BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×
United Kingdom

Living In Nuclear Disaster Fallout Zone Would Be No Worse Than Living In London, Research Suggests (bristol.ac.uk) 74

An anonymous reader quotes a report from University of Bristol, England: New research suggests that few people, if any, should be asked to leave their homes after a big nuclear accident, which is what happened in March 2011 following the Fukushima Daiichi nuclear disaster. Professor Thomas's team used the Judgement or J-value to balance the cost of a safety measure against the increase in life expectancy it achieves. The J-value is a new method pioneered by Professor Thomas that assesses how much should be spent to protect human life and the environment. The researchers found that it was difficult to justify relocating anyone from Fukushima Daiichi, where four and a half years after the accident around 85,000 of the 111,000 people who were moved out by the Japanese government had still not returned. After the world's worst nuclear accident at Chernobyl in 1986, in what was then part of the Ukrainian Soviet Socialist Republic of the Soviet Union (USSR), the J-value method supported relocation when nine months' or more life expectancy would be lost due to radiation exposure by remaining. Using the J-value method, 31,000 people would have needed to be moved, with the number rising to 72,000 if the whole community was evacuated when five per cent of its residents were calculated to lose nine months of life or more.

Philip Thomas, Professor of Risk Management in the Department of Civil Engineering at the University of Bristol, said: "Mass relocation is expensive and disruptive. But it is in danger of becoming established as the prime policy choice after a big nuclear accident. It should not be. Remediation should be the watchword for the decision maker, not relocation." For comparison, the average Londoner loses four and a half months to air pollution, while the average resident of Manchester lives 3.3 years less than his/her counterpart in Harrow, North London. Meanwhile, boys born in Blackpool lose 8.6 years of life on average compared with those born in London's borough of Kensington and Chelsea.
The results are published in a special issue of Process Safety and Environmental Protection, a journal from the Institution of Chemical Engineers.
Communications

More Than a Million Pro-Repeal Net Neutrality Comments Were Likely Faked (hackernoon.com) 98

Jeff Kao from Hacker Noon used natural language processing techniques to analyze net neutrality comments submitted to the FCC from April-October 2017 and found that at least 1.3 million pro-repeal net neutrality comments were faked. From the report: NY Attorney General Schneiderman estimated that hundreds of thousands of Americans' identities were stolen and used in spam campaigns that support repealing net neutrality. My research found at least 1.3 million fake pro-repeal comments, with suspicions about many more. In fact, the sum of fake pro-repeal comments in the proceeding may number in the millions. In this post, I will point out one particularly egregious spambot submission, make the case that there are likely many more pro-repeal spambots yet to be confirmed, and estimate the public position on net neutrality in the "organic" public submissions. [The key findings include:]

1. One pro-repeal spam campaign used mail-merge to disguise 1.3 million comments as unique grassroots submissions.
2. There were likely multiple other campaigns aimed at injecting what may total several million pro-repeal comments into the system.
3. It's highly likely that more than 99% of the truly unique comments were in favor of keeping net neutrality.

The Courts

AT&T, Comcast Lawsuit Has Nullified a City's Broadband Competition Law (arstechnica.com) 32

An anonymous reader quotes a report from Ars Technica: AT&T and Comcast have convinced a federal judge to nullify an ordinance that was designed to bring more broadband competition to Nashville, Tennessee. The Nashville Metro Council last year passed a "One Touch Make Ready" rule that gives Google Fiber or other new ISPs faster access to utility poles. The ordinance lets a single company make all of the necessary wire adjustments on utility poles itself, instead of having to wait for incumbent providers like AT&T and Comcast to send work crews to move their own wires. AT&T and Comcast sued the metro government in U.S. District Court in Nashville, claiming that federal and local laws preempt the One Touch Make Ready rule. Judge Victoria Roberts agreed with AT&T and Comcast in a ruling issued Tuesday. Google Fiber is offering service in Nashville despite saying last year that it was waiting for access to thousands of utility poles. "We're reviewing [the] court ruling to understand its potential impact on our build in Nashville," a Google spokesperson said this week, according to The Tennessean. "We have made significant progress with new innovative deployment techniques in some areas of the city, but access to poles remains an important issue where underground deployment is not a possibility."
Security

Data Breach Hits Australia's Department of Social Services Credit Card System (theguardian.com) 28

Paul Karp, reporting for The Guardian: The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached. In letters sent in early November the department alerted the employees to "a data compromise relating to staff profiles within the department's credit card management system prior to 2016." Compromised data includes credit card information, employees' names, user names, work phone numbers, work emails, system passwords, Australian government services number, public service classification and organisation unit. The department failed to warn staff how long the data was exposed for but a DSS spokesman told Guardian Australia that the contractor, Business Information Services, had advised that the data was open from June 2016 until October 2017. The data related to the period 2004 to 2015.
Privacy

There's Now a Dark Web Version of Wikipedia (vice.com) 18

An anonymous reader shares a report: In many parts of the world, like North America, using Wikipedia is taken for granted; hell, there are even Twitter accounts to track government employees editing the internet's free encyclopedia while on the clock. But in other places, like Turkey or Syria, using Wikipedia can be difficult, and even dangerous. To make using Wikipedia safer for at-risk users, former Facebook security engineer Alec Muffett has started an experimental dark net Wikipedia service that gives visitors some strong privacy protections. The project is unofficial; for now, Wikipedia isn't involved. So it's a bit janky. The service uses self-signed certificates that may trigger a security warning in Tor, so you have to manually white-list the addresses, which takes a couple minutes.
Businesses

Singapore To Use Driverless Buses 'From 2022' (bbc.com) 41

Singapore plans to introduce driverless buses on its public roads by 2022. From a report: The government says they will be piloted in three new neighbourhoods which will have less-crowded roads designed to accommodate the buses. The buses will be used to help residents travel in their communities, and to nearby train and bus stations. Densely-populated Singapore hopes driverless technology will help the country manage its land constraints and manpower shortages. "The autonomous vehicles will greatly enhance the accessibility and connectivity of our public transport system, particularly for the elderly, families with young children and the less mobile," the Transport Minister Khaw Boon Wan said. The autonomous buses are expected to complement existing manned bus services, and will initially operate during off-peak hours. Additionally, the government plans to let commuters hail on-demand shuttles using their mobile phones.
Bitcoin

We'll Never Legalize Bitcoin, Says Russian Minister (siliconangle.com) 55

An anonymous reader shares a report: In yet another backflip worthy of the Moscow Circus, a Russian minister has said that the country will never legalize bitcoin, just seven months after another government minister said it was considering making it legal. Minister of Communications and Mass Media Nikolai Nikiforov made the statement this week, saying that "bitcoin is a foreign project for using blockchain technology, the Russian law will never consider bitcoin as a legal entity in the jurisdiction of the Russian Federation." Recognizing that blockchain technology is separate to bitcoin, Nikiforov went on to say that "I think that it is quite possible to use blockchain technology and the use of various digital tokens." Those tokens may constitute a Russian-issued cryptocurrency. TASS reported that "Russia's Communication Ministry has submitted to the government the document containing technical details related to cryptocurrencies adoption."
Privacy

Uber Is Under Investigation By Multiple States Over a 2016 Data Breach (recode.net) 25

Yesterday, it was reported that Uber concealed a massive cyberattack that exposed 57 million people's data. Recode reports that at least five states -- Illinois, Massachusetts, Missouri, New York and Connecticut -- would investigate the matter. From the report: Meanwhile, Uber must contend with the possible threat of a new probe at the Federal Trade Commission. The agency, which acts as the U.S. government's top privacy and security watchdog, penalized Uber for its privacy and security practices just this August. But it may not have known that Uber had suffered a major security breach in 2016, even as they investigated the company at the same time for other, unrelated security missteps. For now, the agency merely said it's "closely evaluating the serious issues raised." And some affected customers are similarly taking action. On Wednesday -- hours after the breach became public -- an Uber user filed a lawsuit accusing the company of negligence and deceptive business practices. The plaintiff, Alejandro Flores, is seeking to represent a class of affected riders and drivers alike.

For one thing, 48 states maintain some version of a law that requires companies that suffer a data breach to communicate what happened to consumers. In most cases, companies must disclose a security incident if hackers steal very sensitive customer data -- such as driver's license numbers, which happened with Uber in late 2016. To that end, the attorneys general in Illinois, Connecticut and New York have said they are probing the breach at Uber -- perhaps with an eye on whether the company skirted state laws. The top prosecutors in other major states, like Pennsylvania and Florida, did not immediately respond to emails on Wednesday seeking comment. California's AG declined to comment.

The Internet

FCC Will Also Order States To Scrap Plans For Their Own Net Neutrality Laws (arstechnica.com) 277

An anonymous reader quotes a report from Ars Technica: In addition to ditching its own net neutrality rules, the Federal Communications Commission also plans to tell state and local governments that they cannot impose local laws regulating broadband service. This detail was revealed by senior FCC officials in a phone briefing with reporters today, and it is a victory for broadband providers that asked for widespread preemption of state laws. FCC Chairman Ajit Pai's proposed order finds that state and local laws must be preempted if they conflict with the U.S. government's policy of deregulating broadband Internet service, FCC officials said. The FCC will vote on the order at its December 14 meeting. It isn't clear yet exactly how extensive the preemption will be. Preemption would clearly prevent states from imposing net neutrality laws similar to the ones being repealed by the FCC, but it could also prevent state laws related to the privacy of Internet users or other consumer protections. Pai's staff said that states and other localities do not have jurisdiction over broadband because it is an interstate service and that it would subvert federal policy for states and localities to impose their own rules.
Security

Iranian 'Game of Thrones' Hacker Demanded $6 Million Bitcoin Ransom From HBO, Feds Say (thedailybeast.com) 33

Anonymous readers share a report: The Department of Justice on Tuesday charged an Iranian national with allegedly hacking into HBO, dumping a selection stolen files, and attempting to extort the company by ransoming a treasure trove of the company's content. This summer, hackers released a bevy of internal HBO files, included scripts for Game of Thrones and full, unaired episodes of other shows. Behzad Mesri, aka "Skote Vahshat," at one point worked for the Iranian military to break into military and nuclear systems, as well as Israeli infrastructure, according to the newly released complaint. Under his Vahshat pseudonym, Mesri also defaced hundreds of websites in the U.S. and around the world, the complaint adds. Mesri started his hacking campaign in around May 2017, according to the complaint, probing HBO's systems and employees for weaknesses. Mesri managed to compromise multiple HBO employee accounts as well as other authorized users; from here, he allegedly stole confidential and proprietary information. These included unaired episodes of Ballers, Barry, Room 104, Curb Your Enthusiasm, and The Deuce, as well as scripts for Game of Thrones. Indeed, the hacker behind the HBO breach publicly dumped much of this material online this summer.
Communications

To Save Net Neutrality, We Must Build Our Own Internet (vice.com) 195

In light of reports that FCC plans to announce a full repeal of net neutrality protections later this week, Jason Koebler, editor-in-chief of Motherboard, suggests that it is time we cut our reliance on big telecom monopolies. He writes: Net neutrality as a principle of the federal government will soon be dead, but the protections are wildly popular among the American people and are integral to the internet as we know it. Rather than putting such a core tenet of the internet in the hands of politicians, whose whims and interests change with their donors, net neutrality must be protected by a populist revolution in the ownership of internet infrastructure and networks. In short, we must end our reliance on big telecom monopolies and build decentralized, affordable, locally owned internet infrastructure. The great news is this is currently possible in most parts of the United States. There has never been a better time to start your own internet service provider, leverage the publicly available fiber backbone, or build political support for new, local-government owned networks. For the last several months, Motherboard has been chronicling the myriad ways communities passed over by big telecom have built their own internet networks or have partnered with small ISPs who have committed to protecting net neutrality to bring affordable high speed internet to towns and cities across the country. Update: FCC has announced a plan to repeal net neutrality.
Censorship

Skype Vanishes From App Stores in China (nytimes.com) 37

Skype, Microsoft's Internet phone call and messaging service, has been unavailable for download from a number of app stores in China, including Apple's, for almost a month (Editor's note: the link could be paywalled; alternative source), The New York Times reported on Tuesday. From the report: "We have been notified by the Ministry of Public Security that a number of voice over internet protocol apps do not comply with local law. Therefore these apps have been removed from the app store in China," an Apple spokeswoman said Tuesday in an emailed statement responding to questions about Skype's disappearance from the app store. "These apps remain available in all other markets where they do business." The removal led to a volley of complaints from Chinese users on internet message boards who were no longer able to pay for Skype's services through Apple. The users said that the disruption began in late October. Skype, which is owned by Microsoft, still functions in China, and its fate in the country is not yet clear. But its removal from the app stores is the most recent example of a decades-long push by China's government to control and monitor the flow of information online.
Security

Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions (zdnet.com) 204

Liam Tung, writing for ZDNet: Thanks to an investigation by third-party researchers into Intel's hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers. The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS). Intel discovered the bugs after Maxim Goryachy and Mark Ermolov from security firm Positive Technologies found a critical vulnerability in the ME firmware that Intel now says would allow an attacker with local access to execute arbitrary code. The researchers in August published details about a secret avenue that the US government can use to disable ME, which is not available to the public. Intel ME has been a source of concern for security-minded users, in part because only Intel can inspect the firmware, yet many researchers suspected the powerful subsystem had bugs that were ripe for abuse by attackers.
Businesses

Trump Administration Tightens Scrutiny of Skilled Worker Visa Applicants (inc.com) 261

wyattstorch516 writes: The Trump administration is tightening the scrutiny on the H-1B visa program (Warning: paywalled; alternative source). Changes would undo actions by the Obama administration. There are two big regulatory changes looming that would undo actions by the Obama administration. "The first change allowed spouses of H-1B workers the right to work. That regulation is being challenged in court and the Trump administration is expected to eliminate the provision rather than defend it," reports WSJ. "The second change affects the Optional Practical Training program, which allows foreign graduates from U.S. colleges in science and technology an extra two years of work authorization, giving them time to win an H-1B visa. The Trump administration could kill that benefit or reduce the two-year window, according to people familiar with the discussions." The Journal highlights a "series of more modest changes that have added scrutiny to visa processing":

- "USCIS directed last month that adjudicators no longer pay 'deference' to past determinations for renewal applications. This means an applicant's past approval won't carry any weight if he or she applies for a renewal.

- The agency is conducting more applicant interviews, which critics say slows the system. The agency spokesman says this process will ramp up over several years and is needed to detect fraud and make accurate decisions.

- In the spring, the agency suspended premium processing, which allowed for fast-track consideration to those who paid an extra fee. This option wasn't resumed until October, meaning many workers who qualified for a coveted H-1B visa had to wait months for a decision.

- State Department officials have been told to consider that Mr. Trump's 'Buy American, Hire American' executive order directs visa programs must 'protect the interests of United States workers.' And the Foreign Affairs Manual now instructs officers to scrutinize applications of students to ensure they plan to return to their home countries. A State Department official said the official rules haven't changed but said a 'comprehensive' review is under way."
Cloud

Amazon Launches a Cloud Service For US Intelligence Agencies (cnbc.com) 55

Amazon Web Services on Monday introduced cloud service for the CIA and other members of the U.S. intelligence community. From a report: The launch of the so-called AWS Secret Region comes six years after AWS introduced GovCloud, its first data center region for public sector customers. AWS has since announced plans to expand GovCloud. The new Secret Region signals interest in using AWS from specific parts of the U.S. government. In 2013 news outlets reported on a $600 million contract between AWS and the CIA. That event singlehandledly helped Amazon in its effort to sign up large companies to use its cloud, whose core services have been available since 2006.
The Media

Net Neutrality is Essentially Unassailable, Argues Billionaire Barry Diller (broadcastingcable.com) 81

An anonymous reader quotes Yahoo Finance: The billionaire media mogul behind such popular sites as Expedia, Match.com and HomeAdvisor has a one-word forecast for traditional media conglomerates concerned about being replaced by tech giants: serfdom. "They, like everyone else, are kind of going to be serfs on the land of the large tech companies," IAC chairman Barry Diller said... That's because Google and Facebook not only have such massive user bases but also dominate online advertising. "Google and Facebook are consolidating," Diller said. "They are the only mass advertising mediums we have..." He expects Facebook, Google and maybe Amazon to face government regulation, simply because of their immense size. "At a certain point in size, you must," he said. "It's inevitable."

He did, however, outline one positive for Big Tech getting so gargantuan. Big Telecom no longer has the economic leverage to roll back today's net-neutrality norms, in which internet providers don't try to charge sites extra for access to their subscribers. "I think it's hard to overturn practically," he said. "It is the accepted system."

Even if the U.S. government takes moves to fight net neutrality, Diller told CNBC that "I think it is over... It is [the] practice of the world... You're still going to be able to push a button and publish to the world, without anybody in between asking you for tribute. I think that is now just the way things are done. I don't think it can be violated no matter what laws are back."
AI

Musk-Backed 'Slaughterbots' Video Will Warn the UN About Killer Microdrones (space.com) 252

An anonymous reader quotes Space.com: A graphic new video posits a very scary future in which swarms of killer microdrones are dispatched to kill political activists and U.S. lawmakers. Armed with explosive charges, the palm-sized quadcopters use real-time data mining and artificial intelligence to find and kill their targets. The makers of the seven-minute film titled Slaughterbots are hoping the startling dramatization will draw attention to what they view as a looming crisis -- the development of lethal, autonomous weapons, that select and fire on human targets without human guidance.

The Future of Life Institute, a nonprofit organization dedicated to mitigating existential risks posed by advanced technologies, including artificial intelligence, commissioned the film. Founded by a group of scientists and business leaders, the institute is backed by AI-skeptics Elon Musk and Stephen Hawking, among others. The institute is also behind the Campaign to Stop Killer Robots, a coalition of non-governmental organizations which have banded together to call for a preemptive ban on lethal autonomous weapons... The film will be screened this week at the United Nations in Geneva during a meeting of the Convention on Certain Conventional Weapons... The Campaign to Stop Killer Robots is hosting a series of meetings at this year's event to propose a worldwide ban on lethal autonomous weapons, which could potentially be developed as flying drones, self-driving tanks, or automated sentry guns.

"This short film is more than just speculation," says Stuart Russell, a U.C. Berkeley considered an expert in artificial intelligence.

"It shows the results of integrating and miniaturizing technologies we already have."
Transportation

DJI Threatens Researcher Who Reported Exposed Cert Key, Credentials, and Customer Data (arstechnica.com) 81

An anonymous reader quotes Ars Technica: DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.

Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushback -- including a threat of charges under the Computer Fraud and Abuse Act. DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."

The company says they're now investigating "unauthorized access of one of DJI's servers containing personal information," adding that "the hacker in question" refused to agree to their terms and shared "confidential communications with DJI employees."
Education

The House's Tax Bill Levies a Tax On Graduate Student Tuition Waivers (nytimes.com) 577

Camel Pilot writes: The new GOP tax plan -- which just passed the House -- will tax tuition waivers as income. Graduate students working as research assistants on meager stipends would have to declare tuition waivers as income on the order of $80,000 income. This will force many graduate students of modest means to quit their career paths and walk away from their research. These are the next generation of scientists, engineers, inventors, educators, medical miracle workers and market makers. As Prof Claus Wilke points out: "This would be a disaster for U.S. STEM Ph.D. education." Slashdot reader Camel Pilot references a report via The New York Times, where Erin Rousseau explains how the House of Representatives' recently passed tax bill affects graduate research in the United States. Rousseau is a graduate student at M.I.T. who studies the neurological basis of mental health disorders. "My peers and I work between 40 and 80 hours a week as classroom teachers and laboratory researchers, and in return, our universities provide us with a tuition waiver for school. For M.I.T. students, this waiver keeps us from having to pay a tuition bill of about $50,000 every year -- a staggering amount, but one that is similar to the fees at many other colleges and universities," he writes. "No money from the tuition waivers actually ends up in our pockets, so under Section 117(d)(5), it isn't counted as taxable income." Rousseau continues by saying his tuition waivers will be taxed under the House's tax bill. "This means that M.I.T. graduate students would be responsible for paying taxes on an $80,000 annual salary, when we actually earn $33,000 a year. That's an increase of our tax burden by at least $10,000 annually."
The Military

Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets (theregister.co.uk) 84

An anonymous reader quotes a report from The Register: Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages -- all scraped from around the world by the U.S. military to identify and profile persons of interest. The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive. CENTCOM is the common abbreviation for the U.S. Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for U.S. Pacific Command, covering the rest of southern Asia, China and Australasia.

"For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate." Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens. The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the U.S. government's Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism.

Slashdot Top Deals