Submission + - OxygenOS Telemetry Lets OnePlus Maker Tie Phones To Individual Users (

An anonymous reader writes: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Submission + - Dutch Government Confirms Plan To Ban New Petrol, Diesel Cars By 2030 (

An anonymous reader writes: Today, the new Dutch government presented its detailed plan for the coming years and it includes making all new cars emission-free by 2030 – virtually banning petrol- and diesel-powered cars in favor of battery-powered vehicles. The four coalition parties have been negotiating their plans since the election in March and now after over 200 days, they have finally released the plan they agreed upon. NL Times posted all the main points of the plan and in "transportation," it includes: By 2030 all cars in the Netherlands must be emission free. While some local publications are reporting “all cars”, we are told that it would be for “all new cars” as it is the case for the countries with similar bans under consideration. The potential for the ban has been under consideration in the country since last year. The year 2025, like in Norway, has been mentioned, but they apparently decided for the less ambitious goal of 2030.

Submission + - Solving Google's, Facebook's, and Twitter's Russian (and other) Ad Problems (

Lauren Weinstein writes: I’m really not in a good mood right now and I didn’t need the phone call. But someone I know who monitors right-wing loonies called yesterday to tell me about plotting going on among those morons. The highlight was their apparent discussions of ways to falsely claim that the secretive Russian ad buys on major USA social media and search firms — so much in the the news right now and on the “mind” of Congress — were actually somehow orchestrated by Russian expatriate engineers and Russian-born executives now in this country. “Remember, Google co-founder Sergey Brin was born in Russia — there’s your proof!”, my caller reported as seeing highlighted as a discussion point for fabricating lying “false flag” conspiracy tales.

Submission + - Security and Privacy Focused Librem 5 Linux Smartphone Successfully Crowdfunded

prisoninmate writes: From a Softpedia report:

"Believe it or not, Purism's Librem 5 security and privacy-focused smartphone has been successfully crowdfunded a few hours ago when it reached and even passed its goal of $1.5 million, with 13 days left. Librem 5 wants to be an open source and truly free mobile phone designed with security and privacy in mind, powered by a GNU/Linux operating system based on Debian GNU/Linux and running only Open Source software apps on top of a popular desktop environment like KDE Plasma Mobile or GNOME Shell. Featuring a 5-inch screen, Librem 5 is compatible with 2G, 3G, 4G, GSM, UMTS, and LTE mobile networks. Under the hood, it uses an i.MX 6 or i.MX 8 processor with separate baseband modem to offer you the protection you need in today's communication challenges, where you're being monitored by lots of government agencies."

Submission + - Equifax Increases Number Of Brtions Affected By Data Breach To 700,000 (

phalse phace writes: You know those 400,000 Britons that were exposed in Equifax's data breach? Well, it turns out the number is actually closer to 700,000.

Equifax has just admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised.

The company originally estimated that the number of people affected in the UK was "fewer than 400,000".

But on Tuesday night it emerged that cyber criminals had targeted 15.2 million records in the UK. It said 693,665 people could have had their data exposed, including email addresses, passwords, driving license numbers, phone numbers. The stolen data included partial credit card details of less than 15,000 customers.

Submission + - KDE Plasma 5.11 released (

jrepin writes: KDE publishes this autumn's Plasma feature release, KDE Plasma 5.11. Plasma 5.11 desktop environment brings a redesigned settings app, improved notifications, a more powerful task manager. Plasma 5.11 is the first release to contain the new “Vault”, a system to allow the user to encrypt and open sets of documents in a secure and user-friendly way, making Plasma an excellent choice for people dealing with private and confidential information.

Submission + - How the Federal Reserve Bank of New York is using open source

Esther Schindler writes: When you handle trillions of dollars a year in transactions and manage the largest known vault of gold in the world, security and efficiency are top priorities. Open source reusable software components are key to the New York Fed's successful operation, explains Colin Wynd, vice president and head of the bank's Common Service Organization.

The nearly 2,000 developers across the Federal Reserve System used to have a disparate set of developer tools. Now, they benefit from a standard toolset and architecture, which also places limits on which applications the bank will consider using. “We don’t want a third-party application that isn’t compatible with our common architecture,” said Wynd.

But the advantages are more than technical. Among them: "Developers can now take on projects or switch jobs more easily across Federal Reserve banks because the New York Fed uses a lot of common open source components and a standard tool set, meaning retraining is minimal if needed at all."

Submission + - The Absurdly Underestimated Dangers of CSV Injection (

iONiUM writes: From the article:
"In some ways this is old news, but in other wayswell, I think few realize how absolutely devastating and omnipresent this vulnerability can be. It is an attack vector available in every application I’ve ever seen that takes user input and allows administrators to bulk export to CSV.

That is just about every application."

The article demonstrates 2 very easy ways to run code through CSV files, both within Excel and Google Sheets as well as illustrate a prevention technique:

"And just like that, the attacker has free reign to download a keylogger, install things, and overall remotely execute code not merely on any other person’s computer, but on that of someone guaranteed to have access to all user’s data; for example a manager or a company adminstrator. I wonder what other sort of files they might have lying around?"

Submission + - Zuckerberg 'Exploited Disaster' in Puerto Rico VR Stunt ( 1

wjcofkc writes: A cartoon version of Facebook CEO Mark Zuckerberg visited hurricane -ravaged Puerto Rico on Monday in a livestream that was part disaster tourism and part product promotion. While speaking from the comfort of their offices in the company's Menlo Park campus, Facebook's head of social virtual reality Rachel Franklin and Zuckerberg appeared as gleeful avatars in the otherwise tone deaf livestream as they "teleported" to different locations of disaster stricken island.

Mark Zuckerberg, who at one point seemed to forget the name of the hurricane, said during the livestream, "One of the things that's really magical about VR is you can get the feeling you're really in a place," as his avatar floated over scenes of flooding and destruction, at one point giving Rachel a high five.

The Facebook CEO has been labeled a “heartless billionaire” engaging in “voyeuristic tourism” by many Facebook users. Negative comments from Facebook users included: “It’s a little weird that you are using devastation to talk about how cool VR is,” “Is this a joke?,” and “Can’t let a good tragedy go to waste. He has to promote Facebook. Typical. All he talks about [is] Facebook instead of victims and their suffering.”

Submission + - Deloitte Hack may have compromised US Government and multinational agencies (

evolutionary writes: A hack at Deloitte revealed by The Guardian back in late September may have far more wide reaching consequences than initially reported according to independent sources. (Deloitte will only say it doesn't know to what extent the compromise of the hack had). Deloittee did not have multi-factor authentication as a standard when server was breached.

Submission + - North Korea Hacked South's Military Network ( 1

wiredmikey writes: North Korean hackers reportedly stole hundreds of classified military documents from South Korea, including detailed wartime operational plans involving the U.S., a report said Tuesday. The hackers broke into the South's military network last September and gained access to 235 gigabytes of sensitive data, the Chosun Ilbo daily reported.

Among the leaked documents was Operational Plans 5015 for use in case of war with the North and including procedures for "decapitation" attacks on leader Kim Jong-Un, the paper said.

Submission + - Scientists selectively trigger suicide in cancer cells (

Baron_Yam writes: From "A team of researchers at the Albert Einstein College of Medicine reveals the first compound that directly makes cancer cells commit suicide while sparing healthy cells. The new treatment approach was directed against acute myeloid leukemia (AML) cells but may also have potential for attacking other types of cancers."

Slashdot Top Deals