Half of Ransomware Victims Didn't Recover Their Data After Paying the Ransom ( 58

An anonymous reader shares a report: A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand. The survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the ransom demand, even if for desperate reasons, does not guarantee that victims will regain access to their files. Timely backups are still the most efficient defense against possible ransomware infections, as it allows easy recovery. The survey reveals that 55% of all responders suffered a ransomware infection in 2017, compared to the previous year's study, when 61% experienced similar incidents. Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications. Of the 38.7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.

McAfee Acquires VPN Provider TunnelBear ( 56

McAfee announced that it has acquired Canada-based virtual private network (VPN) company TunnelBear. From a report: Founded in 2011, Toronto-based TunnelBear has gained a solid reputation for its fun, cross-platform VPN app that uses quirky bear-burrowing animations to bring online privacy to the masses. The company claims around 20 million people have used its service across mobile and desktop, while a few months back it branched out into password management with the launch of the standalone RememBear app. [...] That TunnelBear has sold to a major brand such as McAfee won't be greeted warmly by many of the product's existing users. However, with significantly more resources now at its disposal, TunnelBear should be in a good position to absorb any losses that result from the transfer of ownership.

Facebook's VPN Service Onavo Protect Collects Personal Data -- Even When It's Switched Off ( 67

Security researcher Will Strafach took a look at Onavo Protect, a newly released VPN service from Facebook: I found that Onavo Protect uses a Packet Tunnel Provider app extension, which should consistently run for as long as the VPN is connected, in order to periodically send the following data to Facebook ( as the user goes about their day:
When user's mobile device screen is turned on and turned off.
Total daily Wi-Fi data usage in bytes (Even when VPN is turned off).
Total daily cellular data usage in bytes (Even when VPN is turned off).
Periodic beacon containing an "uptime" to indicate how long the VPN has been connected.


FBI Paid Geek Squad Repair Staff As Informants ( 205

According to newly released documents by the Electronic Frontier Foundation, federal agents would pay Geek Squad employees to flag illegal materials on devices sent in by customers for repairs. "The relationship goes back at least ten years, according to documents released as a result of the lawsuit [filed last year]," reports ZDNet. "The agency's Louisville division aim was to maintain a 'close liaison' with Geek Squad management to 'glean case initiations and to support the division's Computer Intrusion and Cyber Crime programs.'" From the report: According to the EFF's analysis of the documents, FBI agents would "show up, review the images or video and determine whether they believe they are illegal content" and seize the device so an additional analysis could be carried out at a local FBI field office. That's when, in some cases, agents would try to obtain a search warrant to justify the access. The EFF's lawsuit was filed in response to a report that a Geek Squad employee was used as an informant by the FBI in the prosecution of child pornography case. The documents show that the FBI would regularly use Geek Squad employees as confidential human sources -- the agency's term for informants -- by taking calls from employees when they found something suspect.

'Repeatable Sanitization' is a Feature of PCs Now ( 90

HP has announced a trio of slightly-odd products intended for use in hospitals. From a report: The new HP EliteOne 800 G4 23.8 Healthcare Edition All-in-One PC and HP EliteBook 840 G5 Healthcare Edition Notebook are computers intended for use in the healthcare industry. The EliteBook will ship with software called "Easy Clean" that disables the keyboard, touchscreen and keypad "to facilitate cleaning with germicidal wipes while the device is still on." HP said it's scoured the market and thinks it is the only vendor on the planet with a laptop capable of handling "up to 10,000 wipes with germicidal towelettes over a 3-year period." The All-in-One boasts no antibacterial features, but does have both RFID and biometric authentication, handy features in an environment where PCs can't be left unlocked to preserve privacy. That requirement means PCs are logged on to many more times a day than the average machine, making the presence of Windows Hello facial recognition more than a gimmick. Oddly, both come with the disclaimer that they're "not intended for use in diagnosis, cure, treatment or prevention of disease or other medical conditions."

Google Is Helping the Pentagon Build AI for Drones ( 95

Google has partnered with the United States Department of Defense to help the agency develop artificial intelligence for analyzing drone footage, a move that set off a firestorm among employees of the technology giant when they learned of Google's involvement, Gizmodo reported on Tuesday. From the report: Google's pilot project with the Defense Department's Project Maven, an effort to identify objects in drone footage, has not been previously reported, but it was discussed widely within the company last week when information about the project was shared on an internal mailing list, according to sources who asked not to be named because they were not authorized to speak publicly about the project. Some Google employees were outraged that the company would offer resources to the military for surveillance technology involved in drone operations, sources said, while others argued that the project raised important ethical questions about the development and use of machine learning.

The Slow Death of the Internet Cookie ( 97

Sara Fischer, writing for Axios: Over 60% of marketers believe they will no longer need to rely on tracking cookies, a 20-year-old desktop-based technology, for the majority of their digital marketing within the next two years, according to data from Viant Technology, an advertising cloud. Why it matters: Advertising and web-based services that were cookie-dependent are slowly being phased out of our mobile-first world, where more personalized data targeting is done without using cookies. Marketers are moving away from using cookies to track user data on the web to target ads now that people are moving away from desktop. 90% of marketers say they see improved performance from people-based marketing, compared with cookie-based campaigns.

MoviePass CEO Proudly Says App Tracks Your Location Before, After Movies ( 166

MoviePass CEO Mitch Lowe told an audience at a Hollywood event last Friday that the app tracks moviegoers' locations before and after each show they watch. "We get an enormous amount of information," Lowe said. "We watch how you drive from home to the movies. We watch where you go afterwards." His talk at the Entertainment Finance Forum was entitled "Data is the New Oil: How will MoviePass Monetize It?" TechCrunch reports: It's no secret that MoviePass is planning on making hay out of the data collected through its service. But what I imagined, and what I think most people imagined, was that it would be interesting next-generation data about ticket sales, movie browsing, A/B testing on promotions in the app and so on. I didn't imagine that the app would be tracking your location before you even left your home, and then follow you while you drive back or head out for a drink afterwards. Did you? It sure isn't in the company's privacy policy, which in relation to location tracking discloses only a "single request" when selecting a theater, which will "only be used as a means to develop, improve, and personalize the service." Which part of development requires them to track you before and after you see the movie? A MoviePass representative said in a statement to TechCrunch: "We are exploring utilizing location-based marketing as a way to help enhance the overall experience by creating more opportunities for our subscribers to enjoy all the various elements of a good movie night. We will not be selling the data that we gather. Rather, we will use it to better inform how to market potential customer benefits including discounts on transportation, coupons for nearby restaurants, and other similar opportunities."

Microsoft To Offer Governments Local Version of Azure Cloud Service ( 28

Microsoft on Monday said it will soon make it possible for government clients to run its cloud technology on their own servers as part of a concerted effort to make Azure more appealing to local and federal agencies. From a report: The pairing of Azure Stack, Microsoft's localized cloud product, and Azure Government, the government-tailored version of Microsoft's cloud, comes as competition against Inc for major clients in the public sector ramps up. The new offering, which will be made available in mid-2018, is designed to appeal to governments and agencies with needs for on-premise servers, such as in a military operation or in an embassy abroad, said Tom Keane, Microsoft Azure's head of global infrastructure.

New LTE Attacks Can Snoop On Messages, Track Locations, and Spoof Emergency Alerts ( 28

An anonymous reader quotes a report from ZDNet: A slew of newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts. Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. Those flaws can allow authentication relay attacks that can allow an adversary to connect to a 4G LTE network by impersonating an existing user -- such as a phone number. Although authentication relay attacks aren't new, this latest research shows that they can be used to intercept message, track a user's location, and stop a phone from connecting to the network. By using common software-defined radio devices and open source 4G LTE protocol software, anyone can build the tool to carry out attacks for as little as $1,300 to $3,900, making the cost low enough for most adversaries. The researchers aren't releasing the proof-of-concept code until the flaws are fixed, however.

Ask Slashdot: Best To-Do/Task List Software? 278

Albanach writes: Despite searching, I have not identified a good solution for managing to-do lists, a problem that can't be unique or unusual. For a variety of reasons, I need something I host myself, which allows me to organize tasks, give them due dates and/or priorities and to easily reorganize. I'd prefer a web interface so that I can access my list from home/work/mobile. My searches generally turned up hosted solutions that don't work for privacy reasons, or very old software that has shown no sign of updates in years. What are other Slashdotters using to manage their real-world task list?

Equifax Identifies Additional 2.4 Million Customers Hit By Data Breach ( 15

Credit score giant Equifax said on Thursday it had identified another 2.4 million U.S. consumers whose names and driver's license information were stolen in a data breach last year that affected half the U.S. population. From a report: The company said it was able confirm the identities of U.S. consumers whose driver's license information was taken by referencing other information in proprietary company records that the attackers did not steal. "Equifax will notify these newly identified U.S. consumers directly, and will offer identity theft protection and credit file monitoring services at no cost to them," the company said.

Germany Says Government Network Was Breached ( 30

An anonymous reader shares a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): German authorities said on Wednesday they were investigating a security breach of the government's highly protected computer network. The country's intelligence agencies were examining attacks on more than one government ministry, the interior ministry said, adding that the affected departments had been informed and that the attack had been isolated and brought under control. Earlier on Wednesday, the German news agency DPA reported that German security services had discovered a breach of the government's IT network in December and traced it back to state-sponsored Russian hackers. German companies have been the target of sustained attacks by state-sponsored hackers, mainly believed to be Chinese. In 2015, the Bundestag, parliament's lower house, suffered a extensive breach, leading to the theft of several gigabytes of data by what German security officials believe were Russian cyberthieves. Hackers believed to be part of the Russia-linked APT28 group sought to infiltrate the computer systems of several German political parties in 2016, Germany's domestic intelligence agency said in 2016.

Facebook Silently Enables Facial Recognition Abilities For Users Outside EU, Canada ( 70

Facebook is now informing users around the world that it's rolling out facial recognition features. Users in the European Union and Canada will not be notified because laws restrict this type of activity in those areas. Neowin reports: With the new tools, you'll be able to find photos that you're in but haven't been tagged in; they'll help you protect yourself against strangers using your photo; and Facebook will be able to tell people with visual impairments who's in their photos and videos. By default, Facebook warns that this feature is enabled but can be switched off at any time; additionally, the firm says it may add new capabilities at any time. In its initial statement, Facebook said the following about the impersonation protections it was introducing: "We want people to feel confident when they post pictures of themselves on Facebook so we'll soon begin using face recognition technology to let people know when someone else uploads a photo of them as their profile picture. We're doing this to prevent people from impersonating others on Facebook."

Google Releases Info On 2.4 Million 'Right To Be Forgotten' Requests ( 69

According to Google's latest transparency report, the company has received 2.4 million "right to be forgotten" requests since 2014, most of which came from private individuals. Engadget reports: Europe's biggest court passed the right to be forgotten law in 2014, compelling the tech titan to remove personal info from its search engine upon request. In the report, Google has revealed that it complied with 43.3 percent of all the requests it's gotten and has also detailed the nature of those takedown pleas. France, Germany and the UK apparently generated 51 percent of all the URL delisting appeals. Overall, 89 percent of the takedown pleas came from private individuals: Non-government figures such as celebrities submitted 41,213 of the URLs in Google's pile, while politicians and government officials submitted 33,937. As Gizmodo noted, though, there's a small group of law firms and reputation management services submitting numerous pleas, suggesting the rise of reputation-fixing business in the region.

Out of those 2.4 million requests, 19.1 percent are directory URLs, while news websites and social networks only make up 17.6 and 11.6 percent of them. Majority of the URLs submitted for removal are random online destinations that don't fall under any of the previous categories. As for the takedown's reasons, it looks 18.1 percent of the submissions want their professional info scrubbed, 7.7 percent want info they previously posted online themselves to be removed and 6.1 percent want their crimes hidden from search.


Bill Gates: Cryptocurrency Is 'Rare Technology That Has Caused Deaths In a Fairly Direct Way' ( 161

An anonymous reader quotes a report from CNBC: During a recent "Ask Me Anything" session on Reddit, the Microsoft co-founder said that the main feature of cryptocurrencies is the anonymity they provide to buyers, and Gates thinks that can actually be harmful. "The government's ability to find money laundering and tax evasion and terrorist funding is a good thing," he wrote. "Right now, cryptocurrencies are used for buying fentanyl and other drugs, so it is a rare technology that has caused deaths in a fairly direct way." When a Reddit user pointed out that plain cash can also be used for illicit activities, Gates said that crypto stands out because it can be easier to use. "Yes -- anonymous cash is used for these kinds of things, but you have to be physically present to transfer it, which makes things like kidnapping payments more difficult," he wrote. Gates also warned that the wave of speculation surrounding cryptocurrencies is "super risky for those who go long."

Supreme Court Wrestles With Microsoft Data Privacy Fight ( 163

Supreme Court justices on Tuesday wrestled with Microsoft's dispute with the U.S. Justice Department over whether prosecutors can force technology companies to hand over data stored overseas, with some signaling support for the government and others urging Congress to pass a law to resolve the issue. From a report: Chief Justice John Roberts and Justice Samuel Alito, both conservatives, hinted during an hour-long argument in the case at support for the Justice Department's stance that because Microsoft is based in the United States it was obligated to turn over data sought by prosecutors in a U.S. warrant. As the nine justices grappled with the technological complexities of email data storage, liberals Ruth Bader Ginsburg and Sonia Sotomayor questioned whether the court needed to act in the data privacy case in light of Congress now considering bipartisan legislation that would resolve the legal issue. A ruling is due by the end of June.

Coinbase: We Will Send Data On 13,000 Users To IRS ( 133

Coinbase has formally notified its customers that it will be complying with a court order and handing over the user data for about 13,000 of its customers to the Internal Revenue Service. Ars Technica reports: The case began back in November 2016 when the IRS went to a federal judge in San Francisco to enforce an initial order that would have required the company to hand over the data of all users who transacted on the site between 2013 and 2015 as part of a tax evasion investigation. Coinbase resisted the IRS' request in court. But by November 2017, after a hearing, U.S. Magistrate Judge Jacqueline Scott Corley narrowed the request to only cover 13,000 particular individuals. The San Francisco-based startup is now required to provide "taxpayer ID, name, birth date, address, and historical transaction records for certain higher-transacting customers during the 2013-2015 period." Coinbase reminded its users that it is "unable to provide legal or tax advice." The company also noted, "If you have concerns about this, we encourage you to seek legal advice from an attorney promptly. Coinbase expects to produce the information covered by the court's order within 21 days."

Pop-Up Cameras Could Soon Be a Mobile Trend ( 58

An anonymous reader quotes a report from TechCrunch: There's an interesting concept making its way around Mobile World Congress. Two gadgets offer cameras hidden until activated, which offer a fresh take on design and additional privacy. Vivo built a camera into a smartphone concept that's on a little sliding tray and Huawei will soon offer a MacBook Pro clone that features a camera hidden under a door above the keyboard. This could be a glimpse of the future of mobile design. Cameras have long been embedded in laptops and smartphones much to the chagrin of privacy experts. Some users cover up these cameras with tape or slim gadgets to ensure nefarious players do not remotely activate the cameras. Others, like HP, have started to build in shutters to give the user more control. Both DIY and built-in options require substantial screen bezels, which the industry is quickly racing to eliminate.

With shrinking bezels, gadget makers have to look for new solutions like the iPhone X notch. Others still, like Vivo and Huawei, are look at more elegant solutions than carving out a bit of the screen. For Huawei, this means using a false key within the keyboard to house a hidden camera. Press the key and it pops up like a trapdoor. We tried it out and though the housing is clever, the placement makes for awkward photos -- just make sure you trim those nose hairs before starting your conference call. Vivo has a similar take to Huawei though the camera is embedded on a sliding tray that pops-up out of the top of the phone.

Slashdot Top Deals