Check out the brand new SourceForge HTML5 speed test! Test your internet connection now. Works on all devices. ×
Security

Religious Hacker Defaces 111 Escort Sites (softpedia.com) 6

An anonymous reader shares this article from Softpedia: A religiously-motivated Moroccan hacker has defaced 111 different web sites promoting escort services since last summer as part of an ongoing protest against the industry. "In January, the hacker defaced 79 escort websites," writes Softpedia. "His actions didn't go unnoticed, and on some online forums where escorts and webmasters of these websites met, his name was brought up in discussions and used to drive each other in implementing better Web security. While some webmasters did their job, some didn't. During the past days, the hacker has been busy defacing a new set of escort websites... Most of these websites bare ElSurveillance's defacement message even today... Most of the websites are from the UK."
His newest round of attacks replace the sites with a pro-Palestine message and a quote from the quran, though in January Softpedia reported the attacker was also stealing data from some of the sites about their users' accounts.
Censorship

Google and Facebook May Be Suppressing 'Extremist' Speech With Copyright Scanners (theverge.com) 29

An anonymous reader quotes this article from The Verge: The systems that automatically enforce copyright laws on the internet may be expanding to block unfavorable speech. Reuters reports that Facebook, Google, and other companies are exploring automated removal of extremist content, and could be repurposing copyright takedown methods to identify and suppress it. It's unclear where the lines have been drawn, but the systems are likely targeted at radical messages on social networks from enemies of European powers and the United States. Leaders in the US and Europe have increasingly decried radical extremism on the internet and have attempted to enlist internet companies in a fight to suppress it.

Many of those companies have been receptive to the idea and already have procedures to block violent and hateful content. Neither Facebook and Google would confirm automation of these efforts to Reuters, which relied on two anonymous sources who are "familiar with the process"... The secret identification and automated blocking of extremist speech would raise new, serious questions about the cooperation of private corporations with censorious governmental interests.

Reuters calls it "a major step forward for internet companies that are eager to eradicate violent propaganda from their sites and are under pressure to do so from governments around the world as attacks by extremists proliferate, from Syria to Belgium and the United States." They also report that the move follows pressure from an anti-extremism group "founded by, among others, Frances Townsend, who advised former president George W. Bush on homeland security, and Mark Wallace, who was deputy campaign manager for the Bush 2004 re-election campaign."
Government

As It Searches For Suspects, The FBI May Be Looking At You (technologyreview.com) 59

schwit1 quotes the MIT Technology Review: The FBI has access to nearly 412 million photos in its facial recognition system—perhaps including the one on your driver's license. But according to a new government watchdog report, the bureau doesn't know how error-prone the system is, or whether it enhances or hinders investigations.

Since 2011, the bureau has quietly been using this system to compare new images, such as those taken from surveillance cameras, against a large set of photos to look for a match. That set of existing images is not limited to the FBI's own database, which includes some 30 million photos. The bureau also has access to face recognition systems used by law enforcement agencies in 16 different states, and it can tap into databases from the Department of State and the Department of Defense. And it is in negotiations with 18 other states to be able to search their databases, too...

Adding to the privacy concerns is another finding in the GAO report: that the FBI has not properly determined how often its system makes errors and has not "taken steps to determine whether face recognition systems used by external partners, such as states and federal agencies, are sufficiently accurate" to support investigations.

Government

IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System (engadget.com) 82

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected "automated attacks taking place at an increasing frequency," adding that only "a small number" of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it... If you'll recall, identity thieves used malware to steal taxpayers' info from other websites, which was then used to generate 100,000 PINs, back in February... This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack... the agency determined that it would be safer to give up on a verification method that's scheduled for the chopping block anyway.
Transportation

Star Trek Actor's Death Inspires Class Action Against Car Manufacturer (cnn.com) 241

Anton Yelchin, who played Chekov in the new Star Trek movies, was killed Sunday when his own vehicle rolled backwards. Now Slashdot reader ripvlan writes: It has recently emerged that his vehicle was a Jeep. As discussed on Slashdot previously consumers are having a hard time knowing if the vehicle is in "Park." A new class action lawsuit is gaining momentum... Also Maserati has a similar system and can join the class action.
In fact, Maserati "is recalling about 13,000 sedans that have the same sort of gear shifter that was used in the Jeep that killed Yelchin," according to CNN Money, and Chrysler Fiat had in fact already filed a recall notice with federal regulators in April for Yelchin's band of Jeep, "but owners had only received a warning and not an official recall notice at the time of Yelchin's death". The lawsuit claims Chrysler "fraudulently concealed and failed to remedy a gear shifter design defect affecting 811,000 vehicles and linked to driverless rollaway incidents," including 2014-2015 Jeep Grand Cherokees, 2012-2014 Chrysler 300s, and 2012-2014 Dodge Chargers.
The Almighty Buck

Vacationing Security Researcher Exposes Austrian ATM Skimmer (carbonblack.com) 149

While vacationing with his family in Vienna, Ben Tedesco (from security company Carbon Black) discovered an ATM skimmer "in the wild", perfectly crafted to look like the original card reader. New submitter rmurph04 shares Ben's story: I went to grab some cash from an ATM. Being security paranoid, I repeated my typical habit of checking the card reader with my hand as I have hundreds of times. Today's the day when my security awareness paid off!
Ben's blog post includes a video demonstrating the ATM skimmer, as well as close-ups showing the device had its own control board, strip reader, and even its own battery.
Crime

Why Are Hackers Increasingly Targeting the Healthcare Industry? (helpnetsecurity.com) 97

Slashdot reader Orome1 shares an article by Bitdefender's senior "e-threat analyst," warning about an increasing number of attacks on healthcare providers: In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identity theft. This personal data often contains information regarding a patient's medical history, which could be used in targeted spear-phishing attacks...and hackers are able to access this data via network-connected medical devices, now standard in high-tech hospitals. This is opening up new possibilities for attackers to breach a hospital or a pharmaceutical company's perimeter defenses.

If a device is connected to the internet and left vulnerable to attack, an attacker could remotely connect to it and use it as gateways for attacking network security... The majority of healthcare organizations have often been shown to fail basic security practices, such as disabling concurrent login to multiple devices, enforcing strong authentication and even isolating critical devices and medical data storing servers from a direct internet connection.

The article suggests the possibility of attackers tampering with the equipment that dispenses prescription medications, in which case "it is likely that future cyber-attacks could lead to the loss of human life."
Security

Crypto Ransomware Attacks Have Jumped 500% In The Last Year (onthewire.io) 36

Kaspersky Lab is reporting that the last year saw a 500% increase in the number of users who encountered crypto ransomware. Trailrunner7 shares an article from On The Wire: Data compiled by Kaspersky researchers from the company's cloud network shows that from April 2015 to March 2016, the volume of crypto ransomware encountered by users leapt from 131,111 to 718,536. That's a massive increase, especially considering the fact that ransomware is a somewhat mature threat. It didn't just burst onto the scene a couple of years ago. Kaspersky's researchers said the spike in crypto ransomware can be attributed to a small group of variants. "Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware..."

It's difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.

Enterprise targets now account for 13% of ransomware attacks, with attackers typically charging tens of thousands of dollars, the article reports, and "Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy."
Communications

Why You Should Stop Using Telegram Right Now (gizmodo.com) 65

Earlier this week, The Intercept evaluated the best instant messaging clients from the privacy standpoint. The list included Facebook's WhatsApp, Google's Allo, and Signal -- three apps that employ end-to-end encryption. One popular name that was missing from the list was Telegram. A report on Gizmodo sheds further light on the matter, adding that Telegram is riddled with a wide range of security issues, and "doesn't live up to its proclamations as a safe and secure messaging application." Citing many security experts, the report states:One major problem Telegram has is that it doesn't encrypt chats by default, something the FBI has advocated for. "There are many Telegram users who think they are communicating in an encrypted way, when they're not because they don't realize that they have to turn on an additional setting," Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. "Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if it's not turned on by default, it doesn't matter."The other issue that security experts have taken a note of is that Telegram employs its own encryption, which according to them, "is widely considered to be a fatal flaw when developing encrypted messaging apps." The report adds:"They use the MTproto protocol which is effectively homegrown and I've seen no proper proofs of its security," Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. "At present we don't know enough to know if it's secure or insecure. That's the trouble with security by obscurity. It's usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn't write your own crypto. No one really understands why they did that."The list goes on and on.
Transportation

Austin Is Conducting Sting Operations Against Ride-Sharing Drivers (examiner.com) 222

Since the Uber and Lyft ride-sharing apps stopped service in Austin, drunk driving has increased, riders are hunting for alternatives, and the police are conducting undercover sting operations against unauthorized ride-sharing drivers. With Chicago also considering new restrictions on ride-sharing apps, Slashdot reader MarkWhittington shares this report from Austin: With thousands of drivers and tens of thousands of riders who once depended on ride-sharing services in a lurch, a group called Arcade City has tried to fill the void with a person-to-person site to link up drivers and riders who then negotiate a fare. Of course, according to a story on KVUE, the Austin city government, and the police are on the case. The Austin Police Department has diverted detectives and resources to conduct sting operations on ride-sharing drivers who attempt to operate without official sanction. Undercover operatives will arrange for a ride with an Arcade City driver and then bust them, impounding their vehicle and imposing a fine.
"The first Friday and Saturday after Uber was gone, we were joking that it was like the zombie apocalypse of drunk people," one former ride-sharing driver told Vocative.com. Earlier this month the site compared this year's drunk driving arrests to last years -- and discovered that in the three weeks since Uber and Lyft left Austin, 7.5% more people have been arrested for drunk driving.
EU

Web Petition For 2nd EU Referendum Draws Huge Interest (ap.org) 567

From an Associated Press report:An online petition seeking a second referendum on a British exit from the Europe Union has drawn more than 1.6 million names, a measure of the extraordinary divisiveness of Thursday's vote to leave the 28-nation bloc. The online petition site hosted by the House of Commons website even crashed Friday under the weight of the activity as officials said they'd seen unprecedented interest in the measure, which calls on the government to implement a rule that stating if that if "remain" or "leave" camps won less than 60 percent of the vote with less than a 75 percent turnout "there should be another referendum."According to reports, this is the biggest surge of support Parliament's website has ever seen. Looking at the keywords people were hitting up on Google after the news first broke, it was clear that a considerable portion of the population was clueless about the whole situation.
Crime

From File-Sharing To Prison: The Story of a Jailed Megaupload Programmer (arstechnica.com) 119

An anonymous reader writes: "I had to be made an example of as a warning to all IT people," says former Megaupload programmer Andrew Nomm, one of seven Megaupload employees arrested in 2012. Friday his recent interview with an Estonian journalist was republished in English by Ars Technica (which notes that at one point the 50 million users on Megaupload's file-sharing site created 4% of the world's internet traffic). The 37-year-old programmer pleaded guilty to felony copyright infringement in exchange for a one-year-and-one-day sentence in a U.S. federal prison, which the U.S. Attorney General's office called "a significant step forward in the largest criminal copyright case in US history."

"It turned out that I was the only defendant in the last 29 years to voluntarily go from the Netherlands to the USA..." Nomm tells the interviewer, adding "I'll never get back the $40,000 that was seized by the USA." He describes his experience in the U.S. prison system after saying good-bye to his wife and 13-year-old son, adding that now "I have less trust in all sorts of state affairs, especially big countries. I saw the dark side of the American dream in all its glory..."

In U.S. court documents Nomm "acknowledged" that the financial harm to copyright holders "exceeded $400 million."
Communications

Snowden Finally Identified As Target of Investigation That Ended Lavabit (washingtontimes.com) 73

An anonymous reader quotes a report from The Washington Times: Three years after a government investigation forced the shuttering of Lavabit, a Texas-based email provider, its CEO revealed Friday that an account belonging to Edward Snowden spurred the probe that put his company out of business. "Ladar Levison shut down his encrypted webmail service in August 2013 amid an FBI investigation focused on one of his company's nearly half-a-million customers," reports The Washington Times. "A gag-order that has just recently been vacated in federal has legally prevented him up until now from confirming the account in question was registered to none other than the NSA contractor attributed with one of the largest intelligence leaks in U.S. history. U.S. District Judge Claude Hilton nullified the mandatory non-disclosure orders in a June 13 court filing that went unnoticed until Lavabit released a statement Friday. Officially, the consent order approved by Judge Hilton in the Eastern District of Virginia earlier this month removes all gag-orders concerning Lavabit and Mr. Levison with regards to a grand jury investigation that led the FBI to Mr. Snowdenâ(TM)s email account. 'While Iâ(TM)m pleased that I can finally speak freely about the target of the investigation, I also know the fight to protect our collective freedom is far from over,' Mr. Levison said in a statement. He said he plans to discuss the case further during the DefCon security conference in Las Vegas this summer."
Security

NASCAR Team Pays Ransomware Fee To Recover Files Worth $2 Million (softpedia.com) 58

An anonymous reader writes: "NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1,500 man-hours to replicate," reports Softpedia. "The infection took place on the computer belonging to CSLFR's crew chief. Winston's staff detected the infection when encrypted files from Winston's computer began syncing to their joint Dropbox account." It was later discovered that he was infected with the TeslaCrypt ransomware. Because the team had no backups of the crucial data, they eventually paid the ransom (around $500). This happened before TeslaCrypt's authors decided to shut down their operations and release free decryption keys.
Advertising

You Could Be Paid To Post Snapchat Selfies With Products, Patent Filing Suggests (latimes.com) 22

An anonymous reader writes: According to Snapchat's latest patent filings, the company could begin paying users to post photos and videos. Los Angeles Times reports: "The filings reveal that Snapchat automatically could analyze annotations on an image, including text and digital stickers, to prompt users to place their image in a collective gallery. In other words, people who type some variation of 'Clippers!!!' on top of their photo during a Clippers basketball game would have access to a library of images related to the game. Especially intriguing, the company could use computer vision technology to identify objects in an image -- say, a Coke bottle -- to encourage a user to share the shot in a Coca-Cola-sponsored story. Contributors could walk away with cash through a flat fee or some other deal based on views or sales generated by the story. The idea in the patent filing also would give advertisers an official way to compensate people for creative posts, compared with the usual strategy of paying top users to turn their personal accounts into an ad. Other types of automatically generated galleries mentioned in the patent application include stories based on a time stamp, temperature or movement. People could definite their own categories too. Curation of the galleries could be optional, with object recognition and text analysis as potential ways to filter inappropriate submissions. Users who get into audio timeline could get paid too, the patent filing states."
DRM

Oculus Ditches DRM Hurdle, Allows HTC Vive Games On Rift Again (venturebeat.com) 36

An anonymous reader writes: After changing its DRM to exclude ReVive last month, Oculus has changed its mind again and is now allowing HTC Vive games to play on the Oculus Rift. "We continually revise our entitlement and anti-piracy systems, and in the June update we've removed the check for Rift hardware from the entitlement check. We won't use hardware checks as part of DRM on PC in the future," Oculus VR said. "We believe protecting developer content is critical to the long-term success of the VR industry, and we'll continue taking steps in the future to ensure that VR developers can keep investing in ground-breaking new VR content." VentureBeat reports: "ReVive developers have acted quickly following the removal of the check. An update to the software has been posted on GitHub to bring it back in line, meaning you'll now be able to access the games that were previously available without jumping through extra hoops. Perhaps even more games might work going forward. CrossVR, one of the system's developers, took to Reddit to thank Oculus for the decision. 'I'm delighted to see this change and I hope it can generate a lot of goodwill for Oculus.' CrossVR said."
The Courts

Valve Faces Lawsuit Over Video Game Gambling (bloomberg.com) 71

An anonymous reader writes from a report via Bloomberg: Valve's Counterstrike: Global Offensive game is being sued for its role in the multibillion-dollar gambling economy that has fueled the game's popularity. Michael John McLeod filed a lawsuit Thursday in the U.S. District Court in Connecticut alleging that Valve violated gambling laws and engaged in racketeering with a handful of off-shore gambling companies. McLeod, who has been gambling on CS:GO since 2014, is asking for class-action status for the suit. The suit was first reported by Polygon and doesn't give a specific request for damages, nor does it say how much money he lost by betting on the site. According to Bloomberg: "Valve provided for money, technical support, and advice to such websites as CSGO Lounge and Diamonds, which take bets, and OPSkins, which runs a market where virtual goods are traded and can be redeemed for cash." Valve has yet to respond to the suit.
AI

Apple Won't Collect Your Data For Its AI Services Unless You Let It (recode.net) 34

Apple doesn't like collecting your data. This is one of iPhone maker's biggest selling points. But this approach has arguably acted as a major roadblock for Apple in its AI and bots efforts. With iOS 10, the latest version of company's mobile operating system, Apple announced that it will begin collecting a range of new information as it seeks to make Siri and iPhone as well as other apps and services better at predicting the information its owner might want at a given time. Apple announced that it will be collecting data employing something called differential privacy. The company wasn't very clear at the event, which caused confusion among many as to what data Apple is exactly collecting. But now it is offering more explanation. Recode reports:As for what data is being collected, Apple says that differential privacy will initially be limited to four specific use cases: New words that users add to their local dictionaries, emojis typed by the user (so that Apple can suggest emoji replacements), deep links used inside apps (provided they are marked for public indexing) and lookup hints within notes. Apple will also continue to do a lot of its predictive work on the device, something it started with the proactive features in iOS 9. This work doesn't tap the cloud for analysis, nor is the data shared using differential privacy.Additionally, Recode adds that Apple hasn't yet begun collecting data, and it will ask for a user's consent before doing so. The company adds that it is not using a users' cloud-stored photos to power its image recognition feature.
Communications

Piracy Phishing Scam Targets US ISPs and Subscribers (torrentfreak.com) 20

According to a report on TorrentFreak, an elaborate piracy phishing operating is tageting US ISPs and subscribers. Scammers are reportedly masquerading as anti-piracy company IP-Echelon and rightholders such as Lionsgate to send fake DMCA notices and settlement demands to ISPs. From the report:TorrentFreak was alerted to a takedown notice Lionsgate purportedly sent to a Cox subscriber, for allegedly downloading a pirated copy of the movie Allegiant. Under threat of a lawsuit, the subscriber was asked to pay a $150 settlement fee. This request is unique as neither Lionsgate nor its tracking company IP-Echelon is known to engage in this practice. When we contacted IP-Echelon about Lionsgate's supposed settlement offer, we heard to our surprise that these emails are part of a large phishing scam, which has at least one large ISPs fooled. "The notices are fake and not sent by us. It's a phishing scam," IP-Echelon informed TorrentFreak. For a phishing scam the fake DMCA notice does its job well. At first sight the email appears to be legit, and for Cox Communications it was real enough to forward it to their customers.U.S. law enforcement has been notified and is currently investigating the matter.
Businesses

Russia Lawmakers Pass Spying Law That Requires Encryption Backdoors, Call Surveillance (dailydot.com) 108

A bill that was proposed recently in the Russian Duma to make cryptographic backdoors mandatory in all messaging apps, has passed. Patrick Howell O'Neill, reports for DailyDot:A massive surveillance bill is now on its way to becoming law in Russia. The "anti-terrorism" legislation includes a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost. Additionally, all internet firms have to provide mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB. The bill, with support from the ruling United Russia party, passed Friday in the Duma, Russia's lower legislative house, with 277 votes for, 148 against, and one abstaining. It now moves to Russia's Federal Council and the Kremlin, where it's expected to pass into law.

Slashdot Top Deals