Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
United States

New Illinois Law Limits Police Use Of Cellphone-Tracking Stingray (go.com) 19

An anonymous Slashdot reader quotes a report from ABC News: A new Illinois law limits how police can use devices that cast a wide net in gathering cellphone data... [Stingray] gathers phone-usage data on targets of criminal investigations, but it also gathers data on other cellphones -- hundreds or even thousands of them -- in the area. The new law requires police to delete the phone information of anyone who wasn't an investigation target within 24 hours. It also prohibits police from accessing data for use in an investigation not authorized by a judge.

A dozen other states have adopted such regulations, and Congress is considering legislation that would strengthen federal guidelines already in place... Privacy advocates worry that without limits on how much data can be gathered or how long it can be stored, law enforcement could use the technology to build databases that track the behavior and movement of people who are not part of criminal investigations.

Earlier this month a U.S. judge threw out evidence gathered with Stingray for the first time, saying that without a search warrant, "the government may not turn a citizen's cell phone into a tracking device." The ACLU has identified 66 agencies in 24 states using Stingray technology, "but because many agencies continue to shroud their purchase and use of stingrays in secrecy, this map dramatically underrepresents the actual use of stingrays by law enforcement agencies nationwide."
Privacy

Glassdoor Exposes 600,000 Email Addresses (siliconbeat.com) 59

A web site where users anonymously review their employer has exposed the e-mail addresses -- and in some cases the names -- of hundreds of thousands of users. An anonymous reader quotes an article from Silicon Beat: On Friday, the company sent out an email announcing that it had changed its terms of service. Instead of blindly copying email recipients on the message, the company pasted their addresses in the clear. Each message recipient was able to see the email addresses of 999 other Glassdoor users...

Ultimately, the messages exposed the addresses of more than 2 percent of the company's users... Last month, the company said it had some 30 million monthly active users, meaning that more than 600,000 were affected by the exposure... Although the company didnâ(TM)t directly disclose the names of its users, many of their names could be intuited from their email addresses. Some appeared to be in the format of "first name.last name" or "first initial plus last name."

A Glassdoor spokesperson said "We are extremely sorry for this error. We take the privacy of our users very seriously and we know this is not what is expected of us. It certainly isn't how we intend to operate."
United Kingdom

Yahoo Ordered to Show How It Recovered 'Deleted' Emails (pcmag.com) 48

An anonymous reader quotes a report from PC Magazine: Just what kind of email retentions powers does Yahoo have? According to a policy guide from the company, Yahoo cannot recover emails that have been deleted from a user's account -- simple as that. If the email is in a user's account, it's fair game, and Yahoo can even give law enforcement the IP address of whatever computer is being used to send said email.

Or, at least, that's what Yahoo has said. A magistrate judge from the Northern District of California has ordered Yahoo to produce documents, as well as a witness for deposition, related to the company's ability to recover seemingly deleted emails in a UK drug case... a UK defendant was convicted -- and is currently serving an extra 20-year prison sentence -- as part of a conspiracy to import drugs into the United Kingdom. He's currently appealing the conviction, in part because the means by which Yahoo recovered the emails in question allegedly violate British law.

The drug smugglers apparently communicated by creating a draft of an email, which was then available to others who logged into that same account.
Government

Homeland Security Border Agents Can Seize Your Phone (cnn.com) 234

Slashdot reader v3rgEz writes: A Wall Street Journal reporter has shared her experienced of having her phones forcefully taken at the border -- and how the Department of Homeland Security insists that your right to privacy does not exist when re-entering the United States. Indeed, she's not alone: Documents previously released under FOIA show that the DHS has a long-standing policy of warrantless (and even motiveless) seizures at the border, essentially removing any traveler's right to privacy.
"The female officer returned 30 minutes later and said I was free to go," according to the Journal's reporter, adding. "I have no idea why they wanted my phones..."
Republicans

Avast Suckers GOP Delegates Into Connecting To Insecure Wi-Fi Hotspots (theregister.co.uk) 107

Avast conned more than 1,200 people into connecting to fake wi-fi hotspots set up near the Republican convention and the Cleveland airport, using common network names like "Google Starbucks" and "Xfinitywifi" as well as "I vote Trump! free Internet". An anonymous reader quotes this report from The Register: With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting... Some 68.3 percent of users' identities were exposed when they connected, and 44.5 per cent of Wi-Fi users checked their emails or chatted via messenger apps... In its day-long experiment Avast saw more than 1.6Gbps transferred from more than 1,200 users.
Avast didn't store the data they collected, but they did report statistics on which sites were accessed most frequently. "5.1 percent played Pokemon Go, while 0.7 percent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup, and 0.24 percent visited pornography sites like Pornhub."
Security

Auto Industry Publishes Its First Set of Cybersecurity Best Practices (securityledger.com) 38

chicksdaddy quotes a report from Security Ledger: The Automotive industry's main group for coordinating policy on information security and "cyber" threats has published a "Best Practices" document, giving individual automakers guidance on implementing cybersecurity in their vehicles for the first time. The Automotive Information Sharing and Analysis Center (ISAC) released the Automotive Cybersecurity Best Practices document on July 21st, saying the guidelines are for auto manufacturers as well as their suppliers. The Best Practices cover organizational and technical aspects of vehicle cybersecurity, including governance, risk management, security by design, threat detection, incident response, training, and collaboration with appropriate third parties. Taken together, they move the auto industry closer to standards pioneered decades ago and embraced by companies like Microsoft. They call on automakers to design software to be secure from the ground up and to take a sober look at risks to connected vehicles as part of the design process. Automakers are urged to test for and respond to software vulnerabilities, to develop methods for assessing and fixing security vulnerabilities, to create training programs, promote cybersecurity awareness for both information technology and vehicle specific risks, and educate employees about security awareness. The document comes after a Kelly Blue Book survey that found that 62% of drivers think "connected cars will be hacked," and that 42% say they "want cars to be more connected."
Government

Edward Snowden At Comic-Con: 'I Live a Surprisingly Free Life' (theguardian.com) 51

An anonymous reader writes from a report via The Guardian: Director Oliver Stone talked to whistleblower Edward Snowden in front of an audience at a question and answer session on Thursday evening. He compared Snowden's anxiety over his own appearance in his Snowden biopic film "Snowden" to that of Donald Trump, who was cut from one of his films six years before. Snowden replied: "I'd like to avoid that association." At the event, Snowden did also shed some light on his personal life, years after his revelation of the NSA's secret surveillance of the American public's internet activity resulted in criminal charges under the Espionage Act that led to his exile in Russia. "I can confirm that I am not living in a box," Snowden said. "I actually live a surprisingly free life. This was not the most likely outcome. I didn't actually expect to make it out of Hawaii. I thought it was incredibly risky. I had a lot of advantages in doing what I did; I worked for the CIA on the human intelligence side, I worked for the NSA on the signals intelligence side, and I taught counterintelligence. This is not something that's covered that well in the media. I was about as well placed as anybody could be, and I still thought I was going to get rolled up at the airport and that there were going to be knocks on the doors of the journalists." When asked what he thought about Gordon-Levitt's performance in the film where he plays Edward Snowden, Snowden responded: "This is one of the things that's kind of crazy and surreal about this kind of experience: I don't think anybody looks forward to having a movie made about themselves, especially someone who is a privacy advocate. Some of my family members have said, 'He sounds just like you!' I can't hear it myself but if he can pass the family test he's doing all right." Snowden agreed to participate on the film because he thought it could raise awareness in ways his own advocacy could not. Snowden was also in the news recently for developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions.
Privacy

'The Hillary Leaks' - Wikileaks Releases 19,252 Previously Unseen DNC Emails (zerohedge.com) 446

Reader schwit1 writes: The state department's release of Hillary emails may be over, but that of Wikileaks is just starting. Moments ago, Julian Assange's whistleblower organization released over 19,000 emails and more than 8,000 attachments from the Democratic National Committee. This is part one of their new Hillary Leaks series, Wikileaks said in press release.:"Today, Friday 22 July 2016 at 10:30am EDT, WikiLeaks releases 19,252 emails and 8,034 attachments from the top of the US Democratic National Committee -- part one of our new Hillary Leaks series. The leaks come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda (10770 emails), National Finance Director Jordon Kaplan (3797 emails), Finance Chief of Staff Scott Comer (3095 emails), Finance Director of Data & Strategic Initiatives Daniel Parrish (1472 emails), Finance Director Allen Zachary (1611 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails). The emails cover the period from January last year until 25 May this year."
The emails released Friday cover a period from January 2015 to May 2016. They purportedly come from the accounts of seven key DNC staffers: Andrew Wright, Jordon Kaplan, Scott Comer, Luis Miranda, Robert Stowe, Daniel Parrish and Allen Zachary.

A quick scan of the emails focus on Bernie Sanders and dealing with the fallout of many Democrats opposing Hillary Clinton and calling the system "rigged." Many of the emails exchanged between top DNC officials are simply the text of news articles concerning how establishment democrats can "deal" with the insurgent left-winger.
Update: 07/22 17:41 GMT by M :Guccifer 2.0 has claimed responsibility for the leak.
Government

Texas Man Who Acted As Russian Agent Gets 10 Years' Prison (go.com) 82

An anonymous reader quotes a report from ABC News: A Texas man who acted as a secret agent for the Russian government and illegally exported cutting-edge military technology to Russia has been sentenced to 10 years in prison. Alexander Fishenko learned his punishment Thursday in federal court in New York. He pleaded guilty in September to crimes including acting as a Russian agent. The 50-year-old Fishenko is a U.S. and Russian citizen. He owned Houston-based Arc Electronics Inc. Prosecutors say he led a scheme that evaded strict export controls for micro-electronics commonly used in missile guidance systems, detonation triggers and radar systems. Prosecutors say his company shipped about $50 million worth of technologies to Russia between 2002 and 2012. In other Russian-related news, a Russian government-owned news site Sputnik has reported that the Kremlin is building a nuclear space bomber that should be flight-ready by 2020.
Printer

Police 3D-Printed A Murder Victim's Finger To Unlock His Phone (theverge.com) 97

An anonymous reader quotes a report from The Verge: Police in Michigan have a new tool for unlocking phones: 3D printing. According to a new report from Flash Forward creator Rose Eveleth, law enforcement officers approached professors at the University of Michigan earlier this year to reproduce a murder victim's fingerprint from a prerecorded scan. Once created, the 3D model would be used to create a false fingerprint, which could be used to unlock the phone. Because the investigation is ongoing, details are limited, and it's unclear whether the technique will be successful. Still, it's similar to techniques researchers have used in the past to re-create working fingerprint molds from scanned images, often in coordination with law enforcement. This may be the first confirmed case of police using the technique to unlock a phone in an active investigation. Apple has recently changed the way iOS manages fingerprint logins. You are now required to input an additional passcode if your phone hasn't been touched for eight hours and the passcode hasn't been entered in the past six days.
Microsoft

Microsoft Responds To Allegations That Windows 10 Collects 'Excessive Personal Data' (betanews.com) 144

BetaNews's Mark Wilson writes: Yesterday France's National Data Protection Commission (CNIL) slapped a formal order on Microsoft to comply with data protection laws after it found Windows 10 was collecting "excessive data" about users. The company has been given three months to meet the demands or it will face fines. Microsoft has now responded, saying it is happy to work with the CNIL to work towards an acceptable solution. Interestingly, while not denying the allegations set against it, the company does nothing to defend the amount of data collected by Windows 10, and also fails to address the privacy concerns it raises. Microsoft does address concerns about the transfer of data between Europe and the US, saying that while the Safe Harbor agreement is no longer valid, the company still complied with it up until the adoption of Privacy Shield. It's interesting to see that Microsoft, in response to a series of complaints very clearly leveled at Windows 10, manages to mention the operating system only once. There is the promise of a statement about privacy next week, but for now we have Microsoft's response to the CNIL's order.
Privacy

Edward Snowden's New Research Aims To Keep Smartphones From Betraying Their Owners (theintercept.com) 106

Smartphones become indispensable tools for journalists, human right workers, and activists in war-torn regions. But at the same time, as Intercept points out, they become especially potent tracking devices that can put users in mortal danger by leaking their location. To address the problem, NSA whistleblower Edward Snowden and hardware hacker Andrew "Bunnie" Huang have been developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. "We have to ensure that journalists can investigate and find the truth, even in areas where governments prefer they don't," Snowden told Intercept. "It's basically to make the phone work for you, how you want it, when you want it, but only when." Snowden and Huang presented their findings in a talk at MIT Media Lab's Forbidden Research event Thursday, and published a detailed paper. From the Intercept article: Snowden and Huang have been researching if it's possible to use a smartphone in such an offline manner without leaking its location, starting with the assumption that "a phone can and will be compromised." [...] The research is necessary in part because most common way to try and silence a phone's radio -- turning on airplane mode -- can't be relied on to squelch your phone's radio traffic. Fortunately, a smartphone can be made to lie about the state of its radios. The article adds: According to their post, the goal is to "provide field-ready tools that enable a reporter to observe and investigate the status of the phone's radios directly and independently of the phone's native hardware." In other words, they want to build an entirely separate tiny computer that users can attach to a smartphone to alert them if it's being dishonest about its radio emissions. Snowden and Haung are calling this device an "introspection engine" because it will inspect the inner-workings of the phone. The device will be contained inside a battery case, looking similar to a smartphone with an extra bulky battery, except with its own screen to update the user on the status of the radios. Plans are for the device to also be able to sound an audible alarm and possibly to also come equipped with a "kill switch" that can shut off power to the phone if any radio signals are detected.Wired has a detailed report on this, too.
Blackberry

BlackBerry CEO 'Disturbed' By Apple's Hard Line On Encryption (theinquirer.net) 198

An anonymous reader writes: BlackBerry CEO John Chen said he is "disturbed" by Apple's tough approach to encryption and user privacy, warning that the firm's attitude is harmful to society. Earlier this year, Chen said in response to Apple resisting the government's demands to unlock an iPhone belonging to one of the San Bernardino shooters: "We are indeed in a dark place when companies put their reputations above the greater good." During BlackBerry's Security Summit in New York this week, Chen made several more comments about Apple's stance on encryption. "One of our competitors, we call it 'the other fruit company,' has an attitude that it doesn't matter how much it might hurt society, they're not going to help," he said. "I found that disturbing as a citizen. I think BlackBerry, like any company, should have a basic civil responsibility. If the world is in danger, we should be able to help out." He did say there was a lot of "nonsense" being reported about BlackBerry and its approach to how it handles user information. "Of course, there need to be clear guidelines. The guidelines we've adopted require legal assets. A subpoena for certain data. But if you have the data, you should give it to them," he said. "There's some complete nonsense about what we can and can't do. People are mad at us that we let the government have the data. It's absolute garbage. We can't do that." Chen also warned that mandatory back doors aren't a good idea either, hinting at the impending Investigatory Powers Bill. "There's proposed legislation in the U.S., and I'm sure it will come to the EU, that every vendor needs to provide some form of a back door. That is not going to fly at all. It just isn't," he said.
Microsoft

France: Windows 10 Collects 'Excessive Personal Data', Issues Microsoft With Formal Warning (betanews.com) 112

France's National Data Protection Commission (CNIL) has ordered Microsoft to "stop collecting excessive data and tracking browsing by users without consent," adding that Microsoft must comply with the French Data Protection Act within next three months. BetaNews reports: In addition to this, the chair of CNIL has notified Microsoft that it needs to take "satisfactory measures to ensure the security and confidentiality of user data." The notice comes after numerous complaints about Windows 10, and a series of investigations by French authorities which revealed a number of failings on Microsoft's part. Microsoft is accused of not only gathering excessive data about users, but also irrelevant data. The CNIL points to Windows 10's telemetry service which gathers information about the apps users have installed and how long each is used for. The complaint is that "these data are not necessary for the operation of the service."
Firefox

Firefox To Block Non-Essential Flash Content In August 2016, Require Click-To-Activate In 2017 (mozilla.org) 156

Mozilla has announced that it plans to discontinue support for Flash in Firefox. Starting next month, Firefox will block Flash content "that is not essential to the user experience." Also, starting sometime in 2017, the browser will require click-to-activate approval from users before a website activates the Flash plugin for any content. In a blogpost, the company writes:Mozilla and the Web as a whole have been taking steps to reduce the need for Flash content in everyday browsing. Over the past few years, Firefox has implemented Web APIs to replace functionality that was formerly provided only by plugins. This includes audio/video playback and streaming capabilities, clipboard integration, fast 2D and 3D graphics, WebSocket networking, and microphone/camera access. As websites have switched from Flash to other web technologies, the plugin crash rate in Firefox has dropped significantly. [...] We continue to work closely with Adobe to deliver the best possible Flash experience for our users.
Security

Software Flaw Puts Mobile Phones and Networks At Risk Of Complete Takeover (arstechnica.com) 51

Dan Goodin, reporting for Ars Technica: A newly disclosed vulnerability could allow attackers to seize control of mobile phones and key parts of the world's telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks, security experts warned Tuesday. The bug resides in a code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones. Although exploiting the heap overflow vulnerability would require great skill and resources, attackers who managed to succeed would have the ability to execute malicious code on virtually all of those devices. The code library was developed by Pennsylvania-based Objective Systems and is used to implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One."The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources," researchers who discovered the flaw wrote in an advisory published Monday evening. "These may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network."
Facebook

Facebook Messenger Hits 1B Monthly Active Users, Accounts For 10 Percent Of All VoIP Calls (techcrunch.com) 55

Speaking of instant messaging and VoIP call apps, Facebook announced on Wednesday that Facebook Messenger has hit the 1 billion monthly active users milestone. The company adds that Messenger is just more than a text messenger -- in addition to the ambitious bot gamble, a digital assistant, and the ability to send money to friends -- Messenger now accounts for 10 percent of all VoIP calls made globally. Messenger's tremendous growth also underscores Facebook's mammoth capture of the world. The social network is used by more than 1.6 billion people actively every month. WhatsApp, the chat client it owns, is also used by more than one billion people.

TechCrunch has a brilliant story on the growth of Messenger from the scratch.
Microsoft

Skype Finalizes Its Move To the Cloud; To Kill Older Clients -- Remains Tight Lipped About Privacy (arstechnica.com) 74

When it was first created, Skype network was built as a decentralized peer-to-peer system. PCs that had enough processing muscle and bandwidth acted as "supernodes," and coordinated connections between other machines on the network. This p2p system was generally perceived as being relatively private, a belief that has since been debunked. There were several technical challenges, which led Microsoft to move most of Skype's operations to the cloud. Ars Technica is reporting that the company has finalized the switch. From the article: Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients -- in particular, those integrated into smart TVs and available for the PlayStation 3 -- are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds: The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype's traditionally peer-to-peer infrastructure. Accordingly, we've seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype's peer-to-peer system can only raise suspicions here.Matthew Green, who teaches cryptography at Johns Hopkins, said: "The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won't just admit it."
EU

UK 'Emergency' Bulk Data Slurp Permissible In Pursuit Of 'Serious Crime' (theregister.co.uk) 48

An anonymous reader writes: Bulk collection of data from phone calls and emails by carriers acting under government orders could be permissible in the pursuit of 'serious crime'. That's the preliminary ruling in a case brought by Brexit chief minister David Davis against PM Theresa May before the European Union's highest court. The ruling suggests bulk collection and retention of customer data might not be in breach of the EU Charter of Fundamental Rights -- if it's done legally and with safeguards. Davis with Labour Party deputy leader Tom Watson and others brought their case to the European Court of Justice in February.
Privacy

A Google Maps Glitch Turned This Korean Fishing Town Into a 'Pokemon Go' Haven (vice.com) 80

Madison Margolin, reporting for Motherboard: A glitch in Google Maps has turned the small fishing town of Sokcho, South Korea, into a Pokemon Go tourist haven. The globally popular mobile game hasn't launched yet in South Korea, but that hasn't stopped clever gamers from finding a way to play it anyways. The city of Sokcho is taking full advantage of it, according to this video by the Wall Street Journal. Because of Cold War era laws preventing North Korea from obtaining maps of the country, the use of Google Maps is restricted in South Korea, the WSJ reports. However, a fluke in the system allows it to work in Sokcho, in the northeast corner of the country, just outside the DMZ (demilitarized zone) between North and South Korea. Sokcho is outside the range of indexing grids that Pokemon Go developers used for mapping restrictions of South Korea and other countries.

Slashdot Top Deals