Social Networks

It Looks Like Facebook Is Also Building a Smart Speaker With Touch Screen (techcrunch.com) 14

From a report: Facebook may launch its own smart home gadget to get you messaging more friends and looking at more photos. DigiTimes reports from Taiwan that Facebook is building a 15-inch touch screen smart speaker. Citing sources from the "upstream supply chain", Chinese iPhone manufacturer Pegatron is building the device for a Q1 2018 launch, with a small pilot run having already been produced. It's said to have been designed by Facebook secretive new hardware lab Building 8, using an LG in-cell touch screen with magnesium-aluminum-alloy chassis. While no further details are known about the speaker's functionality, it could potentially extend Facebook's feed of photos and videos plus its dominant messaging platform into the bedroom, living room, or kitchen.
Democrats

Democrats Propose New Competition Laws That Would 'Break Up Big Companies If They're Hurting Consumers' (arstechnica.com) 250

An anonymous reader quotes a report from Ars Technica: Senate and House Democratic leaders today proposed new antitrust laws that could prevent many of the biggest mergers and break up monopolies in broadband and other industries. "Right now our antitrust laws are designed to allow huge corporations to merge, padding the pockets of investors but sending costs skyrocketing for everything from cable bills and airline tickets to food and health care," US Senate Minority Leader Chuck Schumer (D-NY) wrote in a New York Times opinion piece. "We are going to fight to allow regulators to break up big companies if they're hurting consumers and to make it harder for companies to merge if it reduces competition." The "Better Deal" unveiled by Schumer and House Democratic Leader Nancy Pelosi (D-Calif.) was described in several documents that can be found in an Axios story. The plan for "cracking down on corporate monopolies" lists five industries that Democrats say are in particular need of change, specifically airlines, cable and telecom, the beer industry, food, and eyeglasses. The Democrats' plan for lowering the cost of prescription drugs is detailed in a separate document. The Democrats didn't single out any internet providers that they want broken up, but they did say they want to stop AT&T's proposed $85.4 billion purchase of Time Warner: "Consolidation in the telecommunications is not just between cable or phone providers; increasingly, large firms are trying to buy up content providers. Currently, AT&T is trying to buy Time Warner. If AT&T succeeds in this deal, it will have more power to restrict the content access of its 135 million wireless and 25.5 million pay-TV subscribers. This will only enable the resulting behemoths to promote their own programming, unfairly discriminate against other distributors and their ability to offer highly desired content, and further restrict small businesses from successfully competing in the market."
Businesses

Fact-checking and Rumor-dispelling Site Snopes.com Held Hostage By vendor (savesnopes.com) 350

Snopes.com, which began as a small one-person effort in 1994 and has since become one of the Internet's oldest and most popular fact-checking sites, is in danger of closing its doors. From a report: Since our inception, we have always been a self-sustaining site that provides a free service to the online world: we've had no sponsors, no outside investors or funding, and no source of revenue other than that provided by online advertising. Unfortunately, we have been cut off from our historic source of advertising income. We had previously contracted with an outside vendor to provide certain services for Snopes.com. That contractual relationship ended earlier this year, but the vendor will not acknowledge the change in contractual status and continues to essentially hold the Snopes.com web site hostage. Although we maintain editorial control (for now), the vendor will not relinquish the site's hosting to our control, so we cannot modify the site, develop it, or -- most crucially -- place advertising on it. The vendor continues to insert their own ads and has been withholding the advertising revenue from us. Our legal team is fighting hard for us, but, having been cut off from all revenue, we are facing the prospect of having no financial means to continue operating the site and paying our staff (not to mention covering our legal fees) in the meanwhile.
The Military

The US Army Wants Distributed Bot Swarms And An 'Internet of Battlefield Things' (defenseone.com) 89

turkeydance shares a new report about the U.S. Army Research Lab: In the coming months, the Lab will fund new programs related to highly (but not fully) autonomous drones and robots that can withstand adversary electronic warfare operations... A second program called the Internet of Battlefield Things seeks to put to military use "the research that's going on in the commercial space" on distributed sensors and Internet-connected devices... One thrust will be equipping drones and other autonomous systems with bigger brains and better networking so that they can function even when an enemy jams their ability to radio back to a human controller for direction... "When you don't have bandwidth, when you're under cyber attack, when you're being jammed. That's the problem we're trying to address."
The lab's director also says they want "as much processing as possible on the node" so it can continue functioning in "contested environments."
Microsoft

Microsoft Launches A Counterattack Against Russia's 'Fancy Bear' Hackers (thedailybeast.com) 95

Kevin Poulsen writes on the Daily Beast: It turns out Microsoft has something even more formidable than Moscow's malware: Lawyers. Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft's trademarks... Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear... Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like "livemicrosoft[.]net" or "rsshotmail[.]com" that Fancy Bear registers under aliases for about $10 each. Once under Microsoft's control, the domains get redirected from Russia's servers to the company's, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers' network of automated spies. "In other words," Microsoft outside counsel Sten Jenson explained in a court filing last year, "any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server."
Communications

Ask Slashdot: Someone Else Is Using My Email Address 553

periklisv writes: I daily receive emails from adult dating sites, loan services, government agencies, online retailers etc, all of them either asking me to verify my account, or, even worse, having signed me up to their service (especially dating sites), which makes me really uncomfortable, my being a married man with children... I was one of the early lucky people that registered a gmail address using my lastname@gmail.com. This has proven pretty convenient over the years, as it's simple and short, which makes it easy to communicate over the phone, write down on applications etc. However, over the past six months, some dude in Australia (I live in the EU) who happens to have the same last name as myself is using it to sign up to all sorts of services...

I tried to locate the person on Facebook, Twitter etc and contacted a few that seemed to match, but I never got a response. So the question is, how do you cope with such a case, especially nowadays that sites seem to ignore the email verification for signups?

Leave your best answers in the comments. What would you do if someone else started giving out your email address?
Encryption

Let's Encrypt Criticized Over Speedy HTTPS Certifications (threatpost.com) 202

100 million HTTPS certificates were issued in the last year by Let's Encrypt -- a free certificate authority founded by Mozilla, Cisco and the Electronic Frontier Foundation -- and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting? msm1267 shared this article from Kaspersky Lab's ThreatPost blog: [S]ome critics are sounding alarm bells and warning that Let's Encrypt might be guilty of going too far, too fast, and delivering too much of a good thing without the right checks and balances in place. The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls... Critics do not contend Let's Encrypt is responsible for these types of abuses. Rather, because it is the 800-pound gorilla when it comes to issuing basic domain validation certificates, critics believe Let's Encrypt could do a better job vetting applicants to weed out bad actors... "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

Josh Aas, executive director of the Internet Security Research Group, the organization that oversees Let's Encrypt, points out that its role is not to police the internet, rather its mission is to make communications secure. He added that, unlike commercial certificate authorities, it keeps a searchable public database of every single domain it issues. "When people get surprised at the number of PayPal phishing sites and get worked up about it, the reason they know about it is because we allow anyone to search our records," he said. Many other certificate authorities keep their databases of issued certificates private, citing competitive reasons and that customers don't want to broadcast the names of their servers... The reason people treat us like a punching bag is that we are big and we are transparent. "

The criticism intensified after Let's Encrypt announced they'd soon offer wildcard certificates for subdomains. But the article also cites security researcher Scott Helme, who "argued if encryption is to be available to all then that includes the small percent of bad actors. 'I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."
Businesses

Verizon Accused of Throttling Netflix and YouTube, Admits To 'Video Optimization' (arstechnica.com) 52

New submitter dgatwood writes: According to an Ars Technica article, Verizon recently began experimenting with throttling of video traffic. The remarkable part of this story is not that a wireless ISP would throttle video traffic, but rather that Verizon's own Go90 video platform is also affected by the throttling. From the article, "Verizon Wireless customers this week noticed that Netflix's speed test tool appears to be capped at 10Mbps, raising fears that the carrier is throttling video streaming on its mobile network. When contacted by Ars this morning, Verizon acknowledged using a new video optimization system but said it is part of a temporary test and that it did not affect the actual quality of video. The video optimization appears to apply both to unlimited and limited mobile plans. But some YouTube users are reporting degraded video, saying that using a VPN service can bypass the Verizon throttling."
If even Verizon can get on board with throttling sans paid prioritization, why is Comcast so scared of the new laws that are about to go into effect banning it?

Mozilla

The New Firefox and Ridiculous Numbers of Tabs (metafluff.com) 209

An anonymous reader shares a blog post: I've got a Firefox profile with 1691 tabs. As you would expect, Firefox handled this profile quite poorly for a long time. I got used to multi-minute startup time, waiting 15-30 seconds for tabs from external apps to show up, and all manner of non-responsive behavior. And then, quite recently, everything changed. Right now, more effort is being put into making Firefox fast than I've seen since... well, since I've been working on Firefox. And I've been at Mozilla for more than a decade. Part of this effort is a project called Quantum Flow -- a bunch of engineers making changes that directly impact Firefox responsiveness. A lot of the improvement in this particular scenario is from Kevin Jones' work on bringing the overall cost of unloaded tabs as close to zero as possible. While the major work has landed, the work continues in Bug 906076. Test scenario: I took my 1691 tab browser profile, and did a wall-clock measurement of start-up time and memory use for Firefox versions 20, 30, 40, and 50 through 56. In the result, the person found that Firefox startup time has gotten worse over time... until Firefox 51.
Communications

AlphaBay Owner Used Email Address For Both AlphaBay and LinkedIn Profile. 146

BarbaraHudson writes: The Register is reporting that Alexandre Cazes, the 25-year-old Canadian running the dark web site AlphaBay, was using a hotmail address easily connected to him via his Linkdin profile to administer the site. From the report: "[A]ccording to U.S. prosecutors, he used his real email address, albeit a Hotmail address -- Pimp_Alex_91@hotmail.com -- as the administrator password for the marketplace software. As a result, every new user received a welcome email from that address when they signed up to the site, and everyone using its password recovery tool also received an email from that address. However, rather than carefully set up and then abandon that email address, it turns out that Alexandre Cazes -- Pimp Alex -- had been using that address for years. Cazes had also used his Pimp Alex Hotmail address as well as an email address from his own business -- EBX Technologies -- to set up online bank accounts and crypto-currency accounts. How did law enforcement know that Cazes was behind EBX Technologies? It was on his LinkedIn profile."

BarbaraHudson adds: "His laptop wasn't encrypted, so expect more arrests as AlphaBay users are tracked down."
PlayStation (Games)

Sony Using Copyright Requests To Remove Leaked PS4 SDK From the Web (arstechnica.com) 154

An anonymous reader quotes a report from Ars Technica: Sony appears to be using copyright law in an attempt to remove all traces of a leaked PlayStation 4 Software Development Kit (PS4 SDK) from the Web. That effort also seems to have extended in recent days to the forced removal of the mere discussion of the leak and the posting of a separate open source, homebrew SDK designed to be used on jailbroken systems. The story began a few weeks ago, when word first hit that version 4.5 of the PS4 SDK had been leaked online by a hacker going by the handle Kromemods. These SDKs are usually provided only to authorized PS4 developers inside development kits. The SDKs contain significant documentation that, once made public, can aid hackers in figuring out how to jailbreak consoles, create and install homebrew software, and enable other activities usually prohibited by the hardware maker (as we've seen in the wake of previous leaks of PlayStation 3 SDKs). While you can still find reference to the version 4.5 SDK leak on places like Reddit and MaxConsole, threads discussing and linking to those leaked files on sites like GBATemp and PSXhax, for example, appear to have been removed after the fact. Cached versions of those pages show links (now defunct) to download those leaked files, along with a message from KromeMods to "Please spread this as much as possible since links will be taken down... We will get nowhere if everything keeps private; money isn't everything." KromeMods notes on Twitter that his original tweet posting a link to the leaked files was also hit with a copyright notice from Sony.
The Internet

Swedish Rail Firm Approves Trainy McTrainface As Name Following Online Poll (theguardian.com) 88

Those disappointed when Britain rejected the name Boaty McBoatface for a polar research ship should find joy in the name of a new train in Sweden. After a public vote, a Swedish rail operator has vowed to name one of its trains Trainy McTrainface. The Guardian reports: Trainy McTrainface won 49% of the votes in the naming competition, conducted online by train operator MTR Express and Swedish newspaper Metro, beating choices such as Hakan, Miriam and Poseidon. The train will run between the Swedish capital Stockholm and Gothenburg, the country's second-biggest city. MTR said another train had been voted to be named "Glenn," an apparent tribute to an IFK Gothenburg soccer team of the 1980s that featured four players of that name -- uncommon in Sweden -- including Glenn Hysen, who later captained Liverpool.
The Courts

Judge Rules That Government Can Force Glassdoor To Unmask Anonymous Users Online (arstechnica.com) 130

pogopop77 shares a report from Ars Technica: An appeals court will soon decide whether the U.S. government can unmask anonymous users of Glassdoor -- and the entire proceeding is set to happen in secret. Federal investigators sent a subpoena asking for the identities of more than 100 anonymous users of the business-review site Glassdoor, who apparently posted reviews of a company that's under investigation for potential fraud related to its contracting practices. The government later scaled back its demand to just eight users. Prosecutors believe these eight Glassdoor users are "third-party witnesses to certain business practices relevant to [the] investigation." The name of the company under investigation is redacted from all public briefs. Glassdoor made a compromise proposal to the government: it would notify the users in question about the government's subpoena and then provide identifying information about users who were willing to participate. The government rejected that idea. At that point, Glassdoor lawyered up and headed to court, seeking to have the subpoena thrown out. Lawyers for Glassdoor argued that its users have a First Amendment right to speak anonymously. While the company has "no desire to interfere" with the investigation, if its users were forcibly identified, the investigation "could have a chilling effect on both Glassdoor's reviewers' and readers' willingness to use glassdoor.com," states Glassdoor's motion (PDF). The government opposed the motion, though, and prevailed in district court.
Crime

Authorities Take Down Hansa Dark Web Market, Confirm AlphaBay Takedown (bleepingcomputer.com) 40

An anonymous reader writes via Bleeping Computer: Today, in coordinated press releases, the U.S. Department of Justice (DOJ) and Europol announced the takedown of two Dark Web marketplaces -- AlphaBay and Hansa Market. First to fall was the Hansa Market after Dutch officers seized control over their servers located inside one of the country's hosting providers. Dutch Police seized Hansa servers on June 20, but the site was allowed to operate for one more month as officers gathered more evidence about its clientele. The Hansa honeypot received an influx of new users as the FBI shut down AlphaBay on July 5, a day after it took control over servers on July 4. Europol and the FBI say they collected mountains of evidence such as "usernames and passwords of thousands of buyers and sellers of illicit commodities" and "delivery addresses for a large number of orders." FBI Active Director McCabe said AlphaBay was ten times larger than Silk Road, with over 350,000 listings. In opposition, Silk Road, which authorities seized in November 2013, listed a meager 14,000 listings for illicit goods and services at the time authorities took down the service.
Piracy

Game of Thrones Pirates Being Monitored By HBO, Warnings On The Way (torrentfreak.com) 282

HBO is leaving no stones unturned in keeping Game of Thrones' piracy under control. The company is monitoring various popular torrent swarms and sending thousands of warnings targeted at internet subscribers whose connections are used to share the season 7 premiere of the popular TV series, reports TorrentFreak: Soon after the first episode of the new season appeared online Sunday evening, the company's anti-piracy partner IP Echelon started sending warnings targeted at torrenting pirates. The warnings in question include the IP-addresses of alleged BitTorrent users and ask the associated ISPs to alert their subscribers, in order to prevent further infringements. "We have information leading us to believe that the IP address xx.xxx.xxx.xx was used to download or share Game of Thrones without authorization," the notification begins. "HBO owns the copyright or exclusive rights to Game of Thrones, and the unauthorized download or distribution constitutes copyright infringement. Downloading unauthorized or unknown content is also a security risk for computers, devices, and networks." Under US copyright law, ISPs are not obligated to forward these emails, which are sent as a DMCA notification. However, many do as a courtesy to the affected rightsholders. The warnings are not targeted at a single swarm but cover a wide variety of torrents. TorrentFreak has already seen takedown notices for the following files, but it's likely that many more are being tracked.
Businesses

Why is Comcast Using Self-driving Cars To Justify Abolishing Net Neutrality? (theverge.com) 225

Earlier this week, Comcast filed its comments in favor of the FCC's plan to eliminate the 2015 net neutrality rules. While much of the document was devoted to arguments we've heard before -- Comcast believes the current rules are anti-competitive and hurt investment, but generally supports the principles of net neutrality -- one statement stood out. The Verge adds: Buried in the 161-page document was this quirky assertion (emphasis ours): "At the same time, the Commission also should bear in mind that a more flexible approach to prioritization may be warranted and may be beneficial to the public... And paid prioritization may have other compelling applications in telemedicine. Likewise, for autonomous vehicles that may require instantaneous data transmission, black letter prohibitions on paid prioritization may actually stifle innovation instead of encouraging it. In other words, Comcast is arguing for paid prioritization and internet fast lanes to enable self-driving cars to communicate better with other vehicles and their surrounding environment, thus making them a safer and more efficient mode of transportation. The only problem is that autonomous and connected cars don't use wireless broadband to communicate. When cars talk with each other, they do it by exchanging data wirelessly over an unlicensed spectrum called the Dedicated Short Range Communications (DSRC) band, using technology similar to Wi-Fi. The FCC has set aside spectrum in the 5.9GHz band specifically for this purpose, and it is only meant to be used for vehicle-to-everything (V2X) applications. That includes vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-pedestrian (V2P) -- so cars talking to other cars, to traffic signals, to the phone in your pocket... you name it. Soon enough, all cars sold in the US will be required to include V2V technology for safety purposes, if the Department of Transportationâ(TM)s new rule goes into effect.
EU

EU Court to Rule On 'Right to Be Forgotten' Outside Europe (wsj.com) 182

The European Union's top court is set to decide whether the bloc's "right to be forgotten" policy stretches beyond Europe's borders, a test of how far national laws can -- or should -- stretch when regulating cyberspace. From a report: The case stems from France, where the highest administrative court on Wednesday asked the EU's Court of Justice to weigh in on a dispute between Alphabet's Google and France's privacy regulator over how broadly to apply the right (Editor's note: the link could be paywalled; alternative source), which allows EU residents to ask search engines to remove some links from searches for their own names. At issue: Can France force Google to apply it not just to searches in Europe, but anywhere in the world? The case will set a precedent for how far EU regulators can go in enforcing the bloc's strict new privacy law. It will also help define Europe's position on clashes between governments over how to regulate everything that happens on the internet -- from political debate to online commerce. France's regulator says enforcement of some fundamental rights -- like personal privacy -- is too easily circumvented on the borderless internet, and so must be implemented everywhere. Google argues that allowing any one country to apply its rules globally risks upsetting international law and, when it comes to content, creates a global censorship race among autocrats.
Privacy

Ask Slashdot: Is Password Masking On Its Way Out? 234

New submitter thegreatbob writes: Perhaps you've noticed in the last 5 years or so, progressively more entities have been providing the ability to reveal the contents of a password field. While this ability is, in many cases (especially on devices with lousy keyboards), legitimately useful, it does seem to be a reasonable source of concern. Fast forward to today; I was setting up a new router (cheapest dual-band router money can, from Tenda) and I was almost horrified to discover that it does not mask any of its passwords by default. So I ask Slashdot: is password masking really on its way out, and does password masking do anything beyond preventing the casual shoulder-surfer?
Communications

FCC Refuses To Release Text of More Than 40,000 Net Neutrality Complaints (arstechnica.com) 64

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission has denied a request to extend the deadline for filing public comments on its plan to overturn net neutrality rules, and the FCC is refusing to release the text of more than 40,000 net neutrality complaints that it has received since June 2015. The National Hispanic Media Coalition (NHMC) filed a Freedom of Information Act (FoIA) request in May of this year for tens of thousands of net neutrality complaints that Internet users filed against their ISPs. The NHMC argues that the details of these complaints are crucial for analyzing FCC Chairman Ajit Pai's proposal to overturn net neutrality rules. The coalition also asked the FCC to extend the initial comment deadline until 60 days after the commission fully complies with the FoIA request. A deadline extension would have given people more time to file public comments on the plan to eliminate net neutrality rules. Instead, the FCC yesterday denied the motion for an extension and said that it will only provide the text for a fraction of the complaints, because providing them all would be too burdensome.
Security

Should We Ignore the South Carolina Election Hacking Story? (securityledger.com) 138

chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."

Slashdot Top Deals