Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Crime

BMW Traps A Car Thief By Remotely Locking His Doors (cnet.com) 265

An anonymous reader quotes CNET: Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal... Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (November 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," wrote Jonah Spangenthal-Lee [deputy director of communications for the Seattle Police Department].

The suspect found a key fob mistakenly left inside the BMW by a friend who'd borrowed the car from the owner and the alleged crime was on. But technology triumphed. When the owner, who'd just gotten married a day earlier, discovered the theft, the police contacted BMW corporate, who tracked the car to Seattle's Ravenna neighborhood.

The 38-year-old inside was then booked for both auto theft and possession of methamphetamine.
United Kingdom

UK Health Secretary Urges Social Media Companies To Block Cyberbullying And Underaged Sexting (betanews.com) 65

Mark Wilson shares his article on Beta News: Health secretary Jeremy Hunt has made calls for technology companies and social media to do more to tackle the problems of cyberbullying, online intimidation and -- rather specifically -- under-18-year-olds texting sexually explicit images. Of course, he doesn't have the slightest idea about how to go about tackling these problems, but he has expressed his concern so that, in conjunction with passing this buck to tech companies, should be enough, right?
Hunt apparently believes there's already a technology which can identify sexually explicit photos, and that social media networks should now also develop algorithms to identify and block cyberbullying, an idea the Guardian called "sadly laughable."

"Is the blanket censorship of non-approved communications for all under 18s -- something that goes far further than even the Great Firewall of China -- really the kind of thing a government minister should be able to idly suggest in 2016?"
Encryption

Encryption Backdoor Sneaks Into UK Law (theregister.co.uk) 133

Coisiche found a disturbing article from The Register about the U.K.'s new "Snoopers' Charter" law that has implications for tech companies around the world: Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the U.K. government to undermine encryption and demand surveillance backdoors... As per the final wording of the law, comms providers on the receiving end of a "technical capacity notice" will be obliged to do various things on demand for government snoops -- such as disclosing details of any system upgrades and removing "electronic protection" on encrypted communications. Thus, by "technical capability," the government really means backdoors and deliberate security weaknesses so citizens' encrypted online activities can be intercepted, deciphered and monitored... At the end of the day, will the U.K. security services be able to read your email, your messages, your posts and private tweets, and your communications if they believe you pose a threat to national security? Yes, they will.
The bill added the Secretaries of State as a required signatory to the "technical capacity" notices, which "introduces a minor choke-point and a degree of accountability." But the article argues the law ultimately anticipates the breaking of encryption, and without customer notification. "The U.K. government can certainly insist that a company not based in the U.K. carry out its orders -- that situation is specifically included in the new law -- but as to whether it can realistically impose such a requirement, well, that will come down to how far those companies are willing to push back and how much they are willing to walk away from the U.K. market."
Communications

'Fatal' Flaws Found in Medical Implant Software (bbc.com) 38

Security researchers have warned of flaws in medical implants in what they say could have fatal consequences. The flaws were found in the radio-based communications used to update implants, including pacemakers, and read data from them. From a BBC report:By exploiting the flaws, the researchers were able to adjust settings and even switch off gadgets. The attacks were also able to steal confidential data about patients and their health history. A software patch has been created to help thwart any real-world attacks. The flaws were found by an international team of security researchers based at the University of Leuven in Belgium and the University of Birmingham.
Piracy

UK ISPs To Start Sending 'Piracy Alerts' Soon (torrentfreak.com) 69

Beginning next year, internet service providers in the UK will send email notifications to subscribers whose connections have been allegedly used to download copyright infringing content. In what is an attempt to curtail piracy rates, these alerts would try to educate those who pirate about legal alternates. TorrentFreak adds: Mimicking its American counterpart, the copyright alert program will monitor the illegal file-sharing habits of UK citizens with a strong focus on repeat infringers. The piracy alerts program is part of the larger Creative Content UK (CCUK) initiative which already introduced several anti-piracy PR campaigns, targeted at the general public as well as the classroom. The plan to send out email alerts was first announced several years ago when we discussed it in detail, but it took some time to get everything ready. This week, a spokesperson from CCUK's "Get it Right From a Genuine Site" campaign informed us that it will go live in first few months of 2017. It's likely that ISPs and copyright holders needed to fine-tune their systems to get going, but the general purpose of the campaign remains the same.
Java

Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability (arstechnica.com) 30

An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.
Communications

The UK Is About to Legalize Mass Surveillance [Update] (vice.com) 394

From a report on Motherboard: On Tuesday, the UK is due to pass its controversial new surveillance law, the Investigatory Powers Act, according to the Home Office. The Act, which has received overwhelming support in both the House of Commons and Lords, formally legalizes a number of mass surveillance programs revealed by Edward Snowden in 2013. It also introduces a new power which will force internet service providers to store browsing data on all customers for 12 months. Civil liberties campaigners have described the Act as one of the most extreme surveillance laws in any democracy, while law enforcement agencies believe that the collection of browsing data is vital in an age of ubiquitous internet communications. "The Investigatory Powers Act 2016 will ensure that law enforcement and the security and intelligence agencies have the powers they need in a digital age to disrupt terrorist attacks, subject to strict safeguards and world-leading oversight," a statement from the Home Office reads. Much of the Act gives stronger legal footing to the UK's various bulk powers, including "bulk interception," which is, in general terms, the collection of internet and phone communications en masse. In June 2013, using documents provided by Edward Snowden, The Guardian revealed that the GCHQ taps fibre-optic undersea cables in order to intercept emails, internet histories, calls, and a wealth of other data. Update: "Snooper's charter" bill has become the law. The home secretary said:"The Investigatory Powers Act is world-leading legislation, that provides unprecedented transparency and substantial privacy protection. "The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe. The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight."
Communications

NASA X-Ray Tech Could Enable Superfast Communication In Deep Space (space.com) 58

An anonymous reader quotes a report from Space.com: New technology could use X-rays to transmit data at high rates over vast distances in outer space, as well as enable communications with hypersonic vehicles during re-entry, when radio communications are impossible, NASA scientists say. The technology would combine multiple NASA projects currently in progress to demonstrate the feasibility of X-ray communications from outside the International Space Station. The radio waves used by mobile phones, Wi-Fi and, of course, radios, are one kind of light. Other forms of light can carry data as well; for instance, fiber-optic telecommunications rely on pulses of visible and near-infrared light. The effort to use another type of light, X-rays, for communication started with research on NASA's proposed Black Hole Imager. That mission is designed to analyze the edges of the supermassive black holes that previous research suggested exist at the centers of most, if not all, large galaxies. One potential strategy to enable the Black Hole Imager was to develop a constellation of precisely aligned spacecraft to collect X-rays emitted from the edges of those black holes. Keith Gendreau, an astrophysicist at NASA's Goddard Space Flight Center in Greenbelt, Maryland, thought of developing X-ray emitters that these spacecraft could use as navigational beacons to make sure they stayed in position relative to one another. The system would keep them aligned down to a precision of just 1 micron, or about one-hundredth the average width of a human hair. Gendreau then reasoned that by modulating or varying the strength or frequency of these X-ray transmissions on and off many times per second, these navigational beacons could also serve as a communication system. Such X-ray communication, or XCOM, might, in theory, permit gigabit-per-second data rates throughout the solar system, he said. One advantage that XCOM has compared to laser communication in deep space is that X-rays have shorter wavelengths than the visible or infrared light typically used in laser communication. Moreover, X-rays can penetrate obstacles that impede radio communication.
Microsoft

Newest Skype For Linux Enables SMS Text Messages From The Desktop (betanews.com) 176

BrianFagioli writes: Microsoft has delivered an incredible feature to Linux-based desktop operating systems by way of the latest Alpha version of its Skype client... The newly-released Skype for Linux 1.13 allows users to send SMS test messages from the operating system! True, web-based solutions such as Google Voice have long allowed the sending of text messages, but needing to use a web browser can be a chore. There is convenience and elegance in using the Skype for Linux client.
United Kingdom

48 Organizations Now Have Access To Every Brit's Browsing Hstory (zerohedge.com) 251

schwit1 quotes a report from Zero Hedge on Great Britain's newly-enacted "snoopers' charter": For those who missed our original reports, here is the new law in a nutshell: it requires telecom companies to keep records of all users' web activity for a year, creating databases of personal information that the firms worry could be vulnerable to leaks and hackers. Civil liberties groups say the law establishes mass surveillance of British citizens, following innocent internet users from the office to the living room and the bedroom. They are right. Which government agencies have access to the internet history of any British citizen? Here is the answer courtesy of blogger Chris Yuo, who has compiled the list
Click through to the comments to read the entire list.
Stats

Julian Assange Could Be Time's 'Person Of The Year', And Is Also Still Not Dead (time.com) 145

Long-time Slashdot reader cstacy noticed Saturday that Julian Assange hadn't made any communications or public appearances in six weeks. But today an anonymous reader writes: Julian Assange is still not dead, reports The Inquisitr, noting "the WikiLeaks founder made his first appearance in weeks, speaking with an interviewer for a conference in Beirut" including comments about the recent death of Fidel Castro.

Assange is also in the running to be chosen as "Person of the Year" in Time magazine's annual online reader's poll, and last Monday even moved briefly into first place, inching past Donald Trump. "It's worth noting that the poll presents people alphabetically," Time reported, "so Assange is the first option participants consider and Trump comes near the end of the poll."

I think the poll's being hacked by state actors, since Vladimir Putin now leads with 38%, followed by Theresa May (16%) and North Korea leader Kim Jong Un (13%), and Donald Trump is locked in a tie for fourth place with India Prime Minister Narendra Modi at 9%. Time worked with Opentopic and IBM's Watson to assemble the initial list for reader's votes, which also included Apple CEO Tim Cook and FBI director James Comey. Surprisingly, a few celebrities also turned up on the list too, including comedian Samantha Bee, Hamilton creator Lin-Manuel Miranda, and Olympic gymnast Simone Biles.
Transportation

US Regulators Seek To Reduce Road Deaths With Smartphone 'Driving Mode' (theguardian.com) 291

US regulators are seeking to reduce smartphone-related vehicle deaths with a new driving-safe mode that would block or modify apps to prevent them being a distraction while on the road. From a report on The Guardian:The US National Highway Traffic Safety Administration (NHTSA) are to issue voluntary guidelines for smartphone makers, which will seek to restrict the apps and services accessible on a smartphone being used by a driver. US transport secretary Anthony Foxx said: "Your smartphone becomes so many different things that it's not just a communication device. Distraction is still a problem. Too many people are dying and being injured on our roadways." The NHTSA is hoping that Apple, Samsung and other popular smartphone manufacturers will adopt the guidelines in future smartphone and software releases. The so-called driving mode will block distractions such as social media, messages or email, stop the use of the keyboard for communication activities and also restrict access to websites, video and distracting graphics. The intention is that the driving mode will be adopted in a similar manner to the airplane mode common to most smartphones and connected devices, which restricts radio communications while airborne. Airplane mode has been a feature of smartphones since 2007.
Security

WordPress Auto-Update Server Had Flaw Allowing Persistent Backdoors In Websites (theregister.co.uk) 33

mask.of.sanity quotes a report from The Register: Up to a quarter of all websites on the internet could have been breached through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The since-shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of their choice to verify code updates are legitimate. Matt Barry, lead developer of WordPress security outfit WordFence, found attackers could supply their own extremely weak hashing algorithm as part of that verification process, allowing a shared secret key to be brute-forced over the course of a couple of hours. The rate of guessing attempts would be small enough to fly under the radar of WordPress' security systems. Attackers that used the exploit could then send URLs to the WordPress update servers that would be accepted and pushed out to all WordPress sites. Web-watching service W3techs.com reckons those sites represent 27.1 per cent of the entire world wide web. "By compromising api.wordpress.org, an attacker could conceivably compromise more than a quarter of the websites worldwide in one stroke," Barry says. "We analyzed [WordPress] code and found a vulnerability that could allow an attacker to execute their own code on api.wordpress.org and gain access to it. Compromising this [update] server could allow an attacker to supply their own URL to download and install software to WordPress websites, automatically." Attackers could go further; once a backdoored or malicious update was pushed out, they could disable the default auto updates preventing WordPress from fixing compromised websites.
Open Source

Tor-Enabled Smartphone Is Antidote To Google 'Hostility' Over Android, Says Developer (arstechnica.com) 39

An anonymous reader quotes a report from Ars Technica: The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone -- an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google. The new phone, designed by Tor developer Mike Perry, is based on Copperhead OS, the hardened Android distribution profiled first by Ars earlier this year. "The prototype is meant to show a possible direction for Tor on mobile," Perry wrote in a blog post. "We are trying to demonstrate that it is possible to build a phone that respects user choice and freedom, vastly reduces vulnerability surface, and sets a direction for the ecosystem with respect to how to meet the needs of high-security users." To protect user privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. Users can punch a hole through the firewall for voice traffic, for instance, to enable Signal. The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys." While strong Linux geekcraft is required to install and maintain the prototype, Perry stressed that the phone is also aimed at provoking discussion about what he described as "Google's increasing hostility towards Android as a fully Open Source platform." Copperhead OS was the obvious choice for the prototype's base system, Perry told Ars. "Copperhead is also the only Android ROM that supports verified boot, which prevents exploits from modifying the boot, system, recovery, and vendor device partitions," said Perry in his blog post. "Copperhead has also extended this protection by preventing system applications from being overridden by Google Play Store apps, or from writing bytecode to writable partitions (where it could be modified and infected)." He added: "This makes Copperhead an excellent choice for our base system." The prototype, nicknamed "Mission Improbable," is now ready to download and install. Perry said he uses the prototype himself for his personal communications: "E-mail, Signal, XMPP+OTR, Mumble, offline maps and directions in OSMAnd, taking pictures, and reading news and books." He suggests leaving the prototype in airplane mode and connecting to the Internet through a second, less-trusted phone, or a cheap Wi-Fi cell router.
Communications

When a City Has Gigabit Internet, Prices For Slower Speed Tiers Drop: Study (arstechnica.com) 42

A new industry-funded research study, titled "Broadband competition helps to lower prices and faster download speeds for U.S. residential consumers," analyzed DSL, cable, and fiber broadband plans from the 100 largest designated market areas in the U.S. and found that when a city has gigabit internet speeds, the price of plans with slower speeds drop. Therefore, customers who don't purchase gigabit internet plans will still benefit from their availability. Ars Technica highlights the key findings of the study in their report: -The presence of gigabit service in a market is associated with a $27 decrease in the average monthly price of broadband plans with speeds of 100Mbps or greater but less than 1Gbps. That's a 25 percent price reduction.
-Markets with gigabit Internet also see smaller price decreases for plans as slow as 25Mbps. The presence of gigabit Internet has no significant effect on prices of plans with speeds below 25Mbps. This isn't that surprising since the slowest plans are already the cheapest and aren't suitable substitutes for gigabit speeds.
-Gigabit prices decline when at least two providers offer gigabit service. "If a DMA moves from having one to two providers of gigabit Internet, we estimate that the standard monthly price for gigabit Internet will decline by approximately $57 to $62, which is equal to a reduction in price of between 34 and 37 percent," the study said. Going from one to three gigabit competitors would reduce prices by an estimated $98.11 to $106.50 per month.
-Competition at any speed reduces prices. "An increase of one competitor is associated with approximately a $1.50 decline in the monthly standard broadband price for Internet plans with speeds ranging from 50Mbps to less than 1Gbps," the study said. For plans with download speeds of less than 25Mbps, the decrease in average monthly price is $0.42 for each competitor.
-Availability of fast speeds increases the likelihood that other ISPs will introduce their own higher-speed plans to match competitors. "In particular, we find that each additional competitor offering broadband in a higher speed category will increase the probability that other broadband providers in the market will offer broadband at those higher speeds by 4 to 17 percent on an annual basis," the study said.
-Average monthly prices for each speed category are as follows: $52.60 for speeds less than 25Mbps; $74.05 for plans from 25Mbps to 99Mbps; $108.52 for plans of least 100Mbps but less than 1Gbps; and $165.63 for speeds of at least 1Gbps.

Security

Data Breach at Three Mobile, Customer Details of Millions Exposed (telegraph.co.uk) 14

Cara McGoogan, writing for Telegraph: UK carrier Three Mobile has suffered a massive data breach in which the personal information and contact details of millions of customers could have been accessed. It is believed to one of the largest hacks of its kind to affect people living in Britain. UK-based cyber criminals managed to gain access to the upgrade database in Three's computer system. The database contains the personal information of those who are eligible for an upgrade, but it is not clear exactly how many customers this includes. The company has not outlined whether the system includes those who have previously upgraded or historic customers that have left the network. Attackers allegedly accessed the database using stolen employee credentials, which allowed them to login to the system without Three noticing. Once in, they tricked it into sending high-end upgrade handsets to an address where they could intercept them. Three has not said whether the accessed customer data was also stolen.
Microsoft

LinkedIn Blocked By Russian Government (pcworld.com) 68

LinkedIn's network just got a little smaller: Russia's communications regulator ordered ISPs to block access to the business networking company on Thursday. From a report on PCWorld: Roskomnadzor made the order after a Moscow appeal court last week upheld an earlier ruling that LinkedIn breached Russian privacy laws. Tagansky district court ruled against LinkedIn on Aug. 4, following a complaint from the Russian federal service for the supervision of communications, information technology and mass media that its activities breached a law requiring businesses handling Russians' personal data to process that data in Russia. Roskomnadzor said it filed suit after LinkedIn failed to respond to two requests for information about its plans for relocating the data to Russia. LinkedIn isn't the only U.S. company that has been targeted under the legislation.
Network

SpaceX Files FCC Application For Internet Access Network With 4,425 Satellites (geekwire.com) 121

An anonymous reader quotes a report from GeekWire: SpaceX has laid out further details about a 4,425-satellite communications network that's expected to provide global broadband internet access, with its Seattle-area office playing a key role in its development. The plan is explained in an application and supporting documents filed on Tuesday with the Federal Communications Commission. In the technical information that accompanied its application, SpaceX said it would start commercial broadband service with 800 satellites. That service would cover areas of the globe from 15 degrees north to 60 degrees north, and from 15 degrees south to 60 degrees south. That leaves out some portions of Alaska, which would require a temporary waiver from the FCC. Eventually, the network would grow to 4,425 satellites, transmitting in the Ku and Ka frequency bands. "Once fully deployed, the SpaceX system will pass over virtually all parts of the Earth's surface and therefore, in principle, have the ability to provide ubiquitous global service," SpaceX said. The satellites would orbit the planet at altitudes ranging from 714 to 823 miles (1,150 to 1,325 kilometers) -- well above the International Space Station, but well below geostationary satellites. SpaceX said it would follow federal guidelines to mitigate orbital debris. Each satellite would weigh 850 pounds (386 kilograms) and measure 13 by 6 by 4 feet (4 by 1.8 by 1.2 meters), plus solar arrays, SpaceX said. Operating lifetime was estimated at five to seven years per satellite.
Government

Schneier: We Need a New Agency For IoT Security (onthewire.io) 165

Reader Trailrunner7 writes: The recent DDoS attacks by the Mirai botnet against various targets, including DNS provider Dyn, have drawn the attention of congressional leaders, who say there may be a need for regulation of IoT device security in order to address the problem of vulnerable embedded devices. In a joint hearing on Wednesday, the House Subcommittee on Communications and Technology and the Subcommittee on Commerce, Manufacturing, and Trade delved into the issue of IoT security and several lawmakers said that they were reluctant to get the government involved in regulating this problem, but it may be inevitable. The problem, of course, is that many of the embedded devices that make up the IoT aren't manufactured in the United States, so regulation would have no effect on their security. Another piece of the puzzle is the fact that there's no one federal agency or independent organization that oversees security standards for IoT devices. There are embedded computers in cars, appliances, medical devices, and hundreds of other kinds of devices. That cuts across many different industries and regulatory fields, a problem that the federal government is not set up to handle. "I actually think we need a new agency. We can't have different rules if a computer makes calls, or a computer has wheels, or is in your body," said cryptographer Bruce Schneier, another witness during the hearing. "The government is getting involved here regardless, because the stakes are too high. The choice isn't between government involvement and no government involvement. It's between good government involvement and stupid government involvement. I'm not a regulatory fan but this is a world of dangerous things."
Communications

Smaller ISPs Have Happier Customers, UK Based Study Says (betanews.com) 54

Mark Wilson, writing for BetaNews: If you have eschewed the big names and opted for a smaller ISP, you probably have a happier broadband experience. These are the findings of a report which says the big four ISPs in the UK -- BT, Sky, Virgin Media and TalkTalk -- are rated lower than their smaller rivals. In fact, the highest rated provider, SSE, has only been in the broadband game since 2014, with Yorkshire-based Plusnet coming in second place, says Cable.co.uk. Of the big names, TalkTalk provides broadband to 13 percent of UK internet users, yet it scored just 6.66 out of 10 and placed in ninth position. The four biggest companies accounts for 87 percent of the market, but the best performer -- Sky -- only managed to hit fifth place.

Slashdot Top Deals