Russian Submarines are 'Prowling Around' Undersea Internet Cables ( 175

An anonymous reader quotes The Hill: Russian submarine activity around undersea cables that provide internet and other communications connections to North America and Europe has raised concerns among NATO officials, according to The Washington Post. NATO officials say an unprecedented amount of Russian deep-sea activity, especially around undersea internet lines, constitutes a newfound "vulnerability" for NATO nations. "We are now seeing Russian underwater activity in the vicinity of undersea cables that I don't believe we have ever seen," said NATO submarine forces commander and U.S. Navy Rear Adm. Andrew Lennon. "Russia is clearly taking an interest in NATO and NATO nations' undersea infrastructure."
"The Russian Defense Ministry did not respond to a request for comment about the cables," reports the Washington Post, adding that "prowling around" the cables "could give the Kremlin the power to sever or tap into vital data lines, officials said."

They cite the commander of NATO's submarine forces, who says "We know that these auxiliary submarines are designed to work on the ocean floor, and they're transported by the mother ship, and we believe they may be equipped to manipulate objects on the ocean floor."

Lithuania Calls On EU To Stop Adjusting Clocks For Daylight Savings ( 170

AmiMoJo shares a report from The Guardian: Lithuania has said that it would push the European Union to abolish its law on daylight saving time, claiming that most people find it annoying to have to adjust their clocks twice a year. An opinion poll published this year showed that 79% of people in the nation of 2.8 million were against the annual ritual of adjusting clocks forward by one hour in the spring and then back an hour in the autumn. Proponents of daylight saving time, adopted at the beginning of the 20th century, say the longer evening daylight hours in the summer help save energy and bolster productivity. The European Commission said it was "currently examining the summertime question based on all available evidence."

Faced With Rising Temperatures, People May Seek Asylum ( 210

Europe is already struggling to absorb an influx of refugees from war-torn Syria, Afghanistan, Iraq, and Africa. Germany alone has taken in more than a million people since 2015. This wave of immigration has led to political upheaval, with the rise of right-wing political parties in Germany, Poland, Austria, and Hungary, among others. Now a new study, published in the journal Science, shows that the current surge in refugees may just be a preview of what's to come due in large part to global warming. From a report: At an average growing season temperature of about 68 Fahrenheit, which is the optimum one for agriculture, the number of applications for asylum was lowest. As the average temperature rose, so did the number of people from Somalia, Bangladesh and other warmer climate countries seeking asylum. But when cooler countries -- such as Serbia and Peru -- got warmer, fewer applications were received. The acceptance rate for asylum application to the EU is less than 10%. But when there was a spike in applications tied to weather fluctuations, the admittance rate rose to about 30%, suggesting agencies who evaluate the applicants find their cause worthy.

EU's Top Court Rules That Uber Is a Transportation Company ( 139

Uber is a taxi company, according to a landmark ruling from Europe's highest court. The European Court of Justice (ECJ) ruled Wednesday that the U.S. ride-hailing app is a transportation firm and not a digital company. The verdict is a long-awaited judgment expected to have major implications for how Uber is regulated throughout Europe. From a report: The E.U.'s member countries now have more clarity and authority to regulate Uber as a transportation company (more strictly than as a tech service), though many already do so. As a technology company, Uber would have been protected by E.U. law from certain restrictions by individual countries, and would have required them to notify the commission of any new regulations.

Google's Record Fine of $2.8 Billion Was a 'Deterrent,' EU Says ( 71

The European Union was aiming for a "deterrent effect" on Google and other technology giants when it ordered the Android-maker to pay 2.4 billion euros ($2.8 billion) for breaching antitrust law over how it displays shopping ads. From a report: Regulators weighed "the need to ensure that the fine has a sufficiently deterrent effect not only on Google and Alphabet but also on undertakings of a similar size and with similar resources," the European Commission said in a 215-page document laying out details of its seven-year investigation into the company. The "particularly large" revenue of Google's parent, Alphabet, also determined the size of the fine, the EU said. The penalty, levied in June, was more than double an earlier 1 billion-euro fine on Intel and came with a threat of more daily fines for Google if it didn't comply with an order to offer equal treatment to rival shopping-comparison services. Big numbers for big technology names have been a theme for EU Competition Commissioner Margrethe Vestager, who ordered Apple Inc. to pay back some 13 billion euros in taxes last year.

Google and Facebook 'Must Pay For News' From Which They Make Billions ( 168

Internet giants such as Google and Facebook must pay copyright charges for using news content on their platforms, nine European press agencies said. These giant platforms, news agencies said, make vast profits from news content on their platforms. The call comes at a time when the EU is debating a directive to make Facebook, Google, Twitter and other major players pay for the millions of news articles they use or link to. From a report: "Facebook has become the biggest media in the world," the agencies said in a plea published in the French daily Le Monde. "Yet neither Facebook nor Google have a newsroom... They do not have journalists in Syria risking their lives, nor a bureau in Zimbabwe investigating Mugabe's departure, nor editors to check and verify information sent in by reporters on the ground." The agencies argued, "access to free information is supposedly one of the great victories of the internet. But it is a myth."

Russia-Linked Accounts Were Active on Facebook Ahead of Brexit ( 254

The Russia-linked troll farm that used Facebook to target Americans during last year's election was also active in the UK ahead of the Brexit vote (Editor's note: the link may be paywalled; alternative source), the social media company has admitted. From a report: In a letter to the Electoral Commission, Facebook said accounts associated with the Internet Research Agency spent $0.97 for three ads in the days before the EU referendum. These ads appeared on approximately 200 news feeds in the UK before the country voted to leave the EU last year. For months the social media company has sidestepped questions from MPs and journalists about Russian interference through its platform in the UK. The concerns were fuelled by revelations this summer that Facebook had been weaponised by Russian entities before the election of US President Donald Trump. France and Germany have said their elections were also targeted. "We strongly support the Commission's efforts to regulate and enforce political campaign finance rules in the United Kingdom, and we take the Commission's request very seriously," Facebook said in the letter.

Did Programming Language Flaws Create Insecure Apps? ( 100

Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes: The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi, who says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.


New Satellite Experiment Helps Confirm Einstein's Equivalence Principle ( 71

Part of Einstein's theory of general relativity posits that gravity equals inertial mass -- and for the first time in 10 years, there's new evidence that he's right. Slashdot reader orsayman reports: Most stories around space today seem to revolve around SpaceX, but let's not forget that space is also a place for cool physics experiments. One such experiment currently running into low orbit is the MICROSCOPE satellite launched in 2016 to test the (weak) Equivalence Principle (also knows as the universality of free fall) a central hypothesis in General Relativity.

The first results confirm the principle with a precision ten times better than previous experiments. And it's just the beginning since they hope to increase the precision by another factor of 10. If the Equivalence Principle is still verified at this precision, this could constrain or invalidate some quantum gravity theories. For those of you who are more satellite-science oriented, the satellite also features an innovative "self destruct" mechanism (meant to limit orbit pollution) based on inflatable structures described in this paper.

"The science phase of the mission began in December 2016," reports France's space agency, "and has already collected data from 1,900 orbits, the equivalent of a free fall of 85 million kilometres or half the Earth-Sun distance."

'Process Doppelganging' Attack Bypasses Most Security Products, Works On All Windows Versions ( 126

An anonymous reader quotes a report from Bleeping Computer: Yesterday, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelganging." This new attack works on all Windows versions and researchers say it bypasses most of today's major security products. Process Doppelganging is somewhat similar to another technique called "Process Hollowing," but with a twist, as it utilizes the Windows mechanism of NTFS Transactions.

"The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine," Tal Liberman & Eugene Kogan, the two enSilo researchers who discovered the attack told Bleeping Computer. "Very similar to process hollowing but with a novel twist. The challenge is doing it without using suspicious process and memory operations such as SuspendProcess, NtUnmapViewOfSection. In order to achieve this goal we leverage NTFS transactions. We overwrite a legitimate file in the context of a transaction. We then create a section from the modified file (in the context of the transaction) and create a process out of it. It appears that scanning the file while it's in transaction is not possible by the vendors we checked so far (some even hang) and since we rollback the transaction, our activity leaves no trace behind." The good news is that "there are a lot of technical challenges" in making Process Doppelganging work, and attackers need to know "a lot of undocumented details on process creation." The bad news is that the attack "cannot be patched since it exploits fundamental features and the core design of the process loading mechanism in Windows."
More research on the attack will be published on the Black Hat website in the following days.
The Internet

EU Urges Internet Companies To Do More To Remove Extremist Content ( 79

Internet groups such as Facebook, Google's YouTube and Twitter need to do more to stem the proliferation of extremist content on their platforms, the European Commission said after a meeting on Wednesday. From a report: Social media companies have significantly boosted their resources to take down violent and extremist content as soon as possible in response to growing political pressure from European governments, particularly those hit by militant attacks in recent years. But Julian King, EU security commissioner, said that while a lot of progress had been made, additional efforts were needed. "We are not there yet. We are two years down the road of this journey: to reach our final destination we now need to speed up our work," King said in his closing speech at the third meeting of the EU Internet Forum, which brings together the Commission, EU member states, law enforcement and technology companies. The EU has said it will come forward with legislation next year if it is not satisfied with progress made by tech companies in removing extremist content, while a German online hate speech law comes into effect on Jan. 1.

Apple To Start Paying Ireland the Billions It Owes In Back Taxes ( 124

Last year, Apple was ordered to pay a record sum of 13 billion euros ($14.5 billion) plus interest after the European Commission said Ireland illegally slashed the iPhone maker's tax bill. "But Ireland was rather slow to start collecting that cash, which led the Commission to refer the Irish government to the European Court of Justice in October due to Ireland's non-compliance with the 2016 ruling," reports Engadget. "However, the Wall Street Journal reports today that the country will finally start collecting those billions of dollars owed by Apple and it may start doing so early next year." From the report: Both Apple and Ireland have fought back against the ruling -- Ireland has said that the European Union overstepped its authority and got some of the country's laws wrong while Apple has maintained that the amount it's being told to repay was miscalculated. Both are continuing to appeal the decision and the money will sit in an escrow fund while they do so. Ireland has said that negotiating the terms of that fund is what has held up its collection of the money but the European Commission said that the action it has taken against Ireland for failing to follow the 2016 ruling will proceed until the money is collected in full.

Shouting 'Pay Your Taxes', Activists Occupy Apple Stores in France ( 233

An anonymous reader quotes MarketWatch: A group of global activists stormed and occupied several Apple Stores in France on Saturday in a move aimed at pressuring the company to pay up on a €13 billion ($15.5 billion) tax bill to the European Union. In a press release, the France unit of the Association for the Taxation of Financial Transactions and Citizen's Action organization (Attac), said 100 of its members occupied the Opera Apple Store in Paris, demanding the company pay its taxes... Attac said dozens of protests were organized at other Apple store locations throughout France on Saturday. In the Paris store, activists were seen via videos circulating on Twitter, pushing past security and hanging a banner that said "We will stop when Apple pays." Security in Paris reportedly evacuated Apple workers from the building as those protests began.
After three hours they left the store -- leaving behind protest messages on the iPads on display. The group claims that Apple has stashed $230 billion in tax havens around the world, but also hopes to raise awareness about other issues.

"Attac said the action was part of the #PhoneRevolt movement aimed at highlighting unfair practices by Apple, that are not just about taxes, but also pollution via extraction of metals for its phones, worker exploitation and driving a global consumption binge."

Three Quarters of Android Apps Track Users With Third Party Tools, Says Study ( 46

A study by French research organization Exodus Privacy and Yale University's Privacy Lab analyzed the mobile apps for the signatures of 25 known trackers and found that more than three in four Android apps contain at least one third-party "tracker." The Guardian reports: Among the apps found to be using some sort of tracking plugin were some of the most popular apps on the Google Play Store, including Tinder, Spotify, Uber and OKCupid. All four apps use a service owned by Google, called Crashlytics, that primarily tracks app crash reports, but can also provide the ability to "get insight into your users, what they're doing, and inject live social content to delight them." Other less widely-used trackers can go much further. One cited by Yale is FidZup, a French tracking provider with technology that can "detect the presence of mobile phones and therefore their owners" using ultrasonic tones. FidZup says it no-longer uses that technology, however, since tracking users through simple wifi networks works just as well.

Firms Team Up On Hybrid Electric Plane Technology ( 111

An anonymous reader shares a report: Airbus, Rolls-Royce and Siemens are to develop hybrid electric engine plane technology as part of a push towards cleaner aviation. The E-Fan X programme will first put an electric engine with three jet engines on a BAe 146 aircraft. The firms want to fly a demonstrator version of the plane by 2020, with a commercial application by 2030. Firms are racing to develop electric engines for planes after pressure from the EU to cut aviation pollution. Each of the partners in the programme will be investing tens of millions of pounds, they said on a press call. The firms are developing hybrid technology because fully electric commercial flights are currently out of reach, a spokeswoman said.
Star Wars Prequels

Legislators Take Aim At Star Wars Battlefront II, EA Over 'Gambling In Games' ( 72

dryriver writes: A number of pay-to-win microtransaction FPS games, including Dirty Bomb and the $60 Star Wars Battlefront II, have drawn the ire of legislators in countries like Belgium and the United States. Not only are advanced characters like Luke Skywalker and Darth Vader and various weapons and abilities in these games "locked" -- you pay for them in hard cash, or play for them for dozens and dozens of tedious hours -- the games also feature so called "Loot Boxes," which are boxes that contain a random item, weapon, character or ability. So like playing slot machines in Vegas, each time you can get something good, something mediocre or something totally crap. You cannot determine with any certainty what you will get for your real-world dollars or in-game achievements. Angry Reddit users recently downvoted a blundering statement by EA on the topic with a whopping 249,000 downvotes -- an all time downvote record on Reddit, shocking EA into retreating from its pay-to-win model and announcing unspecified "changes" now being made to Star Wars Battlefront II. Legislators in a number of countries have also sharply criticized "Loot Boxes" and "microtransactions" in games, with one legislator in Belgium vowing to have the sale of such games banned completely in the EU, because children are essentially being forced to "gamble with real money" in these games. Forbes has written a great piece about how EA is now essentially stuck with a $60 Star Wars game that cost a lot to make but probably cannot be monetized any further, because there is considerable risk of all games with loot boxes, microtransactions and "pay to win" monetization models being completely banned from sale in a number of different countries now. The morale of the story? Maybe people should not pay a game developer any more than the $40-60 they paid when they thought they "bought" the game in the first place.

EU Lawmakers Back Exports Control on Spying Technology ( 35

An anonymous reader shares a report: EU lawmakers overwhelmingly backed plans on Thursday to control exports of devices to intercept mobile phone calls, hack computers or circumvent passwords that could be used by foreign states to suppress political opponents or activists. Members of the European Parliament's trade committee voted by 34 votes to one in favor of a planned update to export controls on "dual use" products or technologies. The EU has had export controls since 2009 on such dual use products including toxins, laser and technology for navigation or nuclear power, which can have a civilian or military applications but also be used to make weapons of mass destruction. The EU has felt that spyware or malware and telecom of Internet surveillance technologies are increasingly threatening security and human rights and proposed a modernization of its export control system to cover cyber-surveillance.

EU Agrees To End Country-Specific Limits For Online Retailers ( 72

An anonymous reader shares a report: The European Union has agreed a plan obliging online retailers operating in the bloc to make electrical goods, concert tickets or car rental available to all EU consumers regardless of where they live. Putting an end to "geoblocking", whereby consumers in one EU country cannot buy a good or service sold online in another, has been a priority for the EU as it tries to create a digital single market with 24 legislative proposals. The agreement late on Monday between the European Parliament, the EU's 28 member states and the Commission will allow EU consumers to buy products and services online from any EU country. The agreement applies to e-commerce sites including Amazon and eBay.

New EU Consumer Protection Law Contains a Vague Website Blocking Clause ( 45

An anonymous reader quotes a report from Bleeping Computer: The European Union (EU) has voted on Tuesday, November 14, to pass the new Consumer Protection Cooperation regulation, a new EU-wide applicable law that gives extra power to national consumer protection agencies, but which also contains a vaguely worded clause that also grants them the power to block and take down websites without judicial oversight. The new law "establishes overreaching Internet blocking measures that are neither proportionate nor suitable for the goal of protecting consumers and come without mandatory judicial oversight," Member of the European Parliament Julia Reda said in a speech in the European Parliament Plenary during a last ditch effort to amend the law. "According to the new rules, national consumer protection authorities can order any unspecified third party to block access to websites without requiring judicial authorization," Reda added later in the day on her blog. This new law is an EU regulation and not a directive, meaning its obligatory for all EU states, which do not have to individually adopt it.

Mozilla Might Distrust Dutch Government Certs Over 'False Keys' ( 112

Long-time Slashdot reader Artem Tashkinov quotes BleepingComputer: Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys". If the plan is approved, Firefox will not trust certificates issued by the Staat der Nederlanden (State of the Netherlands) Certificate Authority (CA)...

This new law gives Dutch authorities the powers to intercept and analyze Internet traffic. While other countries have similar laws, what makes this one special is that authorities will have authorization to carry out covert technical attacks to access encrypted traffic. Such covert technical capabilities include the use of "false keys," as mentioned in Article 45 1.b, a broad term that includes TLS certificates.

"Fears arise of mass Dutch Internet surveillance," reads a subhead on the article, citing a bug report which notes, among other things, the potential for man-in-the-middle attacks and the fact that the Netherlands hosts a major internet transit point.

Slashdot Top Deals