Your rights online

Syndicate content Slashdot: Your Rights Online
News for nerds, stuff that matters
Updated: 2 weeks 4 days ago

Google's Plans for Chrome Extensions 'Won't Really Help Security', Argues EFF

Sun, 08/04/2019 - 21:36
Is Google making the wrong response to the DataSpii report on a "catastrophic data leak"? The EFF writes: In response to questions about DataSpii from Ars Technica, Google officials pointed out that they have "announced technical changes to how extensions work that will mitigate or prevent this behavior." Here, Google is referring to its controversial set of proposed changes to curtail extension capabilities, known as Manifest V3. As both security experts and the developers of extensions that will be greatly harmed by Manifest V3, we're here to tell you: Google's statement just isn't true. Manifest V3 is a blunt instrument that will do little to improve security while severely limiting future innovation... The only part of Manifest V3 that goes directly to the heart of stopping DataSpii-like abuses is banning remotely hosted code. You can't ensure extensions are what they appear to be if you give them the ability to download new instructions after they're installed. But you don't need the rest of Google's proposed API changes to stop this narrow form of bad extension behavior. What Manifest V3 does do is stifle innovation... The EFF makes the following arguments Google's proposal: Manifest V3 will still allow extensions to observe the same data as before, including what URLs users visit and the contents of pages users visitManifest V3 won't change anything about how "content scripts" work...another way to extract user browsing data.Chrome will still allow users to give extensions permission to run on all sites. In response Google argued to Forbes that the EFF "fails to account for the proposed changes to how permissions work. It is the combination of these two changes, along with others included in the proposal, that would have prevented or significantly mitigated incidents such as this one." But the EFF's technology projects director also gave Forbes their response. "We agree that Google isn't killing ad-blockers. But they are killing a wide range of security and privacy enhancing extensions, and so far they haven't justified why that's necessary." And in the same article, security researcher Sean Wright added that Google's proposed change "appears to do little to prevent rogue extensions from obtaining information from loaded sites, which is certainly a privacy issue and it looks as if the V3 changes don't help." The EFF suggests Google just do a better job of reviewing extensions.

Read more of this story at Slashdot.

Categories: Privacy

Voter Records For 80% of Chile's Population Left Exposed Online

Sun, 08/04/2019 - 10:34
An anonymous reader writes: "The voter information of more than 14.3 million Chileans, which accounts to nearly 80% of the country's entire population, was left exposed and leaking on the internet inside an Elasticsearch database," reports ZDNet. "The database contained names, home addresses, gender, age, and tax ID numbers (RUT, or Rol Único Tributario) for 14,308,151 individuals...including many high-profile Chilean officials." A spokesperson for the Chile Electoral Service said the data appears to have been scraped without authorization from its website, from a section that allows users to update their voting data. Chile now joins countries as the US, Mexico, Turkey, and the Philippines, whose voter information was gathered in bulk and then published online in one big pile, easy to access for any crooks.

Read more of this story at Slashdot.

Categories: Privacy

Georgia Department of Public Safety Hit By Ransomware Attack.

Sun, 08/04/2019 - 09:34
"A ransomware attack late last week left the Georgia Department of Public Safety and Georgia State Patrol computers offline," reports a local news station. Lt. Stephanie Stallings, GSP spokesperson, said a message popped up on an employee's computer, prompting preventative measures to shut all server networks down. The servers have been offline since [July 26th]. The Georgia State Patrol's tech division, the Georgia Tech Authority, which handles network and serves, is now checking every device in all 52 state patrol post locations across the state to see if more devices are affected.... The state said Georgia Tech Authority is downloading new protective software on all devices, which are purposely offline until further notice. Stallings said it's still business as usual. Staff and officers are doing their jobs in the traditional way using paper that they used in the days before having laptops in patrol cars... News4Jax found there were 184 million ransomware attacks worldwide in 2018 ZDNet reports the attack has crippled laptops installed in police cars across the state. And long-time Slashdot reader McFortner shares their own story: When I went in to get a copy of an accident report this Friday, the officer at the Henry County, GA, police department told me that at least 7 counties in the Atlanta area were hit at the same time and they had no way of knowing when their computers would be back up. They suggest to anybody needing a report to call them first to see if by any chance the system is back up and the report is finished and can be picked up.

Read more of this story at Slashdot.

Categories: Privacy

Amazon Quietly Gives Alexa's Voice Recordings a 'No Human Review' Option

Sun, 08/04/2019 - 07:34
"Amazon Alexa users can now choose whether human reviewers listen to recordings of their exchanges with the AI assistant," reports VentureBeat, citing an Amazon spokesperson. To ensure people don't listen to voice recordings collected following each exchange with Alexa, go to Settings, tap the Alexa Privacy link, then choose Manage How Your Data Improves Alexa. Users can also delete their voice recordings via the Alexa app or Amazon website. The news follows Amazon's introduction of an "Alexa, delete what I said today" voice command in May... Earlier this week, Google and Apple both pledged to suspend some of their voice data review by people.

Read more of this story at Slashdot.

Categories: Privacy

Did WhatsApp Backdoor Rumor Come From 'Unanswered Questions ' and 'Leap of Faith' For Closed-Source Encryption Products?

Sun, 08/04/2019 - 00:34
On Friday technologist Bruce Schneier wrote that after reviewing responses from WhatsApp, he's concluded that reports of a pre-encryption backdoor are a false alarm. He also says he got an equally strong confirmation from WhatsApp's Privacy Policy Manager Nate Cardozo, who Facebook hired last December from the EFF. "He basically leveraged his historical reputation to assure me that WhatsApp, and Facebook in general, would never do something like this." Schneier has also added the words "This story is wrong" to his original blog post. "The only source for that post was a Forbes essay by Kalev Leetaru, which links to a previous Forbes essay by him, which links to a video presentation from a Facebook developers conference." But that Forbes contributor has also responded, saying that he'd first asked Facebook three times about when they'd deploy the backdoor in WhatsApp -- and never received a response. Asked again on July 25th the company's plans for "moderating end to end encrypted conversations such as WhatsApp by using on device algorithms," a company spokesperson did not dispute the statement, instead pointing to Zuckerberg's blog post calling for precisely such filtering in its end-to-end encrypted products including WhatsApp [apparently this blog post], but declined to comment when asked for more detail about precisely when such an integration might happen... [T]here are myriad unanswered questions, with the company declining to answer any of the questions posed to it regarding why it is investing in building a technology that appears to serve little purpose outside filtering end-to-end encrypted communications and which so precisely matches Zuckerberg's call. Moreover, beyond its F8 presentation, given Zuckerberg's call for filtering of its end-to-end encrypted products, how does the company plan on accomplishing this apparent contradiction with the very meaning of end-to-end encryption? The company's lack of transparency and unwillingness to answer even the most basic questions about how it plans to balance the protections of end-to-end encryption in its products including WhatsApp with the need to eliminate illegal content reminds us the giant leap of faith we take when we use closed encryption products whose source we cannot review... Governments are increasingly demanding some kind of compromise regarding end-to-end encryption that would permit them to prevent such tools from being used to conduct illegal activity. What would happen if WhatsApp were to receive a lawful court order from a government instructing it to insert such content moderation within the WhatsApp client and provide real-time notification to the government of posts that match the filter, along with a copy of the offending content? Asked about this scenario, Carl Woog, Director of Communications for WhatsApp, stated that he was not aware of any such cases to date and noted that "we've repeatedly defended end-to-end encryption before the courts, most notably in Brazil." When it was noted that the Brazilian case involved the encryption itself, rather than a court order to install a real-time filter and bypass directly within the client before and after the encryption process at national scale, which would preserve the encryption, Woog initially said he would look into providing a response, but ultimately did not respond. Given Zuckerberg's call for moderation of the company's end-to-end encryption products and given that Facebook's on-device content moderation appears to answer directly to this call, Woog was asked whether its on-device moderation might be applied in future to its other end-to-end encrypted products rather than WhatsApp. After initially saying he would look into providing a response, Woog ultimately did not respond. Here's the exact words from Zuckerberg's March blog post. It said Facebook is "working to improve our ability to identify and stop bad actors across our apps by detecting patterns of activity or through other means, even when we can't see the content of the messages, and we will continue to invest in this work. "

Read more of this story at Slashdot.

Categories: Privacy

Amazon Delivery Drivers Part Of Theft Ring Selling 'Millions' in Stolen Goods on Amazon

Sat, 08/03/2019 - 18:34
An anonymous reader quotes the Associated Press: The two contract delivery drivers working for Amazon had a clear-cut assignment: They were supposed to bring packages from a warehouse south of Seattle to a post office for shipping, or sometimes drive to Seattle-Tacoma International Airport to pick up items that were being returned to the company. Instead, the FBI said in a search warrant affidavit unsealed last month, they routinely stole the items and sold them at pawn shops. A police detective last summer noticed that one of the drivers had dozens of pawn shop transactions, and thus began an investigation that uncovered a theft ring that sold millions of dollars' worth of stolen goods on Amazon.com in the past six years, the FBI said... Amazon told investigators that Zghair stole about $100,000 worth of property, including gaming systems, sporting goods and computer products -- items he sold to one of the pawn shops for less than $20,000, the agent wrote... Detectives staked out the pawn shops, Innovation Best in Kent and Thrift-Electro in Renton, and observed that they appeared to be paying shoplifters and drug users cash for new items from Home Depot, Lowes and Fred Meyer department stores. Unlike typical pawn shops, they didn't make sales; instead, the products were moved to a warehouse and to Amazon "fulfillment centers," from where they were shipped when they were sold on Amazon's website by sellers using the handles "Bestforyouall" or "Freeshipforyou," the affidavit said. Police say the pawn shops had received 48,000 items over the past six years -- for which they'd paid $4.1 million -- including razors, electric toothbrushes, and allergy medicine.

Read more of this story at Slashdot.

Categories: Privacy

EFF Warns Proposed Law Could Create 'Life-Altering' Copyright Lawsuits

Sat, 08/03/2019 - 16:34
Forbes reports: In July, members of the federal Senate Judiciary Committee chose to move forward with a bill targeting copyright abuse with a more streamlined way to collect damages, but critics say that it could still allow big online players to push smaller ones around -- and even into bankruptcy. Known as the Copyright Alternative in Small-Claims Enforcement (or CASE) Act, the bill was reintroduced in the House and Senate this spring by a roster of bipartisan lawmakers, with endorsements from such groups as the Copyright Alliance and the Graphic Artists' Guild. Under the bill, the U.S. Copyright Office would establish a new 'small claims-style' system for seeking damages, overseen by a three-person Copyright Claims Board. Owners of digital content who see that content used without permission would be able to file a claim for damages up to $15,000 for each work infringed, and $30,000 in total, if they registered their content with the Copyright Office, or half those amounts if they did not. "Easy $5,000 copyright infringement tickets won't fix copyright law," argues the EFF, in an article shared by long-time Slashdot reader SonicSpike: The bill would supercharge a "copyright troll" industry dedicated to filing as many "small claims" on as many Internet users as possible in order to make money through the bill's statutory damages provisions. Every single person who uses the Internet and regularly interacts with copyrighted works (that's everyone) should contact their Senators to oppose this bill... [I]f Congress passes this bill, the timely registration requirement will no longer be a requirement for no-proof statutory damages of up to $7,500 per work. In other words, nearly every photo, video, or bit of text on the Internet can suddenly carry a $7,500 price tag if uploaded, downloaded, or shared even if the actual harm from that copying is nil. For many Americans, where the median income is $57,652 per year, this $7,500 price tag for what has become regular Internet behavior would result in life-altering lawsuits from copyright trolls that will exploit this new law.

Read more of this story at Slashdot.

Categories: Privacy

Another Breach: What Capital One Could Have Learned From Google's 'BeyondCorp'

Sat, 08/03/2019 - 15:34
"Firewalls can be notoriously and fiendishly difficult to configure correctly, and often present a target-rich environment for successful attacks," writes long-time Slashdot reader Lauren Weinstein. "The thing is, firewall vulnerabilities are not headline news -- they're an old story, and better solutions to providing network security already exist." In particular, Google's "BeyondCorp" approach is something that every enterprise involved in computing should make itself familiar with. Right now! BeyondCorp techniques are how Google protects its own internal networks and systems from attack, with enormous success. In a nutshell, BeyondCorp is a set of practices that effectively puts "zero trust" in the networks themselves, moving access control and other authentication elements to individual devices and users. This eliminates traditional firewalls (and in nearly all instances, VPNs) because there is no longer any need for such devices or systems that, once breached, give an attacker access to internal goodies. If Capital One had been following BeyondCorp principles, there'd likely be 100+ million fewer potentially panicky people today.

Read more of this story at Slashdot.

Categories: Privacy

Lawsuit Filed Against GitHub In Wake of Capital One Data Breach

Sat, 08/03/2019 - 09:00
An anonymous reader quotes a report from The Hill: Capital One and GitHub have been hit with a class-action lawsuit over the recent data breach that resulted in the data of over 100 million Capital One customers being exposed. The law firm Tycko & Zavareei LLP filed the lawsuit on Thursday, arguing that GitHub and Capital One demonstrated negligence in their response to the breach. The firm filed the class-action complaint on behalf of those impacted by the breach, alleging that both companies failed to protect customer data. Personal information for tens of millions of customers was exposed after a firewall misconfiguration in an Amazon cloud storage service used by Capital One was exploited. The breach exposed around 140,000 Social Security numbers and 80,000 bank account numbers, along with the credit card applications of millions in both the U.S. and Canada. The individual who allegedly perpetrated the data breach, Seattle-based software engineer Paige Thompson, was arrested earlier this week. Thompson, a former Amazon employee, allegedly accessed the data in March and posted about her theft of the information on GitHub in April, according to the complaint. Another GitHub user notified Capital One, which subsequently notified the FBI. The law firm also alleged that computer logs "demonstrate that Capital One knew or should have known" about the data breach when it occurred in March, and criticized Capital One for not taking action to respond to the breach until last month.

Read more of this story at Slashdot.

Categories: Privacy

NYT Publishes Anti-Google Rant, Doesn't Mention Author Is Facebook Board Member

Fri, 08/02/2019 - 20:03
An anonymous reader quotes a report from Gizmodo: The New York Times published an anti-Google screed by billionaire Peter Thiel last night but failed to mention a fun fact that readers might find relevant: Thiel sits on the board of Facebook, one of Google's largest competitors. Thiel first blasted Google as "treasonous" last month, saying that the FBI and CIA should investigate the company for working with the Chinese government. The tech investor even asked if Google had been infiltrated by Chinese spies, a highly inflammatory charge that he didn't substantiate. Thiel has now followed up his anti-Google remarks in a new piece for the Times praising President Donald Trump and railing against "globalization." Thiel's central argument is that anyone helping China to develop artificial intelligence technologies is assisting China's military because, he says, all AI should be seen first and foremost as having military applications: "A.I. is a military technology. Forget the sci-fi fantasy; what is powerful about actually existing A.I. is its application to relatively mundane tasks like computer vision and data analysis. Though less uncanny than Frankenstein's monster, these tools are nevertheless valuable to any army -- to gain an intelligence advantage, for example, or to penetrate defenses in the relatively new theater of cyberwarfare, where we are already living amid the equivalent of a multinational shooting war." Thiel, who in 2017 sold the majority of his Facebook shares but remains on its board of directors, goes on to characterize Google as "naive" for opening an AI lab in China while deciding to not renew a contract for its work on Project Maven, a U.S. military initiative for which the company was developing an AI system to analyze drone footage, following employee backlash. Thiel also acknowledges that AI can be used for civilian purposes, but he claims that it doesn't matter. He calls Google's actions "shocking": "A.I.'s military power is the simple reason that the recent behavior of America's leading software company, Google -- starting an A.I. lab in China while ending an A.I. contract with the Pentagon -- is shocking. As President Barack Obama's defense secretary Ash Carter pointed out last month, 'If you're working in China, you don't know whether you're working on a project for the military or not.'" He continues: "How can Google use the rhetoric of 'borderless' benefits to justify working with the country whose 'Great Firewall' has imposed a border on the internet itself? This way of thinking works only inside Google's cosseted Northern California campus, quite distinct from the world outside. The Silicon Valley attitude sometimes called 'cosmopolitanism' is probably better understood as an extreme strain of parochialism, that of fortunate enclaves isolated from the problems of other places -- and incurious about them." At the end of the op-ed, where it says "Peter Thiel is an entrepreneur and investor," would be a great place to note that Peter Thiel is also on the board of Facebook.

Read more of this story at Slashdot.

Categories: Privacy

US Cities Are Helping People Buy Amazon Surveillance Cameras Using Taxpayer Money

Fri, 08/02/2019 - 17:25
popcornfan679 writes: The Ring doorbell surveillance camera sits squarely in the center of a Tiffany-blue online flyer, which provides details about a "Security Product Subsidy Event" in Arcadia, California. "Big Sale," the advertisement says, in citrus-colored script. "$100 off." "HELP STOP CRIME BEFORE IT HAPPENS," the ad continues. This isn't an ad from Best Buy or an electronics store. It's an ad from the Arcadia city government. The local city government is selling discounted surveillance cameras directly to its residents, and the "discount" is subsidized by the city. In other words, taxpayer money is being paid to Ring, Amazon's home surveillance company, in exchange for hundreds of surveillance cameras. Cities and towns around the country are paying Ring up to $100,000 to subsidize the purchase of the company's surveillance cameras for private residents. For every dollar committed by a city per these agreements, Ring will match it. This motivates cities to pledge tens of thousands of dollars to a tech giant that is building a private, nationwide surveillance network -- which Amazon is using, in part, to secure the packages it delivers. A typical discount program will last several weeks, or until a certain number of residents take advantage of the program. Motherboard has identified 14 American cities that have these discount programs as well as one city in the United Kingdom. However, there are probably more cities that have offered similar discount programs. Motherboard has reported that Ring courts local governments and police departments around the country to advertise, distribute, and use its products.

Read more of this story at Slashdot.

Categories: Privacy

Pentagon Testing Mass Surveillance Balloons Across the US

Fri, 08/02/2019 - 15:25
The US military is conducting wide-area surveillance tests across six midwest states using experimental high-altitude balloons, documents filed with the Federal Communications Commission (FCC) reveal. From a report: Up to 25 unmanned solar-powered balloons are being launched from rural South Dakota and drifting 250 miles through an area spanning portions of Minnesota, Iowa, Wisconsin and Missouri, before concluding in central Illinois. Traveling in the stratosphere at altitudes of up to 65,000ft, the balloons are intended to "provide a persistent surveillance system to locate and deter narcotic trafficking and homeland security threats," according to a filing made on behalf of the Sierra Nevada Corporation, an aerospace and defense company. The balloons are carrying hi-tech radars designed to simultaneously track many individual vehicles day or night, through any kind of weather. The tests, which have not previously been reported, received an FCC license to operate from mid-July until September, following similar flights licensed last year.

Read more of this story at Slashdot.

Categories: Privacy

Hawaii Extends Thirty Meter Telescope Permit Amid Protesters

Fri, 08/02/2019 - 03:00
In a move intended to de-escalate a standoff between scientists and native Hawaiians blocking the construction of a massive telescope on a mountaintop they believe to be sacred land, Gov. David Ige on Tuesday night rescinded an emergency proclamation that was issued to help remove demonstrators. NPR reports: Ige made the announcement at a press conference saying there are no immediate plans to move heavy construction equipment onto Mauna Kea, the intended site of the Thirty Meter Telescope, which is expected to be the largest in the world, looking farther back into space and time than any other instrument is capable of doing. "Because TMT construction is not imminent, I am withdrawing the emergency proclamation effective immediately," Ige said in a tweet. "I remain committed to moving forward with this project in a peaceful way and will continue efforts to engage the community." He cautioned the large crowds who have gathered in protest at the base of the mountain since mid-July, when construction was set to start, of hazardous conditions "in light of the potential bad weather." Ige's move followed a decision by the Department of Land and Natural Resources to grant a two-year extension of the Conservation District Use permit deadline for the initiation of construction.

Read more of this story at Slashdot.

Categories: Privacy

Apple Stops Letting Contractors Listen To Siri Voice Recordings, Will Offer Opt-Out Later

Fri, 08/02/2019 - 00:45
Apple says it will temporarily suspend its practice of using human contractors to grade snippets of Siri voice recordings for accuracy. The move follows a report in The Guardian where a former worker detailed the program, claiming that contractors "regularly hear confidential medical information, drug deals, and recordings of couples having sex" as part of their job. The Verge reports: "We are committed to delivering a great Siri experience while protecting user privacy," an Apple spokesperson says in a statement to The Verge. "While we conduct a thorough review, we are suspending Siri grading globally. Additionally, as part of a future software update, users will have the ability to choose to participate in grading." Apple did not comment on whether, in addition to pausing the program where contractors listen to Siri voice recordings, it would also stop actually saving those recordings on its servers. Currently the company says it keeps recordings for six months before removing identifying information from a copy that it could keep for two years or more.

Read more of this story at Slashdot.

Categories: Privacy

Cops Are Giving Amazon's Ring Your Real-Time 911 Caller Data

Thu, 08/01/2019 - 22:02
Gizmodo has learned that Amazon's Ring home security system is pursuing contracts with police departments that would grant it direct access to real-time emergency dispatch data. From the report: The California-based company is seeking police departments' permission to tap into the computer-aided dispatch (CAD) feeds used to automate and improve decisions made by emergency dispatch personnel and cut down on police response times. Ring has requested access to the data streams so it can curate "crime news" posts for its "neighborhood watch" app, Neighbors. Ring says it does not provide the personal information of its customers to the authorities without consent. To wit, the company has positioned itself as an intermediary through which police requests access to citizen-captured surveillance footage. When police make a request, they don't know who receives it, Ring says, until a user chooses to share their video. Users are also prompted with the option to review their footage before turning it over. But how often is one the victims of a crime in their own neighborhood? Likely not enough to stay engaged with the app for too long. Ring's solution is to push out alerts about alleged criminal activity reported nearby in real-time, according to company documents obtained by Gizmodo. Hiring people to monitor police scanners all day, however, is presumably too costly and inefficient. To pull off this trick, Ring needs something better: direct access to raw police dispatch data. Through its police partnerships, Ring has requested access to CAD, which includes information provided voluntarily by 911 callers, among other types of data automatically collected. CAD data is typically compromised of details such as names, phone numbers, addresses, medical conditions and potentially other types of personally identifiable information, including, in some instances, GPS coordinates. Ring confirmed on Thursday that it does receive location information, including precise addresses from CAD data, which it does not publish to its app. It denied receiving other forms of personal information. According to internal documents, police CAD data is received by Ring's "Neighbors News team" and is then reformatted before being posted on Neighbors in the form of an "alert" to users in the vicinity of the alleged incident. The document states that Ring's team only posts alerts for eight different crimes: burglary, vehicle break-in and theft, robbery, shots fired, shootings, stabbing, hostage, and arson.

Read more of this story at Slashdot.

Categories: Privacy

Facebook Design Flaw Let Thousands of Kids Join Chats With Unauthorized Users

Mon, 07/22/2019 - 21:25
A design flaw in Facebook's Messenger Kids app allowed children to enter group chats with unapproved strangers. "For the past week, Facebook has been quietly closing down those group chats and alerting users, but has not made any public statements disclosing the issue," reports The Verge. The alert reads as follows: "Hi [PARENT], We found a technical error that allowed [CHILD]'s friend [FRIEND] to create a group chat with [CHILD] and one or more of [FRIEND]'s parent-approved friends. We want you to know that we've turned off this group chat and are making sure that group chats like this won't be allowed in the future. If you have questions about Messenger Kids and online safety, please visit our Help Center and Messenger Kids parental controls. We'd also appreciate your feedback." From the report: The bug arose from the way Messenger Kids' unique permissions were applied in group chats. In a standard one-on-one chat, children can only initiate conversations with users who have been approved by the child's parents. But those permissions became more complex when applied to a group chat because of the multiple users involved. Whoever launched the group could invite any user who was authorized to chat with them, even if that user wasn't authorized to chat with the other children in the group. As a result, thousands of children were left in chats with unauthorized users, a violation of the core promise of Messenger Kids. It's unclear how long the bug was present in the app, which launched with group features in December 2017.

Read more of this story at Slashdot.

Categories: Privacy

Siemens Contractor Pleads Guilty To Planting Logic Bomb In Company Spreadsheets

Mon, 07/22/2019 - 20:45
Former Siemens contractor David Tinley faces up to 10 years in prison, a fine of $250,000, or both, for planting logic bombs inside spreadsheets he created for the company. The logic bomb would crash spreadsheets after a certain date, resulting in Siemens hiring the contractor to fix the latest bugs. ZDNet reports: According to court documents, Tinley provided software services for Siemens' Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. The spreadshees included custom scripts that would update the content of the file based on current orders stored in other, remote documents, allowing the company to automate inventory and order management. But while Tinley's files worked for years, they started malfunctioning around 2014. According to court documents, Tinley planted so-called "logic bombs" that would trigger after a certain date, and crash the files. Every time the scripts would crash, Siemens would call Tinley, who'd fix the files for a fee. The scheme lasted for two years, until May 2016, when Tinley's trickery was unraveled by Siemens employees. According to a report from Law360, the scheme fell apart when Tinley was out of town, and had to hand over an administrative password for the spreadsheets to Siemens' IT staff, so they could fix the buggy scripts and fill in an urgent order. Siemens IT employees found the logic bomb, and it all went downhill from there. Tinley was charged this May, and pled guilty last week, on July 19. The contractor's sentencing hearing is scheduled for November 8.

Read more of this story at Slashdot.

Categories: Privacy

Apple In Advanced Talks To Buy Intel's Smartphone-Modem Chip Business

Mon, 07/22/2019 - 18:40
According to The Wall Street Journal, Apple is in advanced talks to buy Intel's smartphone-modem chip business (Warning: source paywalled; alternative source), "a move that would jump-start the iPhone maker's push to take control of developing the critical components powering its devices." From the report: A deal, covering a portfolio of patents and staff valued at $1 billion or more, could be reached in the next week, the people said -- assuming the talks don't fall apart. Though the purchase price is a rounding error for companies valued in the hundreds of billions of dollars, the transaction would be important strategically and financially. It would give Apple access to engineering work and talent behind Intel's yearslong push to develop modem chips for the crucial next generation of wireless technology known as 5G, potentially saving years of development work. For Intel's part, a deal would allow the company to shed a business that had been weighing on its bottom line: The smartphone operation had been losing about $1 billion annually, a person familiar with its performance has said, and has generally failed to live up to expectations. Though it would exit the smartphone business, Intel plans to continue to work on 5G technology for other connected devices. Earlier this year, it was reported that Apple began discussing plans to acquire parts of Intel's smartphone modem chip business last summer, around the time former Intel Chief Executive Brian Krzanich resigned. "Mr. Krzanich championed the modem business and touted 5G technology as a big future revenue stream," reports The Wall Street Journal. "When Bob Swan was named to that job in January, analysts said the odds of a deal rose because his focus on cleaning up Intel would require addressing the losses in the modem business."

Read more of this story at Slashdot.

Categories: Privacy

Microsoft Pays $25 Million To End US Probe Into Bribery Overseas

Mon, 07/22/2019 - 18:03
An anonymous reader quotes a report from Bloomberg: Microsoft Corp. agreed to pay $25 million to settle U.S. government investigations into alleged bribery by former employees in Hungary. The software maker's Hungarian subsidiary entered into a non-prosecution agreement with the U.S. Department of Justice and a cease-and-desist order with the Securities and Exchange Commission, Microsoft said in an email to employees from Chief Legal Officer Brad Smith that was posted Monday on the company's web site. The case concerned violations of the Foreign Corrupt Practices Act, according to an SEC filing. The Justice Department concluded that between 2013 and June 2015 "a senior executive and some other employees at Microsoft Hungary participated in a scheme to inflate margins in the Microsoft sales channel, which were used to fund improper payments under the FCPA," Smith wrote in the email. Microsoft sold software to partners at a discount and the partners then resold the products to the Hungarian government at a higher price. The difference went to fund kickbacks to government officials, the Wall Street Journal reported in 2018. The company fired the employees involved, Smith noted. The company says it "now requires discounts it provides to sales partners to be passed directly to government customers," and "the company makes customers aware of any discounts to ensure they are receiving them and that funds are not diverted for other purposes like bribes," the report adds. "The company also is using machine-learning software to track contracts and flag discounts or other practices that appear unusual." In semi-related news, Microsoft today announced that it would invest $1 billion in OpenAI to develop AI technologies on Azure.

Read more of this story at Slashdot.

Categories: Privacy

Microsoft Warns of Political Cyberattacks, Announces Free Vote-Verification Software

Sat, 07/20/2019 - 18:44
"Microsoft on Wednesday announced that it would give away software designed to improve the security of American voting machines," reports NBC News. Microsoft also said its AccountGuard service has already spotted 781 cyberattacks by foreign adversaries targeting political organizations -- 95% of which were located in the U.S. The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to "enable a new era of secure, verifiable voting." The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election. The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post... Edward Perez, an election security expert with the independent Open Source Election Technology Institute, said Microsoft's move signals that voting systems, long a technology backwater, are finally receiving attention from the county's leading technical minds. "We think that it's good when a technology provider as significant as Microsoft is stepping into something as nationally important as election security," Perez told NBC News. "ElectionGuard does provide verification and it can help to detect attacks. It's important to note that detection is different from prevention." Microsoft also said its notified nearly 10,000 customers that they've been targeted or compromised by nation-state cyberattacks, according to the article -- mostly from Russia, Iran, and North Korea. "While many of these attacks are unrelated to the democratic process," Microsoft said in a blog post, "this data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics, or achieve other objectives."

Read more of this story at Slashdot.

Categories: Privacy