Security

More Than Half of Streaming Users In US Are Sharing Their Passwords, Says Report (streamingobserver.com) 27

A new study conducted by Fluent shows a majority of Americans are sharing passwords to their streaming video services. While millennials lead the pack, non-millennials are doing the same. Streaming Observer reports: Nearly 3 out of every 4 (72% exactly) Americans who have cable also have access to at least one streaming service and 8% of cable subscribers plan to eliminate their service in the next year. But that doesn't necessarily mean they're paying for their streaming service. New numbers from a study conducted by Fluent show that the majority of Americans are sharing passwords to their streaming video services. Well over half of millennials (aged 18-34) -- 60% -- are either using someone someone else's password or giving their password to someone else. And just under half -- 48% -- of non-millennials are doing the same. The study also revealed that the main factor in what drives consumers to sign up for streaming video services is price, with 34% of Americans saying that low cost was the primary factor. That number jumps to 38% among millennials. When you take in to account that some streaming TV services start with prices as low as $20, it makes sense that price is the biggest issue. Convenience was the next biggest factor, coming in at just below 25%.
Government

Proposed Active-Defense Bill Would Allow Destruction of Data, Use of Beacon Tech (onthewire.io) 40

Trailrunner7 quotes a report from On the Wire: A bill that would allow victims of cybercrime to use active defense techniques to stop attacks and identify attackers has been amended to require victims to notify the FBI of their actions and also add an exemption to allow victims to destroy their data once they locate it on an attacker's machine. The Active Cyber Defense Certainty Act, drafted by Rep. Tom Graves (R-Ga.) in March, is designed to enable people who have been targets of cybercrime to employ certain specific techniques to trace the attack and identify the attacker. The bill defines active cyber defense as "any measure -- (I) undertaken by, or at the direction of, a victim"; and "(II) consisting of accessing without authorization the computer of the attacker to the victim" own network to gather information in order to establish attribution of criminal activity to share with law enforcement or to disrupt continued unauthorized activity against the victim's own network." After releasing an initial draft of the bill in March, Rep. Tom Graves held a public event in Georgia to collect feedback on the legislation. Based on that event and other feedback, Graves made several changes to the bill, including the addition of the notification of law enforcement and an exception in the Computer Fraud and Abuse Act for victims who use so-called beaconing technology to identify an attacker. "The provisions of this section shall not apply with respect to the use of attributional technology in regard to a defender who uses a program, code, or command for attributional purposes that beacons or returns locational or attributional data in response to a cyber intrusion in order to identify the source of the intrusion," the bill says.
Privacy

83 Percent Of Security Staff Waste Time Fixing Other IT Problems (betanews.com) 99

An anonymous reader shares a report: A new survey of security professionals reveals that 83 percent say colleagues in other departments turn to them to fix personal computer problems. The study by security management company FireMon shows a further 80 percent say this is taking up more than an hour of their working week, which in a year could equate to more than $88,000. For organizations, eight percent of professionals surveyed helping colleagues out five hours a week or more could be costing over $400,000. Organizations are potentially paying qualified security professionals salaries upwards of $100,000 a year and seeing up to 12.5 percent of that investment being spent on non-security related activities.
Businesses

Apple's Jonathan Ive Says Immigration Vital For UK Firms (bbc.com) 84

The UK must keep its doors open to top talent from around the world if its technology firms are to thrive, Apple's chief designer has told the BBC. An anonymous reader shares the article: Sir Jonathan Ive, who has just been appointed Chancellor of the Royal College of Art, also said that technology hubs like Silicon Valley had a "tremendous cultural diversity". Some technology firms fear they may lose access to talent after Brexit. "That general principle [on access] is terribly important for creating a context for multiple companies to grow and in a healthy way explore and develop new products and new product types," Sir Jonathan told BBC Radio 4's Today programme. Sir Jonathan said the UK had a "fabulous tradition of design education", but that it needed to do more to become a technology hub on a par with Silicon Valley in California, where the likes of Apple, Facebook and Google are based. "I think Silicon Valley has infrastructures to support start-up companies... ranging from technological support through to funding," he said. "And there is the sense that failure isn't irreversible, so very often people will work on an idea, and there isn't the same sense of stigma when one idea and perhaps one company doesn't work out."
Security

Newly Discovered Vulnerability Raises Fears Of Another WannaCry (reuters.com) 90

A newly found flaw in widely used networking software leaves tens of thousands of computers potentially vulnerable to an attack similar to that caused by WannaCry, which infected more than 300,000 computers worldwide, cybersecurity researchers said on Thursday. From a Reuters report: The U.S. Department of Homeland Security on Wednesday announced the vulnerability, which could be exploited to take control of an affected computer, and urged users and administrators to apply a patch. Rebekah Brown of Rapid7, a cybersecurity company, told Reuters that there were no signs yet of attackers exploiting the vulnerability in the 12 hours since its discovery was announced. But she said it had taken researchers only 15 minutes to develop malware that made use of the hole. "This one seems to be very, very easy to exploit," she said. Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers.
Government

US Intelligence Community Has Lost Credibility Due To Leaks (bloomberg.com) 298

Two anonymous readers and Mi share an article: U.K. police investigating the Manchester terror attack say they have stopped sharing information with the U.S. after a series of leaks that have so angered the British government that Prime Minister Therese May wants to discuss them with President Donald Trump during a North Atlantic Treaty Organization meeting in Brussels. What can Trump tell her, though? The leaks drive him nuts, too. Since the beginning of this century, the U.S. intelligence services and their clients have acted as if they wanted the world to know they couldn't guarantee the confidentiality of any information that falls into their hands. At this point, the culture of leaks is not just a menace to intelligence-sharing allies. It's a threat to the intelligence community's credibility. [...] If this history has taught the U.S. intelligence community anything, it's that leaking classified information isn't particularly dangerous and those who do it largely enjoy impunity. Manning spent seven years in prison (though she'd been sentenced to 35), but Snowden, Assange, Petraeus, the unknown Chinese mole, the people who stole the hacking tools and the army of recent anonymous leakers, many of whom probably still work for U.S. intelligence agencies, have escaped any kind of meaningful punishment. President Donald Trump has just now announced that the administration would "get to the bottom" of leaks. In a statement, he said: "The alleged leaks coming out of government agencies are deeply troubling. These leaks have been going on for a long time and my Administration will get to the bottom of this. The leaks of sensitive information pose a grave threat to our national security. I am asking the Department of Justice and other relevant agencies to launch a complete review of this matter, and if appropriate, the culprit should be prosecuted to the fullest extent of the law. There is no relationship we cherish more than the Special Relationship between the United States and the United Kingdom.
The Internet

Manchester Attack Could Lead To Internet Crackdown (independent.co.uk) 355

New submitter boundary writes: The UK government looks to be about to put the most egregious parts of the Investigative Powers Act into force "soon after the election" (which is in a couple of weeks) in the wake of the recent bombing in Manchester. "Technical Capability Orders" require tech companies to break their own security. I wonder who'll comply? The Independent reports: "Government will ask parliament to allow the use of those powers if Theresa May is re-elected, senior ministers told The Sun. 'We will do this as soon as we can after the election, as long as we get back in,' The Sun said it was told by a government minister. 'The level of threat clearly proves there is no more time to waste now. The social media companies have been laughing in our faces for too long.'"
Databases

Vermont DMV Caught Using Illegal Facial Recognition Program (vocativ.com) 107

schwit1 quotes a report from Vocativ: The Vermont Department of Motor Vehicles has been caught using facial recognition software -- despite a state law preventing it. Documents obtained by the American Civil Liberties Union of Vermont describe such a program, which uses software to compare the DMV's database of names and driver's license photos with information with state and federal law enforcement. Vermont state law, however, specifically states that "The Department of Motor Vehicles shall not implement any procedures or processes that involve the use of biometric identifiers." The program, the ACLU says, invites state and federal agencies to submit photographs of persons of interest to the Vermont DMV, which it compares against its database of some 2.6 million Vermonters and shares potential matches. Since 2012, the agency has run at least 126 such searches on behalf of local police, the State Department, FBI, and Immigrations and Customs Enforcement.
Robotics

Robot Police Officer Goes On Duty In Dubai (bbc.com) 49

The first robot officer has joined the Dubai Police force tasked with patrolling the city's malls and tourist attractions. "People will be able to use it to report crimes, pay fines and get information by tapping a touchscreen on its chest," reports BBC. "Data collected by the robot will also be shared with the transport and traffic authorities." From the report: The government said the aim was for 25% of the force to be robotic by 2030 but they would not replace humans. "We are not going to replace our police officers with this tool," said Brig Khalid Al Razooqi, director general of smart services at Dubai Police. "But with the number of people in Dubai increasing, we want to relocate police officers so they work in the right areas and can concentrate on providing a safe city. "Most people visit police stations or customer service, but with this tool we can reach the public 24/7. It can protect people from crime because it can broadcast what is happening right away to our command and control center."
Government

The Trump Administration Wants To Be Able To Track and Hack Your Drone (fastcompany.com) 214

An anonymous reader shares a report: The Trump administration wants federal agencies to be able to track, hack, or even destroy drones that pose a threat to law enforcement and public safety operations, The New York Times reports. A proposed law, if passed by Congress, would let the government take down unmanned aircraft posing a danger to firefighting and search-and-rescue missions, prison operations, or "authorized protection of a person." The government will be required to respect "privacy, civil rights, and civil liberties" when exercising that power, the draft bill says. But records of anti-drone actions would be exempt from public disclosure under freedom of information laws, and people's right to sue over damaged and seized drones would be limited, according to the text of the proposal published by the Times. The administration, which would not comment on the proposal, scheduled a classified briefing on Wednesday for congressional staff members to discuss the issue.
IT

JSON Feed Announced As Alternative To RSS (jsonfeed.org) 200

Reader Anubis IV writes: With Slashdot recently asking whether we still use RSS, it may come as a surprise that something interesting has happened in the world of news feeds this week. JSON Feed was launched as an alternative to RSS and Atom, eschewing the XML they rely on -- which is frequently malformed and difficult to parse -- in favor of a human readable JSON format that reflects the decades of combined experience its authors have in the field. The JSON Feed spec is a simple read that lays out a number of pragmatic benefits the format has over RSS and Atom, such as eliminating duplicate entries, adding the ability to paginate feeds so that old entries remain available, and reducing the need for clients to scrape sites to find images and other resources. Given that it's authored by the developers behind one of the earliest, popular RSS clients and a recently Kickstarted blogging platform, the format is intended to address the common pain points currently faced by developers when producing and parsing feeds.

While it remains to be seen whether JSON Feed will escape the chicken-and-egg stage of adoption, several clients have already added support for the fledging format in the week since its announcement, including Feedbin, Inoreader, and NewsBlur.

Security

Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn (torrentfreak.com) 124

Millions of people risk having their devices and systems compromised by malicious subtitles, according to a new research published by security firm Check Point. The threat comes from a previously undocumented vulnerability which affects users of popular streaming software, including Kodi, Popcorn-Time, and VLC. Developers of the applications have already applied fixes and in some cases, working on it. From a report: While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users. Researchers from Check Point, who uncovered the problem, describe the subtitle 'attack vector' as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years. "By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim's machine, whether it is a PC, a smart TV, or a mobile device," they write.
Security

Wikimedia Is Clear To Sue the NSA Over Its Use of Warrantless Surveillance Tools (engadget.com) 60

The Wikimedia Foundation has the right to sue the National Security Agency over its use of warrantless surveillance tools, a federal appeals court ruled. "A district judge shot down Wikimedia's case in 2015, saying the group hadn't proved the NSA was actually illegally spying on its communications," reports Engadget. "In this case, proof was a tall order, considering information about the targeted surveillance system, Upstream, remains classified." From the report: The appeals court today ruled Wikimedia presented sufficient evidence that the NSA was in fact monitoring its communications, even if inadvertently. The Upstream system regularly tracks the physical backbone of the internet -- the cables and routers that actually transmit our emoji. With the help of telecom providers, the NSA then intercepts specific messages that contain "selectors," email addresses or other contact information for international targets under U.S. surveillance. "To put it simply, Wikimedia has plausibly alleged that its communications travel all of the roads that a communication can take, and that the NSA seizes all of the communications along at least one of those roads," the appeals court writes. "Thus, at least at this stage of the litigation, Wikimedia has standing to sue for a violation of the Fourth Amendment. And, because Wikimedia has self-censored its speech and sometimes forgone electronic communications in response to Upstream surveillance, it also has standing to sue for a violation of the First Amendment."
Security

DEFCON Conference To Target Voting Machines (politico.com) 105

An anonymous reader quotes a report from Politico: Hackers will target American voting machines -- as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar's Palace in Las Vegas at the end of July for DEFCON, the world's largest hacking conference, organizers are planning to have waiting what they call "a village" of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks. With all the attention on Russia's apparent attempts to meddle in American elections -- former President Barack Obama and aides have made many accusations toward Moscow, but insisted that there's no evidence of actual vote tampering -- voting machines were an obvious next target, said DEFCON founder Jeff Moss.
Programming

'Coding Is Not Fun, It's Technically and Ethically Complex' (qz.com) 351

An anonymous reader shares an article: For starters, the profile of a programmer's mind is pretty uncommon. As well as being highly analytical and creative, software developers need almost superhuman focus to manage the complexity of their tasks. Manic attention to detail is a must; slovenliness is verboten. Coding isn't the only job that demands intense focus. But you'd never hear someone say that brain surgery is "fun," or that structural engineering is "easy." When it comes to programming, why do policymakers and technologists pretend otherwise? For one, it helps lure people to the field at a time when software (in the words of the venture capitalist Marc Andreessen) is "eating the world" -- and so, by expanding the labor pool, keeps industry ticking over and wages under control. Another reason is that the very word "coding" sounds routine and repetitive, as though there's some sort of key that developers apply by rote to crack any given problem. It doesn't help that Hollywood has cast the "coder" as a socially challenged, type-first-think-later hacker, inevitably white and male, with the power to thwart the Nazis or penetrate the CIA. Insisting on the glamor and fun of coding is the wrong way to acquaint kids with computer science. It insults their intelligence and plants the pernicious notion in their heads that you don't need discipline in order to progress. As anyone with even minimal exposure to making software knows, behind a minute of typing lies an hour of study. It's better to admit that coding is complicated, technically and ethically. Computers, at the moment, can only execute orders, to varying degrees of sophistication. So it's up to the developer to be clear: the machine does what you say, not what you mean. More and more "decisions" are being entrusted to software, including life-or-death ones: think self-driving cars; think semi-autonomous weapons; think Facebook and Google making inferences about your marital, psychological, or physical status, before selling it to the highest bidder. Yet it's rarely in the interests of companies and governments to encourage us to probe what's going on beneath these processes.

Slashdot Top Deals