Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Government

California Launches Mandatory Data Collection For Police Use-of-Force (seattletimes.com) 83

An anonymous Slashdot reader quotes the AP: All 800 police departments in California must begin using a new online tool launched Thursday to report and help track every time officers use force that causes serious injuries... The tool, named URSUS for the bear on California's flag, includes fields for the race of those injured and the officers involved, how their interaction began and why force was deemed necessary.

"It's sort of like TurboTax for use-of-force incidents," said Justin Erlich, a special assistant attorney general overseeing the data collection and analysis. Departments must report the data under a new state law passed last November. Though some departments already tracked such data on their own, many did not... "As a country, we must engage in an honest, transparent, and data-driven conversation about police use of force," California Attorney General Kamala Harris said in a news release.

It's an open source tool developed by Bayes Impact, and California plans to share the code with other interested law enforcement agencies across the country. Only three other states currently require their police departments to track data about use-of-force incidents, "but their systems aren't digital, and in Colorado's case, only capture shootings."
The Almighty Buck

Accenture Patents a Blockchain-Editing Tool (techweekeurope.co.uk) 80

A blockchain "produces a permanent ledger of transactions with which no one can tamper," reports TechWeekEurope. "Until now." Slashdot reader Mickeycaskill quotes their report: One of the core principles of Blockchain technology has potentially been undermined by the creation of an editing tool. The company responsible however, Accenture, says edits would only be carried out "under extraordinary circumstances to resolve human errors, accommodate legal and regulatory requirements, and address mischief and other issues, while preserving key cryptographic features..."

Accenture's move to create an editing system will no doubt be viewed by some technology observers as a betrayal of what blockchain technology is all about. But the company insisted it is needed, especially in the financial services industry... "The prototype represents a significant breakthrough for enterprise uses of blockchain technology particularly in banking, insurance and capital markets," said Accenture.

They're envisioning "permissioned" blockchain systems, "managed by designated administrators under agreed governance rules," while acknowledging that cyptocurrency remains a different environment where "immutable" record-keeping would still be essential.
Democrats

Guccifer 2.0 Releases More DNC Documents (politico.com) 333

For the past several months, the hacker who calls himself "Guccifer 2.0" has been releasing documents about the Democratic National Committee. Today, he has released a new hoard of documents. Politico reports: The hacker persona Guccifer 2.0 has released a new trove of documents that allegedly reveal more information about the Democratic National Committee's finances and personal information on Democratic donors, as well as details about the DNC's network infrastructure. The cache also includes purported memos on tech initiatives from Democratic vice presidential nominee Tim Kaine's time as governor of Virginia, and some years-old missives on redistricting efforts and DNC donor outreach strategy. Most notable among Tuesday's documents may be the detailed spreadsheets allegedly about DNC fundraising efforts, including lists of DNC donors with names, addresses, emails, phone numbers and other sensitive details. Tuesday's documents regarding the DNC's information technology setup include several reports from 2010 purporting to show that the committee's network passed multiple security scans. In total, the latest dump contains more than 600 megabytes of documents. It is the first Guccifer 2.0 release to not come from the hacker's WordPress account. Instead, it was given out via a link to the small group of security experts attending [a London cybersecurity conference].
Government

World Anti-Doping Agency Says It Was Hacked By Russia (theverge.com) 97

The World Anti-Doping Agency (WADA) is accusing Russian state-sponsored hackers of hacking its database of athletes involved in this year's Olympic Games in Rio. Whether it's in response to the WADA banning 119 Russian athletes from participating in the games due to a doping scandal, it has yet to be determined. The Verge reports: The agency claims the state-sponsored group Fancy Bear is behind the attack, although it doesn't clarify how that attribution was made. The accessed data included medical information, like Therapeutic Use Exemptions issued by International Sports Federations and National Anti-Doping Organizations. The group has reportedly released some of this data and threatened to release more. The attackers reportedly relied on spear phishing emails to gain access to the database and eventually used credentials specifically made for the Rio Olympic games. Fancy Bear was the same group responsible for hacking the Democratic National Committee earlier this year.
Facebook

US Tech Firms Urge Congress To Allow Internet Domain Changeover (reuters.com) 128

Dustin Volz, reporting for Reuters: Major technology companies including Facebook, Google and Twitter are urging Congress to support a plan for the U.S. government to cede control of the internet's technical management to the global community, they said in a joint letter dated on Tuesday. The U.S. Commerce Department has primary oversight of the internet's management, largely because it was invented in the United States. Some Republican lawmakers are trying to block the handover to global stakeholders, which include businesses, tech experts and public interest advocates, saying it could stifle online freedom by giving voting rights to authoritarian governments. The years-long plan to transfer oversight of the nonprofit Internet Corporation for Assigned Names and Numbers, or ICANN, is scheduled to occur on Oct. 1 unless Congress votes to block the handover. The California-based corporation operates the database for domain names such as .com and .net and their corresponding numeric addresses that allow computers to connect. In the Sept. 13 letter, a copy of which had been reviewed by Reuters before it was sent, the technology companies said it was "imperative" that Congress does not delay the transition.
Censorship

Are Governments Denying Internet Access To Their Political Opponents? (technologyreview.com) 149

"Keeping your enemies offline can cripple their chances of overthrowing you," reports the MIT Technology Review. Slashdot reader schwit1 quotes their article: Whether or not your ethnic group has political power is a crucial factor determining your access to the Internet, according to a new analysis. The effect varies from country to country, and is much less pronounced in democratic nations. But the study, published today in Science, suggests that besides censorship, another way national governments prevent opposing groups from organizing online is by denying them Internet access in the first place, says Nils Weidmann, a professor of political science at the University of Konstanz in Germany.
Researchers used a geolocation database to create a map showing subnetwork activity for a large volume of internet traffic, then compared it with geographic data for the world's ethnic groups. "They concluded that excluded groups had significantly lower access compared to the groups in power, and that this can't be explained by other economic or geographic factors (like living in rural vs. urban areas)... 'You don't have to censor if the opposition doesn't get access at all.' "
Government

US Goverment Employees Targetted By New 'GovRAT' Malware (computerworld.com) 30

Security researchers have detected an upgrade to the GoVRAT malware, which targets government employees and bypasses antivirus tools using stolen digital certificates. An anonymous reader quotes Computerworld: Through GovRAT, hackers can potentially steal files from a victim's computer, remotely execute commands, or upload other malware to the system... The malware features an additional function to secretly monitor network traffic over the victim's computer -- something with scary consequences. "If you're downloading something from a particular resource, the hackers can intercept the download and replace it with malware," said InfoArmor CIO Andrew Komarov on Friday.

Last year, InfoArmor said that earlier versions of GovRAT had attacked more than 15 governments around the world, in addition to seven financial institutions and over 100 corporations.
The security researchers say GovRAT comes with "a stolen database of 33,000 Internet accounts, some of which belong to U.S. government employees," including names, email addresses and hashed passwords.
Security

Alleged Proprietors of 'DDOS For Hire' Service vDOS Arrested (krebsonsecurity.com) 63

Long-time Slashdot reader pdclarry writes: Brian Krebs reports that the two youthful (18-year-old) alleged proprietors of vDOS, the DDOS service have been arrested in Israel on a complaint from the FBI. They have been released on $10,000 bond each, their passports lifted, and they have been placed under house arrest, and banned from using the Internet for 30 days. They were probably identified through a massive hack of the vDOS database recently [reported Friday morning on Slashdot].

Krebs also reports that vDOS's DNS addresses were hijacked by the firm BackConnect Security to get out from under a sustained DDOS attack, and that his site, krebsonsecurity.com has been under a sustained DDOS attack since his last article was published, with the packets containing the string "godiefaggot". Those attacks continue, but, as he has been the target of many DDOS attacks in the past, he's covered by a DDOS protection firm.
The two teenagers coordinated more than 150,000 denial-of-service attacks over the last two years, according to Krebs, using at least four servers in Bulgaria.
Crime

Arrests Made After Group Hacks CIA Director's AOL Account (washingtonpost.com) 107

Slashdot reader FullBandwidth writes: U.S. authorities have arrested two North Carolina men accused of hacking into the private email accounts of high-ranking U.S. intelligence officials. [The men] will be extradited next week to Alexandria, where federal prosecutors for the Eastern District of Virginia have spent months building a case against a group that calls itself Crackas With Attitude... Authorities say the group included three teenage boys being investigated in the United Kingdom.
The group used social engineering to access the email accounts of John Brennan, the director of the CIA, as well as the Director of National Intelligence, and former FBI deputy director Mark Giuliano, according to the article. One exploit involved "posing as a Verizon technician and tricking the company's tech-support unit into revealing the CIA director's account number, password and other details." An FBI affidavit alleges that a British teenager named "Cracka" also began forwarding the calls of a former FBI deputy director "to a number associated with the Free Palestine Movement," while "D3F4ULT" paid for a campaign of harassing phone calls. In addition, "According to the affidavit, Cracka appears to have gotten into the law enforcement database simply by calling an FBI help desk and asking for Giuliano's password to be reset..."

"One member told CNN [In a video interview] that he smoked marijuana 'all day every day' and was 'probably' high when gaining access to high-level accounts."
AI

Google's DeepMind Develops New Speech Synthesis AI Algorithm Called WaveNet (qz.com) 46

Artem Tashkinov writes: Researchers behind Google's DeepMind company have been creating AI algorithms which could hardly be applied in real life aside from pure entertainment purposes -- the Go game being the most recent example. However, their most recent development, a speech synthesis AI algorithm called WaveNet, beats the two existing methods of generating human speech by a long shot -- at least 50% by Google's own estimates. The only problem with this new approach is that it's very computationally expensive. The results are even more impressive considering the fact that WaveNet can easily learn different voices and generate artificial breaths, mouth movements, intonation and other features of human speech. It can also be easily trained to generate any voice using a very small sample database. Quartz has a voice demo of Google's current method in its report, which uses recurrent neural networks, and WaveNet's method, which "uses convolutional neural networks, where previously generated data is considered when producing the next bit of information." The report adds, "Researchers also found that if they fed the algorithm classical music instead of speech, the algorithm would compose its own songs."
Databases

Israeli DDoS Provider 'vDOS' Earned $600,000 In Two Years (krebsonsecurity.com) 74

pdclarry writes: Brian Krebs writes that he has obtained the hacked database of an Israeli company that is responsible for most of the large-scale DDoS attacks over the past (at least) 4 years. The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principle owners and masterminds of the attack service, with support services coming from several young hackers in the United States. Records before 2012 were not in the dump, but Krebs believes that the service has actually been operating for decades. The report starts by saying, "vDos -- a so-called 'booter' service has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock websites offline -- has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets." In regard to how long the service has been operating, Krebs believes the service has been operating for decades "because the data leaked in the hack of vDOS suggests that the proprietors erased all digital records of attacks that customers launched between Sept. 2012 (when the service first came online) and the end of March 2016."
Desktops (Apple)

Modified USB Ethernet Adapter Can Steal Windows and Mac Credentials (softpedia.com) 82

An anonymous reader writes from a report via Softpedia: An attacker can use a modified USB Ethernet adapter to fool Windows and Mac computers into giving away their login credentials. The attack relies on using a modified USB Ethernet adapter that runs special software, which tricks the attacked computer into accepting the Ethernet adapter as the network gateway, DNS, and WPAD server. The attack is possible because most computers will automatically install any plug-and-play (PnP) USB device. Even worse, when installing the new (rogue) USB Ethernet adapter, the computer will give out the local credentials needed to install the device. The custom software installed on the USB intercepts these credentials and logs them to an SQLite database. This attack can take around 13 seconds to carry out, and the USB Ethernet adapter can be equipped with an LED that tells the attacker when the login credentials have been stolen.
Security

More Passwords, Please: 98 Million Leaked From 2012 Breach Of 'Russia's Yahoo' (arstechnica.com) 23

Sean Gallagher, writing for ArsTechnica: Another major site breach from four years ago has resurfaced. Today, LeakedSource revealed that it had received a copy of a February 2012 dump of the user database of Rambler.ru, a Russian search, news, and e-mail portal site that closely mirrors the functionality of Yahoo. The dump included usernames, passwords, and ICQ instant messaging accounts for over 98 million users. And while previous breaches uncovered by LeakedSource this year had at least some encryption of passwords, the Rambler.ru database stored user passwords in plain text -- meaning that whoever breached the database instantly had access to the e-mail accounts of all of Rambler.ru's users. The breach is the latest in a series of "mega-breaches" that LeakedSource says it is processing for release. Rambler isn't the only Russian site that has been caught storing unencrpyted passwords by hackers. In June, a hacker offered for sale the entire user database of the Russian-language social networking site VK.com (formerly VKontakte) from a breach that took place in late 2012 or early 2013; that database also included unencrypted user passwords, as ZDNet's Zach Whittaker reported.
Piracy

Warner Bros Issues Takedown For Own Website (bbc.co.uk) 77

An anonymous reader writes: In a case of sloppy automation run amok, Warner Bros' copyright enforcement contractor -- Vobile -- issued takedown notices for legitimate distributors and Warner Bros' own website, according to the BBC. It also asked the search giant to remove links to legitimate movie streaming websites run by Amazon and Sky, as well as Amazon-owned film database IMDB. Fortunately for them, Google chose to cut them a break and ignore those requests.
Democrats

Clinton's First Email Server Was a Power Mac Tower (arstechnica.com) 223

An anonymous reader shares with us an excerpt from a report via Ars Technica: As she was being confirmed as Secretary of State, Hillary Clinton contacted Colin Powell to ask him about his use of a Blackberry while in the same role. According to a Federal Bureau of Investigations memorandum published today (PDF), Powell warned Clinton that if it became public that she was using a Blackberry to "do business," her e-mails would be treated as "official" record and be subject to the law. "Be very careful," Powell said according to the FBI. "I got around it all by not saying much and not using systems that captured the data." Perhaps Clinton's troubles began when she switched from a Blackberry-hosted e-mail account to an account on her Clintonemail.com domain -- a domain hosted on an Apple Power Mac "G4 or G5" tower running in the Clintons' Chappaqua, New York residence. The switch to the Power Mac as a server occurred the same month she exchanged messages with Powell. The Power Mac, originally purchased in 2007 by former President Clinton's aide Justin Cooper, had acted as the server for presidentclinton.com and wjcoffice.com. Cooper managed most of the technology support for Bill Clinton and took charge of setting up Hillary Clinton's new personal mail system on the Power Mac, which sat alongside a firewall and network switching hardware in the basement of the Clintons' home. But the Power Mac was having difficulty handling the additional load created by Blackberry usage from Secretary Clinton and her staff, so a decision was made quickly to upgrade the server hardware. Secretary Clinton's deputy chief of staff at the State Department, Huma Abedin, connected Cooper with Brian Pagliano, who had worked in IT for the secretary's 2008 presidential campaign. Cooper inquired with Pagliano about getting some of the campaign's computer hardware as a replacement for the Power Mac, and Pagliano was in the process of selling the equipment off.
Security

Hackers Stole Over 43 Million Last.fm Accounts In 2012 Breach (zdnet.com) 25

The aftermath of 2012's infamous hack is shaping up to be more serious than we had anticipated. An anonymous reader writes: Last.fm suffered a data breach back in 2012, but details of the attack were not disclosed. On Thursday, breach notification site LeakedSource, which obtained a copy of the database and posted details of the hack in a blog post, said more than 43.5 million accounts were stolen.

The database also contained hashed passwords, scrambled with the MD5 algorithm that nowadays is easy to crack. LeakedSource said that the algorithm is "so insecure" that it was able to decipher over 96 percent of passwords in just two hours.

Bug

Staff Breach At OneLogin Exposes Password Storage Feature (cso.com.au) 47

River Tam quotes a report from CSO Australia: Enterprise access management firm OneLogin has suffered an embarrassing breach tied to a single employee's credentials being compromised. OneLogin on Tuesday revealed the breach affected a feature called Secure Notes that allowed its users to "store information." That feature however is pitched to users as a secure way to digitally jot down credentials for access to corporate firewalls and keys to software product licenses. The firm is concerned Secure Notes was exposed to a hacker for at least one month, though it may have been from as early as July 2 through to August 25, according to a post by the firm. Normally these notes should have been encrypted using "multiple levels of AES-256 encryption," it said in a blog post. Several thousand enterprise customers, including high profile tech startups, use OneLogin for single sign-on to access enterprise cloud applications. The company has championed the SAML standard for single sign-on and promises customers an easy way to enable multi-factor authentication from devices to cloud applications. But it appears the company wasn't using multi-factor authentication for its own systems. OneLogin's CISO Alvaro Hoyos said a bug in its software caused Secure Notes to be "visible in our logging system prior to being encrypted and stored in our database." The firm later found out that an employees compromised credentials were used to access this logging system. The company has since fixed the bug on the same day it detected the bug. CSO adds that the firm "also implemented SAML-based authentication for its log management system and restricted access to a limited set of IP addresses."
Security

Hackers Stole Account Details for Over 60 Million Dropbox Users 66

The Dropbox hack is more severe than we expected. Motherboard has the details: Hackers have stolen over 60 million account details for online cloud storage platform Dropbox. Although the accounts were stolen during a previously disclosed breach, and Dropbox says it has already forced password resets, it was not known how many users had been affected, and only now is the true extent of the hack coming to light. Motherboard obtained a selection of files containing email addresses and hashed passwords for the Dropbox users through sources in the database trading community. In all, the four files total in at around 5GB, and contain details on 68,680,741 accounts. The data is legitimate, according to a senior Dropbox employee. Security expert Troy Hunt has corroborated on Motherboard's claims, and has updated Have I Been Pwned website where you can go and see if you're among one of the victims.
Databases

100 Arrested In New York Thanks To Better Face-Recognition Technology (arstechnica.com) 85

New York doubled the number of "measurement points" used by their facial recognitation technology this year, leading to 100 arrests for fraud and identity theft, plus another 900 open cases. An anonymous reader quotes a report from Ars Technica: In all, since New York implemented facial recognition technology in 2010, more than 14,000 people have been hampered trying to get multiple licenses. The newly upgraded system increases the measurement points of a driver's license picture from 64 to 128.

The DMV said this vastly improves its chances of matching new photographs with one already in a database of 16 million photos... "Facial recognition plays a critical role in keeping our communities safer by cracking down on individuals who break the law," Gov. Andrew M. Cuomo said in a statement. "New York is leading the nation with this technology, and the results from our use of this enhanced technology are proof positive that its use is vital in making our roads safer and holding fraudsters accountable."

At least 39 US states use some form of facial recognition software, and New York says their new system also "removes high-risk drivers from the road," stressing that new licenses will no longer be issued until a photo clears their database.

Slashdot Top Deals