Privacy

Trump Signs Surveillance Extension Into Law (thehill.com) 62

President Trump took to Twitter this afternoon to announce that he has signed a six-year renewal of a powerful government surveillance tool. "Just signed 702 Bill to authorize foreign intelligence collection," Trump tweeted. "This is NOT the same FISA law that was so wrongly abused during the election. I will always do the right thing for our country and put the safety of the American people first!" The Hill reports: Section 702 of the Foreign Intelligence Surveillance Act (FISA), which the Senate voted to renew with a few small tweaks this week, allows the U.S. to spy on foreigners overseas. The intelligence community says the program is a critical tool in identifying and disrupting terror plots. But the broader surveillance law, which governs U.S. spying on foreigners, has become politically entangled with the controversy over the federal investigation into Trump's campaign and Russia. Some Republicans have claimed that the FBI inappropriately obtained a politically motivated FISA warrant to spy on Trump during the transition and on Friday, Capitol Hill was consumed with speculation about a four-page memo produced by House Intelligence Committee Republicans that some GOP lawmakers hinted contained evidence of such wrongdoing.
Businesses

Linking Is Not Copyright Infringement, Boing Boing and EFF Tell Court (torrentfreak.com) 66

An anonymous reader shares a report: The popular blog Boing Boing has asked a federal court in California to drop the copyright infringement lawsuit filed against it by Playboy. With help from the EFF, Boing Boing argues that its article linking to an archive of hundreds of centerfold playmates is clearly fair use. Or else it will be "the end of the web as we know it," the blog warns. Late last year Playboy sued the popular blog Boing Boing for publishing an article that linked to an archive of every playmate centerfold till then. "Kind of amazing to see how our standards of hotness, and the art of commercial erotic photography, have changed over time," Boing Boing's Xena Jardin commented. Playboy, instead, was amazed that infringing copies of their work were being shared in public. While Boing Boing didn't upload or store the images in question, the publisher took the case to court.
Businesses

China's Smartphone Maker OnePlus Says Up To 40,000 Customers Were Affected by Credit Card Security Breach (theverge.com) 8

sqorbit writes: OnePlus, a manufacturer of an inexpensive smartphone meant to compete with the iPhone, states that data from 40,000 customers credit card information was stolen while purchasing phones from its website. Even as the company has just confirmed the breach, it says the the script stealing information had been running since November. It is not clear whether this was a remote attack or the attack happened from within the company. Credit purchases on the OnePlus site have been suspended and will remain that way while an investigation takes place. [...] Earlier this week, OnePlus had temporarily shut down credit card payments on its website following reports that customers' payment details were stolen after they bought goods through its online store. The company says it's disabling credit card payments "as a precaution," but will still be accepting purchases through PayPal. The investigation began after a poll posted by users on OnePlus' forums found that many customers had experienced the same problem.
Businesses

Instant Messaging Company Snap Threatens Jail Time for Leakers (cheddar.com) 85

An anonymous reader shares a report: Snap has a simple message to its employees: leak information and you could be sued or even jailed. The chief lawyer and general counsel of Snapchat's parent company, Michael O'Sullivan, sent a threatening memo to all employees last week just before The Daily Beast published an explosive story with confidential user metrics about how certain Snapchat features are used. "We have a zero-tolerance policy for those who leak Snap Inc. confidential information," O'Sullivan said in the memo, a copy of which was obtained by Cheddar. "This applies to outright leaks and any informal 'off the record' conversations with reporters, as well as any confidential information you let slip to people who are not authorized to know that information."
Communications

Why People Dislike Really Smart Leaders (scientificamerican.com) 595

An anonymous reader quotes a report from Scientific American: Intelligence makes for better leaders -- from undergraduates to executives to presidents -- according to multiple studies. It certainly makes sense that handling a market shift or legislative logjam requires cognitive oomph. But new research on leadership suggests that, at a certain point, having a higher IQ stops helping and starts hurting. The researchers looked at 379 male and female business leaders in 30 countries, across fields that included banking, retail and technology. The managers took IQ tests (an imperfect but robust predictor of performance in many areas), and each was rated on leadership style and effectiveness by an average of eight co-workers. IQ positively correlated with ratings of leader effectiveness, strategy formation, vision and several other characteristics -- up to a point. The ratings peaked at an IQ of around 120, which is higher than roughly 80 percent of office workers. Beyond that, the ratings declined. The researchers suggest the "ideal" IQ could be higher or lower in various fields, depending on whether technical versus social skills are more valued in a given work culture. The study's lead author, John Antonakis, a psychologist at the University of Lausanne in Switzerland, suggests leaders should use their intelligence to generate creative metaphors that will persuade and inspire others -- the way former U.S. President Barack Obama did. "I think the only way a smart person can signal their intelligence appropriately and still connect with the people," Antonakis says, "is to speak in charismatic ways."
Bitcoin

Bitcoin's Fluctuations Are Too Much For Even Ransomware Cybercriminals (theguardian.com) 70

Bitcoin's price swings are so huge that even ransomware developers are dialling back their reliance on the currency, according to researchers at cybersecurity firm Proofpoint. From a report: Over the last quarter of 2017, researchers saw a fall of 73% in payment demands denominated in bitcoin. When demanding money to unlock a victim's data, cybercriminals are now more likely to simply ask for a figure in US dollars, or a local currency, than specify a sum of bitcoin. Just like conventional salespeople, ransomware developers pay careful attention to the prices they charge. Some criminals offer discounts depending on the region the victim is in, offering cheaper unlocking to residents of developing nations, while others use an escalating price to encourage users to pay quickly and without overthinking things. But a rapidly oscillating bitcoin price plays havoc with those goals, Proofpoint says.
Google

Less Than 1 in 10 Gmail Users Enable Two-Factor Authentication (theregister.co.uk) 251

It has been nearly seven years since Google introduced two-factor authentication for Gmail accounts, but virtually no one is using it. From a report: In a presentation at Usenix's Enigma 2018 security conference in California, Google software engineer Grzegorz Milka this week revealed that, right now, less than 10 per cent of active Google accounts use two-step authentication to lock down their services. He also said only about 12 per cent of Americans have a password manager to protect their accounts, according to a 2016 Pew study.
Security

Senate Passes Bill Renewing NSA's Internet Surveillance Program (reuters.com) 94

From a report: The U.S. Senate on Thursday passed a bill to renew the National Security Agency's warrantless internet surveillance program for six years and with minimal changes, overcoming objections from civil liberties advocates that it did too little to safeguard the privacy of Americans. From a report on CNET: The programs, known as Prism and Upstream, allow the NSA to collect online communications of foreigners outside the US. Prism collects these communications from internet services, and Upstream taps into the internet's infrastructure to capture information in transit. Some communications from Americans and others in the US are collected in the process. The vote Thursday renews the programs for six years. The House approved a bill renewing the programs last week. Former NSA contractor Edward Snowden first revealed the programs by leaking information about them to journalists in 2013. After the news coverage, the administration of President Barack Obama declassified much information about the programs.
Crime

Software 'No More Accurate Than Untrained Humans' At Predicting Recidivism (theguardian.com) 160

An anonymous reader quotes a report from The Guardian: The credibility of a computer program used for bail and sentencing decisions has been called into question after it was found to be no more accurate at predicting the risk of reoffending than people with no criminal justice experience provided with only the defendant's age, sex and criminal history. The algorithm, called Compas (Correctional Offender Management Profiling for Alternative Sanctions), is used throughout the U.S. to weigh up whether defendants awaiting trial or sentencing are at too much risk of reoffending to be released on bail. Since being developed in 1998, the tool is reported to have been used to assess more than one million defendants. But a new paper has cast doubt on whether the software's predictions are sufficiently accurate to justify its use in potentially life-changing decisions.

The academics used a database of more than 7,000 pretrial defendants from Broward County, Florida, which included individual demographic information, age, sex, criminal history and arrest record in the two year period following the Compas scoring. The online workers were given short descriptions that included a defendant's sex, age, and previous criminal history and asked whether they thought they would reoffend. Using far less information than Compas (seven variables versus 137), when the results were pooled the humans were accurate in 67% of cases, compared to the 65% accuracy of Compas. In a second analysis, the paper found that Compas's accuracy at predicting recidivism could also be matched using a simple calculation involving only an offender's age and the number of prior convictions.

Privacy

Amazon Won't Say If It Hands Your Echo Data To the Government (zdnet.com) 105

Zack Whittaker reports via ZDNet of how Amazon still won't say whether or not it hands your Echo data to the government -- three years after the Echo was first released. From the report: Amazon has a transparency problem. Three years ago, the retail giant became the last major tech company to reveal how many subpoenas, search warrants, and court orders it received for customer data in a half-year period. While every other tech giant had regularly published its government request figures for years, spurred on by accusations of participation in government surveillance, Amazon had been largely forgotten. Eventually, people noticed and Amazon acquiesced. Since then, Amazon's business has expanded. By its quarterly revenue, it's no longer a retail company -- it's a cloud giant and a device maker. The company's flagship Echo, an "always listening" speaker, collects vast amounts of customer data that's openly up for grabs by the government. But Amazon's bi-annual transparency figures don't want you to know that. In fact, Amazon has been downright deceptive in how it presents the data, obfuscating the figures in its short, but contextless, twice-yearly reports. Not only does Amazon offer the barest minimum of information possible, the company has -- and continues -- to deliberately mislead its customers by actively refusing to clarify how many customers, and which customers, are affected by the data demands it receives.
Transportation

LAPD Is Not Using the Electric BMWs It Announced In 2016 (cbslocal.com) 132

mi shares a report from CBS Los Angeles: "In a 2016 well-choreographed press conference, LAPD Chief Charlie Beck got out of an electric BMW driven by Mayor Garcetti to tout the city's ambitious project [to provide electric cars for the department]," reports CBS Los Angeles. "The cost: $10.2 million, which includes charging stations." However, the cars have seen very little use. With the monthly lease payment of a little more than $418, one vehicle ends up costing taxpayers over $15 a mile to use. Some of the use they do get is improper too, alleges CBS Los Angeles, citing footage captured from several hidden cameras. "We followed someone after leaving the downtown police garage; they went to the drive-through at Yoshinoya," reports CBS. "On another day, someone drove from downtown LA to Loyola Marymount University in West LA, picked up someone who appeared to be a student, and went to lunch." The deputy chief is looking into what CBS found and says the cars are to be used for business only.
Crime

Facebook Is a 'Living, Breathing Crime Scene,' Says Former Tech Insider (nbcnews.com) 143

An anonymous reader quotes a report from NBC News: With more than 2 billion users, Facebook's reach now rivals that of Christianity and exceeds that of Islam. However, the network's laser focus on profits and user growth has come at the expense of its users, according to one former Facebook manager who is now speaking out against the social platform. "One of the things that I saw consistently as part of my job was the company just continuously prioritized user growth and making money over protecting users," the ex-manager, Sandy Parakilas, who worked at Facebook for 16 months, starting in 2011, told NBC News. During his tenure at Facebook, Parakilas led third-party advertising, privacy and policy compliance on Facebook's app platform. "Facebook is a living, breathing crime scene for what happened in the 2016 election -- and only they have full access to what happened," said Tristan Harris, a former design ethicist at Google. His work centers on how technology can ethically steer the thoughts and actions of the masses on social media and he's been called "the closest thing Silicon Valley has to a conscience" by The Atlantic magazine.

In response to the comments, Facebook issued a statement saying it is a "vastly different company" from when it was founded. "We are taking many steps to protect and improve people's experience on the platform," the statement said. "In the past year, we've worked to destroy the business model for false news and reduce its spread, stop bad actors from meddling in elections, and bring a new level of transparency to advertising. Last week, we started prioritizing meaningful posts from friends and family in News Feed to help bring people closer together. We have more work to do and we're heads down on getting it done."

Privacy

A Photo Accidentally Revealed a Password For Hawaii's Emergency Agency (qz.com) 146

An anonymous reader quotes a report from Quartz: In the aftermath of an erroneous missile warning that terrified Hawaiians on Saturday (Jan. 13), the state's emergency management agency has come under increased scrutiny, from the poor design of the software that enables alerts to a particularly slapdash security measure by one of its employees. Old photos from the Associated Press inside the agency's office appear to show an unspecified password on a yellow Post-It note, stuck to a computer monitor. The image, which shows operations manger Jeffrey Wong standing in front of the computer, was taken in July and appeared in articles published at the time about the agency's preparedness in the face of a nuclear threat. The agency verified that the password is indeed real but wouldn't go into specifics on what program the password was supposed to be used for.
Businesses

Turning Soybeans Into Diesel Fuel Is Costing Us Billions (npr.org) 261

This year, trucks and other heavy-duty motors in America will burn some 3 billion gallons of diesel fuel that was made from soybean oil. They're doing it, though, not because it's cheaper or better, but because they're required to, by law. From a report: The law is the Renewable Fuel Standard, or RFS. For some, especially Midwestern farmers, it's the key to creating clean energy from American soil and sun. For others -- like many economists -- it's a wasteful misuse of resources. And the most wasteful part of the RFS, according to some, is biodiesel. It's different from ethanol, a fuel that's made from corn and mixed into gasoline, also as required by the RFS. In fact, gasoline companies probably would use ethanol even if there were no law requiring it, because ethanol is a useful fuel additive -- at least up to a point. That's not true of biodiesel. "This is an easy one, economically. Biodiesel is very expensive, relative to petroleum diesel," says Scott Irwin, an economist at the University of Illinois, who follows biofuel markets closely. He calculates that the extra cost for biodiesel comes to about $1.80 per gallon right now, meaning that the biofuel law is costing Americans about $5.4 billion a year.
China

Philippine Lawmakers Worry China Telecom May Be a 'Trojan horse' (reuters.com) 26

An anonymous reader shares a report: Opposition members of the Philippine Congress raised concern on Wednesday that China Telecom Corp, which may enter the Philippine industry, could be a "Trojan horse" aimed at giving China access to state secrets. The Southeast Asian country aims to name a third telecom operator within the first quarter that will break the duopoly of PLDT and Globe Telecom State-run China Telecom has been named as a possible investor in that third entity. President Rodrigo Duterte, who has warned both PLDT and Globe to shape up or face competition, has welcomed Chinese entities specifically to become the third telecoms operator. Beijing has selected China Telecom to invest in the Philippines, according to Philippine officials, but it would need to partner with a local company as it cannot operate alone under the law. China Telecom's presence in the Philippines, however, does not sit well with some lawmakers, given China's telecommunications expertise and sophisticated technology.
The Military

America's Fastest Spy Plane May Be Back -- And Hypersonic (bloomberg.com) 298

A Lockheed Skunk Works executive implied last week at an aerospace conference that the successor to one of the fastest aircraft the world has seen, the SR-71 Blackbird, might already exist. Previously, Lockheed officials have said the successor, the SR-72, could fly by 2030. Bloomberg reports: Referring to detailed specifics of company design and manufacturing, Jack O'Banion, a Lockheed vice president, said a "digital transformation" arising from recent computing capabilities and design tools had made hypersonic development possible. Then -- assuming O'Banion chose his verb tense purposely -- came the surprise. "Without the digital transformation, the aircraft you see there could not have been made," O'Banion said, standing by an artist's rendering of the hypersonic aircraft. "In fact, five years ago, it could not have been made." Hypersonic applies to speeds above Mach 5, or five times the speed of sound. The SR-71 cruised at Mach 3.2, more than 2,000 mph, around 85,000 feet.

"We couldn't have made the engine itself -- it would have melted down into slag if we had tried to produce it five years ago," O'Banion said. "But now we can digitally print that engine with an incredibly sophisticated cooling system integral into the material of the engine itself and have that engine survive for multiple firings for routine operation." The aircraft is also agile at hypersonic speeds, with reliable engine starts, he said. A half-decade before, he added, developers "could not have even built it even if we conceived of it."

Nintendo

Hackers Seem Close To Publicly Unlocking the Nintendo Switch (arstechnica.com) 91

Ars Technica reports that "hackers have been finding partial vulnerabilities in early versions of the [Nintendo] Switch firmware throughout 2017." They have discovered a Webkit flaw that allows for basic "user level" access to some portions of the underlying system and a service-level initialization flaw that gives hackers slightly more control over the Switch OS. "But the potential for running arbitary homebrew code on the Switch really started looking promising late last month, with a talk at the 34th Chaos Communication Congress (34C3) in Leipzig Germany," reports Ars. "In that talk, hackers Plutoo, Derrek, and Naehrwert outlined an intricate method for gaining kernel-level access and nearly full control of the Switch hardware." From the report: The full 45-minute talk is worth a watch for the technically inclined, it describes using the basic exploits discussed above as a wedge to dig deep into how the Switch works at the most basic level. At one point, the hackers sniff data coming through the Switch's memory bus to figure out the timing for an important security check. At another, they solder an FPGA onto the Switch's ARM chip and bit-bang their way to decoding the secret key that unlocks all of the Switch's encrypted system binaries. The team of Switch hackers even got an unexpected assist in its hacking efforts from chipmaker Nvidia. The "custom chip" inside the Switch is apparently so similar to an off-the-shelf Nvidia Tegra X1 that a $700 Jetson TX1 development kit let the hackers get significant insight into the Switch's innards. More than that, amid the thousand of pages of Nvidia's public documentation for the X1 is a section on how to "bypass the SMMU" (the System Memory Management Unit), which gave the hackers a viable method to copy and write a modified kernel to the Switch's system RAM. As Plutoo put it in the talk, "Nvidia backdoored themselves."
The Internet

Lawsuit Filed By 22 State Attorneys General Seeks To Block Net Neutrality Repeal (techcrunch.com) 353

An anonymous reader quotes a report from TechCrunch: A lawsuit filed today by the attorneys general of 22 states seeks to block the Federal Communications Commission's recent controversial vote to repeal Obama era Net Neutrality regulations. The filing is led by New York State Attorney General Schneiderman, who called rollback a potential "disaster for New York consumers and businesses, and for everyone who cares about a free and open internet." The letter, which was filed in the United States District Court of Appeals in Washington, is cosigned by AGs from California, Connecticut, Delaware, Hawaii, Illinois, Iowa, Kentucky, Maine, Maryland, Massachusetts, Minnesota, Mississippi, New Mexico, North Carolina, Oregon, Pennsylvania, Rhode Island, Vermont, Virginia, Washington and Washington DC.

"An open internet -- and the free exchange of ideas it allows -- is critical to our democratic process," Schneiderman added in an accompanying statement. "The repeal of net neutrality would turn internet service providers into gatekeepers -- allowing them to put profits over consumers while controlling what we see, what we do, and what we say online."

Security

Many Enterprise Mobile Devices Will Never Be Patched Against Meltdown, Spectre (betanews.com) 103

Mark Wilson shares a report from BetaNews: The Meltdown and Spectre bugs have been in the headlines for a couple of weeks now, but it seems the patches are not being installed on handsets. Analysis of more than 100,000 enterprise mobile devices shows that just a tiny percentage of them have been protected against the vulnerabilities -- and some simply may never be protected. Security firm Bridgeway found that just 4 percent of corporate phones and tablets in the UK have been patched against Spectre and Meltdown. Perhaps more worryingly, however, its research also found that nearly a quarter of enterprise mobile devices will never receive a patch because of their age. Organizations are advised to check for the availability of patches for their devices, and to install them as soon as possible. Older devices that will never be patched -- older than Marshmallow, for example -- should be replaced to ensure security, says Bridgeway.
The Almighty Buck

Bitcoin Plunges Below $12,000 To Six-Week Low Over Crackdown Fears (cnbc.com) 174

Bitcoin plunged to a six-week low Tuesday after comments from South Korea's finance minister renewed worries about a crackdown in one of the largest markets for digital currency trading. In a radio program interview, South Korean Finance Minister Kim Dong-yeon said that "the shutdown of virtual currency exchanges is still one of the options" the government has. CNBC reports: Bitcoin dropped more than 17 percent to a low of $11,182.71 on Tuesday, falling below $12,000 for the first time since December 5, according to CoinDesk. CoinDesk's bitcoin price index tracks prices from cryptocurrency exchanges Bitstamp, Coinbase, itBit and Bitfinex. As of 12:13 p.m. ET, bitcoin was trading more than 13 percent lower at $11,759.73 a coin, according to CoinDesk. Trading in South Korean won accounted for about 4 percent of bitcoin trading volume, according to CryptoCompare. U.S. dollar-bitcoin trading had the largest share at 40 percent, the website showed. Other major digital currencies including ethereum and ripple also fell significantly. According to CoinMarketCap data, ethereum was trading at $1,051.83, down more than 20 percent in the last 24 hours, before lifting slightly to $1,117.72. Ripple fell almost 27 percent to $1.33 a token before recovering slightly to $1.36.

Slashdot Top Deals