Slashdot Mirror

An anonymous reader writes from a report via Motherboard: An appeals court ruled Wednesday that sharing passwords can be a violation of the Computer Fraud and Abuse Act, a catch-all "hacking" law that has been widely used to prosecute behavior that bears no resemblance to hacking. Motherboard reports: "In this particular instance, the conviction of David Nosal, a former employee of Korn/Ferry International research firm, was upheld by the Ninth Circuit Court of Appeals, who said that Nosal's use of a former coworker's password to access one of the firm's databases was an 'unauthorized' use of a computer system under the CFAA. In the majority opinion, Judge Margaret McKeown wrote that 'Nosal and various amici spin hypotheticals about the dire consequences of criminalizing password sharing. But these warnings miss the mark in this case. This appeal is not about password sharing.' She then went on to describe a thoroughly run-of-the-mill password sharing scenario -- her argument focuses on the idea that Nosal wasn't authorized by the company to access the database anymore, so he got a password from a friend -- that happens millions of times daily in the United States, leaving little doubt about the thrust of the case. The argument McKeown made is that the employee who shared the password with Nosal 'had no authority from Korn/Ferry to provide her password to former employees.' At issue is language in the CFAA that makes it illegal to access a computer system 'without authorization.' McKeown said that 'without authorization' is 'an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.' The question that legal scholars, groups such as the Electronic Frontier Foundation, and dissenting judge Stephen Reinhardt ask is an important one: Authorization from who?"

An anonymous reader writes from a report via Motherboard: A report from activist group Big Brother Watch surfaced that says more than 800 U.K. police staff inappropriately accessed personal information between June 2011 and December 2015. Motherboard reports: "The report says some police staff used their access to a growing trove of police data, which includes personal information on civilians, for entertainment and personal and financial gain. In several notable incidents, one Metropolitan Police officer found the name of a victim so funny that he attempted to take a photo of the driving license and send it to his friend over Snapchat. A Greater Manchester Police officer tipped someone off that they would be arrested, and one from North Yorkshire Police conducted a check on a vehicle on his phone whilst off-duty. The report also includes incidents of staff distributing other types of police data. Someone from South Wales Police was dismissed after photographing and distributing restricted documents "for personal gain," the report said. Not only was some information not needed for official police work, according to the report, but was shared with third parties outside the police, including some organized crime groups, 877 times. In total, 2,315 incidents of inappropriate access or distribution of data were reported. The majority of incidents, 1,283, ended up with no disciplinary action taking place, while 297 ended in a resignation or dismissal, 258 resulted in a written or verbal warning, and 70 led to a criminal conviction or caution."

In a think piece for Vice's Motherboard Ernie Smith argues that the invention of air conditioning in 1902 has had a big impact on the innovation we've made since. Smith, citing several studies and articles on the matter, states that it is because of air conditioners that we have things like skyscrapers, clean rooms for building advanced computer chips, shopping malls, and multiplexes. But on the other hand, air conditioners have somewhat limited our creativity in home and office designing. From the article:See, prior to the air conditioner reaching homes around the country, architects had to think more creatively about keeping people cool when options were more limited. This meant taking advantage of breezes, room design, and dimensional layout in a way that maximized the heat when it was necessary kept things cool when it wasn't. And it meant taking advantage of foliage around the home to build in some natural shade, as well as to build porches, which were often much cooler than the insides of homes during warm days.The article, among other things, also mentions that we are currently looking for ways to curtail the energy wastage that incurs because of ACs. But Smith points out that it took us a while -- generations, actually -- before we started to see a problem and began working on it. From the article:"One of the many ways in which we have become cognitively lazy is to accept our initial impression of the problem that [we encounter]. Once we settle on an initial perspective we don't seek alternative ways of looking at the problem," author Michael Michalko wrote. "Like our first impressions of people, our initial perspective on problems and situations are apt to be narrow and superficial. We see no more than we expect to see based on our past experiences in life, education and work." [...] It's hard to even get mad at architects who chose simple efficiency over complexity, or (to highlight a contemporary example) early carmakers that went with gasoline instead of something better for the environment. Because of human nature, it just makes sense that despite all the other advantages that came with air conditioning, the more challenging things that came with the invention -- the fact that conservation and efficiency still have their place -- didn't initially get their due.

In a think piece for Vice's Motherboard Ernie Smith argues that the invention of air conditioning in 1902 has had a big impact on the innovation we've made since. Smith, citing several studies and articles on the matter, states that it is because of air conditioners that we have things like skyscrapers, clean rooms for building advanced computer chips, shopping malls, and multiplexes. But on the other hand, air conditioners have somewhat limited our creativity in home and office designing. From the article:See, prior to the air conditioner reaching homes around the country, architects had to think more creatively about keeping people cool when options were more limited. This meant taking advantage of breezes, room design, and dimensional layout in a way that maximized the heat when it was necessary kept things cool when it wasn't. And it meant taking advantage of foliage around the home to build in some natural shade, as well as to build porches, which were often much cooler than the insides of homes during warm days.The article, among other things, also mentions that we are currently looking for ways to curtail the energy wastage that incurs because of ACs. But Smith points out that it took us a while -- generations, actually -- before we started to see a problem and began working on it. From the article:"One of the many ways in which we have become cognitively lazy is to accept our initial impression of the problem that [we encounter]. Once we settle on an initial perspective we don't seek alternative ways of looking at the problem," author Michael Michalko wrote. "Like our first impressions of people, our initial perspective on problems and situations are apt to be narrow and superficial. We see no more than we expect to see based on our past experiences in life, education and work." [...] It's hard to even get mad at architects who chose simple efficiency over complexity, or (to highlight a contemporary example) early carmakers that went with gasoline instead of something better for the environment. Because of human nature, it just makes sense that despite all the other advantages that came with air conditioning, the more challenging things that came with the invention -- the fact that conservation and efficiency still have their place -- didn't initially get their due.

In a think piece for Vice's Motherboard Ernie Smith argues that the invention of air conditioning in 1902 has had a big impact on the innovation we've made since. Smith, citing several studies and articles on the matter, states that it is because of air conditioners that we have things like skyscrapers, clean rooms for building advanced computer chips, shopping malls, and multiplexes. But on the other hand, air conditioners have somewhat limited our creativity in home and office designing. From the article:See, prior to the air conditioner reaching homes around the country, architects had to think more creatively about keeping people cool when options were more limited. This meant taking advantage of breezes, room design, and dimensional layout in a way that maximized the heat when it was necessary kept things cool when it wasn't. And it meant taking advantage of foliage around the home to build in some natural shade, as well as to build porches, which were often much cooler than the insides of homes during warm days.The article, among other things, also mentions that we are currently looking for ways to curtail the energy wastage that incurs because of ACs. But Smith points out that it took us a while -- generations, actually -- before we started to see a problem and began working on it. From the article:"One of the many ways in which we have become cognitively lazy is to accept our initial impression of the problem that [we encounter]. Once we settle on an initial perspective we don't seek alternative ways of looking at the problem," author Michael Michalko wrote. "Like our first impressions of people, our initial perspective on problems and situations are apt to be narrow and superficial. We see no more than we expect to see based on our past experiences in life, education and work." [...] It's hard to even get mad at architects who chose simple efficiency over complexity, or (to highlight a contemporary example) early carmakers that went with gasoline instead of something better for the environment. Because of human nature, it just makes sense that despite all the other advantages that came with air conditioning, the more challenging things that came with the invention -- the fact that conservation and efficiency still have their place -- didn't initially get their due.

An anonymous reader shares a Motherboard report: Advertising agencies go to great lengths to spread their clients' messages. Now, researchers have uncovered a new approach: malware. This month, cybersecurity company Check Point reports that a Chinese group called Yingmob has distributed mobile device malware on a massive scale, apparently alongside a legitimate advertising analytics business. Listed as based in Beijing's Chaoyang District, Yingmob, a subsidiary of MIG Unmobi Technology Inc., markets itself like any other advertising firm. Its professional-looking website claims its easy-to-deploy ads support text, pictures, and video, and don't affect the user experience. It offers pop-up, sidebar, and in-app adverts. But Check Point's report claims that part of the company -- the "Development Team for Overseas Platform," which employs a staff of 25 people -- is responsible for malware it has dubbed HummingBad. This malware allows the injection of adverts into victims' devices. Whenever someone clicks on one of these adverts, Yingmob gets paid, just like a typical advertising campaign. The first infection method Check Point came across was a "drive-by-download," whereby Yingmob's malware targets a victim when they visit a malicious website, then proceeds to download malicious apps onto their device. In its analysis, Check Point writes that nearly 10 million people are using malicious Android apps made by Yingmob.

An anonymous reader shares a Motherboard report: Advertising agencies go to great lengths to spread their clients' messages. Now, researchers have uncovered a new approach: malware. This month, cybersecurity company Check Point reports that a Chinese group called Yingmob has distributed mobile device malware on a massive scale, apparently alongside a legitimate advertising analytics business. Listed as based in Beijing's Chaoyang District, Yingmob, a subsidiary of MIG Unmobi Technology Inc., markets itself like any other advertising firm. Its professional-looking website claims its easy-to-deploy ads support text, pictures, and video, and don't affect the user experience. It offers pop-up, sidebar, and in-app adverts. But Check Point's report claims that part of the company -- the "Development Team for Overseas Platform," which employs a staff of 25 people -- is responsible for malware it has dubbed HummingBad. This malware allows the injection of adverts into victims' devices. Whenever someone clicks on one of these adverts, Yingmob gets paid, just like a typical advertising campaign. The first infection method Check Point came across was a "drive-by-download," whereby Yingmob's malware targets a victim when they visit a malicious website, then proceeds to download malicious apps onto their device. In its analysis, Check Point writes that nearly 10 million people are using malicious Android apps made by Yingmob.

Sarah Jeong, reporting for Motherboard:38,000 websites hosted by the automated publishing service Surge went down today, after the National Rifle Association sent a legal notice over a parody website created by the Yes Men. A few days ago, the Yes Men released the parody video, "Share the Safety" -- announcing a supposed NRA program to deliver firearms into the hands of those too impoverished to afford guns. The opening frame of the video says "Paid for in part by the National Rifle Association of America with additional support from Smith & Wesson Holding Corporation." "Systemic poverty and dumb laws keep the urban poor unable to acquire life-saving firearms," says the video, which is available on YouTube. "That's why we at the NRA are teaming up with Smith & Wesson to share the safety.â The YouTube description includes a link to the "official" website, ShareTheSafety.org.

An anonymous reader writes from a report via The Stack: A 2014 version of the World-Check database containing more than 2.2 million records of people with suspected terrorist, organized crime, and corruption links has been leaked online. The World-Check database is administered by Thomson-Reuters and is used by 4,500 institutions, 49 of the world's 50 largest banks and by over 300 government and intelligence agencies. The unregulated database is intended for use as "an early warning system for hidden risk" and combines records from hundreds of terror and crime suspects and watch-lists into a searchable resource. Most of the individuals in the database are unlikely to know that they are included, even though it may have a negative impact on their ability to use banking services and operate a business. A Reddit user named Chris Vickery says he obtained a copy of the database, saying he won't reveal how until "a later time." To access the database, customers must pay an annual subscription charge, that can reach up to $1 million, according to Vice, with potential subscribers then vetted before approval. Vickery says he understands that the "original location of the leak is still exposed to the public internet" and that "Thomas Reuters is working feverishly to get it secured." He told The Register that he alerted the company to the leak, but is still considering whether to publish the information contained in it.

An anonymous reader writes:Three U.S. healthcare organisations are reportedly being held to ransom by a hacker who stole data on hundreds of thousands of patients. The hacker has also put the 650,000 records up for sale on dark web markets where stolen data is traded. Prices for the different databases range from $100,000 to $411,000. Buyers have already been found for some of the stolen data, the hacker behind the theft told news site Motherboard. No information about the size of the ransom payment sought by the data thief has emerged, although he did say it was "a modest amount compared to the damage that will be caused to the organisations when I decide to publicly leak the victims."

Reader citadrianne shares a Motherboard article: There are big "no trespassing" signs affixed to most of our electronics. If you own a gaming console, laptop, or computer, it's likely you've seen one of these warnings in the form of a sticker placed over a screw or a seam: "Warranty void if removed." In addition, big manufacturers such as Sony, Microsoft, and Apple explicitly note or imply in their official agreements that their year-long manufacturer warranties -- which entitle you to a replacement or repair if your device is defective -- are void if consumers attempt to repair their gadgets or take them to a third party repair professional. What almost no one knows is that these stickers and clauses are illegal under a federal law passed in 1975 called the Magnuson-Moss Warranty Act . To be clear, federal law says you can open your electronics without voiding the warranty, regardless of what the language of that warranty says.

Reader citadrianne shares a Motherboard article: There are big "no trespassing" signs affixed to most of our electronics. If you own a gaming console, laptop, or computer, it's likely you've seen one of these warnings in the form of a sticker placed over a screw or a seam: "Warranty void if removed." In addition, big manufacturers such as Sony, Microsoft, and Apple explicitly note or imply in their official agreements that their year-long manufacturer warranties -- which entitle you to a replacement or repair if your device is defective -- are void if consumers attempt to repair their gadgets or take them to a third party repair professional. What almost no one knows is that these stickers and clauses are illegal under a federal law passed in 1975 called the Magnuson-Moss Warranty Act . To be clear, federal law says you can open your electronics without voiding the warranty, regardless of what the language of that warranty says.

An anonymous reader quotes this report from Motherboard: The months leading up to this year's phenomenal reboot of Doom were stuffed with all kinds of fun developments surrounding the original series, whether it was mods that let you play as Duke Nukem or whole new levels from famed designer John Romero. There's now a new Quake game in the works, and already it appears to be enjoying a similar renaissance. Yesterday MachineGames, the studio behind Wolfenstein: The New Order, released an entirely new episode for the original Quake in celebration of its 20-year anniversary, and you can play it entirely for free.

An anonymous reader quotes this report from Motherboard: The months leading up to this year's phenomenal reboot of Doom were stuffed with all kinds of fun developments surrounding the original series, whether it was mods that let you play as Duke Nukem or whole new levels from famed designer John Romero. There's now a new Quake game in the works, and already it appears to be enjoying a similar renaissance. Yesterday MachineGames, the studio behind Wolfenstein: The New Order, released an entirely new episode for the original Quake in celebration of its 20-year anniversary, and you can play it entirely for free.

An anonymous reader quotes this report from Motherboard: The months leading up to this year's phenomenal reboot of Doom were stuffed with all kinds of fun developments surrounding the original series, whether it was mods that let you play as Duke Nukem or whole new levels from famed designer John Romero. There's now a new Quake game in the works, and already it appears to be enjoying a similar renaissance. Yesterday MachineGames, the studio behind Wolfenstein: The New Order, released an entirely new episode for the original Quake in celebration of its 20-year anniversary, and you can play it entirely for free.

Joseph Cox, reporting for Motherboard:Defense teams across the US have been trying to get access to a piece of malware the FBI used to hack visitors of a child pornography site. None have been successful at obtaining all of the malware's code, and the government appears to have no intention of handing it over. Now, the FBI is classifying the Tor Browser exploit for reasons of national security, despite the exploit already being used in normal criminal investigations well over a year ago. Experts say it indicates a lack of organization or technical capabilities within the FBI. "The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," government attorneys wrote in a filing earlier this month. It came in response to the defense of Gerald Andrew Darby, who is charged with child pornography offenses.

An anonymous reader writes: Online shopping aside, people don't have as many physical items to mail as they used to, which is largely the reason why Canada Post announced it would be phasing out door-to-door mail delivery. Motherboard reports: "The corporation is exploring future use of drone technology to make deliveries, according to a report from the Canadian Press. At this point, Canada Post is engaging in a 'proper exercise,' a spokesperson told the Canadian Press, adding that the project is in its earliest, experimental stages. According to Graham Scott, the deputy editor of Canadian Business, even if mail-delivering drones remain a theoretical concept for now, it's inevitable they'll be considered as a way to drive costs down. There are many good reasons why mail delivery drones may never get off the ground. For one thing, current technology limits them to delivering one item of post at a time, which is tremendously impractical. But, as we've seen with the rolling out of community mailboxes -- a program that was put on hold earlier this year when the review was launched -- the invisible hand of the market is always looking to drive costs down. So don't count out flying robot deliveries for good. From a manager's perspective at least, drones have their advantages. They don't suffer from dog bites, and they (ideally) don't deviate from their routes. 'Drones don't twist their ankle, they don't get tired, and they don't form a union.' said Scott." In 2013, Amazon CEO Jeff Bezos revealed during a CBS 60 Minutes interview that the company is working on a service called "Prime Air" to deliver packages by autonomous octocopter drones within 30 minutes of hitting the "buy" button. The Guardian reported last year that Amazon has been testing its drone delivery service at a secret site in Canada, following repeated warnings by the e-commerce giant that it would go outside the U.S. to bypass what it sees as the U.S. federal government's lethargic approach to the new technology.

An anonymous reader quotes an article from Motherboard: According to a new paper, security researchers are now working closely with the Tor Project to create a "hardened" version of the Tor Browser, implementing new anti-hacking techniques which could dramatically improve the anonymity of users and further frustrate the efforts of law enforcement...

"Our solution significantly improves security over standard address space layout randomization (ASLR) techniques currently used by Firefox and other mainstream browsers," the researchers write in their paper, whose findings will be presented in July at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany.
The researchers say Tor is currently field-testing their solution for an upcoming "hardened" release, making it harder for agencies like the FBI to crack the browser's security, according to Motherboard. "[W]hile that defensive advantage may not last for too long, it shows that some in the academic research community are still intent on patching the holes that their peers are helping government hackers exploit."

Cisco says in just one week in February they detected 1,127,818 different IP addresses being used to launch 744,361,093 login attempts on 220,758,340 different email addresses -- and that 93% of those attacks were directed at two financial institutions in a massive Account Takeover (ATO) campaign. An anonymous reader writes: Crooks used 993,547 distinct IPs to check login credentials for 427,444,261 accounts. For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems. Most of these credentials have been acquired from public breaches or underground hacking forums. This happened before the recent huge data breaches such as MySpace, LinkedIn, Tumblr, and VK.com.
It's apparently similar to the stolen-credentials-from-other-sites attack that was launched against GitHub earlier this week.

An anonymous reader quotes an article from Gizmodo: The United States and the United Arab Emirates (UAE) announced an agreement Sunday that would allow the two nations to collaborate on matters of space and aeronautics research, including the potential journey to Mars... "NASA is leading an ambitious journey to Mars that includes partnerships with the private sector and many international partners," said NASA Administrator Charles Bolden. "I am confident this new framework agreement with the UAE Space Agency will help advance this journey."
Bolden recently wrote on his blog that "Every single nation can play a part in our journey to Mars, in our scientific journey of discovery and in the next phase of humanity's development as a spacefaring people." UAE Space Agency Chairman Dr. Khalifa Al Romaithi added today that "we believe that working alongside international partners is the best way to accelerate the development of space technologies and the space sector within the UAE." Vice notes that the UAE has had a small "presence" in outer space for about 30 years, and had been working on becoming the first Arab Islamic country to send an unmanned probe to Mars.

Jason Koebler writes: Gumball, a game released in 1983 for the Apple II and other early PCs, was never all that popular. For 33 years, it held a secret that was discovered this week by anonymous crackers who not only hacked their way through advanced copyright protection, but also became the first people to discover an Easter Egg hidden by the game's creator, Robert A. Cook. Best of all? Cook congratulated them Friday for their work.
The article attributes the discovery to a game-cracker named 4am, who's spent years cracking the DRM on old Apple II games to upload them to the Internet Archive. "Because almost all of the games are completely out of print, all-but-impossible to find, and run only on old computers, 4am is looked at as more of a game preservation hero than a pirate."

Accounts of over 100 million users of VK.com, Russia's largest social network is being traded on the digital underground. A hacker who goes by the alias "Peace," listed the date for sale on a dark web marketplace. Vice's Motherboard publication reports that it received a dataset of over 100,544,934 records from Peace. From the report: According to Peace, the passwords were already in plain text when the site was hacked, and were not cracked at a later date. Peace is selling the data for 1 bitcoin, or around $570 at today's exchange rates. Out of 100 randomly selected email addresses from the larger dataset, 92 corresponded to active accounts on the site, Motherboard found. A Russian friend contacted by Motherboard confirmed that the password was correct.The report adds that the actual hack occurred between 2011 and 2013, and that Peace has data of another 70 million users that it isn't selling right now.

An anonymous reader writes: Hundreds of internal NSA documents have been declassified and released to VICE in response to their FOIA lawsuit. They're now sharing them all online, calling it "an extraordinary behind-the-scenes look at the efforts by the NSA, the White House, and US Senator Dianne Feinstein to discredit Snowden [that] call into question aspects of the U.S. government's long-running narrative about Snowden's time at the NSA." The documents officially confirm that Snowden had also worked with the CIA, and show a vigorous internal discussion about how to respond to Snowden's leaks that apparently led the NSA to erroneously assert that Snowden hadn't voiced his objections about the surveillance of U.S. citizens within the NSA before going public.

Living in Russia now, Snowden himself refused to comment on the new releases, with his attorney saying Snowden "believes the NSA is still playing games with selective releases, and [he] therefore chooses not to participate in this effort. He doesn't trust that the intelligence community will operate in good faith."
The EFF is also marking the three-year anniversary of Snowden's leaks, saying they led directly to the first legislation curtailing the NSA's power in over 30 years and changed the way the world perceives government surveillance. Snowden was inspired in part by a desire to keep the internet free, saying in 2014 that "I remember what the Internet was like before it was being watched, and there's never been anything in the history of man that's like it."

Web sites that matched models to photographers also led dozens of women to a pair of rapists in 2011, according to Vice. "Civil court documents show that the owners of Model Mayhem knew about the first wave of rapes but failed to issue a warning to users," Vice reported last summer. Facebook, Craigslist, and Tumblr filed briefs in support of the "Model Mayhem" site, arguing that allowing women to sue them could create a new "failure to warn" liability for other web sites. But now AmiMoJo writes:In a decision that one day could have reverberations across the internet, a three-judge panel in California decided she can sue the Model Mayhem site that the pair used to lure their victims. "Congress has not provided an all purpose get-out-of-jail-free card for businesses that publish user content on the Internet," Judge Richard Clifton wrote in the panel's decision. The CDA traditionally exempts web sites from liability for anything their users post. Do Slashdot readers think there should ever be any exceptions?

Web sites that matched models to photographers also led dozens of women to a pair of rapists in 2011, according to Vice. "Civil court documents show that the owners of Model Mayhem knew about the first wave of rapes but failed to issue a warning to users," Vice reported last summer. Facebook, Craigslist, and Tumblr filed briefs in support of the "Model Mayhem" site, arguing that allowing women to sue them could create a new "failure to warn" liability for other web sites. But now AmiMoJo writes:In a decision that one day could have reverberations across the internet, a three-judge panel in California decided she can sue the Model Mayhem site that the pair used to lure their victims. "Congress has not provided an all purpose get-out-of-jail-free card for businesses that publish user content on the Internet," Judge Richard Clifton wrote in the panel's decision. The CDA traditionally exempts web sites from liability for anything their users post. Do Slashdot readers think there should ever be any exceptions?

Joseph Cox, reporting for Motherboard: After details emerged of Stuxnet, arguably the world's first digital weapon, there were concerns that other hackers would copy its techniques. Now, researchers have disclosed a piece of industrial control systems (ICS) malware inspired heavily by Stuxnet. Although the copycat malware -- dubbed IRONGATE by cybersecurity company FireEye -- only works in a simulated environment it, like Stuxnet, replaces certain types of files, and was seemingly written to target a specific control system configuration. [...] IRONGATE works within a simulated Siemens environment called PLCSIM, used for testing programs before they are pushed out into the field. Like Stuxnet, IRONGATE replaces a Dynamic Link Library (DLL), a small collection of code that can be used by different programs at the same time, with a malicious one of its own. IRONGATE's DLL records five seconds of traffic from the Siemens' system to the user interface, and replays it over again, potentially tricking whoever is monitoring the system into thinking everything is fine, while the malware might manipulate something else in the background.Dark Reading's coverage on this is also worth a read.

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: On May 12, Tumblr revealed that it had found out about a 2013 data breach affecting 'a set of users' email addresses and passwords, but the company refused to reveal how many users were affected. As it turns out, that number is 65 million, according to an independent analysis of the data. Troy Hunt, a security researcher who maintains the data breach awareness portal Have I Been Pwned, recently obtained a copy of the stolen data set. Hunt told Motherboard that the data contained 65,469,298 unique emails and passwords. Update: 05/30 16:36 GMT by M : An earlier version of the original report claimed that data of 68 million accounts were compromised. It's 65 million. The original story, and hence, this summary has been updated to reflect the same.

Remember yesterday's story about an off-the-shelf Facebook clone in North Korea? Within a few hours that site was hacked by an 18-year-old college student in Scotland. An anonymous reader writes: Using the default credentials, Andrew McKean posted "Uh, I didn't create this site just found the login" in the site's box for Sponsored links. "McKean was able to become an admin for the site just by clicking on the 'Admin' link at the bottom of the site and guessing the username and password," writes Motherboard, which adds that the password was "password". McKean says the breach "was easy enough," and granted him the ability to "delete and suspend users, change the site's name, censor certain words and manage the eventual ads, and see everyone's emails."
The teenager said he had "no plans" for the compromised site -- except possibly redirecting it to an anti-North Korean page.

Joseph Cox, reporting for Motherboard (edited for clarity): A controversial surveillance company called Blue Coat Systems -- whose products have been detected in Iran and Sudan -- was recently issued a powerful encryption certificate by Symantec. The certificate, and the authority that comes with it, could allow Blue Coat Systems to more easily snoop on encrypted traffic. But Symantec downplayed concern from the security community. Blue Coat, which sells web-monitoring software, was granted the power in September last year, but it was only widely noticed this week. The company's devices are used by both government and commercial customers for keeping tabs on networks or conducting surveillance. In Syria, the technology has been used to censor web sites and monitor the communications of dissidents, activists and journalists.Blue Coat assures that it is not going to utilize the certificates to snoop on us. The Register reports: We asked Blue Coat how it planned to use its new powers -- and we were assured that its intermediate certificate was only used for internal testing and that the certificate is no longer in use. "Symantec has reviewed the intermediate CA issued to Blue Coat and determined it was used appropriately," the two firms said in a statement. "Consistent with their protocols, Symantec maintained full control of the private key and Blue Coat never had access to it. Blue Coat has confirmed it was used for internal testing and has since been discontinued. Therefore, rumors of misuse are unfounded."

Reporter Jason Koebler shares: Someone in North Korea appears to have created a Facebook clone, according to an internet analytics company that traced the site's DNS to the notoriously isolated country. The social network is an off-the-shelf Facebook clone called dolphinPHP.
Dyn Analytics researcher Doug Madory said that "very few websites resolve to the North Korean address space, and this one does."From the screenshots in the article, the user interface, and other elements do look similar to that of Facebook.

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: There's an oft-repeated adage in the world of cybersecurity: There are two types of companies, those that have been hacked, and those that don't yet know they have been hacked. MySpace, the social media behemoth that was, is apparently in the second category. The same hacker who was selling the data of more than 164 million LinkedIn users last week now claims to have 360 million emails and passwords of MySpace users, which would be one of the largest leaks of passwords ever. And it looks like the data is being circulated in the underground by other hackers as well. It's unclear when the data was stolen from MySpace, but both the hacker, who's known as Peace, and one of the operators of LeakedSource, a paid hacked data search engine that also claims to have the credentials, said it's from a past, unreported, breach.

An anonymous reader writes: The hacker who breached Hacking Team and FinFisher is trying to get more people to "hack back" and fight "the system." For some, thanks to his targeted attacks and sophisticated political views, Phineas Fisher is quickly becoming the most influential hacktivist of the last few years. In response to his most recent hack where he released a 39-minute how-to video showing how to strip data from targeted websites, specifically a website of the Catalan police union, Phineas Fisher told Motherboard, "Everything doesn't have to be big. I wanted to strike a small blow at the system, teach a bit of hacking with the video, and inspire people to take action." Biella Coleman, professor at McGill University in Montreal, believes Phineas Fisher has a good chance of inspiring a new generation of hacktivists and "setting the stage for other hackers to follow in his footsteps." She says he has been better at choosing targets and justifying his actions with more rounded and sophisticated political and ethical views than Anonymous and LulzSec-inspired hackers. Phineas Fisher told Motherboard, "I don't want to be the lone hacker fighting the system. I want to inspire others to take similar action, and try to provide the information so they can learn how."

An anonymous reader writes: The hacker who breached Hacking Team and FinFisher is trying to get more people to "hack back" and fight "the system." For some, thanks to his targeted attacks and sophisticated political views, Phineas Fisher is quickly becoming the most influential hacktivist of the last few years. In response to his most recent hack where he released a 39-minute how-to video showing how to strip data from targeted websites, specifically a website of the Catalan police union, Phineas Fisher told Motherboard, "Everything doesn't have to be big. I wanted to strike a small blow at the system, teach a bit of hacking with the video, and inspire people to take action." Biella Coleman, professor at McGill University in Montreal, believes Phineas Fisher has a good chance of inspiring a new generation of hacktivists and "setting the stage for other hackers to follow in his footsteps." She says he has been better at choosing targets and justifying his actions with more rounded and sophisticated political and ethical views than Anonymous and LulzSec-inspired hackers. Phineas Fisher told Motherboard, "I don't want to be the lone hacker fighting the system. I want to inspire others to take similar action, and try to provide the information so they can learn how."

An anonymous reader writes: Swiss researchers are unveiling "a not at all sinister-sounding system capable of predicting the quality of code produced by developers based on their biometric data," according to Motherboard. "By looking at the programmer as they program, rather than the code after the programmer is done writing it, the system described by the Zurich researchers finds code quality issues as the code is being produced... By using heart rate information, for example, they were able to quantify the difficulty a given programmer had in producing a piece of software. This information could then be used to identify likely sections of bad code..."

In a paper to be presented at an Austin engineering conference this week, the researchers write that "Delaying software quality concerns, such as defects or poor understandability of the code, increases the cost of fixing them," calling their system an improvement over code reviews, even automated ones. "Biometrics helped to automatically detect 50 percent of the bugs found in code reviews and outperformed traditional metrics in predicting all quality concerns found in code reviews."
On the other hand, Motherboard likened the stress level for programmers to "a coding interview that never ends where you also happen to be naked. "

An anonymous reader writes: "It was supposed to be a great story about terrorism, uncertainty and the evils of the DarkNet," writes Deep Dot Web, describing an investigative report titled "Fear of Terror -- How Endangered is Germany?" After interviewing security experts, federal investigators, and a survivor of the Paris terrorist attack, a TV news crew in Germany attempted to buy an AK-47 on the dark web -- only to be scammed out of $800. "If he had done a little research he could have known that most weapon dealers on the DarkNet are actually scams," the article points out, adding that German customs officers say they would have intercepted any AK-47 had a delivery been attempted.
Motherboard reported in November that the high number of scams -- some of which are undercover agents -- prompted several dark web markets to stop offering guns altogether, though they suggest the German news crew was trying to recreate the purchases of "disabled" weapons which were then converted back into their original form.

An anonymous reader writes: "It was supposed to be a great story about terrorism, uncertainty and the evils of the DarkNet," writes Deep Dot Web, describing an investigative report titled "Fear of Terror -- How Endangered is Germany?" After interviewing security experts, federal investigators, and a survivor of the Paris terrorist attack, a TV news crew in Germany attempted to buy an AK-47 on the dark web -- only to be scammed out of $800. "If he had done a little research he could have known that most weapon dealers on the DarkNet are actually scams," the article points out, adding that German customs officers say they would have intercepted any AK-47 had a delivery been attempted.
Motherboard reported in November that the high number of scams -- some of which are undercover agents -- prompted several dark web markets to stop offering guns altogether, though they suggest the German news crew was trying to recreate the purchases of "disabled" weapons which were then converted back into their original form.

At its developer conference on Wednesday, Google announced Allo, a chatbot-enabled messaging app. The app offers a range of interesting features such as the ability to quickly doodle on an image and get prompt responses. Additionally, it is the "first Google" product to offer end-to-end encryption, though that is not turned on by default. If you're concerned about privacy, you will probably still want to avoid Allo, says the publication. From the report: Allo's big innovation is "Google Assistant," a Siri competitor that will give personalized suggestions and answers to your questions on Allo as well as on the newly announced Google Home, which is a competitor to Amazon's Echo. On Allo, Google Assistant will learn how you talk to certain friends and offer suggested replies to make responding easier. Let that sink in for a moment: The selling point of this app is that Google will read your messages, for your convenience. Google would be insane to not offer some version of end-to-end encryption in a chat app in 2016, when all of its biggest competitors have it enabled by default. Allo uses the Signal Protocol for its encryption, which is good. But as with all other Google products, Allo will work much better if you let Google into your life. Google is banking on the idea that you won't want to enable Incognito Mode, and thus won't enable encryption.Edward Snowden also chimed in on the matter. He said, "Google's decision to disable end-to-end encryption by default in its new Allo chat app is dangerous, and makes it unsafe. Avoid it for now."

An anonymous reader writes: A longtime Wikipedia editor wrote an email to a large public mailing list Tuesday, saying he was contemplating suicide due to online abuse by his fellow Wikipedians. "Nobody on Wikipedia seems to be kind," he wrote. "You are all so busy power tripping that you forget there is a real, live person on the other side." He lamented that obstructionism by other editors stopped him from contributing to the site's "great mission -- one I feel so keenly." The email was sent to the Wikimedia-L mailing list, which is one of the largest community-run Wikimedia mailing lists and has hundreds of subscribers. The editor was upset after an ongoing disagreement with other editors on the "talk" pages of an article about a local politician. The debate devolved into name-calling, the editor wrote, and eventually he was completely banned from editing the site he had devoted so much time to.

theodp writes: The problem with Oracle v. Google," explains Motherboard's Sarah Jeong, "is that everyone actually affected by the case knows what an API is, but the whole affair is being decided by people who don't, from the normals in the jury box to the normals at the Supreme Court." Which has Google's witnesses "really, really worried that the jury does not understand nerd shit." Jeong writes, "Eric Schmidt sought to describe APIs and languages using power plugs as an analogy. Jonathan Schwartz tried his hand at explaining with 'breakfast menus,' only to have Judge William Alsup respond witheringly, 'I don't know what the witness just said. The thing about the breakfast menu makes no sense.'

"Schwartz's second attempt at the breakfast menu analogy went much better, as he explained that although two different restaurants could have hamburgers on the menu, the actual hamburgers themselves were different -- the terms on the menu were an API, and the hamburgers were implementations." And Schwarz's explanation that the acronym GNU stands for 'GNU is Not Unix' drew the following exchange: "The G part stands for GNU?" Alsup asked in disbelief. "Yes," said Schwartz on the stand. "That doesn't make any sense," said the 71-year-old Clinton appointee.

An anonymous reader writes: After the new Doom was released yesterday, Vice discovered its SnapMap feature had already been used to recreate one of the levels from the original Doom. "The original Doom thrived on a strong modding community, and id is supporting that tradition here in a great way." Sharing videos for both the old and new versions of the E1 M2 nuclear plant map, Vice also applauded the interface for the new SnapMap tool, which lets users design their own levels, even on consoles. SnapMap includes tools for arranging objects, placing enemies, and even triggering events when a player reaches certain points in a level. "It's incredibly easy to use considering how much you can do, and so far I've had little trouble uploading, downloading, and browsing for user-made levels."
Newegg is also offering a $15 discount code for PC, Xbox One, or PS4 versions.

An anonymous reader writes: Matt Blaze, a University of Pennsylvania computer and information science professor, discovered a SUV "tucked away in the shadows of the Philadelphia Convention Center's tunnel" that was labeled as a Google Maps Street View car. It had two high-powered license plate reader cameras mounted on top, meaning it had to belong to a government agency. The Philadelphia Police Department had admitted it owns the truck after the report from Motherboard was published. "Unless the Philadelphia Fire Department of Streets Department are using automated license plate recognition (ALPR), this strongly suggests the city's police department is trawling city streets under the auspices of Google while snapping thousands of license plate images per minute," says Motherboard. ALPR can photograph thousands of license plate images per minute and track and store a person's travel habits without a warrant. Google spokesperson Susan Cadrecha commented on the report, "We can confirm this is not a Google Maps car, and that we are currently looking into the matter." The Philadelphia Police Department since responded to the report: "We have been informed that this unmarked vehicle belongs to the police department; however, the placement of any particular decal on the vehicle was not approved through any chain of command. With that being said, once this was brought to our attention, it was ordered that the decals be removed immediately."

An anonymous reader writes: Matt Blaze, a University of Pennsylvania computer and information science professor, discovered a SUV "tucked away in the shadows of the Philadelphia Convention Center's tunnel" that was labeled as a Google Maps Street View car. It had two high-powered license plate reader cameras mounted on top, meaning it had to belong to a government agency. The Philadelphia Police Department had admitted it owns the truck after the report from Motherboard was published. "Unless the Philadelphia Fire Department of Streets Department are using automated license plate recognition (ALPR), this strongly suggests the city's police department is trawling city streets under the auspices of Google while snapping thousands of license plate images per minute," says Motherboard. ALPR can photograph thousands of license plate images per minute and track and store a person's travel habits without a warrant. Google spokesperson Susan Cadrecha commented on the report, "We can confirm this is not a Google Maps car, and that we are currently looking into the matter." The Philadelphia Police Department since responded to the report: "We have been informed that this unmarked vehicle belongs to the police department; however, the placement of any particular decal on the vehicle was not approved through any chain of command. With that being said, once this was brought to our attention, it was ordered that the decals be removed immediately."

An anonymous reader writes: Matt Blaze, a University of Pennsylvania computer and information science professor, discovered a SUV "tucked away in the shadows of the Philadelphia Convention Center's tunnel" that was labeled as a Google Maps Street View car. It had two high-powered license plate reader cameras mounted on top, meaning it had to belong to a government agency. The Philadelphia Police Department had admitted it owns the truck after the report from Motherboard was published. "Unless the Philadelphia Fire Department of Streets Department are using automated license plate recognition (ALPR), this strongly suggests the city's police department is trawling city streets under the auspices of Google while snapping thousands of license plate images per minute," says Motherboard. ALPR can photograph thousands of license plate images per minute and track and store a person's travel habits without a warrant. Google spokesperson Susan Cadrecha commented on the report, "We can confirm this is not a Google Maps car, and that we are currently looking into the matter." The Philadelphia Police Department since responded to the report: "We have been informed that this unmarked vehicle belongs to the police department; however, the placement of any particular decal on the vehicle was not approved through any chain of command. With that being said, once this was brought to our attention, it was ordered that the decals be removed immediately."

An anonymous reader writes: Hacker, BVM, said he's "lost count" of the number of subreddits he's stolen and defaced, but estimates that the number is more than 70. Subreddits like r/pics, r/starwars, and r/gameofthrones, and many others, have been defaced just in the last few days. He claims Reddit's crummy security, and lack of two-factor authentication are what has made his exploits possible. "Reddit's security is shit," he says. "If Reddit would simply add 2FA it would be a lot harder to get in." Why is BVM hacking these subreddits? "No reason really. Just boredom. It's not like it's really a challenge or anything so I just do it to pass time," the hacker told Motherboard in an online chat. BVM didn't comment on how exactly he is taking over subreddits. However, he did admit he's been hacking into moderators' accounts and then changing the CSS style of the pages, replacing it with a note taking responsibility. Reddit appears to be responding to these incidents quickly, restoring the subreddits.

New submitter axlash writes: There's a lot of dissatisfaction with governments today, as can be seen by the rise of left-wing parties in Europe, to the rise of non-mainstream political candidates in America. Well, here's a thought -- with all the talk of technology replacing jobs, why not have it replace governments, too? The speculates about how "in the near future, the government might dramatically shrink -- not because of demands by fiscally astute Americans, but because of radical technology." It goes on: "Even the US President could one day be replaced, which -- strangely enough -- might bring sanity to our election process." The main thrust of the article is essentially about how government jobs will be replaced with technology, although it doesn't say much about whether there'll be technology administering this technology.

An anonymous reader writes: Lego Robots outfitted with a "finger" made from molded Play-Doh were able to bypass seven different gesture-based security systems at least 70% of the time, according to a new study funded by DARPA. Gestural ID systems "tend to take a rosy view of the security world in which hackers attempt to breach such defenses via crude impersonation," reports Vice, which notes that the systems now turn out to be far less reliable against automated attacks using a careful "forgery" of a user's gestures.

DARPA titled their report "Robotic Robbery on the Touch Screen," writing that it "demonstrates the threat that robots pose to touch-based authentication, and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems."

derekmead quotes a report from Motherboard: Since taking the bench in 2011 -- moving literally across the street from his law office into the district courthouse -- Judge Rodney Gilstrap has become one of the most influential patent litigation judges in the country. In 2015, there were 5,819 new patent cases filed in the US; 1,686 of those ended up in front of Judge Gilstrap. That's more than a quarter of all cases in the country; twice as many as the next most active patent judge. This busy patent docket didn't blossom overnight, and it's not some strange coincidence. Due to some unique rules around intellectual property filings, patent holders can often file their lawsuits at any district court in the country, even if neither the plaintiff nor the defendant is based there. By introducing a list of standing court orders and local regulations, the Eastern District of Texas (and, in particular, Gilstrap's division of Marshall) has become the court of choice for many plaintiffs, especially non-practicing entities, often referred to as patent trolls.

tedlistens writes: At Motherboard, Alex Pasternack writes: "Star Wars is set in a world of wildly advanced technology. But take a good look at the machinery of Star Wars, and you may be surprised to see how wonderfully analog it all is -- buttons! levers! vector graphics! Yes, there are hyperdrives and lightsabers and hologram Princess Leias and droids that know six million languages (including the language of moisture vaporators, along with various etiquette and diplomatic protocols useful across the galaxy). But it's also a world where sometimes you have to hit a robot to get it to work, like an old dashboard radio, a place where the supercomputers are operated manually and where buttons and control panels and screens seem far removed from our own galaxy: tactile, lo-fi, and elegantly simple." May the 4th be with you.

An anonymous reader quotes a report from Vice: Saturday marked the conclusion of the 2016 FIRST Robotics Competition, which saw over 20,000 high school students from around the world descend on St. Louis, Missouri... 900 teams pitted their robots against one another in various games... The ultimate robotics test occurred in the championship round, known as the FIRST Stronghold, which involves two alliances composed of three robots each. At each end of a pitch are two towers, representing each alliance's stronghold. The alliances must breach their opponent's stronghold by throwing boulders to goals on the tower to weaken it. There's some embedded videos from the event in Vice's article, which points out that it's the competition's 25th anniversary. (Here's Slashdot's post about the event from 2004). This year 40,000 people attended, including will.i.am and NASA Administrator Charles Bolden.

Joseph Cox, reporting for Motherboard: Earlier this week, it emerged that a section of Government Communications Headquarters (GCHQ), the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen individual vulnerabilities in the past few months, including in highly popular pieces of software like iOS. "So far in 2016 GCHQ/CESG has disclosed more than 20 vulnerabilities across a number of software products," a GCHQ spokesperson told Motherboard in an email. CESG, or the National Technical Authority for Information Assurance, is the information security wing of GCHQ. Those issues include a kernel vulnerability in OS X El Captain v10.11.4, the latest version, that would allow arbitrary code execution, and two in iOS 9.3, one of which would have done largely the same thing, and the other could have let an application launch a denial of service attack.