Security

Steam Bug Allowed Password Resets Without Confirmation 57 57

An anonymous reader writes: Valve has fixed a bug in their account authentication system that allowed attackers to easily reset the password to a Steam account. When a Steam user forgets a password, he goes to an account recovery page and asks for a reset. The page then sends a short code to the email address registered with the account. The problem was that Steam wasn't actually checking the codes sent via email. Attackers could simply request a reset and then submit a blank field when prompted for the code. Valve says the bug was active from July 21-25. A number of accounts were compromised, including some prominent streamers and Dota 2 pros. Valve issued password resets to those accounts with "suspicious" changes over the past several days.
Google

Plan To Run Anti-Google Smear Campaign Revealed In MPAA Emails 256 256

vivaoporto writes: Techdirt reports on a plan to run an anti-Google smear campaign via the Today Show and the WSJ discovered in MPAA emails. Despite the resistance of the Hollywood studios to comply with the subpoenas obtained by Google concerning their relationship with Mississippi Attorney General Jim Hood (whose investigation of the company appeared to actually be run by the MPAA and the studios themselves) one of the few emails that Google have been able to get access to so far was revealed this Thursday in a filling. It's an email between the MPAA and two of Jim Hood's top lawyers in the Mississippi AG's office, discussing the big plan to "hurt" Google.

The lawyers from Hood's office flat out admit that they're expecting the MPAA and the major studios to have its media arms run a coordinated propaganda campaign of bogus anti-Google stories. One email reads: "Media: We want to make sure that the media is at the NAAG meeting. We propose working with MPAA (Vans), Comcast, and NewsCorp (Bill Guidera) to see about working with a PR firm to create an attack on Google (and others who are resisting AG efforts to address online piracy). This PR firm can be funded through a nonprofit dedicated to IP issues. The "live buys" should be available for the media to see, followed by a segment the next day on the Today Show (David green can help with this). After the Today Show segment, you want to have a large investor of Google (George can help us determine that) come forward and say that Google needs to change its behavior/demand reform. Next, you want NewsCorp to develop and place an editorial in the WSJ emphasizing that Google's stock will lose value in the face of a sustained attack by AGs and noting some of the possible causes of action we have developed."

As Google notes in its legal filing about this email, the "plan" states that if this effort fails, then the next step will be to file the subpoena (technically a CID or "civil investigatory demand") on Google, written by the MPAA but signed by Hood. This makes it pretty clear that the MPAA, studios and Hood were working hand in hand in all of this and that the subpoena had no legitimate purpose behind it, but rather was the final step in a coordinated media campaign to pressure Google to change the way its search engine works.
Communications

Criminal Inquiry Sought Over Hillary Clinton's Personal Email Server 434 434

cold fjord writes: The Wall Street Journal is reporting that Inspectors General from the State Department and intelligence agencies have asked the Justice Department to open a criminal investigation into Hillary Clinton's use of a personal email server while she was U.S. Secretary of State. At issue is the possible mishandling of sensitive government information. Dozens of the emails provided by Hillary Clinton have been retroactively classified as part of the review of her emails as they are screened for public release. So far 3,000 of 55,000 emails have been released. The inspectors general found hundreds of potentially classified emails. "The Justice Department has not decided if it will open an investigation, senior officials said. ... The inspectors general also criticized the State Department for its handling of sensitive information, particularly its reliance on retired senior Foreign Service officers to decide if information should be classified, and for not consulting with the intelligence agencies about its determinations."
Security

Belgian Government Phishing Test Goes Off-Track 58 58

alphadogg writes: An IT security drill went off the tracks in Belgium, prompting a regional government office to apologize to European high-speed train operator Thalys for involving it without warning. Belgium's Flemish regional government sent a mock phishing email to about 20,000 of its employees to see how they would react. Hilarity and awkwardness ensued, with some employees contacting Thalys directly to complain, and others contacting the cops.
Education

Video CanSat Helps Students Make & Launch Sub-Orbital 'Satellites' (Video) 22 22

The Magnitude (motto: "Powered by Curiosity") "Can-sized satellites" aren't technically satellites because they're launched on rockets that typically can't get much higher than 10,000 feet, or as payloads on weather balloons that can hit 100,000+ feet but (obviously) can't go beyond the Earth's atmosphere. But could they be satellites? Sure. Get a rocket with enough punch to put them in orbit and off you go -- something Magnitude Co-founder and CEO Ted Tagami hopes to see happening in his local school district by 2020. Meanwhile, they'll sell you assembled CanSat packages or help you build your own (or anything in between), depending on your schools resources and aspirations. Have a question or an idea? Talk to Ted. He'd love to hear from you. Use the Magnitude Web form or send email to hello at magnitude dot io. Either way works.
Spam

Gmail Spam Filter Changes Bite Linus Torvalds 136 136

An anonymous reader points out The Register's story that recent changes to the spam filters that Google uses to pare down junk in gmail evidently are a bit overzealous. Linus Torvalds, who famously likes to manage by email, and whose email flow includes a lot of mailing lists, isn't happy with it. Ironically perhaps, it was only last week that the Gmail team blogged that its spam filter's rate of false positives is down to less than 0.05 per cent. In his post, Torvalds said his own experience belies that claim, and that around 30 per cent of the mail in his spam box turned out not to be spam. "It's actually at the point where I'm noticing missing messages in the email conversations I see, because Gmail has been marking emails in the middle of the conversation as spam. Things that people replied to and that contained patches and problem descriptions," Torvalds wrote.
Security

Hacking Team and Boeing Subsidiary Envisioned Drones Deploying Spyware 79 79

Advocatus Diaboli writes: Email conversations posted on WikiLeaks reveal that Boeing and Hacking Team want drones to carry devices that inject spyware into target computers through WiFi networks. The Intercept reports: "The plan is described in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can remotely infect a suspect's computer or smartphone, accessing files and recording calls, chats, emails and more. A hacker attacked the Milan-based firm earlier this month and released hundreds of gigabytes of company information online. Among the emails is a recap of a meeting in June of this year, which gives a "roadmap" of projects that Hacking Team's engineers have underway. On the list: Develop a way to infect computers via drone. One engineer is assigned the task of developing a "mini" infection device, which could be "ruggedized" and "transportable by drone (!)" the write-up notes enthusiastically in Italian. The request appears to have originated with a query from the Washington-based Insitu, which makes a range of unmanned systems, including the small ScanEagle surveillance drone, which has long been used by the militaries of the U.S. and other countries. Insitu also markets its drones for law enforcement."
The Internet

Internet Dating Scams Target Older American Women 176 176

HughPickens.com writes: The NYT reports: "Janet N. Cook, a church secretary in Virginia, had been a widow for a decade when she joined an Internet dating site and was quickly overcome by a rush of emails, phone calls and plans for a face-to-face visit. "I'm not stupid, but I was totally naïve," says Cook, now 76, who was swept off her feet by a man who called himself Kelvin Wells and described himself as a middle-aged German businessman looking for someone "confident" and "outspoken" to travel with him to places like Italy, his "dream destination." But very soon he began describing various troubles, including being hospitalized in Ghana, where he had gone on business, and asked Cook to bail him out. In all, she sent him nearly $300,000, as he apparently followed a well-honed script that online criminals use to bilk members of dating sites out of tens of millions of dollars a year."

According to the Times internet scammers are targeting women in their 50s and 60s, often retired and living alone, who say that the email and phone wooing forms a bond that may not be physical but that is intense and enveloping. Between July 1 and Dec. 31, 2014, nearly 6,000 people registered complaints of such confidence fraud with losses of $82.3 million, according to the federal Internet Crime Complaint Center. Older people are ideal targets because they often have accumulated savings over a lifetime, own their homes and are susceptible to being deceived by someone intent on fraud. The digital version of the romance con is now sufficiently widespread that AARP's Fraud Watch Network has urged online dating sites to institute more safeguards to protect against such fraud. The AARP network recommends that dating site members use Google's "search by image" to see if the suitor's picture appears on other sites with different names. If an email from "a potential suitor seems suspicious, cut and paste it into Google and see if the words pop up on any romance scam sites," the network advised. The website romancescams.org lists red flags to look for to identify such predators, who urgently appeal to victims for money to cover financial setbacks like unexpected fines, money lost to robbery or unpaid wages. Most victims say they are embarrassed to admit what happened, and they fear that revealing it will bring derision from their family and friends, who will question their judgment and even their ability to handle their own financial affairs."It makes me sound so stupid, but he would be calling me in the evening and at night. It felt so real. We had plans to go to the Bahamas and to Bermuda together," says Louise Brown. "When I found out it was a scam, I felt so betrayed. I kept it secret from my family for two years, but it's an awful thing to carry around. But later I sent him a message and said I forgave him."
Spam

A Welcome Shift: Spam Now Constitutes Less Than Half of All Email 114 114

An anonymous reader writes: According to Symantec's latest Intelligence Report, spam has fallen to less than 50% of all email in June – a number we haven't seen in over a decade. Of all emails received by Symantec clients in June, junk emails only accounts for 49.7% down from 52.1% in April which shows a huge drop. Year over year, spam has decreased as well due to internet providers doing a better job at filtering and shutting down spam bots.
Education

CSTA: Google Surveying Educators On Unconscious Biases of Students, Parents 173 173

theodp writes: According to a Computer Science Teachers Association tweet, Google is reportedly asking educators to assess the unconscious bias of students and their parents for the search giant. "We are in the early stages of learning how unconscious bias plays out in schools, and who would benefit most from bias busting materials," begins the linked-to 5-page Google Form, which sports a ub-edu@google.com email address, but lists no contact name. "This survey should take 15 minutes to complete, and your responses are confidential, meaning that your feedback will not be attributed to you and the data will only be used in aggregate form." The form asks educators to "list the names of organizations, tools, and resources that you have used to combat unconscious bias," which is defined as "the attitudes or stereotypes that affect our understanding, actions, and decisions in an unconscious manner." A sample question: "Who do you think would benefit most from unconscious bias training at your school (or program)? Rank the following people in order (1=would most benefit to 5=would benefit least) training: Student, Parent (or guardian), Teacher (or educator), Guidance counselor, Principal." Google deflected criticism for its lack of women techies in the past by blaming parents' unconscious biases for not steering their girls to study computer science, suggesting an intervention was needed. "Outreach programs," advised Google, "should include a parent education component, so that parents learn how to actively encourage their daughters."
Google

Google Photos Uploading Your Pics, Even If You Don't Want It To 217 217

New submitter Adekyn writes that, according to David A. Arnott of The Business Journals, the Google Photos app will sync your photos — even after you have deleted the application from your device. From the article: All I had to do to turn my phone into a stealth Google Photos uploader was to turn on the backup sync, then uninstall the app. Whereas one might reasonably believe uninstalling the app from the phone would stop photos from uploading automatically to Google Photos, the device still does it even in the app’s absence. Since making this discovery, I have re-created the issue multiple times in multiple settings on my Galaxy S5. I reached out to Google, and after reaching someone on the phone and describing the issue, was told to wait for a comment. Several hours later, I received a terse email that said, “The backup was as intended.” If I want to stop it from happening, I was told I'd have to change settings in Google Play Services. A video of the process accompanies the article.
Government

Amnesty International Seeks Explanation For 'Absolutely Shocking' Surveillance 112 112

Mark Wilson writes: A court recently revealed via email that the UK government had been spying on Amnesty International. GCHQ had put Amnesty under surveillance — despite this having previously been denied — and now the human rights organization wants answers.

In a letter to the UK Prime Minister David Cameron, Amnesty International asks for an explanation for the surveillance. The Investigatory Powers Tribunal's (IPT) email made it clear that GCHQ had been intercepting, accessing and storing communications, something that Amnesty International's Secretary General, Salil Shetty believes 'makes it vividly clear that mass surveillance has gone too far'.
Cellphones

Ask Slashdot: Measuring (and Constraining) Mobile Data Use? 129 129

An anonymous reader writes: I've carried a smart phone for several years, but for much of that time it's been (and I suspect this is true for anyone for whom money is an object) kept pretty dumb — at least for anything more data-intensive than Twitter and the occasional map checking. I've been using more of the smart features lately (Google Drive and Keep are seductive.) Since the data package can be expensive, though, and even though data is cheaper than it used to be, that means I don't check Facebook often, or upload pictures to friends by email, unless I'm in Wi-Fi zone (like home, or a coffee shop, etc). Even so, it seems I'm using more data than I realized, and I'd like to keep it under the 2GB allotment I'm paying for. I used to think half a gig was generous, but now I'm getting close to that 2GB I've paid for, most months.

This makes me a little paranoid, which leads to my first question: How accurate are carriers' own internal tools for measuring use, and do you recommend any third-party apps for keeping track of data use? Ideally, I'd like a detailed breakdown by app, over time: I don't think I'm at risk for data-stealing malware on my phone (the apps I use are either built-in, or plain-vanilla ones from Google's store, like Instagram, Twitter's official client, etc.), but of course really well-crafted malware would be tough to guard against or to spot. And even if they can be defeated, more and more sites (Facebook, for one) now play video just because I've rolled over a thumbnail.
Read on for second part of the question.
Google

Google Launches Gmail Postmaster Tools To Eliminate Spam 55 55

Mark Wilson writes: Spam is a problem that is not going away for anyone who receives email — and who doesn't? Over the years Google has taken steps to try to reduce the amount of junk that reaches Gmail inboxes and today the company is taking things a step further with Gmail Postmaster Tools and enhanced filter training for Gmail. Part of the problem with spam — aside from the sheer volume of it — is that the detection of it is something of an art rather than a science. It is all too easy for legitimate email to get consigned to the junk folder, and this is what Gmail Postmaster Tools aims to help with. Rather than helping recipients banish spam, it helps senders ensure that their messages are delivered to inboxes rather than filtered out.
Crime

Ask Slashdot: Dealing With Ongoing Suspected Identity Theft? 213 213

njnnja writes: My wife receives periodic emails (about once every other month) from a cable company that is not in our service area that purport to confirm that she has made changes to her account, such as re-setting her password. Her email address is not a common one so we do not believe that it is someone accidentally using it; rather, we believe that an identity thief is subscribing to cable services intentionally using her name and email address.

Whenever we have gotten an email we have called the cable company, been forwarded to their security department, and we are assured that her social security number is not being used and that they will clear her name and email address out of their system. Yet a few weeks later we get another email. Our concern is that when the cable company goes after my wife for the unpaid balance on the account I am sure that neither they nor a collection agency will care much that it's not her social security number — it's her name and they will demand she pays.

We have a very strong password (long, completely random string of chars, nums, and symbols) and 2-factor authentication on the email account so we are fairly certain that no one is currently hacking into her email (at least, it's not worth it for however many thousands of dollars they can actually steal off this scam), But we think that the cable company should be doing more to not be complicit in an attempted identity theft. We have made it clear that we don't live in the area they cover so we should not have an account, but the fact that they keep setting up an account in her name means that they just don't care. Which is fine; I don't expect a cable company to care that they inconvenience us, but I would like to know if there is any way that we can make them care about it (liability, regulations, etc). I know YANAL but does anyone have any ideas about how to handle this? Thanks.
Microsoft

Microsoft To Cut 7,800 More Jobs, Take $7.6 Billion Writedown On Nokia 249 249

jones_supa writes: Microsoft is about to announce another round of layoffs. A company press release confirms the plan, saying that it will target up to 7,800 employees and will be aimed mostly at the hardware division. The hardware division includes the lion's share of former Nokia employees, which became part of Microsoft last year. In an e-mail to employees, chief executive officer Satya Nadella reiterated the company's commitment to its phone business, though he also said that some refocusing was necessary and that Microsoft's phone business would reflect the overall Windows strategy: "We are moving from a strategy to grow a standalone phone business to a strategy to grow and create a vibrant Windows ecosystem that includes our first-party device family," the e-mail reads. "As a result, the company will take an impairment charge of approximately $7.6 billion related to assets associated with the acquisition of the Nokia Devices and Services business in addition to a restructuring charge of approximately $750 million to $850 million."
Communications

Senate Advances Plan To Make Email and Social Sites Report Terror Activity 139 139

Advocatus Diaboli sends news that the Senate Intelligence Committee has unanimously approved draft legislation that would requires email providers and social media sites to report any suspected terrorist activities to the government. While the legislation itself is classified until it reaches the Senate floor, Committee chairman Richard Burr (R-NC) said, "America’s security depends on our intelligence community’s ability to detect and thwart attacks on the homeland, our personnel and interests overseas, and our allies. This year’s legislation arms the intelligence community with the resources they need, and reinforces congressional oversight of intelligence activities." The legislation is based on 2008's Protect Our Children Act, which required companies to report information about child porn to an agency that would act on it. One industry official told the Washington Post, "Considering the vast majority of people on these sites are not doing anything wrong, this type of monitoring would be considered by many to be an invasion of privacy. It would also be technically difficult."
AI

Machine Learning System Detects Emotions and Suicidal Behavior 38 38

An anonymous reader writes with word as reported by The Stack of a new machine learning technology under development at the Technion-Israel Institute of Technology "which can identify emotion in text messages and email, such as sarcasm, irony and even antisocial or suicidal thoughts." Computer science student Eden Saig, the system's creator, explains that in text and email messages, many of the non-verbal cues (like facial expression) that we use to interpret language are missing. His software applies semantic analysis to those online communications and tries to figure out their emotional import and context by looking for word patterns (not just more superficial markers like emoticons or explicit labels like "[sarcasm]"), and can theoretically identify clues of threatening or self-destructive behavior.
The Internet

Ask Slashdot: What Is the Best Way To Hold Onto Your Domain? 108 108

An anonymous reader writes: There have been quite a few stories recently about corporations, or other people, wanting to take over a domain. This has me wondering what steps can I take to ensure that outsiders know that my domain is in use, and not up for sale. In my case, I registered a really short domain name(only 5 characters) for a word that I made up. The domain has been mine for a while, and Archive.org has snapshots going back to 2001 of my placeholder page. It could be close to other domain names by adding one more letter, so there is potential for accusations of typosquatting (none yet). I have no trademark on the word, because I saw no reason to get one. The domain is used mostly for personal email, with some old web content left out there for search engines to find. The hosting I pay for is a very basic plan, and I can't really afford to pay for a ton of new traffic. There is the option to set up a blog, but then it has to be maintained for security. What would other readers suggest to establish the domain as mine, without ramping up the amount of traffic on it?