Government

CNN Gets a First-Of-Its-Kind Waiver To Fly Drones Over Crowds (techcrunch.com) 43

The FAA has granted CNN a waiver that allows it to fly its Vantage Robotics Snap drone over open-air crowds of people at altitudes of up to 150 feet. "This is a new precedent in this kind of waiver: Previous exemptions allowed flight of drones over people in closed set operations (like for filmmaking purposes) and only when tethered, with a max height of 21 feet," reports TechCrunch. From the report: The new waiver granted to CNN, as secured through its legal counsel Hogan Lovells, allows for flight of the Vantage UAV (which is quite small and light) above crowds regardless of population density. It was a big win for the firm and the company because it represents a change in perspective on the issue for the FAA, which previously viewed all requests for exceptions from a "worst-case scenario" point of view. Now, however, the FAA has accepted CNN's "reasonableness Approach," which takes into account not just the potential results of a crashed drone, but also the safe operating history of the company doing the flying, their built-in safety procedures, and the features included on the drone model itself that are designed to mitigate the results of any negative issues.
Google

Toronto To Be Home To Google Parent's Biggest Smart City Project Yet (techcrunch.com) 53

Sidewalk Labs, the smart city subsidiary of Alphabet (the parent company of Google) with the stated goal of "reimagining cities from the Internet up," now has a very big sandbox in which to conduct its high-tech experiments. From a report: That's obviously an ambitious project, but some of the groundwork is already being laid: Alphabet's Google will be the flagship tenant for the new neighbourhood, anchoring the easter waterfront, to be called "Quayside," and Sidewalk Labs has committed $50 million to kick off pilot testing and planning in partnership with the City of Toronto. Sidewalk Labs won the contract through its response to a Request for Proposals issues by Waterfront Toronto, and organization created by the Canadian federal government, the Ontario provincial government and the City of Toronto together to foster development of Toronto's lakefront areas in ways that address urban sprawl while respecting the realities of climate change and taking into account the ability of the city's residents to get around efficiently. The area involved in the RFP that Sidewalk Labs will work with the government coalition to develop spans around 800 acres (though 12 acres are specified for the initial project), and is one of the largest underdeveloped urban areas in any North American city, making it a good target for Sidewalk's ambitious vision, which involves building smart cities holistically from the very start. Ultimately, the partners hope to turn the area into a "place for tens of thousands of people to live, work, learn and play -- and to create and advance new ideas that improve city life," according to a release from Sidewalk.
Microsoft

Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 (reuters.com) 43

Citing five former employees, Reuters reported on Tuesday that Microsoft's secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago. From the report: The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident. The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins. The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks. "Bad guys with inside access to that information would literally have a 'skeleton key' for hundreds of millions of computers around the world," said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.
Security

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word (neowin.net) 50

An anonymous reader quotes a report from Neowin: Kaspersky Lab, which has been under fire by the U.S. government as possibly being an agent of the Russian government and spying on U.S. computers, has found a previously unknown bug in Adobe Flash that was apparently exploited by a hacker group on October 10. Adobe issued a patch to fix the bug today. According to Kaspersky, "the exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware." The company worked with Adobe to get a patch ready as quickly as possible, with Adobe releasing it a few hours ago. Users and agencies running the following versions of Adobe Flash will need to update immediately, as the vulnerability has been labeled as critical. The patch updates all versions of Adobe Flash to version 27.0.0.170.
Security

Millions of High-Security Crypto Keys Crippled by Newly Discovered Flaw (arstechnica.com) 55

Slovak and Czech researchers have found a vulnerability that leaves government and corporate encryption cards vulnerable to hackers to impersonate key owners, inject malicious code into digitally signed software, and decrypt sensitive data, reports ArsTechnica. From the report: The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.
Government

Ask Slashdot: Should Users Uninstall Kaspersky's Antivirus Software? (slashdot.org) 306

First, here's the opinion of two former NSA cybersecurity analysts (via Consumer Reports): "It's a big deal," says Blake Darche, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. "For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn't recommend running Kaspersky." By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server. "One of the things people don't realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting," says Chris O'Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria.
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."

And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."

Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?
Windows

Munich Plans New Vote on Dumping Linux For Windows 10 (techrepublic.com) 410

An anonymous reader quotes TechRepublic: The city of Munich has suggested it will cost too much to carry on using Linux alongside Windows, despite having spent millions of euros switching PCs to open-source software... "Today, with a Linux client-centric environment, we are often confronted with major difficulties and additional costs when it comes to acquiring and operating professional application software," the city council told the German Federation of Taxpayers. Running Linux will ultimately prove unsustainable, suggests the council, due to the need to also keep a minority of Windows machines to run line-of-business software incompatible with Linux. "In the long term, this situation means that the operation of the non-uniform client landscape can no longer be made cost-efficient"... Since completing the multi-year move to LiMux, a custom-version of the Linux-based OS Ubuntu, the city always kept a smaller number of Windows machines to run incompatible software. As of last year it had about 4,163 Windows-based PCs, compared to about 20,000 Linux-based PCs.

The assessment is at odds with a wide-ranging review of the city's IT systems by Accenture last year, which found that most of the problems stem not from the use of open-source software, but from inefficiencies in how Munich co-ordinates the efforts of IT teams scattered throughout different departments. Dr. Florian Roth, leader of the Green Party at Munich City Council, said the review had also not recommended a wholesale shift to Windows. "The Accenture report suggested to run both systems because the complete 'rollback' to Windows and MS Office would mean a waste of experience, technology, work and money," he said... The city's administration is investigating how long it would take and how much it would cost to build a Windows 10 client for use by the city's employees. Once this work is complete, the council will vote again in November on whether this Windows client should replace LiMux across the authority from 2021.

A taxpayer's federation post urged "Penguin, adieu!" -- while also admitting that returning to Windows "will devour further tax money in the millions," according to TechRepublic.

"The federation's post also makes no mention of the licensing and other savings achieved by switching to LiMux, estimated to stand at about €10m."
Bitcoin

Julian Assage Taunts US Government For Forcing Wikileaks To Invest In Bitcoin (facebook.com) 190

Saturday's tweet from Julian Assange says it all: "My deepest thanks to the US government, Senator McCain and Senator Lieberman for pushing Visa, MasterCard, PayPal, AmEx, Moneybookers, et al, into erecting an illegal banking blockade against @WikiLeaks starting in 2010. It caused us to invest in Bitcoin -- with > 50000% return."
Assange's tweet was accompanied by a graph showing the massive spike in the price of bitcoin -- though most of that growth occurred in the last year.
The Military

Pentagon Turns To High-Speed Traders To Fortify Markets Against Cyberattack (wsj.com) 72

Slashdot reader Templer421 quotes the Wall Street Journal's report [non-paywalled version here] on DARPA's "Financial Markets Vulnerabilities Project": Dozens of high-speed traders and others from Wall Street are helping the Pentagon study how hackers could unleash chaos in the U.S. financial system. The Department of Defense's research arm over the past year and a half has consulted executives at high-frequency trading firms and quantitative hedge funds, and people from exchanges and other financial companies, participants in the discussions said. Officials described the effort as an early-stage pilot project aimed at identifying market vulnerabilities... Participants described meetings as informal sessions in which attendees brainstorm about how hackers might try to bring down U.S. markets, then rank the ideas by feasibility.

Among the potential scenarios: Hackers could cripple a widely used payroll system; they could inject false information into stock-data feeds, sending trading algorithms out of whack; or they could flood the stock market with fake sell orders and trigger a market crash... "We started thinking a couple years ago what it would be like if a malicious actor wanted to cause havoc on our financial markets," said Wade Shen, who researched artificial intelligence at the Massachusetts Institute of Technology before joining Darpa as a program manager in 2014.

China

China's Scientists Set New International Record -- For Faked Peer Reviews (nytimes.com) 73

China now has more laboratory scientists than any other country in the world, reports Amy Qin in the New York Times, and spends more on research than the entire European Union. But in its rush to dominance, China has stood out in another, less boastful way. Since 2012, the country has retracted more scientific papers because of faked peer reviews than all other countries and territories put together, according to Retraction Watch, a blog that tracks and seeks to publicize retractions of research papers... In April, a scientific journal retracted 107 biology research papers, the vast majority of them written by Chinese authors, after evidence emerged that they had faked glowing reviews of their articles. Then, this summer, a Chinese gene scientist who had won celebrity status for breakthroughs once trumpeted as Nobel Prize-worthy was forced to retract his research when other scientists failed to replicate his results. At the same time, a government investigation highlighted the existence of a thriving online black market that sells everything from positive peer reviews to entire research articles...

In part, these numbers may simply reflect the enormous scale of the world's most populous nation. But Chinese scientists also blame what they call the skewed incentives they say are embedded within their nation's academic system.

The Almighty Buck

In a Cashless World, You'd Better Pray the Power Never Goes Out (mises.org) 448

schwit1 quotes the Mises Institue: When Hurricane Maria knocked out power in Puerto Rico, residents there realized they were going to need physical cash — and a lot of it. Bloomberg reported that the Fed was forced to fly a planeload of cash to the Island to help avert disaster. "William Dudley, the New York Fed president, put the word out within minutes, and ultimately a jet loaded with an undisclosed amount of cash landed on the stricken island. [Business executives in Puerto Rico] described corporate clients' urgent requests for hundreds of thousands in cash to meet payrolls, and the challenge of finding enough armored cars to satisfy endless demand at ATMs... As early as the day after the storm, the Fed began working to get money onto the island."

For a time, unless one had a hoard of cash stored up in ones home, it was impossible to get cash at all. 85 percent of Puerto Rico is still without power... Bloomberg continues: "When some generator-powered ATMs finally opened, lines stretched hours long, with people camping out in beach chairs and holding umbrellas against the sun." In an earlier article from September 25, Bloomberg noted how, without cash, necessities were simply unavailable:

"Cash only," said Abraham Lebron, the store manager standing guard at Supermax, a supermarket in San Juan's Plaza de las Armas. He was in a well-policed area, but admitted feeling like a sitting duck with so many bills on hand. "The system is down, so we can't process the cards. It's tough, but one finds a way to make it work."


Bitcoin

Ransomware Sales On the Dark Web Spike 2,502% In 2017 (carbonblack.com) 23

Slashdot reader rmurph04 writes: Ransomware is a $6.2 million industry, based on sales generated from a network of more than 6,300 Dark Web marketplaces that sell over 45,000 products, according to a report released Wednesday by cybersecurity firm Carbon Black.
While the authors of the software are earning six-figure incomes, ransom payments totalled $1 billion in 2016, according to FBI estimates -- up from just $24 million in 2015. Carbon Black, which was founded by former U.S. government "offensive security hackers," argues that ransomware's growth has been aided by "the emergence of Bitcoin for ransom payment, and the anonymity network, Tor, to mask illicit activities.. Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to 'follow the money.'"
Government

IRS Suspends $7 Million Contract With Equifax After Malware Discovered (cbsnews.com) 50

After malware was discovered on Equifax's website again, the IRS decided late Thursday that it would temporarily suspend the agency's $7.1 million data security contract with the company. CBS News reports: In September, Equifax revealed that it had exposed 143 million consumer files -- containing names, addresses, Social Security numbers and even bank account information -- to hackers in an unprecedented security lapse. The number of consumer potentially affect by the data breach was later raised to 145.5 million. The company's former CEO blamed a single careless employee for the entire snafu. But even as he was getting grilled in Congress earlier this month, the IRS was awarding the company with a no-bid contract to provide "fraud prevention and taxpayer identification services." "Following new information available today, the IRS temporarily suspended its short-term contract with Equifax for identity proofing services," the agency said in a statement. "During this suspension, the IRS will continue its review of Equifax systems and security." The agency does not believe that any data the IRS has shared with Equifax to date has been compromised, but the suspension was taken as "a precautionary step."
Communications

Recordings of the Sounds Heard In the Cuban US Embassy Attacks Released (apnews.com) 299

New submitter chrissfoot shares a report from The Associated Press: The Associated Press has obtained a recording of what some U.S. Embassy workers heard in Havana in a series of unnerving incidents later deemed to be deliberate attacks. The recording, released Thursday by the AP, is the first disseminated publicly of the many taken in Cuba of mysterious sounds that led investigators initially to suspect a sonic weapon. The recordings themselves are not believed to be dangerous to those who listen. Sound experts and physicians say they know of no sound that can cause physical damage when played for short durations at normal levels through standard equipment like a cellphone or computer. What device produced the original sound remains unknown. Americans affected in Havana reported the sounds hit them at extreme volumes. You can listen to the "Dangerous Sound" here via YouTube.
Government

FDA Advisers Endorse Gene Therapy To Treat Form of Blindness (cbsnews.com) 14

An anonymous reader quotes a report from CBS News: A panel of U.S. health advisers has endorsed an experimental approach to treating inherited blindness, setting the stage for the likely approval of an innovative new genetic medicine. A panel of experts to the Food and Drug Administration voted unanimously in favor of Spark Therapeutics' injectable therapy, which aims to improve vision in patients with a rare mutation that gradually destroys normal vision. The vote amounts to a recommendation to approve the therapy. According to Spark Therapeutics' website, inherited retinal diseases are a group of rare blinding conditions caused by one of more than 220 genes. Some living with these diseases experience a gradual loss of vision, while others may be born without the ability to see or lose their vision in infancy or early childhood. Genetic testing is the only way to verify the exact gene mutation that is the underlying cause of the disease.
Businesses

Legal Online Gambling Could Return To the US (digitaltrends.com) 103

A new report says legal online gambling may be coming back to the U.S., not from an casino magnate such as Steve Wynn or Sheldon Adelson, but rather a headphone industry executive. From a report: Now Monster, the same company that turned the headphone industry upside down with Dr. Dre, plans to revive online gambling in America by enlisting someone with a different kind of notoriety: Fred Khalilian. He's a former telemarketing kingpin, wannabe reality TV personality, two-time FTC loser -- and now, the new COO of Monster. He plans to open the company's gambling site, PokerTribe.com, on or before December 15. And he might just make the company billions. So he might also be a genius. But we're getting ahead of ourselves. Gambling is illegal, right? Sort of. How will a headphone maker succeed in online gambling where Trump, Branson, and others have failed? "The roadmap is unbelievable, fraught with laws, certifications, international law, gaming commissions, all that stuff. Very, very complex," Monster CEO Noel Lee exclusively told Digital Trends. "But [Fred] has overcome. He's found his niche, he's worked his way through the government, through the Federal Trade Commission, through all of that, with a strategy that's built around the American Indians."
Transportation

Richard Branson's Virgin Group Invests in Super-fast Hyperloop One Transport System (cnbc.com) 60

An anonymous reader shares a report: Richard Branson's Virgin Group is investing in Hyperloop One, a company developing the super-fast transport system originally conceptualized up by Elon Musk. Hypleroop One is re-branding itself as Virgin Hyperloop One, and Branson is joining the board, the billionaire British investor and entrepreneur announced Thursday on CNBC from London. Virgin Hyperloop One will focus on a passenger and mixed-use cargo service. Last month, Hypleroop One raised $85 million in new funding, and that includes the investment from Virgin. Branson refused to breakout the numbers. Breaking ground on a commercial hyperloop in two to four years is possible if "governments move quickly," Branson said in a "Squawk Box" interview. So far, no government has approved a plan for a hyperloop system. The Virgin founder also said that building a hyperloop tube above or below ground is "cheaper" and "faster" than a traditional rail network. The idea of the transport system -- conceived in 2013 by Musk, the head of both electric automaker Tesla and SpaceX -- works by propelling pods through tubes using magnets reaching speeds akin to those of airplanes.
Privacy

US Government Has 'No Right To Rummage' Through Anti-Trump Protest Website Logs, Says Judge (theregister.co.uk) 277

A Washington D.C. judge has told the U.S. Department of Justice it "does not have the right to rummage" through the files of an anti-Trump protest website -- and has ordered the dot-org site's hosting company to protect the identities of its users. The Register reports: Chief Judge Robert E. Morin issued the revised order [PDF] Tuesday following a high-profile back and forth between the site's hosting biz DreamHost and prosecutors over what details Uncle Sam was entitled to with respect to the disruptj20.org website. "As previously observed, courts around the country have acknowledged that, in searches for electronically stored information, evidence of criminal activity will likely be intermingled with communications and other records not within the scope of the search warrant," he noted in his ruling. "Because of the potential breadth of the government's review in this case, the warrant in its execution may implicate otherwise innocuous and constitutionally protected activity. As the Court has previously stated, while the government has the right to execute its Warrant, it does not have the right to rummage through the information contained on DreamHost's website and discover the identity of, or access communications by, individuals not participating in alleged criminal activity, particularly those persons who were engaging in protected First Amendment activities." The order then lists a series of protocols designed to protect netizens "to comply with First Amendment and Fourth Amendment considerations, and to prevent the government from obtaining any identifying information of innocent persons."
Businesses

FCC's Claim That One ISP Counts As 'Competition' Faces Scrutiny In Court (arstechnica.com) 200

Jon Brodkin reports via Ars Technica: A Federal Communications Commission decision to eliminate price caps imposed on some business broadband providers should be struck down, advocacy groups told federal judges last week. The FCC failed to justify its claim that a market can be competitive even when there is only one Internet provider, the groups said. Led by Chairman Ajit Pai, the FCC's Republican majority voted in April of this year to eliminate price caps in a county if 50 percent of potential customers "are within a half mile of a location served by a competitive provider." That means business customers with just one choice are often considered to be located in a competitive market and thus no longer benefit from price controls. The decision affects Business Data Services (BDS), a dedicated, point-to-point broadband link that is delivered over copper-based TDM networks by incumbent phone companies like AT&T, Verizon, and CenturyLink.

But the FCC's claim that "potential competition" can rein in prices even in the absence of competition doesn't stand up to legal scrutiny, critics of the order say. "In 2016, after more than 10 years of examining the highly concentrated Business Data Services market, the FCC was poised to rein in anti-competitive pricing in the BDS market to provide enterprise customers, government agencies, schools, libraries, and hospitals with much-needed relief from monopoly rates," Phillip Berenbroick, senior policy counsel at consumer advocacy group Public Knowledge said. But after Republicans gained the FCC majority in 2017, "the commission illegally reversed course without proper notice and further deregulated the BDS market, leaving consumers at risk of paying up to $20 billion a year in excess charges from monopolistic pricing," Berenbroick said.

Government

Moscow Has Turned Kaspersky Antivirus Software Into a Global Spy Tool, Using It To Scan Computers For Secret US Data (wsj.com) 267

WSJ has a major scoop today. From a report: The Russian government used a popular antivirus software to secretly scan computers around the world for classified U.S. government documents and top-secret information, modifying the program to turn it into an espionage tool (could be paywalled), according to current and former U.S. officials with knowledge of the matter. The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could only have been made with the company's knowledge, the program searched for terms as broad as "top secret," which may be written on classified government documents, as well as the classified code names of U.S. government programs, these people said. The Wall Street Journal reported last week that Russian hackers used Kaspersky's software in 2015 to target a contractor working for the National Security Agency, who had removed classified materials from his workplace and put them on his home computer, which was running the program. The hackers stole highly classified information on how the NSA conducts espionage and protects against incursions by other countries, said people familiar with the matter. But the use of the Kaspersky program to spy on the U.S. is broader and more pervasive than the operation against that one individual, whose name hasn't been publicly released, current and former officials said. This link should get you around WSJ's paywall. Also read: Israeli Spies 'Watched Russian Agents Breach Kaspersky Software'

Slashdot Top Deals