An anonymous reader shares a Reuters report: Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found. Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems. But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code -- instructions that control the basic operations of computer equipment -- current and former U.S. officials and security experts said. [...] In addition to IBM, Cisco and Germany's SAP, Hewlett Packard Enterprise Co and McAfee have also allowed Russia to conduct source code reviews of their products, according to people familiar with the companies' interactions with Moscow and Russian regulatory records.
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's now on IFTTT. Check it out! Check out the new SourceForge HTML5 Internet speed test! ×
Google will soon stop scanning emails received by some Gmail users, a practice that has allowed it to show them targeted advertising but which stirred privacy worries. From a report: The decision didn't come from Google's ad team, but from its cloud unit, which is angling to sign up more corporate customers. Alphabet's Google Cloud sells a package of office software, called G Suite, that competes with market leader Microsoft. Paying Gmail users never received the email-scanning ads like the free version of the program, but some business customers were confused by the distinction and its privacy implications, said Diane Greene, Google's senior vice president of cloud. "What we're going to do is make it unambiguous," she said. Ads will continue to appear inside the free version of Gmail, as promoted messages. But instead of scanning a user's email, the ads will now be targeted with other personal information Google already pulls from sources such as search and YouTube.
Mark Wilson, writing for BetaNews: Google has updated its search policies without any sort of fanfare. The search engine now "may remove" -- in addition to existing categories of information -- "confidential, personal medical records of private people" from search results. That such information was not already obscured from search results may well come as something of a surprise to many people. The change has been confirmed by Google, although the company has not issued any form of announcement about it.
Abstract of a study: The Chinese government has long been suspected of hiring as many as 2,000,000 people to surreptitiously insert huge numbers of pseudonymous and other deceptive writings into the stream of real social media posts, as if they were the genuine opinions of ordinary people. Many academics, and most journalists and activists, claim that these so-called "50c party" posts vociferously argue for the government's side in political and policy debates. As we show, this is also true of the vast majority of posts openly accused on social media of being 50c. Yet, almost no systematic empirical evidence exists for this claim, or, more importantly, for the Chinese regime's strategic objective in pursuing this activity. In the first large scale empirical analysis of this operation, we show how to identify the secretive authors of these posts, the posts written by them, and their content. We estimate that the government fabricates and posts about 448 million social media comments a year. In contrast to prior claims, we show that the Chinese regime's strategy is to avoid arguing with skeptics of the party and the government, and to not even discuss controversial issues. From a CNET article, titled, Chinese media told to 'shut down' talk that makes country look bad: Being an internet business in China appears to be getting tougher. Chinese broadcasters, including social media platform Weibo, streamer Acfun and media company Ifeng were told to shut down all audio and visual content that cast the country or its government in bad light, China's State Administration of Press, Publication, Radio, Film and Television posted on its website on Thursday, saying they violate local regulations. "[The service providers] broadcast large amounts of programmes that don't comply with national rules and propagate negative discussions about public affairs. [The agency] has notified all relevant authorities and ... will take measures to shut down these programmes and rectify the situation," reads the statement.
An anonymous reader quotes a report from Ars Technica: A regulation from the Obama administration that would have allowed foreign-born entrepreneurs who raise investor cash to build their startups in the U.S. won't be allowed to go into effect. The Department of Homeland Security will file an official notice to delay the International Entrepreneur Rule for eight months. The intention is to eliminate the rule entirely, according to sources briefed on the matter who spoke to The Wall Street Journal. The decision isn't final, and a DHS spokesperson told the WSJ that the department "cannot speculate" on the outcome of the review. The International Entrepreneur Rule, signed by former President Obama days before he left office in January, doesn't offer a visa but rather a type of "parole" that would allow immigrants to stay in the U.S. temporarily as long as they meet certain requirements. In order to qualify, a foreign entrepreneur has to raise at least $250,000 from well-known U.S. investors. The rule grants a stay in the U.S. of 30 months, which can be extended for an additional 30 months. Founders can't apply for a green card during that time. DHS has estimated about 3,000 entrepreneurs would qualify under the rule.
per unit analyzer writes: According to Consumerist, an attorney has filed a class-action lawsuit charging Home Depot (PDF) and Menards (PDF) with deceptive advertising practices by selling "lumber products that were falsely advertised and labeled as having product dimensions that were not the actual dimensions of the products sold." Now granted, this may be news to the novice DIYer, but overall most folks who are purchasing lumber at home improvement stores know that the so-called trade sizes don't match the actual dimensions of the lumber. Do retailers need to educate naive consumers about every aspect of the items they sell? (Especially industry quirks such as this...) Furthermore, as the article notes, it's hard to see how the plaintiffs have been damaged when these building materials are compatible with the construction of the purchaser's existing buildings. i.e., An "actual" 2x4 would not fit in a wall previously built with standard 2x4s -- selling the something as advertised would actually cause the purchaser more trouble in many cases.
An anonymous reader quotes a report from Motherboard: In one of the biggest wins for the right to repair movement yet, the U.S. Copyright Office suggested Thursday that the U.S. government should take actions to make it legal to repair anything you own, forever -- even if it requires hacking into the product's software. Manufacturers -- including John Deere, Ford, various printer companies, and a host of consumer electronics companies -- have argued that it should be illegal to bypass the software locks that they put into their products, claiming that such circumvention violated copyright law. Thursday, the U.S. Copyright Office said it's tired of having to deal with the same issues every three years; it should be legal to repair the things you buy -- everything you buy -- forever. "The growing demand for relief under section 1201 has coincided with a general understanding that bona fide repair and maintenance activities are typically non infringing," the report stated. "Repair activities are often protected from infringement claims by multiple copyright law provisions." "The Office recommends against limiting an exemption to specific technologies or devices, such as motor vehicles, as any statutory language would likely be soon outpaced by technology," it continued.
The FCC on Thursday proposed a $120 million fine on a Florida resident alleged to have made almost 100 million spoofed robocalls to trick consumers with "exclusive" vacation deals from well-known travel and hospitality companies. Reuters reports: The man, identified as Adrian Abramovich, allegedly made 96 million robocalls during a three-month period by falsifying caller identification information that matched the local area code and the first three digits of recipient's phone number, the FCC said. The calls, which were in violation of the U.S. telecommunications laws, offered vacation deals from companies such as Marriott International Inc, Expedia Inc, Hilton Inc and TripAdvisor Inc. Consumers who answered the calls were transferred to foreign call centers that tried to sell vacation packages, often involving timeshares. These call centers were not related to the companies, the FCC said.
In a Wednesday filing with a California court, Alphabet said a former self-driving executive Anthony Levandowski hatched a plan with Uber to steal more than 14,000 proprietary documents, including designs for the sensors that help the car see its surroundings. CNET reports: Alphabet says Uber's former CEO, Travis Kalanick, knew about the files but told Levandowski to destroy them. Uber has argued that it did not encourage or condone Levandowski taking any files from Waymo or bringing them to Uber, and has noted that his employment agreement affirmed he wouldn't do that. The litigation between Alphabet and Uber has been reported as a primary reason Kalanick was forced to resign as Uber's CEO Tuesday.
An anonymous reader quotes a report from Ars Technica: A tiny Internet service provider has sued Comcast, alleging that the cable giant and its hired contractors cut the smaller company's wires in order to take over its customer base. Telecom Cable LLC had "229 satisfied customers" in Weston Lakes and Corrigan, Texas when Comcast and its contractors sabotaged its network, the lawsuit filed last week in Harris County District Court said. Comcast had tried to buy Telecom Cable's Weston Lakes operations in 2013 "but refused to pay what they were worth," the complaint says. Starting in June 2015, Comcast and two contractors it hired "systematically destroyed Telecom's business by cutting its lines and running off its customers," the lawsuit says. Comcast destroyed or damaged the lines serving all Telecom Cable customers in Weston Lakes and never repaired them, the lawsuit claims. Telecom Cable owner Anthony Luna estimated the value of his business at about $1.8 million, which he is seeking to recover. He is also seeking other damages from Comcast and its contractors, including exemplary damages that under state statute could "amount to a maximum of twice the amount of economic damages, plus up to $750,000 of non-economic damages," the complaint says. CourtHouse News Service has a story about the lawsuit, and it posted a copy of the complaint.
From a report: During the past month, both Google and Mozilla developers have added support in their respective browsers for "headless mode," a mechanism that allows browsers to run silently in the OS background and with no visible GUI. [...] While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware. In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user's knowledge. The adware won't need to include or download any extra tools and could use locally installed software to perform most of its malicious actions. In the past, there have been quite a few adware families that used headless browsers to perform clickfraud. Martijn Grooten, an editor at Virus Bulletin, also pointed Bleeping Computer to a report where miscreants had abused PhantomJS, a headless browser, to post forum spam. The addition of headless mode in Chrome and Firefox will most likely provide adware devs with a new method of performing surreptitious ad clicks.
Reader Daetrin writes: Robert E. Murray, CEO of one of the largest coal mining companies in the US, is suing John Oliver, HBO, and Time Warner for defamation (alternative source) over a comedic report on the status of the coal industry in John Oliver's "Last Week Tonight". The report began with the decline of the coal mining industry, Trump's promises to revive it, and the plight of the workers involved, but was also highly critical of the business practices and safety record of Murray Energy Corporation and Robert Murray's leadership of the company. When the company was contacted about the piece before airing they responded with a cease and desist letter and threatened to sue. John Oliver continued with the segment anyway, saying "I didn't really plan for so much of this piece to be about you, but you kinda forced my hand on that one."
An anonymous reader quotes a report from the BBC: Microsoft has admitted that it does temporarily disable anti-virus software on Windows PCs, following an competition complaint to the European Commission by a security company. In early June, Kaspersky Lab filed the complaint against Microsoft. The security company claims the software giant is abusing its market dominance by steering users to its own anti-virus software. Microsoft says it implemented defenses to keep Windows 10 users secure. In an extensive blog post that does not directly address Kaspersky or its claims, Microsoft says it bundles the Windows Defender Antivirus with Windows 10 to ensure that every single device is protected from viruses and malware. To combat the 300,000 new malware samples being created and spread every day, Microsoft says that it works together with external anti-virus partners. The technology giant estimates that about 95% of Windows 10 PCs were using anti-virus software that was already compatible with the latest Windows 10 Creators Update. For the applications that were not compatible, Microsoft built a feature that lets users update their PCs and then reinstall a new version of the anti-virus software. "To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating," writes Rob Lefferts, a partner director of the Windows and Devices group in enterprise and security at Microsoft.
An anonymous reader quotes a report from The Hacker News: The National Security Agency (NSA) -- the United States intelligence agency which is known for its secrecy and working in the dark -- has finally joined GitHub and launched an official GitHub page. GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP), while some of these are "coming soon." "The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace," the agency wrote on the program's page. "OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community's enhancements to the technology." Many of the projects the agency listed are years old that have been available on the Internet for some time. For example, SELinux (Security-Enhanced Linux) has been part of the Linux kernel for years.
Futurepower(R) writes: What is the best way to isolate a network from the internet and prevent intrusion of malware, while allowing carefully examined data transfer from internet-facing computers? An example of complete network isolation could be that each user would have two computers with a KVM switch and a monitor and keyboard, or two monitors and two keyboards. An internet-facing computer could run a very secure version of Linux. Any data to be transferred to that user's computer on the network would perhaps go through several Raspberry Pi computers running Linux; the computers could each use a different method of checking for malware. Windows computers on the isolated network could be updated using Autopatcher, so that there would never be a direct connection with the internet. Why not use virtualization? Virtualization does not provide enough separation; there is the possibility of vulnerabilities. Do you have any ideas about improving the example above?
Hyperloop Transportation Technologies (HTT) has partnered with the South Korean government and local universities to build the world's first full-scale Hyperloop system. "The agreement was actually signed back in January but only revealed this week, and sees HTT team up with the South Korean government's department of technological innovation and infrastructure, along with the Korea Institute of Civil Engineering and Building (KICT) and Hanyang University," reports New Atlas. From the report: It involves the construction of a full-scale testbed, licensing of HTT's vacuum tube, levitation, propulsion and battery technologies along with the co-development of safety standards and regulations. The agreement is a multi-year partnership intended to build a new transportation system for South Korea, one which will be known as the HyperTube Express and carry passengers between Seoul and Busan in under 20 minutes, compared to the current three-hour drive. HTT may be setting out to build the world's first Hyperloop but it is no guarantee, with fellow startups Arrivo and Hyperloop One also moving full-steam ahead with their plans. The latter in particular seems to be making solid progress, recently showing off a full-scale test track in Nevada and forming agreements with Russia, Finland and Dubai to explore the feasibility of a Hyperloop in those countries. It's too early to tell who will be first out of the gate, but the competition is certainly heating up.
Facial recognition systems will be coming to U.S. airports in the very near future. "Customs and Border Protection first started testing facial recognition systems at Dulles Airport in 2015, then expanded the tests to New York's JFK Airport last year," reports The Verge. "Now, a new project is poised to bring those same systems to every international airport in America." From the report: Called Biometric Exit, the project would use facial matching systems to identify every visa holder as they leave the country. Passengers would have their photos taken immediately before boarding, to be matched with the passport-style photos provided with the visa application. If there's no match in the system, it could be evidence that the visitor entered the country illegally. The system is currently being tested on a single flight from Atlanta to Tokyo, but after being expedited by the Trump administration, it's expected to expand to more airports this summer, eventually rolling out to every international flight and border crossing in the U.S. U.S. Customs and Border Protection's Larry Panetta, who took over the airport portion of the project in February, explained the advantages of facial recognition at the Border Security Expo last week. "Facial recognition is the path forward we're working on," Panetta said at the conference. "We currently have everyone's photo, so we don't need to do any sort of enrollment. We have access to the Department of State records so we have photos of U.S. Citizens, we have visa photos, we have photos of people when they cross into the U.S. and their biometrics are captured into [DHS biometric database] IDENT."
An anonymous reader quotes a report from Ars Technica: A proposed law in California would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing history. The California Broadband Internet Privacy Act, a bill introduced by Assembly member Ed Chau (D-Monterey Park) on Monday, is very similar to an Obama-era privacy rule that was scheduled to take effect across the US until President Trump and the Republican-controlled Congress eliminated it. If Chau's bill becomes law, ISPs in California would have to get subscribers' opt-in consent before using browsing history and other sensitive information in order to serve personalized advertisements. Consumers would have the right to revoke their consent at any time. The opt-in requirement in Chau's bill would apply to "Web browsing history, application usage history, content of communications, and origin and destination Internet Protocol (IP) addresses of all traffic." The requirement would also apply to geolocation data, IP addresses, financial and health information, information pertaining to minors, names and billing information, Social Security numbers, demographic information, and personal details such as physical addresses, e-mail addresses, and phone numbers.
New submitter evolutionary writes: According to F-Secure's Chief Research Officer "IoT is unavoidable. If it uses electricity, it will become a computer. If it uses electricity, it will be online. In future, you will only buy IoT appliances, whether you like it or not, whether you know it or not." F-Secure's new product to help mitigate data leakage, "Sense", is a IoT Firewall, combining a traditional firewall with a cloud service and uses concepts including behaviour-based blocking and device reputation to figure out whether you have insecure devices.
New submitter threc shares a report from MIT Technology Review: The tech world descended on Washington, D.C. yesterday to attend a tech summit at the White House. According to MIT Technology Review associate editor Jamie Condliffe: "Trump suggested he might relax his stance on immigration as a way to get tech leaders to help his cause. 'You can get the people you want,' he told the assembled CEOs. That sweetener may be a response to a very vocal backlash in the tech world against the administration's recent travel bans. Trump may hope that his business-friendly stance will offer enough allure: if tech giants scratch his back, he may later deign to scratch theirs." The report continues: "'Our goal is to lead a sweeping transformation of the federal government's technology that will deliver dramatically better services for citizens,' said Trump at the start of his meeting with the CEOs, according to the Washington Post. 'We're embracing big change, bold thinking, and outsider perspectives.' The headline announcement from the event was Trump's promise to overhaul creaking government computing infrastructure. According to Jared Kushner, the president's son-in-law and advisor, there's much to be done: federal agencies have over 6,000 data centers that could be consolidated, for instance, while the 10 oldest networks in use by the government are all at least 39 years old. The upgrade, said Trump, could save the country $1 trillion over the next 10 years."