Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
AT&T

New FCC Report Says AT&T and Verizon Zero-Rating Violates Net Neutrality (theverge.com) 74

An anonymous reader quotes a report from The Verge: Just a week and a half before he is set to leave office, FCC Chairman Tom Wheeler has issued a new report stating that the zero-rated video services offered by ATT and Verizon may violate the FCC's Open Internet Order. Assembled by the FCC's Wireless Telecommunications Bureau, the report focuses on sponsored data programs, which allow companies to pay carriers to exempt exempt their data from customers' data caps. According to the report, many of those packages simply aren't playing fair. "While observing that ATT provided incomplete responses to staff inquires," Wheeler wrote to Senators, "the report states that the limited information available supports a conclusion that ATT offers Sponsored Data to third-party content providers at terms and conditions that are effectively less favorable than those it offers to its affiliate, DirecTV." In theory, sponsored data should be an even playing field, with providers bearing the costs and making the same charges regardless of who's footing the bill. But according to the report, ATT treats the DirectTV partnership very differently from an unaffiliated sponsored data system, giving the service a strong advantage over competitors. "ATT appears to view the network cost of Sponsored Data for DIRECTV Now as effectively de minimis," the report concludes. While ATT still bears some cost for all that free traffic, it's small enough that the carrier doesn't seem to care. The report raises similar concerns regarding Verizon's Go90 program, although it concludes Verizon's program may be less damaging. Notably, the letter does not raise the same concerns about T-Mobile's BingeOn video deal, since it "charges all edge providers the same zero rate for participating."
Privacy

Japan Researchers Warn of Fingerprint Theft From 'Peace' Sign (phys.org) 119

Tulsa_Time quotes a report from Phys.Org: Could flashing the "peace" sign in photos lead to fingerprint data being stolen? Research by a team at Japan's National Institute of Informatics (NII) says so, raising alarm bells over the popular two-fingered pose. Fingerprint recognition technology is becoming widely available to verify identities, such as when logging on to smartphones, tablets and laptop computers. But the proliferation of mobile devices with high-quality cameras and social media sites where photographs can be easily posted is raising the risk of personal information being leaked, reports said. The NII researchers were able to copy fingerprints based on photos taken by a digital camera three meters (nine feet) away from the subject.
Bug

Buggy Domain Validation Forces GoDaddy To Revoke SSL Certificates (threatpost.com) 33

msm1267 quotes a report from Threatpost: GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar's domain validation process. The bug was introduced July 29 and impacted fewer than two percent of the certificates GoDaddy issued from that date through yesterday, said vice president and general manager of security products Wayne Thayer. "GoDaddy inadvertently introduced the bug during a routine code change intended to improve our certificate issuance process," Thayer said in a statement. "The bug caused the domain validation process to fail in certain circumstances." GoDaddy said it was not aware of any compromises related to the bug. The issue did expose sites running SSL certs from GoDaddy to spoofing where a hacker could gain access to certificates and pose as a legitimate site in order to spread malware or steal personal information such as banking credentials. GoDaddy has already submitted new certificate requests for affected customers. Customers will need to take action and log in to their accounts and initiate the certificate process in the SSL Panel, Thayer said.
Microsoft

Microsoft To Enhance User Privacy Controls In Upcoming Windows 10 Update (hothardware.com) 183

MojoKid writes: When Microsoft first launched Windows 10, it was generally well-received but also came saddled with a number of privacy concerns. It has taken quite a while for Microsoft to respond to these concerns in a meaningful way, but the company is finally proving that it's taking things seriously by detailing some enhanced privacy features coming to a future Windows 10 build. Microsoft is launching what it calls a (web-based) privacy dashboard, which lets you configure anything and everything about information that might be sent to back to the mothership. You can turn all tracking off, or pick and choose, if certain criteria don't concern you too much, like location or health activity, for example. Also, for fresh installs, you'll be given more specific privacy options so that you can feel confident from the get-go about the information you're sending Redmond's way. If you do decide to send any information Microsoft's way, the company promises that it won't use your information for the sake of targeted advertising.
Government

US Releases Declassified Report On Russian Hacking, Concludes That Putin 'Developed a Clear Preference' For Trump (theverge.com) 732

An anonymous reader quotes a report from The Verge: The Office of the Director of National Intelligence has released its unclassified report on Russian hacking operations in the United States. "We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the U.S. presidential election," according to the report. "Russia's goals were to undermine public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump." The report, titled "Assessing Russian Activities and Intentions in Recent U.S. Elections," details the successful hack of the Democratic National Committee. "The Kremlin's campaign aimed at the U.S. election featured disclosures of data obtained through Russian cyber operations; intrusions into U.S. state and local electoral boards; and overt propaganda," according to the report. The report states that Russian intelligence services made cyber-attacks against "both major U.S. political parties" to influence the 2016 election. The report also publicly names Guccifer 2.0 and DCLeaks.com, two sources of stolen information released to the public, as Russian operatives working on behalf of the country's military intelligence unit, the GRU. Officials from the organization were recently the target of U.S. sanctions. WikiLeaks is also cited as a recipient of stolen information. The report also notes that the U.S. has determined Russia "accessed elements of multiple state or local electoral boards," though no vote-tallying processes were tampered with. The FBI and CIA have "high confidence" the election tampering was ordered by Putin to help then-candidate Trump, according to the report. NSA has "moderate confidence" in the assessment. bongey writes: The declassified DNI report offers no direct evidence of Russia hacking DNC or Podesta emails. Exactly half of the report (subtract blank and TOC) 9 of 18 is just devoted to going after RT.com by claiming they have close ties to Russia and therefore a propaganda arm, trying to imply that rt.com is related to the hacking. "Many of the key judgments in this assessment rely on a body of reporting from multiple sources that are consistent with our understanding of Russian behavior. Insights into Russian efforts -- including specific cyber operations -- and Russian views of key U.S. players derive from multiple corroborating sources. Some of our judgments about Kremlin preferences and intent are drawn from the behavior of Kremlin loyal political figures, state media, and pro-Kremlin social media actors, all of whom the Kremlin either directly uses to convey messages or who are answerable to the Kremlin." UPDATE 1/6/17: President-elect Donald Trump met with U.S. intelligence officials Friday, calling the meeting "constructive" and offering praise for intel officials. "While Russia, China, other countries, outside groups and people are consistently trying to break through the cyber infrastructure of our governmental institutions, businesses and organizations including the Democrat National Committee, there was absolutely no effect on the outcome of the election, including the fact that there was no tampering whatsoever with voting machines," Trump said in a statement after the meeting.

Submission + - Possibly fatal blow against a patent trolls. (computerworld.com)

whoever57 writes: Patent trolls rely on the fact that they have no assets and, if they lose a case, they can fold the company that owned the patent and sued, thus avoiding paying any the defendant's legal bills. However, in a recent case, the judge has told the winning defendant that it can claim its legal bills from the law firm. The decision is based on the plaintiff's law firm using a contract under which it would take a portion of any judgment, making it more than just counsel, but instead a partner with the plaintiff. This will likely result in law firms wanting to be paid up front, instead of offering a contingency-based fee.

Submission + - A Coal-Fired Power Plant in India Is Turning Carbon Dioxide Into Baking Soda (technologyreview.com)

schwit1 writes: In the southern Indian city of Tuticorin, locals are unlikely to suffer from a poorly risen cake. That’s because acoal-fired thermal power station in the area captures carbon dioxide and turns it into baking soda.

Carbon capture schemes are nothing new. Typically, they use a solvent, such as amine, to catch carbon dioxide and prevent it from escaping into the atmosphere. From there, the CO2 can either be stored away or used.

But the Guardian reports that a system installed in the Tuticorin plant uses a new proprietary solvent developed by the company Carbon Clean Solutions. The solvent is reportedly just slightly more efficient than those used conventionally, requiring a little less energy and smaller apparatus to run. The collected CO2 is used to create baking soda, and it claims that as much as 66,000 tons of the gas could be captured at the plant each year.

Its operators say that the marginal gain in efficiency is just enough to make it feasible to run the plant without a subsidy. In fact, it’s claimed to be the first example of an unsubsidized industrial plant capturing CO2 for use.

A “climate change” project that doesn’t involve taxpayer dollars? Is that even allowed?

China

Apple Removes NYTimes App in China, Shows How Far It Is Willing To Go To Please Local Authority (theguardian.com) 174

Apple has removed the New York Times app from its store in China after a government request, in an example of how far the company will go to please the authorities in its third-largest market. From a report: China operates what is thought to be the largest internet censorship regime in the world, blocking thousands of foreign websites viewed as a threat by the ruling Communist party. Google, Twitter, Facebook Youtube and Instagram are all inaccessible. Apple removed the English and Chinese-language versions of the New York Times app on 23 December, although it was not immediately clear why. "We have been informed that the app is in violation of local regulations," said Carolyn Wu, an Apple spokeswoman. "As a result the app must be taken down off the China app store. When this situation changes the app store will once again offer the New York Times app for download in China."

Comment Americans prefer Jewish candidates to Athiests (Score 1) 181

From The Telegraph, Mark Zuckerberg reveals he is no longer an atheist:

The Facebook founder [...] said he believed religion was "very important". It comes after a year in which Zuckerberg, who was raised Jewish, met the pope and [...] praised the Buddhism of his wife Priscilla Chan, posting a photo of himself praying during a visit to a pagoda in Xi'an.

Last week, Zuckerberg posted a message on his own Facebook page wishing followers a Merry Christmas and Happy Hanukkah. In response to a comment asking if he was atheist, he said: "No. I was raised Jewish and then I went through a period where I questioned things, but now I believe religion is very important."

This makes perfect sense for a wannabe politician: A 2012 Gallup poll concluded that potential voters were more likely to refuse to vote for an atheist candidate (43%) than a candidate that was Muslim (40%), gay/lesbian (30%), Mormon (18%), or Jewish (6%). Similar results were found in a 2014 Pew survey that found 53% of those surveyed would reject an atheist presidential candidate, leading "never held office" (52%), age 70-80 (36%), adulterers (35%), and gay/lesbian (27%). Both polls concluded that being atheist was among the least positive aspects as well (Gallop had atheists at the bottom of the list with 54% positive, beating Muslims (58%) and gay/lesbians (68%), while Pew had atheists as tied with gays/lesbians at 5% positive, with the only less supported group being adulterers (2%).

The Gallup poll also tracks favorability of these traits over time, demonstrating that support for an atheist presidential candidate is very slowly improving from 1978's 40% to 1999's 49% to 2012's 54%. Contrast that to the support for a Jewish presidential candidate, which has grown from 82% to 92% to 91% in the same respective polls. They also break these figures down by political party: Republican voters care more about these sorts of things, and their atheist/Jew favorability gap (48% vs 95%) is far greater than the Dems' (58% vs 92%). The GOP's 95% willingness to vote for a Jew is even larger than their willingness to vote for a woman (92%).

Zuck may milk the Jew+Businessman stereotype for personal gain but he is also showing his diversity through the aforementioned visit with the pope. Expect to see similar press-friendly stories on his 50 state tour, whose primary objectives will probably be publicity and then research for where he wants to align his political platform.

Submission + - Schoolyard fight between AV vendors

jetkins writes: It seems that two malware/antivirus companies are involved in a bit of a spat. In a nutshell, the sequence of events appears to be thus:
  • Malwarebytes does not take part in the three regularly-published AV tests, nor has it done for some time.
  • PC Pitstop, makers of PC Matic and other products, decided to commission its own test, which included Malwarebytes without their knowledge.
  • Malwarebytes' product scored poorly in the test.
  • Shortly thereafter, Malwarebytes started detecting PC Matic as a "Potentially Unwanted Program" and suggesting users remove it.

Here's PC Pitstop's take on the situation and here's Malwarebytes' spin on it.

I don't have a dog in this hunt, but the timing does seem a little suspect. What do y'all make of it?

Encryption

U2F Security Keys May Be the World's Best Hope Against Account Takeovers (arstechnica.com) 162

earlytime writes: Large scale account hacks such as the billion user Yahoo breach and targeted phishing hacks of gmail accounts during the U.S. election have made 2016 an infamous year for web security. Along comes U2F/web-security keys to address these issues at a critical time. Ars Technica reports that U2F keys "may be the world's best hope against account takeovers": "The Security Keys are based on Universal Second Factor, an open standard that's easy for end users to use and straightforward for engineers to stitch into hardware and websites. When plugged into a standard USB port, the keys provide a 'cryptographic assertion' that's just about impossible for attackers to guess or phish. Accounts can require that cryptographic key in addition to a normal user password when users log in. Google, Dropbox, GitHub, and other sites have already implemented the standard into their platforms. After more than two years of public implementation and internal study, Google security architects have declared Security Keys their preferred form of two-factor authentication. The architects based their assessment on the ease of using and deploying keys, the security it provided against phishing and other types of password attacks, and the lack of privacy trade-offs that accompany some other forms of two-factor authentication."

The researchers wrote in a recently published report: "We have shipped support for Security Keys in the Chrome browser, have deployed it within Google's internal sign-in system, and have enabled Security Keys as an available second factor in Google's Web services. In this work, we demonstrate that Security Keys lead to both an increased level of security and user satisfaction as well as cheaper support cost."
Government

US Government Begins Asking Foreign Travelers About Social Media (politico.com) 121

schwit1 quotes a report from Politico: Since Tuesday, foreign travelers arriving in the United States on the visa waiver program have been presented with an "optional" request to "enter information associated with your online presence," a government official confirmed Thursday. The prompt includes a drop-down menu that lists platforms including Facebook, Google+, Instagram, LinkedIn and YouTube, as well as a space for users to input their account names on those sites. The new policy comes as Washington tries to improve its ability to spot and deny entry to individuals who have ties to terrorist groups like the Islamic State. But the government has faced a barrage of criticism since it first floated the idea last summer. The Internet Association, which represents companies including Facebook, Google and Twitter, at the time joined with consumer advocates to argue the draft policy threatened free expression and posed new privacy and security risks to foreigners. Now that it is final, those opponents are furious the Obama administration ignored their concerns. The question itself is included in what's known as the Electronic System for Travel Authorization, a process that certain foreign travelers must complete to come to the United States. ESTA and a related paper form specifically apply to those arriving here through the visa-waiver program, which allows citizens of 38 countries to travel and stay in the United States for up to 90 days without a visa. "There are very few rules about how that information is being collected, maintained [and] disseminated to other agencies, and there are no guidelines about limiting the government's use of that information," said Michael W. Macleod-Ball, chief of staff for the American Civil Liberties Union's Washington office. "While the government certainly has a right to collect some information... It would be nice if they would focus on the privacy concerns some advocacy groups have long expressed."
Encryption

Russian Authorities Are Trying To Unlock iPhone 4S From Russian Ambassador's Killer (techcrunch.com) 106

The off-duty police officer who killed the Russian ambassador in Turkey was shot by Turkish special forces minutes after the crime. He had an iPhone 4S on him, and now, Haberturk, Turkish authorities asked for Russia's help to unlock the iPhone. From a report: Given that it's an iPhone 4S and it has a 4-digit passcode, it should be quite easy to unlock the device. There are many solutions out there to do this and authorities don't even need to ask for Apple's help. The iPhone 4S is quite old now and it was a much less secure device. First, the iPhone 4S runs iOS 5 to iOS 9, but many iPhone 4S owners didn't update to recent iOS versions. If the device runs iOS 7 or earlier, getting the content of the device is a piece of cake. The content of the device isn't encrypted as Apple started encrypting all data with iOS 8. Authorities can access this data quite easily. Second, if the iPhone is running iOS 8, remember that the iPhone 4S didn't have a Secure Enclave and Touch ID sensor. The Secure Enclave is a coprocessor that utilizes a secure boot process to make sure that it's uncompromized. It has a secret unique ID not accessible by the rest of the phone, Apple or anyone -- it's like a private key. The phone generates ephemeral keys (think public keys) to talk with the Secure Enclave. They only work with the unique ID to encrypt and decrypt the data on the coprocessor.

Slashdot Top Deals

"I'm not afraid of dying, I just don't want to be there when it happens." -- Woody Allen

Working...