‘Why The US Senate’s Vote To Throw Out ISP Privacy Laws Isn’t All Bad’

“Nobody wants their data spread far and wide,” write two associate editors at MIT Technology Review, “but the FCC’s rules were an inconsistent solution to a much larger problem.” An anonymous reader writes:

They point out the rules passed in October “…

“Nobody wants their data spread far and wide,” write two associate editors at MIT Technology Review, “but the FCC’s rules were an inconsistent solution to a much larger problem.” An anonymous reader writes:

They point out the rules passed in October “weren’t even yet in effect,” but more importantly — they only would’ve applied to ISPs. “[T]he reality is that the U.S. doesn’t have a baseline law that governs online privacy,” and the truth is, it never did. “The FCC’s new privacy rules would have been dramatic, to be sure — but they would only have addressed one piece of the problem, leaving companies like Facebook and Google free to continue doing much the same thing.
While the repeal still needs approval in the U.S. House of Representatives and the president’s signature, their article argues that what’s really needed is “a more consistent approach to privacy.”

Read more of this story at Slashdot.

Some Of Hacker Group’s Claim Of Having Access To 250M iCloud Account Aren’t False

Earlier this week, a hacker group claimed that it had access to 250 million iCloud accounts. The hackers, who called themselves part of Turkish Crime Family group, threatened to reset passwords of all the iCloud accounts and remotely wipe those iPhones…

Earlier this week, a hacker group claimed that it had access to 250 million iCloud accounts. The hackers, who called themselves part of Turkish Crime Family group, threatened to reset passwords of all the iCloud accounts and remotely wipe those iPhones. Apple could stop them, they said, if it paid them a ransom by April 7. In a statement, Apple said, “the alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services,” and that it is working with law enforcement officials to identify the hackers. Now, ZDNet reports that it obtained a set of credentials from the hacker group and was able to verify some of the claims. From the article: ZDNet obtained a set of 54 credentials from the hacker group for verification. All the 54 accounts were valid, based on a check using the site’s password reset function. These accounts include “icloud.com,” dating back to 2011, and legacy “me.com” and “mac.com” domains from as early as 2000. The list of credentials contained just email addresses and plain-text passwords, separated by a colon, which according to Troy Hunt, data breach expert and owner of notification site Have I Been Pwned, makes it likely that the data “could be aggregated from various sources.” We started working to contact each person, one by one, to confirm their password. Most of the accounts are no longer registered with iMessage and could not be immediately reached. However, 10 people in total confirmed that their passwords were accurate, and as a result have now been changed.

Read more of this story at Slashdot.

Some Of Hacker Group’s Claims Of Having Access To 250M iCloud Accounts Aren’t False

Earlier this week, a hacker group claimed that it had access to 250 million iCloud accounts. The hackers, who called themselves part of Turkish Crime Family group, threatened to reset passwords of all the iCloud accounts and remotely wipe those iPhones…

Earlier this week, a hacker group claimed that it had access to 250 million iCloud accounts. The hackers, who called themselves part of Turkish Crime Family group, threatened to reset passwords of all the iCloud accounts and remotely wipe those iPhones. Apple could stop them, they said, if it paid them a ransom by April 7. In a statement, Apple said, “the alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services,” and that it is working with law enforcement officials to identify the hackers. Now, ZDNet reports that it obtained a set of credentials from the hacker group and was able to verify some of the claims. From the article: ZDNet obtained a set of 54 credentials from the hacker group for verification. All the 54 accounts were valid, based on a check using the site’s password reset function. These accounts include “icloud.com,” dating back to 2011, and legacy “me.com” and “mac.com” domains from as early as 2000. The list of credentials contained just email addresses and plain-text passwords, separated by a colon, which according to Troy Hunt, data breach expert and owner of notification site Have I Been Pwned, makes it likely that the data “could be aggregated from various sources.” We started working to contact each person, one by one, to confirm their password. Most of the accounts are no longer registered with iMessage and could not be immediately reached. However, 10 people in total confirmed that their passwords were accurate, and as a result have now been changed.

Read more of this story at Slashdot.

Hackers Claim Access To 300 Million iCloud Accounts, Demand $75,000 From Apple To Delete the Cache of Data

A hacker or group of hackers calling themselves the “Turkish Crime Family” claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting th…

A hacker or group of hackers calling themselves the “Turkish Crime Family” claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding “$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data.” From the report: The hackers provided screenshots of alleged emails between the group and members of Apple’s security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. “Are you willing to share a sample of the data set?” an unnamed member of Apple’s security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman’s iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim’s Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.

Read more of this story at Slashdot.

Buying a Samsung TV Online Could Jeopardize Your Data

An anonymous reader shares a CNET report: If you buy a product from Samsung’s online store, your name, address, order information and other data may be accessible to anyone who cares to look. Matt Metzger, a self-described “application security enginee…

An anonymous reader shares a CNET report: If you buy a product from Samsung’s online store, your name, address, order information and other data may be accessible to anyone who cares to look. Matt Metzger, a self-described “application security engineer” who said he has worked in shipping-industry compliance, wrote Wednesday on Medium about an accidental discovery. Metzger said he ordered a TV from the Samsung online store and was sent a URL to track his delivery. When he followed the URL, he discovered that his tracking number was the same one used for someone else’s previous delivery and that he could see sensitive information, such as the person’s name and items ordered, without any security measures getting in the way. Metzger also discovered that more information was attached in a TIFF file to his own order after the delivery was completed. The file included his full name, address and signature.Samsung told CNET it is aware of the issue and is looking into it.

Read more of this story at Slashdot.

Vibrator Maker To Pay Millions Over Claims It Secretly Tracked Use

An anonymous reader quotes a report from NPR: The makers of the We-Vibe, a line of vibrators that can be paired with an app for remote-controlled use, have reached a $3.75 million class action settlement with users following allegations that the compan…

An anonymous reader quotes a report from NPR: The makers of the We-Vibe, a line of vibrators that can be paired with an app for remote-controlled use, have reached a $3.75 million class action settlement with users following allegations that the company was collecting data on when and how the sex toy was used. The We-Vibe product line includes a number of Bluetooth-enabled vibrators that, when linked to the “We-Connect” app, can be controlled from a smartphone. It allows a user to vary rhythms, patterns and settings — or give a partner, in the room or anywhere in the world, control of the device. Since the app was released in 2014, some observers have raised concerns that Internet-connected sex toys could be vulnerable to hacking. But the lawsuit doesn’t involve any outside meddling — instead, it centers on concerns that the company itself was tracking users’ sex lives. The lawsuit was filed in federal court in Illinois in September. It alleges that — without customers’ knowledge — the app was designed to collect information about how often, and with what settings, the vibrator was used. The lawyers for the anonymous plaintiffs contended that the app, “incredibly,” collected users’ email addresses, allowing the company “to link the usage information to specific customer accounts.” Customers’ email addresses and usage data were transmitted to the company’s Canadian servers, the lawsuit alleges. When a We-Vibe was remotely linked to a partner, the connection was described as “secure,” but some information was also routed through We-Connect and collected, the lawsuit says.

Read more of this story at Slashdot.

Germany Plans To Fine Social Media Sites Over Hate Speech

Germany plans a new law calling for social networks like Facebook to remove slanderous or threatening online postings quickly or face fines of up to 50 million euros ($53 mln). From a report: “This (draft law) sets out binding standards for the way ope…

Germany plans a new law calling for social networks like Facebook to remove slanderous or threatening online postings quickly or face fines of up to 50 million euros ($53 mln). From a report: “This (draft law) sets out binding standards for the way operators of social networks deal with complaints and obliges them to delete criminal content,” Justice Minister Heiko Maas said in a statement announcing the planned legislation on Tuesday. Failure to comply could see a social media company fined up to 50 million euros, and the company’s chief representative in Germany fined up to 5 million euros. Germany already has some of the world’s toughest hate speech laws covering defamation, slander, public incitement to commit crimes and threats of violence, backed up by prison sentences for Holocaust denial or inciting hatred against minorities. It now aims to update these rules for the social media age.

Read more of this story at Slashdot.

Tim Berners-Lee Warns About the Web’s Three Biggest Threats

Sunday was the 28th anniversary of the day that 33-year-old Tim Berners-Lee submitted his proposal for the World Wide Web — and the father of the web published a new letter today about “how the web has evolved, and what we must do to ensure it fulfill…

Sunday was the 28th anniversary of the day that 33-year-old Tim Berners-Lee submitted his proposal for the World Wide Web — and the father of the web published a new letter today about “how the web has evolved, and what we must do to ensure it fulfills his vision of an equalizing platform that benefits all of humanity.”

It’s been an ongoing battle to maintain the web’s openness, but in addition, Berners-Lee lists the following issues: 1) We’ve lost control of our personal data. 2) It’s too easy for misinformation to spread on the web. 3) Political advertising online needs transparency and understanding. Tim Berners-Lee writes:

We must work together with web companies to strike a balance that puts a fair level of data control back in the hands of people, including the development of new technology like personal “data pods” if needed and exploring alternative revenue models like subscriptions and micropayments. We must fight against government over-reach in surveillance laws, including through the courts if necessary. We must push back against misinformation by encouraging gatekeepers such as Google and Facebook to continue their efforts to combat the problem, while avoiding the creation of any central bodies to decide what is “true” or not. We need more algorithmic transparency to understand how important decisions that affect our lives are being made, and perhaps a set of common principles to be followed. We urgently need to close the “internet blind spot” in the regulation of political campaigning.

Berners-Lee says his team at the Web Foundation “will be working on many of these issues as part of our new five year strategy,” researching policy solutions and building progress-driving coalitions, as well as maintaining their massive list of digital rights organizations. “I may have invented the web, but all of you have helped to create what it is today… and now it is up to all of us to build the web we want — for everyone.” Inspired by the letter, very-long-time Slashdot reader Martin S. asks, does the web need improvements? And if so, “I’m wondering what Slashdotters would consider to be a solution?”

Read more of this story at Slashdot.

Notepad++ Update Fixes ‘CIA Hacking’ Issue

Free software Notepad++ (released under the GNU General Public License) received a new update this week which was announced under the headline “Fix CIA Hacking Notepad++ Issue”. The CIA documents in WikiLeaks’ ‘Vault 7’ included a “Notepad++ DLL Hijack…

Free software Notepad++ (released under the GNU General Public License) received a new update this week which was announced under the headline “Fix CIA Hacking Notepad++ Issue”. The CIA documents in WikiLeaks’ ‘Vault 7′ included a “Notepad++ DLL Hijack” document which affected the popular Windows editor for text and source code. “It’s not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it,” reads the announcement. From the Notepad++ web site:

If the certificate is missing or invalid, then it just won’t be loaded, and Notepad++ will fail to launch. Checking the certificate of DLL makes it harder to hack.

Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn’t prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.

The update also includes “a lot of enhancements and bug-fixes,” and if no critical issues are found, “Auto-updater will be triggered in few days.”

Read more of this story at Slashdot.

Notepad++ Update Fixes ‘CIA Hacking’ Issue

Free software Notepad++ (released under the GNU General Public License) received a new update this week which was announced under the headline “Fix CIA Hacking Notepad++ Issue”. The CIA documents in WikiLeaks’ ‘Vault 7’ included a “Notepad++ DLL Hijack…

Free software Notepad++ (released under the GNU General Public License) received a new update this week which was announced under the headline “Fix CIA Hacking Notepad++ Issue”. The CIA documents in WikiLeaks’ ‘Vault 7′ included a “Notepad++ DLL Hijack” document which affected the popular Windows editor for text and source code. “It’s not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it,” reads the announcement. From the Notepad++ web site:

If the certificate is missing or invalid, then it just won’t be loaded, and Notepad++ will fail to launch. Checking the certificate of DLL makes it harder to hack.

Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn’t prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.

The update also includes “a lot of enhancements and bug-fixes,” and if no critical issues are found, “Auto-updater will be triggered in few days.”

Read more of this story at Slashdot.