It Will Soon Be Illegal To Punish Customers Who Criticize Businesses Online

An anonymous reader quotes a report from Ars Technica: Congress has passed a law protecting the right of U.S. consumers to post negative online reviews without fear of retaliation from companies. The bipartisan Consumer Review Fairness Act was passed by unanimous consent in the U.S. Senate yesterday, a Senate Commerce Committee announcement said. The bill, introduced in 2014, was already approved by the House of Representatives and now awaits President Obama’s signature. The Consumer Review Fairness Act — full text available here — voids any provision in a form contract that prohibits or restricts customers from posting reviews about the goods, services, or conduct of the company providing the product or service. It also voids provisions that impose penalties or fees on customers for posting online reviews as well as those that require customers to give up the intellectual property rights related to such reviews. The legislation empowers the Federal Trade Commission to enforce the new law and impose penalties when necessary. The bill also protects reviews that aren’t available via the Internet.

Read more of this story at Slashdot.

Facebook Is Bringing Games Like Pac-Man, Space Invaders To Messenger and Your News Feed

Facebook is launching Instant Games, “a new HTML5 cross-platform gaming experience” that is available on Messenger and Facebook News Feed for both mobile and web users. Since they’re built on the HTML5 mobile web standard, the games load in seconds and don’t need to be downloaded. Instant Games is available in 30 countries and launches with 17 games “from classic developers like Bandai Namco, Konami, and Taito as well as newer studios like Zynga and King,” writes Josh Constine via TechCrunch: The biggest draw of Instant Games is how quick you can start playing. You tap the game controller icon in one of your message threads, choose a game from the list, it loads in seconds, you play a short round, and your high score gets automatically posted to the private or group chat thread. You can even share a stylized high score screenshot that you can Doodle on top of like Snapchat to trash talk your opponents. And if you share a game to the News Feed, friends can jump right into the action from Facebook’s app or website. For now, the platform is in closed beta, but developers can apply to build Instant Games here.

Read more of this story at Slashdot.

Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker

An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer’s hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker’s presence. But there are other scenarios where Laiho’s SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn’t logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer’s hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. “This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt,” Laiho writes on his blog. “The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft’s hard disk encryption) protected machine.” Laiho informed Microsoft of the issue and the company is apparently working on a fix.

Read more of this story at Slashdot.

Religious Experiences Have Similar Effect On Brain As Taking Drugs, Study Finds

A new study published in the journal Social Neuroscience finds through functional MRI scans that religious and spiritual experiences can trigger reward systems like love and drugs. “These are areas of the brain that seem like they should be involved in religious and spiritual experience. But yet, religious neuroscience is such a young field — and there are very few studies — and ours was the first study that showed activation of the nucleus accumbens, an area of the brain that processes reward,” said Dr. Jeffrey Anderson, a neuroradiologist at the University of Utah and lead author of the study. CNN reports: For the study, 19 devout young adult Mormons had their brains scanned in fMRI machines while they completed various tasks. The tasks included resting for six minutes, watching a six-minute church announcement about membership and financial reports, reading quotations from religious leaders for eight minutes, engaging in prayer for six minutes, reading scripture for eight minutes, and watching videos of religious speeches, renderings of biblical scenes and church member testimonials. During the tasks, participants were asked to indicate when they were experiencing spiritual feelings. As the researchers analyzed the fMRI scans taken of the participants, they took a close look at the degree of spiritual feelings each person reported and then which brain regions were simultaneously activated. The researchers found that certain brain regions consistently lit up when the participants reported spiritual feelings. The brain regions included the nucleus accumbens, which is associated with reward; frontal attentional, which is associated with focused attention; and ventromedial prefrontal cortical loci, associated with moral reasoning, Anderson said. Since the study results were seen only in Mormons, Anderson said, more research is needed to determine whether similar findings could be replicated in people of other faiths, such as Catholics or Muslims.

Read more of this story at Slashdot.

Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability

An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency’s network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network’s systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn’t specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, “we became aware of a potential security issue with our computer systems, including e-mail.” The ransomware “encrypted some systems mainly affecting computer workstations,” he said, “as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers.” That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident — which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a “deserialization” attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner’s security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations’ networks.

Read more of this story at Slashdot.