Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Cellphones

Ask Slashdot: Would You Use A Cellphone With A Kill Code? 56

Slashdot reader gordo3000 writes: Given all the recent headlines about border patrol getting up close and personal with phones, I've been wondering why phone manufacturers don't offer a second emergency pin that you can enter that wipes all private information on the phone? In theory, it should be pretty easy to just input a different pin (or unlock pattern) that opens up a factory reset screen on the phone and in the background begins deleting all personal information.

I'd expect that same code could also lock out the USB port until it is finished deleting the data, to help prevent many of the tools they now have to copy out everything on your phone. This nicely prevents you from having to back up and wipe your phone before every trip but leaves you with a safety measure if you get harassed at the border.

It could be built into the operating system, added by the manufacturer, or perhaps sideloaded as a custom mod -- but that begs the question of whether it'd really be a popular feature. So leave your own thoughts in the comments. Would you use a cellphone with a kill code?
Botnet

UK Police Arrest Suspect Behind Mirai Malware Attacks On Deutsche Telekom (bleepingcomputer.com) 23

An anonymous reader writes: "German police announced Thursday that fellow UK police officers have arrested a suspect behind a serious cyber-attack that crippled German ISP Deutsche Telekom at the end of November 2016," according to BleepingComputer. "The attack in question caused over 900,000 routers of various makes and models to go offline after a mysterious attacker attempted to hijack the devices through a series of vulnerabilities..." The attacks were later linked to a cybercrime groups operating a botnet powered by the Mirai malware, known as Botnet #14, which was also available for hire online for on-demand DDoS attacks.

"According to a statement obtained by Bleeping Computer from Bundeskriminalamt (the German Federal Criminal Police Office), officers from UK's National Crime Agency (NCA) arrested a 29-year-old suspect at a London airport... German authorities are now in the process of requesting the unnamed suspect's extradition, so he can stand trial in Germany. Bestbuy, the name of the hacker that took credit for the attacks, has been unreachable for days."

United States

The Videogame Industry Is Fighting 'Right To Repair' Laws (vice.com) 230

An anonymous reader quotes Motherboard: The video game industry is lobbying against legislation that would make it easier for gamers to repair their consoles and for consumers to repair all electronics more generally. The Entertainment Software Association, a trade organization that includes Sony, Microsoft, Nintendo, as well as dozens of video game developers and publishers, is opposing a "right to repair" bill in Nebraska, which would give hardware manufacturers fewer rights to control the end-of-life of electronics that they have sold to their customers...

Bills making their way through the Nebraska, New York, Minnesota, Wyoming, Tennessee, Kansas, Massachusetts, and Illinois statehouses will require manufacturers to sell replacement parts and repair tools to independent repair companies and consumers at the same price they are sold to authorized repair centers. The bill also requires that manufacturers make diagnostic manuals public and requires them to offer software tools or firmware to revert an electronic device to its original functioning state in the case that software locks that prevent independent repair are built into a device. The bills are a huge threat to the repair monopolies these companies have enjoyed, and so just about every major manufacturer has brought lobbyists to Nebraska, where the legislation is currently furthest along... This setup has allowed companies like Apple to monopolize iPhone repair, John Deere to monopolize tractor repair, and Sony, Microsoft, and Nintendo to monopolize console repair...

Motherboard's reporter was unable to get a comment from Microsoft, Apple, and Sony, and adds that "In two years of covering this issue, no manufacturer has ever spoken to me about it either on or off the record."
Piracy

Seven Film Studios Want 41 Web Sites Blocked By Australian ISPs (computerworld.com.au) 43

angry tapir writes: A group of film studios is undertaking what is set to be the most significant use so far of Australia's anti-piracy laws, which allow rights holders to apply for court orders that can compel ISPs to block their customers from accessing certain piracy-linked sites. A pair of rights holders last year successfully obtained court orders forcing Australia's most popular ISPs to block a handful of sites including The Pirate Bay. Now Village Roadshow wants to have 41 more sites blocked.
Village Roadshow joined six other studios in requesting an injunction Friday in federal court, reports Computerworld. And meanwhile, "a separate site-blocking application has been launched by Australian music labels, which are seeking to have Telstra, Optus, TPG and Foxtel's broadband arm block access to Kickass Torrents."
Transportation

FAA Warns More Drones Are Flying Near Airports (fortune.com) 47

Between February and September of 2016, there were 1,274 reports of drones near airports -- versus just 874 for the same period in 2015, according to newly-released FAA research. "The report detailed more than 1,200 incidents of airplane pilots, law enforcement, air traffic controllers, and U.S. citizens reporting drones flying in places they shouldn't," writes Fortune. An anonymous reader quotes their report: One of takeaway of the report was that while the FAA has received several reports from pilots that drones may have hit their aircraft, the administration was unable to verify any such claim. "Every investigation has found the reported collisions were either birds, impact with other items such as wires and posts, or structural failure not related to colliding with an unmanned aircraft," the FAA said in a statement... Although a drone hasn't smashed into an airplane yet, the FAA "wants to send a clear message that operating drones around airplanes and helicopters is dangerous and illegal. Unauthorized operators may be subject to stiff fines and criminal charges, including possible jail time," the FAA said.
Social Networks

Are Your Slack Conversations Really Private and Secure? (fastcompany.com) 64

An anonymous reader writes: "Chats that seem to be more ephemeral than email are still being recorded on a server somewhere," reports Fast Company, noting that Slack's Data Request Policy says the company will turn over data from customers when "it is compelled by law to do so or is subject to a valid and binding order of a governmental or regulatory body...or in cases of emergency to avoid death or physical harm to individuals." Slack will notify customers before disclosure "unless Slack is prohibited from doing so," or if the data is associated with "illegal conduct or risk of harm to people or property."

The article also warns that like HipChat and Campfire, Slack "is encrypted only at rest and in transit," though a Slack spokesperson says they "may evaluate" end-to-end encryption at some point in the future. Slack has no plans to offer local hosting of Slack data, but if employers pay for a Plus Plan, they're able to access private conversations.

Though Slack has 4 million users, the article points out that there's other alternatives like Semaphor and open source choices like Wickr and Mattermost. I'd be curious to hear what Slashdot readers are using at their own workplaces -- and how they feel about the privacy and security of Slack?
Education

Arizona Bill Would Make Students In Grades 4-12 Participate Once In An Hour of Code (azpbs.org) 141

theodp writes: Christopher Silavong of Cronkite News reports: "A bill, introduced by [Arizona State] Sen. John Kavanagh [R-Fountain Hills] would mandate that public and charter schools provide one hour of coding instruction once between grades 4 to 12. Kavanagh said it's critical for students to learn the language -- even if it's only one session -- so they can better compete for jobs in today's world. However, some legislators don't believe a state mandate is the right approach. Senate Bill 1136 has passed the Senate, and it's headed to the House of Representatives. Kavanagh said he was skeptical about coding and its role in the future. But he changed his mind after learning that major technology companies were having trouble finding domestic coders and talking with his son, who works at a tech company." According to the Bill, the instruction can "be offered by either a nationally recognized nonprofit organization [an accompanying Fact Sheet mentions tech-backed Code.org] that is devoted to expanding access to computer science or by an entity with expertise in providing instruction to pupils on interactive computer instruction that is aligned to the academic standards."
The Courts

Appeals Court: You Have the Right To Film the Police (arstechnica.com) 168

An anonymous reader quotes a report from Ars Technica: A divided federal appeals court is ruling for the First Amendment, saying the public has a right to film the police. But the 5th U.S. Circuit Court of Appeals, in upholding the bulk of a lower court's decision against an activist who was conducting what he called a "First Amendment audit" outside a Texas police station, noted that this right is not absolute and is not applicable everywhere. The facts of the dispute are simple. Phillip Turner was 25 in September 2015 when he decided to go outside the Fort Worth police department to test officers' knowledge of the right to film the police. While filming, he was arrested for failing to identify himself to the police. Officers handcuffed and briefly held Turner before releasing him without charges. Turner sued, alleging violations of his Fourth Amendment right against unlawful arrest and detention and his First Amendment right of speech. The 2-1 decision Thursday by Judge Jacques Wiener is among a slew of rulings on the topic, and it provides fresh legal backing for the so-called YouTube society where people are constantly using their mobile phones to film themselves and the police. A dissenting appellate judge on the case -- Edith Brown Clement -- wrote Turner was not unlawfully arrested and that the majority opinion from the Texas-based appeals court jumped the gun to declare a First Amendment right here because one "is not clearly established."
The Courts

ZeniMax Files Injunction To Stop Oculus From Selling VR Headsets (gamespot.com) 77

ZeniMax, the parent company of Fallout and Skyrim developer Bethesda, has filed for an injunction against virtual-reality company Oculus over the recent stolen technology case. The company had accused Oculus of stealing VR-related code, and was subsequently awarded $500 million by a Dallas court earlier this month. ZeniMax has now filed additional papers against Oculus, requesting that Oculus' products using the stolen code be removed from sale. GameSpot reports: Specifically, ZeniMax is seeking to block sales of its mobile and PC developer kits, as well as technology allowing the integration of Oculus Rift with development engines Unreal and Unity, reports Law360. If the injunction isn't granted, ZeniMax wants a share of "revenues derived from products incorporating its intellectual properties," suggesting a 20 percent cut for at least 10 years. ZeniMax argues the previous settlement of $500 million is "insufficient incentive for [Oculus] to cease infringing." Oculus, meanwhile, says that "ZeniMax's motion does not change the fact that the [original] verdict was legally flawed and factually unwarranted. We look forward to filing our own motion to set aside the jury's verdict and, if necessary, filing an appeal that will allow us to put this litigation behind us," the virtual reality company stated.
Botnet

World's Largest Spam Botnet Adds DDoS Feature (bleepingcomputer.com) 26

An anonymous reader writes from a report via BleepingComputer: Necurs, the world's largest spam botnet with nearly five million infected bots, of which one million are active each day, has added a new module that can be used for launching DDoS attacks. The sheer size of the Necurs botnet, even in its worst days, dwarfs all of today's IoT botnets. The largest IoT botnet ever observed was Mirai Botnet #14 that managed to rack up around 400,000 bots towards the end of 2016 (albeit the owner of that botnet has now been arrested). If this new feature were to ever be used, a Necurs DDoS attack would easily break every DDoS record there is. Fortunately, no such attack has been seen until now. Until now, the Necurs botnet has been seen spreading the Dridex banking trojan and the Locky ransomware. According to industry experts, there's a low chance we'd see the Necurs botnet engage in DDoS attacks because the criminal group behind the botnet is already making too much money to risk exposing their full infrastructure in DDoS attacks.
Government

FCC To Halt Rule That Protects Your Private Data From Security Breaches (arstechnica.com) 117

According to Ars Technica, "The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information." From the report: The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC's new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening. The data security rule requires ISPs and phone companies to take "reasonable" steps to protect customers' information -- such as Social Security numbers, financial and health information, and Web browsing data -- from theft and data breaches. The rule would be blocked even if a majority of commissioners supported keeping them in place, because the FCC's Wireline Competition Bureau can make the decision on its own. That "full commission vote on the pending petitions" could wipe out the entire privacy rulemaking, not just the data security section, in response to petitions filed by trade groups representing ISPs. That vote has not yet been scheduled. The most well-known portion of the privacy order requires ISPs to get opt-in consent from consumers before sharing Web browsing data and other private information with advertisers and other third parties. The opt-in rule is supposed to take effect December 4, 2017, unless the FCC or Congress eliminates it before then. Pai has said that ISPs shouldn't face stricter rules than online providers like Google and Facebook, which are regulated separately by the Federal Trade Commission. Pai wants a "technology-neutral privacy framework for the online world" based on the FTC's standards. According to today's FCC statement, the data security rule "is not consistent with the FTC's privacy standards."
Government

Security Lapse Exposed New York Airport's Critical Servers For a Year (zdnet.com) 44

An anonymous reader quotes a report from ZDNet: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found. The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing anyone to access their contents. Since April last year, the airport had been inadvertently leaking its own highly-sensitive files as a result of the drive's misconfiguration. Vickery, who also posted an analysis of his findings, said the drive "was, in essence, acting as a public web server" because the airport was backing up unprotected copies of its systems to a Buffalo-branded drive, installed by a contract third-party IT specialist. When contacted Thursday, the contractor dismissed the claims and would not comment further. Though the listing still appears on Shodan, the search engine for unprotected devices and databases, the drive has since been secured. The files contained eleven disk images, accounting for hundreds of gigabytes of files and folders, which when mounted included dozens of airport staff email accounts, sensitive human resources files, interoffice memos, payroll data, and what appears to be a large financial tracking database. Many of the files we reviewed include "confidential" internal airport documents, which contain schematics and details of other core infrastructure.
The Courts

Founder of India's $4 Smartphone Firm Arrested on Allegations of Fraud (reuters.com) 24

Remember the $4 smartphone from India? Yeah, things haven't really materialized. Reuters reports: The founder of an Indian tech firm that shot to prominence by offering a $4 smartphone has been arrested on allegations of fraud, after a handset dealer accused the company of not refunding him for an unfulfilled order, the police said. Mohit Goel, the founder of Ringing Bells, was arrested Thursday afternoon in Uttar Pradesh and will be produced in court later on Friday, said Rahul Srivastav, a police spokesman from the northern Indian state. Goel and his company made headlines last year with the "Freedom" smartphone, which was priced at 251 rupees ($3.77), attracting strong demand but also widespread scepticism and scrutiny from regulators even in price-conscious India, where cheap smartphones are big sellers. The founder was arrested after a dealer said he had paid 3 million Indian rupees for an order of handsets but had received only a fraction of the order. He further said some of the phones received were defective, according to the police.
Google

Alphabet's Waymo Sues Uber For Allegedly Stealing Self-Driving Secrets (bloomberg.com) 63

An anonymous reader quotes a report from Bloomberg: It took Alphabet Inc.'s Waymo seven years to design and build a laser-scanning system to guide its self-driving cars. Uber Technologies Inc. allegedly did it in nine months. Waymo claims in a lawsuit filed Thursday that was possible because a former employee stole the designs and technology and started a new company. Waymo accuses several employees of Otto, a self-driving startup Uber acquired in August for $680 million, of lifting technical information from Google's autonomous car project. The "calculated theft" of Alphabet's technology earned Otto's employees more than $500 million, according to the complaint in San Francisco federal court. The claims in Thursday's case include unfair competition, patent infringement and trade secret misappropriation. Waymo was inadvertently copied on an e-mail from one of its vendors, which had an attachment showing an Uber lidar circuit board that had a "striking resemblance" to Waymo's design, according to the complaint. Anthony Levandowski, a former manager at Waymo, in December 2015 downloaded more than 14,000 proprietary and confidential files, including the lidar circuit board designs, according to the complaint. He also allegedly created a domain name for his new company and confided in some of his Waymo colleagues of plans to "replicate" its technology for a competitor. Levandowski left Waymo in January 2016 and went on in May to form Otto LLC, which planned to develop hardware and software for autonomous vehicles.
Bug

Cloudflare Leaks Sensitive User Data Across the Web (theregister.co.uk) 86

ShaunC writes: In a bug that's been christened "Cloudbleed," Cloudflare disclosed today that some of their products accidentally exposed private user information from a number of websites. Similar to 2014's Heartbleed, Cloudflare's problem involved a buffer overrun that allowed uninitialized memory contents to leak into normal web traffic. Tavis Ormandy, of Google's Project Zero, discovered the flaw last week. Affected sites include Uber, Fitbit, and OK Cupid, as well as unnamed services for hotel booking and password management. Cloudflare says the bug has been fixed, and Google has purged affected pages from its search index and cache. Further reading: The Register, Ars Technica

Slashdot Top Deals