Danish Bank Leaves Server In Debug Mode, Exposes Sensitive Data In JS Comments 30

An anonymous reader writes: Dutch IT security expert Sijmen Ruwhof has found a pretty big blunder on the part of Danske Bank, Denmark's biggest bank, which exposed sensitive user session information in the form of an encoded data dump, in their banking portal's JavaScript files. The data contained client IP addresses, user agent strings, cookie information, details about the bank's internal IT network, and more. He contacted the bank, who fixed the issue, but later denied it ever happened.

Verizon Is Merging Its Cellphone Tracking Supercookie with AOL's Ad Tracking Network 97

schwit1 writes: ProPublica reports that Verizon is giving a new mission to its controversial hidden identifier that tracks users of mobile devices. Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL's ad network, which in turn monitors users across a large swath of the Internet. That means AOL's ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including — "your gender, age range and interests." AOL's network is on 40 percent of websites, including on ProPublica.
The Internet

Scandal Erupts In Unregulated Online World of Fantasy Sports 171 writes: Joe Drape and Jacqueline Williams report at the NYT that a major scandal is erupting in the multibillion-dollar industry of fantasy sports, the online and unregulated business in which an estimated 57 million people participate where players assemble their fantasy teams with real athletes. Two major fantasy sports companies were forced to release statements defending their businesses' integrity after what amounted to allegations of insider trading — that employees were placing bets using information not generally available to the public. "It is absolutely akin to insider trading. It gives that person a distinct edge in a contest," says Daniel Wallach. "It could imperil this nascent industry unless real, immediate and meaningful safeguards are put in place."

In FanDuel's $5 million "NFL Sunday Million" contest this week, DraftKings employee Ethan Haskell placed second and won $350,000 with his lineup that had a mix of big-name players owned by a high number of users. Haskell had access to DraftKings ownership data meaning that he may have seen which NFL players had been selected by DraftKings users, and by how many users. In light of this scandal, DraftKings and FanDuel have, for now, banned their employees from playing on each other's sites. Many in the highly regulated casino industry insist daily fantasy sports leagues are gambling sites and shouldn't be treated any differently than traditional sports betting. This would mean a high amount of regulation. Industry analyst Chris Grove says this may be a watershed moment for a sector that may need the legislation it has resisted in order to prove its legitimacy. "You have information that is valuable and should be tightly restricted," says Grove. "There are people outside of the company that place value on that information. Is there any internal controls? Any audit process? The inability of the industry to produce a clear and compelling answer to these questions to anyone's satisfaction is why it needs to be regulated."
The Almighty Buck

NY Times Passes 1M Digital Subscribers 89 writes: Many news organizations, facing competition from digital outlets, have sharply reduced the size of their newsrooms and their investment in news gathering but less than four-and-a-half years after launching its pay model the NY Times has increased coverage as it announced that the Times has passed one million digital-only subscribers, giving them far more than any other news organization in the world. The Times still employs as many reporters as it did 15 years ago — and its ranks now include graphics editors, developers, video journalists and other digital innovators. "It's a tribute to the hard work and innovation of our marketing, product and technology teams and the continued excellence of our journalism," says CEO Mark Thompson.

According to Ken Doctor the takeaway from the Times success is that readers reward elite global journalism. The Wall Street Journal is close behind the Times, at 900,000, while the FT's digital subscription number stands at 520,000. "These solid numbers form bedrock for the future. For news companies, being national now means being global, and being global means enjoying unprecedented reach," says Doctor. "These audiences of a half-million and more portend more reader revenue to come."
Hardware Hacking

Sensor Network Makes Life Easier For Japan's Aging Rice Farmers 89

szczys writes: The average age of Japan's rice farmers is 65-70 years old. The work is difficult and even small changes to the way things are done can have a profound impact on these lives. The flooded paddies where the rice is grown must maintain a consistent water level, which means farmers must regularly traverse the terraced fields to check many different paddies. A simple sensor board is changing this, letting farmers check their fields by phone instead of in person.

This might not sound like much, but reducing the number of times someone needs to walk the fields has a big effect on the man-hours spent on each crop. The system, called TechRice, is inexpensive and the nodes recharge batteries from a solar cell. The data is aggregated on the Internet and can be presented as a webpage, a text-message interface, or any other reporting scheme imaginable by utilizing the API of the Open Source software. This is a testament to the power we have as small groups of engineers to improve the world.

Ask Slashdot: Best Country For Secure Online Hosting? 111

An anonymous reader writes: I've recently discovered that my hosting company is sending all login credentials unencrypted, prompting me to change providers. Additionally, I'm finally being forced to put some of my personal media library (songs, photos, etc.) on-line for ready access (though for my personal consumption only) from multiple devices and locations... But I simply can't bring myself to trust any cloud-service provider. So while it's been partially asked before, it hasn't yet been answered: Which country has the best on-line personal privacy laws that would made it patently illegal for any actor, state, or otherwise, to access my information? And does anyone have a recommendation on which provider(s) are the best hosts for (legal) on-line storage there?

Stolen Patreon User Data Dumped On Internet 161

After the personal data breach at crowd-funding site Patreon reported a few days ago, there's some worse news: the information isn't just in limbo any more; Patreon reported Saturday that the compromised information has been leaked in the form of a massive data dump. (The slightly good news is that no credit card information was leaked.)

Selected Provisions: TPP, CETA, and TiSA Trade Agreements 43

While proponents suggest that international trade agreements increase economic prosperity, writes reader Dangerous_Minds, it's often hard to find much detail about their details. Here's an exception: Freezenet is offering an update to known provisions of the Trans-Pacific Partnership Agreement (TPP), the Comprehensive Economic and Trade Agreement (CETA), and the Trades in Services Agreement (TiSA). Among the findings are provisions permitting a three-strikes law and site blocking, multiple anti-circumvention laws, ISP liability, the search and seizure of personal devices to enforce copyright at the border, and an open door for ISP-level surveillance. Freezenet also offers a brief summary of what was found while admitting that provisions found in the Transatlantic Trade and Investment Partnership (TTIP) as it relates to digital rights remains elusive for the time being.

Vigilante Malware Protects Routers Against Other Security Threats 79

Mickeycaskill writes: Researchers at Symantec have documented a piece of malware that infects routers and other connected devices, but instead of harming them, improves their security. Affected routers connect to a peer-to-peer network with other compromised devices, to distribute threat updates. 'Linux.Wifatch' makes no attempt to conceal itself and even left messages for users, urging them to change their passwords and update their firmware. Symantec estimates 'tens of thousands' of devices are affected and warns that despite Wifatch's seemingly philanthropic intentions, it should be treated with caution.

"It should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware," said Symantec. "It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions." There is one simple solution to rid yourself of the malware though: reset your device

DARPA Is Looking For Analog Approaches To Cyber Monitoring 41

chicksdaddy writes: Frustrated by adversaries continued success at circumventing or defeating cyber defense and monitoring technologies, DARPA is looking to fund new approaches, including the monitoring of analog emissions from connected devices, including embedded systems, industrial control systems and Internet of Things endpoints, Security Ledger reports.

DARPA is putting $36m to fund the Leveraging the Analog Domain for Security (LADS) Program (PDF). The agency is looking for proposals for "enhanced cyber defense through analysis of involuntary analog emissions," including things like "electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations." At the root of the program is frustration and a lack of confidence in digital monitoring and protection technologies developed for general purpose computing devices like desktops, laptops and servers.

The information security community's focus on "defense in-depth" approaches to cyber defense are ill suited for embedded systems because of cost, complexity or resource limitations. Even if that were possible, DARPA notes that "attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker's code."

China Beats US In Early Cuban Internet Infrastructure Investment 109

lpress writes: The US would like to sell Cuba Internet service and equipment, but we have had little success so far. China has won the first round — they financed and installed Cuba's undersea cable, supplied backbone equipment and public WiFi access centers and will provide equipment for the forthcoming home DSL rollout. That being said, Cuba has very little connectivity today and most of what they have and plan to install is already obsolete by today's standards, so they will be buying a lot of equipment in the future.

How Someone Acquired the Domain Name For a Single Minute 70

An anonymous reader writes with the story of how Sanmay Ved bought "" even though it only lasted a minute. BGR reports:We've all been there: It's nearly 2 in the morning and you're cruising around the Internet looking for new domain names to purchase. I mean, talk about a cliched night, right? Now imagine that during the course of your domain browsing, you unexpectedly discover that the holy grail of domain names — — is available for purchase for the low, low price of just $12. Testing fate, you attempt to initiate a transaction. Dare I say, you're feeling a little bit lucky. And just like that, in the blink of an eye, the transaction goes through and the vaunted and the highly valuable Google domain is in your possession. While this might read like a ridiculous plot summary from some horrible piece of nerd fiction, this series of events above, believe it or not, actually happened to former Googler Sanmay Ved earlier this week.
The Internet

Video We Asked Doc Searls: Do Ad Blockers Cause Cancer? (Video) 116

A whimsical headline, but not much more of a shark-jumper than some of the talk we've heard lately from ad agencies, online publishers, and others who earn their living from online advertising. Doc Searls recently wrote a piece on his personal blog titled Beyond ad blocking — the biggest boycott in human history. Naturally, we wanted to ask Doc to expand a bit on what he's been writing about ad blocking and advertising in general. So we had a fine conversation about online advertising -- ending with a challenge to the advertising industry, which Doc says should be looking for ways to produce better, more effective, and less annoying ways to sell to us online.

Researchers: Thousands of Medical Devices Are Vulnerable To Hacking 29

itwbennett writes: At the DerbyCon security conference, researchers Scott Erven and Mark Collao explained how they located Internet-connected medical devices by searching for terms like 'radiology' and 'podiatry' in the Shodan search engine. Some systems were connected to the Internet by design, others due to configuration errors. And much of the medical gear was still using the default logins and passwords provided by manufacturers. 'As these devices start to become connected, not only can your data gets stolen but there are potential adverse safety issues,' Erven said.
The Internet

NVIDIA Launches GeForce NOW Game Streaming Service 52

MojoKid writes: NVIDIA has championed game streaming for a number of years now, whether it's from a GeForce GTX-equipped PC to one of its SHIELD devices or from its cloud-based GRID gaming beta service to a SHIELD. Today though, NVIDIA is kicking its game streaming business up a notch by launching a new service dubbed GeForce NOW. The service streams PC games from the cloud to SHIELD devices at up to full HD 1080p resolutions at 60 fps. It may be tempting to call GeForce NOW an official re-branding of its GRID game streaming beta but that is reportedly not the case. The GRID beta is going away with the launch of GeForce NOW (an update will replace the GRID app with GeForce NOW), but according to NVIDIA, GeForce NOW was re-architected from the ground up to provide a better overall experience. NVIDIA sees GeForce NOW as sort of a "Netflix for games." There is a monthly fee of $7.99 for a subscription, which gives customers access to a slew of games. There are too many to list but top notch titles like Batman: Arkham City, Ultra Street Fighter IV, GRID 2 and many others are included. In addition to the games included in the subscriptions price, NVIDIA will also be offering GeForce NOW users access to AAA-titles on the day of release, for a fee. The games will typically be sold at a regular retail prices but not only will users get to play those games via the GeForce NOW streaming service on SHIELD devices, they'll also receive a key for playing the game on a PC as well. To use GeForce NOW you'll need an NVIDIA SHIELD Android TV, SHIELD portable, or SHIELD tablet (with the latest software updates installed) and a SHIELD-approved 5GHz router. Your broadband connection must also offer download speeds of at least 12Mb/s. 20Mb/s is recommended for 720p / 60 FPS quality, and 50Mb/s is recommended for 1080p / 60 FPS.

Targeting Tools Help Personalize TV Advertising 60

schwit1 writes: Surgical marketing messages are taken for granted on the Internet. Yet, they are just now finding their way onto television, where the audience is big though harder to target. As brands shift more of their spending to the Web where ads are more precise, the TV industry is pushing back. Using data from cable set-top boxes that track TV viewing, credit cards and other sources, media companies including Comcast's NBCUniversal, Time Warner's Turner, and Viacom are trying to compete with Web giants like Google and Facebook and help marketers target their messages to the right audience. Where can I get adblock for my FiOS?

iOS 9 'Wi-Fi Assist' Could Lead To Huge Wireless Bills 182

Dave Knott writes: One of the new features introduced in iOS9 is "Wi-Fi Assist." This enables your phone to automatically switch from Wi-Fi to a cellular connection when the Wi-Fi signal is poor. That's helpful if you're in the middle of watching a video or some other task on the internet that you don't want interrupted by spotty Wi-Fi service. Unfortunately, Wi-Fi Assist is enabled by default, which means that users may exceed their data cap without knowing it because their phone is silently switching their data connection from Wi-Fi to cellular.
United States

Raytheon Wins US Civilian Cyber Contract Worth $1 Billion 62

Tokolosh writes: Raytheon is a company well-known in military-industrial and political circles, but not so much for software, networking and cybersecurity. That has not stopped the DHS awarding it a $1 billion, five year contract to help more than 100 civilian agencies manage their computer security. Raytheon said DHS selected it to be the prime contractor and systems integrator for the agency's Network Security Deployment (NSD) division, and its National Cybersecurity Protection System (NCPS). The contract runs for five years, but some orders could be extended for up to an additional 24 months, it said. Dave Wajsgras, president of Raytheon Intelligence, Information and Services, said the company had invested over $3.5 billion in recent years to expand its cybersecurity capabilities. He said cybersecurity incidents had increased an average of 66 percent a year worldwide between 2009 and 2014. As you might expect, Raytheon spends heavily on political contributions and lobbying.

How Amazon's Robots Move Everything Around 177

dkatana writes: Amazon's drones have a long way to become reality, but the real magic of the Internet of Things (IoT) is already happening at Amazon's vast fulfillment warehouses in the US. Amazon runs a fleet of thousands of small robots moving storage pods around so orders can be fulfilled in record time. They are so efficient that they can move an entire warehouse and have ready to operate again during the weekend. All together the small robots have traveled over 93 million miles — almost the distance from Earth to the Sun.
The Internet

Mark Zuckerberg Issues Call For Universal Internet Access 142

An anonymous reader writes: During the 70th annual U.N. General Assembly session, Zuckerberg discussed the "importance of connectivity in achieving the U.N.'s sustainable development goals. Connecting the world is one of the fundamental challenges of our generation. More than 4 billion people don't have a voice online." Zuckerberg said. Reuters reports: "The connectivity campaign calls on governments, businesses and innovators to bring the Internet to the some 4 billion people who now do not have access, organizers said. Signing on to the connectivity campaign were U2 star Bono, co-founder of One, a group that fights extreme poverty; actress Charlize Theron, founder of Africa Outreach Project; philanthropists Bill and Melinda Gates; British entrepreneur Richard Branson; Huffington Post editor Arianna Huffington; Colombian singer Shakira, actor and activist George Takei and Wikipedia co-founder Jimmy Wales."