Slashdot Mirror

"Facebook threatened to pull investment projects from Europe and Canada if lobbying demands from COO Sheryl Sandberg were not met," reports Business Insider, adding "Canada buckled immediately."

And that's just the beginning. The Observer reports: Facebook has targeted politicians around the world -- including the former UK chancellor, George Osborne -- promising investments and incentives while seeking to pressure them into lobbying on Facebook's behalf against data privacy legislation, an explosive new leak of internal Facebook documents has revealed. The documents, which have been seen by the Observer and Computer Weekly, reveal a secretive global lobbying operation targeting hundreds of legislators and regulators in an attempt to procure influence across the world, including in the UK, US, Canada, India, Vietnam, Argentina, Brazil, Malaysia and all 28 states of the EU...

The documents appear to emanate from a court case against Facebook by the app developer Six4Three in California, and reveal that Sandberg considered European data protection legislation a "critical" threat to the company. A memo written after the Davos economic summit in 2013 quotes Sandberg describing the "uphill battle" the company faced in Europe on the "data and privacy front" and its "critical" efforts to head off "overly prescriptive new laws...." John Naughton, a Cambridge academic and Observer writer who studies the democratic implications of digital technology, said the leak was "explosive" in the way it revealed the "vassalage" of the Irish state to the big tech companies. Ireland had welcomed the companies, he noted, but became "caught between a rock and a hard place... Its leading politicians apparently saw themselves as covert lobbyists for a data monster."

A spokesperson for Facebook said the documents were still under seal in a Californian court and it could not respond to them in any detail: "Like the other documents that were cherrypicked and released in violation of a court order last year, these by design tell one side of a story and omit important context."

Long-time Slashdot reader Billly Gates writes: Debian is now available in the Windows app store. It joins Ubuntu, Suse Leap, SuSe enterprise, and Kali Linux for those who cannot or do not want to bother with a virtual machine or a full install of the OS. However, it included stable 9.3. 9.4 is available from the repository if you run apt-get update and apt-get upgrade.
"Fedora is not yet available, although Microsoft has stated openly that it is working to make it so," reports Computer Weekly. And there's more: Microsoft has also provided an open source tool called Microsoft WSL/DistroLauncher for users who want to build their own Linux package where a particular distribution is either a) not available yet or b) is available, but the user wants to apply a greater degree of customisation to it than comes as standard.

An anonymous reader quotes a report from TechTarget: Equifax alerted the public in September 2017 to a massive data breach that exposed the personal and financial information -- including names, birthdays, credit card numbers and Social Security numbers -- of approximately 145 million customers in the United States to hackers. Following the Equifax breach, the former CEO Richard Smith and the current interim CEO Paulino do Rego Barros Jr. were called to testify before the Committee on Commerce, Science, and Transportation this week for a hearing titled "Protecting Consumers in the Era of Major Data Breaches." During the hearing, Sen. Cory Gardner (R-Colo.) questioned Smith and Barros about Equifax's use of -- or lack of -- encryption for customer data at rest. Smith confirmed that the company was not encrypting data at the time of the Equifax breach, and Gardner questioned whether or not that was intentional. "Was the fact that [customer] data remained unencrypted at rest the result of an oversight, or was that a decision that was made to manage that data unencrypted at rest?" Gardner asked Smith. Smith pointed out that encryption at rest is just one method of security, but eventually confirmed that a decision was made to leave customer data unencrypted at rest. "So, a decision was made to leave it unencrypted at rest?" Gardner pushed. "Correct," Smith responded.

Gardner moved on to Barros and asked whether he has implemented encryption for data at rest since he took over the position on Sept. 26. Barros began to answer by saying that Equifax has done a "top-down review" of its security, but Gardner interrupted, saying it was a yes or no question. Barros stumbled again and said it was being reviewed as part of the response process and Gardner pushed again. "Yes or no, does the data remain unencrypted at rest?" "I don't know at this stage," Barros responded. "Senator, if I may. It's my understanding that the entire environment [in] which this criminal attack occurred is much different; it's a more modern environment with multiple layers of security that did not exist before. Encryption is only one of those layers of security," Smith said.

Microsoft's Windows PowerShell configuration management framework continues to be abused by cyber attackers, according to researchers at Symantec, who have seen a surge in associated threats. From a report on ComputerWeekly: More than 95% of PowerShell scripts analysed by Symantec researchers have been found to be malicious, with 111 threat families using PowerShell. Malicious PowerShell scripts are on the rise, as attackers are using the framework's flexibility to download their payloads, traverse through a compromised network and carry out reconnaissance, according to Candid Wueest, threat researcher at Symantec.

An anonymous reader quotes a report from BBC: An autistic man suspected of hacking into U.S. government computer systems is to be extradited from Britain to face trial, a court has ruled. Lauri Love, 31, who has Asperger's syndrome, is accused of hacking into the FBI, the U.S. central bank and the country's missile defense agency. Mr Love, from Stradishall, Suffolk, has previously said he feared he would die in a U.S. prison if he was extradited. Earlier, his lawyer said his alleged hacking had "embarrassed" U.S. authorities. Tor Ekeland said the U.S. government "had very, very bad security and these hacks utilized exploits that were publicly-known for months." Mr Love's lawyers said he could face up to 99 years in prison if convicted of the hacking offenses. Mr Love's defense team argues his depression and Asperger's syndrome mean he should not be sent abroad, but U.S. prosecutors say he is using his mental health issues as an excuse to escape justice.

Warwick Ashford, reporting for ComputerWeekly: Qbot malware will become a potent threat, facilitated by exploit kits for initial infection and automated to gain maximum victim count, warns BAE Systems. The incident response team at BAE Systems is warning of a strain of the virulent Qbot malware that has hit thousands of public sector computers around the world. The malware -- also known as the Qakbot botnet -- first appeared in 2009 and was uploading 2GB of stolen confidential information to its FTP servers each week by April 2010 from private and public sector computers, including 1,100 on the NHS network in the UK. A modified version of the malware has resurfaced that is believed to have infected more than 54,000 PCs in thousands of organisations around the world and added them to its botnet of compromised machines, with 85% of infections in the US.

Warwick Ashford, reporting for ComputerWeekly: Qbot malware will become a potent threat, facilitated by exploit kits for initial infection and automated to gain maximum victim count, warns BAE Systems. The incident response team at BAE Systems is warning of a strain of the virulent Qbot malware that has hit thousands of public sector computers around the world. The malware -- also known as the Qakbot botnet -- first appeared in 2009 and was uploading 2GB of stolen confidential information to its FTP servers each week by April 2010 from private and public sector computers, including 1,100 on the NHS network in the UK. A modified version of the malware has resurfaced that is believed to have infected more than 54,000 PCs in thousands of organisations around the world and added them to its botnet of compromised machines, with 85% of infections in the US.

Mickeycaskill writes: Researchers in Scotland claim to be the first to connect marine mammals to the Internet of Things (IoT) as part of a study into declining populations of harbor seals in the north and east of the country. Several seals in Orkney, an archipelago off the north cost, will be tagged and their behavior monitored by scientists at the Sea Mammal Research Unit (SMRU) at the University of St Andrews. The data is transmitted using Vodafone's M2M network and the tags are designed to simply fall off when seals molt. Researchers say the use of cellular networks will greatly improve their data gathering capabilities. The data collected will be used to help form Scottish marine policy in areas such as offshore wind farms and unexplained seal deaths.

whoever57 (658626) writes "The UK Government has signed a contract worth £5.5M (almost $9M) for extended support and security updates for Windows XP for 12 months after April 8. The deal covers XP, Exchange 2003 and Office 2003 for users in central and local government, schools and the National Health Service. The NHS is in need of this deal because it was estimated last September that 85% of the NHS's 800,000 computers were running XP."

judgecorp writes "Two media reports suggest that the Universal Credit scheme to overhaul Britain's welfare programme is in trouble. The IT project to support Universal Credit was launched by the Cabinet Office, and it will be completed and run by the Department for Work and Pensions (DWP) — but the Guardian says the Cabinet Office has pulled out its elite experts too soon, while a different leak told Computer Weekly that the four original suppliers — HP, IBM, Accenture and BT — have been effectively frozen out in an internal change. It's the biggest change to Britain's benefits system for many years, and all the evidence says it's not going well."

An anonymous reader writes news of an attempt to erase a bit of history. From the article: "The Conservative Party have attempted to delete all their speeches and press releases online from the past 10 years, including one in which David Cameron promises to use the Internet to make politicians 'more accountable'. The Tory party have deleted the backlog of speeches from the main website and the Internet Archive — which aims to make a permanent record of websites and their content — between 2000 and May 2010."

An anonymous reader writes "ComputerWeekly reports that the U.K. government 'has, for the first time, mandated a preference for using open source software for future developments.' This comes from the newly released version of the Government Service Design Manual, which has a section about when government agencies should use open source. It says: 'Use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, web servers, databases and programming languages.' The document also warns against vendor lock-in. This policy shift comes under the direction of government CTO Liam Maxwell, who said, 'In digital public services, open source software is clearly the way forward.' He added, 'We're not dogmatic about this – we'll always use the best tool for the job – but open source has major advantages for the public sector.'"

Glyn Moody writes "There has been a big battle in the UK over whether open standards should be Restriction/Royalty-Free (RF) or Fair, Reasonable and Non-Discriminatory (FRAND). That matters, because open source can't in general implement FRAND standards (there are legal hacks that can be applied in a few special circumstances.) First it seemed that RF had the upper hand [.pdf], but later comments from officials cast doubt on that. Now we have the definitive answer from the UK Minister for the Cabinet Office, Francis Maude: 'The Government require that their ICT should be built on open standards, wherever possible, to improve competition and avoid lock-in to a particular technology or supplier. Fair, reasonable and non-discriminatory (FRAND) specifications may present some difficulties for the open source software development model in terms of patents and royalties. To deliver a level playing field for both open source and proprietary software, open standards are needed.' Will UK government use of open source finally take off, or is this a hollow victory?"

bossanovalithium writes "Gary McKinnon, whose tribulations we have followed for several years now, is the UK hacker trying to escape extradition to the US. It appears he is expected to foot the bill for the US Government patching holes his breaching uncovered — to the tune of $700,000. It's not really the norm for someone to pay for exploits to be patched — damages fixed, yes, but this is a very different thing." The article paraphrases Eugene Spafford as saying that the victim of a cybercrime should not take the blame. "If someone broke a door to rob a store, he said, it was usual to charge them the cost of the door." Isn't the McKinnon case more like charging him to buy the lock that had been missing when he walked in?

Death Metal writes with this excerpt from ComputerWeekly.com about the UK's national ID card scheme: "Privacy advocates have reacted angrily to reports that the government plans to link national identity records to criminal records for background checks on people who work with children and vulnerable people. Up to 11 million such workers could be affected immediately if the plan goes ahead. Phil Booth, national co-ordinator of privacy advocates NO2ID, said the move was consistent with the various forms of coercion strategy to create so-called volunteers for national ID cards. 'Biometrics are part of the search for clean, unique identifiers,' Phil Booth said. He said the idea was patently ridiculous when the Home Office was planning to allow high street shops and the Post Office to take fingerprints for the ID card."

The NY Times has a story and a blog backgrounder focusing on a weapon now being wielded by bad guys (most likely in Eastern Europe, according to the Times): Trojan horse keyloggers that report back in real-time. The capability came to light in a court filing (PDF) by Project Honey Pot against "John Doe" thieves. The case was filed in order to compel the banks — which are almost as secretive as the cyber-crooks — to reveal information such as IP addresses that could lead back to the miscreants. Or at least allow victims to be notified. Real-time keyloggers were first discovered in the wild last year, but the court filing and the Times article should bring new attention to the threat. The technique menaces the 2-factor authentication that some banks have instituted: "By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA's SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula. If [your] computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can't see."

Death Metal writes with this excerpt from Computer Weekly, which casts some doubt on the security of the UK's proposed personal identification credential: "The prospective national ID card was broken and cloned in 12 minutes, the Daily Mail revealed this morning. The newspaper hired computer expert Adam Laurie to test the security that protects the information embedded in the chip on the card. Using a Nokia mobile phone and a laptop computer, Laurie was able to copy the data on a card that is being issued to foreign nationals in minutes."

bossanovalithium writes to tell us that details are emerging about the theft of a top secret prototype mobile device stolen from an executive's pocket. Time to start watching eBay. "There are fears that leaks regarding the features and early bugs in the software could mar the launch of Windows Mobile 6.5 which the company hopes will give it the edge over the iPhone and the new Google Android operating system. The new product includes support for touch-screen technology similar to that found on the Apple iPhone. Among the features offered in the new service unveiled by Microsoft's chief executive, Steve Ballmer, on Tuesday, is a version of Windows Marketplace for Mobiles, which is set to compete with the popular Apple's App Store and provide easy ways to download music and products to mobiles. "

whencanistop writes "Given that the new James Bond film is just about to be released, this is quite a nice summary of James Bond gadgets from past films. Tomorrow Never Dies was on telly last night and I was commenting on how the mobile phone that controlled the BMW was awesome, why they haven't done it in real life is beyond me (although there would probably be a few accidents if they ever did). Ridiculous to think that in 1963 the gadget of choice for Bond was a pager though." Of course, the best gadget in the Bond universe wasn't even 007's ... Jaws' teeth were the envy of every kid with braces.

whencanistop writes "Given that the new James Bond film is just about to be released, this is quite a nice summary of James Bond gadgets from past films. Tomorrow Never Dies was on telly last night and I was commenting on how the mobile phone that controlled the BMW was awesome, why they haven't done it in real life is beyond me (although there would probably be a few accidents if they ever did). Ridiculous to think that in 1963 the gadget of choice for Bond was a pager though." Of course, the best gadget in the Bond universe wasn't even 007's ... Jaws' teeth were the envy of every kid with braces.

whencanistop writes "Given that the new James Bond film is just about to be released, this is quite a nice summary of James Bond gadgets from past films. Tomorrow Never Dies was on telly last night and I was commenting on how the mobile phone that controlled the BMW was awesome, why they haven't done it in real life is beyond me (although there would probably be a few accidents if they ever did). Ridiculous to think that in 1963 the gadget of choice for Bond was a pager though." Of course, the best gadget in the Bond universe wasn't even 007's ... Jaws' teeth were the envy of every kid with braces.

whencanistop writes "ComputerWeekly have put together a nice short guide (with lots of links) of what is going on at CERN. They've got a nice slant though on what this big bang experiment is going to mean for the IT Industry. Interesting slant on the world's largest grid and the database clustering technology that they are using. They have also picked up on the amusing rap video by CERN's scientists that has been wandering around YouTube."

whencanistop writes "ComputerWeekly have put together a nice short guide (with lots of links) of what is going on at CERN. They've got a nice slant though on what this big bang experiment is going to mean for the IT Industry. Interesting slant on the world's largest grid and the database clustering technology that they are using. They have also picked up on the amusing rap video by CERN's scientists that has been wandering around YouTube."

whencanistop writes "Despite good job prospects, graduates think that a job in IT would be boring. Is this because of the fact that Bill Gates has made the whole industry look nerdy? Surely with so many (especially young) people being 'web first' with not just their buying habits, but now in terms of what they do in their spare time, we'd expect more of them to want to get a career in it?"

whencanistop writes "Despite good job prospects, graduates think that a job in IT would be boring. Is this because of the fact that Bill Gates has made the whole industry look nerdy? Surely with so many (especially young) people being 'web first' with not just their buying habits, but now in terms of what they do in their spare time, we'd expect more of them to want to get a career in it?"

yuna49 writes "Various people are reporting that the MS07-040 patch for .NET released on Tuesday can cause a variety of seemingly unrelated problems. According to the SANS Internet Storm Center 'the reports we got so far seem not to lead to any specific thing that happens in many cases, just various things going haywire.' Some commentators on The Register's report of this story indicate that the patch failed to install at all, while others report things like the mouse suddenly failing to work or long periods of hard drive thrashing. In some cases a hard reboot seems to fix the problem, but other reports suggest that a reinstallation of the .NET framework itself is required. The problems may be related to the MSCORSVW.EXE process which recompiles all the .NET assemblies when the patch is downloaded. While the recompilations are supposed to run as a background task, in some instances the recompilation will drive the processor to 100% usage."

ricepudd writes "Computer Weekly reports that Internet security researchers have discovered a serious flaw in Sendmail. The flaw could allow remote attackers to take control of users' PCs. The Sendmail Consortium urged users to upgrade to version 8.13.6 of the software, which contains a fix to the problem. Computer Weekly seems to think that the fact that the Windows version isn't affected will help curtail the threat."

An anonymous reader writes "Microsoft has alerted users that Netscape's latest browser appears to break the XML rendering capabilities in Microsoft Internet Explorer. Dave Massy, a senior programme manager for IE, warned users in a blog posting that after installing Netscape 8, IE will render XML files as a blank page, including XML files that have an XSLT transformation. What a week for Netscape 8.0; first the browser needed several fixes hours after its release, then it was discovered that without IE installed, Netscape 8.0 will not install, and now IE needs Netscape uninstalled to work."

An anonymous reader writes "Executives at Infineon Technologies plead guilty to an international conspiracy to fix prices in the DRAM market. Heinrich Florian, Günter Hefner, Peter Schaefer and T. Rudd Corwin, executives for Infineon Technologies, had a felony filed against them yesterday in the U.S. District Court in San Francisco. Each executive could spend up to six months in prison and will have to pay a $250,000 fine. Under the plea agreement, they must also assist the government in its DRAM investigation. Infineon agreed in October to pay a $160 million fine for its role in the conspiracy, according to the Justice Department."

Zastrossi writes "According to the Anti-Phishing Working Group, phishing sites--the practice of making sites that look and act like popular sites such as banks in order to steal personal information from customers--rose from 543 sites in September to 1,142 sites in October. Gartner reports that phishing scams cost banks and credit-card companies $10.2 billion."

kinrowan writes "MIT, inventor of Kerberos, has announced a pair of vulnerabities in the software that will allow an attacker to either execute a DOS attack or execute code on the machine. Some details of the story are at SearchSecurity as well as ComputerWeekly. Details of the advisories themselves are also available. The vulnerabilities also affect the VPN 3000 line of Cisco VPN concentrators."

kev0153 writes "Microsoft Windows is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia. "Secunia is now displaying security statistics that will open many eyes, and for some it might be very disturbing news," said Secunia chief executive Niels Henrik Rasmussen. "The myth that Mac OS X is secure, for example, has been exposed." "

rfc1394 writes "In an article in ComputerWeekly, it was announced that the FCC has ruled that it has final jurisdiction over unlicensed wireless space, meaning that an airport authority can't force airlines to (pay to) use its wireless network and they may set up and use their own. This bodes well for the development of wireless networks in various areas as it means that you have the right to set up your own network even if your landlord would want you to use theirs."

jtprice writes "At a time when spam levels have exceeded 80%, there's growing momentum behind Microsoft's email CallerID, the SPF effort, Yahoo!'s DomainKeys, and the IETF's new MARID Working Group initiatives to address various email abuse problems including spam, joe-jobbing, phishing, and so on. Sendmail has already implemented DomainKeys and CallerID. 10,000+ domains have turned on SPF now. Where the heck are we going with this? Are these efforts at cross purposes, confusing at best or likely to be consolidated? Seems to be less about the end of spam and more about the end of open, uniform, standards-based email as we know it. Apparently the people behind these initiatives are getting together for the first time for something called the Open Email Accountability Symposium next month, at the Inbox Email Conference in San Jose, with the intent of outlining their proposals and answering questions. Any thoughts about all of this, or hard questions that should be asked of these people? Is the email dilemma creating just another monopoly opportunity to force email into proprietary territory?"

securitas writes "AP reports that the Jacksonville Airport permanent RFID luggage tracking system will be installed this fall in time for the Super Bowl. The article concludes explaining that when San Francisco and Seattle ended their RFID pilot programs, they 'switched back to bar-code systems, saying the radio systems were unnecessary.' Mirror at Globetechnology, with more at Computerworld ,a large article at Jacksonville Business Journal, as well as some history from RFID Journal and Computerweekly." Moving to an untested system... paying for it by firing the baggage handlers who could help you recover from problems if the system proves to have bugs... what could go wrong?

kryonD writes "According to this Computer Weekly article, SCO is no longer allowed to spread their FUD in Germany. This wasn't even a court or government order, but an out of court settlement with a small company. They even get 'fined' EU10,000 by the company for every breach of the settlement. Although, it appears from the article that SCO is side-stepping the agreement by commissioning 3rd party firms to spread their FUD for them. The settlement happened last month, but this is the first I have heard of it. I wonder what made them back down so quickly." We mentioned the settlement earlier this month (including prohibitions on making certain claims); the news is the attempt to circumvent it.

inode_buddha writes "This article describes SCO's recent letters to its UNIX licensees, asking them to certify that they '...are not using Unix code in Linux.' It also notes another set of letters '...outlining additional evidence of copyright infringement to a subset of 1,500 global Linux users that SCO first contacted in May about copyright infringement.' There's also a decent breakdown of the company's balance sheet and some quotes from company officials. I hope to see one of those 'other' letters; could anyone post it? SCO better have asbestos underwear." Ask and receive: idiotnot adds "Here's the article from the Sydney Morning Herald. Here is a PDF Copy of the letter." "Yours truly"?

A Masquerade writes "When Microsoft's market position was threatened by projects within the UK government evaluating open source solutions, it chose an interesting way to fight back. Computer Weekly has a piece by a Microsoft manager explaining they're paying for an external audit of the IT services for a specific UK local authority, Newham Council, to provide a cost justification for Windows and Office on the desktop, as opposed to an open source solution. The Register comments that 'if Microsoft succeeds in holding on to Newham, it will have knocked a considerable amount of wind out of the pilot schemes before they've even kicked off properly.'"

Marvinthehaggler writes "According to Computer Weekly's site, Cisco Systems plans to start shipping its Wi-Fi mobile phone to US channel partners in June, with availability in other countries soon after. The phone communicates only with 802.11b technology and is designed for use within enterprises rather than totally replacing a mobile phone. However, Cisco is in talks with cell phone makers about the possibility of adding cell phone capability to such a device, which might carry the Cisco brand." Seems like a very limited use device, but IP telephony is getting increasingly popular.

An anonymous coward writes: "It seems the folks over at Novell have the answer to making the "immature" Linux OS more "robust, reliable and scaleable" according to this Computer Weekly article. We have a lot more problems to use and keep running our NetWare 5 and 6 servers at our University than we've ever had with any of our Linux servers. I can't wait for Novell to help us out here."