Submission + - 1.8 million Chicago voter records exposed online (cnn.com)

schwit1 writes: A voting machine company exposed 1.8 million Chicago voter records after misconfiguring a security setting on the server that stored them.

Election Systems & Software (ES&S), the Nebraska-based voting software and election management company, confirmed the leak on Thursday.

In a blog post, the company said the voter data leak contained names, addresses, birthdates, partial social security numbers and some driver's license and state ID numbers stored in backup files on a server. Authorities alerted ES&S to the leak on Aug. 12, and the data was secured.

A security researcher from UpGuard discovered the breach.

The data did not contain any voting information, like the results of how someone voted.

Jim Allen, a spokesman for the Chicago Board of Elections, said the leak did not contain or affect anyone's voting ballots, which are handled by a different vendor.

Submission + - Attackers Turn To Auto-Updating Links Instead Of Macros To Deliver Malware (helpnetsecurity.com)

Orome1 writes: SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately leading to a RAT infection. What is curious about this particular attack is that it uses an approach that Mertens has never encountered before: the file exploits a Microsoft Word feature that can make files automatically update links included in them as soon as they are opened. The Word file tries to access the malicious RTF file and, if it succeeds, the latter downloads a JavaScript payload, which creates a shell object to spawn a PowerShell command and download a malicious PE file – the Netwire RAT.

Submission + - In Lieu of Taxes, Microsoft Gives a Nevada Schoolkid a Surface Laptop

theodp writes: The Official Microsoft Blog hopes a letter from a Nevada middle schooler advising Microsoft President Brad Smith to "keep up the good work running that company" will "inspire you like it did us." Penned as part of a math teacher's assignment to write letters to the businesses that they like, Microsoft says the letter prompted Smith to visit the Nevada school to meet 7th-grader Sky Yi in person as part of the company’s effort to draw attention to the importance of math and encourage students and teachers who are passionate about STEM (science, technology, engineering and math) education. In an accompanying video of the surprise meeting, Smith presents Yi with a new Surface Laptop that comes with Windows 10 S, a version of the OS that has been streamlined with schools in mind. "Not bad for a little letter," the Microsoft exec says. Speaking of Microsoft, Nevada, and education, Bing Maps coincidentally shows the school Smith visited is just a 43-minute drive from the software giant's Reno-based Americas Operations Center. According to the Seattle Times, routing sales through the Reno software-licensing office helps Microsoft minimize its tax bills (NV doesn’t tax business income) to the detriment, some say, of Washington State public schools.

Submission + - Computer Algorithm erases Photos Watermarks (googleblog.com)

AlejandroTejadaC writes: Research Scientists Tali Dekel, Michael Rubinstein, Ce Liu and Bill Freeman describe on their paper “On The Effectiveness Of Visible Watermarks” their findings about a Computer Algorithm that erases Photos Watermarks and suggest possible ways to make photos watermarks more effective and difficult to erase.

Submission + - OK Cupid bans white supremacists (twitter.com)

AmiMoJo writes: OK Cupid, a dating site, has banned white supremacist Chris Cantwell for life. In a follow up tweet they vowed to ban any other members of the supremacist movement that are brought to their attention.

Submission + - FBI pushes private sector to cut ties with Kaspersky (cyberscoop.com)

An anonymous reader writes: The FBI has been briefing private sector companies on intelligence claiming to show that the Moscow-based cybersecurity company Kaspersky Lab is an unacceptable threat to national security.

Submission + - Video Is Coming To Reddit (variety.com)

An anonymous reader writes: Videos are coming to Reddit, thanks to a new feature that allows users to upload video clips directly to the service. Reddit rolled out the new video feature Tuesday after testing it with around 200 communities over the past couple of weeks. Reddit users are now able to upload videos of up to 15 minutes in length, with file sizes being limited to 1 gigabyte. Users will be able to upload videos via Reddit’s website and its mobile apps for iOS and Android, with the latter offering basic trimming functionality as well. And, in keeping with the spirit of the site, Reddit is also offering a conversion tool to turn videos into animated Gifs. Videos are being displayed persistently, or pinned, meaning that users can scroll through the comments while the video keeps playing in the corner of their screen. And community moderators can opt not to allow videos in their Subreddits at all, with Le arguing that some discussion-heavy Subreddits may decide that the format just doesn’t work for them.

Submission + - Motorola Patents a Display That Can Heal Its Own Cracked Screen With Heat (theverge.com)

An anonymous reader writes: A patent published today explains how a phone could identify cracks on its touchscreen and then apply heat to the area in an effort to slightly repair the damage. The process relies on something called "shape memory polymer," a material that can apparently become deformed and then recovered through thermal cycling. Thermal cycling involves changing the temperature of the material rapidly. This material could be used over an LCD or LED display with a capacitive touch sensor layered in, as well. Although the phone could heat the polymer in order to restore it, a user's body heat can be used, too.

Submission + - A Global Fish War is Coming (usni.org)

schwit1 writes: The demand for fish as a protein source is increasing. The global population today is 7.5 billion people, and is expected to be 9.7 billion by 2050, with the largest growth coming in Africa and Asia. Fish consumption has increased from an average of 9.9 kilograms per person in the 1960s to 19.7 kilograms in 2013 with estimates for 2014 and 2015 above 20 kilograms. The ten most productive species are fully fished and demand continues to rise in regions generally with little governance and many disputed boundaries.

Submission + - Judge Dismisses AT&T's Attempt To Stall Google Fiber Construction (arstechnica.com)

An anonymous reader writes: AT&T has lost a court case in which it tried to stall construction by Google Fiber in Louisville, Kentucky. AT&T sued the local government in Louisville and Jefferson County in February 2016 to stop a One Touch Make Ready Ordinance designed to give Google Fiber and other new ISPs quicker access to utility poles. But yesterday, US District Court Judge David Hale dismissed the lawsuit with prejudice, saying AT&T's claims that the ordinance is invalid are false. "We are currently reviewing the decision and our next steps," AT&T said when contacted by Ars today. One Touch Make Ready rules let ISPs make all of the necessary wire adjustments on utility poles themselves instead of having to wait for other providers like AT&T to send work crews to move their own wires. Without One Touch Make Ready rules, the pole attachment process can cause delays of months before new ISPs can install service to homes. Google Fiber has continued construction in Louisville despite the lawsuit and staff cuts that affected deployments in other cities.

Submission + - Long-Term Threats to Ballot Privacy (computer.org)

martinezm writes: To enhance transparency, many new voting systems produce audit data that lets voters verify that their ballot was included in the tally, and lets outsiders verify that the tally was calculated correctly. However, the cryptographic techniques used in these systems provide confidentiality for a few decades only. This threatens ballot privacy in the long term.

Submission + - Cisco's Feud With Former Star Executive Turns Personal — And Costly (wsj.com)

cdreimer writes: According to a report in The Wall Street Jouranl (possibly paywalled, alternative source), Cisco's feud with startup Arista Networks is turning personal in a costly lawsuit over allegedly stolen technology as the two companies compete for the same customers.

In a packed headquarters ballroom, Cisco Systems Inc.’s then-chief executive officer John Chambers offered a fond farewell to a star executive and friend, Jayshree Ullal. He celebrated her ability to make complicated things simple and wished her success in her next role. He didn’t expect that much success. Within months of the 2008 party, Ms. Ullal became CEO of Arista Networks Inc., a small startup that has since snagged Cisco customers including Microsoft Corp. and Facebook Inc., and is eating into the share of the networking giant’s most important business. Mr. Chambers couldn’t stand to lose sales, especially to someone he considered family and the rivalry has become personal, according to people close to both executives. Defeating Arista has become a priority for Cisco, a company more than 40 times bigger by annual revenue. In 2013, Ms. Ullal’s image appeared in an internal Cisco presentation pasted onto a bull’s-eye pierced with arrows. “Arm the field, stop the bleeding and fire back,” according to the presentation. Now, the fighting is unfolding in court, where Cisco, once the world’s most valuable company, has accused Arista of stealing its technology. Arista has denied the allegations, saying the Silicon Valley giant sued only because it lacked smart ideas to regain business. Each side has notched incremental wins over the past two and half years with no sign of a resolution.


Submission + - Ukraine hacker cooperating with FBI in Russia probe (nytimes.com)

schwit1 writes: A hacker in Ukraine who goes by the online alias “Profexer” is cooperating with the FBI in its investigation of Russian interference in the U.S. presidential election, The New York Times is reporting.

Profexer, whose real identity is unknown, wrote and sold malware on the dark web. The intelligence community publicly identified code he had written as a tool used in the hacking of the Democratic National Committee ahead of last year’s presidential election.

The hacker’s activity on the web came to a halt shortly after the malware was identified.

The New York Times, citing Ukrainian police, reported Wednesday that the individual turned himself into the FBI earlier this year and became a witness for the bureau in its investigation. FBI investigators are probing Russian interference efforts and whether there was coordination between associates of President Trump’s campaign and Moscow. Special counsel Robert Mueller is heading the investigation.

Submission + - Uber Can't Keep Driving Itself (wired.com)

mirandakatz writes: It's been nearly two months since Travis Kalanick stepped down as CEO from Uber, and in that time he's also been hit with a lawsuit from Benchmark Capital. The drama is running high at Uber HQ—and the company can't keep running itself forever. In fact, as Jessi Hempel writes at Backchannel, doing so is affecting its future prospects: "The lawsuit, paired with a public appeal to Uber’s employee base, will likely slow down the CEO search even more. And that’s a bad thing for Uber, and anyone else who once believed the company had a chance at being the global transportation and logistics behemoth that its disgraced cofounder originally envisioned. Self-driving cars are hard enough. A self-driving company is a recipe for a wreck."

Submission + - Computer scientists use music to covertly track body movements, activity (rtoz.org)

qpttech writes: Researchers at the University of Washington have demonstrated how it is possible to transform a smart device into a surveillance tool that can collect information about the body position and movements of the user, as well as other people in the device’s immediate vicinity. Their approach involves remotely hijacking smart devices to play music embedded with repeating pulses that track a person’s position, body movements, and activities both in the vicinity of the device as well as through walls.

Submission + - New DDoS Assault Pattern: Attackers Use DDoS Pulses to Pin Down Multiple Targets (incapsula.com)

whitehatdefender writes: Over the last few months, Imperva Incapsula has witnessed the emergence of a new assault pattern, which we have come to call a “pulse wave” DDoS attack.

Comprised of a series of short-lived bursts occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017. In the most extreme cases, they lasted for days at a time and scaled as high as 350 gigabits per second.

Submission + - Researcher finds Marcus Hutchins' code that was used in malware (itwire.com)

troublemaker_23 writes: A security researcher says code has been discovered that was written by British hacker Marcus Hutchins that was apparently "borrowed" by the creator of the banking trojan Kronos. The researcher, known as Hasherezade, posted a tweet identifying the code that had been taken from Hutchins' repository on GitHub.

Submission + - Deadly Drug-Resistant Fungus Sparks Outbreaks In UK (arstechnica.com)

An anonymous reader writes: More than 200 patients in more than 55 UK hospitals were discovered by healthcare workers to be infected or colonized by the multi-drug resistant fungus Candida auris, a globally emerging yeast pathogen that has experts nervous. Three of the hospitals experienced large outbreaks, which as of Monday were all declared officially over by health authorities there. No deaths have been reported since the fungus was first detected in the country in 2013, but 27 affected patients have developed blood infections, which can be life-threatening. And about a quarter of the more than 200 cases were clinical infections. Officials in the UK aimed to assuage fear of the fungus and assure patients that hospitals were safe. “Our enhanced surveillance shows a low risk to patients in healthcare settings. Most cases detected have not shown symptoms or developed an infection as a result of the fungus,” Dr Colin Brown, of Public Health England's national infection service, told the BBC.

Yet, public health experts are uneasy about the rapid emergence and level of drug resistance the pathogen is showing. In a surveillance update in July, the US Centers for Disease Control and Prevention said that C. auris “presents a serious global health threat.” It was first identified in the ear of a patient in Japan in 2009. Since then, it has spread swiftly, showing up in more than a dozen countries, including the US, according to the CDC. So far, health officials have reported around 100 infections in nine US states and more than 100 other cases where the fungus was detected but wasn’t causing an infection.

Submission + - Roku Gets Tough On Pirate Channels, Warns Users (torrentfreak.com)

An anonymous reader writes: Earlier this year Roku was harshly confronted with this new piracy crackdown when a Mexican court ordered local retailers to take its media player off the shelves. While this legal battle isn’t over yet, it was clear to Roku that misuse of its platform wasn’t without consequences. While Roku never permitted any infringing content, it appears that the company has recently made some adjustments to better deal with the problem, or at least clarify its stance. Pirate content generally doesn’t show up in the official Roku Channel Store but is directly loaded onto the device through third-party “private” channels. A few weeks ago, Roku renamed these “private” channels to “non-certified” channels, while making it very clear that copyright infringement is not allowed. A “WARNING!” message that pops up during the installation of these third-party channels stresses that Roku has no control over the content. In addition, the company notes that these channels may be removed if it links to copyright infringing content.

“By continuing, you acknowledge you are accessing a non-certified channel that may include content that is offensive or inappropriate for some audiences,” Roku’s warning reads. “Moreover, if Roku determines that this channel violates copyright, contains illegal content, or otherwise violates Roku’s terms and conditions, then ROKU MAY REMOVE THIS CHANNEL WITHOUT PRIOR NOTICE.”

Slashdot Top Deals