aggregator

A bipartisan cadre of senators sent a letter to Secretary of State Mike Pompeo on Tuesday calling out the department's poor adoption of multi-factor authentication. From a report: Multi-factor authentication requires users to take an additional protective step when logging into an account -- often a physical key or a biometric scan. Beyond being a good practice for federal agencies, multi-factor authentication is also the law for all high-level government accounts. Sens. Ron Wyden (D-Ore.), Cory Booker (D-N.J.), Rand Paul (R-Kent.), Ed Markey (D-Mass.) and Jeanne Shaheen (D-N.H) pointed to a recent Government Accountability Office (GAO) report that found only 11% of required agency devices had enhanced security.

Read more of this story at Slashdot.

The FCC says it needs more time to review the proposed Sprint-T-Mobile deal, the agency said in a letter to the companies Tuesday. According to CNBC, "The agency has paused an 'informal' 180-day transaction clock 'to allow for thorough staff and third-party review' of recently submitted materials." From the report: Sprint and T-Mobile have gone down a rocky road to a merger, calling off and resuming talks. The companies announced that they would merge last April in a bid to cut costs and combine forces to develop a next-generation network called 5G, which would provide faster speeds, more capacity and lower response times. But the companies could encounter hurdles to gaining regulatory approval for the tie-up. A deal between T-Mobile and Sprint, who are the third largest and fourth largest wireless carriers in the United States by subscribers, previously faced opposition from antitrust regulators under President Barack Obama's administration.

Read more of this story at Slashdot.

A village in Switzerland has decided to go ahead with an experiment on basic income, with a payout of 2,500 francs ($2,570) per month. The next step is to raise money to finance the plan via crowdfunding. From a report: More than 50 percent of the inhabitants of Rheinau, close to the German border, signed up for the project, according to the organizers website. At least half the 1,300 inhabitants needed to say 'yes,' and the count stood at 692 on Monday. The submitted ballots still have to be checked against government data to ensure eligibility. The decision comes two years after a proposal for a nationwide unconditional state stipend failed to pass in a national vote. Rheinau, on the banks of the river Rhine an hour by train from the banking hub of Zurich, was selected by filmmaker Rebecca Panian for the basic income trial. She says she became fascinated by the notion during the national debate before up the 2016 vote, decided to select a village as a guinea pig, and make a documentary.

Read more of this story at Slashdot.

An anonymous reader shares an exclusive report from Reuters: President Donald Trump plans to sign an executive order as soon as Wednesday that will slap sanctions on any foreign companies or people who interfere in U.S. elections, based on intelligence agency findings, two sources familiar with the matter said. Trump's decision to sign an executive order coincides with intelligence agencies, military and law enforcement preparing to defend the Nov. 6 congressional elections from predicted foreign attacks even as Trump derides a special counsel investigation into Russian interference in the 2016 elections. Sanction targets could include individual people or entire companies accused of interfering in U.S. elections by cyber attacks or other means, a U.S. official told Reuters. The order will put a range of agencies in charge of deciding if meddling occurred, led by the Office of the Director of National Intelligence, and including the CIA, the National Security Agency and the Homeland Security Department, the sources said. Based on a recent draft of the order reviewed by the U.S. official, it will require any federal agency aware of election interference by foreigners to take the information to the office of Director of National Intelligence. Election interference will be defined in the order as hacking attempts against "election infrastructure," and efforts to sway public opinion through coordinated digital propaganda or systematic leaks of private political information. UPDATE: The story has been updated with additional information from Reuters.

Read more of this story at Slashdot.

Jason Koebler writes: The California Farm Bureau, a group that lobbies on behalf of farmers, reached a "right to repair" agreement with the Equipment Dealers Association (which represents John Deere and other manufacturers) last week. But the specifics of the agreement were written by the manufacturers, and falls far short of providing the types of change that would be needed to make repairing tractors easier. In fact, the agreement makes the same concessions that the Equipment Dealers Association announced in February it would voluntarily give to all farmers. The agreement will not allow farmers to buy repair parts, break firmware DRM, or otherwise alter software for the purposes of repair.

Read more of this story at Slashdot.

An anonymous reader shares a report: Tencent Holdings will shut a popular Texas Hold'Em poker video game, the Chinese tech giant said to its users on Monday, in a further step to comply with intensifying government scrutiny hitting the country's gaming industry. Tencent said it would formally begin to shutter "Everyday Texas Hold'Em" from Monday and would closer the game's server from Sept 25. Tencent would compensate users in accordance with regulations of Ministry of Culture. The Shenzhen-based company, which draws a huge amount of its profit from gaming, is facing mounting challenges this year from stringent regulation and government censorship. It has had to pull one blockbuster game and seen others censured.

Read more of this story at Slashdot.

NitroXenon, the developer of Terrarium TV, announced Monday evening that the infamous streaming service, available for Android users at no charge, is shutting down this month. TorrentFreak reports: Inspired by the simplicity of Popcorn Time, Terrarium TV eschewed the use of torrents as a supply protocol. Instead, the software pulled in content from file-hosting sites in a similar way to Kodi addons, but with an almost non-existent learning curve. Created by a developer who identified as Hong Kong-based Peter Chan (aka NitroXenon), Terrarium TV enjoyed a meteoric rise to stardom over the past couple of years. With only Showbox and a handful of other applications getting anywhere close to its volume of active users, Terrarium TV became the go-to app for Android users looking for a Netflix-style fix. Now, however, the ride is over. In a notification pushed to Terrarium TV users last night, NitroXenon explained that his days of working on the app are over. "It has always been a great pleasure to work on this project. However, it is time to say goodbye. I am going to shut down Terrarium TV, forever," he wrote. "I know this day will come eventually. I know it would be hard to let go. But it is really time for me to move on to other projects."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: On Monday, California Governor Jerry Brown signed a bill mandating that the state's utilities move to 100-percent zero-emission electricity generation by 2045. Brown also issued an executive order today requiring the state to become carbon neutral by 2045, that is, mandating that the state remove as much greenhouse gas from the atmosphere as it puts into the atmosphere. One of the most interesting aspects of the zero-emissions bill signed today is that it also specifies that California can't increase the carbon emissions of another state to get cheap electricity. It appears that buying electricity from a coal plant in Nevada is fine if that electricity had been supplied prior to the bill's passing, but seeking out new out-of-state natural gas-fired plants to buy from would not be allowed. The bill's ambitiousness is compounded by the executive order that Gov. Brown signed today. The order requires California to become carbon neutral by 2045. "The achievement of carbon neutrality will require both significant reductions in carbon pollution and removal of carbon dioxide from the atmosphere, including sequestration in forests, soils, and other natural landscapes," Brown's executive order states (PDF).

Read more of this story at Slashdot.

schwit1 shares a report from Alabama Local News: NASA's administrator Jim Bridenstine has directed the space agency to look at boosting its brand by selling naming rights to rockets and spacecraft and allowing its astronauts to appear in commercials and on cereal boxes, as if they were celebrity athletes. While officials stress that nothing has been decided, the idea could mark a giant cultural leap for the taxpayer-funded government agency and could run into ethics regulations that prevent government officials from using public office for private gain. "Is it possible for NASA to offset some of its costs by selling the naming rights to its spacecraft, or the naming rights to its rockets," Bridenstine said. "I'm telling you there is interest in that right now. The question is: Is it possible? The answer is: I don't know, but we want somebody to give us advice on whether it is." He also said he wanted astronauts to be not only more accessible to journalists but even to participate in marketing opportunities to boost their brands - and that of the space agency. "I'd like to see kids growing up, instead of maybe wanting to be like a professional sports star, I'd like to see them grow up wanting to be a NASA astronaut, or a NASA scientist," he said. "I'd like to see, maybe one day, NASA astronauts on the cover of a cereal box, embedded into the American culture."

Read more of this story at Slashdot.

TuballoyThunder writes: According to The Intercept, it appears that the LinkNYC free Wi-Fi might be designed to track users. This and other concerns were raised during a 2015 discussion on Slashdot. While many people are comfortable in trading their privacy for ostensibly free services, it is disheartening when municipalities collaborate with business to make it happen. "In May of this year, Charles Meyers, an undergraduate at New York City College of Technology, came across folders in LinkNYC's public library on GitHub, a platform for managing files and software, that appear to raise further questions about location tracking and the platform's protection of its users' data," reports The Intercept. "Meyers made copies of the codebases in question -- 'LinkNYC Mobile Observation' and 'RxLocation' -- and shared both folders with The Intercept." Meyers says the "LinkNYC Mobile Observation" code collects the user's longitude and latitude, browser type, OS, device type, device identifiers, and full URL clickstreams (including data and time) and "aggregates this information into a database," the report says. Meyer's believes the company is interested in tracking the location of Wi-Fi users in real time. "If such code were run on a mobile app or kiosk, he said, the company would be able to make advertisements available in real time based on where and who someone was, and that this would constitute a potential violation of the company's privacy policy," reports The Intercept. Following the revelations, LinkNYC said the code was never intended to be released and was part of a longer-term R&D process. "In this instance, David Mitchell, Intersection's CTO, told the Intercept in an email. "Intersection was prototyping and testing some ideas internally, using employee data only, and mistakenly made source code public on Github. This code is not in use on the LinkNYC network." [Intersection is the "key player" in CityBridge, "a chameleon-like consortium of private companies" that New York City contracted to turn the city's payphone booth network into Wi-Fi-enabled kiosks.]

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: A court ruling that limits state regulation of cable company offerings was praised by Federal Communications Commission Chairman Ajit Pai, who says the ruling supports his contention that the FCC can preempt state-level net neutrality rules. The new court ruling found that Minnesota's state government cannot regulate VoIP phone services offered by Charter and other cable companies because VoIP is an "information service" under federal law. Pai argues that the case is consistent with the FCC's attempt to preempt state-level net neutrality rules, in which the commission reclassified broadband as a Title I information service instead of a Title II telecommunications service. The ruling was issued Friday by the US Court of Appeals for the 8th Circuit, following a lawsuit filed by Charter Communications against the Minnesota Public Utilities Commission (MPUC). A three-judge panel ruled against Minnesota in a 2-1 vote -- the FCC had filed a brief supporting Charter's position in the case. "[F]ederal law for decades has recognized that states may not regulate information services," Pai said in response to the ruling. "The 8th Circuit's decision is important for reaffirming that well-established principle: '[A]ny state regulation of an information service conflicts with the federal policy of non-regulation' and is therefore preempted." Pai said the ruling "is wholly consistent with the approach the FCC has taken under Democratic and Republican Administrations over the last two decades, including in last year's Restoring Internet Freedom order." The commission says the reclassification should preempt any such attempts at regulating broadband at the state level.

Read more of this story at Slashdot.

Researchers have uncovered vulnerabilities in popular virtual private network (VPN) software, ProtonVPN and NordVPN, which can lead to the execution of arbitrary code by attackers. From a report: Last week, Cisco Talos security researchers said the security flaws, CVE-2018-3952 and CVE-2018-4010, permit code execution by attackers on Microsoft Windows machines. The vulnerabilities are similar to a Windows privilege escalation security flaw uncovered by VerSprite, which is tracked as CVE-2018-10169. Security patches were applied in April by both clients to resolve the original security hole, but according to Talos, "despite the fix, it is still possible to execute code as an administrator on the system." The initial vulnerability was caused by similar design issues in both clients. The interface for both NordVPN and ProtonVPN execute binaries with the permission of a logged-in user, and this includes the selection of a VPN configuration option, such as a desired VPN server location. This information is sent to a service when "connect" is clicked by way of an OpenVPN configuration file. However, VerSprite was able to create a crafted OpenVPN file which could be sent to the service, loaded, and executed.

Read more of this story at Slashdot.

In a letter last Tuesday to Rhode Island Sen. Sheldon Whitehouse, Apple said it is working on an online portal for law enforcement officials to submit and track requests for data and obtain responses from the company. Apple also said it's "creating a dedicated team to help train law enforcement officials around the world in digital forensics," reports CNET. From the report: The letter, seen by CNET, addresses recommendations made in a report issued earlier this year by the Center for Strategic and International Studies (CSIS) regarding cybersecurity and the "digital evidence needs" of law enforcement agencies. Apple said in the letter that it's eager to adopt the report's recommendations, including making upgrades to its law enforcement training program. This includes developing an online training module for police that mirrors Apple's current in-person training, according to the letter and to details on the company's website. "This will assist Apple in training a larger number of law enforcement agencies and officers globally, and ensure that our company's information and guidance can be updated to reflect the rapidly changing data landscape," the site says. Apple also reiterated in the letter that it's "committed to protecting the security and privacy of our users" and that company initiatives and "the work we do to assist investigations uphold this fundamental commitment."

Read more of this story at Slashdot.

Richard Sackler, the billionaire businessman behind Purdue Pharma, has patented a new drug to help treat opioid addiction (Warning: source may be paywalled; alternative source). The news of the patented form of buprenorphine, a mild opioid that is used to ease withdrawal symptoms, comes as Colorado's attorney general is suing the OxyContin creator for profiting from opioid addictions. Some now believe that Sackler and his family, who owns Purdue Pharma, will be trying to profit from the antidote. The Washington Post reports: The lawsuit claims Purdue Pharma L.P. and Purdue Pharma Inc. deluded doctors and patients in Colorado about the potential for addiction with prescription opioids and continued to push the drugs. And it comes amid news that the company's former chairman and president, Richard Sackler, has patented a new drug to help wean addicts from opioids. "Purdue's habit-forming medications coupled with their reckless marketing have robbed children of their parents, families of their sons and daughters, and destroyed the lives of our friends, neighbors, and co-workers," Colorado Attorney General Cynthia Coffman said Thursday in a statement. "While no amount of money can bring back loved ones, it can compensate for the enormous costs brought about by Purdue's intentional misconduct." The lawsuit states that Purdue Pharma "downplayed the risk of addiction associated with opioids," "exaggerated the benefits" and "advised health care professionals that they were violating their Hippocratic Oath and failing their patients unless they treated pain symptoms with opioids," according to the statement from the Colorado attorney general's office. But Purdue Pharma "vigorously" denied the accusations Friday in a statement to The Washington Post, saying that although it shares "the state's concern about the opioid crisis," it did not mislead health-care providers about prescription opioids. "The state claims Purdue acted improperly by communicating with prescribers about scientific and medical information that FDA has expressly considered and continues to approve," a spokesman for Purdue Pharma said in the statement. "We believe it is inappropriate for the state to substitute its judgment for the judgment of the regulatory, scientific and medical experts at FDA." The report makes note of the patent's description, which acknowledges the risk of addiction associated with opioids and states that the drug could be used both in drug replacement therapy and pain management.

Read more of this story at Slashdot.

hackingbear writes: President Trump acknowledged in a tweet that "Apple prices may increase because of the massive Tariffs we may be imposing on China," but suggested the issue was not with the tariffs themselves. "There is an easy solution where there would be ZERO tax, and indeed a tax incentive. Make your products in the United States instead of China. Start building new plants now," Trump wrote. The U.S. is threatening to impose 25% tariffs on all $500 billion worth of Chinese imports over issues such as intellectual property theft. While Apple et al are still making their products in China, Trump didn't offer Apple a place to find the millions of laborers needed to make their products, given that the official unemployment rate is at a historic low of 3.9%. Manufacturers also need to compete in the labor market with garbage companies who need to find American laborers willing to recycle their own trash -- a job once imposed upon China as a condition to enter the World Trade Organization and enjoy advantageous tariff rates. China is gracefully giving back those jobs as the U.S. is complaining of unfair trades.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch about the little fallout Equifax has faced for one of the worst data breaches in U.S. history: The credit rating giant, one of the largest in the world, was trusted with some of the most sensitive data used by banks and financiers to determine who can be lent money. But the company failed to patch a web server it knew was vulnerable for months, which let hackers crash the servers and steal data on 147 million consumers. Names, addresses, Social Security numbers and more -- and millions more driver license and credit card numbers were stolen in the breach. Millions of British and Canadian nationals were also affected, sparking a global response to the breach. Yet, a year on from following the devastating hack that left the company reeling from a breach of almost every American adult, the company has faced little to no action or repercussions. "There was a failure of the company, but also of lawmakers," said Mark Warner, a Democratic senator, in a call with TechCrunch. Warner, who serves Virginia, was one of the first lawmakers to file new legislation after the breach. Alongside his Democratic colleague, Sen. Elizabeth Warren, the two senators said their bill, if passed, would hold credit agencies accountable for data breaches. "With Equifax, they knew for months before they reported, so at what point is that violating securities laws by not having that notice?," said Warner. "The message sent to the market is 'if you can endure some media blowback, you can get through this without serious long-term ramifications', and that's totally unacceptable," he said. Earlier this year, the company asked a federal judge to reject claims from dozens of banks and credit unions for costs taken to prevent fraud following the data breach. The claims, if accepted, could force Equifax to shell out tens of millions of dollars -- perhaps more. The hundreds of class action suits filed to date have yet to hit the courts, but historically even the largest class action cases have resulted in single dollar amounts for the individuals affected. And when the credit agent giant isn't fighting the courts, federal regulators have shown little interest in pursuit of legal action. Sen. Elizabeth Warren wrote a letter Thursday to the heads of the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) complaining about their lack of action. "Companies like Equifax do not ask the American people before they collect their most sensitive information," said Warren. "This information can determine their ability to access credit, obtain a job, secure a home loan, purchase a car, and make dozens of other transactions that are critical to their personal financial security. The American people deserve an update on your investigations." "[O]nly the Securities and Exchange Commission has brought charges -- not for the breach itself, but against three former staffers for allegedly insider trading," TechCrunch points out.

Read more of this story at Slashdot.

An anonymous reader quotes the Tampa Bay Times: In April last year, the Florida Department of Corrections struck a deal with JPay. The private company, spearheading a push to sell profit-driven multimedia tablets to incarcerated people across the country, would be allowed to bring the technology to every facility in the nation's third-largest prison system. But there was a catch. Inmates had already been purchasing electronic entertainment for the last seven years -- an MP3 player program run by a different company: Access Corrections. For around $100, Access sold various models of MP3 players that inmates could then use to download songs for $1.70 each, and keep them in their dorms.... More than 30,299 players were sold, and 6.7 million songs were downloaded over the life of the Access contract, according to the Department of Corrections. That's about $11.3 million worth of music. Because of the tablets, inmates will have to return the players, and they can't transfer the music they already purchased onto their new devices... The Department of Corrections, meanwhile, has collected $1.4 million in commissions on each song downloaded and other related sales since July 2011... JPay already operates banking accounts and facilitates phone calls at the state-run prisons, charging inmates and their loved ones steep fees for the services. With the introduction of tablets, JPay will add a wide swath of new spending incentives for its incarcerated customers, offering purchases of music, emailing and other virtual fare. As a compromise, prison officials offered to download the already-purchased music to a CD, and then mail that CD to someone outside the prison. For a $25 fee.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: Apple, the world's most valuable company, said proposed U.S. tariffs on $200 billion worth of products imported from China will raise prices for some of its popular consumer goods such as the Apple Watch and AirPods headphones. The Mac mini desktop computer, Apple Pencil stylus accessory for iPads, various chargers and adapters and tooling equipment used to manufacturer and design some products in the U.S. will also be affected, the Cupertino, California-based company told the Office of U.S. Trade Representative in a letter dated Sept 5. The company said the tariffs would "show up as a tax on U.S. consumers" and "increase the cost of Apple products that our customers have come to rely on in their daily lives." Beyond the core products, Apple said accessories like the HomePod speaker, some Beats speakers, AirPort and Time Capsule internet routers, the Magic Mouse and Magic Trackpad, and leather cases for the iPhone, iPad, MacBook and Apple Pencil would be affected. It said some of the parts it relies on for product development, including processors and research equipment, would also be hit by the tariffs. On Friday, President Trump said he's prepared to impose tariffs on an additional $267 billion in Chinese imports, which would affect almost every category of consumer goods, according to analysts. He cites unfair trade practices as a reason for the tariffs.

Read more of this story at Slashdot.

Vizio is reportedly working on a way to let TV owners know when it spies on their viewing habits. According to The Verge, the company is developing a "notice program with direct notification to the class through Vizio Smart TV displays." The Hollywood Reporter first spotted the news. From the report: The news popped up in a request to extend the time needed to submit a motion for a preliminary settlement in a class action lawsuit against the company. So basically, it's possible that Vizio users will get a pop-up notification that explains what the company is doing and when. The TV company already previously settled with the Federal Trade Commission for $2.2 million in 2017, along with the agreement to get users' consent before collecting data. The company was caught in 2015 tracking users' viewing habits and demographic data, which it combined to then sell to analytics and ad companies, thereby allowing them to better target their messaging.

Read more of this story at Slashdot.

AT&T is offering a new promotion for first responders and their families. Firefighters, paramedics, and police officers can opt for 25 percent off either of the unlimited plans AT&T announced back in June. But in the fine print, as The Verge points out, "AT&T admits it may throttle data speeds 'when the network is congested.'" The promotion comes soon after Verizon came under scrutiny for throttling firefighters' data as they fought wildfires in California. From the report: AT&T says that first responders looking for completely unlimited internet without data speed caps can use FirstNet, the network it recently began operating specifically for first responders. AT&T was contracted by the U.S. government to built out FirstNet, which offers features that specifically cater to first responders. The company says that it's actively promoting FirstNet, but at the same time, its promotion page doesn't make a mention of the superior plan at all. In an email, AT&T clarified that the promotional plans subject to throttling are for first responders' personal use and family plans. "We're offering first responders and their family members a discount on the consumer plans available today for their personal use," a spokesperson said. "These lines and devices are separate than the FirstNet lines purchased and issued by the first responder agencies, which do not have a data limit." The deal allows first responders to choose between the AT&T Unlimited & More plan or the Unlimited & More Premium plan, which has more entertainment add-ons to choose from, including HBO, Showtime, and Amazon Music. With the ongoing promotion, a single line alone on Unlimited & More will cost $52.50 a month, while four lines on a plan would cost $30 a month per person. Unlimited & More Premium costs $60 a month for a single line, and $35.62 a month per person for four lines.

Read more of this story at Slashdot.