Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Feds Charge 61 People In Indian-Based IRS Phone Scam Case ( 57

BUL2294 writes: Following the arrests earlier this month in India of call center employees posing as IRS or immigration agents, USA Today and Consumerist are reporting that the U.S. Department of Justice has charged 61 people in the U.S. and India of facilitating the scam, bilking millions from Americans thinking they were facing immediate arrest and prosecution. "According to the indictment (PDF) -- which covers 20 individuals in the U.S. and 32 people and five call centers in India -- since about 2012 the defendants used information obtained from data brokers and other sources to call potential victims impersonating officers from the IRS or U.S. Citizenship and Immigration Services," reports Consumerist. The report adds: "To give the calls an air of authenticity, the organization was able to 'spoof' phone numbers, making the calls appear to have really come from a federal agency. The callers would then allegedly threaten potential victims with arrest, imprisonment, fines, or deportation if they did not pay supposed taxes or penalties to the government. In instances when the victims agreed to pay, the DOJ claims that the call centers would instruct them to go to banks or ATMs to withdraw money, use the funds to purchase prepaid stored value cards from retail stores, and then provide the unique serial number to the caller. At this point, the operations U.S.-based counterparts would use the serial numbers to transfer the funds to prepaid reloadable cards. The cards would then be used to purchase money orders that were transferred into U.S. bank accounts of individuals or businesses. To make matters worse, the indictment claims that the prepaid debit cards were often registered using personal information of thousands of identity theft victims, and the wire transfers were directed by the organizations using fake names and fraudulent identifications. The operation would then use 'hawalas' -- a system in which money is transferred internationally outside of the formal banking system -- to direct the pilfered funds to accounts belonging to U.S.-based individuals.

Lawsuit Seeks To Block New York Ban On 'Ballot Selfies' ( 152

You have have the right to vote, but should you have the right to take a selfie at a ballot? According to ABC News, a federal lawsuit is challenging a New York state law that makes it a misdemeanor to show a marked election ballot to others: The lawsuit filed late Wednesday in Manhattan federal court seeks to have the law banning so-called "ballot selfies" declared unconstitutional. The lawsuit says publishing a voted ballot on social media can be a powerful form of political expression. It says that someone claiming they voted without photographic proof reduces the credibility of the individual. Attorney Leo Glickman, who filed the suit on behalf of three voters, says the lawsuit is consistent with claims made in Michigan, Indiana and New Hampshire, where similar laws have been struck down. In a separate report, Mother Jones' Kevin Drum explained the reasoning behind why a law against "ballot selfies" would exist in the first place: Just for the record, then, there is a reason for selfie bans in voting booths: it prevents vote buying. After all, the only way it makes sense to pay people for their votes is if you have proof that they voted the way you told them to. Back in the day that was no problem, but ever since secret ballots became the norm vote buying has died out. Selfies change all that. If I give you ten bucks to vote for my favorite candidate for mayor, I can withhold payment until you show me a selfie proving that you voted for my guy.

Oracle Will Officially Appeal Its 'Fair Use' Loss Against Google ( 61

An anonymous reader quotes a report from Ars Technica: The massive Oracle v. Google litigation has entered a new phase, as Oracle filed papers (PDF) yesterday saying it will appeal its loss on "fair use" grounds to the U.S. Court of Appeals for the Federal Circuit. For a brief recap of the case: after Oracle purchased Sun Microsystems and acquired the rights to Java, it sued Google in 2010, saying that Google infringed copyrights and patents related to Java. The case went to trial in 2012. Oracle initially lost but had part of its case revived on appeal. The sole issue in the second trial was whether Google infringed the APIs in Java, which the appeals court held are copyrighted. In May, a jury found in Google's favor after a second trial, stating that Google's use of the APIs was protected by "fair use." Oracle's appeal is no surprise, but it will be a long shot. The four-factor "fair use" test is a fairly subjective one, and Oracle lawyers will have to argue that the jury's unanimous finding must be overturned. There are various ways a jury could arrive at the conclusion that Google was protected by fair use. The case will go back to the Federal Circuit, the same appeals court that decided APIs could be copyrighted in the first place. That decision overruled U.S. District Judge William Alsup, the lower court judge, and was extremely controversial in the developer community. However, the same decision that insisted APIs can be copyrighted clearly held the door open to the idea that "fair use" might apply. Unless Oracle pulls off a stunning move on appeal, its massive legal expenditures in this case will be for naught.

FCC Imposes ISP Privacy Rules and Takes Aim At Mandatory Arbitration ( 45

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission today imposed new privacy rules on Internet service providers, and the Commission said it has begun working on rules that could limit the use of mandatory arbitration clauses in the contracts customers sign with ISPs. The new privacy rules require ISPs to get opt-in consent from consumers before sharing Web browsing data and other private information with advertisers and other third parties. The rules apply both to home Internet service providers like Comcast and mobile data carriers like Verizon Wireless. The commission's Democratic majority ensured the rules' passage in a 3-2 vote, with Republicans dissenting. Democratic Commissioner Mignon Clyburn was disappointed that the rules passed today did not include any action on mandatory arbitration clauses that prevent consumers from suing ISPs. But Chairman Tom Wheeler said that issue will be addressed in a separate rule-making. In the case of privacy rules, the FCC passed the NPRM in March and the final rules today. Clyburn argued that the FCC could have imposed mandatory arbitration restrictions today, because the privacy NPRM sought public comment about whether to ban mandatory arbitration. Under the FCC rules, ISPs that want to share consumer data with third parties such as advertisers must obtain opt-in consent for the most sensitive information and give customers the ability to opt out of sharing less sensitive information. Here's how the FCC describes the new opt-in and opt-out requirements: "Opt-in: ISPs are required to obtain affirmative 'opt-in' consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children's information, Social Security numbers, Web browsing history, app usage history, and the content of communications. Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer 'opts-out.' All other individually identifiable customer information -- for example, e-mail address or service tier information -- would be considered non-sensitive, and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations. Exceptions to consent requirements: Customer consent is inferred for certain purposes specified in the statute, including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent is required beyond the creation of the customer-ISP relationship." ISPs must clearly notify customers about the types of information they collect, specify how they use and share the information, and identify the types of entities they share the information with.

Hotel CEO Openly Celebrates Higher Prices After Anti-Airbnb Law Passes ( 270

An anonymous reader quotes a report from Washington Post: A hotel executive said a recently-passed New York law cracking down on Airbnb hosts will enable the company to raise prices for New York City hotel rooms, according to the transcript of the executive's words on a call with shareholders last week. The law, signed by New York's Governor Andrew Cuomo on Friday, slaps anyone who lists their apartment on a short-term rental site with a fine up to $7,500. It "should be a big boost in the arm for the business," Mike Barnello, chief executive of the hotel chain LaSalle Hotel Properties, said of the law last Thursday, "certainly in terms of the pricing." Barnello's comment adds fuel the argument, made repeatedly by Airbnb and its proponents, that a law that was passed in the name of affordable housing also allows established hotels to raises prices for consumers. It was included in a memo written by Airbnb's head of global policy, Chris Lehane, to the Internet Association, a tech trade group, reviewed by the Washington Post. LaSalle, a Bethesda, MD-based chain, owns hotels around the country, including New York City. The memo is the latest volley in a bitter fight that has pit the hotel industry, unions, and affordable housing advocates against Airbnb and its supporters. At the heart of the fight is a debate over the societal value of the Airbnb platform and its role in the economy of cities throughout the world. The question is whether Airbnb has been a net benefit, by enabling middle class city-dwellers to make extra money by renting out their homes, or whether it has had the unintended consequence of exacerbating affordable housing crises in expensive cities such as New York and Los Angeles.

How Vigilante Hackers Could Stop the Internet of Things Botnet ( 61

An anonymous reader quotes a report from Motherboard: Some have put forth a perhaps desperate -- and certainly illegal -- solution to stop massive internet outages, like the one on Friday, from happening: Have white-hat vigilante hackers take over the insecure Internet of Things that the Mirai malware targets and take them away from the criminals. Several hackers and security researchers agree that taking over the zombies in the Mirai botnet would be relatively easy. After all, if the "bad guys" Mirai can do it, a "good guys" Mirai -- perhaps even controlled by the FBI -- could do the same. The biggest technical hurdle to this plan, as F-Secure chief research officer Mikko Hypponen put it, is that once it infects a device, Mirai "closes the barn door behind it." Mirai spreads by scanning the internet for devices that have the old-fashioned remote access telnet protocol enabled and have easy to guess passwords such as "123456" or "passwords." Then, once it infects them, it disables telnet access, theoretically stopping others from doing the same. The good news is that the code that controls this function actually doesn't at times work very well, according to Darren Martyn, a security researcher who has been analyzing the malware and who said he's seen some infected devices that still have telnet enabled and thus can be hacked again. Also, Mirai disappears once an infected device is rebooted, which likely happens often as owners of infected cameras and DVRs try to fix their devices that suddenly have their bandwidth saturated. The bad news is that the Mirai spreads so fast that a rebooted, clean, device gets re-infected in five minutes, according to the estimates of researchers who've been tracking the botnets. So a vigilante hacker has a small window before the bad guys come back. The other problem is what a do-gooder hacker could do once they took over the botnet. The options are: brick the devices, making them completely unusable; change the default passwords, locking out even their legitimate owners; or try to fix their firmware to make them more resistant to future hack attempts, and also still perfectly functioning. The real challenge of this whole scenario, however, is that despite being for good, this is still illegal. "No one has any real motivation to do so. Anyone with the desire to do so, is probably afraid of the potential jail time. Anyone not afraid of the potential jail time...can think of better uses for the devices," Martyn told Motherboard, referring to criminals who can monetize the Mirai botnet.

Canadian Police Are Texting Potential Murder Witnesses ( 116

On Thursday, the Ontario Provincial Police (OPP) will send text messages to anybody who was in the vicinity of a murder in the hopes that one of them will have information that can help catch the culprit. One of the recipients may even be the killer. Others may wonder how the police obtained their phone number in the first place, or knew where they were on the day in question. From a Motherboard report: The OPP is ramping up its efforts to find the murderer of 65-year-old hitchhiker John Hatch, who was found dead near Erin, Ontario, on December 17, 2015. He was last seen alive the day before, outside Ottawa. Now, the OPP has announced what it's describing as a "new investigative technique" for the force: obtaining the phone numbers of everyone who was in the area where and when Hatch was last seen alive, via a court order, and sending each person a text message directing them to a police website. If they follow those instructions, they'll be asked a series of online questions. According to digital privacy lawyer David Fraser, this technique is known as a "tower dump" -- essentially asking telecom companies for information about everyone who connected to a certain cellphone tower, at a given time. If the police plan on using this technique again, its future uses could have unintended effects, Frasier said.

Comcast Sues Nashville To Halt Rules That Give Google Fiber Faster Access To Utility Poles ( 93

An anonymous reader quotes a report from Ars Technica: Comcast yesterday sued the Nashville metro government and mayor to stop a new ordinance designed to give Google Fiber faster access to utility poles. Comcast's complaint in U.S. District Court in Nashville (full text) is similar to one already filed by AT&T last month. Both ISPs are trying to invalidate a One Touch Make Ready ordinance that lets new ISPs make all of the necessary wire adjustments on utility poles themselves instead of having to wait for incumbent providers like AT&T and Comcast to send work crews to move their own wires. The ordinance was passed largely to benefit Google Fiber, which is offering service in Nashville but says that it hasn't been able to deploy faster because it is waiting to get access to thousands of poles. Nearly all the Nashville utility poles are owned either by the municipal Nashville Electric Service or AT&T. Because Comcast has wires on many of the poles, it has some control over how quickly Google Fiber can expand its network. When Google Fiber wants to attach wires to a new pole, it needs to wait for ISPs like Comcast to move their wires to make room for Google Fiber's. The Nashville One Touch Make Ready ordinance "permits third parties to move, alter, or rearrange components of Comcast's communications network attached to utility poles without Comcast's consent, authorization, or oversight, and with far less notice than is required by federal law and by an existing Comcast contract with Metro Nashville," Comcast's complaint said. Comcast asked the court to declare the ordinance invalid and permanently enjoin Nashville from enforcing it. The pre-existing Make Ready process "seek[s] to ensure that all providers can share available pole space cooperatively and safely, without interfering with or damaging any provider's equipment or services," Comcast said. The new procedures mandated by Nashville "are so intrusive that, tellingly, Metro Nashville has wholly exempted its own utility pole attachments from the Ordinance's coverage." Even though Google Fiber announced yesterday that it will pause operations and cut 9% of its staff, the ISP said it would continue operations in Nashville.

Dyn DNS DDoS Likely The Work of Script Kiddies, Says FlashPoint ( 82

While nobody knows exactly who was responsible for the internet outrage last Friday, business risk intelligence firm FlashPoint released a preliminary analysis of the attack agains Dyn DNS, and found that it was likely the work of "script kiddies" or amateur hackers -- as opposed to state-sponsored actors. TechCrunch reports: Aside from suspicion falling on Russia, various entities have also claimed or implied responsibility for the attack, including a hacking group called the New World Hackers and -- bizarrely -- WikiLeaks, which put a (perhaps joke) tweet suggesting some of its supporters might be involved. FlashPoint dubs these claims "dubious" and "likely to be false," and instead comes down on the side of the script kidding theory. Its reasoning is based on a few factors, including a detail it unearthed during its investigation of the attack: namely that the infrastructure used in the attack also targeted a well-known video game company. The attack on Dyn DNS was powered in part by a botnet of hacked DVRs and webcams known as Mirai. The source code for the malware that controls this botnet was put on Github earlier this month. And FlashPoint also notes that the hacker who released Mirai is known to frequent a hacking forum called hackforums[.]net. That circumstantial evidence points to a link between the attack and users and readers of the English-language hacking community, with FlashPoint also noting the forum has been known to target video games companies. It says it has "moderate confidence" about this theory. The firm also argues that the attacks do not seem to have been financially or politically motivated -- given the broad scope of the targets, and the lack of any attempts to extort money. Which just leaves the most likely being motivation to show off skills and disrupt stuff. Aka, script kiddies.

Repeat Infringers Can Be Mere Downloaders, Court Rules ( 115

A 10-year-old copyright case has prompted an interesting opinion from a US appeals court. In determining the nature of a "repeat infringer" (which service providers must terminate to retain safe harbor), the court found these could be people who simply download infringing content for personal use. The case was filed by recording labels EMI and Capitol against the since long defunct music service MP3Tunes nearly a decade ago. The site allowed, among other things, the ability to store MP3 files and then play it remotely on other devices. The site also allowed users to search for MP3 files online and add them to MP3Tunes service. This is what the recording labels had a problem with, and they sued the site and the owner. TorrentFreak adds: The case went to appeal and yesterday the 2nd Circuit Court of Appeals handed down an opinion that should attract the attention of service providers and Internet users alike. The most interesting points from a wider perspective cover the parameters which define so-called 'repeat infringers.' [...] Noting that the District Court in the MP3Tunes case had also defined a 'repeat infringer' as a user who posts or uploads infringing content "to the Internet for the world to experience or copy", the Court of Appeals adds that the same court determined that a mere downloader of infringing content could not be defined as a repeat infringer "that internet services providers are obligated to ban from their websites." According to the Court of Appeal, that definition was too narrow. "We reject this definition of a 'repeat infringer,' which finds no support in the text, structure, or legislative history of the DMCA. Starting with the text, we note that the DMCA does not itself define 'repeat infringers'," the opinion reads. Noting that 'repeat' means to do something "again or repeatedly" while an 'infringer' is "[s]omeone who interferes with one of the exclusive rights of a copyright," the Court of Appeals goes on to broaden the scope significantly. [...] The notion that the term 'repeat infringer' can now be applied to anyone who knowingly (or unknowingly) downloads infringing content on multiple occasions is likely to set pulses racing. How it will play out in practical real-world scenarios will remain to be seen, but it's certainly food for thought.

Russia Unveils 'Satan 2' Missile Powerful Enough To 'Wipe Out UK, France Or Texas' ( 1004

An anonymous reader quotes a report from The Telegraph: Russia has released the first image of its new nuclear missile, a weapon so powerful that it could wipe out nearly all of the United Kingdom or France. The RS-28 Sarmat thermonuclear-armed ballistic missile was commissioned in 2011 and is expected to come into service in 2018. The first images of the massive missile were declassified on Sunday and have now been published for the first time. It has been dubbed "Satan 2," as it will replace the RS-36M, the 1970s-era weapon referred to by Nato as the Satan missile. Sputnik, the Russian government-controlled news agency, reported in May that the missile could destroy an area "the size of Texas or France." Russian media report that the missile will weigh up to 10 tons with the capacity to carry up to 10 tons of nuclear cargo. With that type of payload, it could deliver a blast some 2,000 times more powerful than the bombs dropped on Hiroshima and Nagasaki. Russia reportedly tested a hypersonic warhead in April that is apparently intended for use on the Satan 2 missiles. The warhead is designed to be impossible to intercept because it does not move on a set trajectory.

Scientists Create AI Program That Can Predict Human Rights Trials With 79 Percent Accuracy ( 82

An anonymous reader quotes a report from The Verge: Computer scientists have created an AI program capable of predicting the outcome of human rights trials. The program was trained on data from nearly 600 cases brought before the European Court of Human Rights (ECHR), and was able to predict the court's final judgement with 79 percent accuracy. Its creators say it could be useful in identifying common patterns in court cases, but stress that they do not believe AI will be able to replace human judgement. As described in a study published in the journal PeerJ Computer Science, the AI program worked by analyzing descriptions of court cases submitted to the ECHR. These descriptions included summaries of legal arguments, a brief case history, and an outline of the relevant legislation. The cases were grouped into three main violations of human rights law, including the prohibition on torture and degrading treatment; the right to a fair trial; and the right to "respect for private and family life." (Used in a wide range of cases including illegal searches and surveillance.) The AI program then looked for patterns in this data, correlating the courts' final judgements with, for example, the type of evidence submitted, and the exact part of the European Convention on Human Rights the case was alleged to violate. Aletras says a number of patterns emerged. For example, cases concerning detention conditions (eg access to food, legal support, etc.) were more likely to end in a positive judgement that an individual's human rights had been violated; while cases involving sentencing issues (i.e., how long someone had been imprisoned) were more likely to end in acquittal. The researchers also found that the judgements of the court were more dependent on the facts of the case itself (that is to say, its history and its particulars) than the legal arguments (i.e., how exactly the Convention on Human Rights had or had not been violated).

Yahoo Scanning Order Unlikely To Be Made Public: Reuters ( 58

An anonymous reader quotes a report from Reuters: Obama administration officials briefed key congressional staffers last week about a secret court order to Yahoo that prompted it to search all users' incoming emails for a still undisclosed digital signature, but they remain reluctant to discuss the unusual case with a broader audience. Executive branch officials spoke to staff for members of the Senate and House of Representatives committees overseeing intelligence operations and the judiciary, according to people briefed on the events, which followed Reuters' disclosure of the massive search. But attempts by other members of Congress and civil society groups to learn more about the Yahoo order are unlikely to meet with success anytime soon, because its details remain a sensitive national security matter, U.S. officials told Reuters. Release of any declassified version of the order is unlikely in the foreseeable future, the officials said. The decision to keep details of the order secret comes amid mounting pressure on the U.S. government to be more transparent about its data-collection activities ahead of a congressional deadline next year to reauthorize some foreign intelligence authorities. On Tuesday, more than 30 advocacy groups will send a letter to Director of National Intelligence James Clapper asking for declassification of the Yahoo order that led to the search of emails last year in pursuit of data matching a specific digital symbol. The groups say that Title I of the Foreign Intelligence Surveillance Act, under which sources said the order was issued, requires a finding that the target of such a wiretap is probably an agent of a foreign power and that the facility to be tapped is probably going to be used for a transmission. An entire service, such as Yahoo, has never publicly been considered to be a "facility" in such a case: instead, the word usually refers to a phone number or an email account.

Largest Auto-Scandal Settlement In US History: Judge Approves $15 Billion Volkswagen Settlement ( 116

A federal just has approved the largest auto-scandal settlement in U.S. history, a $14.7 billion settlement concerning Volkswagen Group's diesel car emissions scandal. USA Today reports: U.S. District Court Judge Charles Breyer in San Francisco approved the sweeping agreement between consumers, the government, California regulators and the German automaker in a written ruling a week after signaling he was likely to sign off. He said the agreement is "fair, reasonable and adequate." The settlement comes about a year after Volkswagen admitted that it rigged 11 million vehicles worldwide with software designed to dodge emissions standards. The company is still facing criminal investigations by the U.S. Justice Department and German prosecutors. The U.S. probe could lead to additional financial penalties and criminal indictments. About 475,000 Volkswagen owners in the U.S. can choose between a buyback or a free fix and compensation, if a repair becomes available. VW will begin administering the settlement immediately, having already devoted several hundred employees to handling the process. Buybacks range in value from $12,475 to $44,176, including restitution payments, and varying based on milage. People who opt for a fix approved by the Environmental Protection Agency will receive payouts ranging from $5,100 to $9,852, depending on the book value of their car. Volkswagen will also pay $2.7 billion for environmental mitigation and another $2 billion for clean-emissions infrastructure.

Warner Bros Claims Agency Ran Its Own Pirate Movie Site ( 23

Warner Bros Entertainment has sued talent agency Innovative Artists, claiming that the agency ran its own pirate site when it ripped DVD screeners and streamed them to associates via Google servers. TorrentFreak adds: In a lawsuit filed in a California federal court, Warner accuses the agency of effectively setting up its own pirate site, stocked with rips of DVD screeners that should have been kept secure. "Beginning in late 2015, Innovative Artists set up and operated an illegal digital distribution platform that copied movies and then distributed copies and streamed public performances of those movies to numerous people inside and outside of the agency," the complaint reads. "Innovative Artists stocked its platform with copies of Plaintiff's works, including copies that Innovative Artists made by ripping awards consideration 'screener' DVDs that Plaintiff sent to the agency to deliver to one of its clients." Given its position in the industry, Innovative Artists should have known better than to upload content, Warner's lawyers write.

The Phone Hackers At Cellebrite Have Had Their Firmware Leaked Online ( 29

An anonymous reader quotes a report from Motherboard: Cellebrite, an Israeli company that specializes in digital forensics, has dominated the market in helping law enforcement access mobile phones. But one apparent reseller of the company's products is publicly distributing copies of Cellebrite firmware and software for anyone to download. Although Cellebrite keeps it most sensitive capabilities in-house, the leak may still give researchers, or competitors, a chance to figure out how Cellebrite breaks into and analyzes phones by reverse-engineering the files. The apparent reseller distributing the files is McSira Professional Solutions, which, according to its website, "is pleased to serve police, military and security agencies in the E.U. And [sic] in other parts of the world." McSira is hosting software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED), hardware that investigators can use to bypass the security mechanisms of phones, and then extract data from them. McSira allows anyone to download firmware for the UFED Touch, and a PC version called UFED 4PC. It is also hosting pieces of Cellebrite forensic software, such as the UFED Cloud Analyzer. This allows investigators to further scrutinize seized data. McSira is likely offering downloads so customers can update their hardware to the latest version with as little fuss as possible. But it may be possible for researchers to take those files, reverse-engineer them, and gain insight into how Cellebrite's tools work. That may include what sort of exploits Cellebrite uses to bypass the security mechanisms of mobile phones, and weaknesses in the implementation of consumer phones that could be fixed, according to one researcher who has started to examine the files, but was not authorised by his employer to speak to the press about this issue.

Snapchat, Skype Put Users' 'Human Rights at Risk', Amnesty Int'l Reports ( 46

Shanika Gunaratna, writing for CBS News: Snapchat and Skype are falling short in protecting users' privacy -- a failure that puts users' "human rights at risk," according to a report by the organization Amnesty International. Snapchat and Skype received dismal grades in a new set of rankings released by Amnesty that specifically evaluate how popular messaging apps use encryption to protect users' private communications. In the report, Amnesty is trying to elevate encryption as a human rights necessity, due to concerns that activists, opposition politicians and journalists in some countries could be put in grave danger if their communications on popular messaging apps were compromised. "Activists around the world rely on encryption to protect themselves from spying by authorities, and it is unacceptable for technology companies to expose them to danger by failing to adequately respond to the human rights risks," Sherif Elsayed-Ali, head of Amnesty's technology and human rights team, said in a statement. "The future of privacy and free speech online depends to a very large extent on whether tech companies provide services that protect our communications, or serve them up on a plate for prying eyes."Microsoft's Skype received 40 out of 100. WhatsApp fared at 73, and Apple scored 67 out of 100 for its iMessage and FaceTime apps. BlackBerry, Snapchat, and China's Tencent did 30 out of 100.

AT&T Is Spying on Americans For Profit, New Documents Reveal ( 158

AT&T has been secretly spying on its own customers, the Daily Beast reports. The revelation comes days after the top carrier announced plans to purchase Time Warner. The report claims that AT&T ran a program called Project Hemisphere through which it analyzed cellular data from the company's call records to determine where a given individual is located and with whom they are speaking. The New York Times reported about the program's existence in 2013, but it was described as a "partnership" between A&T and the government for fighting narcotics trafficking. But today's report, which cites several classifed documents, claims that AT&T used Hemisphere for a range of other functions -- and always without a warrant. From the report:Hemisphere is a secretive program run by AT&T that searches trillions of call records and analyzes cellular data to determine where a target is located, with whom he speaks, and potentially why. [...] Hemisphere isn't a "partnership" but rather a product AT&T developed, marketed, and sold at a cost of millions of dollars per year to taxpayers. No warrant is required to make use of the company's massive trove of data, according to AT&T documents, only a promise from law enforcement to not disclose Hemisphere if an investigation using it becomes public. These new revelations come as the company seeks to acquire Time Warner in the face of vocal opposition saying the deal would be bad for consumers. While telecommunications companies are legally obligated to hand over records, AT&T appears to have gone much further to make the enterprise profitable, according to ACLU technology policy analyst Christopher Soghoian. "Companies have to give this data to law enforcement upon request, if they have it. AT&T doesn't have to data-mine its database to help police come up with new numbers to investigate," Soghoian said. AT&T has a unique power to extract information from its metadata because it retains so much of it. The company owns more than three-quarters of U.S. landline switches, and the second largest share of the nation's wireless infrastructure and cellphone towers, behind Verizon. AT&T retains its cell tower data going back to July 2008, longer than other providers. Verizon holds records for a year and Sprint for 18 months, according to a 2011 retention schedule obtained by The Daily Beast.

Rowhammer Attack Can Now Root Android Devices ( 100

An anonymous reader writes from a report via Softpedia: Researchers have discovered a method to use the Rowhammer RAM attack for rooting Android devices. For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack. The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable. The research team says the Drammer attack has far more wide-reaching implications than just Android, being able to exploit any device running on ARM chips. In the past, researchers have tested the Rowhammer attack against DDR3 and DDR4 memory cards, weaponized it via JavaScript, took over PCs via Microsoft Edge, and hijacked Linux virtual machines. There's an app to test if your phone is vulnerable to this attack. "Rowhammer is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access," according to Wikipedia. "This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times."

Alibaba Founder To Chinese Government: Use Big Data To Stop Criminals ( 46

An anonymous reader quotes a report from Bloomberg: Chinese billionaire Jack Ma proposed that the nation's top security bureau use big data to prevent crime, endorsing the country's nascent effort to build unparalleled online surveillance of its billion-plus people. China's data capabilities are virtually unrivaled among its global peers, and policing cannot happen without the ability to analyze information on its citizens, the co-founder of Alibaba Group Holding Ltd. said in a speech published Saturday by the agency that polices crime and runs the courts. Ma's stance resonates with that of China's ruling body, which is establishing a system to collect and parse information on citizens in a country where minimal safeguards exist for privacy. "Bad guys in a movie are identifiable at first glance, but how can the ones in real life be found?" Ma said in his speech, which was posted on the official WeChat account of the Commission for Political and Legal Affairs. "In the age of big data, we need to remember that our legal and security system with millions of members will also face change." In his speech, Ma stuck mainly to the issue of crime prevention. In Alibaba's hometown of Hangzhou alone, the number of surveillance cameras may already surpass that of New York's, Ma said. Humans can't handle the sheer amount of data amassed, which is where artificial intelligence comes in, he added. "The future legal and security system cannot be separated from the internet and big data," Ma said. Ma's speech also highlights the delicate relationship between Chinese web companies and the government. The ruling party has designated internet industry leaders as key targets for outreach, with President Xi Jinping saying in May last year that technology leaders should "demonstrate positive energy in purifying cyberspace."

Slashdot Top Deals