DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Security

Wall Street IT Engineer Hacks Employer To See If He'll Be Fired (bleepingcomputer.com) 62

An anonymous reader writes: A Wall Street engineer was arrested for planting credentials-logging malware on his company's servers. According to an FBI affidavit, the engineer used these credentials to log into fellow employees' accounts. The engineer claims he did so only because he heard rumors of an acquisition and wanted to make sure he wouldn't be let go. In reality, the employee did look at archived email inboxes, but he also stole encryption keys needed to access the protected source code of his employer's trading platform and trading algorithms.

Using his access to the company's Unix network (which he gained after a promotion last year), the employee then rerouted traffic through backup servers in order to avoid the company's traffic monitoring solution and steal the company's source code. The employee was caught after he kept intruding and disconnecting another employee's RDP session. The employee understood someone hacked his account and logged the attacker's unique identifier. Showing his total lack of understanding for how technology, logging and legal investigations work, the employee admitted via email to a fellow employee that he installed malware on the servers and hacked other employees.

Government

CIA, FBI Launch Manhunt For WikiLeaks Source (cbsnews.com) 173

An anonymous reader quotes CBS: CBS News has learned that a manhunt is underway for a traitor inside the Central Intelligence Agency. The CIA and FBI are conducting a joint investigation into one of the worst security breaches in CIA history, which exposed thousands of top-secret documents that described CIA tools used to penetrate smartphones, smart televisions and computer systems. Sources familiar with the investigation say it is looking for an insider -- either a CIA employee or contractor -- who had physical access to the material... Much of the material was classified and stored in a highly secure section of the intelligence agency, but sources say hundreds of people would have had access to the material. Investigators are going through those names.
Homeland security expert Michael Greenberger told one CBS station that "My best guest is that when this is all said and done we're going to find out that this was done by a contractor, not by an employee of the CIA."
Biotech

Can Parents Sue If Their Kid Is Born With the 'Wrong' DNA? (gizmodo.com) 240

Long-time reader randomErr quotes Gizmodo: It's a nightmare scenario straight out of a primetime drama: a child-seeking couple visits a fertility clinic to try their luck with in-vitro fertilization, only to wind up accidentally impregnated by the wrong sperm. In a fascinating legal case out of Singapore, the country's Supreme Court ruled that this situation doesn't just constitute medical malpractice. The fertility clinic, the court recently ruled, must pay the parents 30% of upkeep costs for the child for a loss of 'genetic affinity.' In other words, the clinic must pay the parents' child support not only because they made a terrible medical mistake, but because the child didn't wind up with the right genes...

"It's suggesting that the child itself has something wrong with it, genetically, and that it has monetary value attached to it," Todd Kuiken, a senior research scholar with the Genetic Engineering and Society Center at North Carolina State University, told Gizmodo. "They attached damages to the genetic makeup of the child, rather than the mistake. That's the part that makes it uncomfortable. This can take you in all sort of fucked up directions."

Government

WikiLeaks Releases New CIA Secret: Tapping Microphones On Some Samsung TVs (fossbytes.com) 98

FossBytes reports: The whistleblower website Wikileaks has published another set of hacking tools belonging to the American intelligence agency CIA. The latest revelation includes a user guide for CIA's "Weeping Angel" tool... derived from another tool called "Extending" which belongs to UK's intelligence agency MI5/BTSS, according to Wikileaks. Extending takes control of Samsung F Series Smart TV. The highly detailed user guide describes it as an implant "designed to record audio from the built-in microphone and egress or store the data."

According to the user guide, the malware can be deployed on a TV via a USB stick after configuring it on a Linux system. It is possible to transfer the recorded audio files through the USB stick or by setting up a WiFi hotspot near the TV. Also, a Live Liston Tool, running on a Windows OS, can be used to listen to audio exfiltration in real-time. Wikileaks mentioned that the two agencies, CIA and MI5/BTSS made collaborative efforts to create Weeping Angel during their Joint Development Workshops.

Education

EFF Says Google Chromebooks Are Still Spying On Students (softpedia.com) 83

schwit1 quotes a report from Softpedia: In the past two years since a formal complaint was made against Google, not much has changed in the way they handle this. Google still hasn't shed its "bad guy" clothes when it comes to the data it collects on underage students. In fact, the Electronic Frontier Foundation says the company continues to massively collect and store information on children without their consent or their parents'. Not even school administrators fully understand the extent of this operation, the EFF says. According to the latest status report from the EFF, Google is still up to no good, trying to eliminate students privacy without their parents notice or consent and "without a real choice to opt out." This, they say, is done via the Chromebooks Google is selling to schools across the United States.
Botnet

Developer of BrickerBot Malware Claims He Destroyed Over Two Million Devices (bleepingcomputer.com) 87

An anonymous reader writes: In an interview today, the author of BrickerBot, a malware that bricks IoT and networking devices, claimed he destroyed over 2 million devices, but he never intended to do so in the first place. His intentions were to fight the rising number of IoT botnets that were used to launch DDoS attacks last year, such as Gafgyt and Mirai. He says he created BrickerBot with 84 routines that try to secure devices so they can't be taken over by Mirai and other malware. Nevertheless, he realized that some devices are so badly designed that he could never protect them. He says that for these, he created a "Plan B," which meant deleting the device's storage, effectively bricking the device. His identity was revealed after a reporter received an anonymous tip about a HackForum users claiming he was destroying IoT devices since last November, just after BrickerBot appeared. When contacted, BrickerBot's author revealed that the malware is a personal project which he calls "Internet Chemotherapy" and he's "the doctor" who will kill all the cancerous unsecured IoT devices.
Crime

DOJ: Russian 'Superhacker' Gets 27 Years In Prison (thedailybeast.com) 50

According to the Justice Department, a 32-year-old Russian "superhacker" has been sentenced to 27 years in prison for stealing and selling millions of credit-card numbers, causing more than $169 million worth of damages to business and financial institutions. The Daily Beast reports: Roman Valeryevich Seleznev, 32, aka Track2, son of a prominent Russian lawmaker, was convicted last year on 38 counts of computer intrusion and credit-card fraud. "This investigation, conviction and sentence demonstrates that the United States will bring the full force of the American justice system upon cybercriminals like Seleznev who victimize U.S. citizens and companies from afar," said Acting Assistant Attorney General Kenneth Blanco said in a statement. "And we will not tolerate the existence of safe havens for these crimes -- we will identify cybercriminals from the dark corners of the Internet and bring them to justice."
Biotech

Theranos Used Shell Company To Secretly Buy Outside Lab Equipment, Says Report (arstechnica.com) 40

An anonymous reader quotes a report from Ars Technica: On Friday, the Wall Street Journal reported that the company "allegedly misled company directors" regarding its lab tests and used a shell company to buy commercial lab gear. These are just a few of the new revelations made by the Journal, which also include fake demonstrations for potential investors. The new information came from unsealed depositions by 22 former Theranos employees or members of its board of directors. They were deposed by Partner Fund Management LP, a hedge fund currently suing Theranos in Delaware state court. Theranos is also facing multiple lawsuits in federal court in California and Arizona, among others. The Journal, which did not publish the new filings, quoted former Theranos director Admiral Gary Roughead (Ret.), as saying that he was not aware that the company was using "extensive commercial analyzers" until it was reported in the press. The Journal described the filings as "some of the first substantive details to emerge from several court proceedings against the company, though they include only short excerpts from the depositions."
Microsoft

Microsoft Improves Gmail Experience For Windows 10 Insiders, But There Are Privacy Concerns (betanews.com) 68

Reader BrianFagioli writes: Today, Microsoft announced a new Gmail experience for Windows 10. While only available for Windows Insiders as of today, it uses the same concept as the Outlook mobile app, but for the Mail and Calendar apps. Microsoft will provide you with an arguably improved experience as long as you are OK with storing all of your Gmail messages in Microsoft's cloud. What types of features will the new experience offer? Things such as tracking packages, getting updated on your favorite sports teams, and a focused inbox. "To power these new features, we'll ask your permission to sync a copy of your email, calendar and contacts to the Microsoft Cloud. This will allow new features to light up, and changes to update back and forth with Gmail -- such as creation, edit or deletion of emails, calendar events and contacts. But your experience in Gmail.com or apps from Google will not change in any way."
Microsoft

LinkedIn Apologizes For Trying To Connect Everyone In Real Life (vocativ.com) 70

LinkedIn has apologized for a vague new update that told some iPhone users its app would begin sharing their data with nearby users without further explanation. From a report: The update prompted outrage on Twitter after cybersecurity expert Rik Ferguson received a strange alert when he opened the resume app to read a new message: "LinkedIn would like to make data available to nearby Bluetooth devices even when you're not using the app." That gave Ferguson, vice president of research at the cybersecurity firm Trend Micro, a handful of concerns, he told Vocativ. Among them: "the lack of specificity, which data, when, under what conditions, to which devices, why does it need to happen when I'm not using the app, what are the benefits to me, where is the feature announcement and explanation, why wasn't it listed in the app update details." Reached for comment, LinkedIn said it's a mistake -- that some iPhone users were accidentally subject to undeveloped test feature the company is still working on.
Movies

Court Rules Fan Subtitles On TV and Movies Are Illegal (thenextweb.com) 137

A court has just ruled that making fan subtitles or translations is not protected by the law. From a report: A Dutch group called the Free Subtitles Foundation took anti-piracy group BREIN to court over "fansubbing." BREIN has previously been active in taking fan subtitles and translations offline, and the Foundation was hoping a Dutch court would come down on the side of fair use. The court didn't quite see it that way. It ruled that making subtitles without permission from the property owners amounted to copyright infringement. BREIN wasn't unsympathetic, but said it couldn't allow fansubbers to continue doing what they're doing.
Crime

US Prepares Charges To Seek Arrest of WikiLeaks' Julian Assange (cnn.com) 357

An anonymous reader quotes a report from CNN: U.S. authorities have prepared charges to seek the arrest of WikiLeaks founder Julian Assange, U.S. officials familiar with the matter tell CNN. The Justice Department investigation of Assange and WikiLeaks dates to at least 2010, when the site first gained wide attention for posting thousands of files stolen by the former U.S. Army intelligence analyst now known as Chelsea Manning. Prosecutors have struggled with whether the First Amendment precluded the prosecution of Assange, but now believe they have found a way to move forward. During President Barack Obama's administration, Attorney General Eric Holder and officials at the Justice Department determined it would be difficult to bring charges against Assange because WikiLeaks wasn't alone in publishing documents stolen by Manning. Several newspapers, including The New York Times, did as well. The investigation continued, but any possible charges were put on hold, according to U.S. officials involved in the process then.
The U.S. view of WikiLeaks and Assange began to change after investigators found what they believe was proof that WikiLeaks played an active role in helping Edward Snowden, a former NSA analyst, disclose a massive cache of classified documents.
Attorney General Jeff Sessions said at a news conference Thursday that Assange's arrest is a "priority." "We are going to step up our effort and already are stepping up our efforts on all leaks," he said. "This is a matter that's gone beyond anything I'm aware of. We have professionals that have been in the security business of the United States for many years that are shocked by the number of leaks and some of them are quite serious. So yes, it is a priority. We've already begun to step up our efforts and whenever a case can be made, we will seek to put some people in jail." Meanwhile, Assange's lawyer said they have "had no communication with the Department of Justice."
Canada

Canada Rules To Uphold Net Neutrality (www.cbc.ca) 65

According to a new ruling by Canada's telecommunications regulator, internet service providers should not be able to exempt certain types of content, such as streaming music or video, from counting toward a person's data cap. The ruling upholds net neutrality, which is the principle that all web services should be treated equally by providers. CBC.ca reports: "Rather than offering its subscribers selected content at different data usage prices, Internet service providers should be offering more data at lower prices," said Jean-Pierre Blais, chairman of the CRTC in a statement. "That way, subscribers can choose for themselves what content they want to consume." The decision stems from a 2015 complaint against the wireless carrier Videotron, which primarily operates in Quebec. Videotron launched a feature in August of that year, enabling customers to stream music from services such as Spotify and Google Play Music without it counting against a monthly data cap as a way to entice people to subscribe to Videotron's internet service. The decision means that Videotron cannot offer its unlimited music streaming plan to subscribers in its current form -- nor can other internet providers offer similar plans that zero-rate other types of internet content, such as video streaming or social media.
Canada

Subway Sues Canada Network Over Claim Its Chicken Is 50 Percent Soy (yahoo.com) 287

jenningsthecat writes: As reported here back in February, the CBC, (Canada's national broadcaster), revealed DNA test results which indicated the chicken used in Subway Restaurants' sandwiches only contained about 50% chicken. Now, Subway is suing the public broadcaster for $210 million, because "its reputation and brand have taken a hit as a result of the CBC reports." The suit claims that "false statements [...] were published and republished, maliciously and without just cause or excuse, to a global audience, which has resulted in pecuniary loss to the plaintiffs."

Personally, my working assumption here is that the CBC report is substantially correct. It will be interesting to see how the case plays out -- but should this have happened at all? Regulatory agencies here in Canada seem to be pretty good when it comes to inspecting meat processing facilities. Should they also be testing the prepared foods served by major restaurant chains to ensure that claims regarding food content are true and accurate?

Google

Google Home Now Recognizes Specific Users' Voices, Gains Support For Multiple Accounts (phonedog.com) 48

Google has issued a long-awaited feature for Google Home: support for multiple users. In an update rolling out today, up to six people will be able to connect their Google account to a Google Home, and the unit will try to distinguish each person's voice from the other users connected to the device. Therefore, each person will be able to get access to their schedule, playlists, and more. PhoneDog reports: Support for multiple users is rolling out in the U.S. now and will be available in the U.K. in the coming months. To know if the feature is available to you, launch the Google Home app and look for a card that says "Multi-user is available." You can also click the icon in the upper right corner, find your Google Home, and select "Link your account." From there, you'll train the Google Assistant to recognize your voice so that it knows it's you when you're talking and not the other people with connected accounts. You'll say "Ok Google" and "Hey Google" twice each.
Television

FCC Takes First Step Toward Allowing More Broadcast TV Mergers (theverge.com) 70

An anonymous reader quotes a report from The Verge: In a divided vote today, the Federal Communications Commission took steps that could lead to more consolidation among TV broadcasters, reducing the number of sources of local news. Today's changes revolve around the media ownership cap -- a limit on how many households a TV or radio broadcaster is allowed to reach. The rules are meant to promote diversity of media ownership, giving consumers access to different content and viewpoints. The cap currently prevents a company from reaching no more than 39 percent of U.S. households with broadcast TV. Large broadcasters hate the cap because it prevents them from getting even bigger. And since Trump took office and Ajit Pai was named chairman of the FCC, they've been lobbying to have it revised. The FCC's vote today starts to do that. First, it reinstates a rule known as the "UHF discount," which lets broadcasters have a bigger reach in areas where they use a certain type of technology. And second, it starts plans to revisit and raise the media ownership cap.
Security

Mastercard is Building Fingerprint Scanners Directly Into Its Cards (fastcompany.com) 84

Mastercard said on Thursday it's beginning trials of its "next-generation biometric card" in South Africa. In addition to the standard chip and pin, the new cards have a built-in fingerprint reader that the user can use to authenticate every purchase. From a report: Impressively, the new card is no thicker or larger than your current credit and debit cards.
Government

President Trump Misses 90-Day Deadline To Appoint a Cybersecurity Team After Alleged Russian Hacking (politico.com) 330

From a report: President-elect Donald Trump was very clear: "I will appoint a team to give me a plan within 90 days of taking office," he said in January, after getting a U.S. intelligence assessment of Russian interference in last year's elections and promising to address cybersecurity. Thursday, Trump hits his 90-day mark. There is no team, there is no plan, and there is no clear answer from the White House on who would even be working on what. It's the latest deadline Trump's set and missed -- from the press conference he said his wife would hold last fall to answer questions about her original immigration process to the plan to defeat ISIS that he'd said would come within his first 30 days in office. Since his inauguration, Trump's issued a few tweets and promises to get to the bottom of Russian hacking -- and accusations of surveillance of Americans, himself included, by the Obama administration.
China

China To Question Apple About Live-Streaming Apps On App Store That Violate Internet Regulations (theguardian.com) 31

Three Chinese government agencies are planning to tell Apple to "tighten up checks" on live-streaming software offered on its app store, which can be used to violate internet regulation in the country. "Law enforcement officers had already met with Apple representatives over live-streaming services, [state news agency Xinhua reported], but did not provide details of the meetings," reports The Guardian. From the report: The inquiry appears to be focused on third-party apps available for download through Apple's online marketplace. The company did not respond to requests for comment. China operates the world's largest internet censorship regime, blocking a host of foreign websites including Google, Facebook, Twitter and Instagram, but the authorities have struggled to control an explosion in popularity of live-streaming video apps. As part of the inquiry into live-streaming, three Chinese websites -- toutiao.com, huoshanzhibo.com and huajiao.com -- were already found to have violated internet regulations, and had broadcast content that violated Chinese law, including providing "pornographic content," the Xinhua report said. Pornography is banned in China. The three sites were told to increase oversight of live-broadcasting services, user registration and "the handling of tips-offs." Two of the websites, huoshanzhibo.com and huajiao.com, were under formal investigation and may have their cases transferred to the police for criminal prosecutions, the Xinhua report said. Casting a wide net, the regulations state that apps cannot "engage in activities prohibited by laws and regulations such as endangering national security, disrupting social order and violating the legitimate rights and interests of others."
Businesses

Qualcomm Collected Partial iPhone Royalties Despite Legal Battle With Apple (fortune.com) 14

From a report: Qualcomm continued to collect some royalties for Apple's use of its wireless technology in iPhones last year despite dueling lawsuits between the two mobile giants, cheering Qualcomm investors who feared that the payments had entirely dried up. Qualcomm said on Wednesday that Apple's contract manufacturers including Foxconn paid royalties, although they withheld around $1 billion from the undisclosed total amount due. The amount withheld equaled the amount Qualcomm withheld from Apple last year under a separate agreement to cooperate on mobile technology that has since expired.

Slashdot Top Deals