Leap Towards a Career in Ethical Hacking with 60+ Hours of Prep Toward CISM, CISA, & More Certification Exams at 95% off ×

Finnish Government Criticizes Microsoft For Job Cuts, 'Broken Promises' (softpedia.com) 156

jones_supa writes: Softpedia reports: "Microsoft has recently announced a new round of job layoffs at its Mobile unit in Finland, as it moves forward with its restructuring and reorganization plan following the acquisition of Nokia's Devices and Services unit. The Finnish government has criticized Microsoft for turning to more job cuts in the country, pointing out that the company has a huge responsibility to help those who are being let go. Microsoft's latest job cut round included 1,850 people, 1,350 of which are said to be working in Finland. 'I am disappointed because of the (initial) promises made by Microsoft,' Finance Minister Alexander Stubb was quoted as saying by Reuters. 'One example is that the data center did not materialize despite the company's promise.'" He refers to Microsoft's promise in 2013 to invest $250 million in a data center located in Finland that was specifically meant to provide services to European customers. All of these worries are not unfounded as the employment situation in Finland is still quite terrible, and the decline of Nokia's former phone business certainly exacerbates the situation.

FBI Raids Dental Software Researcher Who Found Patient Records On Public Server (dailydot.com) 126

blottsie writes: Yet another security researcher is facing possible prosecution under the CFAA for accessing data on a publicly accessible server. The FBI on Tuesday raided Texas-based dental software security researcher Justin Shafer, who found the protected health records of 22,000 patients stored on an anonymous FTP. "This is a troubling development. I hope the government doesn't think that accessing unsecured files on a public FTP server counts as an unauthorized access under the CFAA," Orin Kerr, a George Washington University law professor and CFAA scholar told the Daily Dot. "If that turns out to be the government's theory -- which we don't know yet, as we only have the warrant so far -- it will be a significant overreach that raises the same issues as were briefed but not resolved in [Andrew 'weev' Auernheimer's] case. I'll be watching this closely." It was also reported this week via The Intercept that a provision snuck into the still-secret text of the Senate's annual intelligence authorization that would give the FBI the ability to demand individuals' email data and possibly web-surfing history from their service providers using those beloved 'National Security Letters' -- without a warrant and in complete secrecy.

State Dept. IT Staff Told To Keep Quiet About Clinton's Server (computerworld.com) 366

dcblogs writes this report from Computerworld: Former U.S. Secretary of State Hillary Clinton's decision to use a private email server ran afoul of the government's IT security and record retention requirements, according to a report by the department's inspector general released today. This use of a private email server did not go unnoticed within the Department of State's IT department. Two IT staff members who raised concerns about Clinton's use of a private server were told not to speak of it. Clinton was secretary of state from 2009 to 2013 and during that period she used a private email server in her New York home. This report by the Department of State's Inspector General about Clinton's use of a private server makes clear that rules and regulations were not followed. It says that Clinton would not have received approval for this server had she sought it. According to the current CIO, the report said, "Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs." However, the report notes, according to these officials, The Bureau of Diplomatic Security and IRM (Bureau of Information Resource Management) "did not -- and would not -- approve her exclusive reliance on a personal email account to conduct Department business, because of the restrictions in the FAM [Foreign Affairs Manual] and the security risks in doing so."

FBI Wants Biometric Database Hidden From Privacy Act (onthewire.io) 81

Trailrunner7 quotes a report from onthewire.io: The FBI is working to keep information contained in a key biometric database private and unavailable, even to people whose information is contained in the records. The database is known as the Next Generation Identification System (NGIS), and it is an amalgamation of biometric records accumulated from people who have been through one of a number of biometric collection processes. That could include convicted criminals, anyone who has submitted records to employers, and many other people. The NGIS also has information from agencies outside of the FBI, including foreign law enforcement agencies and governments. Because of the nature of the records, the FBI is asking the federal government to exempt the database from the Privacy Act, making the records inaccessible through information requests. From the report: "The bureau says in a proposal to exempt the database from disclosure that the NGIS should be exempt from the Privacy Act for a number of reasons, including the possibility that providing access 'could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another's personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.'" RT released a similar report on the matter.

Google Turns Firebase Into Its Unified Platform For Mobile Developers (techcrunch.com) 11

An anonymous reader writes: Google has announced a plethora of new features to Firebase, its cloud services provider that mobile developers can use to power their apps. TechCrunch reports: "In its previous incarnation, Firebase was somewhat similar to Facebook's now-defunct Parse in that it offered a database service, user authentication features and hosting tools. In this new version, Firebase takes many of Google's existing developer tools, like Google Cloud Messaging, and combines them with new and existing Firebase services. With this update, Google is turning Firebase into a unified app platform for its now 470,000 developers on the service (up from 110,000 when it acquired Firebase)." The new Firebase features deeply integrated analytics services, allowing developers to track specific parts of their apps with fine-grained events. Firebase can build audience segments and allow developers to analyze their behavior in even more detail than before, and view how their advertising campaigns are performing. With these audience segments, developers can make remote configuration changes in apps and take advantage of Firebase's new notifications system. This feature is based on Google Cloud Messaging, which is now changing its name to Firebase Cloud Messaging. Google is offering all Firebase users free and unlimited notifications with support for iOS, Android and the Web. They're also integrating its Cloud Test Lab into Firebase for testing mobile apps on real hardware, renaming it the Firebase Test Lab. Other new features include crash reporting, the ability to create dynamic deep links into your app, Firebase Invites for allowing app users to share referral codes, Firebase App Indexing for bringing app content into Google Search, and integration with Google's AdWords and AdMob advertising platforms. Last but not least, Google is introducing new pricing plans for Firebase, including a new free plan, a fixed-rate plan, and a pay-as-you go plan.

Hackers' Website Breached by Hacker (bbc.com) 48

The Nulled, one of the most popular hacker forums with more than 470,000 members has suffered a data breach. As a result of which, email addresses and private messages of all these members have leaked. According to a report on BBC, the leaked data contained more than 5,000 purchase records relating to the exchange of stolen information. From the BBC report: Researchers at Risk Based Security said the data dump contained the "complete forum's database" including 12,600 invoices, usernames, members' PayPal addresses and IP addresses. It also contained millions of forum posts and private messages detailing illegal activities. And some of the data could be used to work out members' identities, if they did not take steps to conceal it. Risk Based Security added the website had used message board software with known vulnerabilities, and the site also used a weak hashing algorithm to protect members' passwords.
Electronic Frontier Foundation

EFF Confronts World Copyright Committee (eff.org) 32

The EFF debated delegates on WIPO's Standing Committee on Copyright this week, joking the whole week could be summarized as "proposals for a broadcasting treaty continue to edge forward, while rich countries remain at loggerheads with users and poorer countries about copyright exceptions for education and libraries."

An anonymous reader writes: The EFF continued to push for more rights for libraries, for example to preserve "orphaned" works and to lend works across national borders. But they also report that at an EFF-sponsored side-meeting, one independent recording artist made an interesting suggestion about Mycelia, an open and distributed "verified" database of music metadata that's blockchain-enabled. "Although it remains mostly a vision for now, the widespread adoption of Mycelia-enabled services could, in theory, provide better transparency to artists about how and where their works are being used, as well as enabling many new innovative uses of music, both free and paid." (One audience member even asked whether it could resurrect Napster's model of peer-to-peer music-sharing with a mechanism for artist micropayments.)
Meanwhile, the EFF characterized the music industry's stance as "Blaming online content platforms for the low returns that artists receive, and moves to target them with additional responsibilities or obligations." But they added, "As frustrating as the long-winded discussions at WIPO often are, our ability to participate in them is a key advantage that this multilateral forum has over the secretive, closed-door negotiations over copyright that take place in trade negotiations such as the Trans-Pacific Partnership."

Software Security Suffers as Startups Lose Access To Google's Virus Data 74

Iain Thomson, writing for The Register: Security firms that use the Google-owned VirusTotal malware database but don't contribute to the silo are going to find themselves out on a limb. For the past 12 years, researchers have been feeding samples of software nasties into VirusTotal, allowing antivirus engines to check they can detect malicious code. But the site has seen an increasing number of security startups have been using the VirusTotal data without giving back. Now Google, and other contributors have had enough and have changed the terms and conditions of the website. Put simply, if you don't share samples, you can find your own malware elsewhere.From a Reuters report: The policy change at the information-sharing pioneer VirusTotal takes aim mainly at a new generation of security companies, some with valuations of $1 billion or more, that haven't been contributing their analysis. Older companies, some with market valuations much smaller than the upstart rivals, had pressed for the shift. "If they no longer have access to VirusTotal, their detection scores will drop," said Andreas Marx, chief executive of security software evaluation firm AV-TEST. With detection rates down, hackers will find easier entry.

Panama Papers Affair Widens As Database Goes Online (bbc.com) 100

In late April, it was reported there would be a huge new 'Panama Papers' data dump on May 9th. The report did not disappoint as today the Panama Papers affair has widened, with a huge database of documents relating to more than 200,000 offshore accounts posted online. The database can be accessed at offshoreleaks.icij.org. The papers were leaked by a source known as "Jony Doe," and the papers belonged to the Panama-based law firm Mossack Fonseca. The International Consortium of Investigative Journalists (ICIJ) decided to make the database public despite a "cease and desist" order issued by the law firm.

NASA Launches Searchable Database Of Public Domain Patents (slashgear.com) 19

An anonymous reader quotes a report from SlashGear: NASA has released a bunch of patents for its technologies so that anyone can use them. A total of 56 'formerly-patented' technologies developed by the government are now available in the public domain, meaning they can be used for commercial purposes in an unrestricted manner. To make it easier to find these technologies and others like them, NASA has also created a new searchable database that links the public to thousands of the agency's now-expired patents. According to NASA, the patents it has released may have non-aerospace applications that could help companies with commercial projects underway. Of the 56 formerly-patented technologies, users will find things like methods of propulsion, thrusters, rocket nozzles, advanced manufacturing processes, and more. NASA is "encouraging entrepreneurs to explore new ways to commercial NASA technologies," says NASA executive Daniel Lockney. Here's a direct link to search the database to your heart's content.

Panama Papers Source Breaks Silence Over 'Scale Of Injustices' (theguardian.com) 114

An anonymous reader quotes a report from The Guardian: The whistleblower behind the Panama Papers broke their silence on Friday to explain in detail how the injustices of offshore tax havens drove them to the biggest data leak in history. The source, whose identity and gender remain a secret, denied being a spy. The whistleblower said the leak of 11.5m documents from the Panamanian law firm Mossack Fonseca had triggered a "new, encouraging global debate," thanks to the publication last month of stories by an international consortium of newspapers, including the Guardian. The source gave Suddeutsche Zeitung leaked documents from Mossack Fonseca's internal database in real time installments. The papers included details of the beneficial owners of offshore companies, passport copies, and emails. The source said they decided to act after understanding the "scale of the injustices" the documents described. Mossack Fonseca denies wrongdoing and says its operations in Panama and elsewhere are "beyond reproach." Intriguingly, the source said they originally offered the documents to "several major media outlets." Editors reviewed the Panama Papers but in the end "chose not to cover them," they alleged. It is unclear which media organizations declined the material. The anonymous whistleblower also approached WikiLeaks -- again without success. "Even WikiLeaks didn't answer its tip line repeatedly," the source complained, adding: "The media has failed." The source used the name "John Doe" when they approached Germany's Suddeutsche Zeitung newspaper.

SAP Partners With Apple To Expand iOS In The Enterprise (techcrunch.com) 19

SAP has announced a partnership with Apple to bring iOS to SAP's enterprise customers. Steve Lucas, president for SAP's Digital Enterprise Platform, says SAP is firmly an enterprise company which has built a cloud platform to access all the software it has developed -- ERP product, SuccessFactors or Concur. With the new deal, Apple hopes to take a bite out of Microsoft's territory by selling hardware to companies who traditionally shop for PCs. In an effort to push iOS to its customers, SAP has announced a new set of apps for the iPhone and iPad that take advantage of data stored in SAP tools. They're providing an iOS SDK for its in-memory database product, SAP HANA, to allow organizations to build their own customized apps using the data stored in HANA. SAP is also offering SAP Academy for iOS as a way for SAP programmers to learn to use the HANA iOS SDK. The deal between Apple and SAP echoes the deal from a couple years ago between Apple and IBM.

'Apple Stole My Music. No, Seriously' (vellumatlanta.com) 341

Vellum's James has written about his ordeal with Apple Music which many people can relate to. Apple Music, the Cupertino-based giant's online music streaming service, deleted 122GB of music files that James had stored on his computer. He writes: What Amber (supposed Apple Support representative) explained was exactly what I'd feared: through the Apple Music subscription, which I had, Apple now deletes files from its users' computers. When I signed up for Apple Music, iTunes evaluated my massive collection of Mp3s and WAV files, scanned Apple's database for what it considered matches, then removed the original files from my internal hard drive. REMOVED them. Deleted. If Apple Music saw a file it didn't recognize -- which came up often, since I'm a freelance composer and have many music files that I created myself -- it would then download it to Apple's database, delete it from my hard drive, and serve it back to me when I wanted to listen, just like it would with my other music files it had deleted. This isn't the first time Apple Music has deleted a user's locally stored music files. Long-time Apple watcher Jim Dalrymple canceled his subscription last year and called Apple Music a "nightmare" after the service allegedly deleted over 4,700 of his previously bought songs. At the time, he wrote: At some point, enough is enough. That time has come for me -- Apple Music is just too much of a hassle to be bothered with. Nobody I've spoken at Apple or outside the company has any idea how to fix it, so the chances of a positive outcome seem slim to none.Incidentally, Apple Music is rumoured for a reboot at the company's developer conference in June. It's not clear if fixing the aforementioned glitch is among Apple's imminent agenda.

Microsoft Buys Into DNA Data Storage (ieee.org) 81

the_newsbeagle writes: More than 2.5 exabytes of data is created every day, and some experts estimate that 90% of all data in the world today was created in the last two years. Clearly, storing all this data is becoming an issue. One idea is DNA data storage, in which digital files are converted into the genetic code of four nucleotides (As, Cs, Gs, and Ts). Microsoft just announced that it's testing out this idea, getting synthetic bio company Twist Bioscience to produce 10 million strands of DNA that encode some mystery file the company provided. Using DNA for long-term data storage is attractive because it's durable and efficient. For example, scientists can read the genome from a woolly mammoth hair dating from 20,000 years ago.

There Will Be A Huge New 'Panama Papers' Data Dump (businessinsider.com) 110

An anonymous reader writes: The International Consortium of Investigative Journalists said in an email that on May 9 it would "publish what will likely be the largest-ever release of information about secret offshore companies and the people behind them," based on data from the Panama Papers investigation. "The searchable database will include information about more than 200,000 companies, trusts, foundations, and funds incorporated in 21 tax havens, from Hong Kong to Nevada in the United States." The ICIJ said in the email, "The impact of Panama Papers has been epic." The investigation has caused Icelandic Prime Minister Sigmundur David Gunnlaugsson to resign following revelations about his personal finances. It has caused Putin to point fingers at the West, accusing the U.S. of trying to weaken Russia. It has even created drama in the UK with calls for Prime Minister David Cameron to resign after his connections to offshore companies became evident. In addition, the ICIJ said, "[The Panama Papers investigation] sparked a new sense of urgency among lawmakers and regulators to close loopholes and make information about the owners of shell companies public."

How Big Data Creates False Confidence (nautil.us) 69

Mr D from 63 shares an article from Nautilus urging skepticism of big data: "The general idea is to find datasets so enormous that they can reveal patterns invisible to conventional inquiry... But there's a problem: It's tempting to think that with such an incredible volume of data behind them, studies relying on big data couldn't be wrong. But the bigness of the data can imbue the results with a false sense of certainty. Many of them are probably bogus -- and the reasons why should give us pause about any research that blindly trusts big data."
For example, Google's database of scanned books represents 4% of all books ever published, but in this data set, "The Lord of the Rings gets no more influence than, say, Witchcraft Persecutions in Bavaria." And the name Lanny appears to be one of the most common in early-20th century fiction -- solely because Upton Sinclair published 11 different novels about a character named Lanny Budd.

The problem seems to be skewed data and misinterpretation. (The article points to the failure of Google Flu Trends, which it turns out "was largely predicting winter".) The article's conclusion? "Rather than succumb to 'big data hubris,' the rest of us would do well to keep our skeptic hats on -- even when someone points to billions of words."

MongoDB Config Error Exposed 93M Mexican Voter Records (csoonline.com) 69

An anonymous reader cites an article on CSOOnline: A 132 GB database, containing the personal information on 93.4 million Mexican voters has finally been taken offline. The database sat exposed to the public for at least eight days after its discovery by researcher Chris Vickery, but originally went public in September 2015. Vickery, who works as a security researcher at Kromtech, discovered the MongoDB instance on April 14, but had difficulty tracking down the person or company responsible for placing the voter data on Amazon's AWS. He first reached out to the U.S. State Department, as well as the Mexican Embassy, but had little success. The database contains all of the information that Mexican citizens need for their government-issued photo IDs that enable them to vote. Along with their municipality, and district information, the database records include the voter's name, address, voter ID number, date of birth, the names of their parents, occupation, and more. [...] Given that the database has been online since September 2015, it isn't clear how many people have accessed the records. Additionally, the actual owner of the account hosting the data remains unknown.

Oracle Patches 136 Flaws In 49 Products 23

An anonymous reader writes: Oracle has released the April 2016 Critical Patch Update, which provides fixes for 136 vulnerabilities in 49 products, including Java SE and MySQL, the company's Database Server and E-Business Suite, its Fusion Middleware, and its Sun Systems Products Suite. "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay," the company advised.

Warmest March In Global Recordkeeping (wunderground.com) 368

Layzej quotes a report from Weather Underground: March 2016 was by far the planet's warmest March since record keeping began in 1880. In the NOAA database, March 2016 came in a full 1.22C (2.20F) warmer than the 20th-century average for March, as well as 0.32C (0.58F) above the previous record for March, set in 2010. This is a huge margin for breaking a monthly global temperature record, as they are typically broken by just a few hundredths of a degree. Global satellite-measured temperatures also found this March to be the warmest -- the sixth consecutive monthly record in the UAH satellite data set. Gavin Schmidt, the NASA Goddard Institute for Space Studies has estimated that 2016 already has over a 99% chance of being the hottest year on record, based on the first three months alone.

Hacker's Account of How He Took Down Hacking Team's Servers (softpedia.com) 70

An anonymous reader writes: FinFisher, the hacker that broke into Italian firm Hacking Team, has published a step-by-step account of how he carried out the attacks, what tools he used, and what he learned from scouting HackingTeam's network. Published on PasteBin, the attack's timeline reveals he entered their network through a zero-day exploit in an (unnamed) embedded device, accessed a MongoDB database that had no password, discovered backups in the database, found a BES admin password in the backups, and eventually got admin access to the Windows Domain Server. From here, it was easy to reach into their email server and steal all the company's emails, and later access Git repos and steal the source code of their surveillance software.

Slashdot Top Deals