21 16:00
Windows Hello, the face scanning security feature in Windows 10, has been defeated with the use of a printed out picture. From a report: In a report published yesterday, German pen-testing company SySS GmbH says it discovered that Windows Hello is vulnerable to the simplest and most common attack against facial recognition biometrics software -- the doomsday scenario of using a printed photo of the device's owner. Researchers say that by using a laser color printout of a low-resolution (340x340 pixels) photo of the device owner's face, modified to the near IR spectrum, they were able to unlock several Windows devices where Windows Hello had been previously activated. The attack worked even if the "enhanced anti-spoofing" feature had been enabled in the Windows Hello settings panel, albeit for these attacks SySS researchers said they needed a photo of a higher resolution of 480x480 pixels (which in reality is still a low-resolution photo). [...] Microsoft released updates earlier this month to patch the vulnerability.

Read more of this story at Slashdot.

Dozens of Companies Are Using Facebook To Exclude Older Workers From Job Ads

Slashdot - Your Rights Online - Cz, 2017-12-21 15:00
An anonymous reader quotes a report from ProPublica: Verizon is among dozens of the nation's leading employers -- including Amazon, Goldman Sachs, Target and Facebook itself -- that placed recruitment ads limited to particular age groups, an investigation by ProPublica and The New York Times has found. The ability of advertisers to deliver their message to the precise audience most likely to respond is the cornerstone of Facebook's business model. But using the system to expose job opportunities only to certain age groups has raised concerns about fairness to older workers. Several experts questioned whether the practice is in keeping with the federal Age Discrimination in Employment Act of 1967, which prohibits bias against people 40 or older in hiring or employment. Many jurisdictions make it a crime to "aid" or "abet" age discrimination, a provision that could apply to companies like Facebook that distribute job ads. Facebook defended the practice. "Used responsibly, age-based targeting for employment purposes is an accepted industry practice and for good reason: it helps employers recruit and people of all ages find work," said Rob Goldman, a Facebook vice president. The revelations come at a time when the unregulated power of the tech companies is under increased scrutiny, and Congress is weighing whether to limit the immunity that it granted to tech companies in 1996 for third-party content on their platforms.

Read more of this story at Slashdot.

Youbit Shuts Down Cryptocurrency Exchange After Second Hack, Files For Bankruptcy

Slashdot - Your Rights Online - Cz, 2017-12-21 03:25
phalse phace writes: After experiencing another hack, South Korean crypto-currency exchange Youbit has closed their doors and is filing for bankruptcy. BBC reports: "Youbit, which lets people buy and sell bitcoins and other virtual currencies, has filed for bankruptcy after losing 17% of its assets in the cyber-attack. It did not disclose how much the assets were worth at the time of the attack. In April, Youbit, formerly called Yapizon, lost 4,000 bitcoins now worth $73 million to cyberthieves. South Korea's Internet and Security Agency (Kisa) which investigates net crime, said it had started an enquiry into how the thieves gained access to the exchange's core systems. Kisa blamed the earlier attack on Youbit on cyber-spies working for North Korea. Separate, more recent, attacks on the Bithumb and Coinis exchanges, have also been blamed on the regime. No information has been released about who might have been behind the latest Youbit attack. In a statement, Youbit said that customers would get back about 75% of the value of the crypto-currency they have lodged with the exchange."

Read more of this story at Slashdot.

Cable TV's Password-Sharing Crackdown Is Coming

Slashdot - Your Rights Online - Cz, 2017-12-21 01:20
Charter Communications' CEO, Tom Rutledge, is leading an industrywide effort to crack down on password sharing. It's a growing problem that could cost pay-TV companies millions of subscribers -- and billions of dollars in revenue -- when they can least afford it. Bloomberg reports: Cable and satellite carriers in North America have lost 3 million customers this year alone. But the prevalence of password sharing suggests many of those customers, and possibly many more, are watching popular shows like "The Walking Dead" for free, robbing pay-TV providers and programmers of paying subscribers and advertising dollars. Most pay-TV companies only require users to re-enter their passwords for each device once a year. During contract negotiations this fall, Charter urged Viacom Inc., home of Comedy Central and MTV, to help limit illicit password swapping. The cable company wants programmers to restrict the number of concurrent streams on their apps and force legitimate subscribers to log in more often, according to two people familiar with the matter who asked not to be identified discussing private deliberations. ESPN, meanwhile, has reduced the number of simultaneous streams that it allows on its app to five from 10 and is considering cutting that to three, Connolly said. ESPN wants to work more closely with distributors to validate subscribers when there are high volumes of streaming on its app outside the cable company's territory.

Read more of this story at Slashdot.

Firefox Prepares To Mark All HTTP Sites 'Not Secure' After HTTPS Adoption Rises

Slashdot - Your Rights Online - Cz, 2017-12-21 00:40
An anonymous reader quotes a report from Bleeping Computer: The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default, and Mozilla is taking the first steps. The current Firefox Nightly Edition (version 59) includes a secret configuration option that when activated will show a visible visual indicator that the current page is not secure. In its current form, this visual indicator is a red line striking through a classic lock that's normally used to signal the presence of encrypted HTTPS pages. According to Let's Encrypt, 67% of web pages loaded by Firefox in November 2017 used HTTPS, compared to only 45% at the end of last year.

Read more of this story at Slashdot.

The UK Decides 10 Mbps Broadband Should Be a Legal Right

Slashdot - Your Rights Online - Śr, 2017-12-20 18:40
British homes and businesses will have a legal right to high-speed broadband by 2020, the government said Wednesday, dismissing calls from the network provider BT that it should be a voluntary rather than legal obligation on providers. From a report: Ministers originally considered adopting BT's voluntary offer, which would have seen it spend up to 600 million pound ($804 million) giving 1.4 million rural residents access to speeds of at least 10 Mbps. However, in a statement today, the government confirmed that it now will go down the regulatory route as it provides "sufficient certainty and the legal enforceability that is required to ensure high speed broadband access for the whole of the UK by 2020." Culture Secretary Karen Bradley said: "We know how important broadband is to homes and businesses and we want everyone to benefit from a fast and reliable connection. We are grateful to BT for their proposal but have decided that only a regulatory approach will make high speed broadband a reality for everyone in the UK, regardless of where they live or work."

Read more of this story at Slashdot.

Republican Lawmaker Introduces Net Neutrality Legislation

Slashdot - Your Rights Online - Śr, 2017-12-20 15:00
An anonymous reader quotes a report from Variety: Rep. Marsha Blackburn (R-Tenn.) introduced net neutrality legislation on Tuesday that prohibits internet providers from blocking and throttling content, but does not address whether ISPs can create so-called "fast lanes" of traffic for sites willing to pay for it. The legislation also would require that ISPs disclose their terms of service, and ensure that federal law preempts any state efforts to establish rules of the road for internet traffic. "A lot of our innovators are saying, 'Let's go with things we have agreement on, and other things can be addressed later,'" Blackburn told Variety. She said that she was "very hopeful" about the prospects for the legislation because "an open internet and preserving that open internet is what people want to see happen. Let's preserve it. Let's nail it down. Let's stop the ping-ponging from one FCC commission to another. This is something where the Congress should act." Blackburn chairs a House subcommittee on communications and technology.

Read more of this story at Slashdot.

France Passes Law To Ban All Oil, Gas Production By 2040

Slashdot - Your Rights Online - Śr, 2017-12-20 05:30
An anonymous reader quotes a report from CBS News: France's parliament has approved a law banning all exploration and production of oil and natural gas by 2040 within the country and its overseas territories. Under that law that passed a final vote on Tuesday, existing drilling permits will not be renewed and no new exploration licenses will be granted. The French government claims the ban is a world first. However, it is largely symbolic since oil and gas produced in France accounts for just 1 percent of domestic consumption. The rest is imported. French President Emmanuel Macron responded to the approval of the law on Twitter, saying in part: "Very proud that France has become the first country in the world today to ban any new oil exploration licenses with immediate effect and all oil extraction by 2040."

Read more of this story at Slashdot.

Ask Slashdot: Are There Any Alternatives To Android Or iOS?

Slashdot - Your Rights Online - Śr, 2017-12-20 03:25
An anonymous Slashdot reader is asking whether or not there are any alternatives to Android or iOS smartphones: Like most of us, I've owned a few smartphones over time, ranging from a Nokia E71 to a Samsung Android phone and now, an Apple iPhone. It is close to phone upgrade time, and I've been reviewing the features that I use on my phone. When I think honestly about it, the only features I really need are: 1. Phone calls (loads of conference calls, for which I use a wired headset with a microphone) 2. SMS Messaging (unlimited on my plan) 3. Navigation (very important, and is probably the most-used app on my phone) 4. Occasional internet browsing All of this could be done by the Nokia E71, when Nokia Maps was a thing. If I want to move away from Apple, Google and the like, do I have any options now? Are there any trustable (and by trustable, I mean avoiding unknown Chinese manufacturers) phones in the market today that could do all four and (ideally) have better battery life than one day?

Read more of this story at Slashdot.

Cloud-Based Repository Leak Exposes 123 Million American Households

Slashdot - Your Rights Online - Śr, 2017-12-20 02:45
"An Amazon Web Services (AWS) S3 cloud storage bucket containing information from data analytics firm Alteryx has been found publicly exposed, comprising the personal information of 123 million U.S. households," reports ZDNet. "The S3 bucked, located at the subdomain 'alteryxdownload,' was found by California cybersecurity firm UpGuard, with its Cyber Risk Team discovering the leak on October 6, 2017." From the report: The 36 GB data file titled "ConsumerView_10_2013" contained over 123 million rows, each one signifying a different American household. A similar file was seen by UpGuard when the personal details of 198 million American voters, compiled in a dataset by a data firm used by the Republican National Committee, were exposed. To highlight the breadth of the issue, UpGuard said the exposed data reveals over 3.5 billion fields of personally identifying details and data points about virtually every American household, including racial and ethnic information. The spreadsheet uses anonymized identifiers, but the information in the other few billion fields are very detailed, UpGuard said. Home addresses, contact information, mortgage status, financial histories, and very specific analysis of purchasing behavior -- such as domestic travel habits, if someone is a cat enthusiast, and their sporting interests -- is up for grabs in the exposed data. As for how this happened, ZDNet says, "the bucket was configured via permission settings to allow any AWS 'Authenticated Users' to download its stored data. Authenticated users are any user that has an AWS account."

Read more of this story at Slashdot.

The White House Is Temporarily Shutting Down Its Petition Website

Slashdot - Your Rights Online - Śr, 2017-12-20 02:03
An anonymous reader quotes a report from Gizmodo: We The People, the petition section of the White House's website, is shutting down for a promised January relaunch. First launched in 2011 under then-President Obama, We The People pledged to provide a White House response to any petition which garnered 100,000 or more signatures within 30 days. The 200+ petitions that have received an official response have largely been unremarkable, leading to revelations like the White House's official beer recipe or condemnations (in word only) of groups like the Westboro Baptist Church. In short, the site has functioned as a PR tool for fostering good will -- one that the Trump administration has reportedly considered killing since April and now appears to be sluggishly getting around to putting in the ground. "To improve this site's performance, the platform is currently down for maintenance and will return in late January," the site now reads. "All existing petitions and associated signatures have been preserved and will be available when the site is relaunched. Following the site's relaunch, petitions that have reached the required number of signatures will begin receiving responses." Further reading: The New York Times

Read more of this story at Slashdot.

Your Phone May Send You 'Blue Alerts' To Warn You When Local Police Are In Danger

Slashdot - Your Rights Online - Śr, 2017-12-20 01:20
The FCC recently announced a new alert program called "Blue Alert" that will notify the public of threats to law enforcement in real time. "With the creation of a dedicated Blue Alert event code in the Emergency Alert System, state and local law enforcement will have the capability to push immediate warnings out to the public via broadcast, cable, and satellite providers, as well as to consumer smartphones through the Wireless Emergency Alert system," reports Android Police. From the report: Much like both the SILVER and AMBER alert programs, and utilizing the same notification system, Blue Alerts aim to warn the general public of threats to public safety and/or imminent danger. However, the police force focused alert system provides timely information to the public when police officers may be in danger. Chairman of the FCC and recent deregulator of the internet, Ajit Pai detailed the new FCC order saying, "Similar to the Amber Alerts that many are familiar with, Blue Alerts will enable authorities to warn the public when there is actionable information related to a law enforcement officer who is missing, seriously injured or killed in the line of duty, or when there is an imminent credible threat to an officer." The December 14 order from the FCC activates the Blue Alerts service for one calendar year to deliver the notifications over the Emergency Alert System, and for 18 months over the Wireless Emergency Alert system.

Read more of this story at Slashdot.

'Loapi' Cryptocurrency Mining Malware Is Causing Phone Batteries To Bulge

Slashdot - Your Rights Online - Śr, 2017-12-20 00:00
An anonymous reader quotes a report from Newsweek: Security researchers have discovered a new form of powerful malware that secretly mines cryptocurrency on a person's smartphone, which can physically damage the device if it is not detected. Researchers from the Russia-based cybersecurity firm Kaspersky investigated the malware, dubbed Loapi, which they found hiding in applications in the Android mobile operating system. The malware works by hijacking a smartphone's processor and using the computing power to mine cryptocurrency -- the process of confirming cryptocurrency transactions by completing complex algorithms that generate new units of the currency. Loapi physically broke a test phone used to study the malware, after two days of the device being infected with it. "Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover," the Kaspersky blog states.

Read more of this story at Slashdot.

Chinese Backdoor Still Active on Many Android Devices

Slashdot - Your Rights Online - Wt, 2017-12-19 23:20
Catalin Cimpanu, writing for BleepingComputer: Many Android users may still have a backdoor on their device, according to new revelations made today by the Malwarebytes' mobile security research team. Their discovery is related to the Adups case from last year. Back in mid-November 2016, US cyber-security firm Kryptowire revealed it discovered that firmware code created by a Chinese company called Adups was collecting vasts amount of user information and sending it to servers located in China. According to Kryptowire, the backdoor code was collecting SMS messages, call history, address books, app lists, phone hardware identifiers, but it was also capable of installing new apps or updating existing ones. The backdoor was hidden inside a built-in and unremovable app named com.adups.fota, the component responsible for the phone's firmware-over-the-air update (FOTA) system.

Read more of this story at Slashdot.

Facebook Will Use Facial Recognition To Tell You When People Upload Your Picture

Slashdot - Your Rights Online - Wt, 2017-12-19 20:00
If someone uploads a photo of your face to Facebook, the company usually knows that it's you thanks to facial recognition technology. Now Facebook won't just know it's you -- it'll tell you about the photo, too. From a report: Facebook is expanding its use of facial recognition technology and will now alert people that a friend, or a friend of a friend, uploaded a photo of them, even if they haven't been tagged in the picture. If anyone uploads a profile picture that includes your face, Facebook will alert you of that, too. "We're doing this to prevent people from impersonating others on Facebook," the company wrote on its blog Tuesday.

Read more of this story at Slashdot.

New York City Moves To Create Accountability For Algorithms

Slashdot - Your Rights Online - Wt, 2017-12-19 19:20
The algorithms that play increasingly central roles in our lives often emanate from Silicon Valley, but the effort to hold them accountable may have another epicenter: New York City. From a report: Last week, the New York City Council unanimously passed a bill to tackle algorithmic discrimination -- the first measure of its kind in the country. The algorithmic accountability bill, waiting to be signed into law by Mayor Bill de Blasio, establishes a task force that will study how city agencies use algorithms to make decisions that affect New Yorkers' lives, and whether any of the systems appear to discriminate against people based on age, race, religion, gender, sexual orientation or citizenship status. The task force's report will also explore how to make these decision-making processes understandable to the public. The bill's sponsor, Council Member James Vacca, said he was inspired by ProPublica's investigation into racially biased algorithms used to assess the criminal risk of defendants. "My ambition here is transparency, as well as accountability," Vacca said.

Read more of this story at Slashdot.

Internal FCC Report Shows Republican Net Neutrality Narrative Is False

Slashdot - Your Rights Online - Wt, 2017-12-19 15:00
An anonymous reader quotes a report from Motherboard: A core Republican talking point during the net neutrality battle was that, in 2015, President Obama led a government takeover of the internet, and Obama illegally bullied the independent Federal Communications Commission into adopting the rules. In this version of the story, Ajit Pai's rollback of those rules Thursday is a return to the good old days, before the FCC was forced to adopt rules it never wanted in the first place. But internal FCC documents obtained by Motherboard using a Freedom of Information Act request show that the independent, nonpartisan FCC Office of Inspector General -- acting on orders from Congressional Republicans -- investigated the claim that Obama interfered with the FCC's net neutrality process and found it was nonsense. This Republican narrative of net neutrality as an Obama-led takeover of the internet, then, was wholly refuted by an independent investigation and its findings were not made public prior to Thursday's vote. Using a Freedom of Information Act request, Motherboard obtained a summary of the Inspector General's report, which has not been released publicly and is marked "Official Use Only, Law Enforcement Sensitive Information." After reviewing more than 600,000 emails, the independent office found that there was no collusion between the White House and the FCC: "We found no evidence of secret deals, promises, or threats from anyone outside the Commission, nor any evidence of any other improper use of power to influence the FCC decision-making process." [...] Since 2014, Republicans have pointed to net neutrality as an idea primarily promoted by President Obama, and have made it another in a long line of regulations and laws that they have sought to repeal now that Donald Trump is president. Prior to this false narrative, though, net neutrality was a bipartisan issue; the first net neutrality rules were put in place under President George W. Bush, and many Republicans worked on the 2015 rules that were just dismantled. What happened, then, is that Republicans sold the public a narrative that wasn't true, then used that narrative to repeal the regulations that protect the internet.

Read more of this story at Slashdot.

Venezuela Will Force Bitcoin Miners To Register With the Government

Slashdot - Your Rights Online - Wt, 2017-12-19 12:00
schwit1 shares a report from The Merkle: No one will be surprised to hear the Venezuelan government isn't too keen on Bitcoin and other cryptocurrencies. Since Bitcoin and other cryptocurrencies can't be regulated or controlled by the government in any official capacity, they could damage the country's brittle economy even further. As a result, the government has imposed new rules for anyone mining cryptocurrency. To be more specific, all miners will now be taxed and required to register with the government. Being taxed is not entirely illogical, but the registration requirement is pretty worrisome, to say the least. The government shouldn't need to know who is doing what in regards to crypto trading and mining. Nevertheless, authorities want to know who is mining, where they are located, and what type of equipment they use. "That'll put food back on the shelves," adds schwit1.

Read more of this story at Slashdot.

WhatsApp Ordered To Stop Sharing User Data With Facebook

Slashdot - Your Rights Online - Wt, 2017-12-19 02:45
France's privacy watchdog CNIL has ordered WhatsApp to stop sharing user data with its parent company Facebook. According to a public notice posted on the French website, WhatsApp has a month to comply with the order. The Verge reports: The query began after WhatsApp added to its terms of service last year that it shares data with Facebook to develop targeted advertising, security measures, and to gather business intelligence. Upon investigating these claims, the CNIL ruled that while WhatsApp's intention of improving security measures was valid, the app's business intelligence reason wasn't as acceptable. After all, WhatsApp never told its users it was collecting data for business intelligence and there's no way to opt out without uninstalling the app. That violates "the fundamental freedoms of users," said the CNIL.

Read more of this story at Slashdot.