US Senators Propose Bug Bounties For Hacking Homeland Security

An anonymous reader quotes CNN: U.S. senators want people to hack the Department of Homeland Security. On Thursday, Senators Maggie Hassan, a Democrat and Republican Rob Portman introduced the Hack DHS Act to establish a federal bug bounty program in the DHS... It would be modeled off the Department of Defense efforts, including Hack the Pentagon, the first program of its kind in the federal government. Launched a year ago, Hack the Pentagon paved the way for more recent bug bounty events including Hack the Army and Hack the Air Force... The Hack the DHS Act establishes a framework for bug bounties, including establishing "mission-critical" systems that aren't allowed to be hacked, and making sure researchers who find bugs in DHS don't get prosecuted under the Computer Fraud and Abuse Act. "It's better to find vulnerabilities through someone you have engaged with and vetted," said Jeff Greene, the director of government affairs and policy at security firm Symantec. "In an era of constrained budgets, it's a cost-effective way of identifying vulnerabilities"... If passed, it would be among the first non-military bug bounty programs in the public sector.

Read more of this story at Slashdot.

Walt Mossberg’s Last Column Calls For Privacy and Security Laws

70-year-old Walt Mossberg wrote his last weekly column Thursday, looking back on how "we've all had a hell of a ride for the last few decades" and revisiting his famous 1991 pronouncement that "Personal computers are just too hard to use, and it isn't your fault." Not only were the interfaces confusing, but most tech products demanded frequent tweaking and fixing of a type that required more technical skill than most people had, or cared to acquire. The whole field was new, and engineers weren't designing products for normal people who had other talents and interests. But, over time, the products have gotten more reliable and easier to use, and the users more sophisticated... So, now, I'd say: "Personal technology is usually pretty easy to use, and, if it's not, it's not your fault." The devices we've come to rely on, like PCs and phones, aren't new anymore. They're refined, built with regular users in mind, and they get better each year. Anything really new is still too close to the engineers to be simple or reliable. He argues we're now in a strange lull before entering an unrecognizable world where major new breakthroughs in areas like A.I., robotics, smart homes, and augmented reality lead to "ambient computing", where technology itself fades into the background. And he uses his final weekly column to warn that "if we are really going to turn over our homes, our cars, our health and more to private tech companies, on a scale never imagined, we need much, much stronger standards for security and privacy than now exist. Especially in the U.S., it's time to stop dancing around the privacy and security issues and pass real, binding laws."

Read more of this story at Slashdot.

Leaked ‘Standing Rock’ Documents Reveal Invasive Counterterrorism Measures

An anonymous reader writes: "A shadowy international mercenary and security firm known as TigerSwan targeted the movement opposed to the Dakota Access Pipeline with military-style counterterrorism measures," reports The Intercept, decrying "the fusion of public and private intelligence operations." Saying the private firm started as a war-on-terror contractor for the U.S. military and State Department, the site details "sweeping and invasive" surveillance of protesters, citing over 100 documents leaked by one of the firm's contractors. The documents show TigerSwan even havested information about the protesters from social media, and "provide extensive evidence of aerial surveillance and radio eavesdropping, as well as infiltration of camps and activist circles... The leaked materials not only highlight TigerSwan's militaristic approach to protecting its client's interests but also the company's profit-driven imperative to portray the nonviolent water protector movement as unpredictable and menacing enough to justify the continued need for extraordinary security measures... Internal TigerSwan communications describe the movement as 'an ideologically driven insurgency with a strong religious component' and compare the anti-pipeline water protectors to jihadist fighters." The Intercept reports that recently "the company's role has expanded to include the surveillance of activist networks marginally related to the pipeline, with TigerSwan agents monitoring 'anti-Trump' protests from Chicago to Washington, D.C., as well as warning its client of growing dissent around other pipelines across the country." They also report that TigerSwan "has operated without a license in North Dakota for the entirety of the pipeline security operation."

Read more of this story at Slashdot.

Seven Science Journals Have A Dog On Their Editorial Board

An anonymous reader writes: A professor of health policy at Australia's Curtin University got seven different science journals to put his dog on their editorial board. The dog is now associate editor for the Global Journal of Addiction & Rehabilitation Medicine, and sits on the editorial board of Psychiatry and Mental Disorders. The professor says he feels sorry for one researcher who recently submitted a paper about how to treat sheath tumors, because "the journal has sent it to a dog to review." The official profile of the dog lists its research interests as "the benefits of abdominal massage for medium-sized canines" and "avian propinquity to canines in metropolitan suburbs." An Australian news site points out that career-minded researchers pay up to $3,000 to get their work published in predatory journals so they can list more publications on their resumes. "While this started as something lighthearted," says the dog-owning professor, "I think it is important to expose shams of this kind which prey on the gullible, especially young or naive academics and those from developing countries."

Read more of this story at Slashdot.

Malicious Apps Brought Ad-Clicking ‘Judy’ Malware To Millions Of Android Phones

An anonymous reader quotes Fortune: The security firm Checkpoint on Thursday uncovered dozens of Android applications that infected users' devices with malicious ad-click software. In at least one case, an app bearing the malware was available through the Google Play app store for more than a year. While the actual extent of the malicious code's spread is unknown, Checkpoint says it may have reached as many as 36.5 million users, making it potentially the most widely-spread malware yet found on Google Play... The nefarious nature of the programs went unnoticed in large part, according to Checkpoint, because its malware payload was downloaded from a non-Google server after the programs were installed. The code would then use the infected phone to click on Google ads, generating fraudulent revenue for the attacker.

Read more of this story at Slashdot.

How not to launch a company in the U.S. — lessons learned from LeEco

 After a months’ long parade of endless red flags, LeEco’s Stateside woes finally came to a head this week. The company announced that it would be laying off 325 employees in the U.S. alone. And judging from a number of address forwarding emails I received, the company moved swiftly and without much warning. It’s always easier to Monday morning quarterback all of this after… Read More

New Privacy Vulnerability In IOT Devices: Traffic Rate Metadata

Orome1 quotes Help Net Security: Even though many IoT devices for smart homes encrypt their traffic, a passive network observer -- e.g. an ISP, or a neighborhood WiFi eavesdropper -- can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata. A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices: a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo smart outlet, and an Amazon Echo smart speaker... "Once an adversary identifies packet streams for a particular device, one or more of the streams are likely to encode device state. Simply plotting send/receive rates of the streams revealed potentially private user interactions for each device we tested," the researchers noted. [PDF] In addition, the article notes, "Separating recorded network traffic into packet streams and associating each stream with an IoT device is not that hard."

Read more of this story at Slashdot.

Silicon Valley Continues To Explore Universal Basic Incomes

A Silicon Valley Congressman "is pushing for a plan that has been described as a first step toward universal basic income...a long-shot $1 trillion expansion to the earned income tax credit that is already available to low-income families." An anonymous reader quotes the Mecury News: Stanford University also has created a Basic Income Lab to study the idea, and the San Francisco city treasurer's office has said it's designing pilot tests -- though the department told this news organization it has no updates on the status of that project... The problem is that giving all Americans a $10,000 annual income would cost upwards of $3 trillion a year -- more than three-fourths of the federal budget, said Bob Greenstein, president of Washington, D.C.-based Center for Budget and Policy Priorities. Some proponents advocate funding the move by cutting programs like food stamps and Medicaid. But that approach would take money set aside for low-income families and redistribute it upward, exacerbating poverty and inequality, Greenstein said... Jennifer Lin, deputy director of the East Bay Alliance for a Sustainable Economy, is skeptical that basic income can do much lasting good in Oakland. What the city needs is more high-paying jobs and affordable housing, she said... The idea, [Sam Altman, president of Y Combinator] said at the Commonwealth Club, tackles the question not enough people are asking: "What do we as the tech industry do to solve the problem that we're helping to create?" This summer Y Combinator is expected to announce a larger Universal Basic Income program, though the article also describes "small pilot studies" in the 1960s and 1970s in Canada and in several U.S. states including New Jersey, Pennsylvania, North Carolina, Iowa and Indiana, where "Some studies showed improvements in participants' physical and mental health, and found children performed better in school or stayed in school longer. But some also showed that people receiving a basic income were inclined to spend fewer hours working."

Read more of this story at Slashdot.

Researchers Found Perfect Contraceptives In Traditional Chinese Medicine

hackingbear writes: Researchers at U.C. Berkeley found a birth control that was hormone-free, 100 percent natural, resulted in no side effects, didn't harm either eggs nor sperm, could be used in the long-term or short-term, and -- perhaps the best part of all -- could be used either before or after conception, from ancient Chinese folk medicine... "Because these two plant compounds block fertilization at very, very low concentrations -- about 10 times lower than levels of levonorgestrel in Plan B -- they could be a new generation of emergency contraceptive we nicknamed 'molecular condoms,'" team leader Polina Lishko.

Read more of this story at Slashdot.

The difference between smartphone gimmick and game changer

 It’s hard to find a legitimately bad flagship phone these days. Sure, one peeks its head out from time to time, but on a whole most phones are pretty good. The screens, the cameras, the internals. There are always a few bits that could use improving (see: battery and durability), but the gulf between good and bad isn’t any near where it once was. And for the past several… Read More