Check out the brand new SourceForge HTML5 speed test! Test your internet connection now. Works on all devices. ×
Security

Google CEO Sundar Pichai's Quora Account Hacked (thenextweb.com) 18

Google CEO Sundar Pichai is the latest high-profile victim of a hacking group called OurMine. Earlier today, the group managed to get hold of Pichai's Quota account, which in turn, gave them access to his Twitter feed as well. In a statement to The Next Web, the group said that their intention is to just test people's security, and that they never change the victim's passwords. Looking at the comments they left after hacking Pichai's account, it is also clear that OurMine is promoting its security services. The same group recently also hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts.
Microsoft

Woman Wins $10,000 Lawsuit Against Microsoft Over Windows 10 Upgrades (seattletimes.com) 295

An anonymous reader shares this story from the Seattle Times: A few days after Microsoft released Windows 10 to the public last year, Teri Goldstein's computer started trying to download and install the new operating system. The update, which she says she didn't authorize, failed. Instead, the computer she uses to run her Sausalito, California, travel-agency business slowed to a crawl. It would crash, she says, and be unusable for days at a time. "I had never heard of Windows 10," Goldstein said. "Nobody ever asked me if I wanted to update."

When outreach to Microsoft's customer support didn't fix the issue, Goldstein took the software giant to court, seeking compensation for lost wages and the cost of a new computer. She won. Last month, Microsoft dropped an appeal and Goldstein collected a $10,000 judgment from the company.

Microsoft denies any wrongdoing, and says they only halted their appeal to avoid the cost of further litigation.
The Courts

Wisconsin's Prison-Sentencing Algorithm Challenged in Court (engadget.com) 181

"Do you want a computer to help decide a convict's fate?" asks Engadget, telling the story of a Wisconsin convict who "claims that the justice system relied too heavily on its COMPAS algorithm to determine the likelihood of repeat offenses and sentenced him to six years in prison." Sentencing algorithms have apparently been in use for 10 years. His attorneys claim that the code is "full of holes," including secret criteria and generic decisions that aren't as individually tailored as they have to be. For instance, they'll skew predictions based on your gender or age -- how does that reflect the actual offender...?

[T]he court challenge could force Wisconsin and other states to think about the weight they give to algorithms. While they do hold the promise of both preventing repeat offenses and avoiding excessive sentences for low-threat criminals, the American Civil Liberties Union is worried that they can amplify biases or make mistakes based on imperfect law enforcement data.

The biggest issue seems to be a lack of transparency, which makes it impossible to determine whether convicts actually are receiving fair sentences.
Security

Religious Hacker Defaces 111 Escort Sites (softpedia.com) 142

An anonymous reader shares this article from Softpedia: A religiously-motivated Moroccan hacker has defaced 111 different web sites promoting escort services since last summer as part of an ongoing protest against the industry. "In January, the hacker defaced 79 escort websites," writes Softpedia. "His actions didn't go unnoticed, and on some online forums where escorts and webmasters of these websites met, his name was brought up in discussions and used to drive each other in implementing better Web security. While some webmasters did their job, some didn't. During the past days, the hacker has been busy defacing a new set of escort websites... Most of these websites bare ElSurveillance's defacement message even today... Most of the websites are from the UK."
His newest round of attacks replace the sites with a pro-Palestine message and a quote from the quran, though in January Softpedia reported the attacker was also stealing data from some of the sites about their users' accounts.
Censorship

Google and Facebook May Be Suppressing 'Extremist' Speech With Copyright Scanners (theverge.com) 147

An anonymous reader quotes this article from The Verge: The systems that automatically enforce copyright laws on the internet may be expanding to block unfavorable speech. Reuters reports that Facebook, Google, and other companies are exploring automated removal of extremist content, and could be repurposing copyright takedown methods to identify and suppress it. It's unclear where the lines have been drawn, but the systems are likely targeted at radical messages on social networks from enemies of European powers and the United States. Leaders in the US and Europe have increasingly decried radical extremism on the internet and have attempted to enlist internet companies in a fight to suppress it.

Many of those companies have been receptive to the idea and already have procedures to block violent and hateful content. Neither Facebook and Google would confirm automation of these efforts to Reuters, which relied on two anonymous sources who are "familiar with the process"... The secret identification and automated blocking of extremist speech would raise new, serious questions about the cooperation of private corporations with censorious governmental interests.

Reuters calls it "a major step forward for internet companies that are eager to eradicate violent propaganda from their sites and are under pressure to do so from governments around the world as attacks by extremists proliferate, from Syria to Belgium and the United States." They also report that the move follows pressure from an anti-extremism group "founded by, among others, Frances Townsend, who advised former president George W. Bush on homeland security, and Mark Wallace, who was deputy campaign manager for the Bush 2004 re-election campaign."
Government

As It Searches For Suspects, The FBI May Be Looking At You (technologyreview.com) 82

schwit1 quotes the MIT Technology Review: The FBI has access to nearly 412 million photos in its facial recognition system—perhaps including the one on your driver's license. But according to a new government watchdog report, the bureau doesn't know how error-prone the system is, or whether it enhances or hinders investigations.

Since 2011, the bureau has quietly been using this system to compare new images, such as those taken from surveillance cameras, against a large set of photos to look for a match. That set of existing images is not limited to the FBI's own database, which includes some 30 million photos. The bureau also has access to face recognition systems used by law enforcement agencies in 16 different states, and it can tap into databases from the Department of State and the Department of Defense. And it is in negotiations with 18 other states to be able to search their databases, too...

Adding to the privacy concerns is another finding in the GAO report: that the FBI has not properly determined how often its system makes errors and has not "taken steps to determine whether face recognition systems used by external partners, such as states and federal agencies, are sufficiently accurate" to support investigations.

Government

IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System (engadget.com) 99

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected "automated attacks taking place at an increasing frequency," adding that only "a small number" of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it... If you'll recall, identity thieves used malware to steal taxpayers' info from other websites, which was then used to generate 100,000 PINs, back in February... This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack... the agency determined that it would be safer to give up on a verification method that's scheduled for the chopping block anyway.
Transportation

Star Trek Actor's Death Inspires Class Action Against Car Manufacturer (cnn.com) 326

Anton Yelchin, who played Chekov in the new Star Trek movies, was killed Sunday when his own vehicle rolled backwards. Now Slashdot reader ripvlan writes: It has recently emerged that his vehicle was a Jeep. As discussed on Slashdot previously consumers are having a hard time knowing if the vehicle is in "Park." A new class action lawsuit is gaining momentum... Also Maserati has a similar system and can join the class action.
In fact, Maserati "is recalling about 13,000 sedans that have the same sort of gear shifter that was used in the Jeep that killed Yelchin," according to CNN Money, and Chrysler Fiat had in fact already filed a recall notice with federal regulators in April for Yelchin's band of Jeep, "but owners had only received a warning and not an official recall notice at the time of Yelchin's death". The lawsuit claims Chrysler "fraudulently concealed and failed to remedy a gear shifter design defect affecting 811,000 vehicles and linked to driverless rollaway incidents," including 2014-2015 Jeep Grand Cherokees, 2012-2014 Chrysler 300s, and 2012-2014 Dodge Chargers.
The Almighty Buck

Vacationing Security Researcher Exposes Austrian ATM Skimmer (carbonblack.com) 164

While vacationing with his family in Vienna, Ben Tedesco (from security company Carbon Black) discovered an ATM skimmer "in the wild", perfectly crafted to look like the original card reader. New submitter rmurph04 shares Ben's story: I went to grab some cash from an ATM. Being security paranoid, I repeated my typical habit of checking the card reader with my hand as I have hundreds of times. Today's the day when my security awareness paid off!
Ben's blog post includes a video demonstrating the ATM skimmer, as well as close-ups showing the device had its own control board, strip reader, and even its own battery.
Crime

Why Are Hackers Increasingly Targeting the Healthcare Industry? (helpnetsecurity.com) 103

Slashdot reader Orome1 shares an article by Bitdefender's senior "e-threat analyst," warning about an increasing number of attacks on healthcare providers: In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identity theft. This personal data often contains information regarding a patient's medical history, which could be used in targeted spear-phishing attacks...and hackers are able to access this data via network-connected medical devices, now standard in high-tech hospitals. This is opening up new possibilities for attackers to breach a hospital or a pharmaceutical company's perimeter defenses.

If a device is connected to the internet and left vulnerable to attack, an attacker could remotely connect to it and use it as gateways for attacking network security... The majority of healthcare organizations have often been shown to fail basic security practices, such as disabling concurrent login to multiple devices, enforcing strong authentication and even isolating critical devices and medical data storing servers from a direct internet connection.

The article suggests the possibility of attackers tampering with the equipment that dispenses prescription medications, in which case "it is likely that future cyber-attacks could lead to the loss of human life."
Security

Crypto Ransomware Attacks Have Jumped 500% In The Last Year (onthewire.io) 36

Kaspersky Lab is reporting that the last year saw a 500% increase in the number of users who encountered crypto ransomware. Trailrunner7 shares an article from On The Wire: Data compiled by Kaspersky researchers from the company's cloud network shows that from April 2015 to March 2016, the volume of crypto ransomware encountered by users leapt from 131,111 to 718,536. That's a massive increase, especially considering the fact that ransomware is a somewhat mature threat. It didn't just burst onto the scene a couple of years ago. Kaspersky's researchers said the spike in crypto ransomware can be attributed to a small group of variants. "Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware..."

It's difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.

Enterprise targets now account for 13% of ransomware attacks, with attackers typically charging tens of thousands of dollars, the article reports, and "Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy."
Communications

Why You Should Stop Using Telegram Right Now (gizmodo.com) 67

Earlier this week, The Intercept evaluated the best instant messaging clients from the privacy standpoint. The list included Facebook's WhatsApp, Google's Allo, and Signal -- three apps that employ end-to-end encryption. One popular name that was missing from the list was Telegram. A report on Gizmodo sheds further light on the matter, adding that Telegram is riddled with a wide range of security issues, and "doesn't live up to its proclamations as a safe and secure messaging application." Citing many security experts, the report states:One major problem Telegram has is that it doesn't encrypt chats by default, something the FBI has advocated for. "There are many Telegram users who think they are communicating in an encrypted way, when they're not because they don't realize that they have to turn on an additional setting," Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. "Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if it's not turned on by default, it doesn't matter."The other issue that security experts have taken a note of is that Telegram employs its own encryption, which according to them, "is widely considered to be a fatal flaw when developing encrypted messaging apps." The report adds:"They use the MTproto protocol which is effectively homegrown and I've seen no proper proofs of its security," Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. "At present we don't know enough to know if it's secure or insecure. That's the trouble with security by obscurity. It's usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn't write your own crypto. No one really understands why they did that."The list goes on and on.
Transportation

Austin Is Conducting Sting Operations Against Ride-Sharing Drivers (examiner.com) 242

Since the Uber and Lyft ride-sharing apps stopped service in Austin, drunk driving has increased, riders are hunting for alternatives, and the police are conducting undercover sting operations against unauthorized ride-sharing drivers. With Chicago also considering new restrictions on ride-sharing apps, Slashdot reader MarkWhittington shares this report from Austin: With thousands of drivers and tens of thousands of riders who once depended on ride-sharing services in a lurch, a group called Arcade City has tried to fill the void with a person-to-person site to link up drivers and riders who then negotiate a fare. Of course, according to a story on KVUE, the Austin city government, and the police are on the case. The Austin Police Department has diverted detectives and resources to conduct sting operations on ride-sharing drivers who attempt to operate without official sanction. Undercover operatives will arrange for a ride with an Arcade City driver and then bust them, impounding their vehicle and imposing a fine.
"The first Friday and Saturday after Uber was gone, we were joking that it was like the zombie apocalypse of drunk people," one former ride-sharing driver told Vocative.com. Earlier this month the site compared this year's drunk driving arrests to last years -- and discovered that in the three weeks since Uber and Lyft left Austin, 7.5% more people have been arrested for drunk driving.
EU

Web Petition For 2nd EU Referendum Draws Huge Interest (ap.org) 618

From an Associated Press report:An online petition seeking a second referendum on a British exit from the Europe Union has drawn more than 1.6 million names, a measure of the extraordinary divisiveness of Thursday's vote to leave the 28-nation bloc. The online petition site hosted by the House of Commons website even crashed Friday under the weight of the activity as officials said they'd seen unprecedented interest in the measure, which calls on the government to implement a rule that stating if that if "remain" or "leave" camps won less than 60 percent of the vote with less than a 75 percent turnout "there should be another referendum."According to reports, this is the biggest surge of support Parliament's website has ever seen. Looking at the keywords people were hitting up on Google after the news first broke, it was clear that a considerable portion of the population was clueless about the whole situation.
Crime

From File-Sharing To Prison: The Story of a Jailed Megaupload Programmer (arstechnica.com) 124

An anonymous reader writes: "I had to be made an example of as a warning to all IT people," says former Megaupload programmer Andrew Nomm, one of seven Megaupload employees arrested in 2012. Friday his recent interview with an Estonian journalist was republished in English by Ars Technica (which notes that at one point the 50 million users on Megaupload's file-sharing site created 4% of the world's internet traffic). The 37-year-old programmer pleaded guilty to felony copyright infringement in exchange for a one-year-and-one-day sentence in a U.S. federal prison, which the U.S. Attorney General's office called "a significant step forward in the largest criminal copyright case in US history."

"It turned out that I was the only defendant in the last 29 years to voluntarily go from the Netherlands to the USA..." Nomm tells the interviewer, adding "I'll never get back the $40,000 that was seized by the USA." He describes his experience in the U.S. prison system after saying good-bye to his wife and 13-year-old son, adding that now "I have less trust in all sorts of state affairs, especially big countries. I saw the dark side of the American dream in all its glory..."

In U.S. court documents Nomm "acknowledged" that the financial harm to copyright holders "exceeded $400 million."
Communications

Snowden Finally Identified As Target of Investigation That Ended Lavabit (washingtontimes.com) 76

An anonymous reader quotes a report from The Washington Times: Three years after a government investigation forced the shuttering of Lavabit, a Texas-based email provider, its CEO revealed Friday that an account belonging to Edward Snowden spurred the probe that put his company out of business. "Ladar Levison shut down his encrypted webmail service in August 2013 amid an FBI investigation focused on one of his company's nearly half-a-million customers," reports The Washington Times. "A gag-order that has just recently been vacated in federal has legally prevented him up until now from confirming the account in question was registered to none other than the NSA contractor attributed with one of the largest intelligence leaks in U.S. history. U.S. District Judge Claude Hilton nullified the mandatory non-disclosure orders in a June 13 court filing that went unnoticed until Lavabit released a statement Friday. Officially, the consent order approved by Judge Hilton in the Eastern District of Virginia earlier this month removes all gag-orders concerning Lavabit and Mr. Levison with regards to a grand jury investigation that led the FBI to Mr. Snowdenâ(TM)s email account. 'While Iâ(TM)m pleased that I can finally speak freely about the target of the investigation, I also know the fight to protect our collective freedom is far from over,' Mr. Levison said in a statement. He said he plans to discuss the case further during the DefCon security conference in Las Vegas this summer."
Security

NASCAR Team Pays Ransomware Fee To Recover Files Worth $2 Million (softpedia.com) 58

An anonymous reader writes: "NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1,500 man-hours to replicate," reports Softpedia. "The infection took place on the computer belonging to CSLFR's crew chief. Winston's staff detected the infection when encrypted files from Winston's computer began syncing to their joint Dropbox account." It was later discovered that he was infected with the TeslaCrypt ransomware. Because the team had no backups of the crucial data, they eventually paid the ransom (around $500). This happened before TeslaCrypt's authors decided to shut down their operations and release free decryption keys.
Advertising

You Could Be Paid To Post Snapchat Selfies With Products, Patent Filing Suggests (latimes.com) 22

An anonymous reader writes: According to Snapchat's latest patent filings, the company could begin paying users to post photos and videos. Los Angeles Times reports: "The filings reveal that Snapchat automatically could analyze annotations on an image, including text and digital stickers, to prompt users to place their image in a collective gallery. In other words, people who type some variation of 'Clippers!!!' on top of their photo during a Clippers basketball game would have access to a library of images related to the game. Especially intriguing, the company could use computer vision technology to identify objects in an image -- say, a Coke bottle -- to encourage a user to share the shot in a Coca-Cola-sponsored story. Contributors could walk away with cash through a flat fee or some other deal based on views or sales generated by the story. The idea in the patent filing also would give advertisers an official way to compensate people for creative posts, compared with the usual strategy of paying top users to turn their personal accounts into an ad. Other types of automatically generated galleries mentioned in the patent application include stories based on a time stamp, temperature or movement. People could definite their own categories too. Curation of the galleries could be optional, with object recognition and text analysis as potential ways to filter inappropriate submissions. Users who get into audio timeline could get paid too, the patent filing states."
DRM

Oculus Ditches DRM Hurdle, Allows HTC Vive Games On Rift Again (venturebeat.com) 36

An anonymous reader writes: After changing its DRM to exclude ReVive last month, Oculus has changed its mind again and is now allowing HTC Vive games to play on the Oculus Rift. "We continually revise our entitlement and anti-piracy systems, and in the June update we've removed the check for Rift hardware from the entitlement check. We won't use hardware checks as part of DRM on PC in the future," Oculus VR said. "We believe protecting developer content is critical to the long-term success of the VR industry, and we'll continue taking steps in the future to ensure that VR developers can keep investing in ground-breaking new VR content." VentureBeat reports: "ReVive developers have acted quickly following the removal of the check. An update to the software has been posted on GitHub to bring it back in line, meaning you'll now be able to access the games that were previously available without jumping through extra hoops. Perhaps even more games might work going forward. CrossVR, one of the system's developers, took to Reddit to thank Oculus for the decision. 'I'm delighted to see this change and I hope it can generate a lot of goodwill for Oculus.' CrossVR said."
The Courts

Valve Faces Lawsuit Over Video Game Gambling (bloomberg.com) 72

An anonymous reader writes from a report via Bloomberg: Valve's Counterstrike: Global Offensive game is being sued for its role in the multibillion-dollar gambling economy that has fueled the game's popularity. Michael John McLeod filed a lawsuit Thursday in the U.S. District Court in Connecticut alleging that Valve violated gambling laws and engaged in racketeering with a handful of off-shore gambling companies. McLeod, who has been gambling on CS:GO since 2014, is asking for class-action status for the suit. The suit was first reported by Polygon and doesn't give a specific request for damages, nor does it say how much money he lost by betting on the site. According to Bloomberg: "Valve provided for money, technical support, and advice to such websites as CSGO Lounge and Diamonds, which take bets, and OPSkins, which runs a market where virtual goods are traded and can be redeemed for cash." Valve has yet to respond to the suit.

Slashdot Top Deals