aggregator

Apple's Battle With Epic Over Fortnite Could Reach Jury Trial Next July

Slashdot - Your Rights Online - Pn, 2020-09-28 22:17
Apple and Epic met in a virtual court hearing on Monday to debate whether Fortnite should be allowed to remain in Apple's App Store while the two fight an even bigger battle over whether Apple is violating federal antitrust law. From a report: California Judge Yvonne Gonzalez Rogers said didn't issue any update to her previous ruling, which upheld Apple's ban on Fortnite while the antitrust case is ongoing. Instead she said the companies should expect to hear from her in writing. Rogers said that it's likely that the case, which she added was "the frontier of antitrust law," will be heard in July 2021. She recommended a trial by jury in order that the final judgement reached would be more likely stand up to appeal, although said it's up to Apple or Epic to request this. [...] In court on Monday, Rogers seemed less than impressed with the arguments put forward by Epic's legal team. She said that in the gaming industry, of which Epic is a part, it was standard practice for platforms to take 30% commission, as Apple does. She challenged Epic over its decision to circumvent Apple's policy in spite of its explicit contractual relations with the company, saying the company had "lied about it by omission." "You were not forthright," she said. "You were told you couldn't do it, and you did. There's an old saying, a rose by any other name is still a rose [...] There are plenty of people in the public could consider you guys heroes for what you did, but it's still not honest."

Read more of this story at Slashdot.

Report: U.S. Anti-Trust Regulators Will Accuse Google of Crushing Competition to Maintain Monopoly

Slashdot - Your Rights Online - Pn, 2020-09-28 01:41
The U.S. government has readied an antitrust lawsuit against Google's search engine, accusing the company of "crushing competition to protect and extend monopoly," according to news reports: The move comes after a 14-month long investigation, where the U.S. Department of Justice probed whether Google distorts search results to favour its own products and shuts off access to competitors, sources told Bloomberg. This is significant as Google enjoys a major 90 percent control of the U.S. online search segment and generates an enviable $100 billion revenue. Rivals have long complained of abuse of power to "snuff out the competition".... Sources told Bloomberg action is expected within the next week or two, after the State attorneys general and Justice Department lawyers complete final preparations for the case this week in Washington. Officials met with Google reps the previous week to discuss accusations of search bias against competitors and providing of Google and other partners as default to users... "It's impossible for small search engine competitors to compete with Google's deep pockets and outbid it for valuable placements like Apple's browser," Gabriel Weinberg, CEO of DuckDuckGo, said in his complaint to the Department of Justice. In a recent statement, a spokesperson for DuckDuckGo said the company is pleased that the DoJ "is going to finally address the elephant in the room: Google's obvious, overwhelming, and anti-competitive dominance in search," adding that "a world without search defaults" would benefit consumers. Google's search engine "decides the fates of thousands of businesses online," notes Bloomberg, "and has funded Google's expansion into email, online video, smartphone software, maps, cloud computing, autonomous vehicles and other forms of digital ads."

Read more of this story at Slashdot.

Amazon's Data-Request Portal for Police is Visible on the Web

Slashdot - Your Rights Online - N, 2020-09-27 22:34
"Anyone can access portions of a web portal used by law enforcement to request customer data from Amazon," reports TechCrunch, "even though the portal is supposed to require a verified email address and password..." Only time sensitive emergency requests can be submitted without an account, but this requires the user to "declare and acknowledge" that they are an authorized law enforcement officer before they can submit a request. The portal does not display customer data or allow access to existing law enforcement requests. But parts of the website still load without needing to log in, including its dashboard and the "standard" request form used by law enforcement to request customer data... Assuming this was a bug, we sent Amazon several emails prior to publication but did not hear back... Motherboard reported a similar issue earlier this month that allowed anyone with an email address to access law enforcement portals set up by Facebook and WhatsApp.

Read more of this story at Slashdot.

Singapore Becomes First Country To Use Facial Verification For a National ID Service

Slashdot - Your Rights Online - N, 2020-09-27 20:34
"Singapore will be the first country in the world to use facial verification in its national identity scheme," reports the BBC: The biometric check will give Singaporeans secure access to both private and government services. The government's technology agency says it will be "fundamental" to the country's digital economy. It has been trialled with a bank and is now being rolled out nationwide. It not only identifies a person but ensures they are genuinely present. "You have to make sure that the person is genuinely present when they authenticate, that you're not looking at a photograph or a video or a replayed recording or a deepfake," said Andrew Bud, founder and chief executive of iProov, the UK company that is providing the technology... "Face recognition has all sorts of social implications. Face verification is extremely benign," said Mr Bud. Privacy advocates, however, contend that consent is a low threshold when dealing with sensitive biometric data. "Consent does not work when there is an imbalance of power between controllers and data subjects, such as the one observed in citizen-state relationships," said Ioannis Kouvakas, legal officer with London-based Privacy International.... GovTech Singapore thinks the technology will be good for businesses, because they can use it without having to build the infrastructure themselves. Additionally, Kwok Quek Sin, senior director of national digital identity at GovTech Singapore, said it is better for privacy because companies won't need to collect any biometric data. In fact, they would only see a score indicating how close the scan is to the image the government has on file. In 1993 William Gibson called Singapore "Disneyland with the death penalty... a relentlessly G-rated experience, micromanaged by a state that has the look and feel of a very large corporation. If IBM had ever bothered to actually possess a physical country, that country might have had a lot in common with Singapore."

Read more of this story at Slashdot.

America's IRS Wants Cryptocurrency Exchanges Declared on Tax Forms

Slashdot - Your Rights Online - N, 2020-09-27 19:34
America's dreaded tax-collecting agency is sending "a strong warning to millions of crypto holders who aren't complying with the law that they must file required forms," reports the Wall Street Journal. The front page of this year's tax forms — just below "Name" and "Address" — will ask filers to declare whether they've received or exchanged any virtual currencies. The Journal calls it "setting a trap for cryptocurrency tax cheats." "This placement is unprecedented and will make it easier for the IRS to win cases against taxpayers who check 'No' when they should check 'Yes, '" says Ed Zollars, a CPA with Kaplan Financial Education who updates tax professionals on legal developments... The change to the crypto question and other recent actions show the IRS is taking cryptocurrencies seriously as a threat to the tax system, whether the noncompliance is by enthusiasts who owe little or by sophisticated international criminals. In two recent nontax criminal cases — one involving theft by North Korea and the other involving the sale of child pornography by a Dutch national — the IRS has provided key assistance because of its growing expertise in cryptocurrencies.... For their part, many crypto users are angry with the IRS's guidance, which treats bitcoin, ether and their kin as property rather than currency. So if a crypto holder uses it to buy something or exchanges one cryptocurrency for another, there's usually a capital gain or loss to report on the tax return. "Buying a sandwich with cryptocurrency shouldn't be a taxable event," says Sean Cover, a New York City cryptocurrency holder who works in finance for a nonprofit group. He says that in 2017 he had more than 500 transactions on several platforms, and it took him 10 hours to prepare his crypto tax forms even though he paid for special software. Like some members of Congress, Mr. Cover supports a $200 threshold before crypto transactions would need to be reported. The IRS says it's up to Congress to change the law.... Meanwhile, the IRS is forging ahead with other crypto compliance measures. Earlier this month, it offered rewards up to $625,000 to code-breakers who can crack so-called privacy coins like Monero that attract illicit activity because they claim to be untraceable... The IRS is also sending a new round of letters to crypto holders who may not have complied with the tax rules, expanding on last year's mailing of about 10,000 letters. Tax specialists say the recipients are often customers of Coinbase, which was ordered by a federal court to turn over information on some accounts to the IRS.

Read more of this story at Slashdot.

Thailand Launches Its First Legal Action Against Facebook and Twitter

Slashdot - Your Rights Online - N, 2020-09-27 17:34
Reuters reports: Thailand launched legal action on Thursday against tech giants Facebook and Twitter for ignoring requests to take down content, in its first such move against major internet firms... "Unless the companies send their representatives to negotiate, police can bring criminal cases against them," the Ministry of Digital Economy and Society, Puttipong Punnakanta, told reporters. "But if they do, and acknowledge the wrongdoing, we can settle on fines...." The complaints were against the U.S. parent companies and not their Thai subsidiaries, Puttipong said. Cybercrime police at a news conference said they would need to look at existing laws to determine whether they had jurisdiction to take up cases against firms based outside of Thailand. Emilie Pradichit, executive director of Manushya Foundation, a digital freedom advocate, said the complaints were "a tactic to scare these companies...." Thailand has a tough lese majeste law prohibiting insulting the monarchy and a Computer Crime Act that outlaws information that is false or affects national security has also been used to prosecute criticism of the royal family.

Read more of this story at Slashdot.

Silicon Valley Tech Workers Angered By Proposal to Make Some Mandatory Telecommuting Permanent

Slashdot - Your Rights Online - N, 2020-09-27 12:34
"The Metropolitan Transportation Commission, a regional government agency in the San Francisco Bay Area, voted Wednesday to move forward with a proposal to require people at large, office-based companies to work from home three days a week as a way to slash greenhouse gas emissions from car commutes," reports NBC News: It's a radical suggestion that likely would have been a non-starter before Covid-19 shuttered many offices in March, but now that corporate employees have gotten a taste of not commuting, transportation planners think the idea has wider appeal. "There is an opportunity to do things that could not have been done in the past," said Oakland Mayor Libby Schaaf, a member of the transportation commission who supports the proposal. She said she felt "very strongly" that a telecommuting mandate ought to be a part of the region's future... Some of the nation's largest companies are headquartered in the Bay Area, including not only tech giants Apple, Facebook, Google, Intel and Netflix, but Chevron, Levi Strauss and Wells Fargo... The idea of a mandate was a surprise to residents, many of whom first learned of the idea this week from social media and then flooded an online meeting of the transportation agency Wednesday to try, unsuccessfully, to talk commissioners out of the idea. "We do not want to continue this as a lifestyle," Steven Buss, a Google software engineer who lives in San Francisco, told the commission. "We are all sacrificing now to reduce the spread of the virus, but no one is enjoying working from home," he said. "It's probably fine if you own a big house out in the suburbs and you're nearing retirement, but for young workers like me who live in crowded conditions, working from home is terrible." Many callers pointed out that the situation exacerbates inequality because only some types of work can be done from home. Others worried about the ripple effects on lunch spots, transit agencies and other businesses and organizations that rely on revenue from office workers. Still other residents said that if car emissions are the problem, the commission should focus on cars, not all commutes... Dustin Moskovitz, a cofounder of Facebook who usually keeps a low public profile, mocked the idea as an indictment of the Bay Area's general failure to plan for growth. "We tried nothing, and we're all out of ideas," Moskovitz, now CEO of software company Asana, tweeted Tuesday. The mandate would apply to "large, office-based employers" and require them to have at least 60 percent of their employees telecommute on any given workday. They could meet the requirement through flexible schedules, compressed work weeks or other alternatives.

Read more of this story at Slashdot.

Imprisoned 'Anonymous' Hacktivist Martin Gottesfeld Files His First Appeal

Slashdot - Your Rights Online - So, 2020-09-26 18:34
In early 2019, Martin Gottesfeld of Anonymous was sentenced under America's "Computer Fraud and Abuse Act" to 10 years in federal prison for his alleged role in the 2014 DDoS attacks on healthcare and treatment facilities around Boston. (Gottesfeld was sentenced by the same judge who oversaw the Aaron Swartz case.) Gottesfeld has just filed his first appeal, and Slashdot reader Danngggg shares this new interview with Gottesfeld's attorney Brandon Sample. The upshot? Brandon Sample: If the court agrees with our arguments, for example, on the Speedy Trial Act, then that would result in dismissal of the indictment against him. And so, he would have no conviction at that point. There's a variety of different outcomes that could potentially flow from the arguments that have been raised in the appeal. If he wins, say for example, the argument that his lawyer should have been allowed off the case, well, then that would undo the conviction as well, and he would be entitled to another trial. If the indictment is dismissed, then the government is going to have to make a decision about whether or not this is really a case that they want to prosecute all over again... Daily Wire: Do you see this being successful, a strong case? Brandon Sample: The appeal? I think we have a really good chance. I do.

Read more of this story at Slashdot.

The Best Chrome Extensions To Prevent Creepy Web Tracking

Slashdot - Your Rights Online - So, 2020-09-26 02:02
Wired has highlighted several browser extensions that "are a simple first step in improving your online privacy." Other steps to take include adding a privacy-first browser and VPN to further mask your web activity. An anonymous reader shares the report: Privacy Badger is one of the best options for blocking online tracking in your current browser. For a start, it's created by the Electronic Frontier Foundation, a US-based non-profit digital rights group that's been fighting online privacy battles since 1990. It's also free. Privacy Badger tracks all the elements of web pages you visit -- including plugins and ads placed by external companies. If it sees these appearing across multiple sites you visit then the extension tells your browser not to load any more of that content. DuckDuckGo is best-known for its anonymous search engine that doesn't collect people's data. DuckDuckGo also makes an extension for Chrome. The Privacy Essentials extension blocks hidden third-party trackers, showing you which advertising networks are following you around the web over time. The tool also highlights how websites collect data through a partnership with Terms of Service Didn't Read and includes scores for sites' privacy policies. It also adds its non-tracking search to Chrome. The Ghostery browser extension blocks trackers and shows lists of which ones are blocked for each site (including those that are slow to load), allows trusted and restricted sites to be set up and also lets people you block ads. The main Ghostery extension is free but there's also a paid for $49 per month subscription that provides detailed breakdowns of all trackers and can be used for analysis or research. There are Ghostery extensions for Chrome, Firefox, Microsoft Edge and Opera. Unlike other tools here, Adblock Plus is primarily marketed as an ad blocking tool -- the others don't necessarily block ads by default but aim to be privacy tools that may limit the most intrusive types of ads. Using an ad blocker comes with a different set of ethical considerations to tools that are designed to stop overly intrusive web tracking; ad blockers will block a much wider set of items on a webpage and this can include ads that don't follow people around the web. Adblock Plus is signed up to the Acceptable Ads project that shows non-intrusive ads by default (although this can be turned off). On a privacy front Adblock Plus's free extensions block third party trackers and allow for social media sharing buttons that send information back to their owners to be disabled.

Read more of this story at Slashdot.

Illinois Facebook Users Can Claim Up To $400 In Class-Action Suit

Slashdot - Your Rights Online - Pt, 2020-09-25 02:02
Facebook has settled a class action lawsuit that claimed the company collected and stored facial templates for its users between June 7, 2011, and Aug. 19, 2020, when the settlement was approved. "Individuals could be eligible for cash payouts of $200 to $400," reports Patch. From the report: In 2015, lawsuits were filed against Facebook over its use of "face tagging" feature. Plaintiffs claimed that Facebook was collecting biometric information ("face prints") without getting proper consent required by the Illinois Biometric Information Privacy Act. Facebook disputed the allegations. Earlier this year, U.S. District Judge James Donato gave preliminary approval to a $650 million settlement, out of which class members can claim money. Facebook has also agreed to change its practices. It's not known how much individual class members will receive, but Edelson PC predicts an individual will get $200 to $400. A household with four eligible people could receive as much as $800 to $1,600. To participate in the settlement, a person need only have been a Facebook user located in Illinois for whom Facebook created and stored biometric information after June 7, 2011. Eligible participants must submit a claim form by Nov. 23, 2020. It takes under two minutes to fill out a claim form online or send it in. More information is forthcoming.

Read more of this story at Slashdot.

Amazon Alexa Can Now Immediately Delete Your Voice Recordings

Slashdot - Your Rights Online - Pt, 2020-09-25 01:21
Amazon appears to be making good on its effort to keep tightening privacy for its Alexa-powered devices, even after the hot-button issue has cooled down this year. From a report: The most notable change is a new option to automatically delete your voice recordings immediately after they are processed by Alexa. A written transcript of these recordings will still be available for 30 days but can be deleted anytime you want. This feature, which is available starting Thursday, builds on Amazon's other auto-delete functions, which let a customer delete Alexa voice recordings on a rolling three-month or 18-month basis. Both those options were announced at Amazon's launch event last year.

Read more of this story at Slashdot.

Universal Basic Income Gains Support In South Korea After COVID-19

Slashdot - Your Rights Online - Pt, 2020-09-25 00:41
An anonymous reader quotes a report from Nikkei Asian Review: The debate on universal basic income has gained momentum in South Korea, as the coronavirus outbreak and the country's growing income divide force a rethink on social safety nets. The concept was thrust into the spotlight in the country when Gyeonggi Province Gov. Lee Jae-myung proposed a basic income of 500,000 won ($430) a year per person this year. He aims to gradually expand the figure until it reaches 500,000 won a month -- roughly the equivalent of South Korea's social welfare payments. An annual $430 payout means the program will cost $21.3 billion a year, which likely can be funded through budgetary adjustments. But a monthly $430 will cost $256 billion, which is over half the national budget. "We cannot get to 500,000 won a month right now," Lee said. "But we can get there in 15 to 20 years by bolstering taxes on land, which is a public asset, carbon dioxide emissions from burning fossil fuels, and digital services developed using data we have produced." Basic income "will be a major topic in South Korea's next presidential election," Lee said. Lee is advocating distributing basic income in the form of a regional currency -- an experiment Gyeonggi Province already tested with coronavirus-linked assistance. Each resident received 100,000 won, about $85, in a regional currency, which needed to be spent in three months, allowing the entire sum used for the program to be recirculated back into the local economy. "Fourteen progressive lawmakers submitted a bill last week that would create a new committee to discuss how basic income can be funded, with plans to start distributing 300,000 won a month in 2022 and at least 500,000 won a month in 2029," the report adds. "The lawmakers envision diverting some regional taxes to a special budget to fund basic income. Shortfalls could be addressed by streamlining redundant social benefits and reviewing tax relief programs."

Read more of this story at Slashdot.

Former Cambridge Analytica Chief Receives Seven-Year Directorship Ban

Slashdot - Your Rights Online - Pt, 2020-09-25 00:02
Alexander Nix, the former boss of Cambridge Analytica, has been banned from serving as a company director for seven years over "potentially unethical" behavior linked to his position at the center of a global scandal. The Guardian reports: The Insolvency Service said Nix had allowed companies to offer potentially unethical services, including "bribery or honey-trap stings, voter disengagement campaigns, obtaining information to discredit political opponents and spreading information anonymously in political campaigns." Nix did not dispute that he caused or permitted Cambridge Analytica's parent company SCL Elections to offer such services, behavior "demonstrating a lack of commercial probity," according to the Insolvency Service. The Old Etonian and former financial analyst will be disqualified from holding directorships, or from promoting, forming or managing a company, starting from October 5, the Insolvency Service said. "Following an extensive investigation, our conclusions were clear that SCL Elections had repeatedly offered shady political services to potential clients over a number of years," said the Insolvency Service chief investigator, Mark Bruce. "Company directors should act with commercial probity and this means acting honestly and correctly. Alexander Nix's actions did not meet the appropriate standard for a company director and his disqualification from managing limited companies for a significant amount of time is justified in the public interest."

Read more of this story at Slashdot.

DHS Admits Facial Recognition Photos Were Hacked, Released On Dark Web

Slashdot - Your Rights Online - Cz, 2020-09-24 22:45
An anonymous reader quotes a report from Motherboard: The Department of Homeland Security (DHS) finally acknowledged Wednesday that photos that were part of a facial recognition pilot program were hacked from a Customs and Border Control subcontractor and were leaked on the dark web last year. Among the data, which was collected by a company called Perceptics, was a trove of traveler's faces, license plates, and care information. The information made its way to the Dark Web, despite DHS claiming it hadn't. In a newly released report about the incident, the DHS Office of Inspector General admitted that 184,000 images were stolen and at least 19 of them were posted to the Dark Web. "CBP did not adequately safeguard sensitive data on an unencrypted device used during its facial recognition technology pilot," the report found. "This incident may damage the public's trust in the Government's ability to safeguard biometric data and may result in travelers' reluctance to permit DHS to capture and use their biometrics at U.S. ports of entry." According to the new report, DHS's biometric database "contains the biometric data repository of more than 250 million people and can process more than 300,000 biometric transactions per day. It is the largest biometric repository in the Federal Government, and DHS shares this repository with the Department of Justice and the Department of Defense." "A subcontractor working on this effort, Perceptics, LLC, transferred copies of CBP's biometric data, such as traveler images, to its own company network," the report found. "The DHS OIG made several recommendations in its report that all boil down to 'tighten up security and make sure this doesn't happen again,'" the report adds.

Read more of this story at Slashdot.

Senators Introduce Bipartisan 'Unplug Internet Kill Switch Act of 2020,' Preventing a President From Denying Access To the Internet

Slashdot - Your Rights Online - Śr, 2020-09-23 23:23
Yesterday, U.S. Senators Rand Paul (R-KY), Ron Wyden (D-OR), and Gary Peters (D-MI) introduced the bipartisan ''Unplug the Internet Kill Switch Act of 2020'' (S. 4646), which would help protect Americans' First and Fourth Amendment rights by preventing a president from using emergency powers to unilaterally take control over or deny access to the internet and other telecommunications capabilities. Slashdot reader SonicSpike shares an excerpt from the announcement: In a World War II-era amendment to Section 706 of the Communications Act of 1934, Congress gave the Executive sweeping authority to put under direct government control or even shut down "any facility or station for wire communication" should a president "[deem] it necessary in the interest of the national security and defense" following a proclamation "that there exists a state or threat of war involving the United States." Cause for alarm over such power has only increased across the decades with the technological revolution, which has included email, text messages, and the internet, as well as the expansion of television, radio, and telephone networks. The Unplug the Internet Kill Switch Act would amend Section 706 to strip out this "Internet Kill Switch" and help shut the door to broader government surveillance or outright control of our communications channels and some of Americans' most sensitive information. The legislation would also reassert a stronger balance of power during a national emergency between the Executive Branch and the people's representatives in Congress. You can read the "Unplug the Internet Kill Switch Act of 2020" here (PDF).

Read more of this story at Slashdot.

Dark Web Drugs Raid Leads To 179 Arrests

Slashdot - Your Rights Online - Śr, 2020-09-23 04:02
Police forces around the world have seized more than $6.5 million in cash and virtual currencies, as well as drugs and guns in a co-ordinated raid on dark web marketplaces. The BBC reports: Some 179 people were arrested across Europe and the U.S., and 500kg (1,102lb) of drugs and 64 guns confiscated. It ends the "golden age" of these underground marketplaces, Europol said. "The hidden internet is no longer hidden", said Edvardas Sileris, head of Europol's cyber-crime centre. The operation, known as DisrupTor, was a joint effort between the Department of Justice and Europol. It is believed that the criminals engaged in tens of thousands of sales of illicit goods and services across the U.S. and Europe. Drugs seized including fentanyl, oxycodone, methamphetamine, heroin, cocaine, ecstasy and MDMA. Of those arrested 119 were based in the U.S., two in Canada, 42 in Germany, eight in the Netherlands, four in the UK, three in Austria and one in Sweden.

Read more of this story at Slashdot.

Russia Wants To Ban the Use of Secure Protocols Such As TLS 1.3, DoH, DoT, ESNI

Slashdot - Your Rights Online - Wt, 2020-09-22 17:30
An anonymous reader writes: The Russian government is working on updating its technology laws so it can ban the use of modern internet protocols that can hinder its surveillance and censorship capabilities. According to a copy of the proposed law amendments and an explanatory note, the ban targets internet protocols and technologies such as TLS 1.3, DoH, DoT, and ESNI. Moscow officials aren't looking to ban HTTPS and encrypted communications as a whole, as these are essential to modern-day financial transactions, communications, military, and critical infrastructure. Instead, the government wants to ban the use of internet protocols that hide "the name (identifier) of a web page" inside HTTPS traffic.

Read more of this story at Slashdot.

Boeing Whistle-Blower Says Proposed 737 Max Fixes Aren't Enough

Slashdot - Your Rights Online - Wt, 2020-09-22 15:00
An anonymous reader quotes a report from Bloomberg: A whistle-blower at Boeing Co. is urging aviation regulators to add additional protections to the grounded 737 Max. Curtis Ewbank, who has previously raised concerns about the plane's design with congressional investigators, said in comments filed with the Federal Aviation Administration that a proposal to mandate fixes to the jet didn't address multiple hazards identified in the two fatal Max accidents and earlier incidents involving the 737. "Clearly more actions are required to revise FAA processes so that it accurately assesses airplane design and regulates in the public interest," Ewbank said in the comments, posted on the Regulations.gov website. The FAA has proposed multiple changes to the plane following the crashes that killed 346 people before allowing it to carry passengers again. The system that was driving the jet's nose down in both accidents would no longer activate repeatedly and various steps were taken to minimize the chances it would malfunction. The agency is also proposing to require multiple other revisions to the plane, such as an improved flight-computer system to improve its redundancy. Ewbank said the FAA and Boeing should do more to prohibit faulty readings from the sensor implicated in both crashes and improve the plane's warning systems. In addition, the agency should do a broader review of how pilots react to emergencies and do a more thorough redesign of the flight-control system, he said.

Read more of this story at Slashdot.

Feds Issue Emergency Order For Agencies To Patch Critical Windows Flaw

Slashdot - Your Rights Online - Wt, 2020-09-22 12:00
The US Department of Homeland Security is giving federal agencies until midnight on Tuesday to patch a critical Windows vulnerability that can make it easy for attackers to become all-powerful administrators with free rein to create accounts, infect an entire network with malware, and carry out similarly disastrous actions. Ars Technica reports: Zerologon, as researchers have dubbed the vulnerability, allows malicious hackers to instantly gain unauthorized control of the Active Directory. An Active Directory stores data relating to users and computers that are authorized to use email, file sharing, and other sensitive services inside large organizations. Zerologon is tracked as CVE-2020-1472. Microsoft published a patch last Tuesday. The flaw, which is present in all supported Windows server versions, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Further raising that stakes was the release by multiple researchers of proof-of-concept exploit code that could provide a roadmap for malicious hackers to create working attacks. Officials with the Cybersecurity and Infrastructure Security Agency, which belongs to the DHS, issued an emergency directive on Friday that warned of the potentially severe consequences for organizations that don't patch. [The agency's statement can be found in the article.] CISA, which has authorization to issue emergency directives intended to mitigate known or suspected security threats, is giving organizations until 11:59pm EDT on Monday to either install a Microsoft patch or disconnect the vulnerable domain controller from the organization network. No later than 11:59pm EDT on Wednesday, agencies are to submit a completion report attesting the update has been applied to all affected servers or provide assurance that newly provisioned or previously disconnected servers will be patched.

Read more of this story at Slashdot.

Proposal Would Give EU Power To Boot Tech Giants Out of European Market

Slashdot - Your Rights Online - Wt, 2020-09-22 05:30
An anonymous reader quotes a report from Ars Technica: The EU wants to arm itself with new powers to take on big technology companies, including the ability to force them to break up or sell some of their European operations if their market dominance is deemed to threaten the interests of customers and smaller rivals. EU Commissioner Thierry Breton told the Financial Times that the proposed remedies, which he said would only be used in extreme circumstances, also include the ability to exclude large tech groups from the single market altogether. In addition, Brussels is considering a rating system that would allow the public and stakeholders to assess companies' behavior in areas such as tax compliance and the speed with which they take down illegal content. "There is a feeling from end users of these platforms that they are too big to care," said Mr. Breton, who is leading the overhaul of digital rules in the bloc. "[Under] certain conditions we may also have the power to impose structural separation." The new EU legislation would increase Brussels' powers to scrutinize the way technology companies gather information on users, following concerns raised by independent researchers that the voluntary disclosures groups make are often misleading or partial. Mr. Breton confirmed that the EU would not remove the limited liability that companies have for the content published on their platforms. "The safe harbor of the liability exemption will stay," he said. "That's something that's accepted by everyone." Mr. Breton said draft legislation will be ready by the end of the year. Proposals are being finalized, and once they are agreed they will go through the European Parliament and the European Council.

Read more of this story at Slashdot.