76358135
submission
vivaoporto writes:
The Calyx Institute reports that a federal district court has ordered the FBI to lift an eleven-year-old gag order imposed on Nicholas Merrill forbidding him from speaking about a National Security Letter ("NSL") that the FBI served on him in 2004. The ruling marks the first time that an NSL gag order has been lifted in full since the PATRIOT Act vastly expanded the scope of the FBI’s NSL authority in 2001.
For more than a decade, the government has refused to allow Mr. Merrill and other NSL recipients to tell the public just how broadly the FBI has interpreted its authority to surveil individuals’ digital lives in secret using NSLs. Tens of thousands of NSLs are issued by FBI officers every year without a warrant or judicial oversight of any kind.
U.S. District Judge Victor Marrero’s decision invalidated the gag order in full, finding no "good reason" to prevent Merrill from speaking about any aspect of the NSL, particularly an attachment to the NSL that lists the specific types of "electronic communication transactional records" (“ECTR”) that the FBI believed it was authorized to demand.
It is worth noting that this is the same judge that struck down a portion of the revised USA PATRIOT Act in 2007 forcing investigators to go through the courts to obtain approval before ordering ISPs to give up information on customers, instead of just sending them a National Security Letter.
75665585
submission
vivaoporto writes:
A scathing review published on Fast Company describes Amazon's Dash Button, the "Buy Now" button brought into the physical world as "the latest symptom of Amazon's slowly spreading disease", "an unabashed attempt to disconnect customers from the amount of money we're spending"
The author criticism focus on Amazon's lack of focus on customer experience, a core UI that doesn't make sense, limited and expensive product selection and a "store UX is no longer designed for your convenient shopping", "designed for their profitable selling".
75466979
submission
vivaoporto writes:
Clint Ruoho reports on gnu.gl blog the process of discovery, exploitation and reporting of multiple vulnerabilities in Pocket, the third party web-based service chosen by Mozilla (with some backslash) as the default way to save articles for future reading in Firefox.
The vulnerabilities, exploitable by an attacker with only a browser, the Pocket mobile app and access to a server in Amazon EC2 costing 2 cents an hour, would give an attacker unrestricted root access to the server hosting the application.
The entry point was exploiting the service's main functionality itself — adding a server internal address in the "read it later" user list — to retrieve sensitive server information like the /etc/passwd file, its internal IP and the ssh private key needed to connect to it without a password. With this information it would be possible to SSH into the machine from another instance purchased in the same cloud service giving the security researcher unrestricted access.
All the vulnerabilities were reported by the researcher to Pocket, and the disclosure was voluntarily delayed for 21 days from the initial report to allow Pocket time to remediate the issues identified. Pocket does not provide monetary compensation for any identified or possible vulnerability.
75358697
submission
vivaoporto writes:
CNN and Canada's CBC are being sued after the companies allegedly ripped the "Buffalo Lake Effect" from YouTube and used it in their broadcasts without a license. In addition to claims of copyright infringement, the media giants face allegations that they breached the anti-circumvention measures of the DMCA.
New York resident Alfonzo Cutaia (an intelectual property attorney) sensed last year that he had a hit video on his hands and used the YouTube's account monetization program to generate some revenue.
The attorney uploaded his footage to the video site and selected "Standard YouTube License" that grants Youtube (and Youtube only) "a worldwide, non-exclusive, royalty-free, sublicenseable and transferable license to use, reproduce, distribute, prepare derivative works of, display, and perform the Content in connection with the Service and YouTube's (and its successors' and affiliates') business". All other rights are reserved to the copyright owner and standard copyright laws and exceptions apply.
According to a lawsuit filed this week by Cutaia in a New York court, around November 18 Canada’s CBC aired the video online without permission, with a CBC logo as an overlay.
After complaining to CBC about continued unauthorized use, last month Cutaia was told by CBC that the company had obtained the video from CNN on a 10-day license. However, Cutaia claims that the video was used by CBC and its partners for many months, having been supplied to them by CNN who also did not have a license. CBC and CNN are also accused of distributing the video despite knowing that the copyright management information had been removed.
75094303
submission
vivaoporto writes:
Netflix announced this tuesday that, during the first year after their child’s birth or adoption, employees will be able to take off however long they feel they need to.
They can return on a full- or part-time basis, and even take subsequent time off later in the year if needed. Netflix will "keep paying them normally,"
The TIME comments that this Netflix’s policy "deserves high marks for extending leave to fathers, as well as understanding that the entire first year after childbirth can be challenging for new parents".
75059579
submission
vivaoporto writes:
According to the report in the New York Times Bits blog, for seven days, hackers used Yahoo’s ad network to send malicious bits of code to computers that visit Yahoo’s collection of heavily trafficked websites.
The attack, which started on July 28, was the latest in a string that have exploited Internet advertising networks, which are designed to reach millions of people online. It also highlighted growing anxiety over a much-used graphics program called Adobe Flash, which has a history of security issues that have irked developers at Silicon Valley companies.
“Right now, the bad guys are really enjoying this,” said Jérôme Segura, a security researcher at Malwarebytes, the security company that uncovered the attack. “Flash for them was a godsend.”
While Yahoo acknowledged the attack, the company said that it was not nearly as big as Malwarebytes had portrayed it to be.
“We take all potential security threats seriously,” a Yahoo spokeswoman said in statement. “With that said, the scale of the attack was grossly misrepresented in initial media reports, and we continue to investigate the issue.”
“In terms of how many people were served a malicious ad, only Yahoo would really know,” Mr. Segura said. But he added: “This is one of the largest attacks we’ve seen in recent months.”
Neither company could say exactly how many people were affected. After news of the attack was revealed, Adobe asked users to update Flash so their computers would no longer be vulnerable.
75018385
submission
vivaoporto writes:
Nokia announced an agreement to sell its HERE digital mapping and location services business to a consortium of leading automotive companies, comprising AUDI AG, BMW Group and Daimler AG (Mercedes brand owner).
The transaction values HERE at an enterprise value of EUR 2.8 billion with a normalized level of working capital and is expected to close in the first quarter of 2016, subject to customary closing conditions and regulatory approvals. Upon closing, Nokia estimates that it will receive net proceeds of slightly above EUR 2.5 billion, as the purchaser would be compensated for certain defined liabilities of HERE currently expected to be slightly below EUR 300 million as part of the transaction. Nokia expects to book a gain on the sale and a related release of cumulative foreign exchange translation differences totaling approximately EUR 1 billion as a result of the transaction.
Once the mapping unit is sold, Nokia will consist of two businesses: Nokia Networks and Nokia Technologies. The first will continue to provide broadband services and infrastructure while the second will work on “advanced technology development and licensing.”
74775337
submission
vivaoporto writes:
Techdirt reports a plan to run anti-Google smear campaign via Today Show and WSJ discovered in MPAA Emails.
Despite the resistance of the Hollywood studios to comply with the subpoenas obtained by Google concerning their relationship with Mississippi Attorney General Jim Hood (whose investigation of the company appeared to actually be run by the MPAA and the studios themselves) one of the few emails that Google have been able to get access to so far was revealed this Thursday in a filling. It's an email between the MPAA and two of Jim Hood's top lawyers in the Mississippi AG's office, discussing the big plan to "hurt" Google.
The lawyers from Hood's office flat out admit that they're expecting the MPAA and the major studios to have its media arms run a coordinated propaganda campaign of bogus anti-Google stories:
Media: We want to make sure that the media is at the NAAG meeting. We propose working with MPAA (Vans), Comcast, and NewsCorp (Bill Guidera) to see about working with a PR firm to create an attack on Google (and others who are resisting AG efforts to address online piracy). This PR firm can be funded through a nonprofit dedicated to IP issues. The "live buys" should be available for the media to see, followed by a segment the next day on the Today Show (David green can help with this). After the Today Show segment, you want to have a large investor of Google (George can help us determine that) come forward and say that Google needs to change its behavior/demand reform. Next, you want NewsCorp to develop and place an editorial in the WSJ emphasizing that Google's stock will lose value in the face of a sustained attack by AGs and noting some of the possible causes of action we have developed.
As Google notes in its legal filing about this email, the "plan" states that if this effort fails, then the next step will be to file the subpoena (technically a CID or "civil investigatory demand") on Google, written by the MPAA but signed by Hood.
As Google points out, this makes it pretty clear that the MPAA, studios and Hood were working hand in hand in all of this and that the subpoena had no legitimate purpose behind it, but rather was the final step in a coordinated media campaign to pressure Google to change the way its search engine works.
74705695
submission
vivaoporto writes:
The Register reports a root-level privilege-escalation exploit that allows one to gain administrator-level privileges on an OS X Yosemite Mac using code so small that fits in a tweet.
The security bug, documented by iOS and OS X guru Stefan Esserwhich, can be exploited by malware and attackers to gain total control of the computer.
This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5 but is already fixed in the preview beta of El Capitan (OS X 10.11)
74637375
submission
vivaoporto writes:
European scientists said that the Philae comet lander has fallen silent on Monday, raising fears that it has moved again on its new home millions of miles from Earth.
Over the last few weeks, Rosetta has been flying along the terminator plane of the comet in order to find the best location to communicate with Philae. However, over the weekend of 10-11 July, the star trackers struggled to lock on to stars at the closer distances. No contact has been made with Philae since 9 July. The data acquired at that time are being investigated by the lander team to try to better understand Philae’s situation.
One possible explanation being discussed at DLR’s Lander Control Center is that the position of Philae may have shifted slightly, perhaps by changing its orientation with respect to the surface in its current location. The lander is likely situated on uneven terrain, and even a slight change in its position – perhaps triggered by gas emission from the comet – could mean that its antenna position has also now changed with respect to its surroundings. This could have a knock-on effect as to the best position Rosetta needs to be in to establish a connection with the lander.
The current status of Philae remains uncertain and is a topic of on-going discussion and analysis. But in the meantime, further commands are being prepared and tested to allow Philae to re-commence operations. The lander team wants to try to activate a command block that is still stored in Philae’s computer and which was already successfully performed after the lander’s unplanned flight across to the surface to its final location.
"Although the mission will now focus its scientific priority on the orbiter, Rosetta will continue attempting – up to and past perihelion – to obtain Philae science packets once a stable link has been acquired," adds Patrick Martin, Rosetta mission manager.
74464087
submission
vivaoporto writes:
As posted on Re/code an repercuted in many other outlets Twitter stock jumped nearly 8 percent after a bogus report, attributed to Bloomberg News, said Twitter had received a $31 billion buyout offer.
The fake story, which cited "people with knowledge of the situation," appeared on a website (Google Cache version) made to look like Bloomberg's business news page and claimed that the company had received a takeover offer worth $31 billion.
The website domain, bloomberg.market (now suspended) was registered Friday, according to a search of the nonprofit Internet Corporation for Assigned Names and Numbers, and the identity of the person or company who registered it is not publicly available.
Close scrutiny flagged a number of questionable elements like the name of Twitter’s former chief executive, Richard Costolo being misspelled.
A search of Internet records showed that the bloomberg.market Internet address was registered on Friday through a Panamanian service meant to keep its customers anonymous.
By late afternoon, the web page for bloomberg.market was no longer operable. A message posted on the page said, “account suspended.”
In May, a fake bid for another company, Avon Products, sent its shares as much as 20 percent higher. That offer involved a document filed with the Securities and Exchange Commission. Last month the SEC sued a Bulgarian man, Nedko Nedev, and said he and five others worked together to violate securities laws by creating fake takeover offers. The SEC said Nedev made fake bids for Tower Group International and Rocky Mountain Chocolate Factory as well as Avon.
Robert Heim, a former lawyer at the SEC, said these kinds of schemes will probably persist because news spreads so fast over social media and traders have to react so quickly.
A spokesman for Bloomberg, Ty Trippet, confirmed that the takeover article was fake.“ The story was fake and appeared on a bogus website that was not affiliated with Bloomberg,” Mr. Trippet said in a statement.
74421921
submission
vivaoporto writes:
NPR reports that "Happy Birthday to You", the song the Guinness Book of World Records calls the most recognized in the English language, is the subject of a class action complaint regarding the validity of its copyright.
Despite being so popular you'll rarely ever hear it on TV or in a movie. Instead, you usually hear something that sounds sort of like the song, but not quite.
It turns out the publisher Warner/Chappell Music owns the copyright to the "Happy Birthday" song. That means that every time anyone wants to use the song, they must pay a licensing fee, sometimes as high as six figures. But how did Warner/Chappell get the rights?
"This is where it gets complicated," says filmmaker Jennifer Nelson, laughing.
Nelson is working on a documentary about the song. She paid for the rights to use it, and she's suing Warner/Chappell to get her money back, arguing it's part of the public domain — free for anyone to use.
If the company wins the suit, it can keep collecting licensing fees until the copyright expires. If Nelson and her lawyers win, the song will be in the public domain.
"I think it's going to set a precedent for this song and other songs that may be claimed to be under copyright, which aren't," says Newman.
The Courthouse News Service have more information about the pending suit.
74158023
submission
vivaoporto writes:
As reported by The Independent, CNET, The Register, TechCrunch, The Verge and PC World moderators are locking up the site's most popular pages in protest against the dismissal of Victoria Taylor, a key member of the site's behind-the-scenes team.
Taylor, who was the main facilitator for the site's question-and-answer community 'Ask Me Anything' (graced by the presence of notables like Barack Obama, Jerry Seinfeld and regular folks like a line cook at Applebee's) was fired yesterday, causing all sorts of problems for Reddit's most mainstream offering.
Taylor's reported departure, which has been dubbed AMAgeddon, led other moderators of the marquee IAmA subreddit to switch the page's settings to private, rendering the Reddit userbase unable to view the page.
Since then, dozens of other subreddits including /r/askreddit, /r/videos, /r/gaming and /r/gadets — each with several million subscribers — have also been made private, instead re-directing readers to a static landing page.
Reddit’s cofounder and executive chairman Alexis Ohanian said in a post that “we don’t talk about specific employees. (...) We get that losing Victoria has a significant impact on the way you manage your community, (...) I’d really like to understand how we can help solve these problems, because I know r/IAMA thrived before her and will thrive after."
A full recap of the situation is available at the site itself, with the insight by the site's own members about the whole situation.
This comes in the wake of other highly controversial past events like the response to what became known as The Fappening, and the more recent ban of the controversial but populat FatPeopleHate subreddit.
73870411
submission
vivaoporto writes:
As reported on Re/code Apple media boss Eddy Cue appears to have capitulated and Apple Music will be paying for streaming even during customer’s free trial period. He says that Swift’s letter, coupled with complaints from indie labels and artists, did indeed prompt the change.
Cue says Apple will pay rights holders for the entire three months of the trial period. He explains that it can’t be at the same rate that Apple is paying them after free users become subscribers, since Apple is paying out a percentage of revenues once subscribers start paying. Instead, he says, Apple will pay rights holders on a per-stream basis, which he won’t disclose.
No word from Swift or her camp about whether Apple’s move is enough to get her to put “1989”, her newest album, on Apple Music. On Twitter she says “I am elated and relieved. Thank you for your words of support today. They listened to us.”
73802259
submission
vivaoporto writes:
In a reversal motivated by community concerns (like the high profile debacle over the distribution of ads-enabled installer of GIMP or the accusation by Fyodor of the hijacking of the nmap sourceforge project) SourceForge discontinued third-party bundling of mirrored content.
Along with that, as of June 18th, SourceForge started "removing SourceForge-maintained mirrored projects" and engaging "our newly-formed Community Panel to discuss site features and program policies including a redesigned mirror program" resulting in the removal of the 295 projects that were part of the mirrored catalog.
Somewhat buried in the announcement good news for those wanting to reach SourceForge for some constructive feedback: the Community Voice forum.
