DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Piracy

Hacker Leaks 'Orange Is the New Black' Episodes After Failing To Extort Netflix (bleepingcomputer.com)

An anonymous reader writes: "A hacker (or hacker group) known as The Dark Overlord (TDO) has leaked the first ten episodes of season 5 of the "Orange Is The New Black" show after two failed blackmail attempts, against Larson Studios and Netflix," reports BleepingComputer. The hacker said he stole hundreds of gigabytes of audio files from Larson Studios last December. "TDO claims the studio initially agreed to pay a ransom of 50 Bitcoin ($67,000) by January 31, and the two parties even signed a contract, albeit TDO signed it using the name 'Adolf Hitler.'" This might have been the reason why the company thought this was a joke and didn't pay the ransom as initially agreed.

At this point, the hacker turned from the studio to Netflix, but the company didn't want to pay either. As a warning, the hacker leaked the first episode of season 5, but half a day later, he leaked 9 more. "According to Netflix's website, season 5 is supposed to have 13 episodes and is scheduled for release in June, this year." The hacker also claims he's in possession of shows and movies from other movie studios and television channels, such as FOX, IFC, NAT GEO, and ABC. Some of the titles include "Celebrity Apprentice," "NCIS Los Angeles," "New Girl," and "XXX The return of Xander Cage".

Privacy

Massive Tinder Photo Scrape Has Users Upset (techcrunch.com) 20

Images of Tinder users "were swept up in a massive grab of some 40,000 photos from the dating app by a dataset collector who plans to use the selfies in artificial intelligence training," writes Slashdot reader Frosty Piss, sharing this summary of a report in TechCrunch. Tinder said in a statement that the photo sweeper "violated the terms of our service" and "we are taking appropriate action and investigating further." The creator of the data set, Stuart Colianni, has released it under a CC0: Public Domain License and also uploaded his scraper script to GitHub.

He describes it as a "simple script to scrape Tinder profile photos for the purpose of creating a facial dataset," saying his inspiration for creating the scraper was disappointment working with other facial data sets. He also describes Tinder as offering "near unlimited access to create a facial data set," and says scraping the app offers "an extremely efficient way to collect such data."

The article notes that Tinder's API has already been used for other "weird, wacky, and creepy" projects, including "hacking it to automatically like every potential date to save on thumb-swipes; offering a paid look-up service for people to check up on whether a person they know is using Tinder; and even building a catfishing system to snare horny bros and make them unwittingly flirt with each other.

"So you could argue that anyone creating a profile on Tinder should be prepared for their data to leech outside the community's porous walls in various different ways -- be it as a single screenshot, or via one of the aforementioned API hacks. But the mass harvesting of thousands of Tinder profile photos to act as fodder for feeding AI models does feel like another line is being crossed."
Privacy

How To Delete Your Data From Google's 'My Activity' (vortex.com) 25

Last summer Google revealed personalized data dashboards for every Google account, letting users edit (or delete) items from their search history as well as their viewing history on YouTube. Now Slashdot reader Lauren Weinstein writes: Since posting "The Google Page That Google Haters Don't Want You to Know About" last week, I've received a bunch of messages from readers asking for help using Google's "My Activity" page to control, inspect, and/or delete their data on Google. The My Activity portal is quite comprehensive and can be used in many different ways, but to get you started I'll briefly outline how to use My Activity to delete activity data.
CNET points out you can also access the slightly-creepier "Google Maps location history" by clicking the menu icon in the upper left corner and selecting "Other Google activity." But Weinstein writes, "I have no problems with Google collecting the kinds of data that provide their advanced services, so long as I can choose when that data is collected, and I can inspect and delete it on demand. The google.com/myactivity portal provides those abilities and a lot more."
Crime

Debian Developer Imprisoned In Russia Over Alleged Role In Riots (itwire.com) 89

An anonymous reader writes: "Dmitry Bogatov, Debian developer and Tor node admin, is still being held in a Moscow jail," tweeted the EFF Saturday. IT Wire reports that the 25-year-old math teacher was arrested earlier this month "on suspicion of organizing riots," and is expected to be held in custody until June 8. "The panel investigating the protests claims Bogatov posted several incitory messages on the sysadmin.ru forum; for example, one claim said he was asking people to bring 'bottles, fabric, gasoline, turpentine, foam plastic' to Red Square, according to a post at Hacker News. The messages were sent in the name of one Airat Bashirov and happened to be transmitted through the Tor node that Bogatov was running. The Hacker News post said Bogatov's lawyer had produced surveillance video footage to show that he was elsewhere at the time when the messages were posted.
"After Dmitry's arrest," reports the Free Bogatov site, "Airat Bashirov continue to post messages. News outlets 'Open Russia' and 'Mediazona' even got a chance to speak with him."

Earlier this month the Debian GNU/Linux project also posted a message of support, noting Dmitry maintains several packages for command line and system tools, and saying their group "honours his good work and strong dedication to Debian and Free Software... we hope he is back as soon as possible to his endeavours... In the meantime, the Debian Project has taken measures to secure its systems by removing Dmitry's keys in the case that they are compromised."
Encryption

Encrypted WhatsApp Message Recovered From Westminster Terrorist's Phone (indiatimes.com) 130

Bruce66423 brings word that a terrorist's WhatsApp message has been decrypted "using techniques that 'cannot be disclosed for security reasons', though 'sources said they now have the technical expertise to repeat the process in future.'" The Economic Times reports: U.K. security services have managed to decode the last message sent out by Khalid Masood before he rammed his high-speed car into pedestrians on Westminster Bridge and stabbed to death a police officer at the gates of Parliament on March 22. The access to Masood's message was achieved by what has been described by security sources as a use of "human and technical intelligence"...

The issue of WhatsApp's encrypted service, which is closed to anyone besides the sender and recipient, had come under criticism soon after the attack. "It's completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other," U.K. home secretary Amber Rudd had said.

Security sources say the message showed the victim's motive was military action in Muslim countries, while the article adds that though ISIS claimed responsibility for the attack, "no evidence has emerged to back this up."
Censorship

Wikipedia Is Being Blocked In Turkey (turkeyblocks.org) 87

Nine hours ago, Ilgaz wrote: The Turkey Blocks monitoring network has verified restrictions affecting the Wikipedia online encyclopedia in Turkey. A block affecting all language editions of the website [was] detected at 8:00AM local time Saturday 29 April. The loss of availability is consistent with internet filters used to censor content in the country.
stikves added Access to Wikipedia has been blocked in Turkey as a result of "a provisional administrative order" imposed by the Turkish Telecommunications Authority (BTK)... Turkey Blocks said an administrative blocking order is usually expected to precede a full court blocking order in coming days. While the reason for the order was unknown early on Saturday, a statement on the BTK's website said: "After technical analysis and legal consideration based on the Law Nr. 5651, ADMINISTRATION MEASURE has been taken for this website (wikipedia.org) according to Decision Nr. 490.05.01.2017.-182198 dated 29/04/2017 implemented by Information and Communication Technologies Authority."
The BBC adds reports from Turkish media that authorities "had asked Wikipedia to remove content by writers 'supporting terror.'"
Wireless Networking

Stray WiFi Signals Could Let Spies See Inside Closed Rooms (sciencemag.org) 40

sciencehabit quotes a report from Science Magazine: Your wireless router may be giving you away in a manner you never dreamed of. For the first time, physicists have used radio waves from a Wi-Fi transmitter to encode a 3D image of a real object in a hologram similar to the image of Princess Leia projected by R2D2 in the movie Star Wars. In principle, the technique could enable outsiders to "see" the inside of a room using only the Wi-Fi signals leaking out of it, although some researchers say such spying may be easier said than done. Their experiment relies on none of the billions of digital bits of information encoded in Wi-Fi signals, just the fact that the signals are clean, "coherent" waves. However, instead of recording the key interference pattern on a photographic plate, the researchers record it with a Wi-Fi receiver and reconstruct the object in a computer. They placed a Wi-Fi transmitter in a room, 0.9 meters behind the cross. Then they placed a standard Wi-Fi receiver 1.4 meters in front of the cross and moved it slowly back and forth to map out a "virtual screen" that substituted for the photographic plate. Also, instead of having a separate reference beam coming straight to the screen, they placed a second, stationary receiver a few meters away, where it had a direct view of the emitter. For each point on the virtual screen, the researchers compared the signals arriving simultaneously at both receivers, and made a hologram by mapping the delays caused by the aluminum cross. The virtual hologram isn't exactly like a traditional one, as researchers can't recover the image of the object by shining more radio waves on it. Instead, the scientists used the computer to run the radio waves backward in time from the screen to the distance where wave fronts hit the object. The cross then popped out.
Government

EPA Website Removes Climate Science Site From Public View After Two Decades (washingtonpost.com) 158

Last week there were reports that the EPA climate change website was set to be taken down, though later the EPA denied that. On Friday evening, however, the Environmental Protection Agency announced its website would be "undergoing changes" to better represent the new direction the agency is taking, triggering the removal of several agency websites containing detailed climate data and scientific information (paywalled; alternative source). From a report on The Washington Post: One of the websites that appeared to be gone had been cited to challenge statements made by the EPA's new administrator, Scott Pruitt. Another provided detailed information on the previous administration's Clean Power Plan, including fact sheets about greenhouse gas emissions on the state and local levels and how different demographic groups were affected by such emissions. The changes came less than 24 hours before thousands of protesters were set to march in Washington and around the country in support of political action to push back against the Trump administration's rollbacks of former president Barack Obama's climate policies.
Earth

Trump Order Helps Offshore Drilling, Stops Marine Sanctuary Expansion (arstechnica.com) 149

An anonymous reader quotes a report from Ars Technica: In an executive order signed on Friday, President Trump directed his secretary of the interior to review current rules on offshore drilling and exploration. This review is likely to result in a relaxation of the strict protections the previous administration put on offshore oil drilling in the Atlantic and in the Arctic. According to the Washington Post, a review of the rules is likely to "make millions of acres of federal waters eligible for oil and gas leasing." At the same time, Trump's executive order directed the secretary of commerce to cease designating new marine sanctuaries or expanding any that already exist. According to USA Today, Commerce Secretary Wilbur Ross is also "directed to review all designations and expansions of marine monuments or sanctuaries designated under the Antiquities Act within the last 10 years." The Post says this "includes Hawaii's Papahanaumokuakea Marine National Monument, which Obama quadrupled in size last year, and the Northeast Canyons and Seamounts off Massachusetts." Although these reviews could take some time to complete, they put in motion a bid to favor extraction industries like oil and gas mining. "Today, we're unleashing American energy and clearing the way for thousands and thousands of high-paying energy jobs," Trump reportedly told the Associated Press.
Android

Open Ports Create Backdoors In Millions of Smartphones (bleepingcomputer.com) 117

An anonymous reader writes: "Mobile applications that open ports on Android smartphones are opening those devices to remote hacking, claims a team of researchers from the University of Michigan," reports Bleeping Computer. Researchers say they've identified 410 popular mobile apps that open ports on people's smartphones. They claim that an attacker could connect to these ports, which in turn grant access to various phone features, such as photos, contacts, the camera, and more. This access could be leveraged to steal photos, contacts, or execute commands on the target's phone. Researchers recorded various demos to prove their attacks. Of these 410 apps, there were many that had between 10 and 50 million downloads on the official Google Play Store and even an app that came pre-installed on an OEMs smartphones. "Research on the mobile open port problem started after researchers read a Trend Micro report from 2015 about a vulnerability in the Baidu SDK, which opened a port on user devices, providing an attacker with a way to access the phone of a user who installed an app that used the Baidu SDK," reports Bleeping Computer. "That particular vulnerability affected over 100 million smartphones, but Baidu moved quickly to release an update. The paper detailing the team's work is entitled Open Doors for Bob and Mallory: Open Port Usage in Android Apps and Security Implications, and was presented Wednesday, April 26, at the 2nd IEEE European Symposium on Security and Privacy that took place this week in Paris, France."
Government

Airbnb Gives In To Regulator's Demand To Test For Racial Discrimination By Hosts (theguardian.com) 228

As part of an agreement with California regulators, Airbnb will allow the government to test for racial discrimination by hosts. The Guardian reports: The California Department of Fair Employment and Housing (DFEH) announced Thursday that it had resolved a complaint it filed against Airbnb with an agreement that forces the company to permit the state to conduct "fair housing testing" of certain hosts. That means that for the first time the San Francisco-based company is giving a regulatory body permission to conduct the kind of racial discrimination audits that officials have long used to enforce fair housing laws against traditional landlords. The DFEH's original complaint -- which had not previously been disclosed -- was based on research and a growing number of reports suggesting that hosts regularly refuse to rent to guests due to their race, a problem exposed last year under the hashtag #AirbnbWhileBlack.
Transportation

Apple, Tesla Ask California To Change Its Proposed Policies On Self-Driving Car Testing (reuters.com) 29

Tesla and Apple have asked the state of California to change its proposed policies on self-driving cars to allow companies to test vehicles without traditional steering wheels and controls or human back-up drivers, among other things. Reuters reports: In a letter made public Friday, Apple made a series of suggested changes to the policy that is under development and said it looks forward to working with California and others "so that rapid technology development may be realized while ensuring the safety of the traveling public." Waymo, the self-driving car unit of Google parent company Alphabet Inc, Ford Motor Co, Uber Technologies Inc, Toyota Motor Corp, Tesla Motors Inc and others also filed comments suggesting changes. Apple said California should revise how companies report self-driving system "disengagements." California currently requires companies to report how many times the self-driving system was deactivated and control handed back to humans because of a system failure or a traffic, weather or road situation that required human intervention. Apple said California's rules for development vehicles used only in testing could "restrict both the design and equipment that can be used in test vehicles." Tesla said California should not bar testing of autonomous vehicles that are 10,000 pounds (4,535 kg) or more. Tesla also said California should not prohibit the sale of non-self-driving vehicles previously used for autonomous vehicle testing.
Privacy

WikiLeaks Reveals the 'Snowden Stopper': CIA Tool To Track Whistleblowers (zerohedge.com) 89

schwit1 quotes a report from Zero Hedge: As the latest installment of it's "Vault 7" series, WikiLeaks has just dropped a user manual describing a CIA project known as "Scribbles" (a.k.a. the "Snowden Stopper"), a piece of software purportedly designed to allow the embedding of "web beacon" tags into documents "likely to be stolen." The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon's creator without being detected. Per WikiLeaks' press release. But, the "Scribbles" user guide notes there is just one small problem with the program: it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA's watermarks become visible to the end user and their cover is blown.
Security

A Database of Thousands of Credit Cards Was Left Exposed on the Open Internet (zdnet.com) 35

A US online pet store has exposed the details of more than 110,400 credit cards used to make purchases through its website, researchers have found. From a report on ZDNet: In a stunning show of poor security, the Austin, TX-based company FuturePets.com exposed its entire customer database, including names, postal and email addresses, phone numbers, credit card information, and plain-text passwords. Several customers that we reached out to confirmed some of their information when it was provided by ZDNet, but did not want to be named. The database was exposed because of the company's own insecure server and use of "rsync," a common protocol used for synchronizing copies of files between two different computers, which wasn't protected with a username or password.
Government

NSA Halts Collection of Americans' Emails About Foreign Targets (nytimes.com) 48

The NSA is stopping one of the most disputed forms of its warrantless surveillance program (alternative source), one in which it collects Americans' emails and texts to and from people overseas and that mention a foreigner under surveillance, NYTimes reports on Friday citing officials familiar with the matter. From the report: National security officials have argued that such surveillance is lawful and helpful in identifying people who might have links to terrorism, espionage or otherwise are targeted for intelligence-gathering. The fact that the sender of such a message would know an email address or phone number associated with a surveillance target is grounds for suspicion, these officials argued. [...] The N.S.A. made the change to resolve problems it was having complying with special rules imposed by the Foreign Intelligence Surveillance Court in 2011 to protect Americans' privacy. For technical reasons, the agency ended up collecting messages sent and received domestically as a byproduct of such surveillance, the officials said.
Network

The Internet-of-Things is Maturing (axios.com) 33

An anonymous reader shares a report: The "Internet of Things" (IoT) category is starting to mature in terms of startup investments, according to a new report from Silicon Valley venture capital firm Wing. Like any other trendy area of tech, IoT is in the midst of its own hype cycle, so it's important to get a more detailed picture of how the money is flowing.
Businesses

Qualcomm Says Apple To Stop Paying Royalties (reuters.com) 57

Apple has decided to withhold royalty payments to its contract manufacturers that are owed to Qualcomm, until a legal dispute between the companies is resolved, the chipmaker said on Friday. From a report: Qualcomm, the largest maker of chips used in smartphones, said it will not receive royalties from Apple's contract manufacturers for sales made during the quarter ended March 31. San Diego, California-based Qualcomm also slashed its profit and revenue forecasts for the current quarter, to account for the lost royalty revenue.
Privacy

Lawsuit: Fox News Group Hacked, Surveilled, and Stalked Ex-Host Andrea Tantaros (arstechnica.com) 99

An anonymous reader quotes a report from Ars Technica: Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, current and former Fox executives, Peter Snyder and his financial firm Disruptor Inc., and 50 "John Doe" defendants. The suit alleges that collective participated in a hacking and surveillance campaign against her. Tantaros filed a sexual harassment suit against Roger Ailes and Fox News in August of 2016, after filing internal complaints with the company about harassment dating back to February of 2015. She was fired by the network in April of 2016, as Tantaros continued to press complaints against Fox News' then-Chairman and CEO Roger Ailes, Bill O'Reilly, and others. Tantaros had informed Fox that she would be filing a lawsuit over the alleged sexual harassment. Tantaros claims that as early as February of 2015, a group run out of a "black room" at Fox News engaged in surveillance and electronic harassment of her, including the use of "sock puppet" social media accounts to electronically stalk her. Tantaros' suit identifies Peter Snyder and Disruptor Inc. as the operators of a social influence operation using "sock puppet" accounts on Twitter and other social media.
Patents

Apple Patent Hints At Wirelessly Charging Your iPhone Via Wi-Fi Routers (appleinsider.com) 140

According to AppleInsider, "Apple is experimenting with medium- to long-distance wireless charging technologies that could one day allow users to charge up their iPhones with nothing more than a Wi-Fi router." From the report: Detailed in Apple's patent application for "Wireless Charging and Communications Systems With Dual-Frequency Patch Antennas" is a method for transferring power to electronic devices over frequencies normally dedicated to data communications. In its various embodiments, the invention notes power transfer capabilities over any suitable wireless communications link, including cellular between 700 MHz and 2700 MHz, and Wi-Fi operating at 2.4 GHz and 5 GHz. More specifically, the document's claims apply to millimeter wave 802.11ad spectrum channels currently in use by the WiGig standard, which operates over the 60 GHz frequency band. Theoretically, the proposal opens the door to wire-free charging from in-home Wi-Fi routers to cellular nodes and even satellite signals. Of course, amplitude in a wireless system is normally a function of distance. Like conventional wireless charging techniques, Apple's design requires two devices -- a transmitter and receiver -- to function. Each device contains one or more antennas coupled to wireless circuitry capable of making phase and magnitude adjustments to transmitted and received signals. Such hardware can be employed in dynamic beam steering operations.
NASA

NASA Delays First Flight of New SLS Rocket Until 2019 (arstechnica.com) 107

schwit1 writes: Despite spending almost $19 billion and more than thirteen years of development, NASA today admitted that it will have to delay the first test flight of the SLS rocket from late 2018 to sometime in 2019. "We agree with the GAO that maintaining a November 2018 launch readiness date is not in the best interest of the program, and we are in the process of establishing a new target in 2019," wrote William Gerstenmaier, chief of NASA's human spaceflight program. "Caution should be used in referencing the report on the specific technical issues, but the overall conclusions are valid." The competition between the big government SLS/Orion program and private commercial space is downright embarrassing to the government. While SLS continues to be delayed, even after more than a decade of work and billions of wasted dollars, SpaceX is gearing up for the first flight of Falcon Heavy this year. And they will be doing it despite the fact that Congress took money from the commercial private space effort, delaying its progress, in order to throw more money at SLS/Orion.

Slashdot Top Deals