Kaspersky Says Telegram Flaw Used For Cryptocurrency Mining ( 42

According to Kaspersky Lab, hackers have been exploiting a vulnerability in Telegram's desktop client to mine cryptocurrencies such as Monero and ZCash. "Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine," reports Bloomberg. From the report: While analyzing the servers of malicious actors, Kaspersky researchers also found archives containing a cache of Telegram data that had been stolen from victims. The Russian security firm said it "reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger's products."

Seattle To Remove Controversial City Spying Network After Public Backlash ( 83

schwit1 shares a report from Activist Post: Following years of resistance from citizens, the city of Seattle has decided to completely remove controversial surveillance equipment -- at a cost of $150,000. In November 2013, Seattle residents pushed back against the installation of several mesh network nodes attached to utility poles around the downtown area. The American Civil Liberties Union of Washington and privacy advocates were immediately concerned about the ability of the nodes to gather user information via the Wi-Fi connection. The Seattle Times reports on the latest developments: "Seattle's wireless mesh network, a node of controversy about police surveillance and the role of federal funding in city policing, is coming down. Megan Erb, spokeswoman for Seattle Information Technology, said the city has budgeted $150,000 for contractor Prime Electric and city employees to remove dozens of surveillance cameras and 158 'wireless access points' -- little, off-white boxes with antennae mounted on utility poles around the city."

The nodes were purchased by the Seattle Police Department via a $3.6 million grant from the Department of Homeland Security. The Seattle Police Department argued the network would be helpful for protecting the port and for first-responder communication during emergencies. As the Times notes, "the mesh network, according to the ACLU, news reports and anti-surveillance activists from Seattle Privacy Coalition, had the potential to track and log every wireless device that moved through its system: people attending protests, people getting cups of coffee, people going to a hotel in the middle of the workday." However, by November 2013, SPD spokesman Sean Whitcomb announced, "The wireless mesh network will be deactivated until city council approves a draft (privacy) policy and until there's an opportunity for vigorous public debate." The privacy policy for the network was never developed and, instead, the city has now opted to remove the devices at a cost of $150,000. The Times notes that, "crews are tearing its hardware down and repurposing the usable parts for other city agencies, including Seattle Department of Transportation traffic cameras."


Trump Administration Wants To Fire 248 Forecasters At the National Weather Service ( 524

An anonymous reader quotes a report from Fortune: After a year that saw over $300 million in damages from hurricanes, wildfires, and other natural disasters, the Trump administration is proposing significant cuts to the National Weather Service (NWS) and hopes to eliminate the jobs of 248 weather forecasters. The idea, which is part of the 2019 fiscal budget proposal and caught the agency by surprise, is being derided by the NWS's labor union, which says the cuts will impact the reliability of future weather forecasts and warnings. All totaled, the Weather Service faces cuts of $75 million in the initial proposal. Some or all of those cuts could be jettisoned before the bill is voted upon. "We can't take any more cuts and still do the job that the American public needs us to do -- there simply will not be the staff available on duty to issue the forecasts and warnings upon which the country depends," said Dan Sobien, the president of the National Weather Service Employees Organization.

Further reading: The Washington Post
The Internet

Trump's Infrastructure Plan Has No Dedicated Money For Broadband ( 103

An anonymous reader quotes a report from Ars Technica: President Trump's new 10-year plan for "rebuilding infrastructure in America" doesn't contain any funding specifically earmarked for improving Internet access. Instead, the plan sets aside a pool of funding for numerous types of infrastructure projects, and broadband is one of the eligible categories. The plan's $50 billion Rural Infrastructure Program lists broadband as one of five broad categories of eligible projects.

Eighty percent of the program's $50 billion would be "provided to the governor of each state." Governors would take the lead in deciding how the money would be spent in their states. The other 20 percent would pay for grants that could be used for any of the above project categories. Separately, broadband would be eligible for funding from a proposed $20 billion Transformative Projects Program, along with transportation, clean water, drinking water, energy, and commercial space. Trump's plan would also add rural broadband facilities to the list of eligible categories for Private Activity Bonds, which allow private projects to "benefit from the lower financing costs of tax-exempt municipal bonds." The plan would also let carriers install small cells and Wi-Fi attachments without going through the same environmental and historical preservation reviews required for large towers.


Many ID-Protection Services Fail Basic Security ( 47

Paul Wagenseil, writing for Tom's Guide: For a monthly fee, identity-protection services promise to do whatever they can to make sure your private personal information doesn't fall into the hands of criminals. Yet many of these services -- including LifeLock, IDShield and Credit Sesame -- put personal information at risk, because they don't let customers use two-factor authentication (2FA). This simple security precaution is offered by many online services. Without 2FA, anyone who has your email address and password -- which might be obtained from a data breach or a phishing email -- could log in to the account for your identity-protection service and, depending on how the service protects them, possibly steal your bank-account, credit-card and Social Security numbers.

Facebook is Pushing Its Data-tracking Onavo VPN Within Its Main Mobile App ( 40

TechCrunch reports: Onavo Protect, the VPN client from the data-security app maker acquired by Facebook back in 2013, has now popped up in the Facebook app itself, under the banner "Protect" in the navigation menu. Clicking through on "Protect" will redirect Facebook users to the "Onavo Protect -- VPN Security" app's listing on the App Store. We're currently seeing this option on iOS only, which may indicate it's more of a test than a full rollout here in the U.S. Marketing Onavo within Facebook itself could lead to a boost in users for the VPN app, which promises to warn users of malicious websites and keep information secure as you browse. But Facebook didn't buy Onavo for its security protections. Instead, Onavo's VPN allow Facebook to monitor user activity across apps, giving Facebook a big advantage in terms of spotting new trends across the larger mobile ecosystem. For example, Facebook gets an early heads up about apps that are becoming breakout hits; it can tell which are seeing slowing user growth; it sees which apps' new features appear to be resonating with their users, and much more. Further reading: Do Not, I Repeat, Do Not Download Onavo, Facebook's Vampiric VPN Service (Gizmodo).

LoopX Startup Pulls ICO Exit Scam and Disappears with $4.5 Million ( 122

Catalin Cimpanu, writing for BleepingComputer: A cryptocurrency startup named LoopX has pulled an exit scam after collecting around $4.5 million from users during an ICO (Initial Coin Offering) held in the recent weeks. The LoopX team disappeared out of the blue at the start of the week when it took down its website and deleted its Facebook, Telegram, and YouTube channels without any explanation. People who invested in the startup are now tracking funds move from account to account in a BitcoinTalk forum thread, and banding together in the hopes of filing a class action lawsuit.

'Troll' Loses Cloudflare Lawsuit, Has Weaponized Patent Invalidated ( 49

A federal judge in San Francisco has unequivocally ruled against a non-practicing entity that had sued Cloudflare for patent infringement. From a report: The judicial order effectively ends the case that Blackbird -- which Cloudflare had dubbed a "patent troll" -- had brought against the well-known security firm and content delivery network. "Abstract ideas are not patentable," US District Judge Vincent Chhabria wrote in a Monday order. The case revolved around US Patent No. 6,453,335, which describes providing a "third party data channel" online. When the case was filed in May 2017, the invention claims it can incorporate third-party data into an existing Internet connection "in a convenient and flexible way."

Bill Gates: Tech Companies Inviting Government Intervention ( 150

In an interview with Axios on Tuesday, Bill Gates warned Apple and other tech giants that they risk the kind of nightmarish government intervention that once plagued his Microsoft if they act arrogantly. Axios reports: The big picture: "The companies need to be careful that they're not ... advocating things that would prevent government from being able to, under appropriate review, perform the type of functions that we've come to count on." Asked if he sees instances of that now, Gates replied: "Oh, absolutely." Why it matters: With the Big Tech companies feeling they're suddenly drawing unfair scrutiny, this is Microsoft's co-founder saying they're bringing some of the problems on themselves, by resisting legitimate oversight.

US Senators Voice Concern Over Chinese Access To Intellectual Property ( 115

Leaders of the U.S. Senate Intelligence Committee said on Tuesday they were concerned about what they described as China's efforts to gain access to sensitive U.S. technologies and intellectual property through Chinese companies with government ties. From a report: Senator Richard Burr, the committee's Republican chairman, cited concerns about the spread of foreign technologies in the United States, which he called "counterintelligence and information security risks that come prepackaged with the goods and services of certain overseas vendors. The focus of my concern today is China, and specifically Chinese telecoms (companies) like Huawei and ZTE that are widely understood to have extraordinary ties to the Chinese government," Burr said. Senator Mark Warner, the committee's Democratic vice chairman, said he had similar concerns. "I'm worried about the close relationship between the Chinese government and Chinese technology firms, particularly in the area of commercialization of our surveillance technology and efforts to shape telecommunications equipment markets," Warner said.
The Courts

Comcast Sues Vermont Over Conditions On New License Requiring the Company To Expand Its Network ( 180

An anonymous reader quotes a report from VTDigger: Cable television giant Comcast is suing the Vermont Public Utility Commission over the panel's decision to require the company to expand its network and step up support for community access TV if it wants to continue doing business in Vermont. A key issue is the services Comcast must provide to local community access systems that carry municipal government and school board meetings and other local events. The 26 community access systems have been pushing -- against resistance by Comcast -- for high-definition video, greater ability to operate from remote locations, and inclusion in the interactive program guides that Comcast customers can use to decide what to watch. The PUC -- formerly known as the Public Service Board -- in January issued a new 11-year permit for Comcast to operate in Vermont. In July the panel rejected the company's request to drop some of the conditions attached to the permit.

In a lawsuit filed Monday in U.S. District Court in Burlington, Comcast argued that the PUC "exceeded its authority under federal and Vermont law" by imposing "numerous conditions on Comcast's continued cable operations in the state that are arbitrary, unprecedented and will ultimately harm local cable subscribers by resulting in millions of dollars in increased cable costs." It said the commission "did so despite overwhelming record evidence that Vermont cable subscribers do not want to incur any additional costs or fees for the kinds of conditions imposed" in the commission's January order.


Daylight Saving Time Isn't Worth It, European Parliament Members Say ( 425

AmiMoJo shares a report from Ars Technica: Earlier this week, the European Parliament voted 384 to 153 to review whether Daylight Saving Time is actually worth it. Although the resolution it voted on was non-binding, the majority reflected a growing dissatisfaction with a system that has been used by the U.S., Canada, most of Europe, and regions in Asia, Africa, and South America for decades. The resolution asked the European Commission to review the costs and benefits of Daylight Saving Time. If the EU were to abolish Daylight Saving Time, it would need approval of the majority of EU member states and EU Parliament members.

"We think that there's no need to change the clocks," Ireland Member of European Parliament (MEP) Sean Kelly said to Deutsche Welle. "It came in during World War One, it was supposed to be for energy savings -- the indications are that there are very few energy savings, if any -- and there are an awful lot of disadvantages to both human beings and animals that make it outdated at this point."

Slashdot Top Deals