Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Privacy

Judge Rules Against Forced Fingerprinting (thestack.com) 27

An anonymous reader quotes a report from The Stack: A federal judge in Chicago has ruled against a government request which would require forced fingerprinting of private citizens in order to open a secure, personal phone or tablet. In the ruling, the judge stated that while fingerprints in and of themselves are not protected, the government's method of obtaining the fingerprints would violate the Fourth and Fifth amendments. The government's request was given as part of a search warrant related to a child pornography ring. The court ruled that the government could seize devices, but that it could not compel people physically present at the time of seizure to provide their fingerprints "onto the Touch ID sensor of any Apple iPhone, iPad, or other Apple brand device in order to gain access to the contents of any such device." The report mentions that the ruling was based on three separate arguments. "The first was that the boilerplate language used in the request was dated, and did not, for example, address vulnerabilities associated with wireless services. Second, the court said that the context in which the fingerprints were intended to be gathered may violate the Fourth Amendment search and seizure rights of the building residents and their visitors, all of whom would have been compelled to provide their fingerprints to open their secure devices. Finally, the court noted that historically the Fifth Amendment, which protects against self-incrimination, does not allow a person to circumvent the fingerprinting process." You can read more about the ruling via Ars Technica.
Iphone

Cellebrite Can Now Unlock Apple iPhone 6, 6 Plus (cyberscoop.com) 46

Patrick O'Neill writes: A year after the battle between the FBI and Apple over unlocking an iPhone 5s used by a shooter in the San Bernardino terrorist attack, smartphone cracking company Cellebrite announced it can now unlock the iPhone 6 and 6 Plus for customers at rates ranging from $1,500 to $250,000. The company's newest products also extract and analyze data from a wide range of popular apps including all of the most popular secure messengers around. From the Cyberscoop report: "Cellebrite's ability to break into the iPhone 6 and 6 Plus comes in their latest line of product releases. The newest Cellebrite product, UFED 6.0, boasts dozens of new and improved features including the ability to extract data from 51 Samsung Android devices including the Galaxy S7 and Galaxy S7 Edge, the latest flagship models for Android's most popular brand, as well as the new high-end Google Pixel Android devices."
Communications

FCC Votes To Lift Net Neutrality Transparency Rules For Smaller Internet Providers (theverge.com) 78

The Federal Communications Commission today voted to lift transparency requirements for smaller internet providers. According to The Verge, "Internet providers with fewer than 250,000 subscribers will not be required to disclose information on network performance, fees, and data caps, thanks to this rule change. The commission had initially exempted internet providers with fewer than 100,000 subscribers with the intention of revisiting the issue later to determine whether a higher or lower figure was appropriate." From the report: The rule passed in a 2-1 vote, with Republicans saying the reporting requirements unfairly burdened smaller ISPs with additional work. Only Democratic commissioner Mignon Clyburn opposed. Clyburn argued that the disclosures were an important consumer protection that was far from overbearing on businesses, particularly ones this large. Clyburn also argued that the rule would allow larger internet providers to avoid disclosing information by simply breaking their service areas up into different subsidiaries. Republican commissioner Michael O'Rielly voted in favor of the change, saying he actually would have preferred the subscriber exemption to be even higher. And commission chairman Ajit Pai said the rules were necessary to protect "mom and pop internet service providers" from "burdensome requirements [...] that impose serious and unnecessary costs."
The Courts

Amazon Argues That Alexa Is Protected By the First Amendment in a Murder Trial (qz.com) 78

Amazon is sticking to its guns in the fight to protect customer data. The ecommerce giant has filed a motion to quash the search warrant for recordings from an Amazon Echo in the trial of James Andrew Bates, accused of murdering friend Victor Collins in Bentonville, Arkansas in November 2015. And it's arguing that the responses of Alexa, the voice of the Echo, has First Amendment rights as part of that motion. From a report on Quartz: The company's lawyers claim that Alexa's recordings and responses are subject to free speech protections under the US constitution's bill of rights, and that prosecutors need to provide more evidence that this audio is essential to the case. "It is well established that the First Amendment protects not only an individual's right to speak, but also his or her 'right to receive information and ideas,'" Amazon lawyers wrote in a court filing. "At the heart of that First Amendment protection is the right to browse and purchase expressive materials anonymously, without fear of government discovery." Amazon also referenced a 2014 case involving Chinese search giant Baidu, where a court ruled that results returned by a search engine are protected by the First Amendment.
Piracy

Google Says Almost Every Recent 'Trusted' DMCA Notices Were Bogus (torrentfreak.com) 67

Reader AmiMoJo writes: In comments submitted to a U.S. Copyright Office consultation, Google has given the DMCA a vote of support, despite widespread abuse. Noting that the law allows for innovation and agreements with content creators, Google says that 99.95% of URLs it was asked to take down last month didn't even exist in its search indexes. "For example, in January 2017, the most prolific submitter submitted notices that Google honored for 16,457,433 URLs. But on further inspection, 16,450,129 (99.97%) of those URLs were not in our search index in the first place."
Google

Google Has Demonstrated a Successful Practical Attack Against SHA-1 (googleblog.com) 95

Reader Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Facebook

'Social Media Needs A Travel Mode' (idlewords.com) 121

Maciej CegÅowski, a Polish-American web developer, entrepreneur, and social critic, writes on a blog post: We need a 'trip mode' for social media sites that reduces our contact list and history to a minimal subset of what the site normally offers. Not only would such a feature protect people forced to give their passwords at the border, but it would mitigate the many additional threats to privacy they face when they use their social media accounts away from home. Both Facebook and Google make lofty claims about user safety, but they've done little to show they take the darkening political climate around the world seriously. A 'trip mode' would be a chance for them to demonstrate their commitment to user safety beyond press releases and anodyne letters of support. What's required is a small amount of engineering, a good marketing effort, and the conviction that any company that makes its fortune hoarding user data has a moral responsibility to protect its users. To work effectively, a trip mode feature would need to be easy to turn on, configurable (so you can choose how long you want the protection turned on for) and irrevocable for an amount of time chosen by the user once it's set. There's no sense in having a 'trip mode' if the person demanding your password can simply switch it off, or coerce you into switching it off.
The Courts

Judge Blocks California Law Limiting Publication of Actor's Ages (politico.com) 115

mi writes: IMDb has a reason to rejoice. Politico reports: "A federal judge has barred the State of California from enforcing a new law limiting online publication of actors' ages. Acting in a case brought by online movie information website IMDb, U.S. District Court Judge Vince Chhabria ruled Wednesday that the California law likely violates the First Amendment and appears poorly tailored to proponents' stated goal of preventing age discrimination in Hollywood. The judge expressed deep skepticism that the law, which he said appeared to apply only to IMDb, would have any effect on discrimination. The judge rejected the state's arguments that the law was a regulation of commercial speech, finding that IMDb was acting as a publisher in posting the birthday and age information online." "It's not clear how preventing one mere website from publishing age information could meaningfully combat discrimination at all. And even if restricting publication on this one website could confer some marginal anti-discrimination benefit, there are likely more direct, more effective, and less speech-restrictive ways of achieving the same end," Chhabria wrote in a three-page order.
Communications

T-Mobile Promises Big LTE Boost From 5GHz Wi-Fi Frequencies (arstechnica.com) 63

"T-Mobile USA is ready to deploy a new LTE technology over the same 5GHz frequencies used by Wi-Fi following U.S. government approval of the first 'LTE-U' devices," reports Ars Technica. "The Federal Communications Commission today authorized the first LTE-U (LTE for unlicensed spectrum) devices after a controversial process designed to ensure that cellular network use of the 5GHz band won't interfere with Wi-Fi networks." From the report: LTE-U will help T-Mobile achieve its goal of offering gigabit LTE speeds, the carrier said. Verizon Wireless is also planning to use LTE-U. The company said in September that it is "eager to deploy" the technology and developed an equipment testing plan, but it's not clear when a Verizon deployment will happen. Cellular carriers in the US generally hold exclusive licenses to spectrum, while Wi-Fi operates in unlicensed frequencies. Anyone can operate in unlicensed spectrum without an FCC license as long as they use certified radio equipment and comply with power limits and other technical requirements. The plan to bring LTE to unlicensed Wi-Fi spectrum set off an industry fight. LTE-U deployment plans drew opposition in 2015 from cable companies and the Wi-Fi Alliance, an industry group that certifies equipment to make sure it doesn't interfere with other Wi-Fi equipment. Industry groups worked together to develop a "Coexistence Test Plan" to prevent interference, and the Wi-Fi Alliance said it's satisfied with the result even though the new testing is voluntary rather than required by the FCC.
Security

Software Vendor Who Hid 'Supply Chain' Breach Outed (krebsonsecurity.com) 51

tsu doh nimh writes: Researchers at RSA released a startling report last week that detailed a so-called "supply chain" malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation's largest companies. This intrusion would probably not be that notable if the software vendor didn't have a long list of Fortune 500 customers, and if the attackers hadn't also compromised the company's update servers -- essentially guaranteeing that customers who downloaded the software prior to the breach were infected as well. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure as a page inside of its site -- not linking to it anywhere. Brian Krebs went and dug it up. Spoiler: the product/vendor in question is EVlog by Altair Technologies Ltd.
Privacy

GE, Intel, and AT&T Are Putting Cameras and Sensors All Over San Diego (fortune.com) 120

An anonymous reader shares a Fortune report: General Electric will put cameras, microphones, and sensors on 3,200 street lights in San Diego this year, marking the first large-scale use of "smart city" tools GE says can help monitor traffic and pinpoint crime, but raising potential privacy concerns. Based on technology from GE's Current division, Intel and AT&T, the system will use sensing nodes on light poles to locate gunshots, estimate crowd sizes, check vehicle speeds and other tasks, GE and the city said on Wednesday. The city will provide the data to entrepreneurs and students to develop applications. Companies expect a growing market for such systems as cities seek better data to plan and run their operations. San Diego is a test of "Internet of things" technology that GE Current provides for commercial buildings and industrial sites.
Transportation

College Senior Turns His Honda Civic Into a Self-Driving Car Using Free Hardware, Software (technologyreview.com) 128

holy_calamity writes: University of Nebraska student Brevan Jorgenson swapped the rear-view mirror in his 2016 Honda Civic for a home-built device called a Neo, which can steer the vehicle and follow traffic on the highway. Jorgenson used hardware designs and open-source software released by Comma, a self-driving car startup that decided to give away its technology for free last year after receiving a letter asking questions about its functionality from the National Highway Traffic Safety Administration (NHTSA). Jorgenson is just one person in a new hacker community trying to upgrade their cars using Comma's technology. "A Neo is built from a OnePlus 3 smartphone equipped with Comma's now-free Openpilot software, a circuit board that connects the device to the car's electronics, and a 3-D-printed case," reports MIT Technology Review. The report notes that Neodriven, a startup based in Los Angeles, has recently started selling a pre-built Neo device that works with Comma's Openpilot software, but it costs $1,495.
Censorship

'We Won't Block Pirate Bay,' Swedish Telecoms Giant Says (torrentfreak.com) 27

Last week, a Swedish Patent and Market Court of Appeal ordered The Pirate Bay and streaming portal Swefilmer to be blocked by internet service provider Bredbandsbolaget for the next three years. The order was not well supported by other internet service providers in Sweden, as it appears they don't like the idea of becoming copyright policemen. TorrentFreak reports: Last week ISP Bahnhof absolutely slammed the decision to block The Pirate Bay, describing the effort as signaling the "death throes" of the copyright industry. It even hinted that it may offer some kind of technical solution to customers who are prevented from accessing the site. For those familiar with Bahnhof's stance over the years, this response didn't come as a surprise. The ISP is traditionally pro-freedom and has gone out of its way to make life difficult for copyright enforcers of all kinds. However, as one of the leading telecoms companies in Sweden and neighboring Norway, ISP Telia is more moderate. Nevertheless, it too says it has no intention of blocking The Pirate Bay, unless it is forced to do so by law. "No, we will not block if we are not forced to do so by a court," a company press officer said this morning. Telia says that the decision last week from the Patent and Market Court affects only Bredbandsbolaget, indicating that a fresh legal process will be required to get it to respond. That eventuality appears to be understood by the rightsholders but they're keeping their options open.
Government

Wyden To Introduce Bill To Prohibit Warrantless Phone Searches At Border (onthewire.io) 187

Trailrunner7 quotes a report from On the Wire: A senator from Oregon who has a long track record of involvement on security and privacy issues says he plans to introduce a bill soon that would prevent border agents from forcing Americans returning to the country to unlock their phones without a warrant. Sen. Ron Wyden said in a letter to the secretary of the Department of Homeland Security that he is concerned about reports that Customs and Border Patrol agents are pressuring returning Americans into handing over their phone PINs or using their fingerprints to unlock their phones. DHS Secretary John Kelly has said that he's considering the idea of asking visitors for the login data for their various social media accounts, information that typically would require a warrant to obtain. "Circumventing the normal protection for such private information is simply unacceptable," Wyden said in the letter, sent Monday. "There are well-established procedures governing how law enforcement agencies may obtain data from social media companies and email providers. The process typically requires that the government obtain a search warrant or other court order, and then ask the service provider to turn over the user's data."
Piracy

Online Piracy Can Boost Comic Book Sales, Research Finds (torrentfreak.com) 36

A number of studies show that piracy helps movies, TV shows, and music albums find a much wider audience, which in turn, often times, help in boosting their revenue. But what about comic books? A new academic study shows that piracy can have a positive effect on comic book sales, too, albeit under certain conditions. From a report on TorrentFreak: Manga, in particular, has traditionally been very popular on file-sharing networks and sites. These are dozens of large sites dedicated to the comics, which are downloaded in their millions. According to the anti-piracy group CODA, which represents Japanese comic publishers, piracy losses overseas are estimated to be double the size of overseas legal revenue. With this in mind, Professor Tatsuo Tanaka of the Faculty of Economics at Keio University decided to look more closely at how piracy interacts with legal sales. In a natural experiment, he examined how the availability of pirated comic books affected revenue. Interestingly, the results show that decreased availability of pirated comics doesn't always help sales. In fact, for comics that no longer release new volumes, the effect is reversed. "Piracy decreases sales of ongoing comics, but it increases sales of completed comics," Professor Tanaka writes. "To put this another way, displacement effect is dominant for ongoing comics, and advertisement effect is dominant for completed comics," he adds.
Privacy

GlobalSign Supports Billions of Device Identities In an Effort To Secure the IoT (globalsign.com) 27

Reader broknstrngz writes: GlobalSign, a WebTrust certified CA and identity services provider, has released its high volume managed PKI platform, taking a stab at the current authentication and security weaknesses in the IoT. The new service aims to commodify large scale rapid enrollment and identity management for large federated swarms of devices such as IP cameras, smart home appliances and consumer electronics, core and customer premises network equipment in an attempt to reduce the attack surface exploitable by IoT DDoS botnets such as Mirai.

Strong device identity models are developed in partnership with TPM and hardware cryptographic providers such as Infineon and Intrinsic ID, as well as other Trusted Computing Group members.

Windows

EU Privacy Watchdogs Say Windows 10 Settings Still Raise Concerns (reuters.com) 161

Julia Fioretti, reporting for Reuters: European Union data protection watchdogs said on Monday they were still concerned about the privacy settings of Microsoft's Windows 10 operating system despite the U.S. company announcing changes to the installation process. The watchdogs, a group made up of the EU's 28 authorities responsible for enforcing data protection law, wrote to Microsoft last year expressing concerns about the default installation settings of Windows 10 and users' apparent lack of control over the company's processing of their data. The group -- referred to as the Article 29 Working Party -- asked for more explanation of Microsoft's processing of personal data for various purposes, including advertising. "In light of the above, which are separate to the results of ongoing inquiries at a national level, even considering the proposed changes to Windows 10, the Working Party remains concerned about the level of protection of users' personal data," the group said in a statement which also acknowledged Microsoft's willingness to cooperate.
Piracy

Google and Microsoft To Crackdown On Piracy Sites In Search Results (telegraph.co.uk) 103

Google and Microsoft pledged on Monday to crack down on sites hosting pirated content that show up on their search engines. In what is being called a first of its kind agreement, Google and Microsoft's Bing will demote U.K. search results of copyright infringing websites. From a report on The Telegraph: The search engine operators have signed up to a clampdown that will see the UK's copyright watchdog monitor the search results they provide for unlawful websites. The agreement follows years of campaigning by record labels and film studios, which have accused Google and Microsoft of turning a blind eye to piracy and dragging their feet over measures to protect copyright online. Under a new voluntary code, the tech giants have committed to demote websites that have repeatedly been served with copyright infringement notices, so that they do not appear on the first page for common searches.
Piracy

Kim Dotcom Can Be Extradited, Rules A New Zealand Court (reuters.com) 188

Kim Dotcom -- and Megaupload's programmers Mathias Ortmann and Bram van der Kolk, as well as its advertising manager Finn Batato -- could soon be in a U.S. courtroom. A New Zealand judge just ruled they can all be extradited to the U.S. An anonymous reader quotes Reuters: The Auckland High Court upheld the decision by a lower court in 2015 on 13 counts, including allegations of conspiracy to commit racketeering, copyright infringement, money laundering and wire fraud, although it described that decision as "flawed" in several areas. Dotcom's lawyer Ron Mansfield said in a statement the decision was "extremely disappointing" and that Dotcom would appeal to New Zealand's Court of Appeal.

U.S. authorities say Dotcom and three co-accused Megaupload executives cost film studios and record companies more than $500 million and generated more than $175 million by encouraging paying users to store and share copyrighted material. High Court judge Murray Gilbert said that there was no crime for copyright in New Zealand law that would justify extradition but that the Megaupload-founder could be sent to the United States to face allegations of fraud.

"I'm no longer getting extradited for copyright," Dotcom commented on Twitter. "We won on that. I'm now getting extradited for a law that doesn't even apply.
Displays

Some Recyclers Give Up On Recycling Old Monitors And TVs (vice.com) 274

An anonymous reader writes: "In many cases, your old TV isn't recycled at all and is instead abandoned in a warehouse somewhere, left for society to deal with sometime in the future," reports Motherboard, describing the problem of old cathode-ray televisions and computer monitors with "a net negative recycling value" (since their component parts don't cover the cost of dismantling them). An estimated 705 million CRT TVs were sold in the U.S. since 1980, and many now sit in television graveyards, "an environmental and economic disaster with no clear solution." As much as 100,000 tons of potentially hazardous waste are stockpiled in two Ohio warehouses of the now-insolvent recycler Closed Loop, plus "at least 25,000 tons of glass and unprocessed CRTs in Arizona...much of it is sitting in a mountainous pile outside one of the warehouses."
One EPA report found 23,000 tons of lead-containing CRT glass abandoned in four different states just in 2013.

Slashdot Top Deals