Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

43 Million Weebly and 22 Million Foursquare Accounts Stolen ( 15

LeakedSource is reporting that the web design platform Weebly was hacked in February, affecting more than 43 million accounts. They have also reported a smaller hack involving 22.5 million Foursquare accounts, which were compromised in December 2013. TechCrunch: "We do not believe that any customer website has been improperly accessed," Weebly said in the notice to users. The company also said that it does not store credit card information, making fraudulent charges unlikely. LeakedSource said it received the Weebly database from an anonymous source and notified Weebly of the breach. In addition to the customer notification emails, LeakedSource claims that password resets are being issued -- but, if you're a Weebly user and you don't receive a password reset, you probably want to change your password anyway. Meanwhile, LeakedSource also identified data from Foursquare, claiming that 22.5 million accounts were compromised in December 2013. The social media company disputes the findings, claiming that email addresses were simply cross-referenced with publicly available data from Foursquare. The data includes emails, usernames and Facebook and Twitter IDs, which could have been scraped from Foursquare's API or search.

Half of American Adults Are In a Face-Recognition Database ( 64

An anonymous reader quotes a report from Ars Technica: Half of American adults are in a face-recognition database, according to a Georgetown University study released Wednesday. That means there's about 117 million adults in a law enforcement facial-recognition database, the study by Georgetown's Center on Privacy and Technology says. The report (PDF), titled "The Perpetual Line-up: Unregulated Police Face Recognition in America," shows that one-fourth of the nation's law enforcement agencies have access to face-recognition databases, and their use by those agencies is virtually unregulated. Where do the mug shots come from? For starters, about 16 states allow the FBI to use facial recognition to compare faces of suspected criminals to their driver's licenses or ID photos, according to the study. "In this line-up," the study says, "it's not a human that points to the suspect -- it's an algorithm." The study says 26 states or more allow police agencies to "run or request searches" against their databases or driver's licenses and ID photos. This equates to "roughly one in two American adults has their photos searched this way," according to the study. Many local police agencies also insert mug shots of people they arrest into searchable, biometric databases, according to the report. According to the report, researchers obtained documents stating that at least five "major police departments," including those in Chicago, Dallas, and Los Angeles, "either claimed to run real-time face recognition off of street cameras, bought technology that can do so, or expressed an interest in buying it." The Georgetown report's release comes three months after the U.S. Government Accountability Office (GAO) concluded that the FBI has access to as many as 411.9 million images as part of its face-recognition database. The study also mentioned that the police departments have little oversight of their databases and don't audit them for misuse: "Maryland's system, which includes the license photos of over two million residents, was launched in 2011. It has never been audited. The Pinellas Country Sheriff's Office system is almost 15 years old and may be the most frequently used system in the country. When asked if his office audits searches for misuse, Sheriff Bob Gualtieri replied, "No, not really." Despite assurances to Congress, the FBI has not audited use of its face recognition system, either. Only nine of 52 agencies (17%) indicated that they log and audit their officers' face recognition searchers for improper use. Of those, only one agency, the Michigan State Police, provided documentation showing that their audit regime was actually functional."
The Internet

Anti-Defamation League and Pepe the Frog's Creator Are Teaming Up To Save Pepe From Hate-Symbol Status ( 378

An anonymous reader quotes a report from Business Insider: Matt Furie, the creator of the widely known "Pepe the Frog" meme, is joining forces with the Anti-Defamation League to reclaim the symbol from the alt-right and make it a "force for good," according to a press release. Furie and the ADL plan to start a social-media campaign by creating "a series of positive Pepe memes and messages" and promoting them with the hashtag #SavePepe, according to the release. The ADL declared "Pepe the Frog" to be a hate symbol in late September. "It's completely insane that Pepe has been labeled a symbol of hate, and that racists and anti-Semites are using a once peaceful frog-dude from my comic book as an icon of hate," Furie said in a column for Time magazine. While fiercely condemning the "racist and fringe groups" that use Pepe to propagate divisive views, Furie said Pepe was meant to "celebrate peace, togetherness, and fun." The meme, which originated from a 2005 cartoon, has been hijacked by the alt-right movement in the past several months. Members of the movement have used the meme to convey often racist and anti-Semitic messages. The messages prompted the ADL to add Pepe to its "Hate on Display" database, which documents anti-Semitic hate symbols. According to the ADL's press release on the #SavePepe campaign, Furie will speak at its "Never Is Now" summit against anti-Semitism on November 17 in New York City. The panel will focus specifically on online hate campaigns. Furie published a new Pepe cartoon on Monday detailing his "alt-right election nightmare," which depicts a sad Pepe morphing into a frog that resembles Donald Trump and then a monster. Pepe appears trapped in the mouth of the monster. The next panel depicts a nuclear explosion. Pepe then awakes and hides under his mattress.

4Chan Hackers Claim To Have Remotely Wiped John Podesta's iPhone and iPad ( 269

An anonymous reader writes from a report via Gizmodo: For the past several days, WikiLeaks has been publishing thousands of emails belonging to Clinton campaign chairman John Podesta -- and the leaks are starting to cause some serious damage. Gizmodo reports: "Many of the leaked emails contained contact info, cell phone numbers, and account data, none of which was redacted by Wikileaks before being posted. With this information accessible to anyone with the time and energy to read through it all, users on 4chan's /pol/ (politically incorrect) board were able to gain access to Podesta's Twitter account, tweeting a message in support of Trump. Imageboard posters also stumbled on an email containing Podesta's Apple ID -- and appear to have exploited it. 'iPad/iPhone info and data wiped out,' a post on Endchan claimed, show screenshots of what seems to be the hacker gaining access to Find My iPhone using Podesta's credentials. If Podesta's Apple ID was compromised, it stands to reason that his iCloud account was similarly vulnerable. And sure enough, Redditor's on r/The_Donald claim Podesta's iCloud data was downloaded. A hacker known as CyberZeist also appears to have uncovered the passwords to dozens of senators' email addresses, as well as social security numbers and credit card info for many Democrats including Vice President Joe Biden, Senate Minority Leader Harry Reid, House Minority Leader Nancy Pelosi, and acting Chair of the DNC Donna Brazile. The information was posted to pastebin.

Yahoo Patents Smart Billboard That Would Deliver Targeted Ads To Passersby or Motorists ( 131

An anonymous reader writes: Yahoo has filed a patent for advertising billboards outfitted with a wide array of sensors -- including drone-based cameras -- which would use facial and vehicle recognition, data brokers, cell-tower information and social network information to attempt to identify worthwhile advertising targets and aim personalized ads at them as they pass on foot or in cars. The scheme, which was submitted on October 6th, anticipates using the same kind of micro-auction processes that currently determine which ads users see in webpages and mobile apps. The implementation of public ad-targeting brings up some fascinating and chilling prospects, as users find that the ads which "bloom" around them betray much about their private lives. Yahoo provides an example via its patent application: "According to one example, a digital billboard adjacent a busy freeway might be instrumented with or located near traffic sensors that detect information about the context of the vehicles approaching the billboard, e.g., the number and average speed of the vehicles. Such information might be used in conjunction with information about the time of day and/or the day of the week (e.g., Monday morning rush hour) to select advertisements for display that would appeal to an expected demographic and to display the advertisements for durations that are commensurate with the level of traffic congestion." The patent application also mentions how it will gather required information from individuals: "Various types of data (e.g., cell tower data, mobile app location data, image data, etc.) can be used to identify specific individuals in an audience in position to view advertising content. Similarly, vehicle navigation/tracking data from vehicles equipped with such systems could be used to identify specific vehicles and/or vehicle owners. Demographic data (e.g., as obtained from a marketing or user database) for the audience can thus be determined for the purpose of, for example, determining whether and/or the degree to which the demographic profile of the audience corresponds to a target demographic."

Netflix Now Only Has 31 Movies From IMDB's Top 250 List ( 181

According to Streaming Observer News, the quality and quantity of Netflix's movie library has declined over the last two years when cross-referenced with IMDB's Top 250 movies list. From the report: Well, it's a pretty common fact at this point that Netflix's library is shrinking. Of course, what Netflix needs to do as it shrinks its licensed movie library is make sure that movies it does have are good ones. But according to our analysis, it's going backwards, unfortunately. A while back we noticed a post from this Reddit member who, two years ago, cross-referenced the IMDB (Internet Movie Database) top 250 movies list with Netflix's movie library to find out how many of the top movies Netflix carried. When u/clayton_frisbie posted his list on Reddit, Netflix had 49 of the Top 250 movies on the IMDB list. That's just under 20 percent, which isn't terrible. But we wondered how that number has held up over the last two years in the face of a quickly shrinking library. So we reran the analysis. How many of the top 250 movies does Netflix now have? As of September 2016, that number has dropped to 31, or about 12 percent. [You can view the list via Streaming Observer News.]

US Military Is Looking At Blockchain Technology To Secure Nuclear Weapons ( 62

Lasrick quotes a report from Quartz: Blockchain technology has been slow to gain adoption in non-financial contexts, but it could turn out to have invaluable military applications. DARPA, the storied research unit of the U.S. Department of Defense, is currently funding efforts to find out if blockchains could help secure highly sensitive data, with potential applications for everything from nuclear weapons to military satellites. The report adds: "The case for using a blockchain boils down to a concept in computer security known as 'information integrity.' That's basically being able to track when a system or piece of data has been viewed or modified. In DARPA's case, blockchain tech could offer crucial intelligence on whether a hacker has modified something in a database, or whether they're surveilling a particular military system. This September, DARPA, which stands for Defense Advanced Research Projects Agency (the agency helped create the internet, among other things), awarded a $1.8 million contract to a computer security firm called Galois. The firm's assignment is to formally verify -- a sort of computer-code audit, using mathematics -- a particular type of blockchain tech supplied by a company called Guardtime. Formal verification is one way to build nearly unhackable code, and it's a big part of DARPA's approach to security. If the verification goes well, it could inch DARPA closer to using some form of blockchain technology for the military, DARPA's program manger behind the blockchain effort, Timothy Booher, said. 'We're certainly thinking through a lot of applications,' he says. 'As Galois does its verification work and we understand at a deep level the security properties of this [technology] then I would start to set up a series of meetings [with the rest of the agency] to start that dialog.'"

Facebook, Instagram, Twitter Block Tool For Cops To Surveil You On Social Media ( 80

On Tuesday, the American Civil Liberties Union (ACLU) of California announced that, after the organization obtained revealing documents through public records access requests, Facebook and Instagram have cut off data access to a company that sells surveillance products for law enforcement. Twitter has also curbed the surveillance product's access. Motherboard reports: The product, called Geofeedia, is used by law enforcement to monitor social media on a large scale, and relies on social media sites' APIs or other means of access. According to one internal email between a Geofeedia representative and police, the company claimed their product "covered Ferguson/Mike Brown nationally with great success," in reference to the fatal police shooting of a black teenager in Missouri in 2014, and subsequent protests. "Our location-based intelligence platform enables hundreds of organizations around the world to predict, analyze, and act based on real-time social media signals," the company's website reads. According to the ACLU, Instagram provided Geofeedia access to its API; Facebook gave access to a data feed called the Topic Feed API, which presents users with a ranked list of public posts; and Twitter provided Geofeedia, through an intermediary, with searchable access to its database of public tweets. Instagram and Facebook terminated Geofeedia's access on September 19, and Twitter announced on Tuesday that it had suspended Geofeedia's commercial access to Twitter data.

New Study Suggests There's a Limit To How Long People Can Live ( 290

Life expectancies have risen in many countries around the world thanks to breakthroughs in medical treatment and sanitation in the last century. The maximum age of death has also increased. But as these numbers continue to rise, it raises the question as to how long can people live? ABC News reports: The record for the world's oldest person is 122 years and the odds of shattering that record are slim, according to an analysis published Wednesday in the journal Nature. In the new study, researchers [at the Albert Einstein College of Medicine in New York] analyzed mortality data from a global database. They found that while there have been strides in reducing deaths among certain groups -- children, women during childbirth and the elderly -- the rate of improvement was slower for the very old, those over 100 years old. Next they examined how old centenarians were when they died. The record holder is Jeanne Calment, of France, who lived until 122 years old. Since her death in 1997, no one has broken her record. The researchers calculated the odds of someone reaching 125 years in a given year are less than 1 in 10,000. They think the human life span more likely maxes out at 115 years. Some aging specialists said the study doesn't take into account advances that have been made in extending the life span -- and health -- of certain laboratory animals including mice, worms and flies through genetic manipulation and other techniques. The goal is to eventually find treatments that might slow the aging process in humans and keep them healthier longer.

BuzzFeed Hacked By OurMine As Group Accuses Site of Publishing 'Fake News' ( 27

BuzzFeed has become the latest website to be compromised by hackers. A number of stories on the website have been vandalized by hackers in what appears a retaliation for a story that claimed to expose a member of their group. The hacker group, which calls itself OurMine, changed titles of several BuzzFeed posts to note that the website has been hacked. There's another note left by hackers which says "share fake news about us again." From a report: Several stories on have been affected, with The Drum receiving the below message on a link that was meant to contain a news feature. The hackers warned BuzzFeed that it has the media owner's "database," adding: "Next Time it will be public. Don't fuck with OurMine again." The group has claimed responsibility for several high-profile hacks over the past 12 months including security breaches which saw them access the accounts of Facebook chief Mark Zuckerberg, Google boss Sundar Pichai and former Twitter head Dick Costolo. Some Twitter users were reporting that hacking outfit's message had appeared on "dozens" of articles on BuzzFeed, but the site appears to have dealt with the cyber attack quite quickly.

Guccifer 2.0 Dumps a Bunch of Clinton Foundation Donor Data ( 404

The hacker Guccifer 2.0 today released a large database of information reportedly stolen from the Clinton Foundation. The dump, Engadget reports, includes names, addresses, and emails of both individuals and corporate donors as well as their contribution amounts. From the report: This, of course, isn't the first time Guccifer or his friends at Wikileaks and the Kremlin have attempted to subvert the US political process during this election cycle. Just last month Guccifer released Democratic Vice Presidential nominee, Tim Kaine's personal cell phone number. What's more, nearly half of the country's state voter registration systems have recently come under cyberattack, according to the DHS, though the FBI has not yet determined if those breaches originated in Russia. There are also a number of unanswered questions regarding Republican nominee, Donald Trump's, connection to these attacks. Four House Democrats recently demanded that the FBI investigate the nominee after he "jokingly" suggested that Russia find and release the 33,000 emails reportedly missing from Hillary Clinton's private email server.

Yahoo Insiders Believe Hackers Could Have Stolen Over 1 Billion Accounts ( 125

An anonymous reader quotes a report from Business Insider: The actual tally of stolen user accounts from the hack Yahoo experienced could be much larger than 500 million, according to a former Yahoo executive familiar with its security practices. The former Yahoo insider says the architecture of Yahoo's back-end systems is organized in such a way that the type of breach that was reported would have exposed a much larger group of user account information. To be sure, Yahoo has said that the breach affected at least 500 million users. But the former Yahoo exec estimated the number of accounts that could have potentially been stolen could be anywhere between 1 billion and 3 billion. According to this executive, all of Yahoo's products use one main user database, or UDB, to authenticate users. So people who log into products such as Yahoo Mail, Finance, or Sports all enter their usernames and passwords, which then goes to this one central place to ensure they are legitimate, allowing them access. That database is huge, the executive said. At the time of the hack in 2014, inside were credentials for roughly 700 million to 1 billion active users accessing Yahoo products every month, along with many other inactive accounts that hadn't been deleted. In late 2013, Yahoo CEO Marissa Mayer said the company had 800 million monthly active users globally. It currently has more than 1 billion.

The Yahoo Hackers Weren't State-Sponsored, Security Firm Says ( 34

itwbennett writes from a report via CSO Online: After Yahoo raised eyebrows in the security community with its claim that state-sponsored hackers were responsible for the history-making breach, security firm InfoArmor now says it has evidence to the contrary. InfoArmor claims to have acquired some of the stolen information as part of its investigation into "Group E," a team of five professional hackers-for-hire believed to be from Eastern Europe. The database that InfoArmor has contains only "millions" of accounts, but it includes the users' login IDs, hashed passwords, mobile phone numbers and zip codes, said Andrew Komarov, InfoArmor's chief intelligence officer. Earlier this week, Chase Cunningham, director of cyber operations at security provider A10 Networks, called Yahoo's claim of state-sponsored actors a convenient, if trumped up, excuse: "If I want to cover my rear end and make it seem like I have plausible deniability, I would say 'nation-state actor' in a heartbeat." "Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations," Scottsdale, Arizona-based InfoArmor said Wednesday in a report. "The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur."

OVH Hosting Suffers From Record 1Tbps DDoS Attack Driven By 150K Devices ( 116

MojoKid writes: If you thought that the massive DDoS attack earlier this month on Brian Krebs' security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH. OVH was the victim of a wide-scale DDoS attack that was carried via a network of over 152,000 IoT devices. According to OVH founder and CTO Octave Klaba, the DDoS attack reached nearly 1 Tbps at its peak. Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs. Many of these devices have improperly configured network settings, which leaves them ripe for the picking for hackers that would love to use them to carry out destructive attacks.The DDoS peaked at 990 Gbps on September 20th thanks to two concurrent attacks, and according to Klaba, the original botnet was capable of a 1.5 Tbps DDoS attack if each IP topped out at 30 Mbps. This massive DDoS campaign was directed at Minecraft servers that OHV was hosting. Octave Klaba / Oles tweeted: "Last days, we got lot of huge DDoS. Here, the list of 'bigger that 100Gbps' only. You can the simultaneous DDoS are close to 1Tbps!"

As We Speak, Teen Social Site Is Leaking Millions Of Plaintext Passwords ( 126

Dan Goodin, reporting for ArsTechnica: A social hangout website for teenage girls has sprung a leak that's exposing plaintext passwords protecting as many as 5.5 million user accounts. As this post went live, all attempts to get the leak plugged had failed. Operators of i-Dressup didn't respond to messages sent by Ars informing them that a hacker has already downloaded more than 2.2 million of the improperly stored account credentials. The hacker said it took him about three weeks to obtain the cache and that there's nothing stopping him or others from downloading the entire database of slightly more than 5.5 million entries. The hacker said he acquired the e-mail addresses and passwords by using a SQL injection attack that exploited vulnerabilities in the i-Dressup website. The hacker provided the 2.2 million account credentials both to Ars and breach notification service Have I Been Pwned?. By plugging randomly selected e-mail addresses into the forgotten password section of i-Dressup, both Ars and Have I Been Pwned? principal Troy Hunt found that they all were used to register accounts on the site. Ars then used the contact us page on i-Dressup to privately notify operators of the vulnerability, but more than five days later, no one has responded and the bug remains unfixed.

California Enacts Law Requiring IMDb To Remove Actor Ages On Request ( 319

California Gov. Jerry Brown on Saturday signed legislation that requires certain entertainment sites, such as IMDb, to remove -- or not post in the first place -- an actor's age or birthday upon request, reports Hollywood Reporter. From the report: The law, which becomes effective Jan. 1, 2017, applies to entertainment database sites that allow paid subscribers to post resumes, headshots or other information for prospective employers. Only a paying subscriber can make a removal or nonpublication request. Although the legislation may be most critical for actors, it applies to all entertainment job categories. "Even though it is against both federal and state law, age discrimination persists in the entertainment industry," Majority Leader Ian Calderon, D-Whittier, said in a statement. "AB 1687 provides the necessary tools to remove age information from online profiles on employment referral websites to help prevent this type of discrimination."Bloomberg columnist, Shira Ovide said, "Congratulations, IMDB. You have now become the subject of California law." Slate writer Will Oremus added, "Sometimes I start to think California is not such a bad place and then they go and do something like this."

California Launches Mandatory Data Collection For Police Use-of-Force ( 117

An anonymous Slashdot reader quotes the AP: All 800 police departments in California must begin using a new online tool launched Thursday to report and help track every time officers use force that causes serious injuries... The tool, named URSUS for the bear on California's flag, includes fields for the race of those injured and the officers involved, how their interaction began and why force was deemed necessary.

"It's sort of like TurboTax for use-of-force incidents," said Justin Erlich, a special assistant attorney general overseeing the data collection and analysis. Departments must report the data under a new state law passed last November. Though some departments already tracked such data on their own, many did not... "As a country, we must engage in an honest, transparent, and data-driven conversation about police use of force," California Attorney General Kamala Harris said in a news release.

It's an open source tool developed by Bayes Impact, and California plans to share the code with other interested law enforcement agencies across the country. Only three other states currently require their police departments to track data about use-of-force incidents, "but their systems aren't digital, and in Colorado's case, only capture shootings."
The Almighty Buck

Accenture Patents a Blockchain-Editing Tool ( 87

A blockchain "produces a permanent ledger of transactions with which no one can tamper," reports TechWeekEurope. "Until now." Slashdot reader Mickeycaskill quotes their report: One of the core principles of Blockchain technology has potentially been undermined by the creation of an editing tool. The company responsible however, Accenture, says edits would only be carried out "under extraordinary circumstances to resolve human errors, accommodate legal and regulatory requirements, and address mischief and other issues, while preserving key cryptographic features..."

Accenture's move to create an editing system will no doubt be viewed by some technology observers as a betrayal of what blockchain technology is all about. But the company insisted it is needed, especially in the financial services industry... "The prototype represents a significant breakthrough for enterprise uses of blockchain technology particularly in banking, insurance and capital markets," said Accenture.

They're envisioning "permissioned" blockchain systems, "managed by designated administrators under agreed governance rules," while acknowledging that cyptocurrency remains a different environment where "immutable" record-keeping would still be essential.

Guccifer 2.0 Releases More DNC Documents ( 333

For the past several months, the hacker who calls himself "Guccifer 2.0" has been releasing documents about the Democratic National Committee. Today, he has released a new hoard of documents. Politico reports: The hacker persona Guccifer 2.0 has released a new trove of documents that allegedly reveal more information about the Democratic National Committee's finances and personal information on Democratic donors, as well as details about the DNC's network infrastructure. The cache also includes purported memos on tech initiatives from Democratic vice presidential nominee Tim Kaine's time as governor of Virginia, and some years-old missives on redistricting efforts and DNC donor outreach strategy. Most notable among Tuesday's documents may be the detailed spreadsheets allegedly about DNC fundraising efforts, including lists of DNC donors with names, addresses, emails, phone numbers and other sensitive details. Tuesday's documents regarding the DNC's information technology setup include several reports from 2010 purporting to show that the committee's network passed multiple security scans. In total, the latest dump contains more than 600 megabytes of documents. It is the first Guccifer 2.0 release to not come from the hacker's WordPress account. Instead, it was given out via a link to the small group of security experts attending [a London cybersecurity conference].

World Anti-Doping Agency Says It Was Hacked By Russia ( 97

The World Anti-Doping Agency (WADA) is accusing Russian state-sponsored hackers of hacking its database of athletes involved in this year's Olympic Games in Rio. Whether it's in response to the WADA banning 119 Russian athletes from participating in the games due to a doping scandal, it has yet to be determined. The Verge reports: The agency claims the state-sponsored group Fancy Bear is behind the attack, although it doesn't clarify how that attribution was made. The accessed data included medical information, like Therapeutic Use Exemptions issued by International Sports Federations and National Anti-Doping Organizations. The group has reportedly released some of this data and threatened to release more. The attackers reportedly relied on spear phishing emails to gain access to the database and eventually used credentials specifically made for the Rio Olympic games. Fancy Bear was the same group responsible for hacking the Democratic National Committee earlier this year.

Slashdot Top Deals