Presto Vivace quotes a report from FedScoop: "Cybersecurity issues must be addressed during the design phase for the entire 5G ecosystem, including devices. This will place a premium on collaboration among all stakeholders," said FCC chairman Tom Wheeler during a National Press Club event on June 20. "We continue to prefer an approach that emphasizes that industry develop cybersecurity standards just as we have done in wired networks." The FCC published a request Wednesday for comment on a new set of proposed 5G rules to the Federal Register focused on adding specific "performance requirements" for developers of example internet-connected devices. If a company hopes to secure a license to access higher-frequency 5G spectrum in the future then they will need to adhere to these specific requirements -- in other words, compliance is non-negotiable. Notably, these FCC "performance requirements" now include the submission of a network security plan. The report adds: "A quick review of the FCC's proposed 5G cybersecurity plan shows a six category split, organized by a companies' security approach, coordination efforts, standards and best practices, participation with standards bodies, other security approaches and plans with information sharing organizations. Security plans must be submitted to the commission at least six months before a 5G-ready product enters the market, according to the notice."
One of the world's most evasive digital arms dealers is believed to have been taking advantage of three security vulnerabilities in popular Apple products in its efforts to spy on dissidents and journalists, reports The New York Times. (Editor's note: the link could be paywalled, here's an alternate source). From the report: Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target's mobile phone, was responsible for the intrusions. The NSO Group's software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user. In response, Apple on Thursday released a patched version of its mobile software, iOS 9.3.5. Users can get the patch through a normal software update.The Washington Post reports that these "zero-day" flaws were previously used by the governments to take over victims' phones by tricking them into clicking on a link to a text message. Motherboard says that this is the first time anyone has uncovered such an attack in the wild. "Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars."
An anonymous reader writes: Reportedly, in a national campaign aided by more than 30,000 airwave monitors, in over past six months, more than 500 sets of equipment for making unauthorised radio broadcasts were seized in China. The campaign, launched on February 15 by the State Council, resulted in 1,796 cases related to illegal radio stations, after 301,840 hours of monitoring from February to July, according to an online statement by the Ministry of Industry and Information Technology. The number of incidents was down by 50 per cent from April to August, the China Daily quoted the statement as saying. So-called pirate radios have appeared in most parts of China since 2015 and this "has been a channel for criminals to defraud and promote aphrodisiacs, along with counterfeit and poor-quality medicine," according to the Ministry of Public Security's Criminal Investigation Department. The operating cost of a pirate radio is low, but profit can be high. A pirate radio station that broadcasts advertisements for aphrodisiacs can pocket more than 70,000 yuan ($10,500) a month, with an overhead cost of no more than 10,000 yuan, investigators said in a post on Sina Weibo. It said most spare parts for broadcasting equipment can be bought on the internet.
An anonymous reader writes from a report via Gizmodo: "Two Harvard undergraduates have created a service called Legalist that uses what they call 'data-backed litigation financing,' analyzing civil lawsuits with an algorithm to predict case outcomes and determine which civil lawsuits are worth investing in," reports Gizmodo. The process is very similar to what billionaire Peter Thiel did when he secretly funded a lawsuit from Hulk Hogan against Gawker Media. "Legalist says it uses an algorithm of 58 different variables including, as [Legalist cofounder] Eva Shang told the Silicon Valley Business Journal, who the presiding judge is and the number of cases the judge is currently working on. The algorithm has been fed cases dating back to 1989 and helps people figure out how long a case will last and the risks associated with it. In a presentation at Y Combinator's Demo Day on Tuesday [Legalist was developed as part of Y Combinator's Summer 2016 class], the founders claimed that the startup funded one lawsuit for $75,000 and expects a return of more than $1 million. Shang says the $1.40 is earned for every $1 spent in litigation financing, which can prove to be a profitable enterprise when you're spending hundreds of thousands of dollars." Shang told Business Insider in reference to the Gawker lawsuit, "That's the kind of thing we're staying away from here." The company will supposedly be focusing on commercial and small-business lawsuits, and will not be backing lawsuits by individuals.
Hewlett-Packard started laying off workers in 2012, before it separated into HP Inc. and HP Enterprise last year. The company has continued to cut thousands of jobs since. As a result of the "restructuring," an age discrimination lawsuit has been filed by four former employees of HP alleging they were ousted amid a purge of older workers. The Mercury News reports: "The goal 'was to make the company younger,' said the complain filed Aug. 18 in U.S. District Court in San Jose. 'In order to get younger, HP intentionally discriminated against its older employees by targeting them for termination [...] and then systematically replacing them with younger employees. HP has hired a disproportionately large number of new employees under the age of 40 to replace employees aged 40 and older who were terminated.' Arun Vatturi, a 15-year Palo Alto employee at HP who was a director in process improvement until he was laid off in January at age 52, and Sidney Staton, in sales at HP in Palo Alto for 16 months until his layoff in April 2015 at age 54, have joined in the lawsuit with a former employee from Washington, removed at age 62, and one from Texas, out at age 63. The group is seeking class-action status for the court action and claims HP broke state and federal laws against age discrimination." The lawsuit also alleges that written guidelines issued by HP's human resources department mandated that 75 percent of all hires outside of the company be fresh from school or "early career" applicants.
An anonymous reader shares a TorrentFreak report: In recent months CloudFlare has been called out repeatedly for offering its services to known pirate sites, including The Pirate Bay. These allegations have now resulted in the first lawsuit after adult entertainment publisher ALS Scan filed a complaint against CloudFlare at a California federal court. [...] Copyright holders are not happy with CloudFlare's actions. Just recently, the Hollywood-affiliated group Digital Citizens Alliance called the company out for helping pirate sites to stay online. Adult entertainment outfit ALS Scan agrees and has now become the first dissenter to take CloudFlare to court. In a complaint filed at a California federal court, ALS describes piracy as the greatest threat to its business. The rise of online piracy has significantly hurt the company's profits, they argue, noting that "pirate" sites are not the only problem. "The problems faced by ALS are not limited to the growing presence of sites featuring infringing content, or 'pirate' sites. A growing number of service providers are helping pirate sites thrive by supporting and engaging in commerce with these sites," ALS writes.
Singapore is planning to cut off web access for public servants as a defence against potential cyber attack, Reuters reports. The local government's move has already been criticized by many, who say that it marks a retreat for a technologically advanced city-state that has trademarked the term "smart nation". From an article on The Guardian: Some security experts say the policy, due to be in place by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve. It may only raise slightly the defensive walls against cyber attack, they say. Ben Desjardins, director of security solutions at network security firm Radware, called it "one of the more extreme measures I can recall by a large public organisation to combat cyber security risks." Stephen Dane, a Hong Kong-based managing director at networking company Cisco Systems, said it was "a most unusual situation" and Ramki Thurimella, chair of the computer science department at the University of Denver, called it both "unprecedented" and "a little excessive".
Sony is expected to announce two new PlayStation 4 consoles at a scheduled event on September 7th in New York City, but as that date nears more leaks of the consoles have emerged. The most recent leak appears to show the upcoming PlayStation 4 Slim, which Sony is trying to remove from the internet by taking down news articles from social media accounts about the leak. Erik Kain via @erikkain on Twitter tweeted (Tweet no longer exists): "Sony issued a takedown and had this post removed from my Facebook page: https://t.co/fIjP0buTdY (Warning: may be paywalled)." Techdirt reports: "[The Forbes post] references the work Eurogamer did in visiting the leaker of the image to confirm the console is for real (it is), as well as generating its own image and even video of the console working for its story on the leak. But if you go today to the Eurogamer post about the leak, the video has been replaced by the following update. UPDATE, 7.30pm: Upon taking legal advice, we have removed the video previously referenced in this article. Left unsaid is whether or not any contact had been made by Sony with Eurogamer, thus prompting this 'legal advice,' but one can imagine that being the case, particularly given Sony's threats to social media users sharing images and reporting of Sony leaks and, more to the point, threats against any media that might report on those leaks."
An anonymous reader quotes a report from Reuters: Fitbit did not steal rival Jawbone's trade secrets, a U.S. International Trade Commission judge ruled on Tuesday, dashing Jawbone's hopes of securing an import ban against Fitbit's wearable fitness tracking devices. The judge, Dee Lord, said that there had been no violation of the Tariff Act, which gives the commission the power to block products that infringe U.S. intellectual property, because "no party has been shown to have misappropriated any trade secret." The ruling means Jawbone comes away with nothing from a complaint it filed with the trade agency in July 2015, accusing Fitbit of infringing six patents and poaching employees who took with them confidential data about Jawbone's business, such as plans, supply chains and technical details. Jawbone first sued Fitbit last year over trade secret violations in California state court, where the case is still pending. The companies, both based in San Francisco, are also litigating over patents in federal court.
blottsie quotes a report from the Daily Dot: Over a four-year period, the FBI authorized informants to break the law more than 22,800 times, according to newly reviewed documents. Official records obtained by the Daily Dot under the Freedom of Information Act show the Federal Bureau of Investigation gave informants permission at least 5,649 times in 2013 to engage in activity that would otherwise be considered a crime. In 2014, authorization was given 5,577 times, the records show. USA Today previously revealed confidential informants engaged in "otherwise illegal activity," as the bureau calls it, 5,658 times in 2011. The figure was at 5,939 the year before, according to documents acquired by the Huffington Post. In total, records obtained by reporters confirm the FBI authorized at least 22,823 crimes between 2011 and 2014. Unfortunately, many of those crimes can have serious and unintended consequences. One of the examples mentioned in the Daily Dot's report was of an FBI informant who "was responsible for facilitating the 2011 breach of Stratfor in one of the most high-profile cyberattacks of the last decade. While a handful of informants ultimately brought down the principal hacker responsible, the sting also caused Stratfor, an American intelligence firm, millions of dollars in damages and left and estimated 700,000 credit card holders vulnerable to fraud."
The Office of the Privacy Commissioner of Canada said Tuesday that the Canada-based online dating and social networking service Ashely Madison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs. CBC.ca reports: "In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers. The hack stole correspondence, identifying details and even credit card information from millions of the site's users. The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts. Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn't do enough to guard against being hacked. The company even adorned its website with the logo of a 'trusted security award' -- a claim the company admits it fabricated." The report found that "poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company" and that "much of the company's efforts to monitor its own security were 'focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data.'" What's more is that Ashley Madison continued to store personal information of its users even after some of which had deleted or deactivated their account(s). These people then had their information included in databases published online after the hack.
Joe Mullin, writing for ArsTechnica: Even as WikiLeaks founder Julian Assange sits trapped in the Ecuadorean embassy, the WikiLeaks website continues to publish the secrets of various governments worldwide. But that's not all it's publishing. A report today by the Associated Press highlights citizens who had "sensitive family, financial or identity records" published by the site. "They published everything: my phone, address, name, details," said one Saudi man whose paternity dispute was revealed in documents published by the site. "If the family of my wife saw this... Publishing personal stuff like that could destroy people." One document dump, from Saudi diplomatic cables, held at least 124 medical files. The files named sick children, refugees, and patients with psychiatric conditions. In one case, the cables included the name of a Saudi who was arrested for being gay. In Saudi Arabia, homosexuality is punishable by death. In two other cases, WikiLeaks published the names of teenage rape victims. "This has nothing to do with politics or corruption," said Dr. Nayef al-Fayez, who had a patient with brain cancer whose personal details were published.
Facebook knows a lot more about its users than they think. For instance, the New York Times reports, the company is categorizing its users as liberal, conservative, or moderate. These details are valuable for advertisers and campaign managers, especially ahead of the election season. From a BusinessInsider report: For some, Facebook is able to come to conclusions about your political leanings easily, if you mention a political party on your page. For those that are less open about politics on social media, Facebook makes assumptions based on pages you like. As The New York Times explained, if you like Ben and Jerry's Facebook page and most of the other people that like that page identify as liberal, Facebook might assume you too are liberal.
Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at the New York Times and other U.S. news organizations, reports CNN, citing US officials briefed on the matter. From the report: The intrusions, detected in recent months, are under investigation by the FBI and other US security agencies. Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said. "Like most news organizations we are vigilant about guarding against attempts to hack into our systems," said New York Times Co. spokeswoman Eileen Murphy. "There are a variety of approaches we take up to and including working with outside investigators and law enforcement. We won't comment on any specific attempt to gain unauthorized access to The Times." The breaches targeting reporters and news organizations are part of an apparent surge in cyber attacks in the past year against entities beyond US government agencies.