Heise Newsticker


  • Apple's Security Chief Indicted in Santa Clara County Sheriff Concealed-gun Permit Scandal (2020/11/23 22:25)
    The top security chief for Apple headlines a batch of new criminal indictments for allegedly brokering bribes with Santa Clara County sheriff's office commanders -- including the newly indicted undersheriff -- in exchange for coveted concealed-gun permits, in a striking offshoot of an ongoing corruption probe ensnaring the agency. From a report: Thomas Moyer, 50, Apple's chief security officer, was indicted last week by a criminal grand jury on allegations that he, Undersheriff Rick Sung and Capt. James Jensen arranged for 200 iPads to be donated to the sheriff's office to loosen up the release of concealed-carry weapons permits for Apple security officers. The sheriff's office is the police force for Cupertino, where Apple's global headquarters are located. The iPad donation was shelved once a separate DA investigation into pay-to-play suspicions involving the concealed-gun permits -- in which Jensen was one of four people indicted earlier this year -- got underway in August 2019, District Attorney Jeff Rosen said at a Monday news conference. Read more of this story at Slashdot.
  • Secret Amazon Reports Expose the Company's Surveillance of Labor and Environmental Groups (2020/11/23 21:46)
    A trove of more than two dozen internal Amazon reports reveal in stark detail the company's obsessive monitoring of organized labor and social and environmental movements in Europe, particularly during Amazon's "peak season" between Black Friday and Christmas. From a report: The reports, obtained by Motherboard, were written in 2019 by Amazon intelligence analysts who work for the Global Security Operations Center, the company's security division tasked with protecting Amazon employees, vendors, and assets at Amazon facilities around the world. The documents show Amazon analysts closely monitor the labor and union-organizing activity of their workers throughout Europe, as well as environmentalist and social justice groups on Facebook and Instagram. They also reveal, and an Amazon spokesperson confirmed, that Amazon has hired Pinkerton operatives -- from the notorious spy agency known for its union-busting activities -- to gather intelligence on warehouse workers. Internal emails sent to Amazon's Global Security Operations Center obtained by Motherboard also reveal that all the division's team members around the world receive updates on labor organizing activities at warehouses that include the exact date, time, location, the source who reported the action, the number of participants at an event (and in some cases a turnout rate of those expected to participate in a labor action), and a description of what happened, such as a "strike" or "the distribution of leaflets." Other documents reveal that Amazon intelligence analysts keep close tabs on how many warehouse workers attend union meetings; specific worker dissatisfactions with warehouse conditions, such as excessive workloads; and cases of warehouse-worker theft, from a bottle of tequila to $15,000 worth of smart watches. Read more of this story at Slashdot.
  • Gimp Turns 25 (2020/11/23 21:05)
    New submitter thegreatbob shares a report: The General Image Manipulation Program, GIMP, has turned 25. A brief celebration post detailed how the package started life as a July 1995 Usenet thought bubble by then-student Peter Mattis, who posted the following to several newsgroups: Suppose someone decided to write a graphical image manipulation program (akin to photoshop). Out of curiosity (and maybe something else), I have a few (2) questions: What kind of features should it have? (tools, selections, filters, etc.) What file formats should it support? (jpeg, gif, tiff, etc.)" Four months later, Mattis and fellow University of California Berkeley student Spencer Kimball delivered what they described as software "designed to provide an intuitive graphical interface to a variety of image editing operations." The software ran on Linux 1.2.13, Solaris 2.4, HPUX 9.05, and SGI IRIX. The answer to the file format support question turned out to be GIF, JPEG, PNG, TIFF, and XPM. The rest is history. Richard Stallman gave Mattis and Kimball permission to change the "General" in its name to "GNU", reflecting its open-source status. Today the program is released under the GNU General Public License. As the program added features such as layers, it grew more popular and eventually became a byword for offering a FOSS alternative to Photoshop even though the project pushes back against that description. The project's celebration page says volunteers did their "best to provide a sensible workflow to users by using common user interface patterns. That gave us a few questionable monikers like 'Photoshop for Linux', 'free Photoshop', and 'that ugly piece of software'. We still can wholeheartedly agree with the latter one only!" Read more of this story at Slashdot.
  • Walmart-exclusive Router and Others Sold on Amazon and eBay Contain Hidden Backdoors To Control Devices (2020/11/23 20:26)
    Bernard Meyer, reporting for CyberNews: In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of "affordable" wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network. CyberNews reached out to Walmart for comment and to understand whether they were aware of the Jetstream backdoor, and what they plan to do to protect their customers. After we sent information about the affected Jetstream device, a Walmart spokesperson informed CyberNews: "Thank you for bringing this to our attention. We are looking into the issue to learn more. The item in question is currently out of stock and we do not have plans to replenish it." Besides the Walmart-exclusive Jetstream router, the cybersecurity research team also discovered that low-cost Wavlink routers, normally sold on Amazon or eBay, have similar backdoors. The Wavlink routers also contain a script that lists nearby wifi and has the capability to connect to those networks. We have also found evidence that these backdoors are being actively exploited, and there's been an attempt to add the devices to a Mirai botnet. Mirai is malware that infects devices connected to a network, turns them into remotely controlled bots as part of a botnet, and uses them in large-scale attacks. The most famous of these is the 2016 Dyn DNS cyberattack, which brought down major websites like Reddit, Netflix, CNN, GitHub, Twitter, Airbnb and more. Read more of this story at Slashdot.
  • Biden's Top Tech Adviser Makes Regulation More Likely (2020/11/23 19:46)
    President-elect Joe Biden's top technology adviser helped craft California's landmark online privacy law and recently condemned a controversial federal statute that protects internet companies from liability, indicators of how the Biden administration may come down on two key tech policy issues. From a report: Bruce Reed, a former Biden chief of staff who is expected to take a major role in the new administration, helped negotiate with the tech industry and legislators on behalf of backers of a ballot initiative that led to the 2018 California Consumer Privacy Act. Privacy advocates see that law as a possible model for a national law. Reed also co-authored a chapter in a book published last month denouncing the federal law known as Section 230, which makes it impossible to sue internet companies over the content of user postings. Both Republicans and Democrats have called for reforming or abolishing 230, which critics say has allowed abuse to flourish on social media. Reed, a veteran political operative, was chief of staff for Biden from 2011 to 2013, when Biden was U.S. vice president. In that role, he succeeded Ron Klain, who was recently named incoming White House chief of staff. Reed then served as president of the Broad Foundation, a major Los Angeles philanthropic organization, and later as an adviser to Laurene Powell Jobs' Emerson Collective in Palo Alto, California. Read more of this story at Slashdot.
  • Indian Coding Startup WhiteHat Jr Sues Critics (2020/11/23 19:05)
    Karan Bajaj, an Indian entrepreneur who teaches meditation and in his recent book invites others to live a life away from the noise, is going after the most vocal critics of his startup. From a report: Bajaj, founder of coding platform WhiteHat Jr, has filed a defamation case against Pradeep Poonia, an engineer who has publicly criticized the firm for its marketing tactics, the quality of the courses on the platform, and aggressive takedowns of such feedback. On Monday, WhiteHat Jr, filed a similar case against Aniruddha Malpani, an investor who has shared unflattering feedback about the startup. Most of the customers of WhiteHat Jr, which is aimed at kids, live in America, and demand for its one-to-one classes has surged nearly 90% this year, according to the startup. In the lawsuit against Poonia -- in which Bajaj is seeking $2.7 million in damages -- Poonia has been accused of infringing trademarks and copyright of properties owned by WhiteHat Jr, defaming and spreading misleading information about the startup and its founder, and accessing the company's private communications app. [...] The lawsuit, riddled with spelling and grammatical errors, appears to be also indicative of just how little criticism WhiteHat Jr, owned by India's second most valuable startup Byju's, is willing to accept. According to internal posts of a Slack channel of WhiteHat Jr shared by Poonia, the startup has aggressively used copyright protection to take down numerous unflattering feedback about the startup in recent months. The suit also raises concern with Poonia accusing WhiteHat Jr of "murdering" an imaginary kid that featured in one of its earlier ads. A 12-year-old child named "Wolf Gupta" appeared in earlier ads of WhiteHat Jr, which claimed that the kid had landed a lucrative job at Google. The kid does not exist, the lawyers of Bajaj say in the suit. Ironically that was also the argument Poonia, who spent a long time trying to unearth more information about this supposed poster child of WhiteHat Jr, was making in his tweets. Read more of this story at Slashdot.
  • Google Gets Web Allies by Letting Outsiders Help Build Chrome's Foundation (2020/11/23 18:25)
    Google is loosening control over the core of its Chrome browser, a move that helps Microsoft, Samsung and Brave build competitors while advancing the search giant's vision of the web. From a report: Over the past six months, Google welcomed a new outside developer into the leadership of its Chromium project, the software that powers the similarly named browser. The Alphabet subsidiary is also granting outsiders access to its previously proprietary software development system and allows outside features even when Google doesn't incorporate them into the flagship Chrome browser. Chromium is open-source software, which means anyone can modify and use it. Even with open source projects, however, outsiders can have trouble convincing organizers to accept their changes and additions, making it harder to contribute and benefit. Google took pains to draw attention to the changes at the BlinkOn conference earlier this week. "It's really cool to see so many people and groups with different priorities coming together and finding solutions that not only meet their individual agendas but also advance the common goal of improving the web," said Danyao Wang, a Chrome engineer at Google. Read more of this story at Slashdot.
  • The Oxford Vaccine Is 70% Effective, Cheaper and Easier To Store and Distribute (2020/11/23 17:47)
    AmiMoJo writes: The coronavirus vaccine developed by the University of Oxford is highly effective at stopping people developing Covid-19 symptoms, a large trial shows. Interim data suggests 70% protection, but the researchers say the figure may be as high as 90% by tweaking the dose. The results will be seen as a triumph, but come after Pfizer and Moderna vaccines showed 95% protection. However, the Oxford jab is far cheaper, and is easier to store and get to every corner of the world than the other two. So the vaccine will play a significant role in tackling the pandemic, if it is approved for use by regulators. "The announcement today takes us another step closer to the time when we can use vaccines to bring an end to the devastation caused by [the virus]," said the vaccine's architect, Prof Sarah Gilbert. The UK government has pre-ordered 100 million doses of the Oxford vaccine, and AstraZeneca says it will make three billion doses for the world next year. Prime Minister Boris Johnson said it was "incredibly exciting news" and that while there were still safety checks to come, "these are fantastic results." Read more of this story at Slashdot.
  • Oxford's 2020 Word of the Year? It's Too Hard to Isolate (2020/11/23 17:07)
    Oxford Languages's annual Word of the Year is usually a tribute to the protean creativity of English and the reality of constant linguistic change, throwing a spotlight on zeitgeisty neologisms like "selfie," "vape" and "unfriend." Sure, it isn't all lexicographic fun and frolic. 2017 saw the triumph of "toxic." Last year, the winner was "climate emergency." But then came 2020, and you-know-what. From a report: This year, Oxford Languages, the publisher of the Oxford English Dictionary, has forgone the selection of a single word in favor of highlighting the coronavirus pandemic's swift and sudden linguistic impact on English. "What struck the team as most distinctive in 2020 was the sheer scale and scope of change," Katherine Connor Martin, the company's head of product, said in an interview. "This event was experienced globally and by its nature changed the way we express every other thing that happened this year." The Word of the Year is based on usage evidence drawn from Oxford's continually updated corpus of more than 11 billion words, gathered from news sources across the English-speaking world. The selection is meant "to reflect the ethos, mood or preoccupations" of the preceding year, while also having "lasting potential as a term of cultural significance." The 2020 report does highlight some zippy new coinages, like "Blursday" (which captures the way the week blends together), "covidiots" (you know who you are) and "doomscrolling." But mostly, it underlines how the pandemic has utterly dominated public conversation, and given us a new collective vocabulary almost overnight. Read more of this story at Slashdot.
  • 'Code is Sourdough' (2020/11/23 16:25)
    Romello Goodman, a software engineer at The New York Times, writing at Increment: Like a sourdough starter passed through the hands of many bakers -- some novices, some experienced -- a codebase reflects how teammates communicate with one another. It's a snapshot of our thinking and our best attempts at codifying norms and assumptions. It's a conversation in which each person contributes and is in conversation with those who came before them. With each new feature or bug report, we understand our code better. We identify areas where new logic doesn't quite fit with existing logic. We're constantly in touch with our own past decisions and those of our coworkers. We're working together, trying to harmonize and match one another's thinking patterns and assumptions. We trust one another to make decisions for the good of the team and the organization. Every piece of new code adds to the culture and cultivates our shared understanding. If code is sourdough, we have an opportunity to better appreciate the histories and context that have gone into it. In software, we tend to think of legacy code as something that should be thrown away or rewritten, often conflating a codebase's age with its health and viability. But code doesn't age in a vacuum. If sourdough can be passed down from person to person over decades, then so can code. The preservation of decisions and experience is tied to the preservation of our codebase. Even when the code itself is no longer being updated, documentation around the logic or the underlying platform and adjacent technologies can keep a codebase and its culture vibrant. You can then pass that culture on for another team to bake with. It might just taste better than you'd expect. Read more of this story at Slashdot.



    • Weihnachtseinkäufe im Internet: Sicher bezahlen im E-Commerce (2020/11/19 09:30)
      Passend zum Start des Weihnachtsgeschäfts hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) die Sicherheitsaspekte verschiedener Zahlungsdienste im E-Commerce betrachtet.
    • "BSI im Dialog" – Digitaler Verbraucherschutz im Fokus (2020/11/13 10:00)
      Im Rahmen der Veranstaltungsreihe "BSI im Dialog" hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) am 13. November 2020 Vertreterinnen und Vertreter aus Politik, Wissenschaft, Wirtschaft und Gesellschaft zum Thema "Wirksame Ansätze – Wie kann sicherheitsbewusstes Verhalten gestärkt werden?" eingeladen.
    • Intelligente Stromnetze: BSI aktualisiert Marktanalyse (2020/11/12 11:00)
      Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat die Marktanalyse nach dem Gesetz über den Messstellenbetrieb und die Datenkommunikation in intelligenten Energienetzen (MsbG) aktualisiert und veröffentlicht.
    • 3. IT-Grundschutz-Tag 2020 (2020/11/12 08:00)
    • Uniklinik Bonn und BSI: Digitalisierung, Cyber-Sicherheit & Ich-Perspektiven im Gesundheitswesen (2020/11/09 11:00)
      Das Gesundheitswesen nutzt die Möglichkeiten der zunehmenden Digitalisierung und Vernetzung, um Abläufe zu optimieren und die Versorgung der Patientinnen und Patienten zu verbessern. Dadurch ergeben sich aber gleichzeitig auch Herausforderungen, die insbesondere in der aktuellen Corona-Pandemie kurzfristig und sicher gelöst werden müssen.
    • #CyberConference2020 – BSI und BMI richten Cyber-Sicherheitskonferenz anlässlich der deutschen EU-Ratspräsidentschaft aus (2020/11/09 11:00)
      Am heutigen Montag findet die offizielle Cyber-Sicherheitskonferenz der deutschen EU-Ratspräsidentschaft statt. Ausrichter der Online-Konferenz sind das Bundesministerium des Innern, für Bau und Heimat (BMI) und das Bundesamt für Sicherheit in der Informationstechnik (BSI)
    • Webinar: Cyber-Sicherheit für Aufsichtsräte (2020/11/03 13:00)
      Am 5. November 2020 veranstalten Dr. Gerhard Schabhüser, Vizepräsident des Bundesamts für Sicherheit in der Informationstechnik (BSI), und Nadine Nagel, Abteilungsleiterin im BSI, gemeinsam mit dem FidAR e.V. das Webinar "Cyber-Sicherheit für Aufsichtsräte: Bedrohungslage und Bedeutung".
    • Bonner Dialog für Cybersicherheit (BDCS) (2020/10/28 18:00)
      Der Bonner Dialog für Cybersicherheit (BDCS) ist eine unregelmäßig stattfindende Veranstaltungsreihe, die vom Fraunhofer (FKIE), der IHK Bonn/Rhein-Sieg, der Stadt Bonn und der Deutschen Telekom organisiert wird. Ziel der Veranstaltungen ist der intensive Austausch zum Thema Cybersicherheit im Rahmen von Impulsvorträgen und Diskussionen. Gleichzeitig soll auch Bonn als IT-Standort bekannter gemacht werden. Unter dem Titel "Usable Authentication – Was ist noch besser als ein sicheres Passwort?" findet am Donnerstag, 29. Oktober 2020 von 16:00 – 18:00 Uhr, der 15. Bonner Dialog für Cybersicherheit statt. Dr. Gerhard Schabhüser, Vizepräsident des Bundesamts für Sicherheit in der Informationstechnik (BSI), hält eine Keynote.

    Internet Storm Center


    issf news