Our Blog

Stuff We Find Interesting.

Amazon Will Pay $135,000 To Settle Alleged US Sanction Violations

In a statement (PDF) issued this week, the U.S. Treasury Department notes that Amazon has agreed to pay $134,523 to settle potential liability over alleged sanctions violations. TechCrunch reports: The charges specifically pertain to goods and services sent to people located in Crimea, Iran and Syria, which are covered by Office of Foreign Assets Control (OFAC) sanctions, between November 2011 and October 2018. The Treasury Department also states that the retail giant failed to report "several hundred" transactions in a timely manner. The department adds: "Amazon also accepted and processed orders on its websites for persons located in or employed by the foreign missions of Cuba, Iran, North Korea, Sudan, and Syria. Additionally, Amazon accepted and processed orders from persons listed on OFAC's List of Specially Designated Nationals and Blocked Persons (the "SDN List") who were blocked pursuant to the Narcotics Trafficking Sanctions Regulations, the Weapons of Mass Destruction Proliferators Sanctions Regulations, the Transnational Criminal Organizations Sanctions Regulations, the Democratic Republic of the Congo Sanctions Regulations, the Venezuela Sanctions Regulations, the Zimbabwe Sanctions Regulations, the Global Terrorism Sanctions Regulations, and the Foreign Narcotics Kingpin Sanctions Regulations." The department doesn't believe there was anything malicious going on, rather an issue with Amazon's system, which failed to flag shipments to sanctioned areas.

Read more of this story at Slashdot.

Original author: BeauHD
Continue reading
  6 Hits
6 Hits

Police Surveilled Protests With Help From Twitter-Affiliated Startup Dataminr

An anonymous reader quotes a report from The Intercept: Leveraging close ties to Twitter, controversial artificial intelligence startup Dataminr helped law enforcement digitally monitor the protests that swept the country following the killing of George Floyd, tipping off police to social media posts with the latest whereabouts and actions of demonstrators, according to documents reviewed by The Intercept and a source with direct knowledge of the matter. The monitoring seems at odds with claims from both Twitter and Dataminr that neither company would engage in or facilitate domestic surveillance following a string of 2016 controversies. Twitter, up until recently a longtime investor in Dataminr alongside the CIA, provides the company with full access to a content stream known as the "firehose" -- a rare privilege among tech firms and one that lets Dataminr, recently valued at over $1.8 billion, scan every public tweet as soon as its author hits send. Both companies denied that the protest monitoring meets the definition of surveillance. Dataminr's Black Lives Matter protest surveillance included persistent monitoring of social media to tip off police to the locations and activities of protests, developments within specific rallies, as well as instances of alleged "looting" and other property damage. According to the source with direct knowledge of Dataminr's protest monitoring, the company and Twitter's past claims that they don't condone or enable surveillance are "bullshit," relying on a deliberately narrowed definition. "It's true Dataminr doesn't specifically track protesters and activists individually, but at the request of the police they are tracking protests, and therefore protesters," this source explained. According to internal materials reviewed by The Intercept, Dataminr meticulously tracked not only ongoing protests, but kept comprehensive records of upcoming anti-police violence rallies in cities across the country to help its staff organize their monitoring efforts, including events' expected time and starting location within those cities. A protest schedule seen by The Intercept shows Dataminr was explicitly surveilling dozens of protests big and small, from Detroit and Brooklyn to York, Pennsylvania, and Hampton Roads, Virginia. Company documents also show the firm instructed members of its staff to look for instances of "lethal force used against protesters by police or vice-versa," "property damage," "widespread arson or looting against government or commercial infrastructure," "new instances of officer-involved shootings or death with potential interpretation of racial bias," and occasions when a "violent protests spreads to new major American city." Staff were also specifically monitoring social media for posts about "Officers involved in Floyd's death" -- all of which would be forwarded to Dataminr's governmental customers through a service named "First Alert." [...] First Alert also scans other popular platforms like Snapchat and Facebook, the latter being particularly useful for protest organizers trying to rapidly mobilize their communities. On at least one occasion, according to MPD records, Dataminr was able to point police to a protest's Facebook event page before it had begun.

Read more of this story at Slashdot.

Original author: BeauHD
Continue reading
  7 Hits
7 Hits

Canadian Genetic Non-Discrimination Act Upheld

Long-time Slashdot reader kartis writes: Canada's Supreme Court upheld the Genetic Non-Discrimination Act (GINA) which prohibits under criminal penalty, employers or insurers from demanding or using genetic information. This was a result of a private member's bill in Parliament, which meant it passed without the government's support, and in fact both the Federal government and Quebec government (which had gotten it declared unconstitutional as outside federal powers) argued that it extended criminal powers into a provincial jurisdiction. Well, the Supreme Court has surprisingly upheld it in a 5-4 decision, which means great things for Canadians' privacy, and also suggests a wider ability for federal privacy legislation than many jurists had thought.

Read more of this story at Slashdot.

Original author: BeauHD
Continue reading
  8 Hits
8 Hits

Signal's New PIN Feature Worries Cybersecurity Experts

Lorenzo Franceschi-Bicchierai, writing for Vice: Ever since NSA leaker Edward Snowden said "use Signal, use Tor," the end-to-end encrypted chat app has been a favorite of people who care about privacy and need a chat and calling app that is hard to spy on. One of the reasons security experts recommended Signal is because the app's developers collected -- and thus retained -- almost no information about its users. This means that, if subpoenaed by law enforcement, Signal would have essentially nothing to turn over. Signal demonstrated this in 2016, when it was subpoenaed by a court in Virginia. But a newly added feature that allows users to recover certain data, such as contacts, profile information, settings, and blocked users, has led some high-profile security experts to criticize the app's developers and threaten to stop using it. Signal will store that data on servers the company owns, protected by a PIN that the app has initially been asking users to add, and then forced them to. The purpose of using a PIN is, in the near future, to allow Signal users to be identified by a username, as opposed to their phone number, as Signal founder Moxie Marlinspike explained on Twitter (as we've written before, this is a laudable goal; tying Signal to a phone number has its own privacy and security implications). But this also means that unlike in the past, Signal now retains certain user data, something that many cybersecurity and cryptography experts see as too dangerous. Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, said that this was "the wrong decision," and that forcing users to create a PIN and use this feature would force him to stop using the app.

Read more of this story at Slashdot.

Original author: msmash
Continue reading
  6 Hits
6 Hits

Apple Advises Against MacBook Camera Covers Due To Display Cracking

Apple, in a new support document, is warning users against closing their MacBook lids with a cover over the camera. From a report: Placing a cover, sticker or tape over a laptop camera is a practice adopted by some privacy- and security-conscious individuals to protect against webcam hijacking. Now, however, Apple is explicitly advising against the tactic. In a support document published earlier in July, Apple urges users not to close their MacBook Pro or MacBook Air lids if there's a camera cover installed on it. "If you close your Mac notebook with a camera cover installed, you might damage your display because the clearance between the display and keyboard is designed to very tight tolerances," Apple notes. The support document also outlines some of the privacy and security functions of the camera, including the green indicator light that lets users know when the camera is active and the camera permission settings introduced in macOS Mojave.

Read more of this story at Slashdot.

Original author: msmash
Continue reading
  5 Hits
5 Hits

Amazon Makes Employees Delete TikTok From Phones, Citing Security Risk [Update]

Amazon has asked its employees to delete the Chinese-owned video app TikTok from their cellphones, citing "security risks," according to a company email sent on Friday. From a report: In the email, which was obtained by The New York Times, Amazon officials said that employees must delete the app from any devices that "access Amazon email." Employees had to remove the app by Friday to remain able to obtain mobile access to their Amazon email, the note said. Amazon workers are still allowed to view TikTok from their laptop browser, the company added. Amazon and TikTok did not immediately respond to requests for comment. TikTok, which has been popular with young audiences in the United States, is owned by the Chinese tech company ByteDance. It has been under scrutiny in Washington for security reasons because of its ownership. Mike Pompeo, the Secretary of State, said on Monday that the Trump administration was considering blocking some Chinese apps, which he has called a threat to national security. Updated at 21:01GMT: In a statement, Amazon said the email was sent by accident. "This morning's email to some of our employees was sent in error. There is no change to our policies right now with regard to TikTok."

Read more of this story at Slashdot.

Original author: msmash
Continue reading
  6 Hits
6 Hits

iPhone User Sues Microsoft's LinkedIn For Spying Through Apple's 'Clipboard'

"Microsoft's LinkedIn was sued by a New York-based iPhone user on Friday for allegedly reading and diverting users' sensitive content from Apple Inc's Universal Clipboard application," reports Reuters. According to Apple's website, Universal Clipboard allows users to copy text, images, photos, and videos on one Apple device and then paste the content onto another Apple device. According to the lawsuit filed in San Francisco federal court by Adam Bauer, LinkedIn reads the Clipboard information without notifying the user. LinkedIn did not immediately respond to Reuters request for comment. According to media reports from last week, 53 apps including TikTok and LinkedIn were reported to be reading users' Universal Clipboard content, after Apple's latest privacy feature started alerting users whenever the clipboard was accessed with a banner saying "pasted from Messages..." A LinkedIn executive had said on Twitter last week that the company released a new version of its app to end this practice... According to the complaint, LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing Apple's Universal Clipboard timeout.

Read more of this story at Slashdot.

Original author: EditorDavid
Continue reading
  6 Hits
6 Hits

Wells Fargo Tells Employees: Delete TikTok from Company Phones

An anonymous reader quotes Engadget: Wells Fargo does not want TikTok on its employees' phones. According to The Information, the financial institution sent its employees a note, telling them to remove the app from corporate devices immediately... A Wells Fargo spokesperson confirmed the company's move to The Information, explaining that it came to the decision due to concerns about TikTok's privacy practices: "We have identified a small number of Wells Fargo employees with corporate-owned devices who had installed the TikTok application on their device. Due to concerns about TikTok's privacy and security controls and practices, and because corporate-owned devices should be used for company business only, we have directed those employees to remove the app from their devices."

Read more of this story at Slashdot.

Original author: EditorDavid
Continue reading
  6 Hits
6 Hits

Why Did a Tech Executive Install 1,000 Security Cameras Around San Francisco?

The New York Times explains why Chris Larsen installed over a thousand surveillance cameras around San Francisco to monitor 135 city blocks: It sounds sinister. A soft-spoken cryptocurrency mogul is paying for a private network of high-definition security cameras around the city. Zoom in and you can see the finest details: the sticker on a cellphone, the make of a backpack, the color of someone's eyes... While violent crime is not high in the city, property crime is a constant headache. Anyone who lives here knows you shouldn't leave anything — not a pile of change, not a scarf — in a parked car... locals are tired of the break-ins. So how do they reconcile "defund the police" with "stop the smash and grabs"? Mr. Larsen believes he has the answer: Put security cameras in the hands of neighborhood groups. Put them everywhere. He's happy to pay for it.... Here is what he is doing: Writing checks for nearly $4 million to buy cameras that record high-definition video of the streets and paying to have them maintained by a company called Applied Video Solutions. The rest is up to locals in neighborhood coalitions like Community Benefit Districts, nonprofits formed to provide services to the area. Here is how the project works: Neighbors band together and decide where to put the cameras. They are installed on private property at the discretion of the property owner, and in San Francisco many home and business owners want them. The footage is monitored by the neighborhood coalition. The cameras are always recording... As proponents of Mr. Larsen's network see things, they get the safety of a surveillance state without the state... It is arguably more compelling evidence in court because the video is monitored by a third-party intermediary who can testify that it is a continuous feed. It is time stamped. And because the network covers many blocks, the footage can tell a broader story than a single camera about an event that might be moving from block to block, in the case of, for example, a fight.... "This has underscored the importance of not just cameras but of communitywide camera coverage," Mr. Larsen said. "Body cams show some pretty core weaknesses because we don't have universal access to police body cam footage, and there's a fundamental conflict of interest if the video shows something bad for the department." The answer is more cameras, he said, and then keep that footage in the hands of citizens. He argued that trust will come in the form of full city camera coverage, so police can play a smaller, more subtle role. Individual vigilantism will not work, he argued, but strong neighborhoods with continuous video feeds on every corner will. "That's the winning formula," Mr. Larsen said. "Pure coverage." The locally-stored footage is erased after 30 days. Thought it's not covered by the city's newly-enacted ban on facial recognition software, Larsen says "We're strongly opposed to facial recognition technology. Facial recognition is too powerful given the lack of laws and protections to make it acceptable."

Read more of this story at Slashdot.

Original author: EditorDavid
Continue reading
  6 Hits
6 Hits

TikTok Pulls Out of Hong Kong

AmiMoJo quotes TechCrunch: TikTok announced that it would pull out of Hong Kong, which is facing an unprecedented wave of control from the Beijing government after the promulgation of the national security law. "In light of recent events, we've decided to stop operations of the TikTok app in Hong Kong," said a TikTok spokesperson. The company declined further comment on the decision... ByteDance, founded by Chinese serial entrepreneur Zhang Yiming, has been working to disassociate TikTok from its Chinese ownership and Beijing censorship. Efforts have ranged from keeping an overseas data center for TikTok that's supposedly out of reach by the Chinese authority, giving outside experts a glimpse into its moderation process, through to hiringDisney's Kevin Mayer as the app's new global face.

Read more of this story at Slashdot.

Original author: EditorDavid
Continue reading
  6 Hits
6 Hits

'Guilty' Verdict for Russian Who Stole 117M Dropbox and LinkedIn Login Codes in 2012

In 2012 "Russian hacker" Yevgeniy Nikulin breached the internal networks of LinkedIn, Dropbox, and Formspring, and then sold their user databases on the black market, reports ZDNet. (He stole 117 million login codes, according to Bloomberg.) Nikulin was arrested in 2016 (while on vacation in the Czech Republic), and after an extradition battle spent years in U.S. prisons while awaiting his trial, which Bloomberg calls "an ongoing constitutional violation that deeply distressed U.S. District Judge William Alsup." Yesterday a jury finally found Nikulin guilty: It was the first trial in Northern California since the coronavirus pandemic shut Bay Area courtrooms in mid-March... The trial started in early March but was interrupted by the coronavirus pandemic and a shelter-in-place order for the Bay Area on March 16, when almost all in-person court hearings were postponed nationwide... Forced by circumstances to twice delay the trial, Alsup stood firm on a July 7 start. The judge, Nikulin and lawyers wore masks. Witnesses testified from behind a glass panel... Nikulin is scheduled to be sentenced Sept. 29. The Justice Department said he faces as long as 10 years in prison for each count of selling stolen usernames and passwords, installing malware on protected computers and as many as five years for each count of conspiracy and computer hacking. He also faces a mandatory two year sentence for identity theft, according to prosecutors.

Read more of this story at Slashdot.

Original author: EditorDavid
Continue reading
  7 Hits
7 Hits

DuckDuckGo Restored in India, Responds to Favicon Concerns

DuckDuckGo made the news twice this week. First its service was reinstated across India last Saturday, after being unreachable for nearly three days, for reasons which remain unclear. "We have contacted the Indian government but have not yet received a response," a DuckDuckGo spokesperson told The Verge. "We are bewildered on why the Indian government would instruct Indian ISPs to block DuckDuckGo, but are optimistic that this will be resolved soon." But at roughly the same time the search engine faced another controversy about how DuckDuckGo fetches favicons, according to one cybersecurity blog: First submitted as an issue in July 2019, GitHub user Tritonio flagged the offending script, saying: "This seems to be leaking all(?) the domains that users visit to your servers." The script in the Android version of the DuckDuckGo application showed that favicon fetching was routed through DuckDuckGo systems, rather than made via direct website requests. Daniel "tagawa" Davis, communications manager at DuckDuckGo, said at the time that the "internal" favicon service was used to simplify the favicon location process, but as the service is rooted in DuckDuckGo's existing systems, the script adhered to the company's privacy policy which pledges not to collect or store any personal user information. The case was then closed. However, when the issue became public on the GitHub tracker this week, this assurance was not enough for everyone. Some users requested that the case be re-examined, citing potential information leaks caused by the script choice, considered by some as an inherent 'design' flaw or human error. In response to the discussion concerning the favicon telemetry, founder and CEO Gabriel Weinberg said he was "happy to commit us to move to doing this locally in the browser" and will address it as a matter of priority. He added that as DuckDuckGo's services are encrypted and "throw away PII [personally identifiable information] like IP addresses by design", no information was collected, stored, or leaked. The company's slogan is "Privacy Simplified". It is this concept, Weinberg told The Daily Swig, that led to the rapid decision in changing how favicons are managed. Weinberg acknowledged that there is an ongoing security debate concerning which option for fetching favicons is more secure, and arguments can be made for each choice — but added they both offer "basically a similar amount" of privacy... You can ask a browser to connect to a website and fetch the favicon — potentially making multiple requests in the process — or you can use the firm's encrypted service... "It's a known anonymous service," Weinberg told us. "You're already connected to DuckDuckGo because you're using the app. It's not that it is leaking any more information, because you conduct a search with us which has the favicons anyway." DuckDuckGo's service is also faster and uses less bandwidth as the service is running server-side and favicons are cached, Weinberg says.

Read more of this story at Slashdot.

Original author: EditorDavid
Continue reading
  7 Hits
7 Hits

US Secret Service Creates New Cyber Fraud Task Force

The U.S. Secret Service announced the creation of the Cyber Fraud Task Force (CFTF) after the merger of its Financial Crimes Task Forces (FCTFs) and Electronic Crimes Task Forces (ECTFs) into a single unified network. Bleeping Computer reports: CFTF's main goal is to investigate and defend American individuals and businesses from a wide range of cyber-enabled financial crimes, from business email compromise (BEC) scams and ransomware attacks to data breaches and the illegal sale of stolen personal information and credit cards on the Internet and the dark web. Consolidating the two task forces into CFTF will allow the Secret Service to boost its agents' ability to prevent, detect, and mitigate financially-motivated cybercrime by improving coordination, sharing of resources and expertise, and best practices dissemination. "The creation of the new Cyber Fraud Task Force (CFTF), will offer a specialized cadre of agents and analysts, trained in the latest analytical techniques and equipped with the most cutting-edge technologies," said Michael D'Ambrosio, U.S. Secret Service Assistant Director. At the moment, the Secret Service has already operationalized CFTFs in 42 domestic offices and in 2 international locations (London and Rome). The Department of Homeland Security federal law enforcement agency also plans to increase the number of CFTF locations through its network of more than 160 offices across the U.S. and around the globe.

Read more of this story at Slashdot.

Original author: BeauHD
Continue reading
  5 Hits
5 Hits

Facial-Recognition Firm Ends Operations in Canada, Watchdog Says

Canada's privacy watchdog said facial recognition software provider Clearview AI will no longer offer its services in the country, suspending a contract with its last remaining client, the Royal Canadian Mounted Police. From a report: The move comes almost five months after privacy authorities at the federal level and in three provinces launched an investigation into the New York-based firm over allegations it collected personal information without consent and provided data to law enforcement. That probe is still ongoing, the Office of the Privacy Commissioner of Canada said in a statement Monday. At the end of February, the national watchdog opened a separate investigation into the RCMP's use of Clearview AI's facial recognition technology and it also plans to complete that inquiry.

Read more of this story at Slashdot.

Original author: msmash
Continue reading
  7 Hits
7 Hits

US Tech Giants Halt Reviews of Hong Kong Demands For User Data

Facebook and Twitter have confirmed they have suspended processing demands for user data from Hong Kong authorities following the introduction of a new Beijing-imposed national security law. From a report: A spokesperson for Facebook told TechCrunch it will "pause" the processing of data demands until it can better understand the new national security law, "including formal human rights due diligence and consultations with human rights experts." The spokesperson added: "We believe freedom of expression is a fundamental human right and support the right of people to express themselves without fear for their safety or other repercussions." Facebook said its suspension will also apply to WhatsApp, which it owns. Soon after, Twitter also confirmed it followed suit. "Given the rapid pace at which the new National Security Law in China has been passed and that it was only published in its entirety for the first time last week, our teams are reviewing the law to assess its implications, particularly as some of the terms of the law are vague and without clear definition," said a Twitter spokesperson. "Like many public interest organizations, civil society leaders and entities, and industry peers, we have grave concerns regarding both the developing process and the full intention of this law," the spokesperson said.

Read more of this story at Slashdot.

Original author: msmash
Continue reading
  11 Hits
11 Hits

Body Cam with Military Police Footage Sold on Ebay

"A security researcher was able to access files on a Axon body-worn camera he purchased from eBay that had video files of Fort Huachuca Military Police officers conducting investigations and filling out paperwork," reports the Arizona Mirror: The files were able to be extracted after the researcher, who goes by KF on Twitter, was able to remove a microSD card from the body-worn camera. KF was then able to extract the un-encrypted files, which were not protected by a password, using a tool called Foremost. KF shared screenshots of the footage he was able to pull from the cards that appeared to show members of the Fort Huachuca Military Police entering a person's home and filling out paperwork. "We are aware of this issue and have launched an investigation looking into the matter," a statement from Scottsdale-based Axon said to Arizona Mirror. "We are also reevaluating our processes to better emphasize proper disposal procedures for our customers." The camera that was purchased by KF was an Axon Body 1, one of the company's earliest generation models that launched in 2013. The company said it stopped the model in 2015. "Our latest generation camera, Axon Body 3, offers enhanced security measures such as storage encryption to protect video from being retrieved from lost or improperly disposed cameras," the statement said. Friday the original security researcher posted an update on Twitter, saying he'd offered to send the body cam's SD card back to the military police -- an offer that was eventually accepted by Axon itself -- and "I only listened to a few seconds of audio merely to verify its presence. I've since removed all extracted data in full." In an earlier tweet he'd added, "Those of you asking... NO, I won't dump the card for you. Procure your own BWC (Body Worn Cam), and dump it yourself " But it looks like they already are. Earlier on Twitter, one Security Operations Center analyst posted, "I just ordered two myself. "I'd actually really like to get a fund going to buy literally all of them and dump them to an open cloud storage bucket... Freedom of Information Act through the secondhand market."

Read more of this story at Slashdot.

Original author: EditorDavid
Continue reading
  7 Hits
7 Hits

US Senate Amends EARN IT Act -- To Let States Restrict Encryption

Long-time Slashdot reader stikves reminded us that a committee in the U.S. Senate passed an amended version of the "EARN IT" act on Thursday. And this new version could do more than just end personal end-to-end encryption, warns Engadget: The other major concern opponents of the EARN IT Act raise has to do with Section 230 of the Communications Decency Act, which says that companies are not liable for much of the content that users post. Originally, the EARN IT Act proposed requiring that companies "earn" Section 230 protections by following recommended practices outlined by a Department of Justice commission. Without those protections, companies like Twitter or Facebook might be compelled to remove anything that might prompt a legal challenge, which could threaten freedom of speech. The amendments passed Thursday strip the Department of Justice commission of any legal authority and will not require companies to earn Section 230 protections by following recommended practices. But the amended bill would change Section 230 to allow lawsuits from states, and state legislatures could restrict or outlaw encryption technologies. The senior policy counsel for Free Press Action, a media reform advocacy group, harshly criticized the legislation's new version. "Even as amended today, it invites states to begin passing all sorts of laws under the guise of protecting against abuse, but replicating the problems with the original EARN IT Act's text."

Read more of this story at Slashdot.

Original author: EditorDavid
Continue reading
  19 Hits
19 Hits

Former Yahoo Engineer Who Infiltrated 6,000 Accounts Avoids Jail

This week finally saw the federal sentencing of a former Yahoo software engineer who "admitted to using his access through his work at the company to hack into about 6,000 Yahoo accounts" back in 2018, according to America's Department of Justice: Ruiz admitted to targeting accounts belonging to younger women, including his personal friends and work colleagues. He made copies of images and videos that he found in the personal accounts without permission, and stored the data at his home. Once he had access to the Yahoo accounts, Ruiz admitted to compromising the iCloud, Facebook, Gmail, DropBox, and other online accounts of the Yahoo users in search of more private images and videos. After his employer observed the suspicious account activity, Ruiz admitted to destroying the computer and hard drive on which he stored the images. He stopped working at Yahoo in July of 2018. The next month the FBI visited his home. He was indicted in April of 2019 and pleaded guilty in September — facing up to five years in prison and a $250,000 fine. But it was not until this week that a federal court finally handed down its sentence for the "former Yahoo! engineer who hacked 6,000 accounts on a hunt for private sexual videos and pictures," according to one Bay Area newspaper. The sentence? Five years of probation, with a home confinement condition: Reyes Daniel Ruiz, 35, of Tracy, is allowed to leave his home for "verified employment, medical needs and religious services," according to the sentencing terms. He has also been ordered to pay nearly $125,000 in fines and restitution, court records show... He also accessed financial information, but his main goal was to steal pornographic files, prosecutors said. Assistant U.S. Attorney Daniel Kaleba asked for Ruiz to be sentenced to "a period of incarceration," arguing he'd violated not only the trust of his employee but the privacy of thousands of people. "By his estimation, he downloaded approximately two terabytes of data, and possessed between 1,000 and 4,000 private images and videos," Kaleba wrote in a sentencing memo. The defense argued that Ruiz, who has no criminal history, deserved leniency because he accepted responsibility quickly. He admitted to destroying the hard drive where he stored the ill-gotten files when the FBI visited his home in August 2018. Ruiz told federal investigators that he acquired the pictures and videos for his own personal "self-gratification" and that he didn't share them online, a pre-sentence report says. In October Gizmodo reported that Ruiz was now working for a Silicon Valley company specializing in SSO (single sign-on) solutions.

Read more of this story at Slashdot.

Original author: EditorDavid
Continue reading
  18 Hits
18 Hits

Indian Army Personnel Banned From Using 89 Apps

schwit1 writes: Indian troops will not be allowed to use some of the world's most well-known applications. The move goes further than for civilians when the government banned 59 apps, including TikTok, from general use. According to India Today, the Indian Army on Wednesday asked its personnel to delete 89 apps from their phones, including apps such as Facebook, Truecaller, Instagram and games like PUBG. "The latest instruction comes as a bid to plug leakage of sensitive national security information from phones of armed forces personnel," the report says. "The Army has set July 15 as the deadline for the security forces personnel to remove the 89 apps from their phones." Apps like WhatsApp, Telegram, and YouTube are O.K. as long as the personnel don't reveal their army background on the platforms.

Read more of this story at Slashdot.

Original author: BeauHD
Continue reading
  9 Hits
9 Hits

Police Are Buying Access To Hacked Website Data

Some companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more. Motherboard reports: Motherboard obtained webinar slides by a company called SpyCloud presented to prospective customers. In that webinar, the company claimed to "empower investigators from law enforcement agencies and enterprises around the world to more quickly and efficiently bring malicious actors to justice." The slides were shared by a source who was concerned about law enforcement agencies buying access to hacked data. SpyCloud confirmed the slides were authentic to Motherboard. "We're turning the criminals' data against them, or at least we're empowering law enforcement to do that," Dave Endler, co-founder and chief product officer of SpyCloud, told Motherboard in a phone call. The sale highlights a somewhat novel use of breached data, and signals how data ordinarily associated with the commercial sector can be repurposed by law enforcement too. But it also raises questions about whether law enforcement agencies should be leveraging information originally stolen by hackers. By buying products from SpyCloud, law enforcement would also be obtaining access to hacked data on people who are not associated with any crimes -- the vast majority of people affected by data breaches are not criminals -- and would not need to follow the usual mechanisms of sending a legal request to a company to obtain user data.

Read more of this story at Slashdot.

Original author: BeauHD
Continue reading
  10 Hits
10 Hits

About Terminal Madness

Terminal Madness started out as a Computer Bulletin Board, ( BBS ) back in the early 90's. Fascinated that one could get all the information they ever wanted "on line", for FREE, the "BBS" was named Terminal Madness.

Now, about 22 years later, that fascination with computers and information continues.

From the USA, to the Dominican Republic, to Curacao and back to the USA.

© 2016 Terminal Madness. All Rights Reserved. Designed By Terminal Madness

Search