aggregator

AlphaBay Owner Used Email Address For Both AlphaBay and LinkedIn Profile.

Slashdot - Your Rights Online - 1 godz. 22 min ago
BarbaraHudson writes: The Register is reporting that Alexandre Cazes, the 25-year-old Canadian running the dark web site AlphaBay, was using a hotmail address easily connected to him via his Linkdin profile to administer the site. From the report: "[A]ccording to U.S. prosecutors, he used his real email address, albeit a Hotmail address -- Pimp_Alex_91@hotmail.com -- as the administrator password for the marketplace software. As a result, every new user received a welcome email from that address when they signed up to the site, and everyone using its password recovery tool also received an email from that address. However, rather than carefully set up and then abandon that email address, it turns out that Alexandre Cazes -- Pimp Alex -- had been using that address for years. Cazes had also used his Pimp Alex Hotmail address as well as an email address from his own business -- EBX Technologies -- to set up online bank accounts and crypto-currency accounts. How did law enforcement know that Cazes was behind EBX Technologies? It was on his LinkedIn profile." BarbaraHudson adds: "His laptop wasn't encrypted, so expect more arrests as AlphaBay users are tracked down."

Read more of this story at Slashdot.

Judge Rules That Government Can Force Glassdoor To Unmask Anonymous Users Online

Slashdot - Your Rights Online - 10 godzin 37 min ago
pogopop77 shares a report from Ars Technica: An appeals court will soon decide whether the U.S. government can unmask anonymous users of Glassdoor -- and the entire proceeding is set to happen in secret. Federal investigators sent a subpoena asking for the identities of more than 100 anonymous users of the business-review site Glassdoor, who apparently posted reviews of a company that's under investigation for potential fraud related to its contracting practices. The government later scaled back its demand to just eight users. Prosecutors believe these eight Glassdoor users are "third-party witnesses to certain business practices relevant to [the] investigation." The name of the company under investigation is redacted from all public briefs. Glassdoor made a compromise proposal to the government: it would notify the users in question about the government's subpoena and then provide identifying information about users who were willing to participate. The government rejected that idea. At that point, Glassdoor lawyered up and headed to court, seeking to have the subpoena thrown out. Lawyers for Glassdoor argued that its users have a First Amendment right to speak anonymously. While the company has "no desire to interfere" with the investigation, if its users were forcibly identified, the investigation "could have a chilling effect on both Glassdoor's reviewers' and readers' willingness to use glassdoor.com," states Glassdoor's motion (PDF). The government opposed the motion, though, and prevailed in district court.

Read more of this story at Slashdot.

Apple Flies Top Privacy Executives Into Australia To Lobby Against Proposed Encryption Laws

Slashdot - Your Rights Online - 11 godzin 17 min ago
An anonymous reader quotes a report from Patently Apple: Last week Patently Apple posted a report titled "Australia proposed new Laws Compelling Companies like Facebook & Apple to Provide Access to Encrypted Messages." Days later, Australia's Prime Minister spoke about the encryption problem with the Australian press as noted in the video in our report. Now we're learning that Apple has flown in top executives to lobby Turnbull government on encryption laws. It sounds like a showdown is on the horizon. This is the second time this month that Apple has flown executives into Australia to lobby the government according to a Sydney publication. Apple executives met with Attorney-General George Brandis and senior staff in Prime Minister Malcolm Turnbull's office on Tuesday to discuss the company's concerns about the legal changes, which could see tech companies compelled to provide access to locked phones and third party messaging applications. Apple has argued in the meetings that as a starting point it does not want the updated laws to block tech companies from using encryption on their devices, nor for companies to have to provide decryption keys to allow access to secure communications. The company has argued that if it is compelled to provide a software "back door" into its phones to help law enforcement agencies catch criminals and terrorists, this would reduce the security for all users. It also says it has provided significant assistance to police agencies engaged in investigations, when asked. UPDATE 07/20/17: Headline has been updated to clarify that Apple is lobbying against the proposed encryption laws in Australia.

Read more of this story at Slashdot.

Alleged Dark Web Kingpin Doxed Himself With His Personal Hotmail Address

Slashdot - Your Rights Online - 12 godzin 2 min ago
Joseph Cox, reporting for Motherboard: On Thursday, US authorities announced the seizure of the largest dark web marketplace AlphaBay. Europol and Dutch police also claimed seizure of Hansa, another popular market. In their dark web investigations, law enforcement have increasingly turned to hacking tools, including the deployment of browser exploits on a mass scale. But tracking down the alleged AlphaBay administrator was much more mundane, officials said. Alexandre Cazes, who US authorities say used the handle alpha02 as administrator of the site, allegedly left his personal email in a welcome message to new AlphaBay members, according to the forfeiture complaint published on Thursday. The news echoes the arrest of Ross Ulbricht, the convicted creator of the original Silk Road, who made a similar security mistake. "In December 2016, law enforcement learned that CAZES' personal email was included in the header of AlphaBay's 'welcome email' to new users in December 2014," the complaint reads. Users received this message once they signed up to AlphaBay's forum and entered an email address. Cazes' email address -- Pimp_Alex_91@hotmail.com -- was also included in the header of the AlphaBay forum password recovery process, the complaint adds. From there, investigators found the address was linked to an Alexandre Cazes, and discovered his alleged front company, EBX Technologies.

Read more of this story at Slashdot.

Authorities Take Down Hansa Dark Web Market, Confirm AlphaBay Takedown

Slashdot - Your Rights Online - 13 godzin 22 min ago
An anonymous reader writes via Bleeping Computer: Today, in coordinated press releases, the U.S. Department of Justice (DOJ) and Europol announced the takedown of two Dark Web marketplaces -- AlphaBay and Hansa Market. First to fall was the Hansa Market after Dutch officers seized control over their servers located inside one of the country's hosting providers. Dutch Police seized Hansa servers on June 20, but the site was allowed to operate for one more month as officers gathered more evidence about its clientele. The Hansa honeypot received an influx of new users as the FBI shut down AlphaBay on July 5, a day after it took control over servers on July 4. Europol and the FBI say they collected mountains of evidence such as "usernames and passwords of thousands of buyers and sellers of illicit commodities" and "delivery addresses for a large number of orders." FBI Active Director McCabe said AlphaBay was ten times larger than Silk Road, with over 350,000 listings. In opposition, Silk Road, which authorities seized in November 2013, listed a meager 14,000 listings for illicit goods and services at the time authorities took down the service.

Read more of this story at Slashdot.

FCC Says It Has No Documentation of Cyberattack That It Claims Happened

Slashdot - Your Rights Online - Cz, 2017-07-20 23:20
An anonymous reader quotes a report from The Hill: The Federal Communications Commission (FCC) declined to reveal analysis proving that it was the victim of a cyberattack in May. The agency claimed at the time that its Electronic Comment Filing System (ECFS) did not actually crash because of a large amount of traffic on the site prompted by John Oliver telling viewers to file comments in favor of net neutrality on his HBO show, Last Week Tonight. Instead, the FCC said that the ECFS went down as a result of a DDoS attack. In its response to Gizmodo's FOIA request, the FCC said that the attack "did not result in written documentation." "Based on a review of the logs, we have already provided a detailed description of what happened. We stand by our career IT staff's analysis of the evidence in our possession," an FCC spokesperson said when asked for comment on the matter.

Read more of this story at Slashdot.

US Ends Controversial Laptop Ban On Flights From Middle East

Slashdot - Your Rights Online - Cz, 2017-07-20 16:00
The United States has ended a four-month ban on passengers carrying laptops onboard US-bound flights from certain airports in the Middle East and North Africa, bringing to an end one of the controversial travel restrictions imposed by President Donald Trump's administration. From a report: Riyadh's King Khalid international airport was the last of 10 airports to be exempted from the ban, the US department of homeland security (DHS) confirmed in a tweet late on Wednesday local time. Middle East carriers have blamed Trump's travel restrictions, which include banning citizens of some Muslim-majority countries from visiting the United States, for a downturn in demand on US routes. In March, the United States banned large electronics in cabins on flights from 10 airports in the Middle East and North Africa over concerns that explosives could be concealed in the devices taken onboard aircraft. The ban has been lifted on the nine airlines affected -- Emirates, Etihad Airways, Qatar Airways, Turkish Airlines, Saudi Arabian Airlines, Royal Jordanian , Kuwait Airways, EgyptAir and Royal Air Maroc -- which are the only carriers to fly direct to the US from the region. A ban on citizens of six Muslim-majority countries -- Iran, Libya, Somalia, Sudan, Syria, and Yemen, -- remains in place, though has been limited after several US court hearings challenged the restrictions.

Read more of this story at Slashdot.

US House Panel Approves Broad Proposal On Self-Driving Cars

Slashdot - Your Rights Online - Cz, 2017-07-20 15:00
An anonymous reader quotes a report from Reuters: A U.S. House panel on Wednesday approved a sweeping proposal by voice vote to allow automakers to deploy up to 100,000 self-driving vehicles without meeting existing auto safety standards and bar states from imposing driverless car rules. Representative Robert Latta, a Republican who heads the Energy and Commerce Committee subcommittee overseeing consumer protection, said he would continue to consider changes before the full committee votes on the measure, expected next week. The full U.S. House of Representatives will not take up the bill until it reconvenes in September after the summer recess. The measure, which would be the first significant federal legislation aimed at speeding self-driving cars to market, would require automakers to submit safety assessment reports to U.S. regulators, but would not require pre-market approval of advanced vehicle technologies. Automakers would have to show self-driving cars "function as intended and contain fail safe features" to get exemptions from safety standards but the Transportation Department could not "condition deployment or testing of highly automated vehicles on review of safety assessment certifications," the draft measure unveiled late Monday said.

Read more of this story at Slashdot.

Game of Thrones Pirates Being Monitored By HBO, Warnings On The Way

Slashdot - Your Rights Online - Cz, 2017-07-20 03:25
HBO is leaving no stones unturned in keeping Game of Thrones' piracy under control. The company is monitoring various popular torrent swarms and sending thousands of warnings targeted at internet subscribers whose connections are used to share the season 7 premiere of the popular TV series, reports TorrentFreak: Soon after the first episode of the new season appeared online Sunday evening, the company's anti-piracy partner IP Echelon started sending warnings targeted at torrenting pirates. The warnings in question include the IP-addresses of alleged BitTorrent users and ask the associated ISPs to alert their subscribers, in order to prevent further infringements. "We have information leading us to believe that the IP address xx.xxx.xxx.xx was used to download or share Game of Thrones without authorization," the notification begins. "HBO owns the copyright or exclusive rights to Game of Thrones, and the unauthorized download or distribution constitutes copyright infringement. Downloading unauthorized or unknown content is also a security risk for computers, devices, and networks." Under US copyright law, ISPs are not obligated to forward these emails, which are sent as a DMCA notification. However, many do as a courtesy to the affected rightsholders. The warnings are not targeted at a single swarm but cover a wide variety of torrents. TorrentFreak has already seen takedown notices for the following files, but it's likely that many more are being tracked.

Read more of this story at Slashdot.

Russia Is Investigating Fidget Spinners After Reports Claim They 'Zombify' Youth

Slashdot - Your Rights Online - Śr, 2017-07-19 23:20
An anonymous reader quotes a report from The Verge: In a recent report, Russia-24, a state-owned news channel, suggests that fidget spinners are being used by Russian opposition parties in order to recruit young people. As reported by The New York Times, the reporters in Russia-24's initial story say, "It is a mystery why it has become so popular in Russia right now. Who is promoting this to the masses so actively?" The video segment says the toys were being distributed at a rally for opposition leader Alexei Navalny and in online ads that direct viewers to YouTube channels that promote opposition politicians. The reporters said that while the toy's popularity was declining in the West, fidget spinners are more popular than ever in Russia. "As you can see here there is only writing in English, on the other side there is not a word in Russian," says one of the show's anchors during the report, presenting a new spinner in its packaging to the camera. According to Newsweek, a second report on Russia-24 also aired on July 12th, directly saying fidget spinners were an "object for zombifying" and a form of "hypnosis." The program featured a report from psychologist Svetlana Filatova, claiming that the spinners could help dexterity in children but otherwise "dulls" people's minds. The reports spurred Russia's consumer protection agency, Rospotrebnadzor, into action, saying on Tuesday they would launch an investigation into the toy.

Read more of this story at Slashdot.

Telecom Lobbyists Downplayed 'Theoretical' Security Flaws in Mobile Data Backbone

Slashdot - Your Rights Online - Śr, 2017-07-19 22:01
An anonymous reader shares a report: According to a confidential document obtained by Motherboard, wireless communications lobby group CTIA took issue with an in-depth report by the Department of Homeland Security on mobile device security, including flaws with the SS7 network. In a white paper sent to members of Congress and the Department of Homeland Security, CTIA, a telecom lobbying group that represents Verizon, AT&T, and other wireless carriers, argued that "Congress and the Administration should reject the [DHS] Report's call for greater regulation" while downplaying "theoretical" security vulnerabilities in a mobile data network that hackers may be able to use to monitor phones across the globe, according to the confidential document obtained by Motherboard. However, experts strongly disagree about the threat these vulnerabilities pose, saying the flaws should be taken seriously before criminals exploit them. SS7, a network and protocol often used to route messages when a user is roaming outside their provider's coverage, is exploited by criminals and surveillance companies to track targets, intercept phone calls or sweep up text messages. In some cases, criminals have used SS7 attacks to obtain bank account two-factor authentication tokens, and last year, California Rep. Ted Lieu said that, for hackers, "the applications for this vulnerability are seemingly limitless."

Read more of this story at Slashdot.

EU Court to Rule On 'Right to Be Forgotten' Outside Europe

Slashdot - Your Rights Online - Śr, 2017-07-19 20:40
The European Union's top court is set to decide whether the bloc's "right to be forgotten" policy stretches beyond Europe's borders, a test of how far national laws can -- or should -- stretch when regulating cyberspace. From a report: The case stems from France, where the highest administrative court on Wednesday asked the EU's Court of Justice to weigh in on a dispute between Alphabet's Google and France's privacy regulator over how broadly to apply the right (Editor's note: the link could be paywalled; alternative source), which allows EU residents to ask search engines to remove some links from searches for their own names. At issue: Can France force Google to apply it not just to searches in Europe, but anywhere in the world? The case will set a precedent for how far EU regulators can go in enforcing the bloc's strict new privacy law. It will also help define Europe's position on clashes between governments over how to regulate everything that happens on the internet -- from political debate to online commerce. France's regulator says enforcement of some fundamental rights -- like personal privacy -- is too easily circumvented on the borderless internet, and so must be implemented everywhere. Google argues that allowing any one country to apply its rules globally risks upsetting international law and, when it comes to content, creates a global censorship race among autocrats.

Read more of this story at Slashdot.

AMD Has No Plans To Release PSP Code

Slashdot - Your Rights Online - Śr, 2017-07-19 17:20
AMD has faced calls from Edward Snowden, Libreboot and the Reddit community to release the source code to the AMD Secure Processor (PSP), a network-capable co-processor which some believe has the capacity to act as a backdoor. But despite some signs earlier that it might consider opening the PSP code at some point, the chip-maker has now confirmed that there hasn't been a change of heart yet. "We have no plans on releasing it to the public," the company executives said in a tech talk (video).

Read more of this story at Slashdot.

The Myth of Drug Expiration Dates

Slashdot - Your Rights Online - Śr, 2017-07-19 05:30
schwit1 shares a report from ProPublica: Hospitals and pharmacies are required to toss expired drugs, no matter how expensive or vital. Meanwhile the FDA has long known that many remain safe and potent for years longer. The box of prescription drugs had been forgotten in a back closet of a retail pharmacy for so long that some of the pills predated the 1969 moon landing. Most were 30 to 40 years past their expiration dates -- possibly toxic, probably worthless. But to Lee Cantrell, who helps run the California Poison Control System, the cache was an opportunity to answer an enduring question about the actual shelf life of drugs: Could these drugs from the bell-bottom era still be potent? Gerona and Cantrell, a pharmacist and toxicologist, knew that the term "expiration date" was a misnomer. The dates on drug labels are simply the point up to which the Food and Drug Administration and pharmaceutical companies guarantee their effectiveness, typically at two or three years. But the dates don't necessarily mean they're ineffective immediately after they "expire" -- just that there's no incentive for drugmakers to study whether they could still be usable. Tests on the decades-old drugs including antihistamines, pain relievers and stimulants. All the drugs tested were in their original sealed containers. The findings surprised both researchers: A dozen of the 14 compounds were still as potent as they were when they were manufactured, some at almost 100 percent of their labeled concentrations. Experts say the United States might be squandering a quarter of the money spent on health care. That's an estimated $765 billion a year.

Read more of this story at Slashdot.

Oregon Passes First Statewide Bicycle Tax In Nation

Slashdot - Your Rights Online - Śr, 2017-07-19 03:25
turkeydance writes: In Oregon, a state known for its avid bicycling culture, the state legislature's approval of the first bike tax in the nation has fallen flat with riders. Democratic Gov. Kate Brown is expected to sign the sweeping $5.3 billion transportation package, which includes a $15 excise tax on the sale of bicycles costing more than $200 with a wheel diameter of at least 26 inches. Even though the funding has been earmarked for improvements that will benefit cyclists, the tax has managed to irk both anti-tax Republicans and environmentally conscious bikers. The bike tax is aimed at raising $1.2 million per year in order to improve and expand paths and trails for bicyclists and pedestrians. Supporters point out that Oregon has no sales tax, which means buyers won't be dinged twice for their new wheels.

Read more of this story at Slashdot.

Ask Slashdot: Is Password Masking On Its Way Out?

Slashdot - Your Rights Online - Śr, 2017-07-19 02:05
New submitter thegreatbob writes: Perhaps you've noticed in the last 5 years or so, progressively more entities have been providing the ability to reveal the contents of a password field. While this ability is, in many cases (especially on devices with lousy keyboards), legitimately useful, it does seem to be a reasonable source of concern. Fast forward to today; I was setting up a new router (cheapest dual-band router money can, from Tenda) and I was almost horrified to discover that it does not mask any of its passwords by default. So I ask Slashdot: is password masking really on its way out, and does password masking do anything beyond preventing the casual shoulder-surfer?

Read more of this story at Slashdot.

FCC Refuses To Release Text of More Than 40,000 Net Neutrality Complaints

Slashdot - Your Rights Online - Śr, 2017-07-19 01:20
An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission has denied a request to extend the deadline for filing public comments on its plan to overturn net neutrality rules, and the FCC is refusing to release the text of more than 40,000 net neutrality complaints that it has received since June 2015. The National Hispanic Media Coalition (NHMC) filed a Freedom of Information Act (FoIA) request in May of this year for tens of thousands of net neutrality complaints that Internet users filed against their ISPs. The NHMC argues that the details of these complaints are crucial for analyzing FCC Chairman Ajit Pai's proposal to overturn net neutrality rules. The coalition also asked the FCC to extend the initial comment deadline until 60 days after the commission fully complies with the FoIA request. A deadline extension would have given people more time to file public comments on the plan to eliminate net neutrality rules. Instead, the FCC yesterday denied the motion for an extension and said that it will only provide the text for a fraction of the complaints, because providing them all would be too burdensome.

Read more of this story at Slashdot.

Should We Ignore the South Carolina Election Hacking Story?

Slashdot - Your Rights Online - Śr, 2017-07-19 00:40
chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."

Read more of this story at Slashdot.

Flaw In IoT Security Cameras Leaves Millions of Devices Open To Hackers

Slashdot - Your Rights Online - Śr, 2017-07-19 00:00
New submitter Aliciadivo writes: A nasty vulnerability found in Axis security cameras could allow hackers to take full control of several types of Internet of Things devices, and in some cases, software programs, too. The Senrio research team found that devices and software programs using an open source software library called gSOAP to enable their product to communicate to the internet could be affected. Stephen Ridley, founder of Senrio, said: "I bet you all these other manufacturers have the same vulnerability throughout their product lines as well. It's a vulnerability in virtually every IoT device [...] Every kind of device you can possibly think of." A spokesperson for ONVIF, an electronics industry consortium that includes Axis and has includes some members that use gSOAP, said it has notified its members of the flaw, but it's not "up to each member to handle this in the way they best see fit." Also, gSOAP "is not in any way mandated by the ONVIF specifications, but as SOAP is the base for the ONVIF API, it is possible that ONVIF members would be affected." Hundreds of thousands of devices might be affected, as a search for the term "Axis" on Shodan, an engine that scours the internet for vulnerable devices, returns around 14,000 results. You can view Senrio Labs' video on the exploit (which they refer to as the "Devil's Ivy Exploit") here.

Read more of this story at Slashdot.

US Increases Number of H-2B Visas By 15,000

Slashdot - Your Rights Online - Wt, 2017-07-18 23:20
An anonymous reader quotes a report from Ars Technica: President Donald Trump has said he's going to set more limits on the H-1B visa program, which allows tens of thousands of technology workers into the U.S. each year. But yesterday, the Department of Homeland Security moved to expand another type of visa, the H-2B, which allows lower-skilled workers in on a seasonal basis. The Department of Homeland Security said yesterday it is going to allow an additional 15,000 workers to come in under the H-2B visa category, which is typically used by U.S. businesses in industries like tourism, construction, and seafood processing. The program normally allows for 66,000 visas, split between the two halves of the year. That means the DHS increase, announced yesterday, represents an increase of more than 40 percent for the second half of 2017. Businesses can begin applying for the additional visas right away, as long as they attest under penalty of perjury that their business will "suffer irreparable harm" if it can't employ additional H-2B workers in 2017. The expansion is a temporary one, and it only applies to the current year.

Read more of this story at Slashdot.