Sierra Leone Records World's First Blockchain-Powered Election ( 70

The citizens of Sierra Leone went to the polls on March 7 but this time something was different: the country recorded votes at 70% of the polling to the blockchain using a technology that is the first of its kind in actual practice. The tech, created by Leonardo Gammar of Agora, anonymously stored votes in an immutable ledger, thereby offering instant access to the election results. TechCrunch reports: "Anonymized votes/ballots are being recorded on Agora's blockchain, which will be publicly available for any interested party to review, count and validate," said Gammar. "This is the first time a government election is using blockchain technology." "Sierra Leone wishes to create an environment of trust with the voters in a contentious election, especially looking at how the election will be publicly viewed post-election. By using blockchain as a means to immutably record ballots and results, the country hopes to create legitimacy around the election and reduce fall-out from opposition parties," he said.

Why is this interesting? While this is little more than a proof of concept -- it is not a complete voting record but instead captured a seemingly acceptable plurality of votes -- it's fascinating to see the technology be implemented in Sierra Leone, a country of about 7.4 million people. The goal ultimately is to reduce voting costs by cutting out paper ballots as well as reducing corruption in the voting process.

The Courts

Man Fined For Implanting NFC Train Ticket In Hand ( 106

Unhappy Windows User writes: An Australian man, when checked by a ticket inspector, claimed his smart travel card was implanted in his hand. He took the case to court and lost; the fine and legal fees add up to AU$1220 (USD $950). The man, who self-identifies as a biohacker and is a member of the Science Party, accepts the ruling but states that it won't discourage him from further biohacking. He claimed he was ahead of the law. The prosecution argued that, by cutting the chip out of the card, the ticket was invalidated. It is not clear from the article whether the NFC chip was working correctly and could be read by the inspector, or not. Further reading: BuzzFeed News

China To Bar People With Bad 'Social Credit' From Planes, Trains ( 170

China says it will begin applying its so-called social credit system to flights and trains and stop people who have committed misdeeds from taking such transport for up to a year. From a report: People who would be put on the restricted lists included those found to have committed acts like spreading false information about terrorism and causing trouble on flights, as well as those who used expired tickets or smoked on trains, according to two statements issued on the National Development and Reform Commission's website on Friday. Those found to have committed financial wrongdoings, such as employers who failed to pay social insurance or people who have failed to pay fines, would also face these restrictions, said the statements which were dated March 2. It added that the rules would come into effect on May 1.
The Internet

Tumblr Has a Massive Creepshots Problem ( 122

After Reddit famously banned the creepshots sub-reddit, which shared non-consensual, revealing photos of women, Tumblr now has a slew of users pushing out similar photos across at least dozens of dedicated blogs, a Motherboard investigation has found. From the report: Simply typing 'creepshot' or related terms into Tumblr's built-in search function returns a steady stream of tagged posts, and Google queries easily reveal links to relevant Tumblr blogs. Motherboard found just under 70 Tumblr blogs focused on sharing creepshots, most with a bevy of content. In some cases, the Tumblrs also host 'upskirt' photos or videos, where a camera is deliberately, and stealthily, positioned to look up an unsuspecting person's skirt. Some of the subjects of these images, as well as many of the clothed creepshots, appear to be young, possibly teenagers.

"This is only the tip of the iceberg, there are probably hundreds of these accounts filming in high schools, college campuses, in malls, and on the streets. And Tumblr seems to not care at all about the problem," an anonymous tipster, who first alerted Motherboard to the issue, wrote in an email. One of the most popular creepshot Tumblrs has some 11,000 followers, and one of its posts has over 53,000 interactions linked to it, including reblogs, where the video or picture then appears on the user's own Tumblr, spreading the content further.


Yet Again, Google Tricked Into Serving Scam Amazon Ads ( 49

Zack Whittaker, reporting for ZDNet: For hours on Thursday, the top Google search result for "Amazon" was pointed to a scam site. The bad ad appeared at the very top of the search result for anyone searching for the internet retail giant -- even above the legitimate search result for Anyone who clicked on the ad was sent to a page that tried to trick the user into calling a number for fear that their computer was infected with malware -- and not sent to as they would have hoped.

The page presents itself as an official Apple or Windows support page, depending on the type of computer you're visiting the page from. An analysis of the webpage's code showed that anyone trying to dismiss the popup box on the page would likely trigger the browser expanding to full-screen, giving the appearance of ransomware. A one-off event would be forgivable. But this isn't the first time this has happened. It's at least the second time in two years that Google has served up a malicious ad under Amazon's name.


The 600+ Companies PayPal Shares Your Data With ( 48

AmiMoJo shares a report from Schneier on Security: One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good visualization of that data. Is 600 companies unusual? Is it more than average? Less? We'll soon know.

Walmart Whistleblower Claims Cheating In Race With Amazon ( 35

An anonymous reader quotes a report from Bloomberg: In its race to catch in online retailing, Walmart issued misleading e-commerce results and fired an executive who complained the company was breaking the law, according to a whistle-blower lawsuit. Tri Huynh, a former director of business development at Walmart, claims he was terminated "under false pretenses" after repeatedly raising concerns about the company's "overly aggressive push to show meteoric growth in its e-commerce business by any means possible -- even, illegitimate ones." Under Chief Executive Officer Doug McMillon, Walmart has invested billions to catch up with Amazon in e-commerce over the past few years, and last year enjoyed quarterly online sales growth rates surpassing 50 percent, well above peers that include Target and Best Buy Huynh claims Walmart mislabeled products so that some third-party vendors received lower commissions, failed to process customer returns, and allowed offensive items onto the site. Huynh's dismissal in January 2017 -- just a day after a retail-industry publication singled him out as one of the sector's rising stars -- was in retaliation for warning senior executives about the misdeeds, he said in the lawsuit, filed Thursday by employment litigation attorney David M. deRubertis in San Francisco federal court.
United States

US Says Russia Hacked Energy Grid, Punishes 19 for Meddling ( 223

Associated Press: Pushing back harder on Russia, the Trump administration accused Moscow on Thursday of a concerted hacking operation targeting the U.S. energy grid, aviation systems and other infrastructure, and also imposed sanctions on Russians for alleged interference in the 2016 election. It was the strongest action to date against Russia by the administration, which has long been accused of being too soft on the Kremlin, and the first punishments for election meddling since President Donald Trump took office. The sanctions list included the 13 Russians indicted last month by special counsel Robert Mueller, whose Russia investigation the president has repeatedly sought to discredit. U.S. national security officials said the FBI, Department of Homeland Security and intelligence agencies had determined that Russian intelligence and others were behind a broad range of cyberattacks beginning a year ago that have infiltrated the energy, nuclear, commercial, water, aviation and manufacturing sectors. Further reading: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors (US-Cert); U.S. blames Russia for cyber attacks on energy grid, other sectors (Reuters); U.S. says Russian hackers targeted American energy grid (Politico); Trump administration finally announces Russia sanctions over election meddling (CNN); U.S. sanctions on Russia cite 2016 election interference -- but remain largely symbolic (USA Today); U.S. Sanctions Russians Charged by Mueller for Election Meddling (Bloomberg); and Trump Administration Sanctions Russians for Election Meddling and Cyberattacks (The New York Times).

Encrypted Email Service ProtonMail is Being Blocked in Turkey ( 35

ProtonMail: We have confirmed that Internet service providers in Turkey have been blocking ProtonMail this week. Our support team first became aware of connectivity problems for Turkish ProtonMail users starting on Tuesday. After further investigation, we determined that was unreachable for both Vodafone Turkey mobile and fixed line users. Since then, we have also received some sporadic reports from users of other Turkish ISPs. At one point, the issue was prevalent in every single major city in Turkey. After investigating the issue along with members of the ProtonMail community in Turkey, we have confirmed this is a government-ordered block rather than a technical glitch. Internet censorship in Turkey tends to be fluid so the situation is constantly evolving. Sometimes ProtonMail is accessible, and sometimes it is unreachable. For the first time ever though, we have confirmed that ProtonMail was subject to a block, and could face further issues in the future. In the post, ProtonMail has also outlined ways to bypass the block.
Electronic Frontier Foundation

New Bill In Congress Would Bypass the Fourth Amendment, Hand Your Data To Police ( 247

An anonymous reader quotes a report from Medium: Lawmakers behind a new anti-privacy bill are trying to sneak it through Congress by attaching it to the must-pass government spending bill. The CLOUD Act would hand police in the U.S., and other countries, extreme new powers to obtain and monitor data directly from tech companies instead of requiring a warrant and judicial review. Congressional leadership will decide whether the CLOUD Act gets attached to the omnibus government spending bill sometime this week, potentially as early as tomorrow... If passed, this bill would give law enforcement the power to go directly to tech companies, no matter where they or their servers are, to obtain our data. They wouldn't need a warrant or court oversight, and we'll be left with no protections to ensure law enforcement isn't violating our rights. A recent report from the Electronic Frontier Foundation explains how the CLOUD Act circumvents the Fourth Amendment. "This new backdoor for cross-border data mirrors another backdoor under Section 702 of the FISA Amendments Act, an invasive NSA surveillance authority for foreign intelligence gathering," reports the EFF. "That law, recently reauthorized and expanded by Congress for another six years, gives U.S. intelligence agencies, including the NSA, FBI, and CIA, the ability to search, read, and share our private electronic messages without first obtaining a warrant. The new backdoor in the CLOUD Act operates much in the same way. U.S. police could obtain Americans' data, and use it against them, without complying with the Fourth Amendment."

Jewelry Site Leaks Personal Details, Plaintext Passwords of 1.3 Million Users ( 37

Chicago-based MBM Company's jewelry brand Limoges Jewelry has accidentally leaked the personal information for over 1.3 million people. This includes addresses, zip-codes, e-mail addresses, and IP addresses. The Germany security firm Kromtech Security, which found the leak via an unsecured Amazon S3 storage bucket, also claims the database contained plaintext passwords. The Next Web reports: In a press release, Kromtech Security's head of communicationis, Bob Diachenko, said: "Passwords were stored in the plain text, which is great negligence [sic], taking into account the problem with many users re-using passwords for multiple accounts, including email accounts." The [MSSQL database] backup file was named "MBMWEB_backup_2018_01_13_003008_2864410.bak," which suggests the file was created on January 13, 2018. It's believed to contain current information about the company's customers. Records held in the database have dates reaching as far back as 2000. The latest records are from the start of this year. Other records held in the database include internal mailing lists, promo-codes, and item orders, which leads Kromtech to believe that this could be the primary customer database for the company. Diachenko says there's no evidence a malicious third-party has accessed the dump, but that "that does not mean that nobody [has] accessed the data."

Toys R Us To Close All 800 of Its US Stores ( 194

Toy store chain Toys R Us is reportedly planning to sell or close all 800 of its U.S. stores (Warning: source may be paywalled; alternative source), affecting as many as 33,000 jobs as the company winds down its operations after six decades. The Washington Post reports: The news comes six months after the retailer filed for bankruptcy. The company has struggled to pay down nearly $8 billion in debt -- much of it dating back to a 2005 leveraged buyout -- and has had trouble finding a buyer. There were reports earlier this week that Toys R Us had stopped paying its suppliers, which include the country's largest toy makers. On Wednesday, the company announced it would close all 100 of its U.K. stores. In the United States, the company told employees closures would likely occur over time, and not all at once, according to the source, who spoke on the condition of anonymity because they were not authorized to discuss internal deliberations.

Sri Lanka Accuses Facebook of Failing To Control Hate Speech That Contributed To Deadly Riots ( 73

The Sri Lankan government is accusing Facebook of failing to control rampant hate speech that it says contributed to anti-Muslim riots last week that left three people dead and the country under a state of emergency. The accusations come after the country blocked Facebook and several other platforms last week in an effort to prevent the spread of hate speech. The Guardian reports: On Thursday Fernando, along with the Sri Lankan prime minister, Ranil Wickremesinghe, and communications officials, will meet a Facebook team that has flown to Colombo. The Sri Lankans will demand a new, faster system for taking down posts flagged as a national security risk by agencies in the country. "Facebook is not reacting as fast as we have wanted it to react," Fernando said. "In the past it has taken various number of days to review [flagged posts] or even to take down the pages." On Tuesday he highlighted a tweet from a user who claimed to have reported a Facebook post in the Sinhala language that read "Kill all Muslims, don't even let an infant of the dogs escape." The user claimed he received a reply six days later saying the post did not contravene a specific Facebook community standard. The extremist leader Amith Weerasinghe, who was arrested last week in Kandy after being accused of helping to instigate the violence, had amassed nearly 150,000 followers on his Facebook page before it was taken down last week.

Former Equifax CIO Charged With Insider Trading ( 90

OffTheLip writes: Jun Ying, a former CIO with Equifax has been charged with insider trading by the US Department of Justice. From the linked article:

Wednesday's announcement marks the first criminal charge brought in one of the largest data breaches in history. Ying, the former chief information officer for Equifax's U.S. information-solutions business, used confidential information entrusted to him by the company to determine it had been hacked, according to a separate complaint filed by the Securities and Exchange Commission.

ZDNet adds: According to a Justice Department statement, Ying sent a text message to a colleague two weeks before Equifax revealed the hack, in which he said the breach "sounds bad." Three days later, Ying searched the web to research the effect of Experian's 2015 own breach on its stock price. Later that day, Ying excised all his available stock options.


SEC Charges Theranos, CEO Elizabeth Holmes With 'Massive Fraud' ( 128

An anonymous reader quotes a report from Engadget: The SEC has charged Theranos, Elizabeth Holmes and Ramesh "Sunny" Balwani with fraud relating to the startup's fundraising activities. The company, as well as CEO Holmes and former president Balwani are said to have raised more than $700 million from investors through "an elaborate, years-long fraud." This involved making "false statements about the company's technology, business and financial performance." In a statement, the commission said that the company, and its two executives, misled investors about the capability of its blood testing technology. Theranos' big selling point was that its hardware could scan for a number of diseases with just a small drop of blood. Unfortunately, the company was never able to demonstrate that its system worked as well as its creators claimed.

The company and Elizabeth Holmes have already agreed to settle the charges leveled against them by the SEC. Holmes will have to pay a $500,000 fine and return 18.9 million shares in Theranos that she owned, as well as downgrading her super-majority equity into common stock. The CEO is now barred from serving as the officer or director of a public company for 10 years. In addition, if Theranos is liquidated or acquired, Holmes cannot profit from her remaining shareholding unless $750 million is handed back to defrauded investors. Balwani, on the other hand, is facing a federal court case in the Northern District of California where the SEC will litigate its claims against him.
Worth noting: the court still has to approve the deals between Holmes and Theranos, and neither party has admitted any wrongdoing.

'Women At Microsoft Are Sexualized By Their Male Managers,' Lawsuit Alleges ( 181

An anonymous reader quotes a report from Ars Technica: According to a newly unsealed court filing, women at Microsoft who work in technical jobs filed 238 internal complaints pertaining to gender discrimination or sexual harassment from 2010 through 2016. The new document was first reported Monday evening by Reuters. The figures were revealed as part of a proposed class-action lawsuit originally filed in 2015 (Moussouris v. Microsoft). The female plaintiffs argue that the company's internal rating system discriminates against women and disfavors professional advancement for women.

As part of the class certification process and civil discovery, Microsoft handed over years of records to the plaintiffs' lawyers. In the Monday-released filing, which was originally submitted to the court in October 2017, Moussouris' lawyer, Michael Subit, wrote that "Microsoft's Culture is Rife with Sexual Harassment" before continuing: "Company records indicate that women at Microsoft are sexualized by their male managers and coworkers, leading to a substantial number of incidents of alleged sexual harassment, and even several incidents of sexual assault, that often go unpunished." Specifically, Subit continued, Microsoft's internal unit (known as "ERIT") received 108 complaints of sexual harassment filed by female US-based technical employees, 119 complaints of gender discrimination, eight complaints of retaliation, and three complaints of pregnancy discrimination. Out of all of the claimed instances of gender discrimination, Microsoft's internal investigation only found that one such complaint was "founded."


Privacy-Busting Bugs Found in Popular VPN Services Hotspot Shield, Zenmate and PureVPN ( 60

A report by VpnMentor, a website which ranks VPN services, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users. VpnMentor says it hired a team of three external ethical hackers to find vulnerabilities in three random popular VPNs. While one hacker wants to keep his identity private, the other two are known as File Descriptor and Paulos Yibelo. ZDNet: The research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location. In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services. [...] AnchorFree, which makes Hotspot Shield, fixed the bugs, and noted that its mobile and desktop apps were not affected by the bugs. The researchers also reported similar IP leaking bugs to Zenmate and PureVPN.
The Internet

Reddit and the Struggle To Detoxify the Internet ( 404

In an article published on The New Yorker this week, Andrew Marantz discusses the state of free speech on the Web and takes a look at Reddit, the internet's fourth-most-popular site, after Google, YouTube, and Facebook. Some excerpts from the story: On November 23, 2016, shortly after President Trump's election, Reddit CEO Steve Huffman was at his desk, in San Francisco, perusing the site. It was the day before Thanksgiving. Reddit's administrators had just deleted a subreddit called r/Pizzagate, a forum for people who believed that high-ranking staffers of Hillary Clinton's Presidential campaign, and possibly Clinton herself, were trafficking child sex slaves. The reason for the ban, according to Reddit's administrators, was not the beliefs of people on the subreddit, but the way they'd behaved -- specifically, their insistence on publishing their enemies' private phone numbers and addresses, a clear violation of Reddit's rules. [...] Some of the conspiracy theorists left Reddit and reunited on Voat, a site made by and for the users that Reddit sloughs off. Other Pizzagaters stayed and regrouped on r/The_Donald, a popular pro-Trump subreddit. Throughout the Presidential campaign, The_Donald was a hive of Trump boosterism. By this time, it had become a hermetic subculture, full of inside jokes and ugly rhetoric. The community's most frequent commenters, like the man they'd helped propel to the Presidency, were experts at testing boundaries. Within minutes, they started to express their outrage that Pizzagate had been deleted.

Redditors are pseudonymous, and their pseudonyms are sometimes prefaced by "u," for "username." Huffman's is Spez. As he scanned The_Donald, he noticed that hundreds of the most popular comments were about him: "fuck u/spez", "u/spez is complicit in the coverup". One commenter simply wrote "u/SPEZ IS A CUCK," in bold type, a hundred and ten times in a row. Huffman, alone at his computer, wondered whether to respond. "I consider myself a troll at heart," he said later. "Making people bristle, being a little outrageous in order to add some spice to life -- I get that. I've done that." Privately, Huffman imagined The_Donald as a misguided teen-ager who wouldn't stop misbehaving. "If your little brother flicks your ear, maybe you ignore it," he said. "If he flicks your ear a hundred times, or punches you, then maybe you give him a little smack to show you're paying attention."

Although redditors didn't yet know it, Huffman could edit any part of the site. He wrote a script that would automatically replace his username with those of The_Donald's most prominent members, directing the insults back at the insulters in real time: in one comment, "Fuck u/Spez" became "Fuck u/Trumpshaker"; in another, "Fuck u/Spez" became "Fuck u/MAGAdocious." The_Donald's users saw what was happening, and they reacted by spinning a conspiracy theory that, in this case, turned out to be true. "Manipulating the words of your users is fucked," a commenter wrote.


Trump's Pick for New CIA Director Is Career Spymaster ( 312

An anonymous reader shares a AP report: President Donald Trump's choice to be the first female director of the CIA is a career spymaster who once ran an agency prison in Thailand where terror suspects were subjected to a harsh interrogation technique that the president has supported. Trump tweeted Tuesday that CIA Director Mike Pompeo will replace Rex Tillerson as secretary of state and that he has selected Gina Haspel to replace Pompeo. Haspel, the current deputy CIA director, also helped carry out an order that the agency destroy its waterboarding videos. That order prompted a lengthy Justice Department investigation that ended without charges. Haspel, who has extensive overseas experience, briefly ran a secret CIA prison where accused terrorists Abu Zubayadah and Abd al Rahim al-Nashiri were waterboarded in 2002, according to current and former U.S. intelligence officials, who spoke to The Associated Press on condition of anonymity.

US Navy Under Fire In Mass Software Piracy Lawsuit ( 121

An anonymous reader quotes a report from TorrentFreak: In 2011 and 2012, the U.S. Navy began using BS Contact Geo, a 3D virtual reality application developed by German company Bitmanagement. The Navy reportedly agreed to purchase licenses for use on 38 computers, but things began to escalate. While Bitmanagement was hopeful that it could sell additional licenses to the Navy, the software vendor soon discovered the U.S. Government had already installed it on 100,000 computers without extra compensation. In a Federal Claims Court complaint filed by Bitmanagement two years ago, that figure later increased to hundreds of thousands of computers. Because of the alleged infringement, Bitmanagement demanded damages totaling hundreds of millions of dollars. In the months that followed both parties conducted discovery and a few days ago the software company filed a motion for partial summary judgment, asking the court to rule that the U.S. Government is liable for copyright infringement. According to the software company, it's clear that the U.S. Government crossed a line. In its defense, the U.S. Government had argued that it bought concurrent-use licenses, which permitted the software to be installed across the Navy network. However, Bitmanagement argues that it is impossible as the reseller that sold the software was only authorized to sell PC licenses. In addition, the software company points out that the word "concurrent" doesn't appear in the contracts, nor was there any mention of mass installations. The full motion brings up a wide range of other arguments as well which, according to Bitmanagement, make it clear that the U.S. Government is liable for copyright infringement.

Slashdot Top Deals