Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Does Windows 10's Data Collection Trade Privacy For Microsoft's Security? (pcworld.com) 55

jader3rd shares an article from PC World arguing that Windows 10's data collection "trades your privacy for Microsoft's security." [Anonymized] usage data lets Microsoft beef up threat protection, says Rob Lefferts, Microsoft's director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender... For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences.

Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns, Microsoft needs access to technical data, such as what processes are consuming system resources, hardware diagnostics, and file-level information like which applications had which files open, Lefferts says. Taken together, the hardware information, application details, and device driver data can be used to identify parts of the operating system are exposed and should be isolated into virtual containers.

The article points out that unlike home users, enterprise users of Windows 10 can select a lower level of data-sharing, but argues that enterprises "need to think twice before turning off Windows telemetry to increase corporate privacy" because Windows Update won't work without information about whether previous updates succeeded or failed.
Security

70 Laptops Got Left Behind At An Airport Security Checkpoint In One Month (bravotv.com) 92

America's Transportation Security Administration has been making some surprising announcements on social media. An anonymous reader writes: A TSA spokesperson says 70 laptops were left behind in just one month at an airport security checkpoint in Newark. "And yes, there are plenty of shiny MacBooks in that pile," reported BravoTV, "which can cost in the $2,000 range new." The TSA shared an image of the 70 laptops on their Instagram page and on Twitter, prompting at least one mobile project designer to reclaim his laptop. "The most common way laptops are forgotten is when traveler's stack a bin on top of the bin their laptop is in," the TSA warns. "Out of sight out of mind."
The TSA is also sharing pictures on social media of the 70 guns they confiscated at security checkpoints in one week in November, reporting they've also confiscated a blowtorch, batarangs, and a replica of that baseball bat from "The Walking Dead". They're reporting they found 33 loaded firearms in carry-on luggage in one week, and remind readers that gun-carrying passengers "can face a penalty as high as $11,000. This is a friendly reminder to please leave these items at home."
Microsoft

How Microsoft Lost In Court Over Windows 10 Upgrades (digitaltrends.com) 67

In June a California woman successfully sued Microsoft for $10,000 over forced Windows 10 upgrades, and she's now written a 58-page ebook about her battle (which she's selling for $9.99). But an anonymous Slashdot reader shares another inspiring story about a Texas IT worker and Linux geek who got Microsoft to pay him $650 for all the time that he lost. "Worley built a Windows 7 machine for his grandfather, who has Alzheimer's Disease, [customized] to look like Windows XP, an operating system his grandfather still remembered well..." writes Digital Trends. "But thanks to Microsoft's persistent Windows 10 upgrade program, Worley's grandfather unknowingly initiated the Win 10 upgrade by clicking the 'X' to close an upgrade window." After Worley filed a legal "Notice of Dispute," Microsoft quickly agreed to his demand for $650, which he donated to a non-profit focusing on Alzheimer's patients.

But according to the article, that's just the beginning, since Worley now "hopes people impacted by the forced Windows 10 upgrade will write a complaint to Microsoft demanding a settlement for their wasted time and money in repairing the device," and on his web page suggests that if people don't need the money, they should give it to charities fighting Alzheimer's. "If Microsoft isn't going to wake up and realize that lobbing intentionally-tricky updates at people who don't need and can't use them actively damages not only the lives of the Alzheimer's sufferer, but those of their whole family, then let's cure the disease on Microsoft's dime so their tactics and those of companies that will follow their reckless example aren't as damaging."

Worley suggests each Notice of Dispute should demand at least $50 per hour from Microsoft, adding "If recent history holds steady they might just write you a check!"
United States

Sysadmin Gets Two Years In Prison For Sabotaging ISP (bleepingcomputer.com) 85

After being let go over a series of "personal issues" with his employer, things got worse for 26-year-old network administrator Dariusz J. Prugar, who will now have to spend two years in prison for hacking the ISP where he'd worked. An anonymous reader writes: Prugar had used his old credentials to log into the ISP's network and "take back" some of the scripts and software he wrote... "Seeking to hide his tracks, Prugar used an automated script that deleted various logs," reports Bleeping Computer. "As a side effect of removing some of these files, the ISP's systems crashed, affecting over 500 businesses and over 5,000 residential customers."

When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.

Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015). Prugar's two-year prison sentence begins December 27.
Government

Virginia Police Spent $500K For An Ineffective Cellphone Surveillance System (muckrock.com) 33

Cell-site simulators can intercept phone calls and even provide locations (using GPS data). But Virginia's state police force just revealed details about their actual use of the device -- and it's not pretty. Long-time Slashdot reader v3rgEz writes: In 2014, the Virginia State Police spent $585,265 on a specially modified Suburban outfitted with the latest and greatest in cell phone surveillance: the DRT 1183C, affectionately known as the DRTbox. But according to logs uncovered by public records website MuckRock, the pricey ride was only used 12 times — and only worked seven of those times.
According to Virginia's ACLU director, "each of the 12 uses cost almost $50,000, and only 4 of them resulted in an arrest [raising] a significant question whether the more than half million dollars spent on the device and the vehicle...was a wise investment of public funds."
United Kingdom

For The UK's 'Snoopers' Charter', Politicians Voted Themselves An Exemption (independent.co.uk) 105

The "Snoopers' Charter" passed in the U.K. greatly expands the government's surveillance power. But before they'd enact the new Investigatory Powers Act, Britain's elected officials first voted to make themselves exempt from it. Sort of. An anonymous reader writes: While their internet browsing history will still be swept up, just like everyone else's, no one will ever be able to access it without specific approval from the Prime Minister. And according to The Independent, "That rule applies not only to members of the Westminster parliament but also politicians in the devolved assembly and members of the European Parliament."
The article adds that the exemption was the very first amendment they approved for the legislation. And for a very long time, the only amendment.
United Kingdom

UK Health Secretary Urges Social Media Companies To Block Cyberbullying And Underaged Sexting (betanews.com) 63

Mark Wilson shares his article on Beta News: Health secretary Jeremy Hunt has made calls for technology companies and social media to do more to tackle the problems of cyberbullying, online intimidation and -- rather specifically -- under-18-year-olds texting sexually explicit images. Of course, he doesn't have the slightest idea about how to go about tackling these problems, but he has expressed his concern so that, in conjunction with passing this buck to tech companies, should be enough, right?
Hunt apparently believes there's already a technology which can identify sexually explicit photos, and that social media networks should now also develop algorithms to identify and block cyberbullying, an idea the Guardian called "sadly laughable."

"Is the blanket censorship of non-approved communications for all under 18s -- something that goes far further than even the Great Firewall of China -- really the kind of thing a government minister should be able to idly suggest in 2016?"
Security

Crooks Need Just Six Seconds To Guess A Credit Card Number (independent.co.uk) 100

schwit1 quotes The Independent: Criminals can work out the card number, expiration date, and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found... Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack...

According to a study published in the academic journal IEEE Security & Privacy, fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously. Within seconds, by a process of elimination, the criminals could verify the correct card number, expiration date and the three-digit security number on the back of the card.

One of the researchers explained this attack combines two weaknesses into one powerful attack. "Firstly, current online payment systems do not detect multiple invalid payment requests from different websites... Secondly, different websites ask for different variations in the card data fields to validate an online purchase. This means it's quite easy to build up the information and piece it together like a jigsaw puzzle."
Iphone

iOS's 'Activation Lock' For Stolen iPads And iPhones Can Be Easily Bypassed (computerworld.com) 53

An anonymous reader quotes ComputerWorld: Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner... One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. [Security researcher] Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.

The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it... "After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock," he said in a blog post.

There's also a five-minute video on YouTube which purports to show a newer version of the same attack.
United States

The US Government Funds A War On Online Fake News (bangordailynews.com) 330

An anonymous reader quotes the Washington Post: Congressional negotiators on Wednesday approved an initiative to track and combat foreign propaganda amid growing concerns that Russian efforts to spread "fake news" and disinformation threaten U.S. national security. The measure, part of the National Defense Authorization Act approved by a conference committee, calls on the State Department to lead government-wide efforts to identify propaganda and counter its effects. The authorization is for $160 million over two years...

The Senate Intelligence Committee, meanwhile, has approved language in the fiscal year 2017 intelligence authorization bill calling for new executive branch efforts to combat what it characterized as "active measures" by Russia to manipulate people and governments through front groups, covert broadcasting or "media manipulation." "There is definitely bipartisan concern about the Russian government engaging in covert influence activities of this nature," Sen. Ron Wyden, D-Ore., a member of the Senate Intelligence Committee, said in a statement. "If you read section 501 of this year's intelligence authorization bill, it directs the President to set up an interagency committee to 'counter active measures by Russia to exert covert influence over peoples and governments.'"

Several senators on the intelligence committee also asked President Obama to declassify any information relating to the Russian government and the U.S. election.
The Courts

It Will Soon Be Illegal To Punish US Customers Who Criticize Businesses Online (arstechnica.com) 82

An anonymous reader writes: Congress has passed a law protecting the right of U.S. consumers to post negative online reviews without fear of retaliation from companies. The bipartisan Consumer Review Fairness Act was passed by unanimous consent in the US Senate, a Senate Commerce Committee announcement said. The bill, introduced in 2014, was already approved by the House of Representatives and now awaits President Obama's signature.

The Consumer Review Fairness Act -- full text available here -- voids any provision in a form contract that prohibits or restricts customers from posting reviews about the goods, services, or conduct of the company providing the product or service. It also voids provisions that impose penalties or fees on customers for posting online reviews as well as those that require customers to give up the intellectual property rights related to such reviews.

China

China's New 'Social Credit Score' Law Means Full Access To Customer Data (insurancejournal.com) 80

AnonymousCube shares this quote about China's new 'Social Credit Score' law from an insurance industry magazine: "Companies are also required to give government investigators complete access to their data if there is suspected wrong-doing, and Internet operators must cooperate in any national security or crime-related investigation."

Note that China has an extremely flexible definition of "national security". Additionally computer equipment will need to undergo mandatory certification, that could involve giving up source code, encryption keys, or even proprietary intellectual data, as Microsoft has been doing for some time.

The article suggests businesses like insurers "will likely see the cost of complying with this new action as a disincentive to conducting business in China."
Encryption

Encryption Backdoor Sneaks Into UK Law (theregister.co.uk) 121

Coisiche found a disturbing article from The Register about the U.K.'s new "Snoopers' Charter" law that has implications for tech companies around the world: Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the U.K. government to undermine encryption and demand surveillance backdoors... As per the final wording of the law, comms providers on the receiving end of a "technical capacity notice" will be obliged to do various things on demand for government snoops -- such as disclosing details of any system upgrades and removing "electronic protection" on encrypted communications. Thus, by "technical capability," the government really means backdoors and deliberate security weaknesses so citizens' encrypted online activities can be intercepted, deciphered and monitored... At the end of the day, will the U.K. security services be able to read your email, your messages, your posts and private tweets, and your communications if they believe you pose a threat to national security? Yes, they will.
The bill added the Secretaries of State as a required signatory to the "technical capacity" notices, which "introduces a minor choke-point and a degree of accountability." But the article argues the law ultimately anticipates the breaking of encryption, and without customer notification. "The U.K. government can certainly insist that a company not based in the U.K. carry out its orders -- that situation is specifically included in the new law -- but as to whether it can realistically impose such a requirement, well, that will come down to how far those companies are willing to push back and how much they are willing to walk away from the U.K. market."
Republicans

Of 8 Tech Companies, Only Twitter Says It Would Refuse To Help Build Muslim Registry For Trump (theintercept.com) 533

On the campaign trail last year, President-elect Donald Trump said he would consider requiring Muslim-Americans to register with a government database. While he has back-stepped on a number of campaign promises after being elected president, Trump and his transition team have recently resurfaced the idea to create a national Muslim registry. In response, The Intercept contacted nine of the "most prominent" technology companies in the United States "to ask if they would sell their services to help create a national Muslim registry." Twitter was the only company that responded with "No." The Intercept reports: Even on a purely hypothetical basis, such a project would provide American technology companies an easy line to draw in the sand -- pushing back against any effort to track individuals purely (or essentially) on the basis of their religious beliefs doesn't take much in the way of courage or conviction, even by the thin standards of corporate America. We'd also be remiss in assuming no company would ever tie itself to such a nakedly evil undertaking: IBM famously helped Nazi Germany computerize the Holocaust. (IBM has downplayed its logistical role in the Holocaust, claiming in a 2001 statement that "most [relevant] documents were destroyed or lost during the war.") With all this in mind, we contacted nine different American firms in the business of technology, broadly defined, with the following question: "Would [name of company], if solicited by the Trump administration, sell any goods, services, information, or consulting of any kind to help facilitate the creation of a national Muslim registry, a project which has been floated tentatively by the president-elect's transition team?" After two weeks of calls and emails, only three companies provided an answer, and only one said it would not participate in such a project. A complete tally is below.

Facebook: No answer. Twitter: "No," and a link to this blog post, which states as company policy a prohibition against the use, by outside developers, of "Twitter data for surveillance purposes. Period." Microsoft: "We're not going to talk about hypotheticals at this point," and a link to a company blog post that states that "we're committed to promoting not just diversity among all the men and women who work here, but [...] inclusive culture" and that "it will remain important for those in government and the tech sector to continue to work together to strike a balance that protects privacy and public safety in what remains a dangerous time." Google: No answer. Apple: No answer. IBM: No answer. Booz Allen Hamilton: Declined to comment. SRA International: No answer.

Government

Paris, Madrid, Athens, Mexico City Will Ban Diesel Vehicles By 2025 (bbc.com) 223

The mayors of four major global cities -- Paris, Mexico City, Madrid and Athens -- announced plans to stop the use of all diesel-powered cars and trucks by 2025. The leaders made their commitments in Mexico at a biennial meeting of city leaders. BBC reports: At the C40 meeting of urban leaders in Mexico, the four mayors declared that they would ban all diesel vehicles by 2025 and "commit to doing everything in their power to incentivize the use of electric, hydrogen and hybrid vehicles." "It is no secret that in Mexico City, we grapple with the twin problems of air pollution and traffic," said the city's mayor, Miguel Angel Mancera. "By expanding alternative transportation options like our Bus Rapid Transport and subway systems, while also investing in cycling infrastructure, we are working to ease congestion in our roadways and our lungs." Paris has already taken a series of steps to cut the impact of diesel cars and trucks. Vehicles registered before 1997 have already been banned from entering the city, with restrictions increasing each year until 2020. The use of diesel in transport has come under increasing scrutiny in recent years, as concerns about its impact on air quality have grown. The World Health Organization (WHO) says that around three million deaths every year are linked to exposure to outdoor air pollution. Diesel engines contribute to the problem in two key ways -- through the production of particulate matter (PM) and nitrogen oxides (NOx). Very fine soot PM can penetrate the lungs and can contribute to cardiovascular illness and death. Nitrogen oxides can help form ground level ozone and this can exacerbate breathing difficulties, even for people without a history of respiratory problems. The diesel ban is hugely significant. Carmakers will look at this decision and know it's just a matter of time before other city mayors follow suit.
Security

Hackers Steal $31 Million at Russia's Central Bank (cnn.com) 76

The Bank of Russia has confirmed Friday that hackers have stolen 2 billion rubles ($31 million) from correspondent accounts at the Russian central bank. Central bank security executive Artiom Sychev said it could've been much worse as hackers tried to steal 5 billion rubles, but the central banking authority managed to stop them. CNNMoney reports: Hackers also targeted the private banks and stole cash from their clients, the central bank reported. The central bank did not say when the heist occurred or how hackers moved the funds. But so far, the attack bears some similarity to a recent string of heists that has targeted the worldwide financial system. Researchers at the cybersecurity firm Symantec have concluded that the global banking system has been under sustained attack from a sophisticated group -- dubbed "Lazarus" -- that has been linked to North Korea. But it's unclear who has attacked Russian banks this time around. Earlier Friday, the Russian government claimed it had foiled an attempt to erode public confidence in its financial system. Russian's top law enforcement agency, the FSB, said hackers were planning to use a collection of computer servers in the Netherlands to attack Russian banks. Typically, hackers use this kind of infrastructure to launch a "denial of service" attack, which disrupts websites and business operations by flooding a target with data. The FSB said hackers also planned to spread fake news about Russian banks, sending mass text messages and publishing stories on social media questioning their financial stability and licenses to operate.
Crime

Foxconn Employee Faces 10-Year Prison Sentence For Stealing 5,700 iPhones Worth $1.5 Million (thenextweb.com) 44

A Taiwanese Foxconn manager faces a stiff prison sentence after he stole 5,700 iPhones from his employer, and went to sell them for $1.56 million. The Next Web reports: Foxconn is a tech manufacturing giant. It makes a lot of things, including laptops for HP, phones for Apple, games consoles for Sony, and its workers so depressed it has to install suicide nets. The Taiwanese manager at the center of this crime -- known only by his family name, Tsai -- worked in the testing department at Foxconn's factory in Shenzhen, mainland China. According to Taiwanese prosecutors, Tsai ordered eight of his subordinates to smuggle out thousands of iPhones which were used by the company for testing and quality assurance purposes. These were destined to be scrapped after use. The stolen iPhones (mostly iPhone 5 and iPhone 5s models) made their way to stores in Shenzhen, and went on to make Tsai and his accomplices nearly $1.56 million USD (Tw$50 million). Tsai has since been charged with breach of trust and, if found guilty, he faces a maximum 10-year jail term.
AI

Stephen Hawking: Automation and AI Is Going To Decimate Middle Class Jobs (businessinsider.com) 446

An anonymous reader quotes a report from Business Insider: In a column in The Guardian, the world-famous physicist wrote that "the automation of factories has already decimated jobs in traditional manufacturing, and the rise of artificial intelligence is likely to extend this job destruction deep into the middle classes, with only the most caring, creative or supervisory roles remaining." He adds his voice to a growing chorus of experts concerned about the effects that technology will have on workforce in the coming years and decades. The fear is that while artificial intelligence will bring radical increases in efficiency in industry, for ordinary people this will translate into unemployment and uncertainty, as their human jobs are replaced by machines. Automation will, "in turn will accelerate the already widening economic inequality around the world," Hawking wrote. "The internet and the platforms that it makes possible allow very small groups of individuals to make enormous profits while employing very few people. This is inevitable, it is progress, but it is also socially destructive." He frames this economic anxiety as a reason for the rise in right-wing, populist politics in the West: "We are living in a world of widening, not diminishing, financial inequality, in which many people can see not just their standard of living, but their ability to earn a living at all, disappearing. It is no wonder then that they are searching for a new deal, which Trump and Brexit might have appeared to represent." Combined with other issues -- overpopulation, climate change, disease -- we are, Hawking warns ominously, at "the most dangerous moment in the development of humanity." Humanity must come together if we are to overcome these challenges, he says.
Crime

Lawyer Sues 20-Year-Old Student Who Gave a Bad Yelp Review, Loses Badly (arstechnica.com) 82

20-year-old Lan Cai was in a car crash this summer, after she was plowed into by a drunk driver and broke two bones in her lower back. She didn't know how to navigate her car insurance and prove damages, so she reached out for legal help. Things didn't go as one would have liked, initially, as ArsTechnica documents:The help she got, Cai said, was less than satisfactory. Lawyers from the Tuan A. Khuu law firm ignored her contacts, and at one point they came into her bedroom while Cai was sleeping in her underwear. "Seriously, it's super unprofessional!" she wrote on Facebook. (The firm maintains it was invited in by Cai's mother.) She also took to Yelp to warn others about her bad experience. The posts led to a threatening e-mail from Tuan Khuu attorney Keith Nguyen. Nguyen and his associates went ahead and filed that lawsuit, demanding the young woman pay up between $100,000 and $200,000 -- more than 100 times what she had in her bank account. Nguyen said he didn't feel bad at all about suing Cai. Cai didn't remove her review, though. Instead she fought back against the Khuu firm, all thanks to attorney Michael Fleming, who took her case pro bono. Fleming filed a motion arguing that, first and foremost, Cai's social media complaints were true. Second, she couldn't do much to damage the reputation of a firm that already had multiple poor reviews. He argued the lawsuit was a clear SLAPP (strategic Lawsuit Against Public Participation). Ultimately, the judge agreed with Fleming, ordering the Khuu firm to pay $26,831.55 in attorneys' fees.
AT&T

FCC Calls Out AT&T, Verizon For 'Zero Rating' Their Own Video Apps (zdnet.com) 55

U.S. regulators are calling out AT&T and Verizon for exempting their own video apps from data caps on customers' smartphones. The FCC has sent letters to the country's biggest wireless carriers saying the way they handle the practice, known as "zero rating," can hurt competition and consumers. From a report on ZDNet: AT&T launched DirecTV Now earlier this week. AT&T Mobility customers can stream video data over LTE without impacting their data allowance. Verizon offers something similar with its go90 service. AT&T and Verizon don't see any wrongdoing. In a statement Friday, AT&T said exempting services like DirecTV Now from data caps saves customers money. Verizon said its practices are good for consumers and comply with regulations. "We will provide the FCC with additional information on why the government should not take away a service that saves consumers money," AT&T wrote in a statement Friday. The FCC hasn't released any official ruling on "zero rating," just guidance. It said on Thursday a similar letter was sent to AT&T in November, but the FCC didn't like AT&T's original response.

Slashdot Top Deals