Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
United States

Google Wi-Fi Kiosks in New York Promise No Privacy, 'Can Collect Anything' (observer.com) 52

Here's the thing about those wi-fi kiosks replacing New York City's public payphones. They're owned by Google/Alphabet company Sidewalk Labs, they're covered with ads, and if you read the privacy policy on its web site, "it's not that one." An anonymous Slashdot reader quotes an article from the Observer: Columbia professor Benjamin Read got a big laugh at this weekend's Hackers on Planet Earth XI conference in Manhattan when he pointed out that the privacy policy on LinkNYC's website only applies to the website itself, not to the actual network of kiosks.
The web page points out that it has two separate privacy policies in an easily-missed section near the top, and for their real-world kiosks, "They essentially have a privacy policy that says, 'we can collect anything and do anything' and that sets the outer bound'," says New York Civil Liberties Union attorney Mariko Hirose.

The Observer reports that the policy "promises not to use facial recognition... however, nothing stops the company from retracting that guarantee. In fact, Hirose said that she's been told by the company that the kiosk's cameras haven't even been turned on yet, but it is also under no obligation to tell the public when the cameras go live." The article concludes that in general the public's sole line of defense is popular outrage, and that privacy policies "have been constructed primarily to guard companies against liability and discourage users from reading closely."
Crime

Cisco Finds $34 Million Ransomware Industry (networkworld.com) 15

Ransomware is "generating huge profits," says Cisco. Slashdot reader coondoggie shares this report from Network World: Enterprise-targeting cyber enemies are deploying vast amounts of potent ransomware to generate revenue and huge profits -- nearly $34 million annually, according to Cisco's Mid-Year Cybersecurity Report out this week. Ransomware, Cisco wrote, has become a particularly effective moneymaker, and enterprise users appear to be the preferred target.
Many of the victims were slow to patch their systems, according to the article. One study of Cisco devices running on fundamental infrastructure discovered that 23% had vulnerabilities dating back to 2011, and 16% even had vulnerabilities dating back to 2009. Popular attack vectors included vulnerabilities in JBoss and Adobe Flash, which was responsible for 80% of the successful attacks for one exploit kit. The article also reports that attackers are now hiding their activities better using HTTPS and TLS, with some even using a variant of Tor.
Democrats

Clinton Campaign Breached By Hackers 237

An anonymous reader writes: Hillary Clinton's campaign network was breached by hackers targeting several large Democratic organizations, Reuters reports. Clinton's campaign spokesperson Nick Merrill confirmed the hack in a statement. 'An analytics data program maintained by the DNC, and used by our campaign and a number of other entities, was accessed as part of the DNC hack. Our campaign computer system has been under review by outside security experts. To date, they have found no evidence that our internal systems have been compromised,' he said.

The hack follows on the heels of breaches at the Democratic National Committee and at the Democratic Congressional Campaign Committee earlier this year. More than 19,000 emails from DNC officials were published on WikiLeaks just prior to the Democratic National Convention, casting a shadow over the proceedings. Some security experts and U.S. officials have attributed the breaches to Russian operatives, although the origin of the email leak is less certain.
Security

WhatsApp Isn't Fully Deleting Its 'Deleted' Chats (theverge.com) 60

Facebook-owned messaging app WhatsApp retains and stores chat logs even after those messages have been deleted, according to iOS researcher Jonathan Zdziarski. The Verge reports: Examining disk images taken from the most recent version of the app, Zdziarski found that the software retains and stores a forensic trace of the chat logs even after the chats have been deleted, creating a potential treasure trove of information for anyone with physical access to the device. The same data could also be recoverable through any remote backup systems in place. In most cases, the data is marked as deleted by the app itself -- but because it has not been overwritten, it is still recoverable through forensic tools. Zdziarski attributed the problem to the SQLite library used in coding the app, which does not overwrite by default. WhatsApp was applauded by many privacy advocates for switching to default end-to-end encryption through the Signal protocol, a process that completed this April. But that system only protects data in transit, preventing carriers and other intermediaries from spying on conversations as they travel across the network.
Facebook

Facebook Offering Refunds For Kids' In-App Purchases (pcmag.com) 22

Parents who found themselves with hefty bills after their kids made in-app purchases -- mainly via the now-defunct Facebook Credits -- can now request a refund from Facebook. PCMag reports: The news comes as part of a settlement for a class-action lawsuit brought against the social network in February 2012, and covers those who made any kind of purchase through their Facebook accounts between February 2008 and March 2015. Facebook maintained that it did nothing wrong, as those purchasing digital currency received what they paid for. But California's Family Code stipulates that minors can void contracts they make at any point when they're under 18 years of age. In other words, the legislation is designed to prevent other entities from preying on minors who don't otherwise understand the ramifications of their actions -- like tapping repeatedly on an in-app item to acquire it.
Television

Apple's Rigid Negotiating Tactics Cost Us 'Skinny Bundles' For Apple TV, Says Report (thenextweb.com) 108

An anonymous reader quotes a report from The Next Web: According to a new report from The Wall Street Journal, the reason we don't have actual TV channels on the Apple TV is because the company tried to strong-arm networks -- and failed. Apple's Senior Vice President Eddy Cue is said to have taken the wrong approach. In one meeting, he reportedly told TV executives that "time is on my side." Cue is also accused of bluffing executives by claiming other networks -- specifically Disney and Fox -- were already signed up. The company also refused to show off the Apple TV interface, or "sketch it on the back of a napkin," as one media executive requested. Cue also tried to strike hard bargains, says WSJ. He reportedly asked that Disney put off the royalties Apple would have to pay for several years. Those 'skinny bundles' we heard so much about were what Apple was planning to build its TV experience around, too. In 2015, a bundle consisting of Fox, ESPN and Disney content was conceptualized (and priced at $30), but no agreements were ever signed. In an effort to create more original programming, Apple is scheduled to release its 'Planet of the Apps' TV show about app developers next year.
Cloud

Office 365 Gets New Word, PowerPoint and Outlook Features (networkworld.com) 98

New submitter Miche67 writes: As part of the July 2016 update to Office 365, Microsoft is adding several features across the board to Word, PowerPoint and Outlook. Word, however, is getting the biggest new features -- Researcher and Editor -- to improve your writing. "As its name implies, Researcher is designed to help the user find reliable sources of information by using the Bing Knowledge Graph to search for sources, and it will properly cite them in the Word document," reports Network World. "[Editor] builds on the already-existing spellchecker and thesaurus to offer suggestions on how to improve your overall writing. In addition to the wavy red line under a misspelled word and the wavy blue line under bad grammar, there will be a gold line for writing style." The new features are expected to be available later this year. In addition to the two new features added to PowerPoint last year -- Designer and Morph, Microsoft is offering Zoom, a feature that lets you easily create "interactive, non-linear presentations." "Instead of the 1-2-3-4 linear method of presenting slides, forcing you to place them all in the order you wish to display, presenters will be able to show their slides in any order they want at any time," reports Network World. "This way you can change your presentation order as needed without having to stop PowerPoint or interrupt the display." As for Outlook, Focused Inbox is coming to Office 365. Focused Inbox separates your inbox into two tabs. The "Focused" tab is where all of your high-priority emails will be found, while everything else will be in the "Other" tab. Outlook will learn from your behavior over time and sort your mail accordingly. In addition, @mentions are coming to Outlook 365 and Outlook for PC and Mac, "making it easy to identify emails that need your attention, as well as flag actions for others."
The Almighty Buck

Amazon Debuts a Dedicated Shop For Kickstarter Products (techcrunch.com) 18

An anonymous reader quotes a report from TechCrunch: Today, Amazon announced it's teaming up with Kickstarter to offer those successful Kickstarter products a way to reach more customers through a dedicated section on Amazon's website. Via www.amazon.com/launchpad/kickstarter, the online retailer is now featuring a group of over 300 Kickstarter products across a variety of categories, like electronics, books, home and kitchen, movies and tv, and more. The products can also be browsed by theme, like STEM products, "Always be Learning," "Exquisite Objects," "Inventing the Future," and "Public Benefit," for example. The new Kickstarter section is actually an expansion on Amazon's Launchpad platform, launched a year ago. In July 2015, the retailer debuted a dedicated portal that offered both marketing and sales for hardware and physical goods from younger tech companies. Today, Amazon says it has now worked with over 100 VCs, accelerators and crowdfunders and has helped more than 1,000 launch products across the U.S., the U.K., China, Germany, and France. All startups who participate in Launchpad receive custom product pages, a comprehensive marketing package, and access to Amazon's global fulfillment network, the retailer notes.
Communications

NIST Prepares To Ban SMS-Based Two-Factor Authentication (softpedia.com) 147

An anonymous reader writes: "The U.S. National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA)," reports Softpedia. The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone number, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone. The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: "Biometrics SHALL be used with another authentication factor (something you know or something you have)," the guideline's draft reads. The NIST DAG draft reads in part: "If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance."
Security

Researchers Discover 110 Snooping Tor Nodes (helpnetsecurity.com) 45

Reader Orome1 writes: In a period spanning 72 days, two researchers from Northeastern University have discovered at least 110 "misbehaving" and potentially malicious hidden services directories (HSDirs) on the Tor anonymity network. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and do not misbehave. Particularly the privacy of the hidden services is dependent on the honest operation of hidden services directories (HSDirs)," Professor Guevara Noubir and Ph.D. student Amirali Sanatinia explained. "Bad" HSDirs can be used for a variety of attacks on hidden services: from DoS attacks to snooping on them.
Open Source

Linux Kernel 4.7 Officially Released (iu.edu) 60

An anonymous Slashdot reader writes: The Linux 4.7 kernel made its official debut today with Linus Torvalds announcing, "after a slight delay due to my travels, I'm back, and 4.7 is out. Despite it being two weeks since rc7, the final patch wasn't all that big, and much of it is trivial one- and few-liners." Linux 4.7 ships with open-source AMD Polaris (RX 480) support, Intel Kabylake graphics improvements, new ARM platform/board support, Xbox One Elite Controller support, and a variety of other new features.
Slashdot reader prisoninmate quotes a report from Softpedia: The biggest new features of Linux kernel 4.7 are support for the recently announced Radeon RX 480 GPUs (Graphic Processing Units) from AMD, which, of course, has been implemented directly into the AMDGPU video driver, a brand-new security module, called LoadPin, that makes sure the modules loaded by the kernel all originate from the same file system, and support for generating virtual USB Device Controllers in USB/IP. Furthermore, Linux kernel 4.7 is the first one to ensure the production-ready status of the sync_file fencing mechanism used in the Android mobile operating system, allow Berkeley Packet Filter (BPF) programs to attach to tracepoints, as well as to introduce the long-anticipated "schedutil" frequency governor to the cpufreq dynamic frequency scaling subsystem, which promises to be faster and more accurate than existing ones.
Linus's announcement includes the shortlog, calling this release "fairly calm," though "There's a couple of network drivers that got a bit more loving."
Republicans

Avast Suckers GOP Delegates Into Connecting To Insecure Wi-Fi Hotspots (theregister.co.uk) 109

Avast conned more than 1,200 people into connecting to fake wi-fi hotspots set up near the Republican convention and the Cleveland airport, using common network names like "Google Starbucks" and "Xfinitywifi" as well as "I vote Trump! free Internet". An anonymous reader quotes this report from The Register: With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting... Some 68.3 percent of users' identities were exposed when they connected, and 44.5 per cent of Wi-Fi users checked their emails or chatted via messenger apps... In its day-long experiment Avast saw more than 1.6Gbps transferred from more than 1,200 users.
Avast didn't store the data they collected, but they did report statistics on which sites were accessed most frequently. "5.1 percent played Pokemon Go, while 0.7 percent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup, and 0.24 percent visited pornography sites like Pornhub."
Security

Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry (theregister.co.uk) 20

The Wassenaar Arrangement "is threatening to choke the cyber-security industry, according to a consortium of cyber-security companies...supported by Microsoft among others," reports SC Magazine. "'Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,' wrote Alan Cohn from the CRC on a Microsoft blog." Reporter Darren Pauli contacted Slashdot with this report: If the Wassenaar Arrangement carries through under its current state, it will force Microsoft to submit some 3800 applications for arms export every year, company assistant general counsel Cristin Goodwin says... The Wassenaar Arrangement caught all corners of the security industry off guard, but its full potentially-devastating effects will only be realised in coming months and years... Goodwin and [Symantec director of government affairs] Fletcher are calling on the industry to lobby their agencies to overhaul the dual-use software definition of the Arrangement ahead of a closed-door meeting in September where changes can be proposed.
Businesses

MasterCard Is Buying the Core of the British Payments Infrastructure (fortune.com) 27

Mastercard has agreed to purchase a controlling stake in VocalLink, the payments processor that handles most payroll and household bill processing in the UK. The American payment giant will be paying up to $1.14 billion. Fortune reports: According to MasterCard MA, the deal would create "the first true combination of the traditional person-to-merchant cards business with a clearing business." That is, of course, presuming it clears regulatory scrutiny. VocaLink runs Link, the network that provides interoperability between British ATMs, as well as BACS, the clearing house for payments between bank accounts, and Faster Payments, the inter-bank transfer system for Internet and telephone-based payments.FastCompany explains what this could mean for MasterCard users.
PlayStation (Games)

Sony Is the Only Remaining Obstacle To PS4-Xbox Cross-Play (kotaku.com) 57

In March, Microsoft announced native support for cross-platform play between Xbox One and Windows 10. At the time, the company also added that this support could be extended to "other console and PC networks," something which led people to wonder if truly cross-platform gaming, on any platform, was next. When asked, Sony did say that it was open to the idea. "PlayStation has been supporting cross-platform play between PC on several software titles starting with Final Fantasy 11 on PS2 and PC back in 2002. We would be happy to have the conversation with any publishers or developers who are interested in cross-platform play." But since then, it appears that Sony has had a change of heart, which has resulted in developers asking the company for an update. Kotaku reports: In recent days, the developers behind Rocket League and The Witcher 3 have both called for Sony to break down the walls separating PlayStation Network and Xbox Live and allow cross-platform multiplayer. What's changed in the last few days are developers making an open call for Sony to make good on having that conversation with publishers and developers. In an interview with IGN, Psyonix president Jeremy Dunham explained how the Rocket League developer had already taken care of the technical side of things. "We're literally at the point where all we need is the go-ahead on the Sony side," said Dunham, "and we can, in less than a business day, turn it on and have it up and working no problem. It'd literally take a few hours to propagate throughout the whole world, so really we're just waiting on the permission to do so." In another statement to IGN, CD Projekt RED CEO Marcin Iwinski supported Psyonix.
Verizon

Verizon To Disconnect Unlimited Data Customers Who Use Over 100GB/Month 421

Verizon Wireless customers who have an unlimited data plan and use significantly more than 100GB a month will soon be disconnected from the network unless they agree to move to limited data packages that require payment of overage fees. Ars Technica reports: Verizon stopped offering unlimited data to new smartphone customers a few years ago, but some customers have been able to hang on to the old plans instead of switching to ones with monthly data limits. Verizon has tried to convert the holdouts by raising the price $20 a month and occasionally throttling heavy users but stopped that practice after net neutrality rules took effect. Now Verizon is implementing a formal policy for disconnecting the heaviest users.In a statement, Verizon said: "Because our network is a shared resource and we need to ensure all customers have a great mobile experience with Verizon, we are notifying a very small group of customers on unlimited plans who use an extraordinary amount of data that they must move to one of the new Verizon Plans by August 31, 2016." a Verizon spokesperson told Ars. "These users are using data amounts well in excess of our largest plan size (100GB). While the Verizon Plan at 100GB is designed to be shared across multiple users, each line receiving notification to move to the new Verizon Plan is using well in excess of that on a single device." FYI: The 100GB plan costs $450 a month.
Advertising

China Bans Ad Blocking (adexchanger.com) 126

An anonymous reader writes: Two weeks ago, China released its first ever set of digital ad regulations that impacted Chinese market leaders like Baidu and Alibaba. "But hidden among (the new regulations) is language that would seem to all but ban ad blocking," wrote Adblock Plus (ABP) operations manager Ben Williams in a blog post Wednesday. The new regulations prohibit "the use of network access, network devices, applications, and the disruption of normal advertising data, tampering with or blocking others doing advertising business (or) unauthorized loading the ad." There is also a clause included that addresses tech companies that "intercept, filter, cover, fast-forward and [impose] other restrictions" on online ad campaigns. ABP general counsel Kai Recke said in an email to AdExchanger that the Chinese State Administration for Industry and Commerce (SAIC) has much more control over the market than its otherwise equal U.S. counterpart, the Federal Communications Commission (FCC). "After all it looks like the Chinese government tries to get advertising more under their control and that includes that they want to be the only ones to be allowed to remove or alter ads," said Recke. "Ad-block users are a distinct audience and they require a distinct strategy and ways to engage them," said ABP CEO Till Faida at AdExchanger's Clean Ads I/O earlier this year. "They have different standards they've expressed for accessing them, and advertising has to reflect that."
The Internet

Engineer Gets Tired Of Waiting For Telecom Companies To Wire His town -- So He Does It Himself (backchannel.com) 106

Gurb, 75 kilometers north of Barcelona, is a quiet farming community of 2,500. It has suddenly become a popular place, thanks to being the birthplace of Guifi.net, one of the world's "most important experiments in telecommunications." It was built by an engineer who got tired of waiting for Telefonica, the Spanish telecom giant, to provide internet access to the people of his community. At first he wanted an internet access for himself, but it soon became clear that he also wanted to help his neighbors. Guifi has grown from a single wifi node in 2004, to 30,000 working nodes today, including some fiber connections, with thousands more in the planning stages. An article on Backchannel today documents the tale of Guifi. From the article: The project is a testament to tireless efforts -- in governance, not just in adding hardware and software -- by Ramon Roca (the engineer who started it) and his colleagues. They've been unwavering in their commitment to open access, community control, network neutrality, and sustainability. In 2004, he bought some Linksys WiFI hackable routers with a mission to get himself and his neighbors connected to the Internet. This is how he did it: Roca turned on a router with a directional antenna he'd installed at the top of a tall building near the local government headquarters, the only place in town with Internet access -- a DSL line Telefonica had run to municipal governments throughout the region. The antenna was aimed, line of sight, toward Roca's home about six kilometers away. Soon, neighbors started asking for connections, and neighbors of neighbors, and so on. Beyond the cost of the router, access was free. Some nodes were turned into "supernodes" -- banks of routers in certain locations, or dedicated gear that accomplishes the same thing -- that could handle much more traffic in more robust ways. The network connected to high-capacity fiber optic lines, to handle the growing demand, and later connected to a major "peering" connection to the global Internet backbone that provides massive bandwidth. Guifi grew, and grew, and grew. But soon it became clear that connecting more and more nodes wasn't enough, so he created a not-for-profit entity, the Guifi.net Foundation. The foundation, thanks to its cause and a cheerful community, has received over a million Euros to date -- from various sources including several levels of government. But as the article notes, a million Euros is a drop in the bucket next to the lavish subsidies and favors that state-approved monopolies such as Telefonica have enjoyed for decades. The article adds: The Guifi Foundation isn't the paid provider of most Internet service to end-user (home and business) customers. That role falls to more than 20 for-profit internet service providers that operate on the overall platform. The ISPs share infrastructure costs according to how much demand they put on the overall system. They pay fees to the foundation for its services -- a key source of funding for the overall project. Then they offer various kinds of services to end users, such as installing connections -- lately they've been install fiber-optic access in some communities -- managing traffic flows, offering email, handling customer and technical support, and so on. The prices these ISPs charge are, to this American (Editor's note: the author is referring to himself) who's accustomed to broadband-cartel greed, staggeringly inexpensive: 18 to 35 Euros (currently about $26-$37) a month for gigabit fiber, and much less for slower WiFi. Community ownership and ISP competition does wonders for affordability. Contrast this with the U.S. broadband system, where competitive dial-up phone access -- phone companies were obliged to let all ISPs use the lines as the early commercial Internet flourished in the 1990s -- gave way to a cartel of DSL and cable providers. Except in a few places where there's actual competition, we pay way more for much less.Read the story in its entirety here.
Security

Software Flaw Puts Mobile Phones and Networks At Risk Of Complete Takeover (arstechnica.com) 51

Dan Goodin, reporting for Ars Technica: A newly disclosed vulnerability could allow attackers to seize control of mobile phones and key parts of the world's telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks, security experts warned Tuesday. The bug resides in a code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones. Although exploiting the heap overflow vulnerability would require great skill and resources, attackers who managed to succeed would have the ability to execute malicious code on virtually all of those devices. The code library was developed by Pennsylvania-based Objective Systems and is used to implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One."The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources," researchers who discovered the flaw wrote in an advisory published Monday evening. "These may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network."
Facebook

Facebook Messenger Hits 1B Monthly Active Users, Accounts For 10 Percent Of All VoIP Calls (techcrunch.com) 55

Speaking of instant messaging and VoIP call apps, Facebook announced on Wednesday that Facebook Messenger has hit the 1 billion monthly active users milestone. The company adds that Messenger is just more than a text messenger -- in addition to the ambitious bot gamble, a digital assistant, and the ability to send money to friends -- Messenger now accounts for 10 percent of all VoIP calls made globally. Messenger's tremendous growth also underscores Facebook's mammoth capture of the world. The social network is used by more than 1.6 billion people actively every month. WhatsApp, the chat client it owns, is also used by more than one billion people.

TechCrunch has a brilliant story on the growth of Messenger from the scratch.

Slashdot Top Deals