Trust the World's Fastest VPN with Your Internet Security & Freedom with PureVPN - 79% off. ×

WhatsApp Blocked in Brazil for 72 Hours Over Data Dispute ( 51

An anonymous reader cites an article on TechCrunch: WhatsApp, Facebook's messaging service that recently rolled out end-to-end encryption to its users, will be blocked in Brazil for 72 hours, starting this afternoon. A Brazilian judge ordered telecom providers in the country to block WhatsApp today in a dispute over access to encrypted data. Judge Marcel Montalvao has ordered WhatsApp to turn over chat records related to a drug investigation, but WhatsApp has argued that it cannot access the chats in an unencrypted form and therefore cannot provide the required records to the court. [...] This isn't Montalvao's first clash with WhatsApp, which boasts more than 100 million Brazilian users. The judge ordered the arrest of Facebook's vice president for Latin America, Diego Dzodan, in March. Facebook has said that WhatsApp operates with relative independence and that Dzodan has no control over WhatsApp data.American lawyer and journalist Glenn Greenwald said: "WhatsApp shut down again in Brazil as of 1 pm ET today: used by 100m people, 91% of those online: all from 1 judge."

Wireless Carriers To Adopt New Real-Time Text Protocol By December 2017 ( 28

An anonymous reader quotes a report from Engadget: The FCC is ready to adopt a proposal that'll bring a new protocol to wireless networks to help people with disabilities communicate. It's called real-time text (RTT) and will be a replacement for the aging teletypewriter devices that let users transmit text conversations over traditional phone lines. According to the FCC's statement, RTT will "allow Americans who are deaf, hard of hearing, speech disabled or deaf-blind to use the same wireless communications devices as their friends, relatives and colleagues, and more seamlessly integrate into tomorrow's communications networks." The big differentiator for RTT over current, commonly-used text-based messaging systems is that RTT messages are sent immediately as they're typed. The RTT technology will let text users communicate with people on voice-based phones and vice versa; it can also work easily in your standard smartphone, eliminating the need for specialized equipment. The proposal calls for RTT to roll out over wireless networks run by "larger carriers" by December of 2017.

GCHQ Has Disclosed Over 20 Vulnerabilities This Year ( 29

Joseph Cox, reporting for Motherboard: Earlier this week, it emerged that a section of Government Communications Headquarters (GCHQ), the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen individual vulnerabilities in the past few months, including in highly popular pieces of software like iOS. "So far in 2016 GCHQ/CESG has disclosed more than 20 vulnerabilities across a number of software products," a GCHQ spokesperson told Motherboard in an email. CESG, or the National Technical Authority for Information Assurance, is the information security wing of GCHQ. Those issues include a kernel vulnerability in OS X El Captain v10.11.4, the latest version, that would allow arbitrary code execution, and two in iOS 9.3, one of which would have done largely the same thing, and the other could have let an application launch a denial of service attack.

House Passes Email Privacy Act, Requiring Warrants For Obtaining Emails ( 61

An anonymous reader quotes a report from TechCrunch: The U.S. House of Representatives has passed H.R. 699, the Email Privacy Act, sending it on to the Senate and from there, hopefully anyhow, to the President. The yeas were swift and unanimous. The bill, which was introduced in the House early last year and quickly found bipartisan support, updates the 1986 Electronic Communications Privacy Act, closing a loophole that allowed emails and other communications to be obtained without a warrant. It's actually a good law, even if it is arriving a couple of decades late. "Under current law, there are more protections for a letter in a filing cabinet than an email on a server," said Congresswoman Suzan Delbene during the debate period. An earlier version of the bill also required that authorities disclose that warrant to the person it affected within 10 days, or 3 if the warrant related to a government entity. That clause was taken out in committee -- something trade groups and some of the Representatives objected to as an unpleasant compromise.

India Makes It Compulsory For Phones To Have a 'Panic Button' ( 96

Reader itwbennett writes: Starting in January 2017, all feature phones sold in India will need to have a panic button that will alert "police, designated friends and relatives, for immediate response in case of distress or security related issues," said Minister of Communications, Ravi Shankar Prasad, on Twitter late Tuesday. The measure is one of many responses by the Indian government to the growing women safety issues in the country. Furthermore, starting in January 2018, mobile phones will also be required to have GPS systems to help pinpoint the location of the affected person in the event of harassment or distress, said Prasad.Mashable has more details.

US Justice Dept Approves Charter's Time Warner Cable Purchase With Conditions ( 67

An anonymous reader quotes a report from Reuters: The U.S. Justice Department has approved Charter Communications Inc's proposed purchase of Time Warner Cable Inc and Bright House networks, which would create the second-largest broadband provider and third largest video-provider. The Justice Department valued the purchase of Time Warner Cable at $78 billion and Bright House at $10.4 billion. Under terms, New Charter has agreed to refrain from telling its content providers that they cannot also sell shows online. The deal must also be approved by the Federal Communications Commission. FCC Chairman Tom Wheeler said Monday he circulated an order seeking approval of the merger with conditions that "will directly benefit consumers by bringing and protecting competition to the video marketplace and increasing broadband deployment."

US Begins Dropping 'Cyberbombs' On ISIS ( 121

In what appears to be a significant shift in its tactic to battle against the terrorist organization, the U.S. has begun launching cyberattacks against ISIS (non-paywall link). The New York Times reports that the Department of Defense's Cyber Command unit is mounting cyberattacks against the terrorist organization. The Cyber Command unit aims to stop the organization from spreading its message. The Times reports: The goal of the new campaign is to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters. A benefit of the administration's exceedingly rare public discussion of the campaign, officials said, is to rattle the Islamic State's commanders, who have begun to realize that sophisticated hacking efforts are manipulating their data. Potential recruits may also be deterred if they come to worry about the security of their communications with the militant group. "We are dropping cyberbombs," Robert O. Work, deputy secretary of defense said. "We have never done that before."

US Wants Its Own Secure and Self-Destructing Messaging App -- And It's Willing to Pay ( 83

Long time reader schwit1 writes: The Defense Advanced Research Projects Agency (DARPA), an agency within the Department of Defense historically known for creating the Internet itself, has published a call for companies to submit proposals to build a robust messaging platform that the military could use for secure communication of everything from intelligence to procurement contracts. "Troops on the ground in denied communications environments would have a way to securely communicate back to HQ and DoD back office executives could rest assured that their logistics system is efficient, timely and safe from hackers," according to the DARPA proposal. The request for proposals, reported earlier by the UK's Telegraph outlet, also says that the messaging platform should incorporate a customized blockchain, the distributed ledger technology that underpins the digital currency bitcoin, for recording messages and contract information. The proposal says such a distributed ledger would allow the military to conduct its business in a more efficient and secure fashion.Motherboard's Lorenzo Franceschi-Bicchierai reports that DARPA is willing to pay people to make this app. "This project falls under the rules of the Small Business Technology Transfer (STTR) program. During the first phase, according to the program's rules, successful applicants might be awarded no more than $150,000 for one year. The companies and researchers who are part of phase one can then be eligible for a phase two award of up to $1 million for two years. Lastly, during phase three, the company or companies can pursue commercialization, and receive no funds from the federal government."

Dutch Police Seize Encrypted Communication Network With 19,000 Users ( 77

An anonymous reader writes: Dutch police have seized and shut down Ennetcom, an encrypted communications network with 19,000 users, according to Reuters. The network's 36-year-old owner, Danny Manupassa, has also been arrested, and faces charges of money laundering and illegal weapons possession, while the information obtained in the seizure may also be used for other criminal prosecutions. "Police and prosecutors believe that they have captured the largest encrypted network used by organized crime in the Netherlands," prosecutors said in a statement.

"Although using encrypted communications is legal," Reuters reports, "many of the network's users are believed to have been engaged in 'serious criminal activity,' said spokesman Wim de Bruin of the national prosecutor's office, which noted that the company's modified phones have repeatedly turned up in cases involving drugs, criminal motorcycle gangs, and gangland killings.

A spokesman for the National Prosecutor's office "declined to comment on whether and how police would be able to decrypt information kept on the servers."

Consumer Complaints About Broadband Caps Are Soaring ( 148

Karl Bode, reporting for DSL Reports: Consumer complaints to the Federal Communications Commission about broadband data caps rose to 7,904 in the second half of 2015 from 863 in the first half, notes a new report by the Wall Street Journal. The Journal filed a Freedom of Information Act request with the agency to obtain the data on complaints, which have spiked as a growing number of fixed-line broadband providers apply caps and overage fees to already pricey connections. According to the Journal, the FCC has received 10,000 consumer complaints about data caps since 2015.

Changes Are Coming To the EU's Cookie Directive, But It's Not Going Away ( 120

An anonymous reader writes: The European Commission is listening to suggestions regarding EU laws on privacy and electronic communications (e-Privacy), among which is also the EU Cookie Directive that has made the lives of EU Internet users a living hell. The EU Commission has started an open consultation on this topic and is inviting users and businesses to provide their opinion. From the consultation's text, which is nothing more than a survey, one could argue that the EU isn't intent on removing the directive at all, but only making small adjustments. In its current implementation, most companies ask users if they're OK with storing cookies on their PCs and then collecting their data. One of the questions the Commission asked and is currently looking for an answer is whether companies should be allowed to deny users access to a website if they don't want to accept using cookies. The EU wants Internet companies to build alternative (usable) websites for people that don't want to use cookies at all, and so respect their decision for privacy.
Electronic Frontier Foundation

EFF Sues DOJ For Access To Secret Court Orders On Decryption ( 62

An anonymous reader writes: TechCrunch reports the Electronic Frontier Foundation has filed a lawsuit against the Department of Justice to reveal documents that "show whether DOJ has ever forced a company like Google or Apple to provide technical surveillance assistance in the Foreign Intelligence Surveillance Court, a federal court that issues secret surveillance warrants in national security cases and has been criticized for rubber-stamping NSA overreach." The EFF has been rejected in its attempt to gain access to the documents under the Freedom of Information Act. "Even setting aside the existence of technical assistance orders, there's no question that other, significant FISC opinions remain hidden from the public," EFF senior staff attorney Mark Rumold said in a statement regarding the lawsuit. "The government's narrow interpretation of its transparency obligations under USA FREEDOM is inconsistent with the language of the statute and Congress' intent. Congress wanted to bring an end to secret surveillance law, so it required that all significant FISC opinions be declassified and released. Our lawsuit seeks to hold DOJ accountable to the law." The full lawsuit can be read here.

FBI Tells Congress It Needs Hackers To Keep Up With Tech Company Encryption ( 103

An anonymous reader quotes a report from BuzzFeed: A high ranking technology official with the FBI told members of Congress Tuesday that the agency is incapable of cracking locked phones and devices on its own, even with additional resources. Amy Hess, the agency's executive assistant director for science and technology told a panel of the House Energy and Commerce Committee that encrypted communications continue to pose a challenge to the American law enforcement, and to the safety of the American public. But when asked by lawmakers to provide a practical solution beyond the FBI's talking points, she said that the cooperation of technology companies would be necessary. According to the New York Times, "The FBI defended its hiring of a third-party company to break into an iPhone used by a gunman in last year's San Bernardino, Calif., mass shooting, telling some lawmakers on Tuesday that it needed to join with partners in the rarefied world of for-profit hackers as technology companies increasingly resist their demands for consumer information." They are stressing the importance of cooperation with tech companies and "third parties" to help fight terrorism, claiming they do not have the capabilities and resources available to crack encrypted devices. Congress is currently debating potential legislation on encryption.

Viber Update Brings End-To-End Encryption and Hidden Chats ( 39

An anonymous reader writes: The new hip thing to do if you're a developer of a messaging app is to encrypt everyone's messages -- everyone's doing it! WhatsApp announced earlier this month all messages being sent through the service will now be end-to-end encrypted. Today, Viber has announcd it is doing something similar. All messages being sent through the latest version of the app will be end-to-end encrypted. To confirm messages are being encrypted, a padlock icon will appear in the chat UI. The latest version of the app is already available in the iOS App Store and Android Google Play Store. Viber is one of the largest messaging platforms with over 700 million users. Hidden chats can also be found in the new update. Users can hide select chats with people and access/display them with a PIN or Touch ID.

Your Phone Number Is All a Hacker Needs To Read Texts, Listen To Calls and Track You ( 98

Samuel Gibbs, reporting for The Guardian: Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts is their phone number. The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS's 60 Minutes. The hack uses the network interchange service called Signalling System No. 7 (SS7), also known as C7 in the UK or CCSS7 in the US, which acts as a broker between mobile phone networks. When calls or text messages are made across networks SS7 handles details such as number translation, SMS transfer, billing and other back-end duties that connect one network or caller to another. By hacking into or otherwise gaining access to the SS7 system, an attacker can track a person's location based on mobile phone mast triangulation, read their sent and received text messages, and log, record and listen into their phone calls, simply by using their phone number as an identifier.Also from the report, "60 Minutes contacted the cellular phone trade association to ask about attacks on the SS7 network. They acknowledged there have been reports of security breaches abroad, but assured us that all U.S. cellphone networks were secure." Update: 04/18 16:51 GMT by M :Reader blottsie writes: U.S. Rep. Ted Lieu (D-Cali.) on Monday called for a full congressional investigation into the aforementioned widespread flaw in global phone networks.

Mitel Buys Polycom For $1.96B In Enterprise Communications Consolidation Play ( 14

An anonymous reader quotes a report from TechCrunch: Mitel announced that it would acquire Polycom in a cash-and-stock deal with a total value of $1.96 billion, creating a company with combined sales of $2.5 billion and 7,700 employees. Polycom's acquisition by Mitel comes at a key time in the world of enterprise communications and collaboration. On one hand, it is a time of massive change and evolution. For years a lot of the services that companies used were based on legacy networking, but in the last decade there has been a big shift to IP-based networks for many of these services. However, at the same time the whole space has been massively disrupted by startups that are upsetting by tapping into the next phase of digital services -- the internet. Companies like Microsoft by way of services like Skype and Yammer, and smaller startups like Slack, are overturning the whole idea of how people who are not in the same office floor can communicate and collaborate for work. These solutions are way cheaper than a lot of the legacy offerings; they tap into the cloud-based services that are now ubiquitous to share and work on files; and they are also built in very user-friendly ways, based around tech that ordinary consumers are using. Both companies compete against the likes of Cisco and Avaya. Mitel is perhaps best known for its IP telephony solutions, including PBX systems, while Polycom is a leader in conferencing services. They also cover SIP technology, and customers span 82% of Fortune 500 companies.

US Anti-Encryption Law Is So 'Braindead' It Will Outlaw File Compression ( 241

An anonymous reader writes: The bill released Thursday by Senators Richard Burr and Dianne Feinstein to force U.S. companies to build backdoors into their encryption systems has been further dissected by experts. In less than 24 hours after the Court Orders Act of 2016 draft was released, 43,000 signatures have been added to a petition calling for the bill to be withdrawn. Bruce Schneier, the writer of the books on modern cryptography, said the bill would make most of what the NSA does illegal, unless no such agency is willing to backdoor its own encrypted communications. "This is the most braindead piece of legislation I've ever seen," Schneier told The Register. "The person who wrote this either has no idea how technology works or just doesn't care." Schneier says cryptographic code will be affected by this legislation, as well as "lossy compression algorithms" that are used to reduce the size of images for sending through email, which won't work in reverse and add back the data removed. Files that can't be decrypted on demand to their original state, and files that can't be decompressed back to their exact originals, all look the same to this draft now. He said even deleted data could be covered in this legislation.

UC Davis Spent $175,000 To Bury Search Results After Cops Pepper-Sprayed Protestors ( 340

An anonymous reader quotes a report from The Verge: The University of California, Davis spent at least $175,000 to improve its reputation on the internet after images of campus police pepper-spraying protestors went viral in 2011, according to documents obtained by The Sacramento Bee. The money went to public relations firms that promised to clean up the university's search results. One company outlined a plan for "eradication of references to the pepper spray incident," according to the documents, and was eventually paid nearly $93,000, including expenses, for a six-month campaign in 2013. After that, the Bee reports, the university paid $82,500 to another PR firm to create and follow through on a "search engine results management strategy." The latter firm was later given thousands more in other contracts to build a university social media program, and to vet its communications department.

Obama Forms Commission To Bolster US Cyber Security ( 53

An anonymous reader writes: President Obama unveiled a commission of private, public and academic experts to bolster the US cyber security sector. The Commission on Enhancing National Cybersecurity will be co-chaired by former IBM CEO Sam Palmisano and Tom Donilon, the President's former national security adviser. Some other notable members include MasterCard CEO Ajay Banga, Microsoft Research VP Peter Lee, Uber's current (and Facebook's former) Chief Security Officer Joe Sullivan, Frontier Communications Executive Chairperson Maggie Wildrotter, and Annie Anton, chair of the School of Interactive Computing at Georgia Tech. The specific goals of the commission are to: "Raise the level of cybersecurity in both the public and private sectors, deter, disrupt, and interfere with malicious cyber activity aimed at the U.S. or its allies and respond effectively to and recover from cyber incidents."

Microsoft Sues US Justice Department, Asks Court To Declare Secrecy Orders Unconstitutional ( 123

Todd Bishop, reporting for GeekWire: Microsoft is suing the U.S. Justice Department, asking a federal judge to declare unconstitutional a provision of U.S. law that lets the government keep Microsoft and other tech companies from informing their customers when investigators seek access to emails and other cloud data. The suit, filed moments ago in U.S. District Court in Seattle, targets Section 2705(b) of the Electronic Communications Privacy Act, which allows the government to seek and obtain secrecy orders preventing companies from letting their customers know when their data is the target of a federal warrant, subpoena or court order. Brad Smith, Microsoft's president and chief legal officer, recently criticized the 30-year-old Electronic Communications Privacy Act as outdated during his testimony in February before the U.S. House Judiciary Committee -- bringing along IBM's first laptop, released the same year, to help illustrate his point.Microsoft argues that these "indefinite gag orders" violate the First Amendment rights to inform customers. Furthermore, the company adds that the law also "flouts" the Fourth Amendment, which requires the government to give a notice to the concerned person when his or her property is being searched or seized. "This is a First Amendment fight that needed to get picked and I'm glad Microsoft picked it. Just as in the real world with physical seizures, secrecy in digital seizures should be the exception and not the rule. Yet as the Microsoft complaint shows, it's receiving thousands of law enforcement gag orders every year and more than two-thirds of them are eternal gags with no end data," said Kevin Bankston, internet freedom advocate and digital rights lawyer. "This is clearly unconstitutional, yet with so many orders per year, it makes sense to strike at the root with a facial challenge to the law rather than try and challenge them all individually. And based on previous similar cases around gag orders in national security cases, I think they'll succeed in striking this overbroad law down."

Slashdot Top Deals