The Senate today gave final approval to a bill aimed at cracking down on online sex trafficking, sending the measure to the White House where President Trump is expected to sign it into law. From a report: The legislation, called the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA), but also referred to as SESTA, would cut into the broad protections websites have from legal liability for content posted by their users. Those protections are codified in Section 230 of the Communications Decency Act from 1996, a law that many internet companies see as vital to protecting their platforms and that SESTA would amend to create an exception for sex trafficking.

Sen. Ron Wyden (D-Ore.), the most outspoken critic of SESTA and one of the authors of the 1996 law, said that making exceptions to Section 230 will lead to small internet companies having to face an onslaught of frivolous lawsuits. EFF expressed its disappointment, saying, "Today is a dark day for the Internet. Congress just passed the Internet censorship bill SESTA/FOSTA. SESTA/FOSTA will silence online speech by forcing Internet platforms to censor their users. As lobbyists and members of Congress applaud themselves for enacting a law ostensibly tackling the problem of trafficking, let's be clear: Congress just made trafficking victims less safe, not more. Sex trafficking experts have tried again and again to explain to Congress how SESTA/FOSTA will put trafficking victims in danger. Sex workers have spoken out too, explaining how online platforms have literally saved their lives. Why didn't Congress consult with the people their bill would most directly affect? [...] When platforms choose to err on the side of censorship, marginalized voices are censored disproportionately. SESTA/FOSTA will make the Internet a less inclusive place, something that hurts all of us. This might just be the beginning. Some of these groups behind SESTA / FOSTA seem to see the bill as a mere stepping stone to banning pornography from the Internet."

An anonymous reader shares a report: It's been a bad week for two of the world's biggest vendors of enterprise hardware and software -- Fortinet and Palo Alto Networks. The worst of the bunch is a credentials leak affecting Fortinet's FortiClient, an antivirus product provided by Fortinet for both home and enterprise-level clients. Researchers from SEC Consult said in an advisory released this week that they've discovered a security issue that allows attackers to extract credentials for this VPN client. The second major security issue disclosed this week affects firewall products manufactured by Palo Alto Networks and running PAN-OS, the company's in-house operating system. Security researcher Philip Pettersson discovered that by combining three vulnerabilities together, he could run code on a Palo Alto firewall from a remote location with root privileges.

intellitech shares a report from Engadget: For those of you who miss the iPhone headphone jack, you're definitely not alone. But Strange Parts creator Scotty Allen missed it so much that he decided to add one to his iPhone 7. He just posted a video of the project's entire saga, with all of its many ups and downs, and in the end he holds what he set out to create -- a current generation iPhone with a fully functional headphone jack. It turns out, real courage is adding the headphone jack back to the iPhone. The project took around 17 weeks to complete and throughout it Allen spent thousands of dollars on parts including multiple iPhones and screens and handfuls of lightning to headphone adaptors. Along the way, Allen bought a printer, a nice microscope and fancy tweezers. He had to design his own circuit boards, have a company manufacture multiple iterations of flexible circuit boards and at one point early on had to consult with a chip dealer that a friend hooked him up with.

The final product works by using a lightning to headphone adaptor that's incorporated into the internal structure of the phone. However, because the headphone jack is powered via the phone's lightning jack with a circuit board switching between the two depending on whether headphones or a charger are plugged into the phone, you can't actually listen to music and charge the phone at the same time.

New submitter wierzpio writes: In more news about TVAddons, Canadian cable companies used a civil search warrant to visit the owner and developer of TVAddons, a library of hundreds of apps known as add-ons that allow people easy access to pirated movies, TV shows, and live TV. According to Adam Lackman, founder of TVAddons and defendant in the copyright lawsuit launched by the television giants, "The whole experience was horrifying. It felt like the kind of thing you would have expected to have happened in the Soviet Union." During the 16 hour-long visit, he was interrogated, denied the right not to answer the questions, and denied the right to consult his answers with his lawyer, who was present. His personal possessions were seized. Adam is fighting back (link to Indiegogo fundraising page) and already the judge declared the search warrant "null and void." "I am of the view that its true purpose was to destroy the livelihood of the defendant, deny him the financial resources to finance a defense to the claim made against him," the judge wrote. "The defendant has demonstrated that he has an arguable case that he is not violating the [Copyright] Act," the judge continued, adding that by the plaintiffs' own estimate, only about one per cent of Lackman's add-ons were allegedly used to pirate content. Lackman's belongings still haven't been returned, and he can't acess the TVAddons website or its social media accounts, which were also seized. "Bell, Rogers and Videotron has appealed the court decision and a Federal Court of Appeal judge has ruled that until the appeal can be hard, Lackman will get nothing back," reports cbc.ca.

President Donald Trump is the tweeting president. His @realDonaldTrump handle has 31.8 million followers and "35K" tweets. While the president claims to use Twitter to "get the honest and unfiltered message out," many Americans aren't so fond of his favored form of communication. According to a new voter poll (PDF), the public is growing tired of Trump's tweets. Ars Technica reports: A Morning Consult, Politico survey published Wednesday found that 69 percent of voters who took the online survey said they thought Trump tweets too much. That's up from 56 percent from December, months before Trump took office. The survey said that 82 percent of Democrats polled thought Trump tweets too much, up from 75 percent in December. Republicans came in at 53 percent saying the president used Twitter too often, an 11-percent increase from December. Overall, 57 percent of voters who took the survey said Trump's tweets are hurting his presidency. Another 53 percent said his Twitter use undermines U.S. standing in the world. The poll found that 51 percent of all voters said Trump's tweets imperiled national security. What do you think of Trump's tweets? Do you think they are getting old, or do you find them particularly useful?

New submitter Rick Schumann writes from a report via Consumerist: The NCTA hired polling firm Morning Consult to survey people about their attitudes toward net neutrality. In the results and a blog post about the survey, the organization crows that clearly, everyone thinks regulation is bad. Here's the "TL;DR" version: The NCTA claims Americans want "light touch" regulation of the "internet," but did not ask about regulation of internet service providers. The survey claims most voters believe regulation will harm innovation and investment, but their own numbers show that just as many people believe it won't. Most people don't believe the internet should be regulated like a "public utility," which is good because that's not what net neutrality does. When people were asked their feelings about what neutrality actually does, they overwhelmingly support it.

First, "A new study finds that nearly 9 in 10 people who go for a second opinion after seeing a doctor are likely to leave with a refined or new diagnosis from what they were first told," according to an article shared by Slashdot reader schwit1: Researchers at the Mayo Clinic examined 286 patient records of individuals who had decided to consult a second opinion, hoping to determine whether being referred to a second specialist impacted one's likelihood of receiving an accurate diagnosis. The study, conducted using records of patients referred to the Mayo Clinic's General Internal Medicine Division over a two-year period, ultimately found that when consulting a second opinion, the physician only confirmed the original diagnosis 12 percent of the time. Among those with updated diagnoses, 66% received a refined or redefined diagnosis, while 21% were diagnosed with something completely different than what their first physician concluded.
But in a related story, Slashdot reader sciencehabit writes that four machine-learning algorithms all performed better than currently-used algorithm of the American College of Cardiology, according to newly-published research, which concludes that "machine-learning significantly improves accuracy of cardiovascular risk prediction, increasing the number of patients identified who could benefit from preventive treatment, while avoiding unnecessary treatment of others."

"I can't stress enough how important it is," one Stanford vascular surgeon told Science magazine, "and how much I really hope that doctors start to embrace the use of artificial intelligence to assist us in care of patients."

schwit1 shares with us a report on a 11-part series led by The Intercept reporter Cora Currier: Secret FBI rules allow agents to obtain journalists' phone records with approval from two internal officials -- far less oversight than under normal judicial procedures. The classified rules dating from 2013, govern the FBI's use of national security letters, which allow the bureau to obtain information about journalists' calls without going to a judge or informing the news organization being targeted. They have previously been released only in heavily redacted form. Media advocates said the documents show that the FBI imposes few constraints on itself when it bypasses the requirement to go to court and obtain subpoenas or search warrants before accessing journalists' information. The rules stipulate that obtaining a journalist's records with a national security letter requires the signoff of the FBI's general counsel and the executive assistant director of the bureau's National Security Branch, in addition to the regular chain of approval. Generally speaking, there are a variety of FBI officials, including the agents in charge of field offices, who can sign off that an NSL is "relevant" to a national security investigation. There is an extra step under the rules if the NSL targets a journalist in order "to identify confidential news media sources." In that case, the general counsel and the executive assistant director must first consult with the assistant attorney general for the Justice Department's National Security Division. But if the NSL is trying to identify a leaker by targeting the records of the potential source, and not the journalist, the Justice Department doesn't need to be involved. The guidelines also specify that the extra oversight layers do not apply if the journalist is believed to be a spy or is part of a news organization "associated with a foreign intelligence service" or "otherwise acting on behalf of a foreign power." Unless, again, the purpose is to identify a leak, in which case the general counsel and executive assistant director must approve the request.

Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version. Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price, PCWorld reports. From the article: One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday. The second hard-coded password is for the root account that could be used to take full control of the camera over Telnet. The researchers established that the password is static based on its cryptographic hash and, while they haven't actually cracked it, they believe it's only a matter of time until someone does. Sony released a patch to the affected camera models last week.

Millions of internet-facing devices -- from home broadband routers to industrial equipment -- are still sharing well-known private keys for encrypting their communications, reports The Register. From the report: This is according to research from SEC Consult, which said in a follow-up to its 2015 study on security in embedded systems that the practice of reusing widely known secrets is continuing unabated. Devices and gadgets are still sharing private keys for their builtin HTTPS and SSH servers, basically. It is not difficult to extract these keys from the gizmos and use them to eavesdrop on encrypted connections and interfere with the equipment: imagine intercepting a connection to a web-based control panel, decrypting it, and altering the configuration settings on the fly. And because so many models and products are using the same keys, it's possible to attack thousands of boxes at once. SEC Consult senior security consultant Stefan Viehbock scanned the public internet and found that the practice of using known private keys has increased over the past nine months, with the number of net-accessible vulnerable devices ballooning to more than 4.5 million network appliances, IoT devices, and embedded systems around the world. That's up 40 per cent, or 1.3 million, from November, according to SEC Consult.

An anonymous reader quotes a report from The Stack: Microsoft has announced that it has completed its acquisition of artificial intelligence-based scheduling app Genee for an undisclosed amount. The app, which was launched in beta last year, uses natural language processing tools and decision-making algorithms to allow users to schedule appointments without having to consult a calendar. Prior to the acquisition, Genee supported scheduling across Facebook, Twitter, Skype, email, and via SMS. From September 1, Genee will close its own service and will officially join Microsoft, supposedly the Office 365 team. Microsoft believes the addition will help it "further [its] ambition to bring intelligence into every digital experience."

An anonymous reader writes: Louisville's largest cable and internet provider says the city is giving Google Fiber an unfair advantage, and it wants Mayor Greg Fischer to step in and ease key regulations in the coming weeks. In a July 28 letter, Charter Communications told Fischer the city's separate franchise agreements allow Google to operate under less burdensome rules despite the two companies offering local customers similar services. "There is no justification for different regulatory treatment," said Jason Keller, Charter's government liaison. The letter was addressed to Fischer, the 26-member Metro Council and more than five dozen other mayors representing smaller suburban cities. Charter representatives claim unlike Google, it is obligated to pay money to the city above and beyond the millions in tax proceeds Louisville receives; to provide free internet and cable television to dozens of city-owned buildings; and provide costly government channels, as well as a studio for public access channels. Kellie Watson, Fischer's general counsel, said in a statement that Charter "raised some interesting issues and ideas" but that the administration will need to consult with the county attorney's office given the franchise agreement involves federal regulations.

v3rgEz writes: Wish that you could have tuned into all the primary debates without a cable subscription? You're not alone. According to MuckRock analysis of primary-related FCC complaints, that was one of the most common complaints, as well as allegations of corporate bias, candidate preferences by the networks, and general gripes about how corporate supposedly open debates have become. I wish there was a database to consult for complaints about the U.S. primary system, too.

An anonymous reader writes: A hidden backdoor account was discovered embedded in the firmware of devices deployed at the White House and in various US Military strategic centers, more precisely in AMX conference room equipment. The first account was named Black Widow, and after security researchers reported its presence to AMX, the company's employees simply renamed it to Batman thinking nobody will notice. AMX did remove the backdoor after three months. In its firmware's official release notes, AMX claimed that the two accounts were only used for debugging, just like Fortinet claimed that its FortiOS SSH backdoor was used only internally by a management protocol.