Crime

FBI Warns US Private Sector To Cut Ties With Kaspersky (cyberscoop.com) 124

An anonymous reader quotes CyberScoop: The FBI has been briefing private sector companies on intelligence claiming to show that the Moscow-based cybersecurity company Kaspersky Lab is an unacceptable threat to national security, current and former senior U.S. officials familiar with the matter tell CyberScoop... The FBI's goal is to have U.S. firms push Kaspersky out of their systems as soon as possible or refrain from using them in new products or other efforts, the current and former officials say.

The FBI's counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. In light of successive cyberattacks against the electric grid in Ukraine, the FBI has focused on this sector due to the critical infrastructure designation assigned to it by the Department of Homeland Security... The U.S. government's actions come as Russia is engaged in its own push to stamp American tech giants like Microsoft out of that country's systems.

Meanwhile Bloomberg Businessweek claims to have seen emails which "show that Kaspersky Lab has maintained a much closer working relationship with Russia's main intelligence agency, the FSB, than it has publicly admitted" -- and that Kaspersky Lab "confirmed the emails are authentic."

Kaspersky Lab told ZDNet they have not confirmed the emails' authenticity. A representative for Kaspersky Lab says that the company does not have "inappropriate" ties with any government, adding that "the company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime."
Encryption

Google Warns Webmasters About Insecure HTTP Web Forms (searchengineland.com) 65

In April Chrome began marking HTTP pages as "not secure" in its address bar if the pages had password or credit card fields. They're about to take the next step. An anonymous reader quotes SearchEngineLand: Last night, Google sent email notifications via Google Search Console to site owners that have forms on web pages over HTTP... Google said, "Beginning in October 2017, Chrome will show the 'Not secure' warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode."
Google warned in April that "Our plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria. Since the change in Chrome 56, there has been a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop, and we're ready to take the next steps..."

"Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the 'Not secure' warning when users type data into HTTP sites."
Government

Microsoft Avoids Washington State Taxes, Gives Nevada Schoolkid A Surface Laptop (seattletimes.com) 61

theodp writes: The Official Microsoft Blog hopes a letter from a Nevada middle schooler advising Microsoft President Brad Smith to "keep up the good work running that company" will "inspire you like it did us." Penned as part of a math teacher's assignment to write letters to the businesses that they like, Microsoft says the letter prompted Smith to visit the Nevada school to meet 7th-grader Sky Yi in person as part of the company's effort to draw attention to the importance of math and encourage students and teachers who are passionate about STEM (science, technology, engineering and math) education. In an accompanying video of the surprise meeting, Smith presents Yi with a new Surface Laptop that comes with Windows 10 S, a version of the OS that has been streamlined with schools in mind. "Not bad for a little letter," the Microsoft exec says.

Speaking of Microsoft, Nevada, and education, Bing Maps coincidentally shows the school Smith visited is just a 43-minute drive from the software giant's Reno-based Americas Operations Center. According to the Seattle Times, routing sales through the Reno software-licensing office helps Microsoft minimize its tax bills (NV doesn't tax business income) to the detriment, some say, of Washington State public schools.

Microsoft's state and local taxes will drop to just $30 million for the last year (from an average of $214 milion over the previous 14 years) according to the Seattle Times. "A Microsoft spokesman said the decline in 2017 was caused by the company's deferring taxes on some income to future years and the winding down of the company's smartphone business."
Television

Should Plex Stop Allowing Users To Opt Out of Data Collection? (www.plex.tv) 131

Slashdot reader bigdogpete writes: Many users of Plex got an email that said they were changing their privacy policy which goes into effect on 20 September 2017. While most of the things are pretty standard, users found it odd that they were now not going to allow users to opt-out of data collection. Here is the part from their website explaining the upcoming changes.

"In order to understand the usage across the Plex ecosystem and how we need to improve, Plex will continue to collect usage statistics, such as device type, duration, bit rate, media format, resolution, and media type (music, photos, videos, etc.). We will no longer allow the option to opt out of this statistics collection, but we do not sell or share your personally identifiable statistics. Again, we will not collect any information that identifies libraries, files, file names, and/or the specific content stored on your privately hosted Plex Media Servers. The only exception to this is when, and only to the extent, you use Plex with third-party services such as Sonos, Alexa, webhooks, and Last.fm."

What do you all think?

Electronic Frontier Foundation

EFF Honors Chelsea Manning, an IFEX Leader, And TechDirt's Editor (eff.org) 86

An anonymous reader quotes the Electronic Frontier Foundation: Whistleblower and activist Chelsea Manning, Techdirt editor and open internet advocate Mike Masnick, and IFEX executive director and global freedom of expression defender Annie Game are the distinguished winners of the 2017 Pioneer Awards, which recognize leaders who are extending freedom and innovation on the electronic frontier. This year's honorees -- a whistleblower, an editor, and an international freedom of expression activist -- all have worked tirelessly to protect the public's right to know.

The award ceremony will be held the evening of September 14 at Delancey Street's Town Hall Room in San Francisco. The keynote speaker is Emmy-nominated comedy writer Ashley Nicole Black, a correspondent on Full Frontal with Samantha Bee who uses her unique comedic style to take on government surveillance, encryption, and freedom of information.

The EFF describes Chelsea Manning as "a network security expert, whistleblower, and former U.S. Army intelligence analyst whose disclosure of classified Iraq war documents exposed human rights abuses and corruption the government kept hidden from the public." Their annoncement also notes that Annie Game has led the IFEX network of 115+ journalism and civil liberties groups around the world for over 10 years, and that Mike Masnick coined the term "The Streisand Effect" -- and is currently being sued by that man who claims he invented email.
Security

Marcus Hutchins' Code Used In Malware May Have Come From GitHub (itwire.com) 50

troublemaker_23 quotes ITWire: A security researcher says code has been discovered that was written by British hacker Marcus Hutchins that was apparently 'borrowed' by the creator of the banking trojan Kronos. The researcher, known as Hasherezade, posted a tweet identifying the code that had been taken from Hutchins' repository on GitHub.
Hasherezade also found a 2015 tweet where a then-20-year-old Hutchins first announces he's discovered the hooking engine he wrote for his own blog -- being used in a malware sample. ("This is why we can't have nice things," Hutchins jokes.) Hasherezade analyzed Kronos's code and concluded "the author has a prior knowledge in implementing malware solutions... The level of precision lead us to the hypothesis, that Kronos is the work of a mature developer, rather than an experimenting youngster."

Monday on Twitter Hutchins posted that "I'm still on trial, still not allowed to go home, still on house arrest; but now I am allowed online. Will get my computers back soon."
Government

US State Department Suffers Worldwide Email Outage (usatoday.com) 68

An anonymous reader quotes USA Today: The U.S. State Department's email system underwent a worldwide outage Friday, affecting all its unclassified communications within and outside of the department. The system was fully restored by Friday afternoon [after 12 hours], said a State Department official briefed on the incident who was not authorized to speak publicly and requested anonymity.

It was not clear what caused the early morning outage, but spokeswoman Heather Nauert told reporters it was not "any external action or interference."

Databases

Google and ProPublica Team Up To Build a National Hate Crime Database (techcrunch.com) 266

In partnership with ProPublica, Google News Lab is launching a new tool to track hate crimes across America. The "Documenting Hate News Index" is being powered by machine learning to track reported hate crimes across all 50 states, collecting data from February 2017 onward. TechCrunch reports: Data visualization studio Pitch Interactive helped craft the index, which collects Google News results and filters them through Google's natural language analysis to extract geographic and contextual information. Because they are not catalogued in any kind of formal national database, a fact that inspired the creation of the index to begin with, Google calls the project a "starting point" for the documentation and study of hate crimes. While the FBI is legally required to document hate crimes at the federal level, state and local authorities often fail to report their own incidents, making the data incomplete at best.

The initiative is a data-rich new arm of the Documenting Hate project which collects and verifies hate incidents reported by both individual contributors and by news organizations. The Hate News Index will keep an eye out for false positives (casual uses of the word "hate" for example), striking a responsible balance between machine learning and human curation on a very sensitive subject. Hate events will be mapped onto a calendar in the user interface, though users can also use a keyword search or browse through algorithmic suggestions. For anyone who'd like to take the data in a new direction, Google will open sourced its data set, making it available through GitHub.

Music

How Hackers Can Use Pop Songs To 'Watch' You (fastcompany.com) 31

An anonymous reader quotes a report from Fast Company: Forget your classic listening device: Researchers at the University of Washington have demonstrated that phones, smart TVs, Amazon Echo-like assistants, and other devices equipped with speakers and microphones could be used by hackers as clandestine sonar "bugs" capable of tracking your location in a room. Their system, called CovertBand, emits high-pitched sonar signals hidden within popular songs -- their examples include songs by Michael Jackson and Justin Timberlake -- then records them with the machine's microphone to detect people's activities. Jumping, walking, and "supine pelvic tilts" all produce distinguishable patterns, they say in a paper. (Of course, someone who hacked the microphone on a smart TV or computer could likely listen to its users, as well.)
Google

Google Explains Why It Banned the App For Gab, a Right-Wing Twitter Rival (arstechnica.com) 505

AmiMoJo shares a report from Ars Technica: When right-wing trolls and outright racists get kicked off of Twitter, they often move to Gab, a right-wing Twitter competitor. Gab was founded by Andrew Torba, who says it's devoted to unfettered free expression online. The site also hosts controversial right-wing figures like Milo Yiannopoulos, Andrew 'weev' Auernheimer and Andrew Anglin, editor of the neo-Nazi site Daily Stormer. On Thursday, Gab said that Google had banned its Android app from the Google Play Store for violating Google's ban on hate speech. The app's main competitor, Twitter, hosts accounts like the American Nazi Party, the Ku Klux Klan, and the virulently anti-gay Westboro Baptist Church, yet the Twitter app is still available on the Google Play store. Apple has long had more restrictive app store policies, and it originally rejected the Gab app for allowing pornographic content to be posted on the service -- despite the fact that hardcore pornography is readily available on Twitter. In an email to Ars, Google explained its decision to remove Gab from the Play Store: "In order to be on the Play Store, social networking apps need to demonstrate a sufficient level of moderation, including for content that encourages violence and advocates hate against groups of people. This is a long-standing rule and clearly stated in our developer policies. Developers always have the opportunity to appeal a suspension and may have their apps reinstated if they've addressed the policy violations and are compliant with our Developer Program Policies."
Privacy

Info on 1.8M Chicago Voters Was Publicly Accessible, But Now Removed From Cloud Service (chicagotribune.com) 27

A file containing the names, addresses, dates of birth and other information about Chicago's 1.8 million registered voters was published online and publicly accessible for an unknown period of time, the Chicago Board of Election Commissioners said this week. From a report: The acknowledgment came days after a data security researcher alerted officials to the existence of the unsecured files. The researcher found the files while conducting a search of items uploaded to Amazon Web Services, a cloud system that allows users to rent storage space and share files with certain people or the general public. The files had been uploaded by Election Systems & Software, a contractor that helps maintain Chicago's electronic poll books. Election Systems said in a statement that the files "did not include any ballot information or vote totals and were not in any way connected to Chicago's voting or tabulation systems." The company said it had "promptly secured" the files on Saturday evening and had launched "a full investigation, with the assistance of a third-party firm, to perform thorough forensic analyses of the AWS server." State and local officials were notified of the existence of the files Saturday by cybersecurity expert Chris Vickery, who works at the Mountain View, Calif. firm UpGuard.
Patents

E-Commerce To Evolve Next Month As Amazon Loses the 1-Click Patent (thirtybees.com) 137

An anonymous reader shares an article: Next month e-commerce will change forever thanks to Amazon. September 12 marks 20 years since Amazon filed for their 1-Click patent. This means that the patent will expire and the technology behind it will be free to be used by any e-commerce site. Starting next month more and more sites will be offering a one click checkout experience. Most major sites have already started development with plans to launch soon after the patent expires. Amazon applied for the 1-Click patent in September of 1997, the actual patent was granted in 1999. The whole idea behind the patent is when you store a user's credit card and address you only need a single click to order a product. For the last 20 years Amazon has kept a tight hold on this technology, they have only licensed it to one company: Apple. No one knows what Apple paid to license the technology, but the value of the patent has been assessed at 2.4 billion dollars by sources. Over the last 20 years Amazon has defended the validity of the patent in several cases, even having to revise the patent at one point. But, now the wait is almost over and this technology is about to make it into the open market.
Businesses

Kit Kat Accused of Copying Atari Game Breakout (bbc.com) 131

An anonymous reader shares a report: Kit Kat's maker Nestle has been accused of copying Breakout, the 1970s computer game, in a marketing campaign. Atari, the company behind some of the most popular early video games, has filed a suit alleging Nestle knowingly exploited the game's look and feel. The advert showed a game similar to Breakout but where the bricks were replaced with single Kit Kat bars. Nestle said it was aware of the lawsuit and would defend itself "strongly" against the allegations. Breakout was created as a successor to "Pong" by Apple founders, Steve Wozniak and Steve Jobs. In the advert, which is titled "Kit Kat: Breakout", a row of people, of varying ages and appearance, share a sofa and play a video game during their work break. In the game depicted, a primitive paddle moves side-to-side to bounce a ball into a collision with the horizontal bars ranged across the top of the screen.
IOS

iOS 11 Has a Feature To Temporarily Disable Touch ID (cultofmac.com) 138

A new feature baked into iOS 11 lets you quickly disable Touch ID, which could come in handy if you're ever in a situation where someone (a cop) might force you to unlock your device. Cult of Mac reports: To temporarily disable Touch ID, you simply press the power button quickly five times. This presents you with the "Emergency SOS" option, which you can swipe to call the emergency services. It also prevents your iPhone from being unlocked without the passcode. Until now, there were other ways to temporarily disable Touch ID, but they weren't quick and simply. You either had to restart your iPhone, let it sit idle for a few days until Touch ID was temporarily disabled by itself, or scan the wrong finger several times. The police, or any government agency, cannot force you to hand over your iPhone's passcode. However, they can force you to unlock your device with your fingerprint. That doesn't work if your fingerprint scanner has been disabled.
Government

Ukraine Hacker Cooperating With FBI In Russia Probe, Says Report (thehill.com) 210

schwit1 shares a report from The Hill: A hacker in Ukraine who goes by the online alias "Profexer" is cooperating with the FBI in its investigation of Russian interference in the U.S. presidential election, The New York Times is reporting. Profexer, whose real identity is unknown, wrote and sold malware on the dark web. The intelligence community publicly identified code he had written as a tool used in the hacking of the Democratic National Committee ahead of last year's presidential election. The hacker's activity on the web came to a halt shortly after the malware was identified. The New York Times, citing Ukrainian police, reported Wednesday that the individual turned himself into the FBI earlier this year and became a witness for the bureau in its investigation. FBI investigators are probing Russian interference efforts and whether there was coordination between associates of President Trump's campaign and Moscow. Special counsel Robert Mueller is heading the investigation.
Patents

Motorola Patents a Display That Can Heal Its Own Cracked Screen With Heat (theverge.com) 40

An anonymous reader quotes a report from The Verge: A patent published today explains how a phone could identify cracks on its touchscreen and then apply heat to the area in an effort to slightly repair the damage. The process relies on something called "shape memory polymer," a material that can apparently become deformed and then recovered through thermal cycling. Thermal cycling involves changing the temperature of the material rapidly. This material could be used over an LCD or LED display with a capacitive touch sensor layered in, as well. Although the phone could heat the polymer in order to restore it, a user's body heat can be used, too.
Encryption

Hacker Claims To Have Decrypted Apple's Secure Enclave Processor Firmware (iclarified.com) 109

According to iClarified, a hacker by name of "xerub" has posted the decryption key for Apple's Secure Enclave Processor (SEP) firmware. "The security coprocessor was introduced alongside the iPhone 5s and Touch ID," reports iClarified. "It performs secure services for the rest of the SOC and prevents the main processor from getting direct access to sensitive data. It runs its own operating system (SEPOS) which includes a kernel, drivers, services, and applications." From the report: The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can't read it. It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption. Today, xerub announced the decryption key "is fully grown." You can use img4lib to decrypt the firmware and xerub's SEP firmware split tool to process. Decryption of the SEP Firmware will make it easier for hackers and security researchers to comb through the SEP for vulnerabilities.
AT&T

Judge Dismisses AT&T's Attempt To Stall Google Fiber Construction In Louisville (arstechnica.com) 68

An anonymous reader quotes a report from Ars Technica: AT&T has lost a court case in which it tried to stall construction by Google Fiber in Louisville, Kentucky. AT&T sued the local government in Louisville and Jefferson County in February 2016 to stop a One Touch Make Ready Ordinance designed to give Google Fiber and other new ISPs quicker access to utility poles. But yesterday, U.S. District Court Judge David Hale dismissed the lawsuit with prejudice, saying AT&T's claims that the ordinance is invalid are false. "We are currently reviewing the decision and our next steps," AT&T said when contacted by Ars today. One Touch Make Ready rules let ISPs make all of the necessary wire adjustments on utility poles themselves instead of having to wait for other providers like AT&T to send work crews to move their own wires. Without One Touch Make Ready rules, the pole attachment process can cause delays of months before new ISPs can install service to homes. Google Fiber has continued construction in Louisville despite the lawsuit and staff cuts that affected deployments in other cities.
Patents

We Print 50 Trillion Pages a Year, and Xerox Is Betting That Continues (fortune.com) 86

An anonymous reader shares a report: For most of its 111-year history, Xerox has been known as one of the tech industry's most innovative companies. Now the legendary copier company is reinventing itself. In January, Xerox made the bold decision to split itself into two, spinning off its business services operations into a separate company called Conduent. And Jeffrey Jacobson, a Xerox tech executive, was tapped as Xerox's new CEO. Speaking with Fortune's Susie Gharib, Jacobson says Xerox is still "one of the top patent producing companies in the world" and he's counting on that scientific expertise to pivot the company to be a leader in digital print technology. "If I look at the things we're looking at with the Internet of things, artificial intelligence and bridging the digital and physical," he says, "that's what I think we'll be known for."
Social Networks

Thai Activist Jailed For the Crime of Sharing an Article on Facebook (eff.org) 117

An anonymous reader shares a report: Thai activist Jatuphat "Pai" Boonpattaraksa was sentenced this week to two and a half years in prison -- for the crime of sharing a BBC article on Facebook. The Thai-language article profiled Thailand's new king and, while thousands of users shared it, only Jutaphat was found to violate Thailand's strict lese majeste laws against insulting, defaming, or threatening the monarchy. The sentence comes after Jatuphat has already spent eight months in detention without bail. During this time, Jatuphat has fought additional charges for violating the Thai military junta's ban on political gatherings and for other activism with Dao Din, an anti-coup group. While in trial in military court, Jatuphat also accepted the Gwangzu Prize for Human Rights. When he was arrested last December, Jatuphat was the first person to be charged with lese majeste since the former King Bhumibol passed away and his son Vajiralongkorn took the throne. (He was not, however, the first to receive a sentence -- this past June saw one of the harshest rulings to date, with one man waiting over a year in jail to be sentenced to 35 years for Facebook posts critical of the royal family.) The conviction, which appears to have singled Jatuphat out among thousands of other Facebook users who shared the article, sends a strong message to other activists and netizens: overbroad laws like lese majeste can and will be used to target those who oppose military rule in Thailand.

Slashdot Top Deals