Crime

Belgium Declares Video Game Loot Boxes Gambling and Therefore Illegal (arstechnica.com) 32

The Belgian Gaming Commission has reviewed several big video games and found that randomized loot boxes in at least three of the titles count as "games of chance," and publishers could therefore be subject to fines and prison sentences under the country's gaming legislation. Ars Technica reports: A statement by Belgian Minister of Justice Koen Geens (machine translation) identifies loot boxes in Overwatch, FIFA 18, and Counter Strike: Global Offensive as meeting the criteria for that "game of chance" definition: i.e., "there is a game element [where] a bet can lead to profit or loss and chance has a role in the game." The Commission also looked at Star Wars: Battlefront II and determined that the recent changes EA made to the game means it "no longer technically forms a game of chance." Beyond that simple definition, the Gaming Commission expressed concern over games that draw in players with an "emotional profit forecast" of randomized goods, where players "buy an advantage with real money without knowing what benefit it would be." The fact that these games don't disclose the odds of receiving specific in-game items is also worrisome, the Commission said. The three games noted above must remove their loot boxes or be in criminal violation of the country's gaming legislation, Geens writes. That law carries penalties of up to 800,000EU (~$973,680) and five years in prison, which can be doubled if "minors are involved." But Geens says he wants to start a "dialogue" with loot box providers to "see who should take responsibility where."
Transportation

Amazon Will Now Deliver Packages To the Trunk of Your Car (theverge.com) 52

Last year, Amazon unveiled a service called Amazon Key that lets delivery people into your home to drop off packages. Now, the tech giant wants to do the same thing with your car. Amazon announced a new service that gives it couriers access to a person's vehicle for the purpose of leaving package deliveries inside. "Amazon wants to use the connected technologies embedded in many modern vehicles today" to gain entry, reports The Verge. "The company is launching this new service in partnership with two major automakers -- General Motors and Volvo -- and will be rolling out in 37 cities in the U.S. starting today." From the report: Amazon has been beta testing the new service in California and Washington state for the past six months. To start out, the service will only be available to Amazon Prime subscribers. It's also limited to owners of GM and Volvo vehicles, model year 2015 or newer, with active OnStar and Volvo on Call accounts. Amazon says it plans to add other automobile brands over time. Packages that weigh over 50 pounds, are larger than 26 x 21 x 16 inches in size, require a signature, are valued over $1,300, or come from a third-party seller also are not eligible for in-car delivery.

To access the new delivery service, you need to add your car to your Amazon Key app and include a description of the vehicle, so Amazon's couriers will be able to locate it. The car will need to be parked within a certain radius of an address used for Amazon deliveries, so either home or work. Driveways, parking lots, parking garages, and street parking are all eligible locations, just as long as it's not at some random address across town. To find your car, Amazon's couriers will have access to its GPS location and license plate number, as well as an image of the car.

Bitcoin

Bezop Cryptocurrency Server Exposes Personal Info of 25,000 Investors (threatpost.com) 14

lod123 shares a report from Threatpost: A leaky Mongo database exposed personal information, including scanned passports and driver's licenses, of 25,000 investors and potential investors tied to the Bezop cryptocurrency, according to researchers. Kromtech Security said that it found the unprotected data on March 30, adding that it included a treasure-trove of information ranging from "full names, (street) addresses, email addresses, encrypted passwords, wallet information, along with links to scanned passports, driver's licenses and other IDs," according to the researchers. Kromtech researchers, in their overview of the results of its investigation, said that Bezop.io, the organization behind the currency, immediately secured the data after being notified. Bezop is one of over 1,000 cryptocurrencies in a crowded playing field vying for investor attention. According to Kromtech, the list of 25,000 people included both current and prospective investors promised Bezop cryptocurrency in exchange for promoting the cryptocurrency on social media.
Government

More FISA Orders Were Denied During President Trump's First Year in Office Than in the Court's 40-Year History (zdnet.com) 143

In its first year, the Trump administration kept one little-known courtroom in the capital busy. From a report: A secretive Washington DC-based court that oversees the US government's foreign spy programs denied more surveillance orders during President Donald Trump's first year than in the court's 40-year history, according to newly released figures. Annual data published Wednesday by the US Courts shows that the Foreign Intelligence Surveillance (FISA) Court last year denied 26 applications in full, and 50 applications in part. That's compared to 21 orders between when the court was first formed in 1978 and President Barack Obama's final year in office in 2016.
Censorship

North Korea Linked To Global Hacking Operation Against Critical Infrastructure, Telecoms (thehill.com) 40

A suspected North Korean hacking campaign has expanded to targets in 17 different countries, including the U.S., pilfering information on critical infrastructure, telecommunications and entertainment organizations, researchers say. From a report: Cybersecurity firm McAfee released new research on the hacking campaign this week, calling it Operation GhostSecret and describing the attackers as having "significant capabilities" to develop and use multiple cyber tools and rapidly expand operations across the globe. The findings demonstrate the growing sophistication of North Korea's army of hackers, which has been blamed for high-profile hacking operations such as the WannaCry malware outbreak last year.
AI

Researchers Hacked Amazon's Alexa To Spy On Users, Again (threatpost.com) 37

New submitter lod123 writes: A malicious proof-of-concept Amazon Echo Skill shows how attackers can abuse the Alexa virtual assistant to eavesdrop on consumers with smart devices -- and automatically transcribe every word said. Checkmarx researchers told Threatpost that they created a proof-of-concept Alexa Skill that abuses the virtual assistant's built-in request capabilities. The rogue Skill begins with the initiation of an Alexa voice-command session that fails to terminate (stop listening) after the command is given. Next, any recorded audio is transcribed (if voices are captured) and a text transcript is sent to a hacker. Checkmarx said it brought its proof-of-concept attack to Amazon's attention and that the company fixed a coding flaw that allowed the rogue Skill to capture prolonged audio on April 10.
Windows

E-Waste Innovator Will Go To Jail For Making Windows Restore Disks That Only Worked With Valid Licenses (gizmodo.com) 379

An anonymous reader quotes a report from The Washington Post: California man Eric Lundgren, an electronic waste entrepreneur who produced tens of thousands of Windows restore disks intended to extend the lifespan of aging computers, lost a federal appeals court case in Miami after it ruled "he had infringed Microsoft's products to the tune of $700,000," the Washington Post reported on Tuesday. Per the Post, the appeals court ruled Lundgren's original sentence of 15 months in prison and a $50,000 fine would stay, despite the software being freely available online and only compatible with valid Windows licenses: "The appeals court upheld a federal district judge's ruling that the disks made by Eric Lundgren to restore Microsoft operating systems had a value of $25 apiece, even though they could be downloaded free and could be used only on computers with a valid Microsoft license. The U.S. Court of Appeals for the 11th Circuit initially granted Lundgren an emergency stay of his prison sentence, shortly before he was to surrender, but then affirmed his original 15-month sentence and $50,000 fine without hearing oral argument in a ruling issued April 11." All told, the court valued 28,000 restore disks he produced at $700,000, despite testimony from software expert Glenn Weadock that they were worth essentially zero.
Businesses

EPA Proposes Limits To Science Used In Rulemaking (reuters.com) 304

An anonymous reader quotes a report from Reuters: The U.S. Environmental Protection Agency proposed a rule on Tuesday that would limit the kinds of scientific research it can use in crafting regulations, an apparent concession to big business that has long requested such restrictions. Under the new proposals, the EPA will no longer be able to rely on scientific research that is underpinned by confidential medical and industry data. The measure was billed by EPA Administrator Scott Pruitt as a way to boost transparency for the benefit of the industries his agency regulates. But scientists and former EPA officials worry it will hamstring the agency's ability to protect public health by putting key data off limits.

The EPA has for decades relied on scientific research that is rooted in confidential medical and industry data as a basis for its air, water and chemicals rules. While it publishes enormous amounts of research and data to the public, the confidential material is held back. Business interests have argued the practice is tantamount to writing laws behind closed doors and unfairly prevents them from vetting the research underpinning the EPA's often costly regulatory requirements. They argue that if the data cannot be published, the rules should not be adopted. But ex-EPA officials say the practice is vital.

Communications

WhatsApp Raises Minimum Age In Europe To 16 Ahead of Data Law Change (reuters.com) 38

WhatsApp is raising its minimum age from 13 to 16 in Europe to help it comply with new data privacy rules coming into force next month. The app will ask European users to confirm they are at least 16 years old when they are prompted to agree to new terms of service and a privacy policy provided by a new WhatsApp Ireland entity in the next few weeks. Reuters reports: Facebook, which has a separate data policy, is taking a different approach to teens aged between 13 and 15 in order to comply with the European General Data Protection Regulation (GDPR) law. It is asking them to nominate a parent or guardian to give permission for them to share information on the platform, otherwise they will not see a fully personalized version of the social media platform. But WhatsApp, which had more than 1.5 billion users in January according to Facebook, said in a blog post it was not asking for any new rights to collect personal information in the agreement it has created for the European Union. WhatsApp's minimum age of use will remain 13 years in the rest of the world, in line with its parent.
Yahoo!

SEC Issues $35 Million Fine Over Yahoo Failing To Disclose Data Breach (theverge.com) 35

Altaba, the company formerly known as Yahoo, will have to pay a $35 million fine for failing to disclose a 2014 data breach in which hackers stole info on over 500 million accounts. "The U.S. Securities and Exchange Commission announced today that Altaba, which contains Yahoo's remains, agreed to pay the fine to settle charges that it misled investors by not informing them of the hack until September 2016, despite known of it as early as December 2014," reports The Verge. From the report: The SEC goes on to admonish Yahoo for its failure to disclose the breach to investors, saying that the agency wouldn't "second-guess good faith exercises of judgment" but that Yahoo's decisions were "so lacking" that a fine was necessary. Yahoo isn't being fined for having poor security practices, not informing users, or really anything related to the hack happening. The SEC is just mad that investors weren't told about it, because -- as Yahoo even noted in filings to investors -- data breaches can have financial impacts and legal implications. With a breach this large, the SEC believes that was obviously a real risk. "Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors," Jina Choi, director of the SEC's San Francisco Regional Office, said in a statement. The SEC released guidance to public companies on what to disclose about data breaches earlier this year, which could help to avoid similar situations in the future.
Social Networks

Instagram Launches 'Data Download' Tool To Let You Leave (techcrunch.com) 15

An anonymous reader quotes a report from TechCrunch: Two weeks ago TechCrunch called on Instagram to build an equivalent to Facebook's "Download Your Information" feature so if you wanted to leave for another photo sharing network, you could. The next day it announced this tool would be coming and now TechCrunch has spotted it rolling out to users. Instagram's "Data Download" feature can be accessed here or through the app's privacy settings. It lets users export their photos, videos, archived Stories, profile, info, comments, and non-ephemeral messages, though it can take a few hours to days for your download to be ready. An Instagram spokesperson now confirms to TechCrunch that "the Data Download tool is currently accessible to everyone on the web, but access via iOS and Android is still rolling out." We'll have more details on exactly what's inside once my download is ready.
Privacy

More Than 1 Million Kids Had Their Identities Stolen in 2017 (nypost.com) 67

More than 1 million children were victims of identity fraud in 2017, a new study from Javelin Strategy & Research found, costing a total of $2.6 billion. From a report: With limited financial history or existing account activity, children are the most likely to become victims of new-account fraud, the research showed. These attacks can occur before children even become active internet users, with some two-thirds of victims being under the age of eight. The overall numbers are likely even higher, said Al Pascual, research director at Javelin said, since their study relied on parents and guardians reporting cases of identity theft. In many cases, the parent or another relative may be the one using a child's identity to start a new account.
Businesses

Patent 'Death Squad' System Upheld by US Supreme Court (bloomberg.com) 84

The U.S. Supreme Court upheld an administrative review system that has helped Google, Apple and other companies invalidate hundreds of issued patents. From a report: The justices, voting 7-2, said Tuesday a U.S. Patent and Trademark Office review board that critics call a patent "death squad" wasn't unconstitutionally wielding powers that belong to the courts. Silicon Valley companies have used the system as a less-expensive way to ward off demands for royalties, particularly from patent owners derided as "trolls" because they don't use their patents to make products. Drugmakers and independent inventors complain that it unfairly upends what they thought were established property rights. "It came down to this: Is the patent office fixing its own mistakes or is the government taking property?" said Wayne Stacy, a patent lawyer with Baker Botts. "They came down on the side of the patent office fixing its own mistakes." The ruling caused shares to drop in companies whose main source of revenue -- their patents -- are under threat from challenges. VirnetX, which is trying to protect almost $1 billion in damages it won against Apple, dropped as much as 12 percent. The patent office has said its patents are invalid in a case currently before an appeals court.
Facebook

Facebook Has Hosted Stolen Identities and Social Security Numbers for Years (vice.com) 36

Cybercriminals have posted sensitive personal information, such as credit card and social security numbers, of dozens of people on Facebook and have advertised entire databases of private information on the social platform, Motherboard reports. Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them. From the report: As of Monday, there were several public posts on Facebook that advertised dozens of people's Social Security Numbers and other personal data. These weren't very hard to find. It was as easy as a simple Google search. Most of the posts appeared to be ads made by criminals who were trying to sell personal information. Some of the ads are several years old, and were posted as "public" on Facebook, meaning anyone can see them, not just the author's friends. Independent security researcher Justin Shafer alerted Motherboard to these posts Monday.
Facebook

Facebook Has Considered Profiling Its Users' Personalities and Using the Information To Target Ads (bbc.com) 59

An anonymous reader shares a report: A patent filed by the social network describes how personality characteristics, including emotional stability, could be determined from people's messages and status updates. The firm is currently embroiled in a privacy scandal over the use of its data by a political consultancy. Facebook says it has never used the personality test in its products. The patent, first filed in 2012, is in the names of Michael Nowak and Dean Eckles. Mr Nowak has worked for Facebook for 10 years, while Prof Eckles now teaches at the Massachusetts Institute of Technology. The patent has been updated twice, most recently in 2016. The BBC has seen emails from Mr Eckles and other Facebook staff to University of Cambridge psychologists in which they discuss analysis of data to infer personality traits, and talk of using such research to improve the product for users and advertisers.
Piracy

Netflix, Amazon, and Major Studios Try To Shut Down $20-Per-Month TV Service (arstechnica.com) 209

An anonymous reader quotes a report from Ars Technica: Netflix, Amazon, and the major film studios have once again joined forces to sue the maker of a TV service and hardware device, alleging that the products are designed to illegally stream copyrighted videos. The lawsuit was filed against the company behind Set TV, which sells a $20-per-month TV service with more than 500 channels.

"Defendants market and sell subscriptions to 'Setvnow,' a software application that Defendants urge their customers to use as a tool for the mass infringement of Plaintiffs' copyrighted motion pictures and television shows," the complaint says. Besides Netflix and Amazon, the plaintiffs are Columbia Pictures, Disney, Paramount Pictures, Twentieth Century Fox, Universal, and Warner Bros. The complaint was filed Friday in U.S. District Court for the Central District of California. The companies are asking for permanent injunctions to prevent further distribution of Set TV software and devices, the impoundment of Set TV devices, and for damages including the defendants' profits.

Government

US Government Weighing Sanctions Against Kaspersky Lab (cyberscoop.com) 99

An anonymous reader quotes a report from CyberScoop: The U.S. government is considering sanctions against Russian cybersecurity company Kaspersky Lab as part of a wider round of action carried out against the Russian government, according to U.S. intelligence officials familiar with the matter. The sanctions would be a considerable expansion and escalation of the U.S. government's actions against the company. Kaspersky, which has two ongoing lawsuits against the U.S. government, has been called "an unacceptable threat to national security" by numerous U.S. officials and lawmakers.

Officials told CyberScoop any additional action against Kaspersky would occur at the lawsuits' conclusion, which Kaspersky filed in response to a stipulation in the 2018 National Defense Authorization Act that bans its products from federal government networks. If the sanctions came to fruition, the company would be barred from operating in the U.S. and potentially even in U.S. allied countries.

Advertising

Facebook Sued Over Fake Ads (theguardian.com) 62

shilly writes: British finance expert Martin Lewis is suing Facebook for defamation, after a year of trying to persuade the company to stop accepting scam ads featuring his name and image. Facebook insists that he report to them every time he spots a scam; he wants them to check with him before they take money for an ad featuring his name or picture, so he can tell them if it's legit or not. "Lewis said he would not profit from any damages won, which he would donate to charities combating fraud, but that he hoped the action would prompt the site to stamp out scam adverts," reports The Guardian.
Google

Google Accused of Showing 'Total Contempt' for Android Users' Privacy (bleepingcomputer.com) 98

On the heels of a terse privacy debate, Google may have found another thing to worry about: its attempt to rethink the traditional texting system. From a report: Joe Westby is Amnesty International's Technology and Human Rights researcher. Recently, in response to Google's launch of a new messaging service called "Chat", Westby argued that Google, "shows total contempt for Android users' privacy."

"With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications. Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers," Westby contended. Westby continued, saying: "In the wake of the recent Facebook data scandal, Google's decision is not only dangerous but also out of step with current attitudes to data privacy."

The Internet

Net Neutrality Is Over Monday, But Experts Say ISPs Will Wait To Screw Us (inverse.com) 239

An anonymous reader quotes a report from Inverse: Parts of the Federal Communication Commission's repeal of net neutrality is slated to take effect on April 23, causing worry among internet users who fear the worst from their internet service providers. However, many experts believe there won't be immediate changes come Monday, but that ISPs will wait until users aren't paying attention to make their move. "Don't expect any changes right out of the gate," Dary Merckens, CTO of Gunner Technology, tells Inverse. Merckens specializes in JavaScript development for government and business, and sees why ISPs would want to lay low for a while before enacting real changes. "It would be a PR nightmare for ISPs if they introduced sweeping changes immediately after the repeal of net neutrality," he says.

While parts of the FCC's new plan will go into effect on Monday, the majority of the order still doesn't have a date for when it will be official. Specific rules that modify data collection requirements still have to be approved by the Office of Management and Budget, and the earliest that can happen is on April 27. Tech experts and consumer policy advocates don't expect changes to happen right away, as ISPs will likely avoid any large-scale changes in order to convince policymakers that the net neutrality repeal was no big deal after all.

Slashdot Top Deals