IOS

iOS 11 Has a Feature To Temporarily Disable Touch ID (cultofmac.com) 13

A new feature baked into iOS 11 lets you quickly disable Touch ID, which could come in handy if you're ever in a situation where someone (a cop) might force you to unlock your device. Cult of Mac reports: To temporarily disable Touch ID, you simply press the power button quickly five times. This presents you with the "Emergency SOS" option, which you can swipe to call the emergency services. It also prevents your iPhone from being unlocked without the passcode. Until now, there were other ways to temporarily disable Touch ID, but they weren't quick and simply. You either had to restart your iPhone, let it sit idle for a few days until Touch ID was temporarily disabled by itself, or scan the wrong finger several times. The police, or any government agency, cannot force you to hand over your iPhone's passcode. However, they can force you to unlock your device with your fingerprint. That doesn't work if your fingerprint scanner has been disabled.
Government

Ukraine Hacker Cooperating With FBI In Russia Probe, Says Report (thehill.com) 143

schwit1 shares a report from The Hill: A hacker in Ukraine who goes by the online alias "Profexer" is cooperating with the FBI in its investigation of Russian interference in the U.S. presidential election, The New York Times is reporting. Profexer, whose real identity is unknown, wrote and sold malware on the dark web. The intelligence community publicly identified code he had written as a tool used in the hacking of the Democratic National Committee ahead of last year's presidential election. The hacker's activity on the web came to a halt shortly after the malware was identified. The New York Times, citing Ukrainian police, reported Wednesday that the individual turned himself into the FBI earlier this year and became a witness for the bureau in its investigation. FBI investigators are probing Russian interference efforts and whether there was coordination between associates of President Trump's campaign and Moscow. Special counsel Robert Mueller is heading the investigation.
Patents

Motorola Patents a Display That Can Heal Its Own Cracked Screen With Heat (theverge.com) 27

An anonymous reader quotes a report from The Verge: A patent published today explains how a phone could identify cracks on its touchscreen and then apply heat to the area in an effort to slightly repair the damage. The process relies on something called "shape memory polymer," a material that can apparently become deformed and then recovered through thermal cycling. Thermal cycling involves changing the temperature of the material rapidly. This material could be used over an LCD or LED display with a capacitive touch sensor layered in, as well. Although the phone could heat the polymer in order to restore it, a user's body heat can be used, too.
Encryption

Hacker Claims To Have Decrypted Apple's Secure Enclave Processor Firmware (iclarified.com) 79

According to iClarified, a hacker by name of "xerub" has posted the decryption key for Apple's Secure Enclave Processor (SEP) firmware. "The security coprocessor was introduced alongside the iPhone 5s and Touch ID," reports iClarified. "It performs secure services for the rest of the SOC and prevents the main processor from getting direct access to sensitive data. It runs its own operating system (SEPOS) which includes a kernel, drivers, services, and applications." From the report: The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can't read it. It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption. Today, xerub announced the decryption key "is fully grown." You can use img4lib to decrypt the firmware and xerub's SEP firmware split tool to process. Decryption of the SEP Firmware will make it easier for hackers and security researchers to comb through the SEP for vulnerabilities.
AT&T

Judge Dismisses AT&T's Attempt To Stall Google Fiber Construction In Louisville (arstechnica.com) 55

An anonymous reader quotes a report from Ars Technica: AT&T has lost a court case in which it tried to stall construction by Google Fiber in Louisville, Kentucky. AT&T sued the local government in Louisville and Jefferson County in February 2016 to stop a One Touch Make Ready Ordinance designed to give Google Fiber and other new ISPs quicker access to utility poles. But yesterday, U.S. District Court Judge David Hale dismissed the lawsuit with prejudice, saying AT&T's claims that the ordinance is invalid are false. "We are currently reviewing the decision and our next steps," AT&T said when contacted by Ars today. One Touch Make Ready rules let ISPs make all of the necessary wire adjustments on utility poles themselves instead of having to wait for other providers like AT&T to send work crews to move their own wires. Without One Touch Make Ready rules, the pole attachment process can cause delays of months before new ISPs can install service to homes. Google Fiber has continued construction in Louisville despite the lawsuit and staff cuts that affected deployments in other cities.
Patents

We Print 50 Trillion Pages a Year, and Xerox Is Betting That Continues (fortune.com) 64

An anonymous reader shares a report: For most of its 111-year history, Xerox has been known as one of the tech industry's most innovative companies. Now the legendary copier company is reinventing itself. In January, Xerox made the bold decision to split itself into two, spinning off its business services operations into a separate company called Conduent. And Jeffrey Jacobson, a Xerox tech executive, was tapped as Xerox's new CEO. Speaking with Fortune's Susie Gharib, Jacobson says Xerox is still "one of the top patent producing companies in the world" and he's counting on that scientific expertise to pivot the company to be a leader in digital print technology. "If I look at the things we're looking at with the Internet of things, artificial intelligence and bridging the digital and physical," he says, "that's what I think we'll be known for."
Social Networks

Thai Activist Jailed For the Crime of Sharing an Article on Facebook (eff.org) 107

An anonymous reader shares a report: Thai activist Jatuphat "Pai" Boonpattaraksa was sentenced this week to two and a half years in prison -- for the crime of sharing a BBC article on Facebook. The Thai-language article profiled Thailand's new king and, while thousands of users shared it, only Jutaphat was found to violate Thailand's strict lese majeste laws against insulting, defaming, or threatening the monarchy. The sentence comes after Jatuphat has already spent eight months in detention without bail. During this time, Jatuphat has fought additional charges for violating the Thai military junta's ban on political gatherings and for other activism with Dao Din, an anti-coup group. While in trial in military court, Jatuphat also accepted the Gwangzu Prize for Human Rights. When he was arrested last December, Jatuphat was the first person to be charged with lese majeste since the former King Bhumibol passed away and his son Vajiralongkorn took the throne. (He was not, however, the first to receive a sentence -- this past June saw one of the harshest rulings to date, with one man waiting over a year in jail to be sentenced to 35 years for Facebook posts critical of the royal family.) The conviction, which appears to have singled Jatuphat out among thousands of other Facebook users who shared the article, sends a strong message to other activists and netizens: overbroad laws like lese majeste can and will be used to target those who oppose military rule in Thailand.
Piracy

Roku Gets Tough On Pirate Channels, Warns Users (torrentfreak.com) 74

An anonymous reader quotes a report from TorrentFreak: Earlier this year Roku was harshly confronted with this new piracy crackdown when a Mexican court ordered local retailers to take its media player off the shelves. While this legal battle isn't over yet, it was clear to Roku that misuse of its platform wasn't without consequences. While Roku never permitted any infringing content, it appears that the company has recently made some adjustments to better deal with the problem, or at least clarify its stance. Pirate content generally doesn't show up in the official Roku Channel Store but is directly loaded onto the device through third-party "private" channels. A few weeks ago, Roku renamed these "private" channels to "non-certified" channels, while making it very clear that copyright infringement is not allowed. A "WARNING!" message that pops up during the installation of these third-party channels stresses that Roku has no control over the content. In addition, the company notes that these channels may be removed if it links to copyright infringing content.

"By continuing, you acknowledge you are accessing a non-certified channel that may include content that is offensive or inappropriate for some audiences," Roku's warning reads. "Moreover, if Roku determines that this channel violates copyright, contains illegal content, or otherwise violates Roku's terms and conditions, then ROKU MAY REMOVE THIS CHANNEL WITHOUT PRIOR NOTICE."

Television

YouTube Has An Illegal TV Streaming Problem (mashable.com) 115

An anonymous reader quotes a report from Mashable: Most people turn to Netflix to binge watch full seasons of a single TV show, but there could be a much cheaper way: YouTube. You might be surprised to learn that you can watch full episodes of popular TV shows on YouTube for free, thanks to a large number of rogue accounts that are hosting illegal live streams of shows. Perhaps the most shocking thing about these free (and very illegal) TV live streams might even make their way into your suggested video queue, if you watch enough "random shit" and Bobby Hill quote compilations on the site, as Mashable business editor Jason Abbruzzese recently experienced. He first noticed the surprisingly high number of illegal TV streaming accounts on his YouTube homepage, which has tailored recommended videos based on his viewing habits. Personalized recommendations aren't exactly new -- but the number of illegal live streams broadcasting copyrighted material on a loop was a shocker. When we looked deeper into the livestreams, the number we found was mindblowing. Many of these accounts appear to exist solely to give watchers an endless loop of their favorite shows and only have a few other posts related to the live streamed content. "YouTube respects the rights of copyright holders and we've invested heavily in copyright and content management tools to give rights holders control of their content on YouTube," a YouTube spokesperson told Mashable in an email. "When copyright holders work with us to provide reference files for their content, we ensure all live broadcasts are scanned for third party content, and we either pause or terminate streams when we find matches to third party content."
Communications

WordPress Bans Fascist Website Linked To Charlottesville Killer (fastcompany.com) 441

tedlistens writes: WordPress has said that it does not censor websites like that of self-proclaimed fascist group Vanguard America. But last night, the group's site was taken offline for violating the company's terms of service. The about-face was likely prompted by Vanguard's participation in last weekend's Unite the Right rallies in Charlottesville, Virginia, during which James Alex Fields drove his car into a crowd, killing one person and injuring 19. Fields has claimed allegiance to Vanguard America; the group denies that Fields was a member. For WordPress to drop a site, even a fascist site, is a very big deal; the same is true of GoDaddy's and Google's decision to drop their registration of neo-Nazi site the Daily Stormer (another site that GoDaddy previously said would be permitted on free speech grounds). WordPress hasn't explained the shift in its approach to the website: the company's user agreement and terms of service have not changed since Charlottesville. That policy, like that of other tech platforms, has long stood by strict neutrality and freedom of expression. That may now be changing.
Patents

Toyota Patents Cloaking Device To Make Car Pillars Appear Transparent (thedrive.com) 102

Toyota has patented a cloaking device that aims to make big, chunky car pillars transparent. The "apparatuses and methods for making an object appear transparent" which Toyota just patented uses cleverly placed mirrors to bend light around an object making it visible from the other side. The Drive reports: So you're not really seeing through the pillars, you're seeing around them. This is a much cheaper option than adding more cameras and screens all over the place and much more realistic than Harry Potter's invisibility cloak. The patent was filed with the U.S. patent office by Toyota North America, so if Toyota does go forward with this technology, we can probably expect to see it in cars in the U.S.
Communications

Neo-Nazi Site The Daily Stormer Moves To Dark Web After Shutdown (vice.com) 335

After being shutdown by Google and GoDaddy, prominent neo-Nazi website The Daily Stormer has moved their site to the dark web. "The new site is now only available through the Tor network, which allows users to set up their own domains," reports VICE News. "The original site, Dailystormer.com, is now fully offline." From the report: The homepage, as of Tuesday morning, contained articles that make light of the car ramming attack that claimed the life of 32-year-old Heather Heyer; admonish the "Jew media;" liberally employ various racial epithets; and, in a less offensive post, provided an update on which characters are available on Pokemon Go. In a statement, the site's founder promised to bring his site back online. "The Daily Stormer will be live in internet prison with drug dealers, terrorists and perverts, which is where we've been exiled to, for all time," Andrew Anglin said in a statement sent to VICE News. "We should have a real domain online within 24 hours. If it gets shut down again, people will know we are on the black web."
Communications

Tech Companies Urge Supreme Court To Boost Cellphone Privacy (reuters.com) 29

More than a dozen high technology companies and the biggest wireless operator in the United States, Verizon, have called on the U.S. Supreme Court to make it harder for government officials to access individuals' sensitive cellphone data. From a report: The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user's whereabouts. Signed by some of Silicon Valley's biggest names, including Apple, Facebook, Twitter, Snap and Alphabet's Google, the brief said that as individuals' data is increasingly collected through digital devices, greater privacy protections are needed under the law. "That users rely on technology companies to process their data for limited purposes does not mean that they expect their intimate data to be monitored by the government without a warrant," the brief said.
Government

Justice Department Demands 1.3 Million IP Addresses Related To Anti-Trump Website (theverge.com) 384

An anonymous reader quotes a report from The Verge: In a blog post today, online web hosting provider DreamHost disclosed that it has been involved in a months-long legal battle with the Justice Department over records on visitors to an anti-Trump website. The dispute focuses on a Justice Department demand for information on data related to disruptj20.org, which describes itself as a group of activists "building the framework needed for mass protests to shut down the inauguration of Donald Trump and planning widespread direct actions to make that happen." DreamHost is taking issue with a warrant issued by the department for "all files" related to the website, which DreamHost says would compel them to turn over electronic data like visitor logs. That would include IP addresses and other information that could be used to identify anyone who visited the site. "The request from the DOJ demands that DreamHost hand over 1.3 million visitor IP addresses -- in addition to contact information, email content, and photos of thousands of people -- in an effort to determine who simply visited the website," the company said in its blog post. The warrant, DreamHost argues, would also require it to hand over any communications that are even tangentially related to the website.

"In essence, the Search Warrant not only aims to identify the political dissidents of the current administration, but attempts to identify and understand what content each of these dissidents viewed on the website," the company said in a legal filing arguing against the warrant. A hearing on the situation is set for Friday in Washington, DC Superior Court.

The Courts

Judge Says LinkedIn Cannot Block Startup From Public Profile Data (reuters.com) 163

A U.S. federal judge on Monday ruled that LinkedIn cannot prevent a startup from accessing public profile data, in a test of how much control a social media site can wield over information its users have deemed to be public. Reuters reports: U.S. District Judge Edward Chen in San Francisco granted a preliminary injunction request brought by hiQ Labs, and ordered LinkedIn to remove within 24 hours any technology preventing hiQ from accessing public profiles. The dispute between the two tech companies has been going on since May, when LinkedIn issued a letter to hiQ Labs instructing the startup to stop scraping data from its service. HiQ Labs responded by filing a suit against LinkedIn in June, alleging that the Microsoft-owned social network was in violation of antitrust laws. HiQ Labs uses the LinkedIn data to build algorithms capable of predicting employee behaviors, such as when they might quit. "To the extent LinkedIn has already put in place technology to prevent hiQ from accessing these public profiles, it is ordered to remove any such barriers," Chen's order reads. Meanwhile, LinkedIn said in a statement: "We're disappointed in the court's ruling. This case is not over. We will continue to fight to protect our members' ability to control the information they make available on LinkedIn."
Republicans

Trump Can Block People On Twitter If He Wants, Administration Says (arstechnica.com) 213

An anonymous reader quotes a report from Ars Technica: The administration of President Donald Trump is scoffing at a lawsuit by Twitter users who claim in a federal lawsuit that their constitutional rights are being violated because the president has blocked them from his @realDonaldTrump Twitter handle. "It would send the First Amendment deep into uncharted waters to hold that a president's choices about whom to follow, and whom to block, on Twitter -- a privately run website that, as a central feature of its social-media platform, enables all users to block particular individuals from viewing posts -- violate the Constitution." That's part of what Michael Baer, a Justice Department attorney, wrote to the New York federal judge overseeing the lawsuit Friday. In addition, the Justice Department said the courts are powerless to tell Trump how he can manage his private Twitter handle, which has 35.8 million followers.

"To the extent that the President's management of his Twitter account constitutes state action, it is unquestionably action that lies within his discretion as Chief Executive; it is therefore outside the scope of judicial enforcement," Baer wrote. (PDF) Baer added that an order telling Trump how to manage his Twitter feed "would raise profound separation-of-powers concerns by intruding directly into the president's chosen means of communicating to millions of Americans."

The Military

US Army Walks Back Decision To Ban DJI Drones Ever So Slightly (suasnews.com) 27

garymortimer shares a report from sUAS News: News has reached me that another DJI memo was passed around on Friday the 11th of August. An exception to policy with recommendations from the asymmetric warfare group that will permit the use of DJI kit once some conditions have been met. The Android Tactical Assault Kit will become the ground control station (GCS) of choice when a DJI plugin has passed OPSEC (Operational Security) scrutiny. In a separate report from Reuters, DJI said it is "tightening data security in the hopes that the U.S. Army will lift its ban on DJI drones because of 'cyber vulnerabilities.'" The company is "speeding deployment of a system that allows users to disconnect from the internet during flights, making it impossible for flight logs, photos or videos to reach DJI's computer servers," reports Reuters. While the security measure has been in the works for several months, it's being rolled out sooner than planned because of the Army's decision to discontinue the use of DJI drones.
Communications

Discord Bans Servers That Promote Nazi Ideology (theverge.com) 453

A popular video game chat service with over 25 million users announced today that it had shut down "a number of accounts" following violence instigated by white supremacists over the weekend. Discord, the service "which lets users chat with voice and text, was being used by proponents of Nazi ideology both before and after the attacks in Charlottesville, Virginia," reports The Verge. "We will continue to take action against Nazi ideology, and all forms of hate," the company said in a tweet. From the report: Discord declined to state how many servers had been affected, but said it included a mix of old accounts and accounts that were created over the weekend. Among the affected servers was one used by AltRight.com, a white nationalist news site. The site's homepage includes a prominent link to a Discord chat which is now broken. The company said it does not read private messages exchanged on its servers. Members of those groups reported messages in the chats for violating Discord's terms of service, the company said, and it took action. "When hatred like this violates our community standards we act swiftly to take servers down and ban individual users," the company said in a statement. "The public server linked to AltRight.com that violated those terms was shut down along with several other public groups and accounts fostering bad actors on Discord. We will continue to be aggressive to ensure that Discord exists for the community we set out to support -- gamers."
Security

Spyware Apps Found on Google Play Store (bleepingcomputer.com) 37

Researchers at the security firm Lookout have identified a family of malicious Android apps, referred to as SonicSpy. From a report: Experts say the malware author modified a version of the official Telegram app, injected the spyware code, rebranded it, and uploaded the modified app on the Play Store. In total, the crook uploaded the app three times on the Play Store under the names Soniac, Hulk Messenger, and Troy Chat. Only Soniac was active on Google's app store when researchers first spotted the spyware, as the other two apps were already taken down, most likely by the developer himself. At the time of writing, Lookout says they identified over 1,000 variations of this new spyware called SonicSpy, which they believe to be a new version of an older Android spyware named SpyNote.
The Courts

Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware (vice.com) 71

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.

Slashdot Top Deals