Mazin Sidahmed and Nicky Woolf, reporting for The Guardian: A male Saudi Arabian teenager has been arrested in Riyadh over a series of online videos of conversations between him and a female Californian streaming-video star that went viral. A Riyadh police spokesperson, Colonel Fawaz Al-Mayman, said the teenager, known online as Abu Sin, was arrested on Sunday for engaging in "unethical behaviour" in videos with Christina Crockett, a popular broadcaster on the conversational live-streaming site YouNow. Abu Sin's real name is not known. "His videos received many comments and many of the commenters of the general public demanded for him to be punished for his actions," Al-Maymann added, according to the Saudi Gazette. The two amassed thousands of fans on the YouNow network, and later on YouTube after videos of the two speaking were uploaded there. The videos featured Abu Sin -- a nickname given to him for his broken teeth -- and Crockett communicating despite their significant language barriers. The popularity of the videos of the two of them surprised Crockett, she told the Guardian in an interview. As a broadcaster on YouNow, she can invite her fans to join her broadcasts on split-screen, which is known as "guesting."
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
AT&T has confirmed to ArsTechnica that it is getting rid of Internet Preferences, a controversial program that analyzed home internet customers' web browsing habits in order to serve some targeted ads. From the report:"To simplify our offering for our customers, we plan to end the optional Internet Preferences advertising program related to our fastest Internet speed tiers," an AT&T spokesperson said. "As a result, all customers on these tiers will receive the best rate we have available for their speed tier in their area. We'll begin communicating this update to customers early next week." Data collection and targeted ads will be shut off, AT&T also confirmed. Since AT&T introduced Internet Preferences for its GigaPower fiber Internet service in 2013, customers had to opt into the traffic scanning program in order to receive the lowest available rate. Customers who wanted more privacy had to pay another $29 a month for standalone Internet access; bundles including TV or phone service could cost more than $60 extra when customers didn't opt in.
turkeydance quotes a report from Hollywood Reporter: Given the increased frequency of terrorist bombings and mass shootings and an under-lying sense of havoc fed by divisive election politics, it's no surprise that home security is going over the top and hitting luxurious new heights. Or, rather, new lows, as the average depth of a new breed of safe haven that occupies thousands of square feet is 10 feet under or more. Those who can afford to pull out all the stops for so-called self-preservation are doing so -- in a fashion that goes way beyond the submerged corrugated metal units adopted by reality show "preppers" -- to prepare for anything from nuclear bombings to drastic climate-change events. Gary Lynch, GM at Rising S Bunkers, a Texas-based company that specializes in underground bunkers and services scores of Los Angeles residences, says that sales at the most upscale end of the market -- mainly to actors, pro athletes and politicians (who require signed NDAs) -- have increased 700 percent this year compared with 2015, and overall sales have risen 150 percent. Any time there is a turbulent political landscape, we see a spike in our sales. Given this election is as turbulent as it is, "we are gearing up for an even bigger spike," says marketing director Brad Roberson of sales of bunkers that start at $39,000 and can run $8.35 million or more (FYI, a 12-stall horse shelter is $98,500). Adds Mike Peters, owner of Utah-based Ultimate Bunker, which builds high-end versions in California, Texas and Minnesota: "People are going for luxury [to] live underground because they see the future is going to be rough. Everyone I've talked to thinks we are doomed, no matter who is elected." Robert Vicino, founder of Del Mar, Calif.-based Vivos, which constructs upscale community bunkers in Indiana (he believes coastal flooding scenarios preclude bunkers being safely built west of the Rockies), says, "Bill Gates has huge shelters under every one of his homes, in Rancho Santa Fe and Washington. His head of security visited with us a couple years ago, and for these multibillionaires, a few million is nothing. It's really just the newest form of insurance."
Orome1 quotes a report from Help Net Security: Despite high-profile, large-scale data breaches dominating the news cycle -- and repeated recommendations from experts to use strong passwords -- consumers have yet to adjust their own behavior when it comes to password reuse. A global Lab42 survey, which polled consumers across the United States, Germany, France, New Zealand, Australia and the United Kingdom, highlights the psychology around why consumers develop poor password habits despite understanding the obvious risk, and suggests that there is a level of cognitive dissonance around our online habits. When it comes to online security, personality type does not inform behavior, but it does reveal how consumers rationalize poor password habits. My personal favorite: password paradox. "The survey revealed that the majority of respondents understand that their digital behavior puts them at risk, but do not make efforts to change it," reports Help Net Security. "Only five percent of respondents didn't know the characteristics of a secure password, with the majority of respondents understanding that passwords should contain uppercase and lowercase letters, numbers and symbols. Furthermore, 91 percent of respondents said that there is inherent risk associated with reusing passwords, yet 61 percent continue to use the same or similar passwords anyway, with more than half (55 percent) doing so while fully understanding the risk." The report also found that when attempting to create secure passwords, "47 percent of respondents included family names or initials," while "42 percent contain significant dates or numbers and 26 percent use the family pet."
itwbennett writes from a report via CSO Online: After Yahoo raised eyebrows in the security community with its claim that state-sponsored hackers were responsible for the history-making breach, security firm InfoArmor now says it has evidence to the contrary. InfoArmor claims to have acquired some of the stolen information as part of its investigation into "Group E," a team of five professional hackers-for-hire believed to be from Eastern Europe. The database that InfoArmor has contains only "millions" of accounts, but it includes the users' login IDs, hashed passwords, mobile phone numbers and zip codes, said Andrew Komarov, InfoArmor's chief intelligence officer. Earlier this week, Chase Cunningham, director of cyber operations at security provider A10 Networks, called Yahoo's claim of state-sponsored actors a convenient, if trumped up, excuse: "If I want to cover my rear end and make it seem like I have plausible deniability, I would say 'nation-state actor' in a heartbeat." "Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations," Scottsdale, Arizona-based InfoArmor said Wednesday in a report. "The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur."
After recent bombings, the Federal Communications Commission has voted to update the four-year-old emergency smartphone alerts system, which is used by officials to ping smartphones to alert people of severe weather, missing children, terror attacks or other danger. Some of the new changes allow the system to send texts with links to pictures, maps and phone numbers. CNNMoney reports: The agency also voted to allow longer messages -- 360 characters, up from 90 -- and to require wireless providers to support Spanish-language alerts. Wireless carriers will be allowed to support embedded links later this year. They'll be required to next year. The system's limits were on display last week when millions of New Yorkers received a text alert seeking information on Ahmad Khan Rahami, suspected in bombings in New York and New Jersey. "See media for pic," the alert said. Emergency alerts still won't include embedded photos, but commissioners said they're open to the idea. "Vague directives in text about where to find information about a suspect, just as we saw in New York, are not good enough," said Jessica Rosenworcel, an FCC commissioner. "As we move into the 5G future, we need to ensure that multimedia is available in all of our alert messages." Not everyone was so sure. Michael O'Rielly, another commissioner, said adding links and multimedia could jam cell networks during emergencies.
An anonymous reader quotes a report from The Hill: Republican attorneys general in four states are filing a lawsuit to block the transfer of internet domain systems oversight from the U.S. to an international governing body. Texas Attorney General Ken Paxton, Arizona Attorney General Mark Brnovich, Oklahoma Attorney General Scott Pruitt and Nevada Attorney General Paul Laxalt filed a lawsuit on Wednesday night to stop the White House's proposed transition of Internet Assigned Numbers Authority (IANA) functions. The state officials cite constitutional concerns in their suit against the National Telecommunications and Information Administration, U.S. government and the Department of Commerce. "The Obama Administration's decision violates the Property Clause of the U.S. Constitution by giving away government property without congressional authorization, the First Amendment to the U.S. Constitution by chilling speech, and the Administrative Procedure Act by acting beyond statutory authority," a statement released by Paxton's office reads. The attorneys generals claim that the U.S. government is ceding government property, pointing to a Government Accountability Office (GAO) review that "concluded that the transition does not involve a transfer of U.S. government property requiring Congressional approval." Paxton also echoed Texas Sen. Ted Cruz's warnings that the transition could harm free speech on the internet by giving Russia, China and Iran a voice on the international governing body that would oversee internet domain systems. "Trusting authoritarian regimes to ensure the continued freedom of the internet is lunacy," Paxton said. "The president does not have the authority to simply give away America's pioneering role in ensuring that the internet remains a place where free expression can flourish."
An anonymous reader quotes a report from Politico: The FBI concluded that a computer technician working on Clinton's email was not engaged in an illicit cover-up when he asked on the Reddit website for a tool that could delete a "VIP" email address throughout a large file, FBI Director James Comey said Wednesday. Republican lawmakers have suggested that the July 2014 Reddit post from a user believed to be Platte River Networks specialist Paul Combetta showed an effort to hide Clinton's emails from investigators. However, at a House Judiciary Committee hearing Wednesday, Comey said FBI agents concluded that all the computer aide was trying to do was replace Clinton's email address so it wouldn't be revealed to the public. "Our team concluded that what he was trying to do was when they produced emails not have the actual address but have some name or placeholder instead of the actual dot-com address in the 'From:' line," Comey said. Comey said he wasn't sure whether the FBI knew about the Reddit posting when prosecutors granted Combetta immunity to get statements from him about what transpired. However, he added that such a deletion wouldn't automatically be considered an effort to destroy evidence. "Not necessarily ... It would depend what his intention was and why he wanted to do it," the FBI director said.
According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.
A former Verizon technician who worked in Alabama is being accused of selling customers' private call records and location data to an unnamed private investigator. Authorities said the data was sold for more than four years, from 2009 to 2014. The Associated Press reports: [Daniel Eugene Traeger] logged into one Verizon computer system to gain access to customers' call records, authorities said. He used another company system known as Real Time Tool to "ping" cellphones on Verizon's network to get locations of the devices, according to the plea agreement. He then compiled the data in spreadsheets, which he sent to the private investigator for years, the court records show. "Between April 2009 and January 2014, the defendant was paid more than $10,000 in exchange for his provision of confidential customer information and cellular location data to the PL, an unauthorized third party," court records state. Though Traeger was based in the Birmingham area, the court records do not indicate whether the information that was sold involved Verizon Wireless customers in Alabama or elsewhere. He faces up to five years in prison, but prosecutors are recommending a lesser sentence since he accepted responsibility, according to terms of the plea agreement.
CloudFlare has said it cannot shut down piracy websites. The CloudFlare's response comes two months after adult entertainment outfit ALS Scan filed a complaint at a California federal court two months ago in which the company accused the CDN service of various counts of copyright and trademark infringement. From a TorrentFreak report:"CloudFlare is not the operator of the allegedly infringing sites but is merely one of the many intermediaries across the internet that provide automated CDN services, which result in the websites in question loading a bit faster than they would if they did not utilize CDN services." If Cloudflare terminated the accounts of allegedly infringing websites, the sites themselves would still continue to exist. It would just require a simple DNS reconfiguration to continue their operation. "Indeed, there are no measures of any kind that CloudFlare could take to prevent this alleged infringement, because the termination of CloudFlare's CDN services would have no impact on the existence and ability of these allegedly infringing websites to continue to operate," Cloudflare writes. As such, the company argues that it's not "materially contributing" to any of the alleged copyright infringements.
Sadie Gurman and Eric Tucker, reporting for Associated Press:Police officers across the country misuse confidential law enforcement databases to get information on romantic partners, business associates, neighbors, journalists and others for reasons that have nothing to do with daily police work, an Associated Press investigation has found. Criminal-history and driver databases give officers critical information about people they encounter on the job. But the AP's review shows how those systems also can be exploited by officers who, motivated by romantic quarrels, personal conflicts or voyeuristic curiosity, sidestep policies and sometimes the law by snooping. In the most egregious cases, officers have used information to stalk or harass, or have tampered with or sold records they obtained. No single agency tracks how often the abuse happens nationwide, and record-keeping inconsistencies make it impossible to know how many violations occur. But the AP, through records requests to state agencies and big-city police departments, found law enforcement officers and employees who misused databases were fired, suspended or resigned more than 325 times between 2013 and 2015. They received reprimands, counseling or lesser discipline in more than 250 instances, the review found.
The Intercept is reporting that despite what Apple claims, it does keep a log of people you are receiving messages from and shares this and other potentially sensitive metadata with law enforcement when compelled by court order. Apple insists that iMessage conversations are safe and out of reach from anyone other than you and your friends. From the report:This log also includes the date and time when you entered a number, along with your IP address -- which could, contrary to a 2013 Apple claim that "we do not store data related to customers' location," identify a customer's location. Apple is compelled to turn over such information via court orders for systems known as "pen registers" or "tap and trace devices," orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are "likely" to obtain information whose "use is relevant to an ongoing criminal investigation." Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.
In what may be part of the original Democratic National Committee hack, the FBI is currently investigating a possible hack involving the cell phones of a small number of Democratic Party staffers. CNN reports: The development comes on the same day Homeland Security Secretary Jeh Johnson told lawmakers that 18 states have asked for help in warding off cyberattacks on their electronic voting systems. Law enforcement officials have reached out to the staffers individually about "imaging" their phones to search for evidence of hacking, such as malware. Investigators are still probing whether this attempted hack is part of the original breach of Democratic National Committee emails -- which is widely thought to be the work of the Russian government -- or a new hacking attempt. "Our struggle with the Russian hackers that we announced in June is ongoing -- as we knew it would be -- and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen," interim DNC Chairwoman Donna Brazile told CNN. Cybersecurity was a major theme at the debate last night between Republican nominee Donald Trump and Democratic nominee Hillary Clinton. While Clinton blamed the Russians for the "election-related cyberintrusions," Trump said "It could be Russia, but it could also be China. It could also be lots of other people. It could also be somebody sitting on their bed that weighs 400 pounds." We will update this story as it develops.