news aggregator

Research blames 'culture of trust' for weak fraud protections

UK charities are misjudging the risks of fraud, according to research from the Charity Commission and the Fraud Advisory Panel.…

U.S. lawmakers from both parties slammed Apple and Chief Executive Officer Tim Cook last week for "censorship of apps" at the "behest of the Chinese government." From a report: Senators Ted Cruz, Ron Wyden, Tom Cotton, Marco Rubio and Representatives Alexandria Ocasio-Cortez, Mike Gallagher and Tom Malinowski expressed concern about the removal of an app that let Hong Kong protesters track police movement in the city. "Apple's decisions last week to accommodate the Chinese government by taking down HKmaps is deeply concerning," they wrote in a letter to Cook, urging Apple to "reverse course, to demonstrate that Apple puts values above market access, and to stand with the brave men and women fighting for basic rights and dignity in Hong Kong." Apple didn't respond to a request for comment on Friday. Apple removed the HKmap.live app from the App Store in China and Hong Hong earlier this month, saying it violated local laws. The company also said it received "credible information" from Hong Kong authorities indicating the software was being used "maliciously" to attack police. The decision, and the reasoning, was questioned widely. Cook, in a recent memo to Apple employees, said that "national and international debates will outlive us all, and, while important, they do not govern the facts."

Read more of this story at Slashdot.

Only really, really little astronauts need apply

With launchpads in New Zealand and (soon) the US, small-sat flinger Rocket Lab toasted a ninth successful launch of its Electron rocket by taking aim at destinations beyond Low Earth Orbit.…

NordVPN, a virtual private network provider that promises to "protect your privacy online," has confirmed it was hacked. From a report: The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private keys exposed, potentially allowing anyone to spin out their own servers imitating NordVPN. For its part, NordVPN has claimed a "zero logs" policy. "We don't track, collect, or share your private data," the company says. But the breach is likely to cause alarm that hackers may have been in a position to access some user data. NordVPN told TechCrunch that one of its datacenters was accessed in March 2018. "One of the datacenters in Finland we are renting our servers from was accessed with no authorization," said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server -- which had been active for about a month -- by exploiting an insecure remote management system left by the datacenter provider, which NordVPN said it was unaware that such a system existed.

Read more of this story at Slashdot.

Missing Google already?

Huawei has admitted that US sanctions are hurting its mobile phone business as it struggles to find alternatives to Google's software suite.…

In Venezuela, a crumbling economy and the collapse of even basic state infrastructure means water comes irregularly -- and drinking it is an increasingly risky gamble. Venezuela's current rate of infant mortality from diarrhea, which is closely related to water quality, is six times higher than 15 years ago, according to the World Health Organization. From a report: But the government stopped releasing official public health data years ago. So The New York Times commissioned researchers from the Universidad Central de Venezuela to recreate the water quality study they had conducted regularly for the water utility in Caracas from 1992 until 1999. The scientists found that about a million residents were exposed to contaminated supplies. This puts them at risk of contracting waterborne viruses that could sicken them and threatens the lives of children and the most vulnerable. "This is a potential epidemic," said Jose MarÃa De Viana, who headed Caracas's water utility, Hidrocapital, until 1999. "It's very serious. It's unacceptable." In the latest study, 40 samples were taken from the capital's main water systems and tested for bacteria and for chlorine, which keeps water safe. The study also tested alternative water sources used by city residents during supply outages. One third of the samples did not meet national norms. This should have required Hidrocapital to issue a sanitation alert, according to the utility's own internal regulations. But Venezuela's government has not issued any alerts at least since President Nicolas Maduro's Socialist Party took power 20 years ago. "The biggest health risk that we see there right now is water -- water and sanitation," the head of the International Federation of the Red Cross, Francesco Rocca, told foreign reporters this week, referring to Venezuela.

Read more of this story at Slashdot.

Buried on Friday PM, just before pub o'clock

Among the daily two-dozen or so government updates on Brexit progress slipped in as everyone went to the pub on Friday were a bunch considering the impact on copyright and intellectual property.…

Security biz to slurp Aussie compliance outfit

Infosec giant Trend Micro is buying Australian compliance biz Cloud Conformity for $70m to help customers check the configuration of their fluffy white services – one of the major causes of cloud security breaches.…

You know my stats don't lie and I'm starting to feel it's wrong

Action Fraud (AF) is referring fewer computer misuse cases to police investigators despite official statistics showing nearly a million offences were reported last year.…

What if Google and Amazon employees weren't the only ones who'd listened through your voice assistant? Ars Technica reports: The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps -- four Alexa "skills" and four Google Home "actions" -- that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords... The apps gave the impression they were no longer running when they, in fact, silently waited for the next phase of the attack.... The apps quietly logged all conversations within earshot of the device and sent a copy to a developer-designated server. The phishing apps follow a slightly different path by responding with an error message that claims the skill or action isn't available in that user's country. They then go silent to give the impression the app is no longer running. After about a minute, the apps use a voice that mimics the ones used by Alexa and Google home to falsely claim a device update is available and prompts the user for a password for it to be installed.... In response, both companies removed the apps and said they are changing their approval processes to prevent skills and actions from having similar capabilities in the future.

Read more of this story at Slashdot.

Mats Järlström's fight shows you never cross an engineer

A Swedish engineer's umbrage at a traffic ticket has led to a six-year legal fight and now a global change in the speed with which traffic light signals are timed.…

Russian-backed cell's Middle East campaign pretended to be of a Persian persuasion

British and US spies have blamed Russian hacker group Turla for masquerading as Iranian hackers to launch recent attacks mostly on government systems in the Middle East.…

At least it'll wipe clean

Update Readers anxious for an update on the health of the wobbly Samsung smart fridge currently squatting in UK retailer John Lewis's Oxford Street store will be interested to learn that a culprit has been fingered.…

'At the exact moment you get curious about getting involved in cybercrime, you get a little tap on the shoulder'

What's the best way to stop young gamers slipping into a life of cybercrime? Google ads from the cops, apparently.…

"Kids are outsmarting an army of engineers from Cupertino, California," reports the Washington Post: And Apple, which introduced "Screen Time" a year ago in response to pressure to address phone overuse by kids, has been slow to make fixes to its software that would close these loopholes. It's causing some parents to raise questions about Apple's commitment to safeguarding children from harmful content and smartphone addiction. When Screen Time blocks an app from working, it becomes grayed out, and clicking on it does nothing unless parents approve a request for more time. Or, at least, it's supposed to work that way. On Reddit and YouTube, kids are sharing tips and tricks that allow them to circumvent Screen Time. They download special software that can exploit Apple security flaws, disabling Screen Time or cracking their parents' passwords. They search for bugs that make it easy to keep using their phones, unbeknown to parents, such as changing the time to trick the system or using iMessage to watch YouTube videos. "These are not rocket science, backdoor, dark Web sort of hacks," said Chris McKenna, founder of the Internet safety group Protect Young Eyes. "It blows me away that Apple hasn't thought through the fact that a persistent middle school boy or girl can bang around and find them."

Read more of this story at Slashdot.

'I wonder what our users are surfing for… Oh'

Who, Me? Welcome to Who, Me?, The Register's weekly confessional of sins, smut and surfing from the seemingly infinite pool of reader misdeeds.…

All in a week's work

Roundup Just in case you're addicted to the world of AI, here's more news beyond what we have already covered this week.…

Help us understand your day-to-day challenges and triumphs with this reader poll

Survey So much of the misery inflicted on customers by financial institutions is caused by disjointed systems and clumsy hand-offs between departments.…

Plus, new allegations in Iran and American hacking war

Roundup Here's your Register security roundup to kick off your week.…

"A record number" of U.S. schools are now accepting nearly all of their students without requiring an SAT or ACT test score, reports the Washington Post: Robert A. Schaeffer, public education director of FairTest, which opposes the misuse of standardized tests, said the past year has seen the "fastest growth spurt ever" of schools ending the SAT/ACT test score as an admission requirement. Over the summer, more than one school a week announced the change. Nearly 50 accredited colleges and universities that award bachelor's degrees announced from September 2018 to September 2019 that they were dropping the admissions requirement for an SAT or ACT score, FairTest said. That brings the number of accredited schools to have done so to 1,050 -- about 40 percent of the total, the nonprofit said. While the test-optional list has some schools with specific missions -- there are religious colleges, music and art conservatories, nursing schools -- it also includes more than half of the top 100 liberal arts colleges on the U.S. News & World Report list, FairTest said. Also on the list are the majority of colleges and universities in Maryland, Pennsylvania, Virginia, the District of Columbia and the six New England states... Research has consistently shown that ACT and SAT scores are strongly linked to family income, mother's education level and race... The University of Chicago, which abandoned the requirement last year, reported in July that its decision, along with an increase in financial aid and outreach, led to a 20 percent increase in first-generation, low-income and rural students and veterans to commit to the school.

Read more of this story at Slashdot.