Medicine

U.S. Passes 'Right to Try' Law Allowing Experimental Medical Treatments (chicagotribune.com) 13

schwit1 shared this article from the Washington Post: The House on Tuesday passed "right to try" legislation that would allow people with life-threatening illnesses to bypass the Food and Drug Administration to obtain experimental medications, ending a drawn-out battle over access to unapproved therapies. President Trump is expected to quickly sign the measure, which was praised by supporters as a lifeline for desperate patients but denounced by scores of medical and consumer groups as unnecessary and dangerous...

The FDA would be largely left out of the equation under the new legislation and would not oversee the right-to-try process. Drug manufacturers would have to report "adverse events" -- safety problems, including premature deaths -- only once a year. The agency also would be restricted in how it used such information when considering the experimental treatments for approval. Patients would be eligible for right-to-try if they had a "life-threatening illness" and had exhausted all available treatment options. The medication itself must have completed early-stage safety testing, called Phase 1 trials, and be in active development with the goal of FDA approval.

One Congressman opposing the bill argued that eliminating FDA oversight would "provide fly-by-night physicians and clinics the opportunity to peddle false hope and ineffective drugs to desperate patients," noting that the bill is opposed by over 100 patient advocacy and consumer groups.
Cloud

Microsoft Wins A Big Cloud Deal With America's Intelligence Community (spokesman.com) 20

wyattstorch516 shared this story from the AP: Microsoft Corp. said it's secured a lucrative cloud deal with the intelligence community that marks a rapid expansion by the software giant into a market led by Amazon.com Inc. The deal, which the company said Wednesday is worth hundreds of millions of dollars, allows 17 intelligence agencies and offices to use Microsoft's Azure Government, a cloud service tailored for federal and local governments, in addition to other products Microsoft already offers, such as its Windows 10 operating system and word processing programs.

The cloud agreement gives Microsoft more power to make its case to the Pentagon as it goes up against competitors like International Business Machines Corp., Oracle Corp. and Amazon for the agency's winner-take-all cloud computing contract for up to 10 years.

That contract is expected to be worth billions of dollars, according to the article, adding that "the Defense Department has said it intends to move the department's technology needs -- 3.4 million users and 4 million devices -- to the cloud to give it a tactical edge on the battlefield and strengthen its use of emerging technologies."

One Microsoft executive said this week's deal reinforces "the fact that we are a solid cloud platform that the federal government can put their trust in."
The Courts

Tesla Agrees To Settle Class Action Over Autopilot Billed As 'Safer' (reuters.com) 56

An anonymous reader quotes a report from Reuters: Tesla on Thursday reached an agreement to settle a class action lawsuit with buyers of its Model S and Model X cars who alleged that the company's assisted-driving Autopilot system was "essentially unusable and demonstrably dangerous." The lawsuit said Tesla misrepresented on its website that the cars came with capabilities designed to make highway driving "safer." The Tesla owners said they paid an extra $5,000 to have their cars equipped with the Autopilot software with additional safety features such as automated emergency braking and side collision warning. The features were "completely inoperable," according to the complaint. Under the proposed agreement, class members, who paid to get the Autopilot upgrade between 2016 and 2017, will receive between $20 and $280 in compensation. Tesla has agreed to place more than $5 million into a settlement fund, which will also cover attorney fees.
Wireless Networking

FBI Tells Router Users To Reboot Now To Kill Malware Infecting 500,000 Devices (arstechnica.com) 73

The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices. Ars Technica reports: Researchers from Cisco's Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot. Later in the day, The Daily Beast reported that VPNFilter was indeed developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm. The Daily Beast also said the FBI had seized an Internet domain VPNFilter used as a backup means to deliver later stages of the malware to devices that were already infected with the initial stage 1. The seizure meant that the primary and secondary means to deliver stages 2 and 3 had been dismantled, leaving only a third fallback, which relied on attackers sending special packets to each infected device.

The redundant mechanisms for delivering the later stages address a fundamental shortcoming in VPNFilter -- stages 2 and 3 can't survive a reboot, meaning they are wiped clean as soon as a device is restarted. Instead, only stage 1 remains. Presumably, once an infected device reboots, stage 1 will cause it to reach out to the recently seized ToKnowAll.com address. The FBI's advice to reboot small office and home office routers and NAS devices capitalizes on this limitation. In a statement published Friday, FBI officials suggested that users of all consumer-grade routers, not just those known to be vulnerable to VPNFilter, protect themselves.
The Justice Department and U.S. Department of Homeland Security have also issued statements advising users to reboot their routers as soon as possible.
Privacy

Zimbabwe is Introducing a Mass Facial Recognition Project With Chinese AI Firm CloudWalk (qz.com) 32

An anonymous reader shares a report: In March, the Zimbabwean government signed a strategic partnership with the Gunagzhou-based startup CloudWalk Technology to begin a large-scale facial recognition program throughout the country. The agreement, backed by the Chinese government's Belt and Road initiative, will see the technology primarily used in security and law enforcement and will likely be expanded to other public programs.

[...] Zimbabwe may be giving away valuable data as Chinese AI technologists stand to benefit from access to a database of millions of Zimbabwean faces Harare will share with CloudWalk. [...] CloudWalk has already recalibrated its existing technology through three-dimensional light technology in order to recognize darker skin tones. In order to recognize other characteristics that may differ from China's population, CloudWalk is also developing a system that recognizes different hairstyles and body shapes, another representative explained to the Global Times.

Government

Apple Will Report Government Requests To Remove Apps From the App Store (theverge.com) 14

In its bi-annual transparency report today, Apple said that it will soon start reporting government requests to take down apps from the App Store. These requests will relate to alleged legal and/or policy provision violations, Apple says. The Verge reports: These numbers will tell us just how often governments are trying to block access to certain apps, and how many of those orders are actually obeyed. Google doesn't yet report these numbers specifically for the Play Store. As for takedown requests over the last year, governments around the world sent requests for information on 29,718 devices. Data was provided in 79 percent of cases. Governments also requested information on 3,358 Apple accounts, and data was provided in 82 percent of cases.
Businesses

US Reaches Deal To Keep Chinese Telecom ZTE in Business (reuters.com) 95

The Trump administration told lawmakers the U.S. government has reached a deal to put Chinese telecommunications company ZTE Corp back in business, a senior congressional aide said on Friday. From a report: The deal, communicated to officials on Capitol Hill by the Commerce Department, requires ZTE to pay a substantial fine, place U.S. compliance officers at the company and change its management team, the aide said. The Commerce Department would then lift an order preventing ZTE from buying U.S. products.

ZTE was banned in April from buying U.S. technology components for seven years for breaking an agreement reached after it violated U.S. sanctions against Iran and North Korea. The Commerce Department decision would allow it to resume business with U.S. companies, including chipmaker Qualcomm Inc.

Facebook

Facebook Accused of Conducting Mass Surveillance Through Its Apps (theguardian.com) 91

A court case in California alleges that Facebook used its apps to gather information about users and their friends, including some who had not signed up to the social network, reading their text messages, tracking their locations and accessing photos on their phones. The Guardian reports: The claims of what would amount to mass surveillance are part of a lawsuit brought against the company by the former startup Six4Three, listed in legal documents filed at the superior court in San Mateo as part of a court case that has been ongoing for more than two years. The allegations about surveillance appear in a January filing, the fifth amended complaint made by Six4Three. It alleges that Facebook used a range of methods, some adapted to the different phones that users carried, to collect information it could use for commercial purposes.

"Facebook continued to explore and implement ways to track users' location, to track and read their texts, to access and record their microphones on their phones, to track and monitor their usage of competitive apps on their phones, and to track and monitor their calls," one court document says. But all details about the mass surveillance scheme have been redacted on Facebook's request in Six4Three's most recent filings. Facebook claims these are confidential business matters. It has until next Tuesday to submit a claim to the court for the documents to remain sealed from public view.

The Courts

Samsung Must Pay Apple $539 Million For Infringing iPhone Design Patents, Jury Finds (cnet.com) 141

Samsung must pay Apple $539 million for infringing five patents with Android phones it sold in 2010 and 2011, a jury has found in a legal fight that dates back seven years. "The unanimous decision, in the U.S. District Court in San Jose in the heart of Silicon Valley, is just about halfway between what the two largest mobile phone makers had sought in a high-profile case that reaches back to 2011," reports CNET. From the report: The bulk of the damages payment, $533,316,606, was for infringing three Apple design patents. The remaining $5,325,050 was for infringing two utility patents. Samsung already had been found to infringe the patents, but this trial determined some of the damages. The jury's rationale isn't clear, but the figure is high enough to help cement the importance of design patents in the tech industry. Even though they only describe cosmetic elements of a product, they clearly can have a lot of value.

Samsung showed its displeasure and indicated the fight isn't over. "Today's decision flies in the face of a unanimous Supreme Court ruling in favor of Samsung on the scope of design patent damages. We will consider all options to obtain an outcome that does not hinder creativity and fair competition for all companies and consumers," Samsung said.

China

First Cuba, Now China? A Worker In US Embassy In China Experienced 'Abnormal' Sounds, Brain Damage (reuters.com) 155

amxcoder writes: An American citizen working at a U.S. consulate located in the Chinese city of Guangzhou has reported experiencing "abnormal" sounds (and pressures) for the past several months, starting in late 2017 until April of 2018. Upon medical evaluation, the worker has been diagnosed with mild traumatic brain injury symptoms. The U.S. embassy is conducting an investigation into the issue, and is issuing warnings to all U.S. citizens in China. The symptoms and several other similarities has drawn comparison to a similar event last year in a different U.S. embassy in Cuba. Officials can not link the two events together at this point, but the U.S. State Department is working with Chinese authorities to investigate the issue further. As a result of the Cuba acoustic "attacks," the U.S. government in October expelled 15 Cuban diplomats from the U.S. for what it said was Cuba's failure to protect staff at the U.S. embassy in Havana. Staff there reported symptoms including hearing loss, dizziness, fatigue, and cognitive issues. Canadian personnel also reported similar health symptoms.
Bug

T-Mobile Bug Let Anyone See Any Customer's Account Details (zdnet.com) 39

An anonymous reader writes: A bug in T-Mobile's website let anyone access the personal account details of any customer with just their cell phone number, ZDNet reported Thursday. The flaw, since fixed, could have been exploited by anyone who knew where to look -- a little-known T-Mobile subdomain that staff use as a customer care portal to access the company's internal tools. The subdomain -- promotool.t-mobile.com, which can be easily found on search engines -- contained a hidden API that would return T-Mobile customer data simply by adding the customer's cell phone number to the end of the web address.

Although the API is understood to be used by T-Mobile staff to look up account details, it wasn't protected with a password and could be easily used by anyone. The returned data included a customer's full name, postal address, billing account number, and in some cases information about tax identification numbers. The data also included customers' account information, such as if a bill is past-due or if the customer had their service suspended.

Privacy

Woman Says Alexa Device Recorded Her Private Conversation and Sent It To Random Contact; Amazon Confirms the Incident (kiro7.com) 269

Gary Horcher, reporting for KIRO7: A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa -- the voice-controlled smart speaker -- and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family's contact list. "My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who did not want us to use her last name. Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system. But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. "The person on the other line said, 'unplug your Alexa devices right now,'" she said. '"You're being hacked.'" That person was one of her husband's employees, calling from Seattle. "We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'" Danielle listened to the conversation when it was sent back to her, and she couldn't believe someone 176 miles away heard it too. In a statement, an Amazon spokesperson said, "Amazon takes privacy very seriously. We investigated what happened and determined this was an extremely rare occurrence. We are taking steps to avoid this from happening in the future."

Further reading: Amazon Admits Its AI Alexa is Creepily Laughing at People.
Network

Pornhub Launches VPNhub, Its Own Virtual Private Network App (venturebeat.com) 68

"Adult entertainment" giant Pornhub is entering the busy virtual private network (VPN) space with the launch of its very own VPN service. From a report: Dubbed VPNhub, the new service is available for free via native apps on Android, iOS, MacOS, and Windows, though there is a premium subscription available that gets rid of the ads and promises faster speeds. In the U.S., this will cost between $12 and $14 per month, depending on the platform. VPNhub promises unlimited bandwidth, even on the free service, which is key given that Pornhub's core selling point is bandwidth-intensive video, while it offers around 1,000 servers across 15 countries. And it promises that it logs no user data.
Government

Trump Cancels Singapore Summit With North Korean Leader Kim Jong Un (cnbc.com) 495

President Donald Trump has cancelled his much anticipated meeting with North Korean leader Kim Jong Un that was scheduled to take place in Singapore on June 12, he announced moments ago. In a letter to Kim, the president said; "I was very much looking forward to being there with you. Sadly, based on the tremendous anger an open hostility displayed in your most recent statement, I feel it is inappropriate, at this time to have this long-planned meeting. Therefore, please let this letter to serve to represent that the Singapore summit, for the good of both parties, but to the detriment of the world, will not take place." He added, "You talk about your nuclear capabilities, but ours are so massive and powerful that I pray to God they will never have to be used."
Crime

Gamers Involved In Fatal Wichita 'Swatting' Indicted On Federal Charges (kansas.com) 423

bricko shares a report from Kansas: A federal grand jury has indicted the man accused in Wichita's fatal swatting as well as the two gamers involved in the video game dispute that prompted the false emergency call. The 29-page indictment was unsealed Wednesday in U.S. District Court for the District of Kansas. It charges 25-year-old Tyler Barriss, who is facing state court charges including involuntary manslaughter, with false information and hoaxes, cyberstalking, threatening to kill another or damage property by fire, interstate threats, conspiracy and several counts of wire fraud, according to federal court records. One of the gamers -- 18-year-old Casey S. Viner of North College Hill, Ohio -- is charged with several counts of wire fraud, conspiracy, obstruction of justice and conspiracy to obstruct justice. The other gamer -- 19-year-old Shane M. Gaskill of Wichita -- is charged with several counts of obstruction of justice, wire fraud and conspiracy to obstruct justice.
Space

Ariane Chief Seems Frustrated With SpaceX For Driving Down Launch Costs (arstechnica.com) 163

schwit1 shares a report from Ars Technica: Like United Launch Alliance, the [France-based] Ariane Group faces pricing pressure from SpaceX, which offers launch prices as low as $62 million for its Falcon 9 rocket. It has specifically developed the Ariane 6 rocket to compete with the Falcon 9 booster. But there are a couple of problems with this. Despite efforts to cut costs, the two variants of the Ariane 6 will still cost at least 25 percent more than SpaceX's present-day prices. Moreover, the Ariane 6 will not fly until 2020 at the earliest, by which time Falcon 9 could offer significantly cheaper prices on used Falcon 9 boosters if it needed to. (The Ariane 6 rocket is entirely expendable). With this background in mind, the chief executive of Ariane Group, Alain Charmeau, gave an interview to the German publication Der Spiegel. The interview was published in German, but a credible translation can be found here. During the interview, Charmeau expressed frustration with SpaceX and attributed its success to subsidized launches for the U.S. government.

When pressed on the price pressure that SpaceX has introduced into the launch market, Charmeau's central argument is that this has only been possible because, "SpaceX is charging the U.S. government 100 million dollar per launch, but launches for European customers are much cheaper." Essentially, he says, launches for the U.S. military and NASA are subsidizing SpaceX's commercial launch business. However, the pay-for-service prices that SpaceX offers to the U.S. Department of Defense for spy satellites and cargo and crew launches for NASA are below those of what other launch companies charge. And while $100 million or more for a military launch is significantly higher than a $62 million commercial launch, government contracts come with extra restrictions, reviews, and requirements that drive up this price.

Botnet

FBI Seizes Control of Russian Botnet (thedailybeast.com) 174

The Daily Beast reports that the FBI has seized control of a key server in the Kremlin's global botnet of 500,000 hacked routers. "The move positions the bureau to build a comprehensive list of victims of the attack, and short-circuits Moscow's ability to reinfect its targets," writes Kevin Poulsen. From the report: The FBI counter-operation goes after "VPN Filter," a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim's Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The Courts

ACLU Sues ICE For License Plate Reader Contracts, Records (sfgate.com) 83

An anonymous reader quotes a report from SFGate: The American Civil Liberties Union on Wednesday sued U.S. Immigration and Customs Enforcement for records about the agency's use of license plate reader technology, after ICE apparently failed to turn over records following multiple requests. In December, ICE purchased access to two databases of ALPR data, the complaint reads. One of those databases is managed by Vigilant Solutions, which has contracts with more than two dozen Bay Area law enforcement agencies. "We believe the other is managed by Thomson Reuters," ACLU laywer Vasudha Talla said. The ACLU and other privacy advocates have expressed concern about how this data will be stored and used for civil immigration enforcement. The ACLU filed two requests under the Freedom of Information Act in March seeking records from ICE, including contracts, memos, associated communications, training materials and audit logs. Since then, ICE has not provided any records, the ACLU said in the complaint, which was filed Tuesday morning in the Northern District Court for the Northern District of California. "The excessive collection and storing of this data in databases -- which is then pooled and shared nationally -- results in a systemic monitoring that chills the exercise of constitutional rights to free speech and association, as well as essential tasks such as driving to work, picking children up from school, and grocery shopping," the complaint said. "We have essentially two concerns: one that is general to ALPR databases, and one that's specific to this situation with ICE," Talla said. "The ACLU has done a lot of work around surveillance technology and ALPR, and we're generally concerned about the aggregation of all this data about license plates paired with a time and location, stretching back for so many months and years."
Piracy

Singapore ISPs Block 53 Pirate Sites Following MPAA Legal Action (torrentfreak.com) 45

53 piracy websites, including The Pirate Bay and KickassTorrents, have been blocked in Singapore following the most sweeping action taken by copyright holders in the country in more than a decade. From a report: A new wave of blocks announced this week are the country's most significant so far, with dozens of 'pirate' sites targeted following a successful application by the MPAA earlier this year. [...] "In Singapore, these sites are responsible for a major portion of copyright infringement of films and television shows," an MPAA spokesman told The Straits Times. "This action by rights ïowners is necessary to protectï the creative industry, enabling creators to create and keep their jobs, protect their works, and ensure the continued provision of high-quality content to audienceïsï."
Facebook

Facebook Asks British Users To Submit Their Nudes as Protection Against Revenge Porn (betanews.com) 299

Mark Wilson writes: Following on from a trial in Australia, Facebook is rolling out anti-revenge porn measures to the UK. In order that it can protect British users from failing victim to revenge porn, the social network is asking them to send in naked photos of themselves. The basic premise of the idea is: send us nudes, and we'll stop others from seeing them .

Slashdot Top Deals