Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Communications

US Presidential Election Was Most 'Talked About' Topic In 2016, Says Facebook (phys.org) 50

What may come as no surprise to Facebook users, the social media company announced in a blog post that the U.S. presidential election was the most "talked about" topic on Facebook in 2016. Phys.Org highlights the other most-discussed topics in its report: The bitterly contested election in which Donald Trump defeated Hillary Clinton was ranked as the leading issue, followed by Brazil's political developments which included the impeachment of president Dilma Rousseff, Facebook said in a blog post. On the lighter side at number three was the runaway success of Pokemon Go, the location-based augmented reality game for smartphone users. Other subject matters shared among Facebook's 1.79 billion users were more sober, with the fourth leading topic the "Black Lives Matter" movement, followed by the election in the Philippines of Rodrigo Duterte. Number six on the list was the Olympic games, followed by Brexit, the Super Bowl and the deaths of rock star David Bowie and boxing icon Muhammad Ali. Facebook said it measured leading topics by how frequently an issue was mentioned in posts made between January 1 and November 27.
Privacy

Watchdog Group Claims Smart Toys Are Spying On Kids (mashable.com) 45

The Center for Digital Democracy has filed a complaint with the Federal Trade Commission warning of security and privacy holes associated with a pair of smart toys designed for children. Mashable reports: "This complaint concerns toys that spy," reads the complaint, which claims the Genesis Toys' My Friend Cayla and i-QUE Intelligent Robot can record and collect private conversations and offer no limitations on the collection and use of personal information. Both toys use voice recognition, internet connectivity and Bluetooth to engage with children in conversational manner and answer questions. The CDD claims they do all of this in wildly insecure and invasive ways. Both My Friend Cayla and i-QUE use Nuance Communications' voice-recognition platform to listen and respond to queries. On the Genesis Toy site, the manufacturer notes that while "most of Cayla's conversational features can be accessed offline," searching for information may require an internet connection. The promotional video for Cayla encourages children to "ask Cayla almost anything." The dolls work in concert with mobile apps. Some questions can be asked directly, but the toys maintain a constant Bluetooth connection to the dolls so they can also react to actions in the app and even appear to identify objects the child taps on on screen. While some of the questions children ask the dolls are apparently recorded and sent to Nuance's servers for parsing, it's unclear how much of the information is personal in nature. The Genesis Privacy Policy promises to anonymize information. The CDD also claims, however, that My Friend Cayla and i-Que employ Bluetooth in the least secure way possible. Instead of requiring a PIN code to complete pairing between the toy and a smartphone or iPad, "Cayla and i-Que do not employ... authentication mechanisms to establish a Bluetooth connection between the doll and a smartphone or tablet. The dolls do not implement any other security measure to prevent unauthorized Bluetooth pairing." Without a pairing notification on the toy or any authentication strategy, anyone with a Bluetooth device could connect to the toys' open Bluetooth networks, according to the complaint.
AT&T

AT&T To Cough Up $88 Million For 'Cramming' Mobile Customer Bills (networkworld.com) 26

An anonymous reader quotes a report from Network World: Some 2.7 million ATT customers will share $88 million in compensation for having had unauthorized third-party charges added to their mobile bills, the Federal Trade Commission announced this morning. The latest shot in the federal government's years-long battle against such abuses, these refunds will represent the most money ever recouped by victims of what is known as "mobile cramming," according to the FTC. From an FTC press release: "Through the FTC's refund program, nearly 2.5 million current ATT customers will receive a credit on their bill within the next 75 days, and more than 300,000 former customers will receive a check. The average refund amount is $31. [...] According to the FTC's complaint, ATT placed unauthorized third-party charges on its customers' phone bills, usually in amounts of $9.99 per month, for ringtones and text message subscriptions containing love tips, horoscopes, and 'fun facts.' The FTC alleged that ATT kept at least 35 percent of the charges it imposed on its customers." The matter with ATT was originally made public in 2014 and also involved two companies that actually applied the unauthorized charges, Tatto and Acquinity.
Government

Congress Passes BOTS Act To Ban Ticket-Buying Software (arstechnica.com) 151

Congress passed a bill yesterday that will make it illegal for people to use software bots to buy concert tickets. Ars Technica reports: The Better Online Ticket Sales (BOTS) Act makes it illegal to bypass any computer security system designed to limit ticket sales to concerts, Broadway musicals, and other public events with a capacity of more than 200 persons. Violations will be treated as "unfair or deceptive acts" and can be prosecuted by the Federal Trade Commission or the states. The bill passed the Senate by unanimous consent last week, and the House of Representatives voted yesterday to pass it as well. It now proceeds to President Barack Obama for his signature. Computer programs that automatically buy tickets have been a frustration for the concert industry and fans for a few years now. The issue had wide exposure after a 2013 New York Times story on the issue. Earlier this year, the office of New York Attorney General Eric Schneiderman completed an investigation into bots. The New York AG's ticket sales report (PDF) found that the tens of thousands of tickets snatched up by bots were marked up by an average of 49 percent.
Transportation

Paris Makes All Public Transportation Free In Battle Against 'Worst Air Pollution For 10 Years' (independent.co.uk) 217

Paris has barred some cars from its streets and has made public transportation free as it suffers from the worst and most prolonged winter pollution for at least 10 years, the Airparif agency said on Wednesday. The Independent reports: Authorities have said only drivers with odd-numbered registration plates can drive in the capital region on Wednesday. Drivers of even-numbered cars were given the same opportunity on Tuesday, but could now be fined up to 35 EUR if they are caught behind the wheel. More than 1,700 motorists were fined for violations on Tuesday. Paris mayor Anne Hidalgo said images of smog blanketing the capital were proof of the need to reduce vehicle use in the city center. The air pollution peak is due to the combination of emissions from vehicles and from domestic wood fires as well as near windless conditions which means pollutants have not been dispersed, the Airparif agency said. "This is a record period (of pollution) for the last 10 years," Karine Leger of AirParif told AFP by telephone. For more than a week, Airparif has published readings of PM10 at more than 80 micrograms per cubic meter of air particles, triggering the pollution alert. Along with odd-numbered cars, hybrid or electric vehicles as well as those carrying three or more people will be allowed to roam the roads. Foreign and emergency vehicles will be unaffected.
Cellphones

NSA, GCHQ Have Been Intercepting In-Flight Mobile Calls For Years (reuters.com) 95

An anonymous reader quotes a report from Reuters: American and British spies have since 2005 been working on intercepting phone calls and data transfers made from aircraft, France's Le Monde newspaper reported on Wednesday, citing documents from former U.S. spy agency contractor Edward Snowden. According to the report, also carried by the investigative website The Intercept, Air France was targeted early on in the projects undertaken by the U.S. National Security Agency (NSA) and its British counterpart, GCHQ, after the airline conducted a test of phone communication based on the second-generation GSM standard in 2007. That test was done before the ability to use phones aboard aircraft became widespread. "What do the President of Pakistan, a cigar smuggler, an arms dealer, a counterterrorism target, and a combatting proliferation target have in common? They all used their everyday GSM phone during a flight," the reports cited one NSA document from 2010 as saying. In a separate internal document from a year earlier, the NSA reported that 100,000 people had already used their mobile phones in flight as of February 2009, a doubling in the space of two months. According to Le Monde, the NSA attributed the increase to "more planes equipped with in-flight GSM capability, less fear that a plane will crash due to making/receiving a call, not as expensive as people thought." Le Monde and The Intercept also said that, in an internal presentation in 2012, GCHQ had disclosed a program called "Southwinds," which was used to gather all the cellular activity, voice communication, data, metadata and content of calls made on board commercial aircraft.
Bug

Nintendo Offers Up To $20,000 To Hack the 3DS (silicon.co.uk) 41

Mickeycaskill writes: Nintendo will pay up to $20,000 for system and software vulnerabilities in the Nintendo 3DS family of handheld gaming consoles. The company is looking to prevent activities such as piracy, cheating and the circulation of inappropriate content to children. The stated goal is to "provide a secure environment for our customers so that they can enjoy our games and services. In order to achieve this goal, Nintendo is interested in receiving vulnerability information that researchers may discover regarding Nintendo's platforms." Silicon.co.uk reports: "Rewards will range from $100 to $20,000, with one given per 'qualifying piece of vulnerability information.' Hackers looking to claim a reward will have to provide Nintendo with either a proof-of-concept or a piece of functional exploit code in order to qualify."
Movies

Falsely Accused Movie Pirate Deserves $17K Compensation, Court Says (torrentfreak.com) 57

An Oregon District Court has sided with a wrongfully accused man who was sued for allegedly downloading a pirated copy of the Adam Sandler movie "The Cobbler." According to the court's recommendations, reports TorrentFreak, the man is entitled to more than $17,000 in compensation as the result of the filmmakers "overaggressive" and "unreasonable" tactics. From the article: The defendant in question, Thomas Gonzales, operates an adult foster care home where several people had access to the Internet. The filmmakers were aware of this and during a hearing their counsel admitted that any guest could have downloaded the film. [...] "The Court finds that once Plaintiff learned that the alleged infringement was taking place at an adult group care home at which Gonzales did not reside, Plaintiff's continued pursuit of Gonzales for copyright infringement was objectively unreasonable," Judge Beckerman ruled. "The Court shares Gonzales' concern that Plaintiff is motivated, at least in large part, by extracting large settlements from individual consumers prior to any meaningful litigation. "On balance, the Court has concerns about the motivation behind Plaintiff's overaggressive litigation of this case and other cases, and that factor weighs in favor of fee shifting."
Sony

Backdoor Accounts Found in 80 Sony IP Security Camera Models (pcworld.com) 53

Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version. Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price, PCWorld reports. From the article: One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday. The second hard-coded password is for the root account that could be used to take full control of the camera over Telnet. The researchers established that the password is static based on its cryptographic hash and, while they haven't actually cracked it, they believe it's only a matter of time until someone does. Sony released a patch to the affected camera models last week.
Advertising

New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels (bleepingcomputer.com) 202

An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.
Businesses

T-Mobile CFO: Less Regulation, Repeal of Net Neutrality By Trump Would Be 'Positive For My Industry' (tmonews.com) 158

An anonymous reader quotes a report from TmoNews: T-Mobile CFO Braxton Carter spoke at the UBS Global Media and Communications Conference in New York City, and he touched a bit on President-elect Donald Trump and what his election could mean for the mobile industry. Carter expects that a Trump presidency will foster an environment that'll be more positive for wireless. "It's hard to imagine, with the way the election turned out, that we're not going to have an environment, from several aspects, that is not going to be more positive for my industry," the CFO said. He went on to explain that there will likely be less regulation, something that he feels "destroys innovation and value creation." Speaking of innovation, Carter also feels that a reversal of net neutrality and the FCC's Open Internet rules would be good for innovation in the industry, saying that it "would provide opportunity for significant innovation and differentiation" and that it'd enable you to "do some very interesting things."
Patents

Supreme Court Rules For Samsung in Smartphone Fight With Apple (reuters.com) 100

The Supreme Court on Tuesday sided with Samsung in its high-profile patent dispute with Apple over design of the iPhone. The justices said Samsung may not be required to pay all the profits it earned from 11 phone models because the features at issue are only a tiny part of the devices. From a report on Reuters: The justices in their 8-0 ruling sent the case back to the lower court for further proceedings. The decision gives Samsung another chance to try to get back a big chunk of the money it paid Apple in December following a 2012 jury verdict that it infringed Apple's iPhone patents and mimicked its distinctive appearance in making the Galaxy and other competing devices. The court held that a patent violator does not always have to fork over its entire profits from the sales of products using stolen designs, if the designs covered only certain components and not the whole thing.
Patents

Supreme Court Considers When US Patent Violations Are 'Induced' Abroad (arstechnica.com) 31

The US Supreme Court today will take up a case that will determine how much help an overseas manufacturer can get from the U.S. without running afoul of US patent laws. From a report on ArsTechnica: The case originates in a dispute between two competitors in the field of genetic testing. Both Promega Corporation and Life Technologies (selling through its Applied Biosciences brand) make DNA testing kits that can be used in a variety of fields, including forensic identification, paternity testing, medical treatment, and research. Promega licensed several patents to Applied Biosystems that allowed its competitor to sell kits for use in "Forensics and Human Identity Applications." The license forbade sales for clinical or research uses. In 2010, Promega filed a lawsuit in federal court, saying that Life Technologies had "engaged in a concerted effort to sell its kits into unlicensed fields," thus infringing its patents. A Wisconsin federal jury found that Life Tech had willfully infringed and should pay $52 million in damages. But the district judge overseeing the case set aside that verdict after trial, ruling that since nearly all of the Life Tech product had been assembled and shipped from outside the US, the product wasn't subject to US patent laws.
Education

White House Silence Seems To Confirm $4 Billion 'Computer Science For All' K-12 Initiative Is No More 278

theodp writes: "2016 as a year of action builds on a decade of national, state, and grassroots activity to revitalize K-12 computer science education," reads the upbeat White House blog post kicking off Computer Science Education Week. But conspicuous by its absence in the accompanying fact sheet for A Year of Action Supporting Computer Science for All is any mention of the status of President Obama's proposed $4 billion Computer Science For All initiative, which enjoyed support from the likes of Microsoft, Facebook, and Google. On Friday, tech-backed Code.org posted An Update on Computer Science Education and Federal Funding, which explained that Congress's passage of a 'continuing resolution' extending the current budget into 2017 spelled curtains for federal funding for the program in 2016 and beyond. "We don't have any direct feedback yet about the next administration's support for K-12 CS," wrote CEO Hadi Partovi and Govt. Affairs VP Cameron Wilson, "other than a promise to expand 'vocational and technical education' as part of Trump's 100-day plan which was published in late October. I am hopeful that this language may translate into support for funding K-12 computer science at a federal level. However, we should assume that it will not."
Government

California State Senator Introduces Bill That Would Mandate Reporting of 'Superbug' Infections, Deaths (reuters.com) 75

An anonymous reader quotes a report from Reuters: A California state senator introduced a bill on Monday that would mandate reporting of antibiotic-resistant infections and deaths and require doctors to record the infections on death certificates when they are a cause of death. The legislation also aims to establish the nation's most comprehensive statewide surveillance system to track infections and deaths from drug-resistant pathogens. Data from death certificates would be used to help compile an annual state report on superbug infections and related deaths. In September, a Reuters investigation revealed that tens of thousands of superbug deaths nationwide go uncounted every year. The infections are often omitted from death certificates, and even when they are recorded, they aren't counted because of the lack of a unified national surveillance system. Because there is no federal surveillance system, monitoring of superbug infections and deaths falls to the states. A Reuters survey of all 50 state health departments and the District of Columbia found that reporting requirements vary widely. Hill's bill would require hospitals and clinical labs to submit an annual summary of antibiotic-resistant infections to the California Department of Health beginning July 1, 2018; amend a law governing death certificates by requiring that doctors specify on death certificates when a superbug was the leading or a contributing cause of death; and require the state Health Department to publish an annual report on resistant infections and deaths, including data culled from death certificates.
Google

Google Preparing 'Invisible ReCAPTCHA' System For No User Interaction (bleepingcomputer.com) 57

An anonymous reader quotes a report from BleepingComputer: Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all. Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology. Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers. The service helped reduce the time needed to fill in forms, and maintained the same high-level of spam detection we've become accustomed from the reCAPTCHA service. The introduction of the new Invisible reCAPTCHA technology is unlikely to make the situation better for Tor users since CloudFlare will likely force them to solve the same puzzle if they come from IPs seen in the past performing suspicious actions. Nevertheless, CloudFlare started working on an alternative.
Network

Millions In US Still Living Life In Internet Slow Lane (arstechnica.com) 208

An anonymous reader quotes a report from Ars Technica: Millions of Americans still have extremely slow Internet speeds, a new Federal Communications Commission report shows. While the FCC defines broadband as download speeds of 25Mbps, about 47.5 million home or business Internet connections provided speeds below that threshold. Out of 102.2 million residential and business Internet connections, 22.4 million offered download speeds less than 10Mbps, with 5.8 million of those offering less than 3Mbps. About 25.1 million connections offered at least 10Mbps but less than 25Mbps. 54.7 million households had speeds of at least 25Mbps, with 15.4 million of those at 100Mbps or higher. These are the advertised speeds, not the actual speeds consumers receive. Some customers will end up with slower speeds than what they pay for. Upload speeds are poor for many Americans as well. While the FCC uses 3Mbps as the upload broadband standard, 16 million households had packages with upload speeds less than 1Mbps. Another 27.2 million connections were between 1Mbps and 3Mbps, 30.1 million connections were between 3Mbps and 6Mbps, while 29 million were at least 6Mbps. The Internet Access Services report released last week contains data as of December 31, 2015. The 11-month gap is typical for these reports, which are based on information collected from Internet service providers. The latest data is nearly a year old, so things might look a bit better now, just as the December 2015 numbers are a little better than previous ones.
Google

New Google Trusted Contacts Service Shares User Location In Real Time (onthewire.io) 89

Reader Trailrunner7 writes: Google has spent a lot of time and money on security over the last few years, developing new technologies and systems to protect users' devices. One of the newer technologies the company has come up with is designed to provide security for users themselves rather than their laptops or phones.

On Monday Google launched a new app for Android called Trusted Contacts that allows users to share their locations and some limited other information with a set of close friends and family members. The system is a two-way road, so a user can actively share her location with her Trusted Contacts, and stop sharing it at her discretion. But, when a problem or potential emergency comes up, one of those contacts can request to get that user's location to see where she is at any moment. The app is designed to give users a way to reassure contacts that they're safe, or request help if there's something wrong.

The Courts

Embedding Isn't Copyright Infringement, Says Italian Court (arstechnica.co.uk) 25

The appeal court of Rome has overturned one of the 152 website blocks another court imposed last month, and ruled that embedding does not constitute a copyright infringement. From an ArsTechnica report: The order against the Italian site Kisstube is annulled, but the other websites remain blocked. Kisstube is a YouTube channel, which also exists as a standalone website that does not host any content itself, linking instead to YouTube. Both the channel and website arrange content by categories for the convenience of users. The Italian court's decision was informed by an important ruling by the Court of Justice of the European Union (CJEU). In the BestWater case, the CJEU held that embedding or framing a video or image from another website is not copyright infringement if the latter is already accessible to the general public. However, another CJEU judgment ruled that posting hyperlinks to pirated copies of material is only legal provided it is done without knowledge that they are unauthorised versions, and it is not carried out for financial gain.
EU

EU Threatens Twitter And Facebook With Possible 'Hate Speech' Laws (gizmodo.com) 371

An anonymous reader quotes Gizmodo: On Sunday, the European Commission warned Facebook, Twitter, Google, YouTube and Microsoft that if the companies do not address their hate speech problems, the EU will enact legislation that will force them to do so. In May, those five companies voluntarily signed a code of conduct to fight illegal hate speech on their platforms within 24 hours... But on Sunday, the European Commission revealed that the companies were not complying with this code in a satisfactory manner.

"In practice the companies take longer and do not yet achieve this goal. They only reviewed 40 percent of the recorded cases in less than 24 hours," a Commission official told Reuters. The Commission's report found that YouTube responded to reports of harassment the fastest, and unsurprisingly, Twitter found itself in last place. "If Facebook, YouTube, Twitter and Microsoft want to convince me and the ministers that the non-legislative approach can work, they will have to act quickly and make a strong effort in the coming months," Jourova told the Financial Times on Sunday.

Slashdot Top Deals