Judge Rules Against Forced Fingerprinting

An anonymous reader quotes a report from The Stack: A federal judge in Chicago has ruled against a government request which would require forced fingerprinting of private citizens in order to open a secure, personal phone or tablet. In the ruling, the …

An anonymous reader quotes a report from The Stack: A federal judge in Chicago has ruled against a government request which would require forced fingerprinting of private citizens in order to open a secure, personal phone or tablet. In the ruling, the judge stated that while fingerprints in and of themselves are not protected, the government’s method of obtaining the fingerprints would violate the Fourth and Fifth amendments. The government’s request was given as part of a search warrant related to a child pornography ring. The court ruled that the government could seize devices, but that it could not compel people physically present at the time of seizure to provide their fingerprints “onto the Touch ID sensor of any Apple iPhone, iPad, or other Apple brand device in order to gain access to the contents of any such device.” The report mentions that the ruling was based on three separate arguments. “The first was that the boilerplate language used in the request was dated, and did not, for example, address vulnerabilities associated with wireless services. Second, the court said that the context in which the fingerprints were intended to be gathered may violate the Fourth Amendment search and seizure rights of the building residents and their visitors, all of whom would have been compelled to provide their fingerprints to open their secure devices. Finally, the court noted that historically the Fifth Amendment, which protects against self-incrimination, does not allow a person to circumvent the fingerprinting process.” You can read more about the ruling via Ars Technica.

Read more of this story at Slashdot.

GE, Intel, and AT&T Are Putting Cameras and Sensors All Over San Diego

An anonymous reader shares a Fortune report: General Electric will put cameras, microphones, and sensors on 3,200 street lights in San Diego this year, marking the first large-scale use of “smart city” tools GE says can help monitor traffic and pinpoin…

An anonymous reader shares a Fortune report: General Electric will put cameras, microphones, and sensors on 3,200 street lights in San Diego this year, marking the first large-scale use of “smart city” tools GE says can help monitor traffic and pinpoint crime, but raising potential privacy concerns. Based on technology from GE’s Current division, Intel and AT&T, the system will use sensing nodes on light poles to locate gunshots, estimate crowd sizes, check vehicle speeds and other tasks, GE and the city said on Wednesday. The city will provide the data to entrepreneurs and students to develop applications. Companies expect a growing market for such systems as cities seek better data to plan and run their operations. San Diego is a test of “Internet of things” technology that GE Current provides for commercial buildings and industrial sites.

Read more of this story at Slashdot.

GE, Intel, and AT&T Are Putting Cameras and Sensors All Over San Diego

An anonymous reader shares a Fortune report: General Electric will put cameras, microphones, and sensors on 3,200 street lights in San Diego this year, marking the first large-scale use of “smart city” tools GE says can help monitor traffic and pinpoin…

An anonymous reader shares a Fortune report: General Electric will put cameras, microphones, and sensors on 3,200 street lights in San Diego this year, marking the first large-scale use of “smart city” tools GE says can help monitor traffic and pinpoint crime, but raising potential privacy concerns. Based on technology from GE’s Current division, Intel and AT&T, the system will use sensing nodes on light poles to locate gunshots, estimate crowd sizes, check vehicle speeds and other tasks, GE and the city said on Wednesday. The city will provide the data to entrepreneurs and students to develop applications. Companies expect a growing market for such systems as cities seek better data to plan and run their operations. San Diego is a test of “Internet of things” technology that GE Current provides for commercial buildings and industrial sites.

Read more of this story at Slashdot.

GlobalSign Supports Billions of Device Identities In an Effort To Secure the IoT

Reader broknstrngz writes: GlobalSign, a WebTrust certified CA and identity services provider, has released its high volume managed PKI platform, taking a stab at the current authentication and security weaknesses in the IoT. The new service aims to co…

Reader broknstrngz writes: GlobalSign, a WebTrust certified CA and identity services provider, has released its high volume managed PKI platform, taking a stab at the current authentication and security weaknesses in the IoT. The new service aims to commodify large scale rapid enrollment and identity management for large federated swarms of devices such as IP cameras, smart home appliances and consumer electronics, core and customer premises network equipment in an attempt to reduce the attack surface exploitable by IoT DDoS botnets such as Mirai. Strong device identity models are developed in partnership with TPM and hardware cryptographic providers such as Infineon and Intrinsic ID, as well as other Trusted Computing Group members.

Read more of this story at Slashdot.

Krebs: ‘Men Who Sent SWAT Team, Heroin to My Home Sentenced’

An anonymous reader quotes KrebsOnSecurity:
On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separatel…

An anonymous reader quotes KrebsOnSecurity:
On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation.

Sergey Vovnenko, a.k.a. “Fly,” “Flycracker” and “MUXACC1,” pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information… A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368.
Separately, a judge in Washington, D.C. handed down a sentence of three year’s probation to Eric Taylor, a hacker probably better known by his handle “Cosmo the God.” Taylor was among several men involved in making a false report to my local police department at the time about a supposed hostage situation at our Virginia home. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as “swatting”… Taylor and his co-conspirators were able to dox so many celebrities and public officials because they hacked a Russian identity theft service called ssndob[dot]ru. That service in turn relied upon compromised user accounts at data broker giant LexisNexis to pull personal and financial data on millions of Americans.

Read more of this story at Slashdot.

Krebs: ‘Men Who Sent SWAT Team, Heroin to My Home Sentenced’

An anonymous reader quotes KrebsOnSecurity:
On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separatel…

An anonymous reader quotes KrebsOnSecurity:
On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation.

Sergey Vovnenko, a.k.a. “Fly,” “Flycracker” and “MUXACC1,” pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information… A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368.
Separately, a judge in Washington, D.C. handed down a sentence of three year’s probation to Eric Taylor, a hacker probably better known by his handle “Cosmo the God.” Taylor was among several men involved in making a false report to my local police department at the time about a supposed hostage situation at our Virginia home. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as “swatting”… Taylor and his co-conspirators were able to dox so many celebrities and public officials because they hacked a Russian identity theft service called ssndob[dot]ru. That service in turn relied upon compromised user accounts at data broker giant LexisNexis to pull personal and financial data on millions of Americans.

Read more of this story at Slashdot.

Used Cars Can Still Be Controlled By Their Previous Owners’ Apps

An IBM security researcher recently discovered something interesting about smart cars. An anonymous reader quotes CNN:
Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone… “The c…

An IBM security researcher recently discovered something interesting about smart cars. An anonymous reader quotes CNN:
Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone… “The car is really smart, but it’s not smart enough to know who its owner is, so it’s not smart enough to know it’s been resold,” Henderson told CNNTech. “There’s nothing on the dashboard that tells you ‘the following people have access to the car.'” This isn’t an isolated problem. Henderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device. At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them.
Manufacturers create apps to control smart cars — you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years. That’s because only the dealership that originally sold the car can see who has access and manually remove someone from the app.

It’s also something to consider when buying used IoT devices — or a smart home equipped with internet-enabled devices.

Read more of this story at Slashdot.

Used Cars Can Still Be Controlled By Their Previous Owners’ Apps

An IBM security researcher recently discovered something interesting about smart cars. An anonymous reader quotes CNN:
Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone… “The c…

An IBM security researcher recently discovered something interesting about smart cars. An anonymous reader quotes CNN:
Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone… “The car is really smart, but it’s not smart enough to know who its owner is, so it’s not smart enough to know it’s been resold,” Henderson told CNNTech. “There’s nothing on the dashboard that tells you ‘the following people have access to the car.'” This isn’t an isolated problem. Henderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device. At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them.
Manufacturers create apps to control smart cars — you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years. That’s because only the dealership that originally sold the car can see who has access and manually remove someone from the app.

It’s also something to consider when buying used IoT devices — or a smart home equipped with internet-enabled devices.

Read more of this story at Slashdot.

Scottish Court Awards Damages For CCTV Camera Pointed At Neighbor’s House

AmiMoJo quotes a report from BoingBoing: Edinburgh’s Nahid Akram installed a CCTV system that let him record his downstairs neighbors Debbie and Tony Woolley in their back garden, capturing both images and audio of their private conversations, with a s…

AmiMoJo quotes a report from BoingBoing: Edinburgh’s Nahid Akram installed a CCTV system that let him record his downstairs neighbors Debbie and Tony Woolley in their back garden, capturing both images and audio of their private conversations, with a system that had the capacity to record continuously for five days. A Scottish court has ruled that the distress caused by their neighbor’s camera entitled the Woolleys to $21,000 (17,000 British Pounds) in damages, without the need for them to demonstrate any actual financial loss. The judgment builds on a 2015 English court ruling against Google for spying on logged out Safari users, where the users were not required to show financial losses to receive compensation for private surveillance.

Read more of this story at Slashdot.

Scottish Court Awards Damages For CCTV Camera Pointed At Neighbor’s House

AmiMoJo quotes a report from BoingBoing: Edinburgh’s Nahid Akram installed a CCTV system that let him record his downstairs neighbors Debbie and Tony Woolley in their back garden, capturing both images and audio of their private conversations, with a s…

AmiMoJo quotes a report from BoingBoing: Edinburgh’s Nahid Akram installed a CCTV system that let him record his downstairs neighbors Debbie and Tony Woolley in their back garden, capturing both images and audio of their private conversations, with a system that had the capacity to record continuously for five days. A Scottish court has ruled that the distress caused by their neighbor’s camera entitled the Woolleys to $21,000 (17,000 British Pounds) in damages, without the need for them to demonstrate any actual financial loss. The judgment builds on a 2015 English court ruling against Google for spying on logged out Safari users, where the users were not required to show financial losses to receive compensation for private surveillance.

Read more of this story at Slashdot.