An anonymous reader writes: In an interview today, the author of BrickerBot, a malware that bricks IoT and networking devices, claimed he destroyed over 2 million devices, but he never intended to do so in the first place. His intentions were to fight the rising number of IoT botnets that were used to launch DDoS attacks last year, such as Gafgyt and Mirai. He says he created BrickerBot with 84 routines that try to secure devices so they can't be taken over by Mirai and other malware. Nevertheless, he realized that some devices are so badly designed that he could never protect them. He says that for these, he created a "Plan B," which meant deleting the device's storage, effectively bricking the device. His identity was revealed after a reporter received an anonymous tip about a HackForum users claiming he was destroying IoT devices since last November, just after BrickerBot appeared. When contacted, BrickerBot's author revealed that the malware is a personal project which he calls "Internet Chemotherapy" and he's "the doctor" who will kill all the cancerous unsecured IoT devices.

An anonymous reader shares: MIT no longer owns 18.0.0.0/8. That's a very big block of scarce IPv4 addresses that have become available again. One block inside this /8, more specifically 18.145.0.0/16, was transferred to Amazon.

An anonymous reader quotes a report from Fortune: The Navy and Marine Corps issued new regulations that ban members from sharing nude photographs following a scandal involving military personnel sharing intimate pictures of their female colleagues -- some of which were taken without their knowledge -- in a secret Facebook group. The new statute, which was signed Tuesday by Acting Navy Secretary Sean Stackley, went into effect immediately and will be made permanent when the next edition of the Navy's regulations is printed, according to Navy Times. Military courts will handle violations of the new rule. The crackdown comes after a Facebook group was uncovered featuring naked photos of female service members. The group was eventually shut down by Facebook after a request from the Marine Corps. The Center for Investigative Reporting found that some of the photographs posted on the Facebook group may have been taken consensually, but others may not have been.

An anonymous reader quotes a report from TorrentFreak: Former Pirate Bay spokesperson and co-founder Peter Sunde has just announced his latest venture. Keeping up his fight for privacy on the Internet, he's launching a new company called Njalla, that helps site operators to shield their identities from prying eyes. The name Njalla refers to the traditional hut that Sami people use to keep predators at bay. It's built on a tall stump of a tree or pole and is used to store food or other goods. On the Internet, Njalla helps to keep people's domain names private. While anonymizer services aren't anything new, Sunde's company takes a different approach compared to most of the competition. With Njalla, customers don't buy the domain names themselves, they let the company do it for them. This adds an extra layer of protection but also requires some trust. A separate agreement grants the customer full usage rights to the domain. This also means that people are free to transfer it elsewhere if they want to.

"Back in the days, Cisco fixed the vulnerability, but we are not sure about all other router vendors and models because there are too many of them," writes the DefenseCode team. Orome1 quotes a new report from Help Net Security: Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers. The flaw was actually found in Broadcom's UPnP implementation used in popular routers, and ultimately the researchers extended the list of vulnerable routers to encompass devices manufactured by the likes of ASUS, D-Link, Zyxel, US Robotics, TP-Link, Netgear, and others. Since there were millions of vulnerable devices out there, the researchers refrained from publishing the exploit they created for the flaw, but now, four years later, they've released their full research again, and this time they've also revealed the exploit. The researchers pointed out that most users don't update their router's firmware -- meaning many routers may still be vulnerable.

An anonymous reader quotes a report from WRGB: The discovery of two working computers hidden in a ceiling at the Marion Correctional Institution prompted an investigation by the state into how inmates got access. In late July, 2015 staff at the prison discovered the computers hidden on a plywood board in the ceiling above a training room closet. The computers were also connected to the Ohio Department of Rehabilitation and Correction's network. Authorities say they were first tipped off to a possible problem in July, when their computer network support team got an alert that a computer "exceeded a daily internet usage threshold." When they checked the login being used, they discovered an employee's credentials were being used on days he wasn't scheduled to work. That's when they tracked down where the connection was coming from and alerted Marion Correctional Institution of a possible problem. Investigators say there was lax supervision at the prison, which gave inmates the ability to build computers from parts, get them through security checks, and hide them in the ceiling. The inmates were also able to run cabling, connecting the computers to the prison's network. Furthermore, "investigators found an inmate used the computers to steal the identify of another inmate, and then submit credit card applications, and commit tax fraud," reports WRGB. "They also found inmates used the computers to create security clearance passes that gave them access to restricted areas."

An anonymous reader quotes a report from Ars Technica: The Google Assistant, Google's voice assistant that powers the Google app on Android phones, tablets, and Google Home, has just gotten a major downgrade. In a move reminiscent of all the forced and user-hostile Google+ integrations, Google has gutted the Google Assistant's shopping list functionality in order to turn it into a big advertisement for Google's shopping site, Google Express. The shopping list has been a major feature of the Google Assistant. You can say "Add milk to my shopping list," and the Google Assistant would dutifully store this information somewhere. The shopping list used to live in Google Keep. Keep is Google's primary note-taking app, making it a natural home for the shopping list with lots of useful tools and management options. Now the shopping list lives in Google Express. Express is an online shopping site, and it has no business becoming a dedicated place to store a shopping list that probably has nothing to do with Google's online marketplace. Since Google Express is an online shopping site (and, again, has no business having a note-taking app grafted onto it), the move from Keep to Google Express means the Assistant's shopping list functionality loses the following features: Being able to reorder items with drag and drop; Reminders; Adding images to the shopping list; Adding voice recordings to the shopping list; Real time collaboration with other users (Express has sharing, but you can't see other people as they type -- you have to refresh.); Android Wear integration; Desktop keyboard shortcuts; Checkbox management: deleting all checked items, unchecking all items, hiding checkboxes. Alternatively, the move from Keep to Google Express means the Assistant shopping list gains the following features: Google Express advertising next to every list item; Google Express advertising at the bottom of the page.

McDonald's Australian subsidiary is now accepting job applications via Snapchat. Specifically, McDonald's wants potential candidates to send the company a 10-second video using a filter that shows them wearing a McDonald's uniform. Matthew Hughes reports via The Next Web: The job applications, which McDonalds calls "Snaplications" (I vomited a little), will be the first step in the recruitment process. The company will then review the submissions, pick out the favorites, and send digital applications to those selected. Speaking to Australian news website news.com.au, McDonald's Australia COO Shaun Ruming said the company is looking for applicants with a "bubbly personality." He also added that he'd "learned a lot about Snapchat recently from my 14-year-old daughter."

An anonymous reader quotes a report from The Verge: Most Americans want to let local governments build out internet service if the internet providers in their area aren't any good, according to the Pew Research Center. In a phone survey of over 4,000 people last month, Pew found that 70 percent of respondents agreed that local governments should have the power to start their own high-speed networks if current offerings are "too expensive or not good enough." The results show an overwhelming support for municipal broadband -- networks that are at least somewhat run by local governments -- at a time when encouraging broadband buildout is a top federal priority. But despite the support, in much of the US, building out municipal networks just isn't possible. More than 20 states have passed laws banning local governments from starting their own broadband service, largely at the behest of internet providers that want to avoid competition at all cost. Though Pew's survey found some positive results for municipal broadband, it found less support for broadband subsidies for low-income homes. Under half of all Americans, 44 percent, said they supported subsidies, while nearly everyone else surveyed said they felt internet service "is affordable enough" that most households should be able to pay for it. (At the same time, nearly half of all people surveyed said they didn't know what speed of internet they received.)

"The transition to internet protocol version 6 has opened up a whole new range of threat vectors that allow attackers to set up undetectable communications channels across networks, researchers have found." Slashdot reader Bismillah summarizes a report from IT News. Researchers at NATO's Cooperative Cyber Defence Centre of Excellence and Estonia's University of Tallinn have worked out how to set up communications channels using IPv6 transition mechanisms, to exfiltrate data and for systems control over IPv4-only and dual-stack networks -- without being spotted by network intrusion detection systems.
The article argues that "Since IPv6 implementations and security solutions are relatively new and untested, and systems engineers aren't fully aware of them, the new protocol can become a network backdoor attackers can exploit undetected." The researchers' paper is titled "Hedgehog In The Fog."

The end of the FCC's spectrum auction last week "should give a clear indication of how much space will be available in each TV market for Super Wi-Fi," according to the Bay Area Newsgroup. An anonymous reader quotes their report: [T]he technology has promised speedy internet for rural citizens and to help urban dwellers get connected in buildings and rooms that are now twilight zones for Wi-Fi signals... And because the spectrum is regulated and largely reserved for television signals, Super Wi-Fi transmissions don't have to contend with interference from random devices like microwaves or cordless phones, as do signals in other wireless bands. Super Wi-Fi signals generally won't be as fast as regular Wi-Fi signals, but for many customers, they'll be faster and provide better service than what they'd get otherwise...

It's widely expected that there will be plenty of room for Super Wi-Fi in rural areas where there are few television signals, which is why companies like Cal.net and Q-Wireless have pressed forward with the technology even before the auction closes. The big question is whether regulators will preserve sufficient space for Super Wi-Fi in areas like New York and Los Angeles where there are lots of broadcast stations and in cities like Detroit and San Diego that have to share the airwaves with cities from other countries. If there's not enough space in those areas, Super Wi-Fi, in this country at least, will likely be relegated to rural areas.

A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that's no longer supported but still widely used. From a report on PCWorld: The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003. Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.

The First Responder Network, FirstNet, an independent arm of the Department of Commerce, has awarded a contract to AT&T to build a nationwide wireless broadband network to better equip first responders. "FirstNet will provide 20MHz of high-value, telecommunications spectrum and success-based payments of $6.5 billion over the next five years to support the network buildout," AT&T said in its announcement. Reuters reports: The effort to set up a public safety network was triggered by communications failures during the Sept. 11, 2001 attacks, when first responders were unable to effectively communicate as they used different technologies and networks. The FirstNet network will help emergency medical personnel, firefighters and police officers communicate vital information on one single network in real time, as opposed to using thousands of separate, incompatible systems. The rollout of the network, which will cover will cover all states, five U.S. territories and the District of Columbia, will begin later this year, AT&T said on Thursday. AT&T will spend about $40 billion over the period of the 25-year agreement to build, operate and maintain the network.

Comcast has been testing its Xfinity prepaid internet service for several years and now it appears to be ready for the masses. "The package allows consumers to pay for internet service on a pay-as-you-go basis, with refills ranging from seven to 30 days," reports The Verge. From the report: Comcast is partnering with Boost Mobile to sell the $80 prepaid internet starter kits, which come with a wireless DOCSIS 3.0 gateway and 30 days of service. Download speeds measure up to 10 Mbps downstream and 1 Mbps for uploads, and refills start at $15 for one week. The prepaid plans works anywhere within Xfinity's coverage area, and while there's no credit check involved, you do have to be 18 years or older to sign up. The partnership also gives Boost Mobile customers $5 off refills. At launch, customers will be able to find the the Xfinity starter kits at Boost Mobile stores around Illinois, Michigan, Pennsylvania, and Texas. The company plans to roll out the kits to all 4,000 stores (that are within Comcast's coverage area) by the end of the year.

Cisco has built a new network operating system that will allow users to run its most sophisticated networking features on older and lower-cost Cisco routers and switches, according to a report. From a report: The move to potentially disrupt its networking hardware business was first reported by The Information, which said that Cisco, for now, is not looking to have its network operating system available for non-Cisco switches. Customers who want to run the new operating system, known as Lindt, will be able to move away from switches based on proprietary high-performance Cisco chips to Cisco hardware that works with lower-cost chips, according to the report.

An anonymous reader quotes a report from Bleeping Computer: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting -- Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel's method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV's background processes, meaning users won't notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA's Weeping Angel toolkit, which makes his work even more impressing. Furthermore, Scheel says that "about 90% of the TVs sold in the last years are potential victims of similar attacks," highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe. At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV. Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.

An anonymous reader shares a report: For years, Apple's App Store, the place where people download apps for games and social networking services on their iPhones, has generated far more revenue worldwide than its Android competitors. This year, things are changing: The App Store will fall second to the amount of revenue generated by Android app distributors, predicts analytics firm App Annie. In 2017, the App Store will generate $40 billion in revenue, while Android app stores run by Google and other parties will generate $41 billion, App Annie said. That gap is expected to widen in 2021, with Android app stores generating $78 billion in revenue and Apple's App Store at $60 billion in revenue, according to App Annie's report released on Wednesday. The surge in revenue for Android comes from a growing number of consumers in China who are buying Android phones and are willing to pay for apps. In 2021, App Annie expects there to be eight Android smartphone users to every single iPhone user in China.

BrianFagioli writes: Google is an essential member of the open source community. The search giant contributes some really great projects, offering code to be used many -- it claims more than 2,000 such contributions! Heck, the company even hosts the annual Summer of Code program, where it pairs students with open source projects teams. In other words, Google is helping to get young folks excited about open source. Today, Google announced that it is launching an all-new website to focus on open source. It is not a general open source site, but a destination to learn more about the search-giant's relationship with it. "Today, we're launching opensource.google.com, a new website for Google Open Source that ties together all of our initiatives with information on how we use, release, and support open source. This new site showcases the breadth and depth of our love for open source. It will contain the expected things: our programs, organizations we support, and a comprehensive list of open source projects we've released. But it also contains something unexpected: a look under the hood at how we 'do' open source," says Will Norris, Open Source Programs Office, Google.

dryriver writes: A company named Arca Noae is working on a new release of the X86 OS/2 operating system code named "Blue Lion" and likely called ArcaOS 5 in its final release. Blue Lion wants to be a modern 21st Century OS/2 Warp, with support for the latest hardware and networking standards, a modern accelerated graphics driver, support for new cryptographic security standards, full backward compatibility with legacy OS/2, DOS and Windows 3.1 applications, suitability for use in mission-critical applications, and also, it appears, the ability to run "ported Linux applications". Blue Lion, which appears to be in closed beta with March 31st 2017 cited as the target release date, will come with up to date Firefox browser and Thunderbird mail client, Apache OpenOffice, other productivity tools, a new package manager, and software update and support subscription to ensure system stability. It is unclear from the information provided whether Blue Lion will be able to run modern Windows applications.

According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.