DHS Detains Mayor of Stockton, CA, Forces Him To Hand Over His Passwords 286

schwit1 writes: Anthony Silva, the mayor of Stockton, California, recently went to China for a mayor's conference. On his return to San Francisco airport he was detained by Homeland Security, and then had his two laptops and his mobile phone confiscated. They refused to show him any sort of warrant (of course) and then refused to let him leave until he agreed to hand over his password.

Experian Breached, 15 Million T-Mobile Customer's Data Exposed 157

New submitter Yuuki! writes: The Washington Post reports that T-Mobile's Credit Partner, Experian, has been breached revealing names, addresses, Social Security numbers, birth dates and driver's license and passport numbers for any customer who has applied for device financing or even services from T-Mobile which required a credit check. Both parties were quick to point out that no no credit card or banking data was stolen as part of the attack. The attack started back in September 2013 and was only just discovered on September 16, 2015. Both Experian and T-Mobile have posted statements on their websites and Experian is offering credit for two free years of identity resolution services and credit monitoring in the wake of the breach.

Patreon Hacked, Personal Data Accessed 75

AmiMoJo writes: In a blog post Jake Conte, CEO and co-founder of Patreon, writes: "There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key."

Yelp For People To Launch In November 443 writes: Caitlin Dewey reports in the Washington Post that 'Peeple' — basically Yelp, but for humans will launch in November. Subtitled "character is destiny," Peeple is an upcoming app that promises to "revolutionize the way we're seen in the world through our relationships" by allowing you to assign reviews of one to five stars to everyone you know: your exes, your co-workers, the old guy who lives next door. You can't opt out — once someone puts your name in the Peeple system, it's there unless you violate the site's terms of service. And you can't delete bad or biased reviews — that would defeat the whole purpose. "People do so much research when they buy a car or make those kinds of decisions," says co-founder Julia Cordray. "Why not do the same kind of research on other aspects of your life?"

According to Caitlin, one does not have to stretch far to imagine the distress and anxiety that such a system will cause even a slightly self-conscious person; it's not merely the anxiety of being harassed or maligned on the platform — but of being watched and judged, at all times, by an objectifying gaze to which you did not consent. "If you're one of the people who miss bullying kids in high school, then Peeple is definitely going to be the app for you!," says Mike Morrison. "I'm really looking forward to being able to air all of my personal grievances, all from the safety of my phone. Thanks to the app, I'll be able to potentially ruin someone's life, without all the emotional stress that would occur if I actually try to fix the problem face-to-face."

Apple, Microsoft Tout Their Privacy Policies To Get Positive PR 101

jfruh writes: Apple hasn't changed its privacy policy in more than a year — but that didn't stop the company from putting up a glossy website explaining it in layman's terms. Microsoft too has been touting its respect for its users's privacy. This doesn't represent any high-minded altruism on those companies' parts, of course; it's part of their battle against Google, their archrival that offers almost all of its services for free and makes its money mining user data.

Snowden Joins Twitter, Follows NSA 206

wiredmikey writes: Edward Snowden joined Twitter Tuesday, picking up more than a quarter of a million followers on the social network in just over two hours. Snowden followed a single Twitter account: the U.S. National Security Agency, from which he stole electronic documents revealing the agency's secret surveillance programs. "Can you hear me now?" he asked in his first tweet, which was quickly resent by Twitter users tens of thousands of times. In his second, Snowden noted the recent news about the planet Mars and then quipped about the difficulty he had finding asylum after the U.S. government fingered him as the source of the NSA leaks. "And now we have water on Mars!" he wrote. "Do you think they check passports at the border? Asking for a friend."

Newly Found TrueCrypt Flaw Allows Full System Compromise 106

itwbennett writes: James Forshaw, a member of Google's Project Zero team has found a pair of flaws in the discontinued encryption utility TrueCrypt that could allow attackers to obtain elevated privileges on a system if they have access to a limited user account. 'It's impossible to tell if the new flaws discovered by Forshaw were introduced intentionally or not, but they do show that despite professional code audits, serious bugs can remain undiscovered,' writes Lucian Constantin.

FBI and DEA Under Review For Misuse of NSA Mass Surveillance Data 86

Patrick O'Neill writes: The FBI and DEA were among the agencies fed information from an NSA surveillance program described as "staggering" by one judge who helped strike the program down. Now the two agencies are under review by the Justice Department for the use of parallel construction as well as looking into the specifics and results of cases originating from NSA tips. (Here's some more on the practice of parallel construction in this context.)

How the FBI Hacks Around Encryption 91

Advocatus Diaboli writes with this story at The Intercept about how little encryption slows down law enforcement despite claims to the contrary. To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that's just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it's called hacking.

Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.
Electronic Frontier Foundation

EFF: DMCA Hinders Exposing More Software Cheats Like Volkswagen's 166

ideonexus writes: Automakers have argued that the 1998 Digital Millennium Copyright Act makes it unlawful for researchers to review the code controlling their vehicles without the manufacturer's permission, making it extremely difficult to expose software cheats like the one Volkswagen used to fake emissions tests. Arguing that this obfuscation of code goes so far as to endanger lives at times, the Electronic Frontier Foundation (EFF) maintains that, "When you entrust your health, safety, or privacy to a device, the law shouldn't punish you for trying to understand how that device works and whether it is trustworthy."

Edward Snowden Promotes Global Treaty To Curtail Surveillance 110

An anonymous reader writes: In a video appearance, Edward Snowden said domestic digital spying on ordinary citizens is an international threat that will only be slowed with measures like a proposed international treaty declaring privacy a basic human right. "This is not a problem exclusive to the United States.... This is a global problem that affects all of us. What's happening here happens in France, it happens in the U.K., it happens in every country, every place, to every person," he said.

Ask Slashdot: Make Windows Update Install Only Security Updates Automatically? 288

An anonymous reader writes: After the news earlier this month about Microsoft forcing the Windows 10 upgrade on people who don't want it, my sizeable extended family has been coming to me for a solution. They don't want to be guinea pigs this early in the Windows 10 release cycle, but it looks like Microsoft may not be giving them a choice. My reading of Woody Leonhard's advice is that the only way to ensure the upgrade doesn't happen is to disable Windows Update, but that seems extreme. I want my family to install security updates, but I don't relish the idea of explaining to them how to install just those and hide the less-desireable updates.

The ideal solution would be to have only security updates install automatically, but it looks like it's easier said than done. I've looked at third-party tools like Autopatcher and Portable Update, but a security-only option doesn't seem to be very standard. From what I've read, Microsoft doesn't even package security updates separately, sometimes mixing merely Important and Recommended updates in the downloaded CAB file. I wish I could get them off Windows, but it's not an option. They use Windows at work or school, and don't want to go through the process of learning another OS. Maybe the current situation with Windows 10 will convince them eventually, but they need something now. I would really like to come up with a solution before the next Patch Tuesday on October 13. Do any of the more knowledgeable Slashdotters out there have any advice?

Chrome For Android's Incognito Mode Saves Some of the Sites You Visit 69

An anonymous reader writes: A newly found bug in Google Chrome for Android means incognito mode really isn't as locked-down as it's designed to be. Some sites you visit while using the privacy feature are still saved, and can be retrieved simply by opening the browser's settings. Google Chrome for Android has had incognito mode since February 2012. Here is Google's official description of the feature: "If you don't want Google Chrome to save a record of what you visit and download, you can browse the web in incognito mode."

'RipSec' Goes To Hollywood: How the iCloud Celeb Hack Happened 28

mask.of.sanity writes: The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons. The film maker gained access to RipSec using a photoshopped naked image of major TV star who offered access to her iCloud account. "I contacted some of the celebrities and she gave me access to her account," Doering says. "From there I baited them (the hackers)."
United States

EU May Forbid the Transfer of Personal Data To the US 202

An anonymous reader writes: As the Snowden revelations have shown, personal data stored in the United States of America is not protected from the US government, be it through warrantless eavesdropping or national security letters. In light of this, the general attorney for the Court of Justice of the European Union has just issued an opinion requiring the US to be removed from the list of "safe harbors", where the transfer of personal data of European citizens is permitted. If the court follows his opinion, the change will have deep impact in the operations of large transnational Internet companies, between a US government that wants to keep on spying, and European authorities that will punish them if they let it happen.
United States

Obama Administration Explored Ways To Bypass Smartphone Encryption 142

An anonymous reader writes: According to a story at The Washington Post, an Obama Administration working group considered four backdoors that tech companies could adopt to allow the government to break encrypted communications stored on phones of suspected terrorists or criminals. The group concluded that the solutions were "technically feasible," but they group feared blowback. "Any proposed solution almost certainly would quickly become a focal point for attacks. Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce 'backdoors' or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation," said the unclassified memo. You can read the draft paper on technical options here.

Phone Passwords Protected By 5th Amendment, Says Federal Court 178

Ars Technica reports that a Federal court in Pennsylvania ruled Wednesday that the Fifth Amendment protects from compelled disclosure the passwords that two insider-trading suspects used on their mobile phones. In this case, the SEC is investigating two former Capital One data analysts who allegedly used insider information associated with their jobs to trade stocks—in this case, a $150,000 investment allegedly turned into $2.8 million. Regulators suspect the mobile devices are holding evidence of insider trading and demanded that the two turn over their passcodes. However, the court ruled, "Since the passcodes to Defendants' work-issued smartphones are not corporate records, the act of producing their personal passcodes is testimonial in nature and Defendants properly invoke their fifth Amendment privilege."

IBM's Watson Is Now Analyzing Your Vacation Photos 117

jfruh writes: IBM's Jeopardy-winning supercomputer Watson is now suite of cloud-based services that developers can use to add cognitive capabilities to applications, and one of its powers is visual analysis. Visual Insights analyzes images and videos posted to services like Twitter, Facebook and Instagram, then looks for patterns and trends in what people have been posting. Watson turns what it gleans into structured data, making it easier to load into a database and act upon — which is clearly appealing to marketers and just as clearly carries disturbing privacy implications.
United Kingdom

Does IoT Data Need Special Regulation? 99

dkatana writes: As part of the UK's Smart Meter Implementation Programme, Spain's Telefonica is deploying a M2M solution, using its own proprietary network, to collect and transmit data from 53 million gas and electricity smart meters. The most troubling issue is that the UK government awarded the contract to a private telecom that uses a proprietary network rather than to an independent organization that uses freely available spectrum and open source solutions. Those Smart Meters are supposed to be in operation for more than three decades, and rely on a network that can cease to exist. On top of that, the network, running proprietary protocols, can be hacked, and "will be hacked". Only Telefonica will be able to fix it.

Russia's Plan To Crack Tor Crumbles 122

mspohr writes: It looks like Russia's effort to crack Tor was harder than they anticipated. The company that won the contract is now trying to get out of it. Bloomberg reports: "The Kremlin was willing to pay 3.9 million rubles ($59,000) to anyone able to crack Tor, a popular tool for communicating anonymously over the Internet. Now the company that won the government contract expects to spend more than twice that amount to abandon the project. The Central Research Institute of Economics, Informatics, and Control Systems—a Moscow arm of Rostec, a state-run maker of helicopters, weapons, and other military and industrial equipment—agreed to pay 10 million rubles ($150,000) to hire a law firm tasked with negotiating a way out of the deal, according to a database of state-purchase disclosures. Lawyers from Pleshakov, Ushkalov and Partners will work with Russian officials on putting an end to the Tor research project, along with several classified contracts, the government documents say."