Learn to Build 14 Websites with 28 Hours of Instruction on HTML, JavaScript, MySQL & More for $14 ×
Government

Kim Jong-Un Bans All Weddings, Funerals And Freedom Of Movement In North Korea (independent.co.uk) 129

An anonymous reader quotes a report from The Independent: Weddings and funerals have been banned and Pyongyang is in lockdown as preparations for a once-in-a-generation party congress get underway in North Korea. The ruling Worker's Party of Korea, headed by the country's leader, Kim Jong-un, is due to stage the first gathering of its kind for 36 years on Friday. Free movement in and out of the capital has also been forbidden and there has been an increase in inspections and property searches, according to Daily NK, which claims to have sources in the country. The temporary measures are said to be an attempt to minimize the risk of "mishaps" at the event, according to Cheong Joon-hee, a spokesman at South Korea's Unification Ministry. Meanwhile, North Korea has been conducting missile tests left and right, many of which have failed miserably.
AI

Self-Driving Features Could Lead To More Sex In Moving Cars, Expert Warns (www.cbc.ca) 181

An anonymous reader writes: According to CBC.ca, "At least one expert is anticipating that, as the so-called 'smart' cars get smarter, there will eventually be an increase in an unusual form of distracted driving: hanky-panky behind the wheel." Barrie Kirk of the Canadian Automated Vehicles Centre of Excellence said, "I am predicting that, once computers are doing the driving, there will be a lot more sex in cars. That's one of several things people will do which will inhibit their ability to respond quickly when the computer says to the human, 'Take over.'" Federal officials, who have been tasked with building a regulatory framework to govern driverless cars, highlighted their concerns in briefing notes compiled for Transport Minister Marc Garneau. "Drivers tend to overestimate the performance of automation and will naturally turn their focus away from the road when they turn on their auto-pilot," said the note. The Tesla autopilot feature has been receiving the most criticism as there have been many videos posted online showing Tesla drivers engaged in questionable practices, including reading a newspaper or brushing their teeth.
EU

Greenpeace Leaks Big Part Of Secret TTIP Documents (bbc.com) 83

An anonymous reader writes: The environmental group Greenpeace has obtained 248 pages of classified documents from the Transatlantic Trade and Investment Partnership (TTIP) trade talks. The group warns EU standards on the environment and public health risk being undermined by compromises with the US, specifically that US corporations may erode Europe's consumer protections. The TTIP would "harmonize regulations across a huge range of business sectors, providing a boost to exporters on both sides of the Atlantic," writes the BBC. After the Greenpeace leak was published, EU Trade Commissioner Cecilia Malmstroem said in her blog, "I am simply not in the business of lowering standards." Meanwhile, Greenpeace EU director Jorgo Riss said, "These leaked documents confirm what we have been saying for a long time: TTIP would put corporations at the center of policy-making, to the detriment of environment and public health." You can be the judge for yourself. The leaked documents are available for download here.
Encryption

Without Encryption, Everything Stops, Says Snowden (thehill.com) 113

An anonymous reader writes about Snowden's appearance on a debate with CNN's Fareed Zakaria: Edward Snowden defended the importance of encryption, calling it the "backbone of computer security." He said, "Encryption saves lives. Encryption protects property. Without it, our economy stops. Our government stops. Everything stops. Our intelligence agencies say computer security is a bigger problem than terrorism, than crime, than anything else," he noted. "[...] Lawful access to any device or communication cannot be provided to anybody without fatally compromising the security of everybody."
Music

Audiophile Torrent Site What.CD Fully Pwnable Thanks To Wrecked RNG (theregister.co.uk) 103

Reader mask.of.sanity writes: Users of popular audiophile torrent site What.CD can make themselves administrators to completely compromise the private music site and bypass its notorious download ratio limits thanks to the use of the mt_rand function for password resets, a researcher has found. From the report (edited and condensed):What.CD is the world's most popular high quality music private torrent site that requires its users to pass an interview testing their knowledge of audio matters before they are granted an account. Users must maintain a high upload to download ratio to continue to download from the site. [...] "I reported it a year ago, and they acknowledged it but said 'don't worry about it,'" said New-Zealand-based independent security researcher who goes by the alias ss23.
Bitcoin

Craig Wright Claims He's Satoshi Nakamoto, the Creator Of Bitcoin 141

Australian entrepreneur Craig Wright has put an end to the years-long speculation about the creator of Bitcoin. In an interview with the BBC, The Economist (may have a paywall), and GQ, Wright claimed that he is indeed the person who developed the concepts on which Bitcoin cryptocurrency is built. According to the BBC, Mr. Wright provided "technical proof to back up his claim using coins known to be owned by Bitcoin's creator." Wright writes in a blog post: [A]fter many years, and having experienced the ebb and flow of life those years have brought, I think I am finally at peace with what he meant. If I sign Craig Wright, it is not the same as if I sign Craig Wright, Satoshi[...] Since those early days, after distancing myself from the public persona that was Satoshi, I have poured every measure of myself into research. I have been silent, but I have not been absent. I have been engaged with an exceptional group and look forward to sharing our remarkable work when they are ready. Satoshi is dead. But this is only the beginning. According to Wright's website, he is a "computer scientist, businessman and inventor" born in Brisbane, Australia, in October 1970. Some have questioned the authenticity and relevance of the "technical proof" Wright has provided. Nik Cubrilovic, an Australian former hacker and leading internet security blogger, wrote, "I don't believe for a second Wright is Satoshi. I know two people who worked with Wright, characterized him as crazy and schemer/charlatan." Michele Spagnuolo, Information Security Engineer at Google added, "He's not Satoshi. He just reused a signed message (of a Sartre text) by Satoshi with block 9 key as 'proof.'"
Crime

The Government Wants Your Fingerprint To Unlock Phones (dailygazette.com) 218

schwit1 quotes this report from the Daily Gazette: "As the world watched the FBI spar with Apple this winter in an attempt to hack into a San Bernardino shooter's iPhone, federal officials were quietly waging a different encryption battle in a Los Angeles courtroom. There, authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home. The phone contained Apple's fingerprint identification system for unlocking, and prosecutors wanted access to the data inside it.

It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work. The Glendale case and others like it are forcing courts to address a basic question: How far can the government go to obtain biometric markers such as fingerprints and hair?"

Government

US Spy Court Didn't Reject a Single Government Surveillance Request In 2015 (zdnet.com) 91

schwit1 shares news from ZDNet's security blog: In more than three decades years, the FISA Court has only rejected 12 requests. A secret court that oversees the US government's surveillance requests accepted every warrant that was submitted last year, according to new figures.The Washington DC.-based Foreign Intelligence Surveillance Court received 1,457 requests from the National Security Agency and the Federal Bureau of Investigation to intercept phone calls and emails. In long-standing fashion, the court did not reject a single warrant, entirely or in part.

The FBI also issued 48,642 national security letters, a subpoena-like power that compels a company to turn over data on national security grounds without informing the subject of the letter. The memo said the majority of these demands sought data on foreigners, but almost one-in-five were requests for data on Americans.

It'll be interesting to see if the numbers go down any in 2016, since in November the court appointed five new lawyers to push back against government requests. Meanwhile, a new report shows an increase in the number of government requests to Facebook about their users, more than half of which contained a non-disclosure order prohibiting Facebook from notifying those users.
Microsoft

Amazon Beats Microsoft In 'The Battle of Seattle' (usatoday.com) 108

An anonymous reader writes: Yesterday Amazon CEO Jeff Bezos earned $5 billion in one afternoon when the company's stock price jumped 9.6%. Amazon reported an actual profit of $513 million (nearly double the amount expected), and next year Amazon's sales are projected by analysts to be 63% higher than Microsoft's, which USA Today calls "a good illustration of how growth in the sector has moved from hardware, software and chip companies to Internet firms selling goods or advertising online... [W]hile Bill Gates helped put Seattle area on the map as a U.S. tech hub, Bezos now runs the largest tech company in the State of Washington, by far, in terms of sales."

Amazon's Echo and Alexa devices are believed to be outselling their Kindles (and Alexa will soon make her first appearance on a non-Amazon device). But Amazon attributed their surprise jump in revenue to a 51% annual increase in the "tens of millions" of subscribers paying for their Amazon Prime shipping service (which in San Francisco now even includes delivery from restaurants), as well as a 64% increase from their AWS cloud service, which recently announced a new automated security assessment tool.

Amazon ultimately reported more than twice as much new business as Google and three times as much as Facebook, according to USA Today, which notes that now of all the tech companies, only Apple has more revenue than Amazon, and because of the jump in their stock price, Jeff Bezos is now the fourth-richest person in the world. But with all that money floating around, Seattle tech blogger Jeff Reifman is now wondering why Amazon's local home delivery vehicles in Seattle seem to be operating with out of state plates.
Security

Malware Taps Windows' 'God Mode' 114

Reader wiredmikey writes: Researchers at McAfee have discovered a piece of malware dubbed "Dynamer" that is taking advantage of a Windows Easter Egg -- or a power user feature, as many see it -- called "God Mode" to gain persistency (warning: annoying popup ads) on an infected machine. God Mode, as many of you know, is a handy tool for administrators as it is essentially a shortcut to accessing the operating system's various control settings. Dynamer malware is abusing the function by installing itself into a folder inside of the %AppData% directory and creating a registry run key that persists across reboots. Using a "com4" name, Windows considers the folder as being a device, meaning that the user cannot easily delete it. Given that Windows treats the folder "com4" folder differently, Windows Explorer or typical console commands are useless when attempting to delete it.Fortunately, there's a way to remove it. McAfee writes: Fortunately, there is a way to defeat this foe. First, the malware must be terminated (via Task Manager or other standard tools). Next, run this specially crafted command from the command prompt (cmd.exe): > rd "\\.\%appdata%\com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}" /S /Q.
Security

Berkeley Researchers Examine Five Worst-Case Security Nightmares (berkeley.edu) 22

An anonymous reader writes: Berkeley researchers have gamed out five worst-case security scenarios at their Center for Long-Term Cybersecurity, calling it "a disciplined, imaginative approach to modeling what cybersecurity could mean in the future...to provoke a discussion about what the cybersecurity research and policy communities need to do now in order to be better positioned..." Two of the scenarios are set in 2020 -- one called "The New Normal" imagining a world were users assume their personal information can no longer be kept safe, and another involving the privacy and security implications in a world where hackers lurk undetected on a now-ubiquitous Internet of Things.

"Our goal is to identify emerging issues that will become more important..." they write in an executive summary, including "issues on the table today that may become less salient or critical; and new issues that researchers and decision-makers a few years from now will have wished people in the research and policy communities had noticed -- and begun to act on -- earlier.

Scenario #2 imagines a super-intelligent A.I. which can predict and even manipulate the behavior of individuals, and scenario #3 involves criminals exploiting valuable data sets -- and data scientists -- after an economic collapse.
Security

Slack To Disable Thousands of Logins Leaked on GitHub (detectify.com) 27

An anonymous reader writes: Thursday one technology site reported that thousands of developers building bots for the team-collaboration tool Slack were exposing their login credentials in public GitHub repositories and tickets. "The irony is that a lot of these bots are mostly fun 'weekend projects', reported Detectify. "We saw examples of fit bots, reminding you to stretch throughout the day, quote bots, quoting both Jurassic Park...and Don Quixote...."

Slack responded that they're now actively searching for publicly-posted login credentials, "and when we find any, we revoke the tokens and notify both the users who created them, as well as the owners of affected teams." Detectify notes the lapse in security had occurred at a wide variety of sites, including "Forbes 500 companies, payment providers, multiple internet service providers and health care providers... University classes at some of the world's best-known schools. Newspapers sharing their bots as part of stories. The list goes on and on..."

Democrats

White House Releases Report On How To Spur Smart-Gun Technology (computerworld.com) 308

Lucas123 writes: A report commissioned by the White House involving the Defense, Justice and Homeland Security Departments has begun a process to define, for the first time, the requirements that manufacturers would need to meet for federal, state, and municipal law enforcement agencies to consider purchasing firearms with "smart" safety technology. They've committed to completing that process by October, and will also identify agencies interested in taking part in a pilot program to develop the smart gun technology. The DoD will help manufacturers test smart guns under "real-world conditions" at the U.S. Army Aberdeen Test Center in Maryland. Manufacturers would be eligible to win cash prizes through that program as well. In addition to spurring the adoption of smart gun technology, the report stated that the Social Security Administration has published a proposed rule that would require individuals prohibited from buying a gun due to mental health issues to be included in a background check system.
Iphone

FBI Bought $1M iPhone 5C Hack, But Doesn't Know How It Works (theguardian.com) 76

An anonymous reader writes: The FBI has no idea how the hack used in unlocking the San Bernardino shooter's iPhone 5C works, but it paid a sum less than $1m for the mechanism, according to a report. Reuters, citing several U.S. government sources, note that the government intelligence agency didn't pay a value over $1.3m for purchasing the hack from professional hackers, as previously reported by many outlets. The technique can also be used as many times as needed without further payments, the report adds. The FBI director, James Comey, said last week that the agency paid more to get into the iPhone 5C than he will make in the remaining seven years and four months he has in his job, suggesting the hack cost more than $1.3m, based on his annual salary.
Security

GCHQ Has Disclosed Over 20 Vulnerabilities This Year (vice.com) 29

Joseph Cox, reporting for Motherboard: Earlier this week, it emerged that a section of Government Communications Headquarters (GCHQ), the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen individual vulnerabilities in the past few months, including in highly popular pieces of software like iOS. "So far in 2016 GCHQ/CESG has disclosed more than 20 vulnerabilities across a number of software products," a GCHQ spokesperson told Motherboard in an email. CESG, or the National Technical Authority for Information Assurance, is the information security wing of GCHQ. Those issues include a kernel vulnerability in OS X El Captain v10.11.4, the latest version, that would allow arbitrary code execution, and two in iOS 9.3, one of which would have done largely the same thing, and the other could have let an application launch a denial of service attack.
Security

US Toy Maker Maisto's Website Pushes Ransomware (pcworld.com) 26

An anonymous reader shares a PCWorld article: Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files. [...] Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption toolto add support for CryptXXX affected files. The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.
Government

Supreme Court Gives FBI More Hacking Power (theintercept.com) 174

An anonymous reader cites an article on The Intercept (edited and condensed): The Supreme Court on Thursday approved changes that would make it easier for the FBI to hack into computers, many of them belonging to victims of cybercrime. The changes, which will take immediate effect in December unless Congress adopts competing legislation, would allow the FBI go hunting for anyone browsing the Internet anonymously in the U.S. with a single warrant. Previously, under the federal rules on criminal procedures, a magistrate judge couldn't approve a warrant request to search a computer remotely if the investigator didn't know where the computer was -- because it might be outside his or her jurisdiction. The rule change would allow a magistrate judge to issue a warrant to search or seize an electronic device if the target is using anonymity software like Tor."Unbelievable," said Edward Snowden. "FBI sneaks radical expansion of power through courts, avoiding public debate." Ahmed Ghappour, a visiting professor at University of California Hastings Law School, has described it as "possibly the broadest expansion of extraterritorial surveillance power since the FBI's inception."
Communications

The Critical Hole At the Heart Of Our Cell Phone Networks (wired.com) 32

An anonymous reader writes: Kim Zetter from WIRED writes an intriguing report about a vulnerability at the heart of our cell phone networks. It centers around Signaling System No. 7 (SS7), which refers to a data network -- and the protocols or rules that govern how information gets exchanged over it. Zetter writes, "It was designed in the 1970s to track and connect landline calls across different carrier networks, but is now commonly used to calculate cellular billing and send text messages, in addition to routing mobile and landline calls between carriers and regional switching centers. SS7 is part of the telecommunications backbone but is not the network your voice calls go through; it's a separate administrative network with a different function." According to WIRED, the problem is that SS7 is based on trust -- any request a telecom receives is considered legitimate. In addition to telecoms, government agencies, commercial companies and criminal groups can gain access to the network. Most attacks can be defended with readily available technologies, but more involved attacks take longer to defend against. T-Mobile and ATT have vulnerabilities with fixes that have yet to be implemented for example.
Earth

All Belgians To Be Given Iodine Pills In Case Of Nuclear Accident (phys.org) 192

mdsolar quotes a report from Phys.Org: Belgium is to provide iodine pills to its entire population of around 11 million people to protect against radioactivity in case of a nuclear accident, the health minister was quoted as saying Thursday. The move comes as Belgium faces growing pressure from neighboring Germany to shutter two ageing nuclear power plants near their border due to concerns over their safety. Iodine pills, which help reduce radiation build-up in the human thyroid gland, had previously only been given to people living within 20 kilometres (14 miles) of the Tihange and Doel nuclear plants. Health Minister Maggie De Block was quoted by La Libre Belgique newspaper as telling parliament that the range had now been expanded to 100 kilometers, effectively covering the whole country. The health ministry did not immediately respond to AFP when asked to comment. The head of Belgium's French-speaking Green party, Jean-Marc Nollet, backed the measures but added that "just because everyone will get these pills doesn't mean there is no longer any nuclear risk," La Libre reported. Belgium's creaking nuclear plants have been causing safety concerns for some time after a series of problems ranging from leaks to cracks and an unsolved sabotage incident. Yesterday, a nuclear plant in Germany was reportedly infected with a computer virus.
Encryption

Top Security Experts Say Anti-Encryption Bill Authors Are 'Woefully Ignorant' (dailydot.com) 90

blottsie writes from a report on the Daily Dot: In a Wall Street Journal editorial titled "Encryption Without Tears," Sens. Richard Burr and Dianne Feinstein pushed back on widespread condemnation of their Compliance with Court Orders Act, which would require tech companies to provide authorities with user data in an "intelligible" format if served with a warrant. But security experts Bruce Schneir, Matthew Green, and others say the lawmakers entirely misunderstand the issue. "On a weekly basis we see gigabytes of that information dumped to the Internet," Green told the Daily Dot. "This is the whole problem that encryption is intended to solve." He added: "You can't hold out the current flaws in the Internet as a justification for why the Internet shouldn't be made secure." "These criticisms of Burr and Feinstein's analogy emphasize an important point about digital security: The differences between the levels of encryption protecting certain types of data -- purchase records on Amazon's servers versus photos on an iPhone, for example -- lead to different levels of risk," writes Eric Geller of the Daily Dot.

Slashdot Top Deals