Republicans

Hackers Have Targetted Both the Trump Organization And Democrat Election Data (arstechnica.com) 32

An anonymous reader writes: Two recent news stories give new prominence to politically-motivated data breaches. Friday the Wall Street Journal reported that last year Guccifer 2.0 sent 2.5 gigabytes of Democratic Congressional Campaign Committee election data to a Republican operative in Florida, including their critical voter turnout projections. At the same time ABC News is reporting that the FBI is investigating "an attempted overseas cyberattack against the Trump Organization," adding that such an attack would make his network a high priority for government monitoring.

"In the course of its investigation," they add, "the FBI could get access to the Trump Organization's computer network, meaning FBI agents could possibly find records connected to other investigations." A senior FBI official (now retired) concedes to ABC that "There could be stuff in there that they [the Trump organization] do not want to become part of a separate criminal investigation."

It seems like everyone's talking about the privacy of their communications. Tonight the Washington Post writes that Trump's son-in-law/senior advisor Jared Kushner "discussed the possibility of setting up a secret and secure communications channel between Trump's transition team and the Kremlin, using Russian diplomatic facilities in an apparent move to shield their pre-inauguration discussions from monitoring, according to U.S. officials briefed on intelligence reports." And Friday Hillary Clinton was even quoted as saying, "I would have won had I not been subjected to the unprecedented attacks by Comey and the Russians..."
Encryption

10 Years Later: FileZilla Adds Support For Master Password That Encrypts Your Logins (bleepingcomputer.com) 45

An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.
Facebook

Facebook Bans Sale of Piracy-Enabling Set-Top Boxes 38

Lirodon quotes a report from Variety: Facebook has joined the fight against illegal video-streaming devices. The social behemoth recently added a new category to products it prohibits users to sell under its commerce policy: Products or items that "facilitate or encourage unauthorized access to digital media." The change in Facebook's policy, previously reported by The Drum, appears primarily aimed at blocking the sale of Kodi-based devices loaded with software that allows unauthorized, free access to piracy-streaming services. Kodi is free, open-source media player software. The app has grown popular among pirates, who modify the code with third-party add-ons for illegal streaming. Even with the ban officially in place, numerous "jail-broken" Kodi-enabled devices remain listed in Facebook's Marketplace section, indicating that the company has yet to fully enforce the new ban. A Facebook rep confirmed the policy went into effect earlier this month. In addition, the company updated its advertising policy to explicitly ban ads for illegal streaming services and devices.
Bug

Two Different Studies Find Thousands of Bugs In Pacemakers, Insulin Pumps and Other Medical Devices 37

Two studies are warning of thousands of vulnerabilities found in pacemakers, insulin pumps and other medical devices. "One study solely on pacemakers found more than 8,000 known vulnerabilities in code inside the cardiac devices," reports BBC. "The other study of the broader device market found only 17% of manufacturers had taken steps to secure gadgets." From the report: The report on pacemakers looked at a range of implantable devices from four manufacturers as well as the "ecosystem" of other equipment used to monitor and manage them. Researcher Billy Rios and Dr Jonathan Butts from security company Whitescope said their study showed the "serious challenges" pacemaker manufacturers faced in trying to keep devices patched and free from bugs that attackers could exploit. They found that few of the manufacturers encrypted or otherwise protected data on a device or when it was being transferred to monitoring systems. Also, none was protected with the most basic login name and password systems or checked that devices they were connecting to were authentic. Often, wrote Mr Rios, the small size and low computing power of internal devices made it hard to apply security standards that helped keep other devices safe. In a longer paper, the pair said device makers had work to do more to "protect against potential system compromises that may have implications to patient care." The separate study that quizzed manufacturers, hospitals and health organizations about the equipment they used when treating patients found that 80% said devices were hard to secure. Bugs in code, lack of knowledge about how to write secure code and time pressures made many devices vulnerable to attack, suggested the study.
Security

Chipotle Says 'Most' of Its Restaurants Were Infected With Credit Card Stealing Malware (theverge.com) 90

Earlier this year, Chipotle announced that the their payment processing system was hacked. Today, the company has released more information about the hack, identifying the malware that was responsible and releasing a new tool to help customers check whether the restaurant they visited was involved. The company did not say how many restaurants were affected, but it did tell The Verge that "most" locations nationwide may have been involved. The Verge reports: "The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device," Chipotle said in a statement. "There is no indication that other customer information was affected." We browsed through the tool and found that every state Chipotle operates in had restaurants that were breached, including most major cities. The restaurants were vulnerable in various time frames between March 24th and April 18th, 2017. Chipotle also operates another chain called Pizzeria Locale, which was affected by the hack as well. (The list of identified restaurants can be found here, which includes locations in Kansas, Missouri, Colorado, and Ohio.) Chipotle noted that not all locations have been identified, but it's a starting guide to check whether your visit lines up with the breached period.
Businesses

Sean Parker Is Going To Great Lengths To Ensure 'Screening Room' Is Piracy Free, Patents Reveal (torrentfreak.com) 104

Napster co-founder Sean Parker has been working on his new service called Screening Room, which when becomes reality, could allow people to watch the latest Hollywood blockbusters in their living room as soon as they premiere at the box office. This week we get a glimpse at the kind of technologies Parker is using to ensure that the movies don't get distributed easily. From a report: Over the past several weeks, Screening Room Media, Inc. has submitted no less than eight patent applications related to its plans, all with some sort of anti-piracy angle. For example, a patent titled "Presenting Sonic Signals to Prevent Digital Content Misuse" describes a technology where acoustic signals are regularly sent to mobile devices, to confirm that the user is near the set-top box and is authorized to play the content. Similarly, the "Monitoring Nearby Mobile Computing Devices to Prevent Digital Content Misuse" patent, describes a system that detects the number of mobile devices near the client-side device, to make sure that too many people aren't tuning in. The general technology outlined in the patents also includes forensic watermarking and a "P2P polluter." The watermarking technology can be used to detect when pirated content spreads outside of the protected network onto the public Internet. "At this point, the member's movie accessing system will be shut off and quarantined. If the abuse or illicit activity is confirmed, the member and the household will be banned from the content distribution network," the patent reads. [...] Screening Room's system also comes with a wide range of other anti-piracy scans built in. Among other things, it regularly scans the Wi-Fi network to see which devices are connected, and Bluetooth is used to check what other devices are near.
Businesses

Disney Chief Bob Iger Doesn't Believe Movie Hack Threat Was Real (hollywoodreporter.com) 26

You may remember Disney's boss revealing that hackers had threatened to leak one of the studio's new films unless it paid a ransom. Bob Iger didn't name the film, but it was thought to be "Pirates of the Caribbean: Dead Men Tell No Tales." But now Iger says: "To our knowledge we were not hacked." From a report: Disney chairman-CEO Bob Iger confirmed Thursday that a hacker claiming to have stolen an upcoming Disney movie and demanding a ransom didn't appear to have the goods. "To our knowledge we were not hacked," Iger told Yahoo Finance. "We had a threat of a hack of a movie being stolen. We decided to take it seriously but not react in the manner in which the person who was threatening us had required." Iger continued, "We don't believe that it was real and nothing has happened." On May 15, as first reported by The Hollywood Reporter, Iger told ABC employees at a town hall meeting in New York that someone claiming to have stolen an upcoming movie would release the film on the internet unless the company paid a ransom. Iger told staff that the studio wouldn't meet any such demands.
Government

Major US Tech Firms Press Congress For Internet Surveillance Reforms (reuters.com) 35

Dustin Volz, reporting for Reuters: Facebook, Amazon and more than two dozen other U.S. technology companies pressed Congress on Friday to make changes to a broad internet surveillance law, saying they were necessary to improve privacy protections and increase government transparency. The request marks the first significant public effort by Silicon Valley to wade into what is expected to be a contentious debate later the year over the Foreign Intelligence Surveillance Act, parts of which will expire on Dec. 31 unless Congress reauthorizes them. Of particular concern to the technology industry and privacy advocates is Section 702, which allows U.S. intelligence agencies to vacuum up vast amounts of communications from foreigners but also incidentally collects some data belonging to Americans that can be searched by analysts without a warrant.
Government

Proposed Active-Defense Bill Would Allow Destruction of Data, Use of Beacon Tech (onthewire.io) 67

Trailrunner7 quotes a report from On the Wire: A bill that would allow victims of cybercrime to use active defense techniques to stop attacks and identify attackers has been amended to require victims to notify the FBI of their actions and also add an exemption to allow victims to destroy their data once they locate it on an attacker's machine. The Active Cyber Defense Certainty Act, drafted by Rep. Tom Graves (R-Ga.) in March, is designed to enable people who have been targets of cybercrime to employ certain specific techniques to trace the attack and identify the attacker. The bill defines active cyber defense as "any measure -- (I) undertaken by, or at the direction of, a victim"; and "(II) consisting of accessing without authorization the computer of the attacker to the victim" own network to gather information in order to establish attribution of criminal activity to share with law enforcement or to disrupt continued unauthorized activity against the victim's own network." After releasing an initial draft of the bill in March, Rep. Tom Graves held a public event in Georgia to collect feedback on the legislation. Based on that event and other feedback, Graves made several changes to the bill, including the addition of the notification of law enforcement and an exception in the Computer Fraud and Abuse Act for victims who use so-called beaconing technology to identify an attacker. "The provisions of this section shall not apply with respect to the use of attributional technology in regard to a defender who uses a program, code, or command for attributional purposes that beacons or returns locational or attributional data in response to a cyber intrusion in order to identify the source of the intrusion," the bill says.
Privacy

83 Percent Of Security Staff Waste Time Fixing Other IT Problems (betanews.com) 203

An anonymous reader shares a report: A new survey of security professionals reveals that 83 percent say colleagues in other departments turn to them to fix personal computer problems. The study by security management company FireMon shows a further 80 percent say this is taking up more than an hour of their working week, which in a year could equate to more than $88,000. For organizations, eight percent of professionals surveyed helping colleagues out five hours a week or more could be costing over $400,000. Organizations are potentially paying qualified security professionals salaries upwards of $100,000 a year and seeing up to 12.5 percent of that investment being spent on non-security related activities.
Censorship

Egypt Blocks 21 Websites For 'Terrorism' And 'Fake News' (reuters.com) 53

Ahmed Aboulenein, reporting for Reuters: Egypt has banned 21 websites, including the main website of Qatar-based Al Jazeera television and prominent local independent news site Mada Masr, accusing them of supporting terrorism and spreading false news. The blockade is notable in scope and for being the first publicly recognized by the government. It was heavily criticized by journalists and rights groups. The state news agency announced it late on Wednesday. Individual websites had been inaccessible in the past but there was never any official admission. Reuters found the websites named by local media and were inaccessible. The move follows similar actions taken on Wednesday by Egypt's Gulf allies Saudi Arabia and the United Arab Emirates, which blocked Al Jazeera and other websites after a dispute with Qatar. From a separate report: "This is not the typical Egyptian regime attitude," Lina Attalah, the editor-in-chief of Mada Masr told BuzzFeed News in an interview in Cairo. "We are used to facing troubles with the regime since we have always chosen to write the stories they don't like to hear. We are used to being arrested or have cases filed against us, but blocking us is a new thing." Mada Masr, since its founding in 2013, has regularly published critical stories of the regime in both English and Arabic.
Government

US Intelligence Community Has Lost Credibility Due To Leaks (bloomberg.com) 333

Two anonymous readers and Mi share an article: U.K. police investigating the Manchester terror attack say they have stopped sharing information with the U.S. after a series of leaks that have so angered the British government that Prime Minister Therese May wants to discuss them with President Donald Trump during a North Atlantic Treaty Organization meeting in Brussels. What can Trump tell her, though? The leaks drive him nuts, too. Since the beginning of this century, the U.S. intelligence services and their clients have acted as if they wanted the world to know they couldn't guarantee the confidentiality of any information that falls into their hands. At this point, the culture of leaks is not just a menace to intelligence-sharing allies. It's a threat to the intelligence community's credibility. [...] If this history has taught the U.S. intelligence community anything, it's that leaking classified information isn't particularly dangerous and those who do it largely enjoy impunity. Manning spent seven years in prison (though she'd been sentenced to 35), but Snowden, Assange, Petraeus, the unknown Chinese mole, the people who stole the hacking tools and the army of recent anonymous leakers, many of whom probably still work for U.S. intelligence agencies, have escaped any kind of meaningful punishment. President Donald Trump has just now announced that the administration would "get to the bottom" of leaks. In a statement, he said: "The alleged leaks coming out of government agencies are deeply troubling. These leaks have been going on for a long time and my Administration will get to the bottom of this. The leaks of sensitive information pose a grave threat to our national security. I am asking the Department of Justice and other relevant agencies to launch a complete review of this matter, and if appropriate, the culprit should be prosecuted to the fullest extent of the law. There is no relationship we cherish more than the Special Relationship between the United States and the United Kingdom.
Facebook

How Facebook Flouts Holocaust Denial Laws Except Where It Fears Being Sued (theguardian.com) 304

An anonymous reader quotes a report from The Guardian: Facebook's policies on Holocaust denial will come under fresh scrutiny following the leak of documents that show moderators are being told not to remove this content in most of the countries where it is illegal. The files explain that moderators should take down Holocaust denial material in only four of the 14 countries where it is outlawed. One document says the company "does not welcome local law that stands as an obstacle to an open and connected world" and will only consider blocking or hiding Holocaust denial messages and photographs if "we face the risk of getting blocked in a country or a legal risk." A picture of a concentration camp with the caption "Never again Believe the Lies" was permissible if posted anywhere other than the four countries in which Facebook fears legal action, one document explains. Facebook contested the figures but declined to elaborate. Documents show Facebook has told moderators to remove dehumanizing speech or any "calls for violence" against refugees. Content "that says migrants should face a firing squad or compares them to animals, criminals or filth" also violate its guidelines. But it adds: "As a quasi-protected category, they will not have the full protections of our hate speech policy because we want to allow people to have broad discussions on migrants and immigration which is a hot topic in upcoming elections." The definitions are set out in training manuals provided by Facebook to the teams of moderators who review material that has been flagged by users of the social media service. The documents explain the rules and guidelines the company applies to hate speech and "locally illegal content," with particular reference to Holocaust denial. One 16-page training manual explains Facebook will only hide or remove Holocaust denial content in four countries -- France, Germany, Israel and Austria. The document says this is not on grounds of taste, but because the company fears it might get sued.
Earth

8 In 10 People Now See Climate Change As a 'Catastrophic Risk,' Says Survey (trust.org) 369

An anonymous reader quotes a report from the Thomas Reuters Foundation: Nearly nine in 10 people say they are ready to make changes to their standard of living if it would prevent future climate catastrophe, a survey on global threats found Wednesday. The survey of more than 8,000 people in eight countries -- the United States, China, India, Britain, Australia, Brazil, South Africa and Germany -- found that 84 percent of people now consider climate change a "global catastrophic risk." That puts worry about climate change only slightly behind fears about large-scale environmental damage and the threat of politically motivated violence escalating into war, according to the Global Challenges Foundation, which commissioned the Global Catastrophic Risks 2017 report. The survey, released in advance of this week's G7 summit of advanced economies in Italy, also found that 85 percent of people think the United Nations needs reforms to be better equipped to address global threats. About 70 percent of those surveyed said they think it may be time to create a new global organization -- with power to enforce its decisions -- specifically designed to deal with a wide range of global risks. Nearly 60 percent said they would be prepared to have their country give up some level of sovereignty to make that happen.
Space

Boeing Will Make the Military's New Hypersonic Spaceplane (theverge.com) 89

The Department of Defense has selected Boeing to make a new hypersonic spaceplane that can be reused frequently over a short period of time to deliver multiple satellites into orbit. "DARPA, the agency that tests new advanced technologies for the military, has picked Boeing's design concept, called the Phantom Express, to move forward as part of the agency's Experimental Spaceplane (XS-1) program," reports The Verge. From the report: The goal of DARPA's XS-1 program is to create a spacecraft that's something of a hybrid between an airplane and a traditional vertical rocket. The spaceplane is meant to take off vertically and fly uncrewed to high altitudes above Earth. From there, the vehicle will release a mini-rocket -- a booster with an engine that can propel a satellite weighing up to 3,000 pounds into orbit. As the booster deploys the satellite, the spaceplane will then land back on Earth horizontally just like a normal airplane -- and then be fueled up for its next mission. DARPA wants the turnaround time between flights to last just a few hours. But perhaps the most audacious goal is the price DARPA wants for each flight. The agency is aiming for the spaceplane to cost $5 million per mission, a significant bargain considering most orbital rockets cost tens to hundreds of millions of dollars to launch. And Boeing says it's up to the task. "Phantom Express is designed to disrupt and transform the satellite launch process as we know it today, creating a new, on-demand space-launch capability that can be achieved more affordably and with less risk," Darryl Davis, president of Boeing Phantom Works, said in a statement.
The Internet

Manchester Attack Could Lead To Internet Crackdown (independent.co.uk) 377

New submitter boundary writes: The UK government looks to be about to put the most egregious parts of the Investigative Powers Act into force "soon after the election" (which is in a couple of weeks) in the wake of the recent bombing in Manchester. "Technical Capability Orders" require tech companies to break their own security. I wonder who'll comply? The Independent reports: "Government will ask parliament to allow the use of those powers if Theresa May is re-elected, senior ministers told The Sun. 'We will do this as soon as we can after the election, as long as we get back in,' The Sun said it was told by a government minister. 'The level of threat clearly proves there is no more time to waste now. The social media companies have been laughing in our faces for too long.'"
Databases

Vermont DMV Caught Using Illegal Facial Recognition Program (vocativ.com) 108

schwit1 quotes a report from Vocativ: The Vermont Department of Motor Vehicles has been caught using facial recognition software -- despite a state law preventing it. Documents obtained by the American Civil Liberties Union of Vermont describe such a program, which uses software to compare the DMV's database of names and driver's license photos with information with state and federal law enforcement. Vermont state law, however, specifically states that "The Department of Motor Vehicles shall not implement any procedures or processes that involve the use of biometric identifiers." The program, the ACLU says, invites state and federal agencies to submit photographs of persons of interest to the Vermont DMV, which it compares against its database of some 2.6 million Vermonters and shares potential matches. Since 2012, the agency has run at least 126 such searches on behalf of local police, the State Department, FBI, and Immigrations and Customs Enforcement.
Robotics

Robot Police Officer Goes On Duty In Dubai (bbc.com) 49

The first robot officer has joined the Dubai Police force tasked with patrolling the city's malls and tourist attractions. "People will be able to use it to report crimes, pay fines and get information by tapping a touchscreen on its chest," reports BBC. "Data collected by the robot will also be shared with the transport and traffic authorities." From the report: The government said the aim was for 25% of the force to be robotic by 2030 but they would not replace humans. "We are not going to replace our police officers with this tool," said Brig Khalid Al Razooqi, director general of smart services at Dubai Police. "But with the number of people in Dubai increasing, we want to relocate police officers so they work in the right areas and can concentrate on providing a safe city. "Most people visit police stations or customer service, but with this tool we can reach the public 24/7. It can protect people from crime because it can broadcast what is happening right away to our command and control center."
Government

The Trump Administration Wants To Be Able To Track and Hack Your Drone (fastcompany.com) 215

An anonymous reader shares a report: The Trump administration wants federal agencies to be able to track, hack, or even destroy drones that pose a threat to law enforcement and public safety operations, The New York Times reports. A proposed law, if passed by Congress, would let the government take down unmanned aircraft posing a danger to firefighting and search-and-rescue missions, prison operations, or "authorized protection of a person." The government will be required to respect "privacy, civil rights, and civil liberties" when exercising that power, the draft bill says. But records of anti-drone actions would be exempt from public disclosure under freedom of information laws, and people's right to sue over damaged and seized drones would be limited, according to the text of the proposal published by the Times. The administration, which would not comment on the proposal, scheduled a classified briefing on Wednesday for congressional staff members to discuss the issue.
Businesses

US International Tourism Market Share Is Falling Under Trump (buzzfeed.com) 425

An anonymous reader writes: The United States' slice of the international tourism pie is declining, according to a new report from Foursquare that looks at data from millions of phones worldwide. The US share of international tourism dropped 16% in March 2017 compared with the previous year. And it declined an average of 11% year over year in months spanning October 2016 to March 2017, according to the report. The drop coincides with the final month of the US election, the Trump transition, and the early months of the Trump administration, which notably imposed a travel ban on people from several majority-Muslim countries in January 2017 that was eventually halted in court but is currently under appeal. Declines in tourism market share from people originating in the Middle East were more pronounced than the rest of the world, down 25% this January, along with a smaller decrease from South America, Foursquare found. The data accounts for the percentage of international tourism coming to the US and not the absolute number of tourists, but Foursquare CEO Jeff Glueck told BuzzFeed News that it's unlikely tourist visits to the US increased while share declined. "I don't think you'd see a 16% decline in international market share and absolute numbers being up. I don't think that's compatible," he said. "The volume of tourism doesn't change that fast."

Slashdot Top Deals