Bruce Schneier writes on his security blog: Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports... "When Tailored Access Operations selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft... this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer..."

The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit?

BrianFagioli quotes BetaNews: Microsoft has partnered with PayPal for a new way to transfer funds using Skype... "Today, we're excited to announce that PayPal is now partnering with Skype to allow users in 22 countries to send money to other Skype users with PayPal via their Skype mobile app. With over one billion Skype mobile downloads to date globally, users will be able to use PayPal directly from their Skype app to seamlessly send money in the moment...across the country or internationally," says John Kunze, VP of Xoom, PayPal.
It's part of a push to make it easier to share money, PayPal writes: Over the past year, we've partnered with Apple, Slack and Microsoft to enable peer-to-peer payments with PayPal and Venmo in more places and in more contexts where people are connecting online and on mobile, such as a voice command with Siri, in chat with iMessage and Slack, and in email via Microsoft's Outlook.com.

schwit1 quotes TheBlaze: Digital gold from Blizzard's massive multiplayer online game "World of Warcraft" is worth more than actual Venezuelan currency, the bolivar, according to new data. Venezuelan resident and Twitter user @KalebPrime first made the discovery July 14 and tweeted at the time that on the Venezuela's black market -- now the most-used method of currency exchange within Venezuela according to NPR -- you can get $1 for 8493.97 bolivars. Meanwhile, a "WoW" token, which can be bought for $20 from the in-game auction house, is worth 8385 gold per dollar. According to sites that track the value of both currencies, KalebPrime's math is outdated, and WoW gold is now worth even more than the bolivar.
That tweet has since gone viral, prompting @KalebPrime to joke that "At this rate when I publish my novel the quotes will read 'FROM THE GUY THAT MADE THE WOW GOLD > VENEZUELAN BOLIVAR TWEET.'"

UnknowingFool writes: A new class action lawsuit from a former Wells Fargo customer claimed the bank charged loan customers for auto insurance they did not need. With auto loans, the bank often requires that full coverage auto insurance be bought when the loan is made. However, lead plaintiff Paul Hancock says that Wells Fargo charged him for auto insurance even though he informed them he already had an insurance policy with another company. Wells Fargo also charged him a late fee when he disputed the charge. Wells Fargo does not dispute that it did this to customers and has offered to refund $80 million to 570,000 customers who were charged for insurance. The lawsuit however is to recoup late fees, delinquency charges, and other fees that the refund would not cover.
NPR describes Wells Fargo actually repossessing the car of a man who was "marked as delinquent for not paying this insurance -- which he didn't want or need or even know about." Friday the bank also revealed the number of "potentially unauthorized accounts" from its earlier fake accounts scandal could be much higher than previous estimates -- and that they're now expecting their legal costs to exceed the $3.3 billion they'd already set aside.

And Reuters reports that the bank will also be paying $108 million "to settle a whistleblower lawsuit claiming it charged military veterans hidden fees to refinance their mortgages, and concealed the fees when applying for federal loan guarantees."

An anonymous reader quotes a report from CNN: The FBI monitored social media on Election Day last year in an effort to track a suspected Russian disinformation campaign utilizing "fake news," CNN has learned. In the months leading up to Election Day, Twitter and Facebook were the feeding grounds for viral "news" stories floating conspiracies and hoaxes, many aimed at spreading negative false claims about Hillary Clinton. On Election Day, dozens of agents and analysts huddled at a command center arrayed with large monitoring screens at the FBI headquarters in Washington watching for security threats, according to multiple sources. That included analysts monitoring cyber threats, after months of mounting Russian intrusions targeting every part of the US political system, from political parties to policy think-tanks to state election systems. On this day, there was also a group of FBI cyber and counterintelligence analysts and investigators watching social media. FBI analysts had identified social media user accounts behind stories, some based overseas, and the suspicion was that at least some were part of a Russian disinformation campaign, according to two sources familiar with the investigation.

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

A company called MegaBots released a video two years ago challenging a Japanese collective to a giant robot fight. About a week later, the Japanese group, Suidobashi Heavy Industry, agreed. Now, according to MegaBots co-founderes, Matt Oehrlein and Gui Cavalcanti, the battle is set to take place in September. Quartz reports: The battle would have happened a bit sooner, but apparently there have been "logistical issues at the originally-chosen venue," according to a release shared with Quartz by MegaBots. Unfortunately for fans hoping to see the battle in action -- presumably including those who backed the Kickstarter project to the tune of $550,000 to bring this robot to life -- the event will be closed to the public and recorded, for fears over the teams' ability to keep spectators safe. (One of the earliest conversations MegaBots had with Suidobashi was trying to figure out how the human pilots inside the robots would themselves "figure out how to not die.") Fans will be able to watch the fight on MegaBots' Facebook and YouTube sites, but it's not clear whether the fight will be live.