Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - Former Boeing 737 MAX Chief Technical Pilot Indicted for Fraud (justice.gov)

Submitted by McGruber
McGruber writes: A federal grand jury in the Northern District of Texas returned an indictment charging Mark A. Forkner, former Chief Technical Pilot for The Boeing Company (Boeing), with deceiving the Federal Aviation Administration’s Aircraft Evaluation Group (FAA AEG) in connection with the FAA AEG’s evaluation of Boeing’s 737 MAX airplane, and scheming to defraud Boeing’s U.S.based airline customers to obtain tens of millions of dollars for Boeing.

    As alleged in the indictment, Forkner provided the agency with materially false, inaccurate, and incomplete information about a new part of the flight controls for the Boeing 737 MAX called the Maneuvering Characteristics Augmentation System (MCAS). Because of his alleged deception, a key document published by the FAA AEG lacked any reference to MCAS. In turn, airplane manuals and pilot-training materials for U.S.-based airlines lacked any reference to MCAS — and Boeing’s U.S.-based airline customers were deprived of important information when making and finalizing their decisions to pay Boeing tens of millions of dollars for 737 MAX airplanes.

On or about Oct. 29, 2018, after the FAA AEG learned that Lion Air Flight 610 — a 737 MAX — had crashed near Jakarta, Indonesia, shortly after takeoff and that MCAS was operating in the moments before the crash, the FAA AEG discovered the information about the important change to MCAS that Forkner had withheld. Having discovered this information, the FAA AEG began reviewing and evaluating MCAS.

On or about March 10, 2019, while the FAA AEG was still reviewing MCAS, the FAA AEG learned that Ethiopian Airlines Flight 302 — a 737 MAX — had crashed near Ejere, Ethiopia, shortly after takeoff and that MCAS was operating in the moments before the crash. Shortly after that crash, all 737 MAX airplanes were grounded in the United States.

Earlier Slashdot article: https://yro.slashdot.org/story...

Submission + - SPAM: Tether Fined $41 Million For Lying About Fiat Currency Backing

Submitted by Anonymous Coward
An anonymous reader writes: Tether will pay $41 million to settle allegations it lied in claiming its digital tokens were fully backed by fiat currencies, putting a major compliance headache behind the world’s biggest issuer of stablecoins even as regulatory scrutiny intensifies. For years, Tether told customers and the broader cryptocurrency market that it had $1 in reserve to back every token, the Commodity Futures Trading Commission said in a Friday statement. That claim was wildly misleading, according to the agency. For instance, from June to September 2017, there was never more than $61.5 million backing Tether, even as roughly 442 million coins were circulating at one point.

“This case highlights the expectation of honesty and transparency in the rapidly growing and developing digital assets marketplace,” said acting CFTC Chairman Rostin Behnam. In its enforcement action, the CFTC said Tether failed to disclose that it held unsecured receivables and non-fiat assets as part of its reserves, and falsely told investors it would undergo routine, professional audits to demonstrate that it maintained “100% reserves at all times.” In fact, Tether reserves weren’t audited, the agency said. Until at least 2018, Tether manually kept tabs on its reserve levels, a process that wasn’t updated in real time, the CFTC said. Tether didn’t admit or deny the CFTC’s allegations. “Tether agreed to resolve this matter in order to move forward and focus on the future,” the company said in a statement posted on its website. The CFTC also announced that Bitfinex, a crypto exchange affiliated with Tether, was fined $1.5 million for permitting retail transactions by American residents.
Link to Original Source

Submission + - SPAM: 7-Eleven Breached Customer Privacy By Collecting Facial Imagery Without Consent

Submitted by Anonymous Coward
An anonymous reader writes: In Australia, the country's information commissioner has found that 7-Eleven breached customers' privacy by collecting their sensitive biometric information without adequate notice or consent. From June 2020 to August 2021, 7-Eleven conducted surveys that required customers to fill out information on tablets with built-in cameras. These tablets, which were installed in 700 stores, captured customers' facial images at two points during the survey-taking process — when the individual first engaged with the tablet, and after they completed the survey. After becoming aware of this activity in July last year, the Office of the Australian Information Commissioner (OAIC) commended an investigation into 7-Eleven's survey.

During the investigation [PDF], the OAIC found 7-Eleven stored the facial images on tablets for around 20 seconds before uploading them to a secure server hosted in Australia within the Microsoft Azure infrastructure. The facial images were then retained on the server, as an algorithmic representation, for seven days to allow 7-Eleven to identify and correct any issues, and reprocess survey responses, the convenience store giant claimed. The facial images were uploaded to the server as algorithmic representations, or "faceprints," that were then compared with other faceprints to exclude responses that 7-Eleven believed may not be genuine. 7-Eleven also used the personal information to understand the demographic profile of customers who completed the survey, the OAIC said.

7-Eleven claimed it received consent from customers who participated in the survey as it provided a notice on its website stating that 7-Eleven may collect photographic or biometric information from users. The survey resided on 7-Eleven's website. As at March 2021, approximately 1.6 million survey responses had been completed. In Australia, an organization is prohibited from collecting sensitive information about an individual unless consent is provided. [...] 7-Eleven [has been ordered] to cease collecting facial images and faceprints as part of the customer feedback mechanism. 7-Eleven has also been ordered to destroy all the faceprints it collected.
Link to Original Source

Submission + - SPAM: How Coinbase Phishers Steal One-Time Passwords

Submitted by Anonymous Coward
An anonymous reader writes: A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts. Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com — was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.

Holden’s team managed to peer inside some poorly hidden file directories associated with that phishing site, including its administration page. That panel, pictured in the redacted screenshot below, indicated the phishing attacks netted at least 870 sets of credentials before the site was taken offline. Holden said each time a new victim submitted credentials at the Coinbase phishing site, the administrative panel would make a loud “ding” — presumably to alert whoever was at the keyboard on the other end of this phishing scam that they had a live one on the hook. In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app. “These guys have real-time capabilities of soliciting any input from the victim they need to get into their Coinbase account,” Holden said. Pressing the “Send Info” button prompted visitors to supply additional personal information, including their name, date of birth, and street address. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code.

Holden said the phishing group appears to have identified Italian Coinbase users by attempting to sign up new accounts under the email addresses of more than 2.5 million Italians. His team also managed to recover the username and password data that victims submitted to the site, and virtually all of the submitted email addresses ended in “.it." But the phishers in this case likely weren’t interested in registering any accounts. Rather, the bad guys understood that any attempts to sign up using an email address tied to an existing Coinbase account would fail. After doing that several million times, the phishers would then take the email addresses that failed new account signups and target them with Coinbase-themed phishing emails. Holden’s data shows this phishing gang conducted hundreds of thousands of halfhearted account signup attempts daily. For example, on Oct. 10 the scammers checked more than 216,000 email addresses against Coinbase’s systems. The following day, they attempted to register 174,000 new Coinbase accounts.
Link to Original Source

Slashdot Top Deals

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Close