BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×
EU

EU Lawmakers Back Exports Control on Spying Technology (reuters.com) 30

An anonymous reader shares a report: EU lawmakers overwhelmingly backed plans on Thursday to control exports of devices to intercept mobile phone calls, hack computers or circumvent passwords that could be used by foreign states to suppress political opponents or activists. Members of the European Parliament's trade committee voted by 34 votes to one in favor of a planned update to export controls on "dual use" products or technologies. The EU has had export controls since 2009 on such dual use products including toxins, laser and technology for navigation or nuclear power, which can have a civilian or military applications but also be used to make weapons of mass destruction. The EU has felt that spyware or malware and telecom of Internet surveillance technologies are increasingly threatening security and human rights and proposed a modernization of its export control system to cover cyber-surveillance.
The Internet

Ajit Pai and the FCC Want It To Be Legal for Comcast To Block BitTorrent (theverge.com) 414

Nilay Patel, reporting for The Verge: FCC Chairman Ajit Pai released his proposal to kill net neutrality this week, and while there's a lot to be unhappy with, it's hard not to be taken with the brazenness of his argument. Pai thinks it was a mistake for the FCC to try and stop Comcast from blocking BitTorrent in 2008, thinks all of the regulatory actions the FCC took after that to give itself the authority to prevent blocking were wrong, and wants to go back to the legal framework that allowed Comcast to block BitTorrent.
The Internet

'We Are Disappointed': Tech Companies Speak Up Against the FCC's Plan To Kill Net Neutrality (businessinsider.com) 167

An anonymous reader shares a report from Business Insider: The FCC is planning to kill net neutrality -- and some tech companies are starting to speak out. Pro-net neutrality activists, who argue the principle creates a level playing-field online, are up in arms about the plan. And some tech companies are now speaking out in support of net neutrality as well, from Facebook to Netflix. Business Insider reached out to some of the biggest tech firms in America today to ask for their reaction to the FCC's plan. Their initial responses are below, and we will continue to update this post as more come in.
Google

Google Wipes 786 Pirate Sites From Search Results (torrentfreak.com) 83

Google and several leading Russian search engines have completely wiped 786 "pirate" sites from their search results. That's according to telecoms watch Rozcomnadzor, which reports that the search providers delisted the sites after ISPs were ordered by a Moscow court to permanently block them. TorrentFreak reports: Late July, President Vladimir Putin signed a new law which requires local telecoms watchdog Rozcomnadzor to maintain a list of banned domains while identifying sites, services, and software that provide access to them. [...] Nevertheless, on October 1 the new law ("On Information, Information Technologies and Information Protection") came into effect and it appears that Russia's major search engines have been very busy in its wake. According to a report from Rozcomnadzor, search providers Google, Yandex, Mail.ru, Rambler, and Sputnik have stopped presenting information in results for sites that have been permanently blocked by ISPs following a decision by the Moscow City Court. "To date, search engines have stopped access to 786 pirate sites listed in the register of Internet resources which contain content distributed in violation of intellectual property rights," the watchdog reports. The domains aren't being named by Rozcomnadzor or the search engines but are almost definitely those sites that have had complaints filed against them at the City Court on multiple occasions but have failed to take remedial action. Also included will be mirror and proxy sites which either replicate or facilitate access to these blocked and apparently defiant domains.
Bitcoin

We'll Never Legalize Bitcoin, Says Russian Minister (siliconangle.com) 54

An anonymous reader shares a report: In yet another backflip worthy of the Moscow Circus, a Russian minister has said that the country will never legalize bitcoin, just seven months after another government minister said it was considering making it legal. Minister of Communications and Mass Media Nikolai Nikiforov made the statement this week, saying that "bitcoin is a foreign project for using blockchain technology, the Russian law will never consider bitcoin as a legal entity in the jurisdiction of the Russian Federation." Recognizing that blockchain technology is separate to bitcoin, Nikiforov went on to say that "I think that it is quite possible to use blockchain technology and the use of various digital tokens." Those tokens may constitute a Russian-issued cryptocurrency. TASS reported that "Russia's Communication Ministry has submitted to the government the document containing technical details related to cryptocurrencies adoption."
Privacy

Uber Is Under Investigation By Multiple States Over a 2016 Data Breach (recode.net) 25

Yesterday, it was reported that Uber concealed a massive cyberattack that exposed 57 million people's data. Recode reports that at least five states -- Illinois, Massachusetts, Missouri, New York and Connecticut -- would investigate the matter. From the report: Meanwhile, Uber must contend with the possible threat of a new probe at the Federal Trade Commission. The agency, which acts as the U.S. government's top privacy and security watchdog, penalized Uber for its privacy and security practices just this August. But it may not have known that Uber had suffered a major security breach in 2016, even as they investigated the company at the same time for other, unrelated security missteps. For now, the agency merely said it's "closely evaluating the serious issues raised." And some affected customers are similarly taking action. On Wednesday -- hours after the breach became public -- an Uber user filed a lawsuit accusing the company of negligence and deceptive business practices. The plaintiff, Alejandro Flores, is seeking to represent a class of affected riders and drivers alike.

For one thing, 48 states maintain some version of a law that requires companies that suffer a data breach to communicate what happened to consumers. In most cases, companies must disclose a security incident if hackers steal very sensitive customer data -- such as driver's license numbers, which happened with Uber in late 2016. To that end, the attorneys general in Illinois, Connecticut and New York have said they are probing the breach at Uber -- perhaps with an eye on whether the company skirted state laws. The top prosecutors in other major states, like Pennsylvania and Florida, did not immediately respond to emails on Wednesday seeking comment. California's AG declined to comment.

Network

FCC Ignored Your Net Neutrality Comment, Unless You Made a 'Serious' Legal Argument (theverge.com) 272

An anonymous reader quotes a report from The Verge: The FCC received a record-breaking 22 million comments chiming in on the net neutrality debate, but from the sound of it, it's ignoring the vast majority of them. In a call with reporters yesterday discussing its plan to end net neutrality, a senior FCC official said that 7.5 million of those comments were the exact same letter, which was submitted using 45,000 fake email addresses. But even ignoring the potential spam, the commission said it didn't really care about the public's opinion on net neutrality unless it was phrased in unique legal terms. The vast majority of the 22 million comments were form letters, the official said, and unless those letters introduced new facts into the record or made serious legal arguments, they didn't have much bearing on the decision. The commission didn't care about comments that were only stating opinion. The FCC has been clear all year that it's focused on "quality" over "quantity" when it comes to comments on net neutrality. In fairness to the commission, this isn't an open vote. It's a deliberative process that weighs a lot of different factors to create policy that balances the interests of many stakeholders. But it still feels brazen hearing the commission staff repeatedly discount Americans' preference for consumer protections, simply because they aren't phrased in legal terms.
Facebook

Facebook To Show Users Which Russian Propaganda They Followed (bloomberg.com) 263

An anonymous reader quotes a report from Bloomberg: Facebook will show people which Russian propaganda pages or accounts they've followed and liked on the social network, responding to a request from Congress to address manipulation and meddling during the 2016 presidential election. The tool will appear by the end of the year in Facebook's online support center, the company said in a blog post Wednesday. It will answer the user question, "How can I see if I've liked or followed a Facebook page or Instagram account created by the Internet Research Agency?" That's the Russian firm that created thousands of incendiary posts from fake accounts posing as U.S. citizens. People will see a list of the accounts they followed, if any, from January 2015 through August 2017. Facebook will only be showing people the names of the pages and accounts, not the content. A user will only see what they liked or followed, so if they simply saw IRA content in their news feeds, they won't be notified.
The Internet

Net Neutrality Advocates Plan Protests For December 7 at Verizon Stores (techcrunch.com) 148

Jordan Crook, writing for TechCrunch: During yesterday's announcement of the upcoming vote, the FCC neglected to mention the historic 22 million comments on the issue, the majority of which were opposed to its rollback. In response, protests are being held on December 7 at Verizon retail stores across the country. The protests were organized by Demand Progress, Fight For The Future, and FreePress Action Fund. Here's what the protest organizers have to say on their event page: "Ajit Pai is clearly still working for Verizon, not the public. But he still has to answer to Congress. So we're calling on our lawmakers to do their job overseeing the FCC and speak out against Ajit Pai's plan to gut Title II net neutrality protections and give Verizon and other giant ISPs everything on their holiday wishlist.
Privacy

How a Wi-Fi Pineapple Can Steal Your Data (And How To Protect Yourself From It) (vice.com) 45

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."
Bitcoin

$31 Million In Tokens Stolen From Dollar-Pegged Cryptocurrency Tether 59

Mark Wilson shares a report from BetaNews: All eyes may be on the meteoric rise of Bitcoin at the moment, but it's far from being the only cryptocurrency on the block. Startup Tether issued a critical announcement after it was discovered that "malicious action by an external attacker" had led to the theft of nearly $31 million worth of tokens. Tether is a dollar-pegged cryptocurrency formerly known as Realcoin, and it says that $30,950,010 was stolen from a treasury wallet. The company says it is doing what it can to ensure exchanges do not process these tokens, including temporarily suspending its backend wallet service. Tether knows the address used by the attacker to make the theft, but is not aware of either who the attacker is, or how the attack took place. The company is releasing a new version of its Omni Core software client in what it says is "effectively a temporary hard fork to the Omni Layer."
Security

Ask Slashdot: How Are So Many Security Vulnerabilities Possible? 347

dryriver writes: It seems like not a day goes by on Slashdot and elsewhere on the intertubes that you don't read a story headline reading "Company_Name Product_Name Has Critical Vulnerability That Allows Hackers To Description_Of_Bad_Things_Vulnerability_Allows_To_Happen." A lot of it is big brand products as well. How, in the 21st century, is this possible, and with such frequency? Is software running on electronic hardware invariably open to hacking if someone just tries long and hard enough? Or are the product manufacturers simply careless or cutting corners in their product designs? If you create something that communicates with other things electronically, is there no way at all to ensure that the device is practically unhackable?
Security

Sacramento Regional Transit Systems Hit By Hacker (cbslocal.com) 35

Zorro shares a report from CBS Local: Sacramento Regional Transit is the one being taken for a ride on this night, by a computer hacker. That hacker forced RT to halt its operating systems that take credit card payments, and assigns buses and trains to their routes. The local transit agency alerted federal agents following an attack on their computers that riders may not have noticed Monday. "We actually had the hackers get into our system, and systematically start erasing programs and data," Deputy General Manager Mark Lonergan. Inside RT's headquarters, computer systems were taken down after the hacker deleted 30 million files. The hacker also demanded a ransom in bitcoin, and left a message on the RT website reading "I'm sorry to modify the home page, I'm good hacker, I just want to help you fix these vulnerability."
The Internet

FCC Will Also Order States To Scrap Plans For Their Own Net Neutrality Laws (arstechnica.com) 275

An anonymous reader quotes a report from Ars Technica: In addition to ditching its own net neutrality rules, the Federal Communications Commission also plans to tell state and local governments that they cannot impose local laws regulating broadband service. This detail was revealed by senior FCC officials in a phone briefing with reporters today, and it is a victory for broadband providers that asked for widespread preemption of state laws. FCC Chairman Ajit Pai's proposed order finds that state and local laws must be preempted if they conflict with the U.S. government's policy of deregulating broadband Internet service, FCC officials said. The FCC will vote on the order at its December 14 meeting. It isn't clear yet exactly how extensive the preemption will be. Preemption would clearly prevent states from imposing net neutrality laws similar to the ones being repealed by the FCC, but it could also prevent state laws related to the privacy of Internet users or other consumer protections. Pai's staff said that states and other localities do not have jurisdiction over broadband because it is an interstate service and that it would subvert federal policy for states and localities to impose their own rules.
Privacy

Uber Concealed Cyberattack That Exposed 57 Million People's Data (bloomberg.com) 31

According to Bloomberg, hackers stole the personal data of 57 million customers and drivers from Uber. The massive breach was reportedly concealed by the company for more than a year. From the report: Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers were accessed as well, including some 600,000 U.S. driver's license numbers. No Social Security numbers, credit card details, trip location info or other data were taken, Uber said. At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

Here's how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

Slashdot Top Deals