Media

Body Camera Giant Wants Police To Collect Your Videos Too (fastcompany.com) 46

tedlistens shares a report from Fast Company: Axon, the police supplier formerly known as Taser and now a leading maker of police body cameras, has also charged into police software with a service that allows police to manage and eventually analyze increasingly large caches of video, like a Dropbox for cops. Now it wants to add the public's video to the mix. An online tool called Citizen, set to launch later this year, will allow police to solicit the public for photos or video in the aftermath of suspected crimes and ingest them into Axon's online data platform. Todd Basche, Axon's executive vice president for worldwide products, said the tool was designed after the company conducted surveys of police customers and the public and found that potentially valuable evidence was not being collected. "They all pointed us to the need to collect evidence that's out there in the community."

[But] systems like Citizen still raise new privacy and policy questions, and could test the limits of already brittle police-community relations. Would Citizen, for instance, also be useful for gathering civilian evidence of incidents of police misconduct or brutality? [And how would ingesting citizen video into online police databases, like Axon's Evidence.com, allow police to mine it later for suspicious activity, in a sort of dragnet fashion?] "It all depends," says one observer, "on how agencies use the tool."

Security

MasterCard Has Finally Realized That Signatures Are Obsolete and Stupid (fastcompany.com) 291

An anonymous reader shares a report: For years, credit card companies have relied on an illegible squiggly line as the frontline of defense against credit card fraud. Customers are forced to use a pen (how retro!) to scrawl their signature on bills at restaurants and sign digitally at cash registers -- as if somehow in the age of chips, PINs, biometrics, and online fraud alerts, a line on a page is still a great tool against fraud prevention. Personally, I have been known to sign on the dotted line with a doodle of a piece of tofu and no one has ever stopped me, because signatures mean very little in this digital age. Companies are finally seeing the light. Starting in April 2018, MasterCard cardholders will no longer be required to sign their name when they purchase something using their debit or credit cards. The company has been moving away from requiring signatures for a few years now, with only about 80% of purchases (typically over a certain dollar amount) requiring a signature these days. MasterCard did some digging, though, and per its press release, realized that most of their customers "believe it would be easier to pay and that checkout lines would move faster if they didn't need to sign when making a purchase."
China

Apple Watch's LTE Suspended In China Possibly Due To Government Security Concerns (appleinsider.com) 18

The Apple Watch Series 3's best new feature has been mysteriously blocked in China. According to a report from The Wall Street Journal, China has cut off the Apple Watch's LTE connectivity on Sept. 28 after brief availability from China Unicom. Industry analysts claim that the suspension is probably from governmental concerns about not being able to track and confirm users of the device. AppleInsider reports: Apple issued a brief statement confirming the situation, and referring customers to China Unicom. Neither China Unicom, nor Chinese regulators have made any statement on the matter. The issue may stem from the eSIM in the Apple Watch. Devices like the iPhone have state-owned telecom company-issued SIM cards -- and the eSIM is embedded in the device by Apple. "The eSIM (system) isn't mature enough yet in China," one analyst said. "The government still needs to figure out how they can control the eSIM." The LTE version of the Apple Watch had only a trial certificate to operate on the Chinese LTE network. An analyst who asked not to be identified expects that Ministry of Industry and Information Technology may take months to figure out how the government will deal with the eSIM, and issue a formal certificate for operation.
Businesses

Dodging Russian Spies, Customers Are Ripping Out Kaspersky (thedailybeast.com) 351

From a report: Multiple U.S. security consultants and other industry sources tell The Daily Beast customers are dropping their use of Kaspersky software all together, particularly in the financial sector, likely concerned that Russian spies can rummage through their files. Some security companies are being told to only provide U.S. products. And former Kaspersky employees describe the firm as reeling, with department closures and anticipation that researchers will jump ship soon. "We are under great pressure to only use American products no matter the technical or performance consequences," said a source in a cybersecurity firm which uses Kaspersky's anti-virus engine in its own services. The Daily Beast granted anonymity to some of the industry sources to discuss internal deliberations, as well as the former Kaspersky employees to talk candidly about recent events.
Books

Amazon E-Book Buyers Receive Payment From Antitrust Lawsuit Settlement (idropnews.com) 41

If you bought a Kindle e-book between April 2010 and May 2012, you might see some Amazon credit coming your way. The company is reportedly distributing funds from an antitrust lawsuit that it levied at Apple in 2013. From a report: Amazon has set up a website listing the available credits, and it has begun sending out emails this morning to U.S. customers who are eligible for a refund. Apple and a handful of book publishers, including Penguin, HarperCollins, Machete Book Group and Macmillan, were found guilty of conspiring to inflate the prices of e-books in order to weaken Amazon's grip on the market. While the book publishers settled out of court, Apple decided to fight the lawsuit and appealed several times. Eventually, it was ordered to pay a total of $450 million in the protracted antitrust case.

Several refunds have already been distributed because of the lawsuit. In fact, the bulk of credits were sent out in 2014 and 2016. The round of credits being sent out today comes from an earmarked $20 million meant to pay states involved in the suit. The Amazon credits have a six-month shelf life and must be spent by April 20, 2018, or they'll expire. In addition the Amazon credits, customers may also be receiving Apple credits that can be used toward iBooks, iTunes and App Store purchases. Apple is currently notifying eligible customers via email.

Businesses

Amazon's Next Big Bet is Letting You Communicate Without a Smartphone, Says Alexa's Chief Scientist (cnbc.com) 144

An anonymous reader shares a report: The next big function to take off on Amazon's Echo devices will be voice or video calling -- which is a way Alexa can reduce the need to have your smartphone on your at all times, said Rohit Prasad, VP and Head Scientist at Alexa Machine Learning. "If you have not played with calling and the video calls on Echo Show, you should try it because that is revolutionizing how you can communicate," Prasad said in an exclusive interview with CNBC at an Alexa Accelerator event in Seattle Tuesday night. (The event is dedicating to developing new voice-powered technologies.) "When you can drop in on people who have given you access -- so I can drop in and call my mom in her kitchen without her picking any device -- it's just awesome." (Amazon added the ability to call mobile numbers and landlines for free onto Echo devices a few weeks ago.) Amazon doesn't have a smartphone that lets customers bring a digital assistant everywhere -- like Apple's Siri and Google's Assistant -- and communicating through Alexa devices is one way of reducing the need for a personal handset, Prasad said "I can easily drop in and talk to my kids," Prasad says. "They don't have a smartphone so that's my easiest way to talk to them. It's yet another area where Alexa is taking the friction away."
Piracy

Netflix, Amazon, Movie Studios Sue Over TickBox Streaming Device (arstechnica.com) 130

Movies studios, Netflix, and Amazon have teamed up to file a lawsuit against a streaming media player called TickBox TV. The device in question runs Kodi on top of Android 6.0, and searches the internet for streams that it can make available to users without actually hosting any of the content itself. An anonymous reader quotes a report from Ars Technica: The complaint (PDF), filed Friday, says the TickBox devices are nothing more than "tool[s] for mass infringement," which operate by grabbing pirated video streams from the Internet. The lawsuit was filed by Amazon and Netflix Studios, along with six big movie studios that make up the Motion Picture Association of America: Universal, Columbia, Disney, Paramount, 20th Century Fox, and Warner Bros.

"What TickBox actually sells is nothing less than illegal access to Plaintiffs' copyrighted content," write the plaintiffs' lawyers. "TickBox TV uses software to link TickBox's customers to infringing content on the Internet. When those customers use TickBox TV as Defendant intends and instructs, they have nearly instantaneous access to multiple sources that stream Plaintiffs' Copyrighted Works without authorization." The device's marketing materials let users know the box is meant to replace paid-for content, with "a wink and a nod," by predicting that prospective customers who currently pay for Amazon Video, Netflix, or Hulu will find that "you no longer need those subscriptions." The lawsuit shows that Amazon and Netflix, two Internet companies that are relatively new to the entertainment business, are more than willing to join together with movie studios to go after businesses that grab their content.

Microsoft

Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 (reuters.com) 46

Citing five former employees, Reuters reported on Tuesday that Microsoft's secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago. From the report: The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident. The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins. The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks. "Bad guys with inside access to that information would literally have a 'skeleton key' for hundreds of millions of computers around the world," said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.
AT&T

Mobile Phone Companies Appear To Be Selling Your Location To Almost Anyone (techcrunch.com) 149

An anonymous reader quotes a report from TechCrunch: You may remember that last year, Verizon (which owns Oath, which owns TechCrunch) was punished by the FCC for injecting information into its subscribers' traffic that allowed them to be tracked without their consent. That practice appears to be alive and well despite being disallowed in a ruling last March: companies appear to be able to request your number, location, and other details from your mobile provider quite easily. The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)
Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 134

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Microsoft

Microsoft Has Already Fixed the Wi-Fi Attack Vulnerability; Android Will Be Patched Within Weeks (theverge.com) 135

Microsoft says it has already fixed the problem for customers running supported versions of Windows. From a report: "We have released a security update to address this issue," says a Microsoft spokesperson in a statement to The Verge. "Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected." Microsoft is planning to publish details of the update later today. While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices "in the coming weeks." Google's own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates. Security researchers claim 41 percent of Android devices are vulnerable to an "exceptionally devastating" variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices.
Crime

Pizza Hut Leaks Credit Card Info On 60,000 Customers (kentucky.com) 76

An anonymous reader quotes McClatchy: Pizza Hut told customers by email on Saturday that some of their personal information may have been compromised. Some of those customers are angry that it took almost two weeks for the fast food chain to notify them. According to a customer notice emailed from the pizza chain, those who placed an order on its website or mobile app between the morning of Oct. 1 and midday Oct. 2 might have had their information exposed. The "temporary security intrusion" lasted for about 28 hours, the notice said, and it's believed that names, billing ZIP codes, delivery addresses, email addresses and payment card information -- meaning account number, expiration date and CVV number -- were compromised... A call center operator told McClatchy that about 60,000 people across the U.S. were affected.
"[W]e estimate that less than one percent of the visits to our website over the course of the relevant week were affected," read a customer notice sent only to those affected, offering them a free year of credit monitoring. But that hasn't stopped sarcastic tweets like this from the breach's angry victims.

"Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it."
Businesses

Apple's Tim Cook Shares What He Learned From Steve Jobs (businessinsider.com) 169

Speaking at Oxford, Apple CEO Tim Cook shared a lesson learned from the "spectacular" commercial failure of the Power Mac G4 Cube in 2000 -- and from his mentor Steve Jobs. An anonymous reader quotes Business Insider: "It was a very important product for us, we put a lot of love into it, we put enormous engineering into it," Cook said of the G4 Cube on stage. He calls it an "engineering marvel." At the time, Cook was Apple Senior VP of Worldwide Operations, recruited personally by then-CEO Steve Jobs... While the design was a hit, it was $200 more expensive than the regular Power Mac G4, a more traditional-looking PC with very similar specs. And some Cubes would develop cosmetic cracks in the acrylic cube casing due to a manufacturing flaw. In his talk, Cook says that Apple knew the Cube was flopping "from the very first day, almost..."

Ultimately, Cook says, it was a lesson in humility and pride. Apple had told both employees and customers that the G4 Cube was the future. And yet, despite Apple's massive hype, demand just wasn't there, and the company had to walk away. "This was another thing that Steve [Jobs] taught me, actually," says Cook. "You've got to be willing to look yourself in the mirror and say I was wrong, it's not right." In a broader sense, Cook says that Jobs taught him the value of intellectual honesty -- that, no matter how much you care about something, you have to be willing to take new data and apply it to the situation.

He advised his audience to "be intellectually honest -- and have the courage to change."

And the article points out that today there's a small but enthusiastic community who are still hacking their Power Mac G4 Cubes.
Television

Cord-Cutters Drive Cable TV Subscribers to a 17-Year Low (houstonchronicle.com) 200

An anonymous reader quotes the Washington Post: On Wednesday, AT&T told regulators that it expects to finish the quarter with about 90,000 fewer TV subscribers than it began with. AT&T blamed a number of issues, including hurricane damage to infrastructure, rising credit standards and competition from rivals. The report also shows AT&T lost more traditional TV customers than it gained back through its online video app, DirecTV Now. And analysts are suggesting that that's evidence that cord-cutting is the main culprit... "DirecTV, like all of its cable peers, is suffering from the ravages of cord-cutting," said industry analyst Craig Moffett in a research note this week. Moffett added that while nobody expected AT&T's pay-TV numbers to look good, hardly anyone could have predicted they would look "this bad."

The outlook doesn't look much healthier for the rest of the television industry. Over the past year, cable and satellite firms have collectively lost nearly 3 million customers, according to estimates by market analysts at SNL Kagan and New Street Research. The number of households with traditional TV service is hovering at about the level it was in 2000, according to New Street's Jonathan Chaplin, in a study last week. Other analysts predict that, after factoring in AT&T's newly disclosed losses, the industry will have lost 1 million traditional TV subscribers by the end of this quarter.

IOS

Latest iOS Update Shows Apple Can Use Software To Break Phones Repaired By Independent Shops (vice.com) 128

The latest version of iOS fixes several bugs, including one that caused a loss of touch functionality on a small subset of phones that had been repaired with certain third-party screens and had been updated to iOS 11. "Addresses an issue where touch input was unresponsive on some iPhone 6S displays because they were not serviced with genuine Apple parts," the update reads. "Note: Non-genuine replacement displays may have compromised visual quality and may fail to work correctly. Apple-certified screen repairs are performed by trusted experts who use genuine Apple parts. See support.apple.com for more information." Jason Koebler writes via Motherboard: "This is a reminder that Apple seems to have the ability to push out software updates that can kill hardware and replacement parts it did not sell iPhone customers itself, and that it can fix those same issues remotely." From the report: So let's consider what actually happened here. iPhones that had been repaired and were in perfect working order suddenly stopped working after Apple updated its software. Apple was then able to fix the problem remotely. Apple then put out a warning blaming the parts that were used to do the repair. Poof -- phone doesn't work. Poof -- phone works again. In this case, not all phones that used third party parts were affected, and there's no reason to think that, in this case, Apple broke these particular phones on purpose. But there is currently nothing stopping the company from using software to control unauthorized repair: For instance, you cannot replace the home button on an iPhone 7 without Apple's proprietary "Horizon Machine" that re-syncs a new home button with the repaired phone. This software update is concerning because it not only undermines the reputation of independent repair among Apple customers, but because it shows that phones that don't use "genuine" parts could potentially one day be bricked remotely.
Businesses

Hollywood Studios Join Disney To Launch Movies Anywhere Digital Locker Service (theverge.com) 48

There may be a grand unifying service to make accumulating a large digital cinematic library feasible, or so is the hope anyway. From a report: For several years now, Disney has been the only Hollywood studio with a digital movie locker worth using, but a host of other industry heavyweights have now jumped on board to launch an expanded version of the service called Movies Anywhere. It's both a cloud-based digital locker and a one-stop-shop app: customers connect Movies Anywhere to their iTunes, Amazon Video, Google Play, or Vudu accounts, and all of the eligible movies they've purchased through those retailers appear as part of their Movies Anywhere library. Given that the Movies Anywhere app works across a number of platforms, it basically allows them to take their digital film library with them no matter what device or operating system they're using. [...] The launch of Movies Anywhere should be the merciful, final blow that puts an end to UltraViolet, one of the entertainment industry's first attempts at putting together a comprehensive digital locker service. That service flailed due to a poor customer experience and lack of adoption on the part of big digital retailers like Apple. The team behind Movies Anywhere seems to have learned from UltraViolet's mistakes, however, as well as Disney's previous successes.
Security

Equifax Breach Included 10 Million US Driving Licenses (engadget.com) 66

An anonymous reader quotes a report from Engadget: 10.9 million U.S. driver's licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers' records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver's licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency's system.
Businesses

FCC's Claim That One ISP Counts As 'Competition' Faces Scrutiny In Court (arstechnica.com) 200

Jon Brodkin reports via Ars Technica: A Federal Communications Commission decision to eliminate price caps imposed on some business broadband providers should be struck down, advocacy groups told federal judges last week. The FCC failed to justify its claim that a market can be competitive even when there is only one Internet provider, the groups said. Led by Chairman Ajit Pai, the FCC's Republican majority voted in April of this year to eliminate price caps in a county if 50 percent of potential customers "are within a half mile of a location served by a competitive provider." That means business customers with just one choice are often considered to be located in a competitive market and thus no longer benefit from price controls. The decision affects Business Data Services (BDS), a dedicated, point-to-point broadband link that is delivered over copper-based TDM networks by incumbent phone companies like AT&T, Verizon, and CenturyLink.

But the FCC's claim that "potential competition" can rein in prices even in the absence of competition doesn't stand up to legal scrutiny, critics of the order say. "In 2016, after more than 10 years of examining the highly concentrated Business Data Services market, the FCC was poised to rein in anti-competitive pricing in the BDS market to provide enterprise customers, government agencies, schools, libraries, and hospitals with much-needed relief from monopoly rates," Phillip Berenbroick, senior policy counsel at consumer advocacy group Public Knowledge said. But after Republicans gained the FCC majority in 2017, "the commission illegally reversed course without proper notice and further deregulated the BDS market, leaving consumers at risk of paying up to $20 billion a year in excess charges from monopolistic pricing," Berenbroick said.

Piracy

Pirate Bay is Mining Cryptocurrency Again, No Opt Out (torrentfreak.com) 184

The Pirate Bay is mining cryptocurrency again, causing a spike in CPU usage among many visitors. From a report: For now, the notorious torrent site provides no option to disable it. The new mining expedition is not without risk. CDN provider Cloudflare previously suspended the account of a site that used a similar miner, which means that The Pirate Bay could be next. Last month The Pirate Bay caused some uproar by adding a Javascript-based cryptocurrency miner to its website. The miner utilizes CPU power from visitors to generate Monero coins for the site, providing an extra source of revenue. [...] The Pirate Bay currently has no opt-out option, nor has it informed users about the latest mining efforts. This could lead to another problem since Coinhive said it would crack down on customers who failed to keep users in the loop.
Security

Equifax Increases Number of Britons Affected By Data Breach To 700,000 (telegraph.co.uk) 58

phalse phace writes: You know those 400,000 Britons that were exposed in Equifax's data breach? Well, it turns out the number is actually closer to 700,000. The Telegraph reports: "Equifax has just admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised. The company originally estimated that the number of people affected in the UK was 'fewer than 400,000.' But on Tuesday night it emerged that cyber criminals had targeted 15.2 million records in the UK. It said 693,665 people could have had their data exposed, including email addresses, passwords, driving license numbers, phone numbers. The stolen data included partial credit card details of less than 15,000 customers."

Slashdot Top Deals