Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×
The Courts

Insurer Refuses To Cover Cox In Massive Piracy Lawsuit ( 65

An anonymous reader writes with news that Cox Communications' insurer, Lloyds Of London underwriter Beazley, is refusing to cover legal costs and any liabilities from the case brought against it by BMG and Round Hill Music. TorrentFreak reports: "Trouble continues for one of the largest Internet providers in the United States, with a Lloyds underwriter now suing Cox Communications over an insurance dispute. The insurer is refusing to cover legal fees and potential piracy damages in Cox's case against BMG Rights Management and Round Hill Music. Following a ruling from a Virginia federal court that Cox is not protected by the safe-harbor provisions of the DMCA, the Internet provider must now deal with another setback. Following a ruling from a Virginia federal court that Cox is not protected by the safe-harbor provisions of the DMCA, the Internet provider must now deal with another setback."

Green Light Or No, Nest Cam Never Stops Watching ( 198

chicksdaddy writes: How do you know when the Nest Cam monitoring your house is "on" or "off"? It's simple: just look at the little power indicator light on the front of the device — and totally disregard what it is telling you. The truth is: the Nest Cam is never "off" despite an effort by Nest and its parent Google to make it appear otherwise. That, according to an analysis of the Nest Cam by the firm ABI Research, which found that turning the Nest Cam "off" using the associated mobile application only turns off the LED power indicator light on the front of the device. Under the hood, the camera continues to operate and, according to ABI researcher Jim Mielke, to monitor its surroundings: noting movement, sound and other activity when users are led to believe it has powered down.

Mielke reached that conclusion after analyzing Nest Cam's power consumption. Typically a shutdown or standby mode would reduce current by as much as 10 to 100 times, Mielke said. But the Google Nest Cam's power consumption was almost identical in "shutdown" mode and when fully operational, dropping from 370 milliamps (mA) to around 340mA. The slight reduction in power consumption for the Nest Cam when it was turned "off" correlates with the disabling of the LED power light, given that LEDs typically draw 10-20mA.

In a statement to The Security Ledger, Nest Labs spokesperson Zoz Cuccias acknowledged that the Nest Cam does not fully power down when the camera is turned off from the user interface (UI). "When Nest Cam is turned off from the user interface (UI), it does not fully power down, as we expect the camera to be turned on again at any point in time," Cuccias wrote in an e-mail. "With that said, when Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings." The privacy and security implications are serious. "This means that even when a consumer thinks that he or she is successfully turning off this camera, the device is still running, which could potentially unleash a tidal wave of privacy concerns," Mielke wrote.

Electronic Frontier Foundation

Judge Wipes Out Safe Harbor Provision In DMCA, Makes Cox Accomplice of Piracy ( 214

SysKoll writes: The DMCA is well-known for giving exorbitant powers to copyright holders, such as taking down a page or a whole web site without a court order. Media companies buy services from vendors like Rightscorp, a shake-down outfit that issues thousands of robot-generated take-down notices and issues threats against ISPs and sites ignoring them. Cox, like a lot of ISPs, is inundated with abusive take-down notices, in particular from Rightscorp. Now, BMG Rights Management and Round Hill Music are suing Cox for refusing to shut off the Internet access of subscribers that Rightscorp accused of downloading music via BitTorrent. Cox argues that as an ISP, they benefit from the Safe Harbor provision that shields access providers from subscribers' misbehavior. Not so, says U.S. District Judge Liam O'Grady. The judge sided with the media companies ahead of trial, saying Cox should have terminated the repeat offenders accused by Rightscorp. Cox's response is quite entertaining for a legal document (PDF): its description of Rightscorp includes the terms "shady," "shake-down," and "pay no attention to the facts." O'Grady also derided the Electronic Frontier Foundation's attempt to file an amicus brief supporting Cox, calling them hysterical crybabies.

High Level Coding Language Used To Create New POS Malware ( 91

An anonymous reader writes: A new malware framework called ModPOS is reported to pose a threat to U.S. retailers, and has some of the highest-quality coding work ever put into a ill-intentioned software of this nature. Security researchers iSight say of the ModPOS platform that it is 'much more complex than average malware'. The researchers believe that the binary output they have been studying for three years was written in a high-level language such as C, and that the software took 'a significant amount of time and resources to create and debug'.

Disney IT Workers Prepare To Sue Over Foreign Replacements ( 255

JustAnotherOldGuy writes: At least 23 former Disney IT workers have filed complaints with the federal Equal Employment Opportunity Commission (EEOC) over the loss of their jobs to foreign replacements. This federal filing is a first step to filing a lawsuit alleging discrimination. These employees are arguing that they are victims of national origin discrimination, a complaint increasingly raised by U.S. workers who have lost their jobs to foreign workers on H-1B and other temporary visas. Disney's layoff last January followed agreements with IT services contractors that use foreign labor, mostly from India. Some former Disney workers have begun to go public (video) over the displacement process

Yahoo Denies Ad-blocking Users Access To Email ( 304

JoeyRox writes: Yahoo is running an A/B test that blocks access to Yahoo email if the site detects that the user is running an Ad Blocker. Yahoo says that this a trial rather than a new policy, effecting only a "small number" of users. Those lucky users are greeted with a message that reads "Please disable Ad Blocker to continue using Yahoo Mail." Regarding the legality of the move, "Yahoo is well within its rights to do so," said Ansel Halliburton an attorney at Kronenberger Rosenfeld who specializes in Internet law.

BBC World Service To Provide Radio For North Korea and Eritrea ( 62

Ewan Palmer writes: The BBC World service has announced it will expand to serve the worst countries for press freedom as part of a plan to reach a global audience of 500 million. The British government announced its "single biggest increase in the World Service budget ever committed" and promised to invest more than $128 million by 2017/18 to the service. Along with improvements in countries such as Thailand, Russia and Somalia, they will launch radio services in North Korea and Eritrea who, according to Reporters Without Borders' 2015 World Press Freedom index, are the two worst performing countries in the world when ranked on a number of criteria including media independence, respect for the safety and freedom of journalists, and infrastructural environment in which the media operate.

Patreon Users Threatened By Ashley Madison Scammers ( 75

itwbennett writes: "Over the last few days, the group responsible for extortion attempts and death threats against Ashley Madison users has turned to a new set of targets – Patreon users," writes CSO's Steve Ragan. A message sent from the same account used in previous campaigns by the scammers demands a payment of 1 BTC or else the Patreon user will have their personal information exposed. "The [Bitcoin] wallet being used by the group has barely collected anything," says Ragan, "suggesting that after their massive push towards Ashley Madison users, people have stopped falling for their scams."
The Military

Fake Bomb Detector, Blamed For Hundreds of Deaths, Is Still In Use 150 writes: Murtaza Hussain writes at The Intercept that although it remains in use at sensitive security areas throughout the world, the ADE 651 is a complete fraud and the ADE-651's manufacturer sold it with the full knowledge that it was useless at detecting explosives. There are no batteries in the unit and it consists of a swivelling aerial mounted to a hinge on a hand-grip. The device contains nothing but the type of anti-theft tag used to prevent stealing in high street stores and critics have likened it to a glorified dowsing rod.

The story of how the ADE 651 came into use involves the 2003 U.S. invasion of Iraq. At the height of the conflict, as the new Iraqi government battled a wave of deadly car bombings, it purchased more than 7,000 ADE 651 units worth tens of millions of dollars in a desperate effort to stop the attacks. Not only did the units not help, the device actually heightened the bloodshed by creating "a false sense of security" that contributed to the deaths of hundreds of Iraqi civilians. A BBC investigation led to a subsequent export ban on the devices.

The device is once again back in the news as it was reportedly used for security screening at hotels in the Egyptian resort city of Sharm el-Sheikh where a Russian airliner that took off from that city's airport was recently destroyed in a likely bombing attack by the militant Islamic State group. Speaking to The Independent about the hotel screening, the U.K. Foreign Office stated it would "continue to raise concerns" over the use of the ADE 651. James McCormick, the man responsible for the manufacture and sale of the ADE 651, received a 10-year prison sentence for his part in manufacture of the devices, sold to Iraq for $40,000 each. An employee of McCormick who later became a whistleblower said that after becoming concerned and questioning McCormick about the device, McCormick told him the ADE 651 "does exactly what it's designed to. It makes money."

With $160 Billion Merger, Pfizer Moves To Ireland and Dodges Taxes ( 359

ourlovecanlastforeve writes: In a $160 billion dollar acquisition, drug company Allergan, a small company based in Ireland, "purchased" Pfizer, allowing the drug producing giant to move to Ireland and lower its tax rate from about 25 percent to 17-18 percent. Ars reports: "Such inversions, which are said to cost the American government billions in lost tax revenue, have drawn scorn from the Obama Administration and the Treasury Department. Last year, President Obama referred to the deals as 'unpatriotic' loopholes and proposed to close them. And last week, the Treasury announced new rules to make such deals more difficult. But Pfizer’s reverse-inversion skirts the rules, in part by keeping ownership split somewhat evenly between the two companies. After the deal is complete, current shareholders of Allergan, which has the majority of its operations in the US, will own 44 percent of the mega company. The remaining 56 percent will be owned by current Pfizer shareholders."

FAA To Drone Owners: Get Ready To Register To Fly ( 191

coondoggie writes: While an actual rule could be months away, drones weighing about 9 ounces or more will apparently need to be registered with the Federal Aviation Administration going forward. The registration requirement and other details came form the government’s UAS Task Force which was created by the FAA last month and featured all manner of associates from Google, the Academy of Model Aeronautics and Air Line Pilots Association to Walmart, GoPro and Amazon. “By some estimates, as many as 400,000 new unmanned aircraft will be sold during the holiday season. Pilots with little or no aviation experience will be at the controls of many of these aircraft. Many of these new aviators may not even be aware that their activities in our airspace could be dangerous to other aircraft -- or that they are, in fact, pilots once they start flying their unmanned aircraft,” said FAA Administrator Michael Huerta in announcing the task force’s results.

Dell Accused of Installing 'Superfish-Like' Rogue Certificates On Laptops ( 89

Mickeycaskill writes: Dell has been accused of pre-installing rogue self-signing root certificate authentications on its laptops. A number of users discovered the 'eDellRoot' certificate on their machines and say it leaves their machines, and any others with the certificate, open to attack. "Anyone possessing the private key which is on my computer is capable of minting certificates for any site, for any purpose and the computer will programmatically and falsely conclude the issued certificate to be valid," said Joe Nord, a Citrix product manager who found the certificate on his laptop. It is unclear whether it is Dell or a third party installing the certificate, but the episode is similar to the 'Superfish' incident in which Lenovo was found to have installed malware to inject ads onto users' computers.
The Almighty Buck

"Clock Boy" Ahmed Mohamed Seeking $15 Million In Damages 770

phrackthat writes: The family of Ahmed Mohamed, the boy who was arrested in Irving, Texas has threatened to sue the school and the city of Irving if they do not pay him $15 million as compensation for his arrest. To refresh the memories of everyone, Ahmed's clock was a clock he disassembled then put into a pencil case that looked like a miniature briefcase. He was briefly detained by the Irving city police to interview him and determine if he intended for his clock to be perceived as a fake bomb. He was released to his parents later on that day and they publicized the matter and claimed Ahmed was arrested because of "Islamophobia".

New IBM Tech Lets Apps Authenticate You Without Personal Data ( 27

itwbennett writes: IBM's Identity Mixer allows developers to build apps that can authenticate users' identities without collecting personal data. Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. IBM announced on Friday that Identity Mixer is now available to developers on its Bluemix cloud platform.

Nearly 35,000 Comment On New Federal STEM OPT Extension Rule ( 55

theodp writes: Computerworld reports that the comments are in on the Department of Homeland Security's new proposed rule to extend OPT for international STEM students from 29 months to at least 36 months. The majority of the comments received by DHS support extending the program, CW notes, which is probably not surprising. Rather than choosing to "avoid the appearance of improper influence" by declining to respond to a "We the People" petition protesting a pending U.S. Federal judge's ruling that threatens to eliminate OPT STEM extensions altogether in February, the White House informed the 100k petition signers that they had the President's support, and pointed to the comment site for the proposed DHS OPT STEM rule workaround. Like the "We the People" petitioners, it's unclear whether the DHS commenters might represent corporate, university, and/or student interests, although a word cloud of the top 100 names of commenters (which accounted for 17,000+ comments) hints that international students are well-represented. By the way, in rejecting the 'emergency changes' that were enacted by DHS in 2008 to extend OPT for STEM students without public comment, Judge Ellen Huvelle said, "the 17-month duration of the STEM extension appears to have been adopted directly from the unanimous suggestions by Microsoft and similar industry groups."

Australian State Bans Possession of Blueprints For 3D Printing Firearms ( 308

angry tapir writes: Possessing files that can be used to 3D print firearms will soon be illegal in the Australian state of New South Wales after new legislation, passed last week by state parliament, comes into effect. Possessing files for 3D printing guns will be punishable by up to 14 years in prison. The provisions "are targeted at criminals who think they can steal or modify firearms or manufacture firearms from 3D blueprints," NSW's justice minister, Troy Grant, said when introducing the bill in the state's lower house on 27 October. "Those who think they can skirt the law will find themselves facing some of the toughest penalties for firearms offences in this country," Grant said.

How Anonymous' War With Isis Is Actually Harming Counter-Terrorism ( 385

retroworks writes: According to a recent tweet from the #OpParis account, Anonymous are delivering on their threat to hack Isis, and are now flooding all pro-Isis hastags with the grandfather of all 2007 memes — Rick Astley's "Never Gonna Give You Up" music video. Whenever a targeted Isis account tries to spread a message, the topic will instead be flooded with countless videos of Rick Astley circa 1987. Not all are praising Anonymous methods, however. While Metro UK reports that the attacks have been successful, finding and shutting down 5,500 Twitter accounts, the article also indicates that professional security agencies have seen sources they monitor shut down. Rick Astley drowns out intelligence as well as recruitment.

Whistleblowers: How NSA Created the 'Largest Failure' In Its History ( 117

An anonymous reader writes: Former NSA whistleblowers contend that the agency shut down a program that could have "absolutely prevented" some of the worst terror attacks in memory. According to the ZDNet story: "Weeks prior to the September 11 terrorist attacks, a test-bed program dubbed ThinThread was shut down in favor of a more expensive, privacy-invasive program that too would see its eventual demise some three years later -- not before wasting billions of Americans' tax dollars. Four whistleblowers, including a congressional senior staffer, came out against the intelligence community they had served, after ThinThread. designed to modernize the agency's intelligence gathering effort, was cancelled. Speaking at the premier of a new documentary film A Good American in New York, which chronicles the rise and demise of the program, the whistleblowers spoke in support of the program, led by former NSA technical director William Binney."
United States

US and China Setting Up "Space Hotline" ( 15

Taco Cowboy writes: Washington and Beijing have established an emergency 'space hotline' to reduce the risk of accidental conflict. Several international initiatives are already in train to seal a space treaty to avoid a further build-up of weapons beyond the atmosphere. However, security experts say the initiatives have little chance of success. A joint Russia-China proposal wending its way through the UN was not acceptable to the US. An EU proposal, for a "code of conduct" in space, was having diplomatic "difficulties" but was closer to Washington's position.

Blackberry Offers 'Lawful Device Interception Capabilities' ( 137

An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" for government surveillance. BlackBerry COO Marty Beard as much at a recent IT summit. He declined to explain how the interception works, but he denied the phones would contain "backdoors" and said governments would have no direct access to BlackBerry servers. The company may see this as a way to differentiate themselves from the competition.