×
Australia

Australia Discontinues Its National Biometric ID Project (gizmodo.com.au) 41

The Australian Criminal Intelligence Commission's (ACIC) biometrics project, which adds facial recognition to a national crime database, is being discontinued following reports of delays and budget blowouts. From a report: This announcement comes after the project was suspended earlier this month and NEC Australia staff were escorted out of the building by security on Monday June 4. [...] ACIC contracted the NEC for the $52 million Biometric Identification Services project with the view of replacing the fingerprint identification system that is currently in place. The aim of the project, which was supposed to run until 2021, was to include palm print, foot prints and facial recognition to aid in police investigations. The Australian government stated that it wanted to provide Australians with a single digital identity by 2025.
Privacy

Apple Tries To Stop Developers Sharing Data On Users' Friends (bloomberg.com) 21

Apple has updated its App Store guidelines to close a loophole that let app makers store and share data without many people's consent. The practice has "been employed for years," reports Bloomberg. "Developers ask users for access to their phone contacts, then use it for marketing and sometimes share or sell the information -- without permission from the other people listed on those digital address books." From the report: As Apple's annual developer conference got underway on June 4, the Cupertino, California-based company made many new pronouncements on stage, including new controls that limit tracking of web browsing. But the phone maker didn't publicly mention updated App Store Review Guidelines that now bar developers from making databases of address book information they gather from iPhone users. Sharing and selling that database with third parties is also now forbidden. And an app can't get a user's contact list, say it's being used for one thing, and then use it for something else -- unless the developer gets consent again. Anyone caught breaking the rules may be banned.

While Apple is acting now, the company can't go back and retrieve the data that may have been shared so far. After giving permission to a developer, an iPhone user can go into their settings and turn off apps' contacts permissions. That turns off the data faucet, but doesn't return information already gathered.

Earth

The Icelandic Families Tracking Climate Change With Measuring Tape (undark.org) 88

Gloria Dickie, writing for Undark Magazine: A 30-meter Komelon-branded measuring tape, a pencil, and a yellow paper form are all Hallsteinn Haraldsson carries with him when he travels to the Snaefellsnes Peninsula in western Iceland. But unfurling the measuring tape before me at his home in Mosfellsbaer, a town just outside of Reykjavik, he says it is a significant upgrade from the piece of marked rope he used to bring along. With 11 percent of the landmass covered in ice, rapidly ebbing glaciers are threatening to reshape Iceland's landscape, and Haraldsson, 74, is part of a contingent of volunteer glacier monitors who are at the frontlines of tracking the retreat. Every autumn, Haraldsson, often accompanied by his wife and son, sets off on foot to measure the changes in his assigned glacier.

Their rudimentary tools are a far cry from the satellites and time-lapse photography deployed around the world in recent decades to track ice loss, and lately, there's been talk of disbanding this nearly century-old, low-tech network of monitors. But this sort of ground-truthing work has more than one purpose: With Iceland's glaciers at their melting point, these men and women -- farmers, schoolchildren, a plastic surgeon, even a Supreme Court judge -- serve not only as the glaciers' guardians, but also their messengers. Today, some 35 volunteers monitor 64 measurement sites around the country. The numbers they collect are published in the Icelandic scientific journal Jokull, and submitted to the World Glacier Monitoring Service database. Vacancies for glacier monitors are rare and highly sought-after, and many glaciers have been in the same family for generations, passed down to sons and daughters, like Haraldsson, when the journey becomes too arduous for their aging watchmen. It's very likely one of the longest-running examples of citizen climate science in the world. But in an age when precision glacier tracking can be conducted from afar, it remains unclear whether, or for how long, this sort of heirloom monitoring will continue into the future. It's a question even some of the network's own members have been asking.

Government

Unresolved Login Issue Prevented Florida 'Concealed Weapon' Background Checks For Over a Year (tampabay.com) 193

An anonymous reader quotes the Tampa Bay Times For more than a year, the state of Florida failed to conduct national background checks on tens of thousands of applications for concealed weapons permits, potentially allowing drug addicts or people with a mental illness to carry firearms in public... The employee in charge of the background checks could not log into the system, the investigator learned. The problem went unresolved until discovered by another worker in March 2017 -- meaning that for more than a year applications got approved without the required background check.

During that time, which coincided with the June 12, 2016 shooting at Pulse nightclub that left 50 dead, the state saw an unprecedented spike in applications for concealed weapons permits. There were 134,000 requests for permits in the fiscal year ending in June 2015. The next 12 months broke a record, 245,000 applications, which was topped again in 2017 when the department received 275,000 applications... There are now 1.8 million concealed weapon permit holders in Florida.

The employee with the login issue, who has since been fired, "told the Times she had been working in the mailroom when she was given oversight of the database in 2013. 'I didn't understand why I was put in charge of it.'"
Operating Systems

Apple Unveils macOS 10.14 Mojave With Dark Mode and Finder Photo Tools (venturebeat.com) 99

Alongside iOS 12, at its developer conference WWDC on Monday, Apple also unveiled macOS 10.14 -- named "Mojave" -- the upcoming software update for the company's laptop and desktops lineups. The headline feature of macOS 10.14 is dark mode, a feature that people who work during late hours might appreciate. VentureBeat: A new Mojave feature called Dynamic Desktop can subtly change the desktop throughout the day, morning, afternoon, and evening. There's also Desktop Stacks, which can automatically clean up a messy desktop by arranging desktop contents into stacks based on content, date, or tag. Gallery View in the Finder lets you see content in a Photos-like display, including full metadata from cameras that can appear in an optional second sidebar; you can rotate photos and do basic automation of Actions within the Finder. The macOS screenshot creation tool has been expanded, as well, to enable instant creation of screengrabbed videos from current screen content.

Continuity has been expanded with Continuity Camera, leveraging your phone's camera to instantly add photos and scans to programs that request them. It also includes a Mac version of the Apple News aggregation app that debuted on iOS two years ago, including the Stocks feature and new sidebar that were shown off for the updated iPad version of News earlier in the Keynote. Voice Memos is also being brought to the Mac, as is Home, the HomeKit app from iOS. Apple also announced a collection of heightened security features for macOS, including protection by default of camera access, microphone access, your mail database, message history, and other private data.
Apple has also redesigned the App Store, and is bringing favicons to Safari tabs.
Communications

Ticketfly Temporarily Shuts Down To Investigate 'Cyber Incident' (engadget.com) 26

Earlier today, ticket distribution service Ticketfly shut down after a "cyber incident" compromised its systems. A hacker reportedly defaced the company's website and claimed to have compromised the "backstage" database where festivals, promoters and venues manage their events. Engadget reports: The intrusion might have started through Ticketfly's Wordpress blog -- the hacker claimed to have downloaded and posted this on Ticketfly's site before it was taken down. The firm hasn't said when it expects services to return to normal, and it has yet to gauge the full extent of the breach. It took everything down out of an "abundance of caution," according to a spokesperson. According to Motherboard, the hacker apparently demanded a single bitcoin to divulge the vulnerability that left Ticketfly open to attack. You can view the FAQ page for more information on the incident.
Education

Code.org Is Crowdsourcing Database of US K-12 Schools That Teach, Or Don't Teach CS 87

Longtime reader theodp writes: Nonprofit Code.org, which is bankrolled by the likes of Microsoft, Facebook, Amazon, Google, and Infosys, has teamed up with the Computer Science Teachers Association (CSTA) and is "calling on all educators and parents" to "help us build a database of all schools that teach (or don't teach) computer science" (via direct responses and email advocacy tools). Called the K-12 Computer Science Access Report, Code.org says "the database will be a resource that everyone in the CS community can use." For what purposes, however, is not entirely clear, although the Code.org Medium post indicates the database will be used by the nonprofit and the CS community to "make our shared vision [for every school to teach computer science] a reality." The post cites a 2016 study conducted by Google and Gallup -- which took principals to task for being clueless about what constituted "computer science" and misgauging parental and student demand for CS -- and goes on to add that the new database will allow the organization to "be able to report more precisely which schools do or don't offer this opportunity to their students." As far as a timeframe for the naughty-or-nice K-12 CS school database goes, Code.org reports, "our goal is to gather data for 100% of US schools by the end of 2018." In earlier posts, Code.org has thanked its partners for their help in "changing [K-12 CS] education policies in forty states" (make that 43 states!) and claimed credit for "pressing lawmakers" into unlocking Federal funding for K-12 CS with the passage of the Every Student Succeeds Act.
Transportation

5.3M Cars Recalled Because 'Drivers May Not Be Able to Turn Off Cruise Control' (freep.com) 152

An anonymous reader quotes the Associated Press: Fiat Chrysler is recalling more than 5.3 million vehicles in the U.S., Canada and elsewhere because in rare but terrifying circumstances, drivers may not be able to turn off the cruise control. The company is warning owners not to use cruise control until the cars, SUVs and trucks can be fixed with a software update. Fiat Chrysler says the condition can occur if the cruise control accelerates at the same time an electrical short-circuit happens. But the brakes are designed to overpower the engine and the vehicles could still be stopped...

In the complaint filed with the National Highway Traffic Safety Administration, an owner from Olathe, Kansas, said a 2017 Dodge Journey SUV rental vehicle was being driven about 70 miles per hour with the cruise control on when the windshield wipers came on by themselves and the throttle locked up. The owner, who was not identified in the agency's complaint database, wrote that the cruise control would not disengage by tapping the brakes or turning off the button. The driver was able to slam on the brakes and get the SUV to the side of the road. "It was still running at an engine speed to support 70 mph and fighting the brakes," the driver wrote. The engine stop button also wouldn't work, but the driver was able to halt the SUV and shift into park while the brakes "smoked significantly."

The recall "includes 15 Jeep, Dodge, Chrysler and Ram models from six model years" which have automatic transmissions and gas engines, according to the Associated Press -- 4.8 million in America, plus another 490,000 in Canada and "an undetermined number" in other countries.

You can check if your vehicle is affected by this (or any other) recall by entering its VIN number at NHTSA.gov. U.S. safety officials suggest checking whether your vehicle has been recalled "at least twice per year."
Privacy

Zimbabwe is Introducing a Mass Facial Recognition Project With Chinese AI Firm CloudWalk (qz.com) 33

An anonymous reader shares a report: In March, the Zimbabwean government signed a strategic partnership with the Gunagzhou-based startup CloudWalk Technology to begin a large-scale facial recognition program throughout the country. The agreement, backed by the Chinese government's Belt and Road initiative, will see the technology primarily used in security and law enforcement and will likely be expanded to other public programs.

[...] Zimbabwe may be giving away valuable data as Chinese AI technologists stand to benefit from access to a database of millions of Zimbabwean faces Harare will share with CloudWalk. [...] CloudWalk has already recalibrated its existing technology through three-dimensional light technology in order to recognize darker skin tones. In order to recognize other characteristics that may differ from China's population, CloudWalk is also developing a system that recognizes different hairstyles and body shapes, another representative explained to the Global Times.

The Courts

ACLU Sues ICE For License Plate Reader Contracts, Records (sfgate.com) 84

An anonymous reader quotes a report from SFGate: The American Civil Liberties Union on Wednesday sued U.S. Immigration and Customs Enforcement for records about the agency's use of license plate reader technology, after ICE apparently failed to turn over records following multiple requests. In December, ICE purchased access to two databases of ALPR data, the complaint reads. One of those databases is managed by Vigilant Solutions, which has contracts with more than two dozen Bay Area law enforcement agencies. "We believe the other is managed by Thomson Reuters," ACLU laywer Vasudha Talla said. The ACLU and other privacy advocates have expressed concern about how this data will be stored and used for civil immigration enforcement. The ACLU filed two requests under the Freedom of Information Act in March seeking records from ICE, including contracts, memos, associated communications, training materials and audit logs. Since then, ICE has not provided any records, the ACLU said in the complaint, which was filed Tuesday morning in the Northern District Court for the Northern District of California. "The excessive collection and storing of this data in databases -- which is then pooled and shared nationally -- results in a systemic monitoring that chills the exercise of constitutional rights to free speech and association, as well as essential tasks such as driving to work, picking children up from school, and grocery shopping," the complaint said. "We have essentially two concerns: one that is general to ALPR databases, and one that's specific to this situation with ICE," Talla said. "The ACLU has done a lot of work around surveillance technology and ALPR, and we're generally concerned about the aggregation of all this data about license plates paired with a time and location, stretching back for so many months and years."
Security

Personal Records of Nearly 1 Million South Africans Leaked Online (iafrikan.com) 22

Tefo Mohapi, reporting for iAfrikan: Barely a year after South Africa's largest data leak was revealed in 2017, the country has suffered yet another data leak as 934,000 personal records of South Africans have been leaked publicly online. The data includes, among others, national identity numbers (ID numbers), e-mail addresses, full names, as well as plain text passwords to what appears to be a traffic fines related online system. Working together with Troy Hunt, an Australian Security consultant and founder of haveibeenpwned, along with an anonymous source that has been communicating with iAfrikan and Hunt, we've managed to establish that the data was backed up or posted publicly by one of the companies responsible for traffic fines online payments in South Africa. "I have a new leak which might be worthwhile, the database leak contains 1 million records of personal information of South African citizens. Including Identity numbers, cell phone numbers, email addresses, and passwords. I am aware of the website this was leaked from," said our source upon initial contact.
Privacy

'TeenSafe' Phone Monitoring App Leaked Thousands of User Passwords (zdnet.com) 44

An anonymous reader quotes a report from ZDNet: At least one server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of accounts of both parents and children. The mobile app, TeenSafe, bills itself as a "secure" monitoring app for iOS and Android, which lets parents view their child's text messages and location, monitor who they're calling and when, access their web browsing history, and find out which apps they have installed. But the Los Angeles, Calif.-based company left its servers, hosted on Amazon's cloud, unprotected and accessible by anyone without a password.

"We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted," said a TeenSafe spokesperson told ZDNet on Sunday. The database stores the parent's email address associated with their associated child's Apple ID email address. It also includes the child's device name -- which is often just their name -- and their device's unique identifier. The data contains the plaintext passwords for the child's Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data.

Privacy

Cell Phone Tracking Firm Exposed Millions of Americans' Real-time Locations (zdnet.com) 39

Earlier this week, ZDNet shed some light on a company called LocationSmart that is buying your real-time location data from four of the largest U.S. carriers in the United States. The story blew up because a former police sheriff snooped on phone location data without a warrant, according to The New York Times. ZDNet is now reporting that the company "had a bug in its website that allowed anyone to see where a person is located -- without obtaining their consent." An anonymous reader shares an excerpt: "Due to a very elementary bug in the website, you can just skip that consent part and go straight to the location," said Robert Xiao, a PhD. student at the Human-Computer Interaction Institute at Carnegie Mellon University, in a phone call. "The implication of this is that LocationSmart never required consent in the first place," he said. "There seems to be no security oversight here." The "try" website was pulled offline after Xiao privately disclosed the bug to the company, with help from CERT, a public vulnerability database, also at Carnegie Mellon. Xiao said the bug may have exposed nearly every cell phone customer in the U.S. and Canada, some 200 million customers.

The researcher said he started looking at LocationSmart's website following ZDNet's report this week, which followed from a story from The New York Times, which revealed how a former police sheriff snooped on phone location data without a warrant. The sheriff has pleaded not guilty to charges of unlawful surveillance. He said one of the APIs used in the "try" page that allows users to try the location feature out was not validating the consent response properly. Xiao said it was "trivially easy" to skip the part where the API sends the text message to the user to obtain their consent. "It's a surprisingly simple bug," he said.

Youtube

YouTube Expands Music Credits: Makes It Easier To Identify the Song Featured in a Video (pitchfork.com) 20

Next time you hear a song featured in a YouTube video and you are not sure what it is called, or who made it, you can find out by clicking (or tapping) the "show more" button. From a report: YouTube has announced that the platform is expanding the credits available on videos featuring music. The new description feature, called "Music in this video," provides credits -- which includes artist, songwriter, label, and publisher -- on both music videos and fan-uploaded content that contains recorded music. This feature will also include a link to available official artist channels and official music videos. The expanded credits are made possible by Content ID, a YouTube system that uses copyright owners' information and a database of files to identify and manage content.
Science

Plastic Bag Found at the Bottom of World's Deepest Ocean Trench (nationalgeographic.com) 166

The Mariana Trench -- the deepest point in the ocean -- extends nearly 36,000 feet down in a remote part of the Pacific Ocean. But if you thought the trench could escape the global onslaught of plastics pollution, you would be wrong. From a report: A recent study revealed that a plastic bag, like the kind given away at grocery stores, is now the deepest known piece of plastic trash, found at a depth of 36,000 feet inside the Mariana Trench. Scientists found it by looking through the Deep-Sea Debris Database, a collection of photos and videos taken from 5,010 dives over the past 30 years that was recently made public.
Security

Hacker Shuts Down Copenhagen's Public City Bikes System (bleepingcomputer.com) 72

An anonymous reader writes: "An unidentified hacker has breached Bycyklen -- Copenhagen's city bikes network -- and deleted the organization's entire database, disabling the public's access to bicycles over the weekend," reports Bleeping Computer. "The hack took place on the night between Friday, May 4, and Saturday, May 5, the organization said on its website. Bycyklen described the hack as "rather primitive," alluding it may have been carried out "by a person with a great deal of knowledge of its IT infrastructure." Almost 2,000 bikes were affected, and the company's employees have been working for days, searching for bikes docked across the city and installing a manual update to restore functionality. The company is holding a "treasure hunt," asking users to hunt down and identify non-functional bikes.
Crime

Police Drop Charges Filed Against 19-Year-Old Archivist For Downloading FOIA Releases (techdirt.com) 154

An anonymous reader quotes a report form Techdirt: Last month, [...] an unnamed 19-year-old was facing criminal charges for downloading publicly-available documents from a government Freedom of Information portal. The teen had written a script to fetch all available documents from the Nova Scotia's government FOI site -- a script that did nothing more than increment digits at the end of the URL to find everything that had been uploaded by the government. The government screwed up. It uploaded documents to the publicly-accessible server that hadn't been redacted yet. It was a very small percentage of the total haul -- 250 of the 7,000 docs obtained -- but the government made a very big deal out of it after discovering they had been accessed.

Fortunately, Nova Scotia law enforcement has decided there's nothing to pursue in this case: "In an email to CBC News, Halifax police Supt. Jim Perrin did not mention what kind of information police were given from the province, but he said it was a 'high-profile case that potentially impacted many Nova Scotians.' 'As the investigation evolved, we have determined that the 19-year-old who was arrested on April 11 did not have intent to commit a criminal offense by accessing the information,' Perrin said in the email."

Security

Equifax's Data Breach By the Numbers: 146 Million Social Security Numbers, 99 Million Addresses, and More (theregister.co.uk) 69

Several months after the data breach was first reported, Equifax has published the details on the personal records and sensitive information stolen in the cybersecurity incident. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant's ongoing audit of the security breach," reports The Register. From the report: Late last week, the company gave the numbers in letters to the various U.S. congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America's financial watchdog. As well as the -- take a breath -- 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers' licenses and 3,200 passport details lifted, too.

The further details emerged after Mandiant's investigators helped "standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." The extra data elements, the company said, didn't involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.

Programming

Microsoft Adds Support For JavaScript Functions in Excel (bleepingcomputer.com) 171

An anonymous reader shares a report: At the Build 2018 developer conference that's taking place these days in Seattle, USA, Microsoft announced support for custom JavaScript functions in Excel. What this means is that Excel users will be able to use JavaScript code to create a custom Excel formula that will appear in Excel's default formula database. Users will then be able to insert and call these formulas from within Excel spreadsheets, but have a JavaScript interpreter compute the spreadsheet data instead of Excel's native engine. "Office developers have been wanting to write JavaScript custom functions for many reasons," Microsoft says, "such as: (1) Calculate math operations, like whether a number is prime. (2) Bring information from the web, like a bank account balance. (3) Stream live data, like a stock price."
Privacy

Ticketmaster Hopes To Speed Up Event Access By Scanning Your Face (engadget.com) 129

Ticketmaster's parent company, Live Nation, has announced that they have teamed up with and invested in a face recognition company called Blink Identity. The ticket sales giant may have plans to scan your face instead of a ticket to grant you access to a venue. Engadget reports: In its first quarter financial report (PDF), Live Nation has explained that Blink has "cutting-edge facial recognition technology, enabling you to associate your digital ticket with your image, then just walk into the show." According to Blink's website, its system can register an image of your face as soon as you walk past a sensor. Blink's technology can then match it against a large database in half a second -- in a blink, so to speak. It's also apparently powerful enough that you don't even have to slow down for its system to recognize you: Just walk normally, and if the technology gets a match, it'll automatically open doors or turnstiles to let you in.

Slashdot Top Deals