Government

Vietnam's Internet is in Trouble (wapo.st) 83

The World Post: Vietnamese authorities have harped of late on the urgency of fighting cybersecurity threats and "bad and dangerous content." Yet the fight against either "fake news" or misinformation in Vietnam must not be used as a smoke screen for stifling dissenting opinions and curtailing freedom of speech [The link may be paywalled]. Doing so would only further stoke domestic cynicism in a country where the sudden expansion of space for free and open discussion has created a kind of high-pressure catharsis online. Other countries, including democratic states, are also scrambling to rein in toxic information online. But while Germany, for example, specifically targets hate speech and other extremist messaging that directly affects the masses, Vietnamese leaders are more fixated on content deemed detrimental to their own reputation and the survival of the regime.

The ruling Communist Party of Vietnam has repeatedly urged Facebook and Google to block "toxic" information that it said slandered and defamed Vietnamese leaders. Google sort of conformed by removing more than such 5,000 clips; Facebook also flagged about 160 anti-government accounts at the behest of the government.

Piracy

Flight Sim Company Embeds Malware To Steal Pirates' Passwords (torrentfreak.com) 176

TorrentFreak: Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.
The Courts

Man, Seeking New Copy of Windows 7 After Forced Windows 10 Upgrade, Sues Microsoft (bleepingcomputer.com) 296

Catalin Cimpanu, writing for BleepingComputer: An Albuquerque man has sued Microsoft and its CEO -- Satya Nadella -- seeking a fresh copy of Windows 7 or $600 million in damages. According to a civil complaint filed last week on February 14, Frank K. Dickman Jr. of Albuquerque, New Mexico, is suing Microsoft because of a botched forced Windows 10 upgrade. "I own a ASUS 54L laptop computer which has an OEM license for Windows Version 7," Dickman's claim reads. "The computer was upgraded to Windows Version 10 and became non-functional immediately. The upgrade deleted the cached, or backup, version of Windows 7." Dickman says that the laptop's original OEM vendor is "untrustworthy," hence, he cannot obtain a legitimate copy of Windows 7 to downgrade his laptop.
IBM

IBM Sues Microsoft's New Chief Diversity Officer To Protect Diversity Trade Secrets (geekwire.com) 177

theodp writes: GeekWire reports that IBM has filed suit against longtime exec Lindsay-Rae McIntyre, alleging that her new position as Microsoft's chief diversity officer violates a year-long non-compete agreement, allowing Microsoft to use IBM's internal secrets to boost its own diversity efforts. A hearing is set for Feb. 22, but in the meantime, a U.S. District Judge has temporarily barred McIntyre from working at Microsoft. "IBM has gone to great lengths to safeguard as secret the confidential information that McIntyre possesses," Big Blue explained in a court filing, citing its repeated success (in 2012, 2013, 2015, 2016, 2017) in getting the U.S. government to quash FOIA requests for IBM's EEO-1 Reports on the grounds that the mandatory race/ethnicity and gender filings represent "confidential proprietary trade secret information." IBM's argument may raise some eyebrows, considering that other tech giants -- including Google, Microsoft, Apple, and Facebook -- voluntarily disclosed their EEO-1s years ago after coming under pressure from Rev. Jesse Jackson and the Congressional Black Caucus. In 2010, IBM stopped disclosing U.S. headcount data in its annual report as it accelerated overseas hiring.
Crime

Sweden Considers Six Years in Jail For Online Pirates (torrentfreak.com) 188

Sweden's Minister for Justice has received recommendations as to how the country should punish online pirates. From a report: Helene Fritzon received a proposal which would create crimes of gross infringement under both copyright and trademark law, leading to sentences of up to six years in prison. The changes would also ensure that non-physical property, such as domain names, can be seized.
Security

Contractors Pose Cyber Risk To Government Agencies (betanews.com) 77

Ian Barker, writing for BetaNews: While US government agencies are continuing to improve their security performance over time, the contractors they employ are failing to meet the same standards according to a new report. The study by security rankings specialist BitSight sampled over 1,200 federal contractors and finds that the security rating for federal agencies was 15 or more points higher than the mean of any contractor sector. It finds more than eight percent of healthcare and wellness contractors have disclosed a data breach since January 2016. Aerospace and defense firms have the next highest breach disclosure rate at 5.6 percent. While government has made a concerted effort to fight botnets in recent months, botnet infections are still prevalent among the government contractor base, particularly for healthcare and manufacturing contractors. The study also shows many contractors are not following best practices for network encryption and email security.
Security

US's Greatest Vulnerability is Ignoring the Cyber Threats From Our Adversaries, Foreign Policy Expert Says (cnbc.com) 98

America's greatest vulnerability is its continued inability to acknowledge the extent of its adversaries' capabilities when it comes to cyber threats, says Ian Bremmer, founder and president of leading political risk firm Eurasia Group. From a report: Speaking to CNBC from the Munich Security Conference on Saturday, the prominent American political scientist emphasized that there should be much more government-level concern and urgency over cyber risk. The adversarial states in question are what U.S. intelligence agencies call the "big four": Russia, China, North Korea, and Iran. "We're vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea -- no one in the U.S. cybersecurity services believed the North Koreans could actually do that," Bremmer described, naming the ransomware virus that crippled more than 200,000 computer systems across 150 countries in May of 2017.

Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. "It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data."

Privacy

Facebook Admits SMS Notifications Sent Using Two-Factor Number Was Caused by Bug (theverge.com) 48

Facebook has clarified the situation around SMS notifications sent using the company's two-factor authentication (2FA) system, admitting that the messages were indeed caused by a bug. From a report: In a blog post penned by Facebook Chief Security Officer Alex Stamos, the company says the error led it to "send non-security-related SMS notifications to these phone numbers." Facebook uses the automated number 362-65, or "FBOOK," as its two-factor authentication number, which is a secure way of confirming a user's identity by sending a numeric code to a secondary device like a mobile phone. That same number ended up sending users Facebook notifications without their consent. When users would attempt to get the SMS notifications to stop, the replies were posted to their own Facebook profiles as status updates.
The Internet

FreeBSD's New Code of Conduct (freebsd.org) 827

FreeBSD has a new code of conduct, which is making several people angry. From the blog post: This code of conduct applies to all spaces used by the FreeBSD Project, including our mailing lists, IRC channels, and social media, both online and off. Anyone who is found to violate this code of conduct may be sanctioned or expelled from FreeBSD Project controlled spaces at the discretion of the FreeBSD Code of Conduct Committee. Participants are responsible for knowing and abiding by these rules. Harassment includes but is not limited to: Comments that reinforce systemic oppression related to gender, gender identity and expression, sexual orientation, disability, mental illness, neurodiversity, physical appearance, body size, age, race, or religion. Unwelcome comments regarding a person's lifestyle choices and practices, including those related to food, health, parenting, drugs, and employment. Deliberate misgendering. Deliberate use of "dead" or rejected names. Gratuitous or off-topic sexual images or behaviour in spaces where they're not appropriate.

Physical contact and simulated physical contact (e.g., textual descriptions like "hug" or "backrub") without consent or after a request to stop. Threats of violence. Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm. Deliberate intimidation. Stalking or following. Harassing photography or recording, including logging online activity for harassment purposes. Sustained disruption of discussion. Unwelcome sexual attention. Pattern of inappropriate social contact, such as requesting/assuming inappropriate levels of intimacy with others. Continued one-on-one communication after requests to cease. Deliberate "outing" of any private aspect of a person's identity without their consent except as necessary to protect vulnerable people from intentional abuse. Publication of non-harassing private communication without consent. Publication of non-harassing private communication with consent but in a way that intentionally misrepresents the communication (e.g., removes context that changes the meaning). Knowingly making harmful false claims about a person.

Security

Phishing Attack Scores Credentials For More Than 50,000 Snapchat Users (theverge.com) 11

An anonymous reader quotes an exclusive report from The Verge: In late July, Snap's director of engineering emailed the company's team in response to an unfolding privacy threat. A government official from Dorset in the United Kingdom had provided Snap with information about a recent attack on the company's users: a publicly available list, embedded in a phishing website named klkviral.org, that listed 55,851 Snapchat accounts, along with their usernames and passwords. The attack appeared to be connected to a previous incident that the company believed to have been coordinated from the Dominican Republic, according to emails obtained by The Verge. Not all of the account credentials were valid, and Snap had reset the majority of the accounts following the initial attack. But for some period of time, thousands of Snapchat account credentials were available on a public website. According to a person familiar with the matter, the attack relied on a link sent to users through a compromised account that, when clicked, opened a website designed to mimic the Snapchat login screen.
Businesses

Labor Board Says Google Could Fire James Damore For Anti-Diversity Memo (theverge.com) 591

According to a recently disclosed letter from the U.S. National Labor Relations Board, Google didn't violate labor laws by firing engineer James Damore for a memo criticizing the company's diversity program. "The lightly redacted statement is written by Jayme Sophir, associate general counsel of the NLRB's division of advice; it dates to January, but was released yesterday, according to Law.com," reports The Verge. "Sophir concludes that while some parts of Damore's memo was legally protected by workplace regulations, 'the statements regarding biological differences between the sexes were so harmful, discriminatory, and disruptive as to be unprotected.'" From the report: Damore filed an NLRB complaint in August of 2017, after being fired for internally circulating a memo opposing Google's diversity efforts. Sophir recommends dismissing the case; Bloomberg reports that Damore withdrew it in January, and that his lawyer says he's focusing on a separate lawsuit alleging discrimination against conservative white men at Google. NLRB records state that its case was closed on January 19th. In her analysis, Sophir writes that employers should be given "particular deference" in trying to enforce anti-discrimination and anti-harassment policies, since these are tied to legal requirements. And employers have "a strong interest in promoting diversity" and cooperation across different groups of people. Because of this, "employers must be permitted to 'nip in the bud' the kinds of employee conduct that could lead to a 'hostile workplace,'" she writes. "Where an employee's conduct significantly disrupts work processes, creates a hostile work environment, or constitutes racial or sexual discrimination or harassment, the Board has found it unprotected even if it involves concerted activities regarding working conditions."
The Courts

Judge Won't Let FCC's Net Neutrality Repeal Stop Lawsuit Alleging Charter Throttled Netflix (hollywoodreporter.com) 33

An anonymous reader quotes a report from The Hollywood Reporter: [I]n the first significant decision referring to the repeal [of net neutrality] since FCC chairman Ajit Pai got his way, a New York judge on Friday ruled that the rescinding of net neutrality rules wasn't relevant to an ongoing lawsuit against Charter Communications. New York Attorney General Eric Schneiderman filed the lawsuit almost exactly a year ago today. It's alleged that Charter's Spectrum-TWC service promised internet speeds it knew it couldn't deliver and that Spectrum-TWC also misled subscribers by promising reliable access to Netflix, online content and online games. According to the complaint, the ISP intentionally failed to deliver reliable service in a bid to extract fees from backbone and content providers. When Netflix wouldn't pay, this "resulted in subscribers getting poorer quality streams during the very hours when they were most likely to access Netflix," and after Netflix agreed to pay demands, service "improved dramatically." This arguably is the kind of thing that net neutrality was supposed to prevent. And Charter itself pointed to the net neutrality repeal in a bid to block Schneiderman's claims that Charter had engaged in false advertising and deceptive business practices. New York Supreme Court Justice O. Peter Sherwood isn't sold.

He writes in an opinion that the FCC's order "which promulgates a new deregulatory policy effectively undoing network neutrality, includes no language purporting to create, extend or modify the preemptive reach of the Transparency Rule," referring to how ISPs have to disclose "actual network performance." And although Charter attempted to argue that the FCC clarified its intent to stop state and local governments from imposing disclosure obligations on broadband providers that were inconsistent with FCC's rules, Sherwood notes other language from the "Restoring Internet Freedom Order" how states will "continue to play their vital role in protecting consumers from fraud, enforcing fair business practices... and generally responding to consumer inquiries and complaints."

Government

Facebook Must Stop Tracking Belgian Users, Court Rules (mercurynews.com) 83

Facebook must stop tracking Belgian users' surfing outside the social network and delete data it's already gathered, or it will face fines of 250,000 ($312,000) euros a day, a Belgian court ruled. From a report: Facebook "doesn't sufficiently inform" clients about the data it gathers on their broader web use, nor does it explain what it does with the information or say how long it stores it, the Brussels Court of First Instance said in a statement. The social network is coming under increasing fire in Europe, with a high-profile German antitrust probe examining whether it unfairly compels users to sign up to restrictive privacy terms. Belgium's data-protection regulators have targeted the company since at least 2015 when a court ordered it to stop storing non-users' personal data.
Intel

Intel Hit With More Than 30 Lawsuits Over Security Flaws (reuters.com) 99

Intel said on Friday shareholders and customers had filed 32 class action lawsuits against the company in connection with recently-disclosed security flaws in its microchips. From a report: Most of the lawsuits -- 30 -- are customer class action cases that claim that users were harmed by Intel's "actions and/or omissions" related to the flaws, which could allow hackers to steal data from computers. Intel said in a regulatory filing it was not able to estimate the potential losses that may arise out of the lawsuits. Security researchers at the start of January publicized two flaws, dubbed Spectre and Meltdown, that affected nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM.
Encryption

Two Years After FBI vs Apple, Encryption Debate Remains (axios.com) 174

It's been two years since the FBI and Apple got into a giant fight over encryption following the San Bernardino shooting, when the government had the shooter's iPhone, but not the password needed to unlock it, so it asked Apple to create a way inside. What's most surprising is how little has changed since then. From a report: The encryption debate remains unsettled, with tech companies largely opposed and some law enforcement agencies still making the case to have a backdoor. The case for strong encryption: Those partial to the tech companies' arguments will note that cyberattacks and hacking incidents have become even more common, with encryption serving as a valuable way to protect individuals' personal information. The case for backdoors: Criminals are doing bad stuff and when devices are strongly encrypted they can do it in what amounts to the perfect dark alley, completely hidden from public view.
Twitter

Federal Judge Says Embedding a Tweet Can Be Copyright Infringement (eff.org) 149

An anonymous reader quotes a report from the Electronic Frontier Foundation: Rejecting years of settled precedent, a federal court in New York has ruled [PDF] that you could infringe copyright simply by embedding a tweet in a web page. Even worse, the logic of the ruling applies to all in-line linking, not just embedding tweets. If adopted by other courts, this legally and technically misguided decision would threaten millions of ordinary Internet users with infringement liability.

This case began when Justin Goldman accused online publications, including Breitbart, Time, Yahoo, Vox Media, and the Boston Globe, of copyright infringement for publishing articles that linked to a photo of NFL star Tom Brady. Goldman took the photo, someone else tweeted it, and the news organizations embedded a link to the tweet in their coverage (the photo was newsworthy because it showed Brady in the Hamptons while the Celtics were trying to recruit Kevin Durant). Goldman said those stories infringe his copyright.
"[W]hen defendants caused the embedded Tweets to appear on their websites, their actions violated plaintiff's exclusive display right; the fact that the image was hosted on a server owned and operated by an unrelated third party (Twitter) does not shield them from this result," Judge Katherine Forrest said.
Crime

Electronics-Recycling Innovator Faces Prison For Extending Computers' Lives 284

schwit1 shares a report from Los Angeles Times: Prosecutors said 33-year-old [Eric Lundgren, an electronic-waste recycling innovator] ripped off Microsoft by manufacturing 28,000 counterfeit discs with the company's Windows operating system on them. He was convicted of conspiracy and copyright infringement, which brought a 15-month prison sentence and a $50,000 fine. In a rare move though, a federal appeals court has granted an emergency stay of the sentence, giving Lundgren another chance to make his argument that the whole thing was a misunderstanding. Lundgren does not deny that he made the discs or that he hoped to sell them. But he says this was no profit-making scheme. By his account, he just wanted to make it easier to extend the usefulness of secondhand computers -- keeping more of them out of the trash.

The case centers on "restore discs," which can be used only on computers that already have the licensed Windows software and can be downloaded free from the computer's manufacturer, in this case Dell. The discs are routinely provided to buyers of new computers to enable them to reinstall their operating systems if the computers' hardware fails or must be wiped clean. But they often are lost by the time used computers find their way to a refurbisher. Lundgren said he thought electronics companies wanted the reuse of computers to be difficult so that people would buy new ones. He thought that producing and selling restore discs to computer refurbishers -- saving them the hassle of downloading the software and burning new discs -- would encourage more secondhand sales. In his view, the new owners were entitled to the software, and this just made it easier. The government, and Microsoft, did not see it that way. Federal prosecutors in Florida obtained a 21-count indictment against Lundgren and his business partner, and Microsoft filed a letter seeking $420,000 in restitution for lost sales. Lundgren claims that the assistant U.S. attorney on the case told him, "Microsoft wants your head on a platter and I'm going to give it to them."
Media

FCC Chairman Ajit Pai Is Under Investigation Over $3.9 Billion Media Deal 145

According to a report in The New York Times (Warning: source may be paywalled), Ajit Pai and the FCC approved a set of rules in 2017 to allow television broadcasters to increase the number of stations they own. Weeks after the rules were approved, Sinclair Broadcasting announced a $3.9 billion deal to buy Tribune Media. PC Gamer reports: The deal was made possible by the new set of rules, which subsequently raised some eyebrows. Notably, the FCC's inspector general is reportedly investigating if Pai and his aides abused their position by pushing for the rule changes that would make the deal possible, and timing them to benefit Sinclair. The extent of the investigation is not clear, nor is how long it will take. However, it does bring up the question of whether Pai had coordinated with Sinclair, and it could force him to publicly address the topic, which he hasn't really done up to this point.

Legislators first pushed for an investigation into this matter last November. At the time, a spokesman for the FCC representing Pai called the allegations "baseless" and alluded to it being a partisan play by those who oppose the chairman. "For many years, Chairman Pai has called on the FCC to update its media ownership regulations," the FCC spokesman said. "The chairman is sticking to his long-held views, and given the strong case for modernizing these rules, it's not surprising that those who disagree with him would prefer to do whatever they can to distract from the merits of his proposals."
Communications

119,000 Passports, Photo IDs of FedEx Customers Found On Unsecured Amazon Server (gizmodo.com) 34

FedEx left scanned passports, drivers licenses, and other documentation belonging to thousands of its customers exposed on a publicly accessible Amazon S3 server, reports Gizmodo. "The scanned IDs originated from countries all over the world, including the United States, Mexico, Canada, Australia, Saudi Arabia, Japan, China, and several European countries. The IDs were attached to forms that included several pieces of personal information, including names, home addresses, phone numbers, and zip codes." From the report: The server, discovered by researchers at the Kromtech Security Center, was secured as of Tuesday. According to Kromtech, the server belonged to Bongo International LLC, a company that aided customers in performing shipping calculations and currency conversations, among other services. Bongo was purchased by FedEx in 2014 and renamed FedEx Cross-Border International a little over a year later. The service was discontinued in April 2017. According to Kromtech, more than 119,000 scanned documents were discovered on the server. As the documents were dated within the 2009-2012 range, its unclear if FedEx was aware of the server's existence when it purchased Bongo in 2014, the company said.
Electronic Frontier Foundation

EFF Urges US Copyright Office To Reject Proactive 'Piracy' Filters (torrentfreak.com) 55

TorrentFreak: As entertainment companies and Internet services spar over the boundaries of copyright law, the EFF is urging the US Copyright Office to keep "copyright's safe harbors safe." In a petition just filed with the office, the EFF warns that innovation will be stymied if Congress goes ahead with a plan to introduce proactive 'piracy' filters at the expense of the DMCA's current safe harbor provisions. [...] "Major media and entertainment companies and their surrogates want Congress to replace today's DMCA with a new law that would require websites and Internet services to use automated filtering to enforce copyrights. "Systems like these, no matter how sophisticated, cannot accurately determine the copyright status of a work, nor whether a use is licensed, a fair use, or otherwise non-infringing. Simply put, automated filters censor lawful and important speech," the EFF warns.

Slashdot Top Deals