8.7 C
London
Wednesday, September 20, 2017
Home Tags Directing

Tag: Directing

After the smash success of Wonder Woman, she’s getting a bit of a raise, too.
Not to put too fine a point on it, OMFG it looks really freakinrsquo; awesome.
Note: You won't be troubleshooting print drivers unless you're into that sort of thing.
Mark Shuttleworth lashes out at "anti-social muppets" Mark Shuttleworth, the founder of Ubuntu, recently lashed out at some users in the open source community.
In a comment on his post on Google+ he vented his frustration with “anti-social muppets” who have been directing hate at Mir.[ The InfoWorld roundup: 5 rock-solid Linux distros for developers. | Stay up on open source with the InfoWorld Linux Report newsletter. ]Simon Sharwood reports for The Register:To read this article in full or to leave a comment, please click here
Intergence Ltd are delighted to announce the addition of Ian Cohen to their Board as a Non-Executive Director.Ian brings a wealth of experience in digitally enabled business transformation having held global technology, commercial and digital leadership roles across several of the UK’s biggest financial services and media brands. One of the UK’s leading digital practitioners, advisors and commentators Ian has a track record in directing business and technology innovation as well as driving digital exploitation... Source: RealWire
Position listed as "vacant" as candidates vie for Trump's top patent spot.
Chris Miller and Phil Lord are directing, so we think it's in good hands.
Broad order could cause problems for EPA and other agencies.
Enlarge / WASHINGTON, DC - JANUARY 19: Former Texas Governor Rick Perry, President-elect Donald Trump's choice as Secretary of Energy, testifies during his confirmation hearing before the Senate Committee on Energy and Natural Resources on Capitol Hill January 19, 2017 in Washington, DC. Perry is expected to face questions about his connections to the oil and gas industry. (Photo by Aaron P.

Bernstein/Getty Images)Getty Images reader comments 12 Share this story On Thursday, former Texas Governor Rick Perry appeared before the Senate Energy and Natural Resources Committee to answer questions from the senators, who will vote on whether Perry will become the nation’s Energy Secretary.

The Republican-controlled Senate gave him little trouble this morning, although Democratic and Independent senators lobbed a few tough questions. Perry’s nomination has been controversial, notably because in a 2011 presidential primary election debate, he couldn’t remember the name of one of the Departments he promised to eliminate as President—that Department was the Department of Energy (DOE). He also drew criticism after the New York Times reported last night that Perry had accepted the Energy Secretary nomination unaware that more than half of the Department of Energy’s budget is devoted to managing the US nuclear arsenal as well as directing nuclear energy facilities’ cleanup and maintenance.  At the Senate hearing today, Perry attempted to persuade senators that he actually wanted the job. “My past statements made over five years ago about abolishing the Department of Energy do not reflect my current thinking,” Perry said in his opening statements. “In fact, after being briefed on so many of the vital functions of the Department of Energy, I regret recommending its elimination.” Perry has also attracted criticism for his so-so performance in college, especially given that the current Energy Secretary is a nuclear physicist, his predecessor was a Nobel Prize-winning physicist, and the secretary before that was an MIT-trained chemical engineer.

But Perry's supporters, like Committee Chairwoman Murkowski (R-AL), didn't seem to mind. “I don’t subscribe to the theory that only scientists can manage other scientists.
I think what we need is a good manager,” she said. Although nuclear capabilities are a vital part of the DOE’s mission, directing the department’s national laboratories and funding energy research would also come under Perry’s purview.

But his nomination has also drawn criticism because he’s vocally denied that climate change is happening, even, according to Senator Al Franken, claiming in a 2010 book that the Earth was going through a “cooling trend.” This has been flatly denied by almost all climate researchers. Perry tried to head off these criticisms in his opening statements, saying he does believe in climate change now.

But throughout the hearing, Perry was unwilling to walk back his previous statements about climate change completely and admit that the changing climate is significantly related to human activity, a point which science also supports.

Today, Perry only noted that “parts of it are created by human activity.” One of the first questions out of the gate came from Senator Cantwell (D-WA), who asked about a controversial questionnaire sent to the DOE by the Trump Administration transition team asking the department to provide a list of all employees who worked on climate change research.

The questionnaire sparked fears that the new Administration, whose leader has been openly hostile to science, would try to purge DOE employees who work on projects Trump doesn’t personally like.

After the DOE refused to provide that information to the transition team in December, the team disavowed the memo and said it was not authorized. Perry seemed to agree that it was improper to ask for the names of career scientists and employees, many of whom served under both Bush and Obama Administrations. “That questionnaire that you reference went out before I was even selected,” Perry said. “I didn’t approve it, I don’t approve of it, I don’t need that information, I don’t want that information.” Senator Cortez Masto (D-NV) asked Perry repeatedly about his opinions on nuclear waste, an issue that has concerned Nevada especially as many of the state’s residents have been vocally against a proposed nuclear waste storage facility near Yucca Mountain. Perry responded diplomatically that nuclear waste is a problem that “this country has been flummoxed by for 30 years, and we have spent billions of dollars on this issue.” But towards the end of the hearing he stopped short of assuring Cortez Masto that the question of Yucca Mountain would be dropped completely. Other senators were concerned about a report that was published in The Hill this morning saying that the Trump team planned “dramatic cuts” across all sectors of federal government, including DOE programs.
In cuts specific to the DOE, the Hill reported that funding for nuclear physics and advanced scientific computing research would be slashed, and that the Office of Electricity, the Office of Energy Efficiency and Renewable Energy, and the Office of Fossil Energy (which focuses on ways to limit greenhouse gases from fossil fuel use) would be totally eliminated. “Square this with me. How do you see your role?” Sen.
Stabenow (D-MI) asked, referencing the reported cuts. Perry said he hadn’t been privy to the conversations that The Hill reports were based on, adding that just because it’s on the Internet “doesn’t mean it’s true.” Later, responding to similar questions from Sen. Hirono (D-HI) about the reported budget cuts, Perry joked that maybe the people in the Trump administration who wanted those cuts will “have the same experience I had and forget that they said that.” A moment of levity broke up the questioning when Sen.

Franken (D-MN) thanked Perry for meeting with him before the hearing in Franken’s office. “I hope you are as much fun on that dais as you were on that couch,” Perry said, initially unaware of how his words painted a much more intimate scene than what actually took place.

The audience giggled. Perry realized what he said, laughed, and added, “May I rephrase that?” Open laughter broke out in the chamber. “Please,” Franken deadpanned. “I think we found our SNL soundbite,” Perry returned. After that exchange, Sen Sanders (I-VT) pressed Perry on whether he believed climate change is a crisis and human actions are to blame. “I believe the climate’s changing,” Perry said. “I believe some of it is naturally occurring, I believe that some of it has been caused by man made activity.” This statement is contrary to the research that has been produced by scientists for decades showing that climate change is human caused. Sanders also pressed Perry to clarify his position on nuclear weapons testing, but Perry resisted giving a clear answer. “I think it’s really important for the US to have a nuclear arsenal that is modern, that is safe,” Perry said, adding that he’d rely on the opinions of DOE scientists to make any relevant judgements. “I think anyone would be of the opinion that if we don’t ever have to test another nuclear weapon that would be a good thing not just for the United States, but for the world.” The nuclear weapons questions were especially pertinent given some of President Elect Trump’s brash statements about nuclear proliferation.

But Perry towed a more mainstream line today, saying “I think nonproliferation is a good thing in a general sense,” all while adding that he couldn’t make a definitive comment until he had a classified briefing. Perry also seemed quite positive about nuclear energy and waste cleanup, telling Senator Flake (R-AZ) that he found the concept of small modular reactors “fascinating” and promising Senator Heinrich (D-NM) that money would be allocated to keep the Waste Isolation Pilot Plant (WIPP) open and safe. Throughout the hearing, Perry repeated that he'd follow an "all of the above" approach to energy, meaning he'd support renewable energy development as well as oil, natural gas, and coal—a reversal from the current administration's efforts to push for non-greenhouse-gas-emitting energy sources. While Perry's tenure as Governor saw a boom in wind energy, he also has close ties to the fossil fuel industry, only this month stepping down from the board of Energy Transfer Partners, the controversial company at the heart of the Dakota Access Pipeline protests.
Stop right now and make sure you've configured it correctly The rise in ransomware attacks on MongoDB installations prompted the database maker last week to issue advice on how to avoid being victimized. As of Sunday, security researcher and Microsoft developer Niall Merrigan identified more than 27,000 MongoDB databases seized by ransomware.

By Tuesday afternoon Pacific Time, an online spreadsheet maintained by Merrigan and fellow security researcher Victor Gevers listed 32,643 victims. The attacks involve hackers who copy data from insecure databases, delete the original, and ask for a ransom of a few hundred dollars worth of Bitcoin to return the stolen data back to the owner. MongoDB, like other NoSQL databases, has suffered from security shortcomings for years.

Trustwave called out MongoDB in 2013.
Security researcher John Matherly did so again in 2015. Where MySQL, PostgreSQL, and other relational databases tend to default to local installation and some form of authorization, MongoDB databases are exposed to the internet by default, and don't require credentials immediately by default. MongoDB's post explains "how to avoid a malicious attack that ransoms your data," but it does so by directing database users to take responsibility for configuring the software securely. Veracode CTO Chris Wysopal in a Twitter post argues that software should be secure as soon as it is installed. "Why isn't the MongoDB security checklist the default?" he said. "Software with insecure default configuration is broken." Infosec bod Gevers, in an interview conducted through Twitter direct messages, said he has criticized MongoDB in the past but insisted that the database owner has to take responsibility for software configuration.
It is, he said, "the responsibility of the owner to use it right." Gevers said he believed the growth in poorly configured MongoDB installations was a reflection of time-to-market pressures. "People are happy to follow a tutorial to install a server, but have no idea what they are doing," he said. He also laid some blame on DevOps automation, which makes it trivial to spin up remote servers without necessarily securing them properly. The security researcher advises following MongoDB's security recommendations, or at the very least blocking port 27017 on your firewall or configuring MongoDB to listen only to 127.0.0.1 in /etc/mongodb.conf, and then restarting the database. A spokesperson for New York City-headquartered MongoDB, in an email interview, insisted that MongoDB is not less secure than relational databases like MySQL and PostgresSQL, and pointed to the company's list of security best practices. "MongoDB has the robust security capabilities that one would expect from a modern database," the spokesperson said. "It is the nature of database software that administrators can switch certain options on and off.

This is not specific to MongoDB, and it is important for the way many applications may be developed." Citing the importance of being open-source software, the spokesperson stressed that the company is committed to the community and its contributions. "Being open-source also means that anyone can download the product and deploy it however they want," the spokesperson added. "Ultimately, database security comes down to two things: well made software and responsible use.

For example, with MongoDB Atlas, our production-ready managed database as a service, access control is enabled by default. Users of MongoDB Cloud Manager or Ops Manager can enable alerts to detect if their deployment is internet exposed." ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub
GoldenEye is a variant of the Petya ransomware. Image: Check Point Cybercriminals are posing as job applicants as part of a new campaign to infect victims in corporate human resources departments with GoldenEye ransomware -- and they're even providing ...
EnlargeGetty Images News reader comments 6 Share this story We covered a ton of legal cases in 2016. The entire Apple encryption saga probably grabbed the gold medal in terms of importance. However, our coverage of a California fisherman who took a government science buoy hostage was definitely our favorite.

The case was dropped in May 2016 after the fisherman gave the buoy back. Among others, we had plenty of laser strike cases to cover.

There were guilty verdicts and sentencing in the red-light camera scandal that consumed Chicago.

The Federal Trade Commission settled its lawsuit with Butterfly Labs, a failed startup that mined Bitcoins.

A man in Sacramento, California, pleaded guilty to one count of unlawful manufacture of a firearm and one count of dealing firearms—he was using a CNC mill to help people make anonymous, untraceable AR-15s. While we do our best to cover a wide variety of civil and criminal cases, there are five that stand out to us in 2017.

These cases range from privacy and encryption, to government-sanctioned hacking, to the future of drone law in America. Drone's up, don't shoot Case: Boggs v. MeridethStatus: Pending in US District Court for the Western District of Kentucky In 2016, we reported on another drone shooting incident (seriously folks, don’t do it!) in Virginia.

A 65-year-old named Jennifer Youngman used her 20-gauge shotgun to take out what many locals believe was a drone flying over her neighbor, Robert Duvall’s, adjacent property. Yes, that Robert Duvall. “The man is a national treasure and they should leave him the fuck alone,” she told Ars. Youngman touched on a concept that many Americans likely feel in their gut but has not been borne out in the legal system: property owners should be able to use force to keep unwanted drones out of their airspace.

But here’s the thing: for now, American law does not recognize the concept of aerial trespass. At this rate, that recognition will likely take years. Meanwhile, drones get more and more sophisticated and less expensive, and they have even spawned an entire anti-drone industry. Legal scholars have increasingly wondered about the drone situation.

After all, banning all aircraft would be impractical.
So what is the appropriate limit? The best case law on the issue dates back to 1946, long before inexpensive consumer drones were feasible.

That year, the Supreme Court ruled in a case known as United States v.

Causby
that Americans could assert property rights up to 83 feet in the air. In that case, US military aircraft were flying above a North Carolina farm, which disturbed the farmer's sleep and upset his chickens.

As such, the court found that Farmer Causby was owed compensation. However, the same decision also specifically mentioned a "minimum safe altitude of flight" at 500 feet—leaving the zone between 83 and 500 feet as a legal gray area. "The landowner owns at least as much of the space above the ground as he can occupy or use in connection with the land," the court concluded. In 2015, a Kentucky man shot down a drone that he believed was flying above his property.

The shooter in that case, William Merideth, was cleared of local charges, including wanton endangerment. By January 2016, the Kentucky drone's pilot, David Boggs, filed a lawsuit asking a federal court in Louisville to make a legal determination as to whether his drone’s flight constituted trespassing.

Boggs asked the court to rule that there was no trespass and that he is therefore entitled to damages of $1,500 for his destroyed drone. Although the two sides have traded court filings for months, the docket has not been updated since June 2016, when Boggs’ attorneys pointed to a recent case out of Connecticut that found in favor of the Federal Aviation Administration’s regulation of drones. As Boggs’ legal team wrote: The Haughwout pleadings are directly relevant to the subject matter jurisdiction issue currently before the court.

The current dispute turns on whether a controversy has arisen that cannot be resolved without the Court addressing a critical federal question—the balance between the protection of private property rights versus the safe navigation of federal airspace.

The Haughwout dispute places this critical question in the context of an administrative investigation.
It highlights, as argued by Mr.

Boggs—and now the FAA—that questions involving the regulation of the flight of unmanned aircraft should be resolved by Federal courts. US District Judge David J. Hale has yet to schedule any hearings on the matter. Flood of torrents Case: United States v.
Vaulin
Status: Pending in the US District Court for the Northern District of Illinois In July 2016, federal authorities arrested the alleged founder of KickassTorrents (KAT).

The arrest was part of what is probably the largest federal criminal complaint in an intellectual property case since Megaupload, which was shuttered in early 2012. (That site’s founder, Kim Dotcom, has successfully beat back efforts to extradite him from New Zealand to the United States. He was ordered extradited a year ago, but that court decision is now on appeal.) In the case of KAT, Ukranian Artem Vaulin, 30, was formally charged with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement.
Vaulin was arrested in Poland, where he remains in custody pending a possible extradition to the United States. Like The Pirate Bay, KAT does not host individual infringing files but rather provides torrent and magnet links so that users can download unauthorized copies of TV shows, movies, and more from various BitTorrent users. According to the 50-page affidavit, Vaulin and KAT’s claims that they respected the Digital Millennium Copyright Act were hogwash.

The affidavit was authored by Jared Der-Yeghiayan, who is a special agent with Homeland Securities Investigations and was also a key witness in the trial of Silk Road founder Ross Ulbricht. Vaulin has since retained Dotcom’s lawyer, Ira Rothken, who has made similar arguments in court filings on behalf of his more famous client. Namely, that there is no such thing as secondary criminal copyright infringement, and while some files uploaded to KAT may have violated copyright, that does not make Vaulin a criminal. Rothken has not yet been able to directly correspond with or even meet his Ukrainian client (and has to do so only through Polish counsel). Nevertheless, he filed a motion to dismiss in October 2016.

The government responded weeks later, and Rothken filed another response on November 18. Prosecutors, for their part, said that the Rothken-Vaulin theory was ludicrous: “For the defendant to claim immunity from prosecution because he earned money by directing users to download infringing content from other users is much like a drug broker claiming immunity because he never touched the drugs.” The two sides met before US District Judge John Z. Lee for a status conference on December 20, 2016. Judge Lee has not yet ruled on the motion to dismiss. Hoarder vs. Hacker Case: United States v. MartinStatus: Pending in the US District Court for the District of Maryland While everyone knows about Edward Snowden and the shockwaves he sent through the intelligence community in 2013, fewer people know the name Harold “Hal” Martin. Martin, like Snowden, was a contractor for the National Security Agency at Booz Allen Hamilton and held a top-secret clearance.
In August, he was arrested and criminally charged with “unauthorized removal and retention of classified materials by a government employee or contractor.” Prosecutors alleged that Martin had a substantial amount of materials that should never have left government custody. Unlike Snowden, it’s unclear whether Martin is simply a “hoarder” (as his own lawyer argued) or whether he was someone who meant to sell, divulge, or disclose classified NSA material. (Recent years have seen several unsolved leaks of classified material, including a source that provided intelligence materials that were published by the German magazine Der Spiegel.
In August 2016, there was the “Shadow Brokers” dump of NSA exploits. Neither leak has been definitively attributed.) Two months later, when news of his arrest became public, Martin was immediately fired and stripped of his clearance.

An October 20 filing states that Martin also took home “six full bankers’ boxes” worth of paper documents, many of which were marked “Secret” or “Top Secret.” The documents are dated from 1996 to 2016. “The weight of the evidence against the Defendant is overwhelming,” the government plainly stated in its filing, which continued: For example, the search of the Defendant’s car revealed a printed email chain marked as “Top Secret” and containing highly sensitive information.

The document appears to have been printed by the Defendant from an official government account. On the back of the document are handwritten notes describing the NSA’s classified computer infrastructure and detailed descriptions of classified technical operations.

The handwritten notes also include descriptions of the most basic concepts associated with classified operations, as if the notes were intended for an audience outside of the Intelligence Community unfamiliar with the details of its operations. The docket in Martin’s case has not advanced since October 31.

For now, he remains in custody. No further hearings have been scheduled. You say NIT, I say malware Case: United States v.

Croghan
Status: Appeal pending in 8th US Circuit Court of Appeals On December 1, a change to a section of the Federal Rule of Criminal Procedure went into effect. Under the revised Rule 41, any magistrate judge is now allowed to issue warrants authorizing government-sanctioned hacking anywhere in the country. Prior to that, magistrates could only sign off on warrants within their own federal district. As Ars has reported previously, for more than two years now, the Department of Justice has pushed to change Rule 41 in the name of thwarting online criminal behavior enabled by tools like Tor. The rule change might have gone unnoticed if not for over 100 child porn cases.

The cases are currently being prosecuted nationwide against suspects accused of accessing a Tor-hidden website called Playpen. Many of those cases have progressed “normally,” or at least as “normally” as child porn cases can progress.

But some suspects have challenged the use of what the government calls a “network investigative technique” (NIT), which security experts have dubbed as malware. As Ars reported before, investigators in early 2015 used the NIT to force Playpen users to cough up their actual IP address, which made tracking them trivial.
In another related case prosecuted out of New York, an FBI search warrant affidavit described both the types of child pornography available to Playpen's 150,000 members and the malware's capabilities. As a way to ensnare users, the FBI took control of Playpen. Playpen users came to the site with their Tor-enabled digital shields down, revealing their true IP addresses.

The FBI was able to identify and arrest nearly 200 child porn suspects.

After 13 days, the FBI shut Playpen down. However, nearly 1,000 IP addresses were revealed as a result of the NIT’s deployment, which suggests that even more charges could be filed. Beau Croghan, a man in Iowa, was one of those hit by this NIT. He’s accused of downloading child porn via Playpen. However, this past year, his case was just one of three in which a judge ruled to suppress the evidence due to a defective warrant. In 2016, federal judges in Massachusetts and Oklahoma made similar rulings and similarly tossed the relevant evidence.

Thirteen other judges, meanwhile, have found that, while the warrants to search the defendants' computers via the hacking tool were invalid, they did not take the extra step of ordering suppression of the evidence.

The corresponding judges in the remainder of the cases have yet to rule on the warrant question. In Croghan’s case, however, US District Judge Robert Pratt seemed to have a clear understanding as to how the NIT worked. He rebuked the government’s arguments. Judge Pratt wrote: Here, by contrast, law enforcement caused an NIT to be deployed directly onto Defendants’ home computers, which then caused those computers to relay specific information stored on those computers to the Government without Defendants’ consent or knowledge.

There is a significant difference between obtaining an IP address from a third party and obtaining it directly from a defendant’s computer. In November, the government appealed the ruling up to the 8th Circuit, arguing that the district court had gotten it wrong: ordering suppression of the evidence was going too far. As prosecutors argued in their November 22 filing: The facts of this case fall comfortably within this body of law and mandate the same result.

Assuming that the NIT Warrant was void because the magistrate judge lacked territorial authority to issue it, and further assuming that the FBI’s use of the NIT thereby amounted to an unconstitutional warrantless search or was somehow prejudicial, suppression is not warranted because the agents acted in objectively reasonable reliance on the subsequently invalidated warrant and were not culpable for the magistrate judge’s purported error. Croghan’s attorneys have been ordered to file their response by January 12, 2017. Hands off Case: United States of America v.
In the matter of a Warrant to Microsoft, Inc.
Status: Appeal pending en banc in 2nd US Circuit Court of Appeals It’s a case that’s being watched closely by many in the privacy community and the tech industry: Apple, the American Civil Liberties Union, BSA The Software Alliance, AT&T, Rackspace, Amazon, and others have joined in as amici. The question before the court was simple: does the Stored Communications Act, an American law that allows domestically held data to be handed over to the government, apply abroad? In other words: can the government order an American company (Microsoft) to give up data held overseas (in this case, in Ireland)? In July 2016, the 2nd Circuit said no. The case dates back to December 2013, when authorities obtained an SCA warrant, which was signed by a judge, as part of a drug investigation.

The authorities served it upon Microsoft, but when the company refused to comply, a lower court held the company in contempt. Microsoft challenged that, too.

The 2nd Circuit has vacated the contempt of court order, writing: The SCA warrant in this case may not lawfully be used to compel Microsoft to produce to the government the contents of a customer’s e‐mail account stored exclusively in Ireland.

Because Microsoft has otherwise complied with the Warrant, it has no remaining lawful obligation to produce materials to the government. What the government hopes would be revealed by acquiring the e-mail is not publicly known.

The authorities have also not revealed whether the e-mail account owner is American or if that person has been charged with a crime related to the drug investigation. On October 13, the government filed its en banc appeal before a full panel of judges at the 2nd Circuit, which has not formally decided to hear the case. As prosecutors wrote in that filing: There is no infringement of the customer’s privacy interest in his email content based on where Microsoft, at any given moment, chooses to store that content. Rather, the privacy intrusion occurs only when Microsoft turns over the content to the Government, which occurs in the United States.

The majority’s conclusion that the intrusion instead occurs where Microsoft “accessed” or “seized” the email content, Op. 39, is plainly wrong, because Microsoft could “access” or “seize” the email content on its own volition at any time and move it into the United States, or to China or Russia, or anywhere it chose, and the content would remain under Microsoft’s custody and control and the subscriber could not be heard to complain, unless and until the content were disclosed to the Government or another party.

This point is amply demonstrated by the concession of both Microsoft and the majority that Microsoft would have to comply with the Warrant if it had chosen (without consulting the subscriber) to move the target email account into the United States, even mere moments before the Warrant was served. Microsoft has not yet filed its response.