Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Ars Technica via NNSquad https://arstechnica.com/cars/2017/09/ntsb-teslas-autopilot-ux-a-major-role-in-fatal-model-s-crash/ Brown was driving a 2015 Model S, using the original Mobileye-sourced hardware and running Tesla's Firmware 7.1. Although that system works like most other adaptive cruise control and lane keeping "Level 2" semi-autonomous driving systems offered by other OEMs, Tesla's Autopilot differs in that it allowed the driver to go much, much longer without interacting with the car. The industry standard allows for just 15 seconds before it prompts the driver to interact with the vehicle--fail to do so and the car stops controlling the brakes, accelerator, and steering. Autopilot, on the other hand, allows for several minutes to pass between prompting the driver, and NTSB's data reconstruction showed there was no driver interaction for two minutes leading up to the crash. (Driver interaction in this case is measured by a steering wheel torque sensor.)
https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails
This involved compromising Deloitte's global e-mail server through an
admin account, which presumably gave them unrestricted privileges.
Reportedly, the account required only a single password.
Marcus Ranum has a delightfully sarcastic polymorphic item on this and
all other relevant hacks:
http://www.ranum.com/security/computer_security/editorials/generator/index.html
My Comments on the breach at [$COMPANY_NAME$]
I heard about the breach at [$COMPANY_NAME$] and the [$BREACH_QUANTITY$]
[$DATA_TYPE$ one of "credit card", "patient record", "social security
number", "user login", "hashed passwords", "national security secrets",
"Hollywood star's 'selfies'"] compromised. Of course this is a serious
matter and is the largest since [$YESTERDAY_DATE$]
The people at [$COMPANY_NAME$] have not yet released details, which is
appropriate given an incident response of this magnitude. I understand
that they have the [$RESPONDER_NAME$ multiple of "FBI", "NSA", "CIA",
"Mandiant", "army of consultants", "Keystone Kops"] involved and have
issued a press release.
My guess is that the attackers were able to initially breach the target
using a [$ATTACK_TYPE$ one of "phishing attack", "brilliantly clever
targeted phishing attack", "piece of custom malware", "cat with a WiFi
interface implanted in its head", "SQL injection attack", "basic website
vulnerability", "army of ninjas", "variant of Stuxnet"] which is
[$UNEXPECTED$ one of "totally unexpected", "the way it usually happens",
"innovative", "obscure as hell", "bloody typical"] form of attack that is
often used by [$USUAL_SUSPECTS$ multiple of "China", "North Korea", "CIA",
"NSA", "Anonymous", "brotherhood of blades", "Bavarian Illuminati",
"Trilateral commission", "hackers who have read 'Hacking Exposed'", "any
complete newbie"] Until I know more about it, I can't really guess about
the details.
However, this illustrates the basic issues in information security, which is
that organizations don't appear to have effective responses to basic malware
and/or phishing attacks, and have aggregated critical data into central
locations on their networks where it is accessible. Once an attacker gets
inside, it is pretty easy for them to escalate privileges, find out where
the data is, and exfiltrate it. Organizations with critical data should
segregate it off their network, perform regular vulnerability audits and
remediation, maintain detailed system logs, and use two factor
authentication for administrator access. If it's a large organization, Big
Data also helps, but I am not sure how.
Marcus Ranum
[Of course, Marcus could have added,
"We are not at liberty to discuss further details.
PGN]
Since deleted, post gave public and private key for Adobe incident response team. https://arstechnica.com/information-technology/2017/09/in-spectacular-fail-adobe-security-team-posts-private-pgp-key-on-blog/
Joseph Menn, Reuters via ACM TechNews, 25 Sep 2017 Distrustful U.S. Allies Force Spy Agency to Back Down in Encryption Fight Reuters (09/21/17) The U.S. National Security Agency (NSA) reportedly has been forced by an international coalition of cryptography experts to back off from pressing the independent International Organization for Standardization (ISO) to globally standardize several data encryption methods amid suspicion among U.S. allies. Academic and industry specialists from Germany, Japan, Israel, and elsewhere are concerned NSA was promoting the new techniques not because they were good encryption tools, but because it knew how to crack them. Following a series of closed-door meetings around the world over the past three years, which discussed whether ISO should approve two NSA data encryption techniques known as Simon and Speck, NSA has agreed to drop all but the most powerful versions of the techniques. Many experts who took part in the approval process for Simon and Speck were concerned NSA would gain a "back door" into coded transmissions if it were able to crack the encryption techniques. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-1702dx21305dx077344&
NNSquad https://www.washingtonpost.com/business/technology/2017/09/27/32855bba-a3a0-11e7-ade1-76d061d56efa_story.html Propaganda and other forms of "junk news" on Twitter flowed more heavily in a dozen battleground states than in the nation overall in the days immediately before and after the 2016 presidential election, suggesting that a coordinated effort targeted the most pivotal voters, researchers from Oxford University reported Thursday. The volumes of low-quality information on Twitter—much of it delivered by online "bots" and "trolls" working at the behest of unseen political actors—were strikingly heavy everywhere in the United States, said the researchers at Oxford's Project on Computational Propaganda. They found that false, misleading and highly partisan reports were shared on Twitter at least as often as those from professional news organizations. But in 12 battleground states, including New Hampshire, Virginia and Florida, the amount of what they called "junk news" exceeded that from professional news organizations, prompting researchers to conclude that those pushing disinformation approached the job with a geographic focus in hopes of having maximum impact on the outcome of the vote.
The Computer Chaos Club had very little difficulty hacking the PC-Wahl voting system used in Germany to count and report votes. It is reportedly hopelessly broken (remote compromises of computers, vote tampering, etc.), but was nevertheless widely used in yesterday's election. See http://www.ccc.de/en/updates/2017/pc-wahl
<http://www.zdnet.com/article/yet-another-trove-of-sensitive-of-us-voter-records-has-leaked/> A cache of voter records on over a half-million Americans has been found online. The records, totaling 593,328 individual sets of records, appear to contain every registered voter in the state of Alaska, according to security researchers at the Kromtech Security Research Center, who found the database. <https://mackeepersecurity.com/post/another-voter-database-exposed-online> The records were stored in a misconfigured CouchDB database, which was accessible to anyone with a web browser—no password needed—until Monday when the data was secured and subsequently pulled offline. The exposed data is just a portion of a larger voter file compiled by TargetSmart <https://targetsmart.com/offering/voterbase/>, which said its national voter file—that contains 191 million voters—is the "most comprehensive and up-to-date voter file ever assembled." The data is collected and used to help political campaigns with their fundraising, research, and voter contact programs, the company said. ZDNet was provided a small sample of the records for verification. Each XML-formatted record contained details, some sensitive and personally identifiable information, on prospective voters, including names, addresses, dates of birth, their ethnic identity, whether an individual is married, and the individual's voting preferences. But the data also contained highly personal information, such as household income, the age ranges of an individual's children, and if an individual is a homeowner. The records—some are more complete than others—also have fields for the types of issues that an individual can be lobbied on, such as climate change, gun control, and tax reforms. When reached, TargetSmart said that a third-party company was to blame for the data exposure. "We've learned that Equals3, an [artificial intelligence] software company based in Minnesota, appears to have failed to secure some of their data and some data they license from TargetSmart, and that a database of approximately 593,000 Alaska voters appears to have been inadvertently exposed," said Tom Bonier, Targetsmart chief executive. Bonier said the data was not accessed by anyone other than the security researchers at TargetSmart and the team that identified the exposure. "None of the exposed TargetSmart data included any personally identifiable, non-public financial data," he said. "To be clear, TargetSmart's database and systems are secure and have not been breached. TargetSmart imposes strict contractual obligations on its clients regarding how TargetSmart data must be stored and secured, and takes these obligations seriously," Bonier added. Equals3 chief executive Dan Mallin confirmed it had "experienced an intrusion of a sample data set on one of our development servers." He said that the server wasn't in use by any of the company's clients and was shut down. "This was an isolated intrusion, stemming from a white hat group who was searching for a known vulnerability in couchDB," referring to Kromtech security researchers. "We have diligently conducted a forensic audit confirming the data set was not downloaded," he said. This is the second known data exposure of voter records this year. The first, and largest ever to date saw 198 million records on individuals from every state exposed. Deep Root Analytics, a data company working for the Republican party, took responsibility for the exposure. <http://www.zdnet.com/article/security-lapse-exposes-198-million-united-states-voter-records/>, Kromtech has in recent years discovered and reported on several US voter databases online, totaling 18 million voters <http://www.csoonline.com/article/3018912/security/18-million-targeted-voter-records-exposed-by-database-error.html>, as well as the state of Louisiana's entire database <https://motherboard.vice.com/en_us/article/29-million-louisiana-voters-database-leak> of 2.9 million voters. Kromtech's Alex Kernishniuk said the exposure was "yet another wake-up call" for companies and governments to audit their networks. "There seems to be no end in sight for improperly secured data making its way onto the web, and with little or no accountability for proper storage and security measures, it is up to regulators to decide the best way to manage an aging electoral system that seems to be struggling to keep up with the digital age," he said.
Could Sept. 23 really be the day the world ends? Watch the creepy message that has people scared. LAKE FOREST, CA An ominous prediction that the world would end Saturday, Sept. 23 shocked southern California residents as they watched cable television. Lake Forest Cox Cable watcher Stacy Laflamme was on her couch watching HGTV when she heard an ominous voice declare Thursday that the world was ending. The interruption came at just after 11 a.m. in the form of an onscreen emergency alert followed by a voice. "Realize this: extremely violent times will come," a male voice said (see the YouTube video below). Laflamme told the Orange County register she was alarmed. “It almost sounded like Hitler talking,'' said another woman who was interviewed on KTLA. “It sounded like a radio broadcast coming through the television.'' Across social media, viewers said they were disturbed by the messages that interrupted everything from C-SPAN to Bravo. https://patch.com/district-columbia/washingtondc/s/g8jql/see-the-fake-end-of-world-broadcast-that-panicked-southern-california The risk? Automated alerts echoing War of the Worlds panic. Punchline; we've seen this rodeo before: “We have confirmed that we were fed an incorrect audio file,'' said Dennis Johnson, a spokesman for Spectrum.
*The New York Times* via NNSquad https://www.nytimes.com/2017/09/13/magazine/rt-sputnik-and-russias-new-theory-of-war.html Officials in Germany and at NATO headquarters in Brussels view the Lisa case, as it is now known, as an early strike in a new information war Russia is waging against the West. In the months that followed, politicians perceived by the Russian government as hostile to its interests would find themselves caught up in media storms that, in their broad contours, resembled the one that gathered around Merkel. They often involved conspiracy theories and outright falsehoods—sometimes with a tenuous connection to fact, as in the Lisa case, sometimes with no connection at all—amplified until they broke through into domestic politics. In other cases, they simply helped promote nationalist, far-left or far-right views that put pressure on the political center. What the efforts had in common was their agents: a loose network of Russian-government-run or -financed media outlets and apparently coordinated social-media accounts. After RT and Sputnik gave platforms to politicians behind the British vote to leave the European Union, like Nigel Farage, a committee of the British Parliament released a report warning that foreign governments may have tried to interfere with the referendum. Russia and China, the report argued, had an "understanding of mass psychology and of how to exploit individuals" and practiced a kind of cyberwarfare "reaching beyond the digital to influence public opinion."
Ellen Nakashima and Jack Gillum, *The Washington Post*, 13 Sep 2017 <https://www.washingtonpost.com/world/national-security/us-to-ban-use-of-kaspersky-software-in-federal-agencies-amid-concerns-of-russian-espionage/2017/09/13/36b717d0-989e-11e7-82e4-f1076f6d6152_story.html> The U.S. government on Wednesday banned the use of a Russian brand of security software by federal agencies and gave them three months to remove the software amid concerns the company has ties to state-sponsored cyber-espionage activities, according to U.S. officials. Acting Homeland Security secretary Elaine Duke ordered that Kaspersky Lab software be barred from federal civilian government networks, giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk. “The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,'' the department said in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.'' The directive comes months after the federal General Services Administration, the agency in charge of government purchasing, removed Kaspersky from its list of approved vendors. In doing so, the GSA suggested a vulnerability exists in Kaspersky that could give the Kremlin backdoor access to the systems the company protects. In a statement to The Washington Post on Wednesday, the company said: “Kaspersky Lab doesn't have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against the company. The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it's being treated unfairly even though the company has never helped, nor will help, any government in the world with its cyber-espionage or offensive cyber-efforts.'' “Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia,'' the firm said. The directive comes in the wake of an unprecedented Russian operation to interfere in the U.S. presidential election that saw Russian spy services hack the networks of the Democratic National Committee and other political organizations and release damaging information. At least a half-dozen federal agencies run Kaspersky on their networks, the U.S. officials said, although there may be other networks where an agency's chief information security officer—the official ultimately responsible for systems security—might not be aware it is being used. [...]
http://www.theguardian.com/technology/2017/sep/21/facebook-russia-advertising-mark-zuckerberg
https://boingboing.net/2017/09/13/weakening-security-for-securit.html
Remember the guy who got put in jail for contempt for forgetting his hard disk drive encryption passwords? He's still in there, and doesn't have any prospects for getting out anytime soon. Francis Rawls, a former sergeant in the 16th district of the Philadelphia Police Department, was accused of having child pornography on two encrypted Macintosh hard drives, which were seized in March, 2015. He was ordered by a judge in August, 2015, to provide the passcode to decrypt the drives, but he claims to not remember it. He was put in jail for contempt of court. Prosecutors claim Rawls is `forgetting' his password on purpose to keep from being charged with possessing child pornography, which could put him in prison for 20 years. ... Consequently, Rawls stays in jail, though prosecutors said they should check in on him now and then to see if, after two years of largely solitary confinement, he suddenly remembers his passwords. “Theoretically, he could be held in jail for contempt foreverĶ until he's dead,'' Dan Terzian, a lawyer from Duane Morris, tells Olivia Solon in The Guardian. The moral of the story? Don't forget your password. You could go to jail. http://itknowledgeexchange.techtarget.com/storage-disaster-recovery/forget-password-go-jail/
via NNSquad
https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/
Thursday's disclosure strongly suggests that Equifax failed to update its
Web applications, despite demonstrable proof the bug gave real-world
attackers an easy way to take control of sensitive sites. An Equifax
representative didn't immediately respond to an e-mail seeking comment on
this possibility. As Ars warned in March, patching the security hole was
labor intensive and difficult, in part because it involved downloading an
updated version of Struts and then using it to rebuild all apps that used
older, buggy Struts versions. Some websites may depend on dozens or even
hundreds of such apps, which may be scattered across dozens of servers on
multiple continents.
[Gabe Goldberg noted Equifax blames open-source software for its
record-breaking security breach: Report
http://www.zdnet.com/article/equifax-blames-open-source-software-for-its-record-breaking-security-breach/
See analysis by Bruce Schneier, On the Equifax Data Breach
<https://www.schneier.com/crypto-gram.html>.
PGN]
Zeynep Tufekci, *The New York Times*, 11 Sep 2017 https://www.nytimes.com/2017/09/11/opinion/equifax-accountability-security.html Excerpts: Big corporations have poured large amounts of money into our political system, helping to create a regulatory environment in which consumers shoulder more and more of the risk, and companies less and less. Most software failures and data breaches aren't inevitable; they are the result of neglect and underinvestment in product reliability and security. As long as impunity for corporations and their executives is the norm, data breaches will continue to happen.
Equifax was reportedly hacked almost five months before its first disclosed date https://techcrunch.com/2017/09/18/equifax-was-reportedly-hacked-almost-five-months-before-its-first-disclosed-date/ Equifax learned about a major breach in its systems in March, well before it disclosed a massive breach earlier this month that included sensitive information for 143 million consumers, according to a new report from Bloomberg. Bloomberg is also reporting that both breaches may have involved the same intruders, which is not a good look for the company that is reeling from the massive breach and has seen its stock crater. The company's security and information executives stepped down last week, and Bloomberg also reported today that the Justice Department is said to be investigating the questionable sale of stock by Equifax executives in advance of the company disclosing its massive breach.
https://www.bloomberg.com/news/articles/2017-09-15/equifax-says-cio-chief-security-officer-to-leave-after-breach Equifax Inc. said two of its senior executives are leaving as the credit-reporting company faces mounting public anger for losing data on 143 million Americans in one of the biggest cyber-attacks in history. The firm's chief information and chief security officers are retiring immediately, the Atlanta-based company said Friday in an emailed statement that didn't name the individuals. Mark Rohrwasser was named interim CIO and Russ Ayres was appointed interim CSO, reporting to Rohrwasser, according to the statement. You can run, but you can't hide.
via NNSquad http://m.startribune.com/equifax-victims-may-face-another-hassle-in-buying-an-iphone/444449273/?section=nation Apple fans who froze their credit after the Equifax data breach may end up with another hassle on their hands if they try to get one of the new iPhones that can cost more than $1,000. People who did so and want to make any big purchase may find the same. Freezing credit reports doesn't really protect you from the big hacks and just causes hassles for real purchases. It's mostly just another credit agency scam.
Predictably the class action lawsuits have started. These suits always are very lucrative for the litigation teams but for us injured parties not so lucrative. Our take usually comes down to a handful of time limited Vegas condo coupons. Now we have the opportunity to control our own destiny (so to speak) and take direct action against the #EquifaxHoles that have heap misery upon us. "The entrepreneur behind DoNotPay, a free online chatbot that has successfully fought around 375,000 parking tickets in New York, Seattle, and the U.K., is launching a new service on Tuesday that will allow people to sue Equifax for $15,000 in mere minutes." A new website lets you automatically sue Equifax with a click Chuck Petras, Schweitzer Engineering Laboratories, Inc, Pullman, WA 99163 http://www.selinc.com
via NNSquad https://plus.google.com/+LaurenWeinstein/posts/Jvj5VRuJL2c Now Equifax says they're changing their easily guessable PINs. My recommendation is to NOT TOUCH ANY EQUIFAX SITES FOR ANY REASON. Do NOT trust their "was I affected by the breach?" site. It's at best a fallacy, at worst a scam. Do NOT sign up for their "free" credit monitoring. It's all sucker bait. STAY AWAY!
BlueBorne exploit works against unpatched devices running Android, Linux, or
Windows.
In all, Armis researchers uncovered eight Bluetooth-related vulnerabilities
in Android, Linux, Windows, and iOS. The researchers consider three of the
flaws to be critical. The researchers reported them to Google, Microsoft,
and Apple in April and to Linux Maintainers in August. All parties agreed to
keep the findings confidential until today's coordinated disclosure. The
vulnerabilities for Android are indexed as CVE-2017-0781, CVE-2017-0782,
CVE-2017-0783, and CVE-2017-0785; the vulnerabilities for Linux are
CVE-2017-1000251 and CVE-2017-1000250; the vulnerability for Windows is
CVE-2017-8628; the designation for iOS vulnerability wasn't immediately
available.
https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/
[Gabe Goldberg noted
How to Check If You're Exposed to Those Scary BlueBorne Bluetooth Flaws?
http://fortune.com/2017/09/13/armis-blueborne-bluetooth-ios-android-windows-linux
PGN]
Bluetooth & Wi-Fi can't be fully disabled via iOS 11 Control Center, Apple says. Contrary to intuition, toggling off Bluetooth and/or Wi-Fi in the iOS 11 Control Center won't completely disable those radios, according to a new Apple support document. http://appleinsider.com/articles/17/09/20/bluetooth-wi-fi-cant-be-fully-disabled-via-ios-11-control-center-apple-says This comment by "Mike1", from the above article, sez it best: "After toggling off Wi-Fi, network auto-join is disabled as well until Wi-Fi is manually restarted, a person walks or drives to a new place, or it's 5 a.m. local time. Bluetooth accessory connections will resume under the same circumstances, minus the location trigger." Really?! This sounds incredibly silly and certainly makes it less convenient. If I'm toggling off WiFi, it's because I don't want it on. Period. At least three use cases that affect me personally... 1. I'm driving and the phone wants to connect to some public wifi signal I may have used in the past. But now, all it will do is slow down the phone because it's not connecting to LTE. On a typical commute, I may pass through dozens of wifi networks. 2. I'm running errands and don't want my phone to connect to every public or store wifi signal I may pass through. Most of them suck and I prefer to use my phone data. 3. I do not connect to my company's wifi network with my phone as they block most non-work related sites. No personal e-mail, no score updates etc. So, I again turn off the wifi. Don't want it turning on again when I go into a different building. Shouldn't have to go into Settings to turn it off thereby negating the benefit of Control Center. Not like Apple to make things less convenient.
[E-mail blurb from the IEEE. I found useful content at
https://www.computer.org/csdl/mags/co/2017/09/mco2017090014.html
and have merged some of the blurb with it. PGN]
Philip Treleaven, Richard Gendal Brown and Danny Yang
Blockchain Technology in Finance
IEEE Computer Magazine, September 2017. pp. 14-17.
Blockchain technology promises to be hugely disruptive and empowering in
both public and private sector computing applications. As a way to order
transactions in a distributed ledger, blockchains offer a record of
consensus with a cryptographic audit trail that can be maintained and
validated by multiple nodes. It lets contracting parties dynamically track
assets and agreements using a common protocol, thus streamlining and even
completely collapsing many in-house and third-party verification processes.
Originally conceived as the secure foundation of cryptocurrencies,
blockchain technology has far-reaching potential in many other areas. This
special issue explores blockchain's tremendous impact on the finance
industry, as well as its implementation challenges and enormous potential.
Check out the virtual roundtable at youtu.be/wPFxKnlu1bA , in which Tim
Swanson, director of market research for distributed-database-technology
company R3, interviews global experts on blockchain technology for
finance. Also in this issue: "Alexa, Can I Trust You?" and "Indie Fog: An
Efficient Fog-Computing Infrastructure for the Internet of Things."
I use a gmail account for certain professional communications, and in the past couple months I've taken the step of adding that account to my mobile email app (it's not any of the gmail accounts associated with my android devices). Big mistake. Every time I go more than a few miles from home, I get a string of notices that I'm being hacked. The first time, the unexpected access was from Rhode Island, hundreds of miles from where I live, so I promptly changed all my passwords. The next time it was one town over, and I quickly realized that yep, Google was phreaking out that I'd gone to the grocery store. But a weirder thing happened: the location of the first "hacking" on my account review page was no longer Rhode Island but New Haven, Connecticut. Google does the best it can with geolocation, but when it's tracking mobile IPs they could be anywhere at the whim of the carriers, and change ostensible position from hour to hour. Today, when my account was supposedly accessed from Albany NY, I didn't even blink. All of this means that eventually my gmail account will be hacked, and I won't have any idea of it for a long time because I'll be so used to telling the security system to quit bothering me with bogus alerts.
Item in this week's newspaper says that UK banks and similar financial organisations will be required to check account-holders' names against lists of illegal migrants, and block them if appropriate: http://www.telegraph.co.uk/news/2017/09/22/banks-check-immigration-status-70-million-accounts-identify/ https://www.theguardian.com/uk-news/2017/sep/21/uk-banks-to-check-70m-bank-accounts-in-search-for-illegal-immigrants In the immortal RISKS phrase, what could go wrong? Depends on how rigorous the checks are; bit of a pain if your name is similar to one on the list, and you suddenly find yourself bankrupted by having access to your finances blocked. "If you've done nothing wrong, you have nothing to fear", as the saying goes... It's already an offence to rent out residential accommodation to illegal migrants, so if you offer property for rent then you have to grapple with the intricacies of immigration law (e.g. not everybody with a UK passport has right of residence in Britain), but if you turn away a tenant because you're unsure of the migration status, you may be charged with a discrimination offence. On a similar topic, the authorities nowadays are paranoid about money-laundering and tax evasion so banks have to keep a close watch on customers having dealings abroad. For some banks this is more trouble than it's worth so customers can have their accounts summarily closed, even if they've loyally been with the bank for years. Reportedly, one customer was asked by his bank why he hadn't disclosed his connections with Romania, which puzzled him as he didn't have any; turned out that his account details included his landline telephone number, along with (for some reason) the country code and international access code, and a bank employee had mistakenly typed 0040 for Romania rather than 0044 for the UK... http://www.telegraph.co.uk/news/2017/09/22/banks-check-immigration-status-70-million-accounts-identify/
> Depending on cell service during a disaster is a disaster in and of itself. > That's why so many telecom experts hang onto their landlines as lifelines! I > sure as hell do! And what happens when all you've got is FTTP not POTS? We were looking at a new house recently, and the estate was all fibre. So if your power has gone out, so have your phones. That's why at present, I still have an old-fashioned, corded phone so if we have a problem I've got a phone that will work fine without mains power.
via NNSquad https://arstechnica.com/tech-policy/2017/09/judge-dismisses-libel-lawsuit-filed-by-self-proclaimed-e-mail-inventor/ A federal judge in Massachusetts has dismissed the libel lawsuit filed earlier this year against the tech news website, Techdirt. The claim was brought by Shiva Ayyadurai, who has controversially claimed that he invented e-mail in the late 1970s. Techdirt (and its founder and CEO, Mike Masnick) has been a longtime critic of Ayyadurai, as well as institutions that have bought into his claims. "How The Guy Who Didn't Invent Email Got Memorialized In The Press & The Smithsonian As The Inventor Of Email," reads one Techdirt headline from 2012. Numerous articles that dubbed Ayyadurai a "liar" and a "charlatan" followed. That, in turn, lead to Ayyadurai's January 2017 libel lawsuit. In the Wednesday ruling, US District Judge F. Dennis Saylor, found that because it is impossible to define precisely and specifically what e-mail is, then Ayyadurai's "claim is incapable of being proved true or false."
https://www.eff.org/deeplinks/2017/09/open-letter-w3c-director-ceo-team-and-membership In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing "Encrypted Media Extensions," an API whose sole function was to provide a first-class role for DRM within the Web browser ecosystem. By doing so, the organization offered the use of its patent pool, its staff support, and its moral authority to the idea that browsers can and should be designed to cede control over key aspects from users to remote parties. [...]
via NNSquad https://boingboing.net/2017/09/14/ikta-kop-collective.html Mariano Gomez is a 23 year old Tseltal from Abasolo, Chiapas, and a member of the Ikta K'op Collective; he is being given an award by the prestigious Internet Society for his work creating "a wireless Internet and Intranet network that provided connectivity and access to information to his community, which has no telephone or radio service," but will not be able to attend the awards in Los Angeles because the US embassy has denied him a tourist visa.
Please report problems with the web pages to the maintainer