Check out the brand new SourceForge HTML5 speed test! Test your internet connection now. Works on all devices. ×
Databases

2 Million-Person Terror Database Leaked Online (thestack.com) 16

An anonymous reader writes from a report via The Stack: A 2014 version of the World-Check database containing more than 2.2 million records of people with suspected terrorist, organized crime, and corruption links has been leaked online. The World-Check database is administered by Thomson-Reuters and is used by 4,500 institutions, 49 of the world's 50 largest banks and by over 300 government and intelligence agencies. The unregulated database is intended for use as "an early warning system for hidden risk" and combines records from hundreds of terror and crime suspects and watch-lists into a searchable resource. Most of the individuals in the database are unlikely to know that they are included, even though it may have a negative impact on their ability to use banking services and operate a business. A Reddit user named Chris Vickery says he obtained a copy of the database, saying he won't reveal how until "a later time." To access the database, customers must pay an annual subscription charge, that can reach up to $1 million, according to Vice, with potential subscribers then vetted before approval. Vickery says he understands that the "original location of the leak is still exposed to the public internet" and that "Thomas Reuters is working feverishly to get it secured." He told The Register that he alerted the company to the leak, but is still considering whether to publish the information contained in it.
Advertising

Google's My Activity Reveals How Much It Knows About You (theguardian.com) 76

An anonymous reader writes: Google has released a new section to Google's account settings, called My Activity, which lets users review everything that Google has tracked about their online behavior -- search, YouTube, Chrome, Android, and every other Google service. Best of all, users can edit or delete their tracked behaviors. In addition, the My Activity tools come with new ad preferences. Google is now offering to use its behavioral information to tailer ads shown across the wider non-Google internet and Google's search pages, which until now was purely done through the use of cookies. The difference between Google and other companies that offer ads like Facebook is that Google is making this interest-based advertising extension optional, or opt-in, not opt-out. There are two separate behavioral advertising settings for users to switch on or off: signed in ads and signed out ads. Signed in ads are those on Google services, and signed out ads are those served by Google on third-party sites. However, if you're conscious about your privacy, you'll probably want to stay opted out.
Facebook

Facebook Wins Belgian Court Appeal Over Storing Non-User Data (bloomberg.com) 21

Stephanie Bodoni, and Aoife White reporting for Bloomberg Technology (condensed):Facebook won an appeal against a Belgian privacy ruling that prompted the social network to prevent people without an account from accessing its site within the country. The Brussels Court of Appeal said the nation's data protection authority couldn't prevent Facebook from storing data from non-users in a fight over measures the technology giant says help it combat hacking attacks. "Belgian courts don't have international jurisdiction over Facebook Ireland, where the data concerning Europe is processed," the Brussels court of appeal said in a ruling Wednesday, referring to the company's European headquarters. The court also said there was no urgency to rule on the case since Belgian court proceedings only started in mid-2015 over behavior that started in 2012. Facebook is appealing a ruling that ordered it to stop storing data from people who don't have an account with the social network, or face a 250,000 euro ($277,800) daily fine. Willem Debeuckelaere, president of the Belgian data protection commission, said last year that Facebook's "disrespectful" treatment of users' personal data, without their knowledge, "needs tackling." Facebook said it can now start showing its pages to Belgians who aren't signed up to its service.
AI

Satya Nadella Explores How Humans and AI Can Work Together To Solve Society's Greatest Challenges (geekwire.com) 115

In an op-ed for Slate, Microsoft CEO Satya Nadella has shared his views on AI, and how humans could work together with this nascent technology to do great things. Nadella feels that humans and machines can work together to address society's greatest challenges, including diseases and poverty. But he admits that this will require "a bold and ambition approach that goes beyond anything that can be achieved through incremental improvements to current technology," he wrote. You can read the long essay here. GeekWire has summarized the principles and goals postulated by Nadella. From the article:AI must be designed to assist humanity.
AI must be transparent.
AI must maximize efficiencies without destroying the dignity of people.
AI must be designed for intelligent privacy.
AI needs algorithmic accountability so humans can undo unintended harm.
AI must guard against bias.
It's critical for humans to have empathy.
It's critical for humans to have education.
The need for human creativity won't change.
A human has to be ultimately accountable for the outcome of a computer-generated diagnosis or decision.

Medicine

Micro-Camera Can Be Injected With A Syringe -- May Pose Surveillance Concerns (phys.org) 54

Taco Cowboy quotes a report from ABC Online: German engineers have created a camera no bigger than a grain of salt that could change the future of health imaging -- and clandestine surveillance. Using 3D printing, researchers from the University of Stuttgart built a three-lens camera, and fit it onto the end of an optical fiber the width of two hairs. Such technology could be used as minimally-intrusive endoscopes for exploring inside the human body, the engineers reported in the journal Nature Photonics. The compound lens of the camera is just 100 micrometers (0.1 millimeters) wide, and 120 micrometers with its casing. It could also be deployed in virtually invisible security monitors, or mini-robots with "autonomous vision." The compound lens can also be printed onto image sensor other than optical fibers, such as those used in digital cameras. The researchers said it only took a few hours to design, manufacture and test the camera, which yielded "high optical performances and tremendous compactness." They believe the 3D printing method -- used to create the camera -- may represent "a paradigm shift."
Security

US Healthcare Records Offered For Sale Online 86

An anonymous reader writes:Three U.S. healthcare organisations are reportedly being held to ransom by a hacker who stole data on hundreds of thousands of patients. The hacker has also put the 650,000 records up for sale on dark web markets where stolen data is traded. Prices for the different databases range from $100,000 to $411,000. Buyers have already been found for some of the stolen data, the hacker behind the theft told news site Motherboard. No information about the size of the ransom payment sought by the data thief has emerged, although he did say it was "a modest amount compared to the damage that will be caused to the organisations when I decide to publicly leak the victims."
China

China Tells App Developers To Increase User Monitoring 47

An anonymous reader writes: The Cyberspace Administration of China has imposed new regulation for the mobile app community, requiring that developers keep a close watch over users and keep a record of their activities. However, the proposed legislation would also prevent apps from requesting unnecessary access to users' contacts, camera, microphone and other spurious installation requests. The regulator introduced the new laws in the name of cracking down on illegal use of mobile platforms for the distribution of pornography, fraud and the spread of 'malicious' content.
Facebook

Facebook Backtracks, Now Says It Is Not Using Your Phone's Location To Suggest Friends 93

A report on Fusion on Monday, which cited a number of people, claimed that Facebook was using its users' phone location to suggest people to them. The publication also noted the privacy implications of this supposed feature. At the time of publishing, Facebook had noted that location was indeed one of the signals it looks into when suggesting new friends. But the social juggernaut has since backtracked on its statement with new assurances that it is not using anyone's location. In a statement to Slashdot, the company said:We're not using location data, such as device location and location information you add to your profile, to suggest people you may know. We may show you people based on mutual friends, work and education information, networks you are part of, contacts you've imported and other factors.
Government

US Customs Wants To Know Travelers' Social Media Account Names (helpnetsecurity.com) 364

Orome1 quotes a report from Help Net Security: The U.S. Customs and Border Protection agency has submitted a request to the Office of Management and Budget, asking for permission to collect travelers social media account names as they enter the country. The CBP, which is part of the U.S. Department of Homeland Security, proposes that the request "Please enter information associated with your online presence -- Provider/Platform -- Social media identifier" be added to the Electronic System for Travel Authorization (ESTA) and to the CBP Form I-94W (Nonimmigrant Visa Waiver Arrival/Departure). "It will be an optional field to request social media identifiers to be used for vetting purposes, as well as applicant contact information," the CBP noted. "Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case." The public and affected agencies are asked to comment on the request within 60 days of its publication. Commenters are asked to send their comments to this address.
The Courts

President Obama Should Pardon Edward Snowden Before Leaving Office (theverge.com) 377

An anonymous reader writes from a report via The Verge: Ever since Edward Snowden set in motion the most powerful public act of whistleblowing in U.S. history, he has been living in exile in Russia from the United States. An article in this week's New York Magazine looks at how Snowden may have a narrow window of opportunity where President Obama could pardon him before he leaves office. Presumably, once he leaves office, the chances of Snowden being pardoned by Hillary Clinton or Donald Trump are miniscule. Obama has said nothing in the past few years to suggest he's interested in pardoning Snowden. Not only would it contradict his national security policy, but it will severely alienate the intelligence community for many years to come. With that said, anyone who values a free and secure internet believes pardoning Snowden would be the right thing to do. The Verge reports: "[Snowden] faces charges under the Espionage Act, which makes no distinction between delivering classified files to journalists and delivering the same files to a foreign power. For the first 80 years of its life, it was used almost entirely to prosecute spies. The president has prosecuted more whistleblowers under the Espionage Act than all president before him combined. His Justice Department has vastly expanded the scope of the law, turning it from a weapon against the nation's enemies to one that's pointed against its own citizens. The result will be less scrutiny of the nation's most powerful agencies, and fewer forces to keep them in check. With Snowden's push for clemency, the president has a chance to complicate that legacy and begin to undo it. It's the last chance we'll have."
Facebook

Facebook Is Using Your Phone's Location To Suggest New Friends (fusion.net) 139

Fusion's Kashmir Hill is reporting that Facebook is using your phone's location to suggest new friends. It's unclear exactly when the social juggernaut began doing this, but a number of instances suggest it only started recently. From the report:Last week, I met a man who suspected Facebook had tracked his location to figure out who he was meeting with. He was a dad who had recently attended a gathering for suicidal teens. The next morning, he told me, he opened Facebook to find that one of the anonymous parents at the gathering popped up as a "person you may know." [...] "People You May Know are people on Facebook that you might know," a Facebook spokesperson said. "We show you people based on mutual friends, work and education information, networks you're part of, contacts you've imported and many other factors." One of those factors is smartphone location. A Facebook spokesperson said though that shared location alone would not result in a friend suggestion, saying that the two parents must have had something else in common, such as overlapping networks.While this feature could be useful in some cases, many may -- and they should -- see it as a big invasion of their privacy -- Hill has succinctly explained a number of them.
Security

Google CEO Sundar Pichai's Quora Account Hacked (thenextweb.com) 24

Google CEO Sundar Pichai is the latest high-profile victim of a hacking group called OurMine. Earlier today, the group managed to get hold of Pichai's Quota account, which in turn, gave them access to his Twitter feed as well. In a statement to The Next Web, the group said that their intention is to just test people's security, and that they never change the victim's passwords. Looking at the comments they left after hacking Pichai's account, it is also clear that OurMine is promoting its security services. The same group recently also hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts.
Government

As It Searches For Suspects, The FBI May Be Looking At You (technologyreview.com) 90

schwit1 quotes the MIT Technology Review: The FBI has access to nearly 412 million photos in its facial recognition system—perhaps including the one on your driver's license. But according to a new government watchdog report, the bureau doesn't know how error-prone the system is, or whether it enhances or hinders investigations.

Since 2011, the bureau has quietly been using this system to compare new images, such as those taken from surveillance cameras, against a large set of photos to look for a match. That set of existing images is not limited to the FBI's own database, which includes some 30 million photos. The bureau also has access to face recognition systems used by law enforcement agencies in 16 different states, and it can tap into databases from the Department of State and the Department of Defense. And it is in negotiations with 18 other states to be able to search their databases, too...

Adding to the privacy concerns is another finding in the GAO report: that the FBI has not properly determined how often its system makes errors and has not "taken steps to determine whether face recognition systems used by external partners, such as states and federal agencies, are sufficiently accurate" to support investigations.

Government

IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System (engadget.com) 104

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected "automated attacks taking place at an increasing frequency," adding that only "a small number" of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it... If you'll recall, identity thieves used malware to steal taxpayers' info from other websites, which was then used to generate 100,000 PINs, back in February... This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack... the agency determined that it would be safer to give up on a verification method that's scheduled for the chopping block anyway.
Security

Crypto Ransomware Attacks Have Jumped 500% In The Last Year (onthewire.io) 36

Kaspersky Lab is reporting that the last year saw a 500% increase in the number of users who encountered crypto ransomware. Trailrunner7 shares an article from On The Wire: Data compiled by Kaspersky researchers from the company's cloud network shows that from April 2015 to March 2016, the volume of crypto ransomware encountered by users leapt from 131,111 to 718,536. That's a massive increase, especially considering the fact that ransomware is a somewhat mature threat. It didn't just burst onto the scene a couple of years ago. Kaspersky's researchers said the spike in crypto ransomware can be attributed to a small group of variants. "Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware..."

It's difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.

Enterprise targets now account for 13% of ransomware attacks, with attackers typically charging tens of thousands of dollars, the article reports, and "Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy."
Communications

Why You Should Stop Using Telegram Right Now (gizmodo.com) 67

Earlier this week, The Intercept evaluated the best instant messaging clients from the privacy standpoint. The list included Facebook's WhatsApp, Google's Allo, and Signal -- three apps that employ end-to-end encryption. One popular name that was missing from the list was Telegram. A report on Gizmodo sheds further light on the matter, adding that Telegram is riddled with a wide range of security issues, and "doesn't live up to its proclamations as a safe and secure messaging application." Citing many security experts, the report states:One major problem Telegram has is that it doesn't encrypt chats by default, something the FBI has advocated for. "There are many Telegram users who think they are communicating in an encrypted way, when they're not because they don't realize that they have to turn on an additional setting," Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. "Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if it's not turned on by default, it doesn't matter."The other issue that security experts have taken a note of is that Telegram employs its own encryption, which according to them, "is widely considered to be a fatal flaw when developing encrypted messaging apps." The report adds:"They use the MTproto protocol which is effectively homegrown and I've seen no proper proofs of its security," Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. "At present we don't know enough to know if it's secure or insecure. That's the trouble with security by obscurity. It's usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn't write your own crypto. No one really understands why they did that."The list goes on and on.
Security

NASCAR Team Pays Ransomware Fee To Recover Files Worth $2 Million (softpedia.com) 58

An anonymous reader writes: "NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1,500 man-hours to replicate," reports Softpedia. "The infection took place on the computer belonging to CSLFR's crew chief. Winston's staff detected the infection when encrypted files from Winston's computer began syncing to their joint Dropbox account." It was later discovered that he was infected with the TeslaCrypt ransomware. Because the team had no backups of the crucial data, they eventually paid the ransom (around $500). This happened before TeslaCrypt's authors decided to shut down their operations and release free decryption keys.
AI

Apple Won't Collect Your Data For Its AI Services Unless You Let It (recode.net) 35

Apple doesn't like collecting your data. This is one of iPhone maker's biggest selling points. But this approach has arguably acted as a major roadblock for Apple in its AI and bots efforts. With iOS 10, the latest version of company's mobile operating system, Apple announced that it will begin collecting a range of new information as it seeks to make Siri and iPhone as well as other apps and services better at predicting the information its owner might want at a given time. Apple announced that it will be collecting data employing something called differential privacy. The company wasn't very clear at the event, which caused confusion among many as to what data Apple is exactly collecting. But now it is offering more explanation. Recode reports:As for what data is being collected, Apple says that differential privacy will initially be limited to four specific use cases: New words that users add to their local dictionaries, emojis typed by the user (so that Apple can suggest emoji replacements), deep links used inside apps (provided they are marked for public indexing) and lookup hints within notes. Apple will also continue to do a lot of its predictive work on the device, something it started with the proactive features in iOS 9. This work doesn't tap the cloud for analysis, nor is the data shared using differential privacy.Additionally, Recode adds that Apple hasn't yet begun collecting data, and it will ask for a user's consent before doing so. The company adds that it is not using a users' cloud-stored photos to power its image recognition feature.
Communications

Piracy Phishing Scam Targets US ISPs and Subscribers (torrentfreak.com) 20

According to a report on TorrentFreak, an elaborate piracy phishing operating is tageting US ISPs and subscribers. Scammers are reportedly masquerading as anti-piracy company IP-Echelon and rightholders such as Lionsgate to send fake DMCA notices and settlement demands to ISPs. From the report:TorrentFreak was alerted to a takedown notice Lionsgate purportedly sent to a Cox subscriber, for allegedly downloading a pirated copy of the movie Allegiant. Under threat of a lawsuit, the subscriber was asked to pay a $150 settlement fee. This request is unique as neither Lionsgate nor its tracking company IP-Echelon is known to engage in this practice. When we contacted IP-Echelon about Lionsgate's supposed settlement offer, we heard to our surprise that these emails are part of a large phishing scam, which has at least one large ISPs fooled. "The notices are fake and not sent by us. It's a phishing scam," IP-Echelon informed TorrentFreak. For a phishing scam the fake DMCA notice does its job well. At first sight the email appears to be legit, and for Cox Communications it was real enough to forward it to their customers.U.S. law enforcement has been notified and is currently investigating the matter.
Businesses

Russia Lawmakers Pass Spying Law That Requires Encryption Backdoors, Call Surveillance (dailydot.com) 109

A bill that was proposed recently in the Russian Duma to make cryptographic backdoors mandatory in all messaging apps, has passed. Patrick Howell O'Neill, reports for DailyDot:A massive surveillance bill is now on its way to becoming law in Russia. The "anti-terrorism" legislation includes a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost. Additionally, all internet firms have to provide mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB. The bill, with support from the ruling United Russia party, passed Friday in the Duma, Russia's lower legislative house, with 277 votes for, 148 against, and one abstaining. It now moves to Russia's Federal Council and the Kremlin, where it's expected to pass into law.

Slashdot Top Deals