Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Iphone

Apples Fixes Three Zero Days Used In Targeted Attack (onthewire.io) 8

Trailrunner7 quotes a report from On The Wire: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them.

The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab, who recognized what they were looking at. "On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising ;new secrets' about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based 'cyber war' company that sells Pegasus, a government-exclusive "lawful intercept" spyware product," Citizen Lab said in a new report on the attack and iOS flaws.

Japan

Japanese Government Plans Cyber Attack Institute (thestack.com) 5

An anonymous reader quotes a report from The Stack: The government of Japan will create an institute to train employees to counter cyber attacks. The institute, which will be operational early next year, will focus on preventing cyber attacks on electrical systems and other infrastructure. The training institute, which will operate as part of Japan's Information Technology Promotion Agency (IPA), is the first center for training in Japan to focus on preventing cyber attacks.

A government source said that the primary aims will be preventing a large-scale blackout during the Tokyo Olympics and Paralympics in 2020, and stopping leaks of sensitive power plant designs. The source also stated that there is potential for a joint exercise in cyber awareness between the Japanese group and foreign cybersecurity engineers in the future.

Social Networks

'Social Media ID, Please?' Proposed US Law Greeted With Anger (computerworld.com) 76

The U.S. government announced plans to require some foreign travelers to provide their social media account names when entering the country -- and in June requested comments. Now the plan is being called "ludicrous," an "all-around bad idea," "blatant overreach," "desperate, paranoid heavy-handedness," "preposterous," "appalling," and "un-American," reports Slashdot reader dcblogs: That's just a sampling of the outrage. Some 800 responded to the U.S. request for comments about a proposed rule affecting people traveling from "visa waiver" countries to the U.S., where a visa is not required. This includes most of Europe, Singapore, Chile, Japan, South Korea, Australia and New Zealand... In a little twist of irony, some critics said U.S. President Obama's proposal for foreign travelers is so bad, it must have been hatched by Donald Trump.
"Travelers will be asked to provide their Twitter, Facebook, Instagram, LinkedIn, Google+, and whatever other social ID you can imagine to U.S. authorities," reports Computer World. "It's technically an 'optional' request, but since it's the government asking, critics believe travelers will fear consequences if they ignore it..."
DRM

BitTorrent Cases Filed By Malibu Media Will Proceed, Rules Judge 39

Long-time Slashdot reader NewYorkCountryLawyer writes: In the federal court for the Eastern District of New York, where all Malibu Media cases have been stayed for the past year, the Court has lifted the stay and denied the motion to quash in the lead case, thus permitting all 84 cases to move forward.

In his 28-page decision (PDF), Magistrate Judge Steven I. Locke accepted the representations of Malibu's expert, one Michael Patzer from a company called Excipio, that in detecting BitTorrent infringement he relies on "direct detection" rather than "indirect detection", and that it is "not possible" for there to be misidentification.
United States

HAARP Holds Open House To Dispel Rumors Of Mind Control (adn.com) 117

An anonymous Slashdot reader writes: HAARP -- the former Air Force/Navy/DARPA research program in Alaska -- will host an open house Saturday where "We hope to show people that it is not capable of mind control and not capable of weather control and all the other things it's been accused of..." said Sue Mitchell, spokesperson for the geophysical institute at the University of Alaska. "We hope that people will be able to see the actual science of it." HAARP, which was turned over to The University of Alaska last August, has been blamed for poor crop yields in Russia, with conspiracy theorists also warning of "a super weapon capable of mind control or weather control, with enough juice to trigger hurricanes, tornadoes and earthquakes."

The facility's 180 high-frequency antennas -- spread across 33 acres -- will be made available for public tours, and there will also be interactive displays and an unmanned aircraft 'petting zoo'. The Alaska Dispatch News describes it as "one of the world's few centers for high-power and high-frequency study of the ionosphere... important because radio waves used for communication and navigation reflect back to Earth, allowing long-distance, short-wave broadcasting."

Privacy

Eavesdropping On Tinder: Researcher Demonstrates Man-in-the-Middle Attacks (hert.org) 16

An anonymous Slashdot reader writes: Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, "Not only we can eavesdrop on the conversation of two strangers, we can also change their reality." The attack can easily be extended to SMS, Whatsapp, iMessage and voice.
"At some point people exchange phone numbers and the Tinder convo stops. That's not a problem..." Zboralski explains, suggesting more ways to continue the man-in-the-middle exploits..

His article drew a response from Tinder, arguing they "employ several manual and automated mechanisms" to deter fake and duplicate profiles. But while they're looking for ways to improve, "ultimately, it is unrealistic for any company to positively validate the real-world identity of millions of users while maintaining the commonly expected level of usability."
Microsoft

Apple, Facebook, IBM, and Microsoft Sign White House Pledge For Equal Pay (fortune.com) 252

In honor of Women's Equality Day, an anonymous reader shares with us a festive report from Fortune: More than two months after the White House first announced its Equal Pay Pledge for the private sector, Facebook, Apple, Microsoft and other major industry players have signed on. By taking the pledge, which was first introduced at the United State of Women Summit in June of this year, companies promise to help close the national gender pay gap, conduct annual, company-wide pay analyses, and review hiring and promotion practices. The new signees were announced in a White House statement on Friday -- which also happens to be Women's Equality Day, the anniversary of the ratification of the 19th amendment, which gave women the right to vote. Apple, which announced earlier this year that it has no pay gap, released a statement promising to dig even deeper into compensation. "We're now analyzing the salaries, bonuses, and annual stock grants of all our employees worldwide. If a gap exists, we'll address it," the company said in a statement. Twenty-nine companies signed the pledge on Friday, bringing the total number of signatories to 57. The pledge is part of a $50-million, White House-led initiative to expand opportunities for and improve the lives of women and girls. The consortium members issued a statement via Whitehouse.gov's press release: "The Employers for Pay Equity consortium is comprised of companies that understand the importance of diversity and inclusion, including ensuring that all individuals are compensated equitably for equal work and experience and have an equal opportunity to contribute and advance in the workplace. We are committed to collaborating to eliminate the national pay and leadership gaps for women and ethic minorities. Toward that end, we have come together to share best practices in compensation, hiring, promotion, and career development as well as develop strategies to support other companies' efforts in this regard. By doing so, we believe we can have a positive effect on our workforces that, in turn, makes our companies stronger and delivers positive economic impact." The consortium members include: Accenture, Airbnb, BCG, Care.com, CEB, Cisco, Deloitte, Dow, Expedia, EY, Glassdoor, GoDaddy, Jet.com, L'Oreal USA, Mercer, PepsiCo, Pinterest, Rebecca Minkoff, Salesforce, Spotify, Staples, Stella McCartney, and Visa.
United Kingdom

British Companies Are Selling Advanced Spy Tech To Authoritarian Regimes (vice.com) 56

An anonymous reader quotes a report from Motherboard: Since early 2015, over a dozen UK companies have been granted licenses to export powerful telecommunications interception technology to countries around the world, Motherboard has learned. Many of these exports include IMSI-catchers, devices which can monitor large numbers of mobile phones over broad areas. Some of the UK companies were given permission to export their products to authoritarian states such as Saudi Arabia, the United Arab Emirates, Turkey, and Egypt; countries with poor human rights records that have been well-documented to abuse surveillance technology. In 2015, the UK's Department for Business, Innovation and Skills (BIS) started publishing basic data about the exportation of telecommunications interception devices. Through the Freedom of Information Act, Motherboard obtained the names of companies that have applied for exportation licenses, as well as details on the technologies being shipped, including, in some cases, individual product names. The companies include a subsidiary of defense giant BAE Systems, as well as Pro-Solve International, ComsTrac, CellXion, Cobham, and Domo Tactical Communications (DTC). Many of these companies sell IMSI-catchers. IMSI-catchers, sometimes known as "Stingrays" after a particularly popular brand, are fake cell phone towers which force devices in their proximity to connect. In the data obtained by Motherboard, 33 licenses are explicitly marked as being for IMSI-catchers, including for export to Turkey and Indonesia. Other listings heavily suggest the export of IMSI-catchers too: one granted application to export to Iraq is for a "Wideband Passive GSM Monitoring System," which is a more technical description of what many IMSI-catchers do. In all, Motherboard received entries for 148 export license applications, from February 2015 to April 2016. A small number of the named companies do not provide interception capabilities, but defensive measures, for example to monitor the radio spectrum.
Android

Facebook's WhatsApp Data Gambit Faces Federal Privacy Complaint (vice.com) 92

Sam Gustin, writing for Motherboard: Facebook's decision to begin harvesting data from its popular WhatsApp messaging service provoked a social media uproar on Thursday, and prompted leading privacy advocates to prepare a federal complaint accusing the tech titan of violating US law. On Thursday morning, WhatsApp, which for years has dined out on its reputation for privacy and security, announced that it would begin sharing user phone numbers with its Menlo Park-based parent company in an effort "to improve your Facebook ads and products experiences." Consumer privacy advocates denounced the move as a betrayal of WhatsApp's one billion users -- users who had been assured by the two companies that "nothing would change" about the messaging service's privacy practices after Facebook snapped up the startup for a whopping $19 billion in 2014. "WhatsApp users should be shocked and upset," Claire Gartland, Consumer Protection Counsel at the Electronic Privacy Information Center, a leading US consumer advocacy group, told Motherboard. "WhatsApp obtained one billion users by promising that it would protect user privacy. Both Facebook and WhatsApp made very public promises that the companies would maintain a separation. Those were the key selling points of the deal."
AI

Amazon, NVIDIA and The CIA Want To Teach AI To Watch Us From Space (technologyreview.com) 59

An anonymous reader quotes a report from MIT Technology Review: Satellite operator DigitalGlobe is teaming up with Amazon, the venture arm of the CIA, and NVIDIA to make computers watch the Earth from above and automatically map our roads, buildings, and piles of trash. MIT Technology Review reports: "In a joint project, DigitalGlobe today released satellite imagery depicting the whole of Rio de Janeiro to a resolution of 50 centimeters. The outlines of 200,000 buildings inside the city's roughly 1,900 square kilometers have been manually marked on the photos. The SpaceNet data set, as it is called, is intended to spark efforts to train machine-learning algorithms to interpret high-resolution satellite photos by themselves. DigitalGlobe says the SpaceNet data set should eventually include high-resolution images of half a million square kilometers of Earth, and that it will add annotations beyond just buildings. DigitalGlobe's data is much more detailed than publicly available satellite data such as NASA's, which typically has a resolution of tens of meters. Amazon will make the SpaceNet data available via its cloud computing service. Nvidia will provide tools to help machine-learning researchers train and test algorithms on the data, and CosmiQ Works, a division of the CIA's venture arm In-Q-Tel focused on space, is also supporting the project." "We need to develop new algorithms for this data," says senior vice president at DigitalGlobe, Tony Frazier. He goes on to say that health and aid programs are to benefit from software that is able to map roads, bridges and various other infrastructure. The CEO of Descartes Labs, Mark Johnson, a "startup that predicts crop yields from public satellite images," says the data that is collected "should be welcome to startups and researchers," according to MIT Technology Review. "Potential applications could include estimated economic output from activity in urban areas, or guiding city governments on how to improve services such as trash collections, he says."
Crime

US Unveils Charges Against KickassTorrents, Names Two More Defendants (arstechnica.com) 110

A total of three men are said to be operators of file-sharing site KickassTorrents (KAT), according to U.S. prosecutors. Last month, federal authorities arrested the 30-year-old Ukrainian mastermind of KAT, Artem Vaulin, and formally charged him with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Two other Ukrainians were named in the new indictment (PDF): Levgen (Eugene) Kutsenko and Oleksander (Alex) Radostin. While only Vaulin has been arrested, bench warrants have been issue for the arrest of all three men. Ars Technica reports: "Prosecutors say the three men developed and maintained the site together and used it to 'generate millions of dollars from the unlawful distribution of copyright-protected media, including movies, [...] television shows, music, video games, computer software, and electronic books.' They gave out 'Reputation' and 'User Achievement' awards to users who uploaded the most popular files, including a special award for users who had uploaded more than 1,000 torrents. The indictment presents a selection of the evidence that the government intends to use to convict the men, and it isn't just simple downloads of the copyrighted movies. The government combed through Vaulin's e-mails and traced the bitcoins that were given to him via a 'donation' button."
Patents

Apple Patenting a Way To Collect Fingerprints, Photos of Thieves (appleinsider.com) 90

An anonymous reader quotes a report from Apple Insider: As published by the U.S. Patent and Trademark Office, Apple's invention covering "Biometric capture for unauthorized user identification" details the simple but brilliant -- and legally fuzzy -- idea of using an iPhone or iPad's Touch ID module, camera and other sensors to capture and store information about a potential thief. Apple's patent is also governed by device triggers, though different constraints might be applied to unauthorized user data aggregation. For example, in one embodiment a single failed authentication triggers the immediate capture of fingerprint data and a picture of the user. In other cases, the device might be configured to evaluate the factors that ultimately trigger biometric capture based on a set of defaults defined by internal security protocols or the user. Interestingly, the patent application mentions machine learning as a potential solution for deciding when to capture biometric data and how to manage it. Other data can augment the biometric information, for example time stamps, device location, speed, air pressure, audio data and more, all collected and logged as background operations. The deemed unauthorized user's data is then either stored locally on the device or sent to a remote server for further evaluation.
Communications

FCC Proposes 5G Cybersecurity Requirements, Asks For Industry Advice (fedscoop.com) 29

Presto Vivace quotes a report from FedScoop: "Cybersecurity issues must be addressed during the design phase for the entire 5G ecosystem, including devices. This will place a premium on collaboration among all stakeholders," said FCC chairman Tom Wheeler during a National Press Club event on June 20. "We continue to prefer an approach that emphasizes that industry develop cybersecurity standards just as we have done in wired networks." The FCC published a request Wednesday for comment on a new set of proposed 5G rules to the Federal Register focused on adding specific "performance requirements" for developers of example internet-connected devices. If a company hopes to secure a license to access higher-frequency 5G spectrum in the future then they will need to adhere to these specific requirements -- in other words, compliance is non-negotiable. Notably, these FCC "performance requirements" now include the submission of a network security plan. The report adds: "A quick review of the FCC's proposed 5G cybersecurity plan shows a six category split, organized by a companies' security approach, coordination efforts, standards and best practices, participation with standards bodies, other security approaches and plans with information sharing organizations. Security plans must be submitted to the commission at least six months before a 5G-ready product enters the market, according to the notice."
Government

Malware Sold To Governments Helped Them Spy on iPhones (washingtonpost.com) 31

One of the world's most evasive digital arms dealers is believed to have been taking advantage of three security vulnerabilities in popular Apple products in its efforts to spy on dissidents and journalists, reports The New York Times. (Editor's note: the link could be paywalled, here's an alternate source). From the report: Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target's mobile phone, was responsible for the intrusions. The NSO Group's software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user. In response, Apple on Thursday released a patched version of its mobile software, iOS 9.3.5. Users can get the patch through a normal software update.The Washington Post reports that these "zero-day" flaws were previously used by the governments to take over victims' phones by tricking them into clicking on a link to a text message. Motherboard says that this is the first time anyone has uncovered such an attack in the wild. "Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars."
China

China To Crackdown On Unauthorised Radio Broadcasts (www.bgr.in) 44

An anonymous reader writes: Reportedly, in a national campaign aided by more than 30,000 airwave monitors, in over past six months, more than 500 sets of equipment for making unauthorised radio broadcasts were seized in China. The campaign, launched on February 15 by the State Council, resulted in 1,796 cases related to illegal radio stations, after 301,840 hours of monitoring from February to July, according to an online statement by the Ministry of Industry and Information Technology. The number of incidents was down by 50 per cent from April to August, the China Daily quoted the statement as saying. So-called pirate radios have appeared in most parts of China since 2015 and this "has been a channel for criminals to defraud and promote aphrodisiacs, along with counterfeit and poor-quality medicine," according to the Ministry of Public Security's Criminal Investigation Department. The operating cost of a pirate radio is low, but profit can be high. A pirate radio station that broadcasts advertisements for aphrodisiacs can pocket more than 70,000 yuan ($10,500) a month, with an overhead cost of no more than 10,000 yuan, investigators said in a post on Sina Weibo. It said most spare parts for broadcasting equipment can be bought on the internet.
Facebook

WhatsApp To Share Some Data With Facebook (bloomberg.com) 102

Two years ago when Facebook bought WhatsApp, the instant messaging client said that the deal would not affect the digital privacy of its users. Things are changing now, WhatsApp said Thursday. The Facebook-owned app will share with the company some member information, as well as some analytics data of its users. Bloomberg reports: WhatsApp announced a change to its privacy policy today that allows businesses to communicate with users. The messages could include appointment reminders, delivery and shipping notifications or marketing material, the company said in its revised terms of service. In a blog post, WhatsApp said it will be testing these business features over the coming months. The strategy is an important step for Facebook as it attempts to make money from its most expensive acquisition. In addition to the messages from businesses, WhatsApp said it would begin sharing more information about its users with the "Facebook family." The data, including a person's phone number, could be used to better targets ads when browsing Facebook or Instagram, WhatsApp said.
The Almighty Buck

'Legalist' Startup Automates The Lawsuit Strategy Peter Thiel Used To Bankrupt Gawker (gizmodo.com) 241

An anonymous reader writes from a report via Gizmodo: "Two Harvard undergraduates have created a service called Legalist that uses what they call 'data-backed litigation financing,' analyzing civil lawsuits with an algorithm to predict case outcomes and determine which civil lawsuits are worth investing in," reports Gizmodo. The process is very similar to what billionaire Peter Thiel did when he secretly funded a lawsuit from Hulk Hogan against Gawker Media. "Legalist says it uses an algorithm of 58 different variables including, as [Legalist cofounder] Eva Shang told the Silicon Valley Business Journal, who the presiding judge is and the number of cases the judge is currently working on. The algorithm has been fed cases dating back to 1989 and helps people figure out how long a case will last and the risks associated with it. In a presentation at Y Combinator's Demo Day on Tuesday [Legalist was developed as part of Y Combinator's Summer 2016 class], the founders claimed that the startup funded one lawsuit for $75,000 and expects a return of more than $1 million. Shang says the $1.40 is earned for every $1 spent in litigation financing, which can prove to be a profitable enterprise when you're spending hundreds of thousands of dollars." Shang told Business Insider in reference to the Gawker lawsuit, "That's the kind of thing we're staying away from here." The company will supposedly be focusing on commercial and small-business lawsuits, and will not be backing lawsuits by individuals.
HP

HP Hit With Age-Discrimination Suit Claiming Old Workers Purged (mercurynews.com) 192

Hewlett-Packard started laying off workers in 2012, before it separated into HP Inc. and HP Enterprise last year. The company has continued to cut thousands of jobs since. As a result of the "restructuring," an age discrimination lawsuit has been filed by four former employees of HP alleging they were ousted amid a purge of older workers. The Mercury News reports: "The goal 'was to make the company younger,' said the complain filed Aug. 18 in U.S. District Court in San Jose. 'In order to get younger, HP intentionally discriminated against its older employees by targeting them for termination [...] and then systematically replacing them with younger employees. HP has hired a disproportionately large number of new employees under the age of 40 to replace employees aged 40 and older who were terminated.' Arun Vatturi, a 15-year Palo Alto employee at HP who was a director in process improvement until he was laid off in January at age 52, and Sidney Staton, in sales at HP in Palo Alto for 16 months until his layoff in April 2015 at age 54, have joined in the lawsuit with a former employee from Washington, removed at age 62, and one from Texas, out at age 63. The group is seeking class-action status for the court action and claims HP broke state and federal laws against age discrimination." The lawsuit also alleges that written guidelines issued by HP's human resources department mandated that 75 percent of all hires outside of the company be fresh from school or "early career" applicants.
Piracy

Cloudflare Faces Lawsuit For Assisting Pirate Sites (torrentfreak.com) 82

An anonymous reader shares a TorrentFreak report: In recent months CloudFlare has been called out repeatedly for offering its services to known pirate sites, including The Pirate Bay. These allegations have now resulted in the first lawsuit after adult entertainment publisher ALS Scan filed a complaint against CloudFlare at a California federal court. [...] Copyright holders are not happy with CloudFlare's actions. Just recently, the Hollywood-affiliated group Digital Citizens Alliance called the company out for helping pirate sites to stay online. Adult entertainment outfit ALS Scan agrees and has now become the first dissenter to take CloudFlare to court. In a complaint filed at a California federal court, ALS describes piracy as the greatest threat to its business. The rise of online piracy has significantly hurt the company's profits, they argue, noting that "pirate" sites are not the only problem. "The problems faced by ALS are not limited to the growing presence of sites featuring infringing content, or 'pirate' sites. A growing number of service providers are helping pirate sites thrive by supporting and engaging in commerce with these sites," ALS writes.
The Internet

Singapore To Cut Off Public Servants From the Internet (theguardian.com) 59

Singapore is planning to cut off web access for public servants as a defence against potential cyber attack, Reuters reports. The local government's move has already been criticized by many, who say that it marks a retreat for a technologically advanced city-state that has trademarked the term "smart nation". From an article on The Guardian: Some security experts say the policy, due to be in place by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve. It may only raise slightly the defensive walls against cyber attack, they say. Ben Desjardins, director of security solutions at network security firm Radware, called it "one of the more extreme measures I can recall by a large public organisation to combat cyber security risks." Stephen Dane, a Hong Kong-based managing director at networking company Cisco Systems, said it was "a most unusual situation" and Ramki Thurimella, chair of the computer science department at the University of Denver, called it both "unprecedented" and "a little excessive".

Slashdot Top Deals