Security

Vulnerability in Z-Wave Wireless Communications Protocol, Used By Some IoT and Smart Devices, Exposes 100 Million Devices To Attack (bleepingcomputer.com) 21

An anonymous reader writes: The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. The attack -- codenamed Z-Shave -- relies on tricking two smart devices that are pairing into thinking one of them does not support the newer S-Wave S2 security features, forcing both to use the older S0 security standard.

The Z-Shave attack is dangerous because devices paired via an older version of Z-Wave can become a point of entry for an attacker into a larger network, or can lead to the theft of personal property. While this flaw might prove frivolous for some devices in some scenarios, it is a big issue for others -- such as smart door locks, alarm systems, or any Z-Wave-capable device on the network of a large corporation. The company behind the Z-Wave protocol tried to downplay the attack's significance, but its claims were knocked down by researchers in a video.

Facebook

Facebook Accused of Conducting Mass Surveillance Through Its Apps (theguardian.com) 68

A court case in California alleges that Facebook used its apps to gather information about users and their friends, including some who had not signed up to the social network, reading their text messages, tracking their locations and accessing photos on their phones. The Guardian reports: The claims of what would amount to mass surveillance are part of a lawsuit brought against the company by the former startup Six4Three, listed in legal documents filed at the superior court in San Mateo as part of a court case that has been ongoing for more than two years. The allegations about surveillance appear in a January filing, the fifth amended complaint made by Six4Three. It alleges that Facebook used a range of methods, some adapted to the different phones that users carried, to collect information it could use for commercial purposes.

"Facebook continued to explore and implement ways to track users' location, to track and read their texts, to access and record their microphones on their phones, to track and monitor their usage of competitive apps on their phones, and to track and monitor their calls," one court document says. But all details about the mass surveillance scheme have been redacted on Facebook's request in Six4Three's most recent filings. Facebook claims these are confidential business matters. It has until next Tuesday to submit a claim to the court for the documents to remain sealed from public view.

Network

Pornhub Launches VPNhub, Its Own Virtual Private Network App (venturebeat.com) 68

"Adult entertainment" giant Pornhub is entering the busy virtual private network (VPN) space with the launch of its very own VPN service. From a report: Dubbed VPNhub, the new service is available for free via native apps on Android, iOS, MacOS, and Windows, though there is a premium subscription available that gets rid of the ads and promises faster speeds. In the U.S., this will cost between $12 and $14 per month, depending on the platform. VPNhub promises unlimited bandwidth, even on the free service, which is key given that Pornhub's core selling point is bandwidth-intensive video, while it offers around 1,000 servers across 15 countries. And it promises that it logs no user data.
Businesses

Comcast Confirms Plan To Buy 21st Century Fox and Control of Hulu (arstechnica.com) 64

Comcast is reportedly preparing an offer to buy major portions of 21st Century Fox, which would give it majority control of Hulu and other media properties. Ars Technica reports: Walt Disney Company already has a $52.4 billion all-stock deal to buy the 21st Century Fox properties. But Comcast was rumored to be lining up $60 billion in financing in order to make a hostile bid for the Fox assets, and Comcast's announcement today confirms it. Comcast "is considering, and is in advanced stages of preparing, an offer for the businesses that Fox has agreed to sell to Disney," Comcast's announcement said. Comcast is working on the offer in preparation for shareholder meetings in which the Disney/Fox deal will be considered.

The Fox properties for sale do not include assets such as the Fox News Channel, Fox Business Network, and Fox Broadcasting Company. Those properties would be spun off into a company being referred to as "New Fox," and Comcast would acquire 21st Century Fox after the spinoff. The Fox sale to either Disney or Comcast would include 21st Century Fox's film and television studios; cable entertainment networks; the Fox Sports Regional Networks; and international properties including Star in India and Fox's 39-percent ownership of Sky across Europe. The sale would also include Fox's 30-percent stake in Hulu, the popular online video streaming service. Comcast already owns 30 percent of Hulu, so a deal with Fox would give the nation's largest cable company majority control over the online video provider.

Facebook

Facebook Asks British Users To Submit Their Nudes as Protection Against Revenge Porn (betanews.com) 299

Mark Wilson writes: Following on from a trial in Australia, Facebook is rolling out anti-revenge porn measures to the UK. In order that it can protect British users from failing victim to revenge porn, the social network is asking them to send in naked photos of themselves. The basic premise of the idea is: send us nudes, and we'll stop others from seeing them .
United States

NYC Transit Boss Unveils Sweeping 10-Year Subway Modernization Plan (nbcnewyork.com) 63

The Metropolitan Transportation Authority (MTA) on Wednesday unveiled a sweeping plan to modernize the city's subway system over the next 10 years. From a report: The proposal, which new New York City Transit President Andy Byford called "Fast Forward," centers on overhauling the mass transit network's signaling system -- some of which dates back to the early 20th century -- 30 years sooner than current Subway Action Plan.

But it won't come without a good bit of pain: sources told News 4 that Byford's plan would require entire lines to be taken out of service during overnight and weekend hours for extended periods. Byford -- who took over the task of running the city's subways and buses earlier this year -- said in an MTA meeting Wednesday that the work would be split into two five-year chunks. Over the first five years parts or all of the 4,5, 6, E, F, M, R, A, C, E and G lines would receive modern signaling systems. That would include the entirety of the Lexington Avenue line, which carries the 4, 5 and 6 trains and is the most-used mass transit line in the United States.

PlayStation (Games)

Next PlayStation Is Three Years Off, Sony Says (wsj.com) 88

Don't hold your breath for the fifth-generation PlayStation. From a report: Sony wants to spend three more years readying its next videogame move [Editor's note: the link may be paywalled; alternative source], the head of the PlayStation business said Wednesday. That would mark a slight slowdown in the six-to-seven-year update cycle for the console since the first one in 1994. The PlayStation 4 went on sale in 2013 and has sold more than 79 million units. [...] Speaking to a small group of reporters, Tsuyoshi "John" Kodera, who took over last October. said the network-services side of PlayStation is changing the way Sony thinks about product introductions. "We need to depart from the traditional way of looking at the console life cycle," he said. "We're no longer in a time when you can think just about the console or just about the network like they're two different things."
NASA

SpaceX Flies Satellites For Iridium, NASA In 10th Launch of 2018 (bloomberg.com) 28

SpaceX launched a total of seven satellites for Iridium and NASA, reusing part of a previously flown rocket for its 10th mission of 2018. "Five Iridium NEXT satellites were launched as part of the company's campaign to replace the world's largest commercial satellite network," reports Bloomberg. "SpaceX's mission also includes launching twin satellites for the Gravity Recovery and Climate Experiment Follow-On (GRACE-FO)," which will "measure the distribution of the Earth's mass" and "monitor changes in ice sheets, glaciers and sea level." From the report: The Falcon 9 rocket lifted off from Vandenberg Air Force Base on California's central coast about 12:47 p.m. local time. The GRACE-FO satellites deployed roughly 11 minutes after launch, while the Iridium satellites are due to be released roughly an hour after the launch. SpaceX won't attempt to recover the first stage of the rocket, which flew in January during the Zuma mission, according to a SpaceX press kit. CBS News has some additional details about the GRACE-FO satellites. They were reportedly "designed to fly in tandem 137 miles apart in a 305-mile orbit around Earth's poles," reports CBS News. "Using a microwave tracking system, the distance between the two 1,300-pound satellites can be measured to within the diameter of a red blood cell. By precisely measuring the distance between the satellites, scientists can determine how much mass is below the flight path and then calculate the contribution of water, creating global maps every 30 days."

UPDATE: SpaceX has confirmed that all five Iridium satellites have been successfully deployed.
Security

90% of Financial Institutions Targeted By Ransomware in the Last Year (betanews.com) 19

An anonymous reader shares a report: A new report from cloud security specialist Carbon Black, based on responses from CISOs at 40 major financial institutions -- including six of the top 10 global banks -- seeks to better understand the attack landscape. Among the findings are that 90 percent of financial institutions report being the subject of a ransomware attack in 2017. In addition one in 10 respondents report encountering destructive attacks unrelated to ransomware, such as application attacks and fileless malware. These potentially enable cybercriminals to move freely and laterally within an organization's network and often go completely overlooked until it's too late.
Bug

Comcast Website Bug Leaks Xfinity Customer Data (zdnet.com) 43

An anonymous reader quotes a report from ZDNet: A bug in Comcast's website used to activate Xfinity routers can return sensitive information on the company's customers. The website, used by customers to set up their home internet and cable service, can be tricked into displaying the home address where the router is located, as well as the Wi-Fi name and password. Two security researchers, Karan Saini and Ryan Stevenson, discovered the bug. Only a customer account ID and that customer's house or apartment number is needed -- even though the web form asks for a full address.

ZDNet obtained permission from two Xfinity customers to check their information. We were able to obtain their full address and zip code -- which both customers confirmed. The site returned the Wi-Fi name and password -- in plaintext -- used to connect to the network for one of the customers who uses an Xfinity router. The other customer was using his own router -- and the site didn't return the Wi-Fi network name or password.

Advertising

Should T-Mobile Stop Claiming It Has 'Best Unlimited Network'? (arstechnica.com) 54

An anonymous reader writes: Speed isn't everything, or is it? According to a report from Ars Technica, the National Advertising Division (NAD) says T-Mobile should stop claiming that is has "America's Best Unlimited Network" because it needs to prove it also has the widest geographic coverage and best reliability. T-Mobile is saying that speed outweighs all other factors.

"T-Mobile's claim is based on data from Ookla and OpenSignal, which offer speed-testing apps that let consumers test their wireless data speeds," reports Ars Technica. "Both Ookla and OpenSignal have issued reports saying that T-Mobile's speeds were higher than Verizon's, AT&T's, and Sprint's. The OpenSignal tests also gave T-Mobile an edge over rivals in latency and 4G signal availability." T-Mobile "did not provide evidence that its network is superior in providing talk and text mobile services or in providing high-speed data more reliably or to a greater coverage area," the industry group's announcement said.

Privacy

Repo Men Scan Billions of License Plates -- For the Government (washingtonpost.com) 239

The Washington Post notes the billions of license plate scans coming from modern repo men "able to use big data to find targets" -- including one who drives "a beat-up Ford Crown Victoria sedan." It had four small cameras mounted on the trunk and a laptop bolted to the dash. The high-speed cameras captured every passing license plate. The computer contained a growing list of hundreds of thousands of vehicles with seriously late loans. The system could spot a repossession in an instant. Even better, it could keep tabs on a car long before the loan went bad... Repo agents are the unpopular foot soldiers in the nation's $1.2 trillion auto loan market... they are the closest most people come to a faceless, sophisticated financial system that can upend their lives...

Derek Lewis works for Relentless Recovery, the largest repo company in Ohio and its busiest collector of license plate scans. Last year, the company repossessed more than 25,500 vehicles -- including tractor trailers and riding lawn mowers. Business has more than doubled since 2014, the company said. Even with the rising deployment of remote engine cutoffs and GPS locators in cars, repo agencies remain dominant. Relentless scanned 28 million license plates last year, a demonstration of its recent, heavy push into technology. It now has more than 40 camera-equipped vehicles, mostly spotter cars. Agents are finding repos they never would have a few years ago. The company's goal is to capture every plate in Ohio and use that information to reveal patterns... "It's kind of scary, but it's amazing," said Alana Ferrante, chief executive of Relentless.

Repo agents are responsible for the majority of the billions of license plate scans produced nationwide. But they don't control the information. Most of that data is owned by Digital Recognition Network (DRN), a Fort Worth company that is the largest provider of license-plate-recognition systems. And DRN sells the information to insurance companies, private investigators -- even other repo agents. DRN is a sister company to Vigilant Solutions, which provides the plate scans to law enforcement, including police and U.S. Immigration and Customs Enforcement. Both companies declined to respond to questions about their operations... For repo companies, one worry is whether they are producing information that others are monetizing.

Transportation

Utilities, Tesla Appeal Federal Rollback of Auto Emissions Standards (arstechnica.com) 118

A coalition of utilities and electric vehicle makers, including Tesla, are petitioning the EPA to reconsider its recent plan to roll back auto emissions standards. In April, the EPA said that it would relax greenhouse gas emissions standards that had been put in place for model year 2022-2025 vehicles. Ars Technica reports: The National Coalition for Advanced Transportation (NCAT) represents 12 utilities as well as Tesla, electric truck maker Workhorse, and EV charging network EVgo. NCAT earlier this month asked the Second Circuit Court of Appeals in Washington, DC to review the EPA's latest efforts to relax the Obama-era fuel economy standards.

The coalition challenge to the EPA follows a similar challenge made by 17 states, including California. The utilities' efforts show that they're interested in protecting one of the major projected avenues for growth in electricity demand. Electricity consumption has stagnated in the U.S. as efficiency measures take effect and, in some states, solar panels make it easier for residents to buy less electricity from the local utility.

Transportation

Elon Musk Pitches 150 MPH Rides In Boring Company Tunnels For $1 (engadget.com) 72

An anonymous reader quotes a report from Engadget: At The Boring Company Information Session not all of the talk centered on flamethrowers. Elon Musk and project leader Steve Davis described many details of their visions for an underground network that could alleviate traffic problems in big cities. Musk said "we're not suggesting this to the exclusion of other approaches," but did take a moment to call out flying taxi solutions (like Uber Elevate) right off the bat due to danger and noise.

Earlier in the evening Musk retweeted an LA Metro tweet that said it's coordinating with The Boring Company on its test and said the two will be "partners" going forward. Much of what Musk discussed about how his concept in-city Loop would work has been answered in concept videos and the company's FAQ, but he specifically said that the plan is for rides that cost a $1, and carry up to 16 passengers through hundreds of tunnels to those small, parking space-size tunnels located throughout a city. Test runs in the loop have already hit a couple of hundred miles an hour, and Musk's plan is for vacuum Hyperloop tubes between cities that enable travel in pressurized carts at up to 300 MPH. That's compared to 150 MPH in the in-city Loop carts, all without slowing down due to traffic or anything else. The main concern is hitting speeds that are still comfortable for people inside.
The timeframe for when the "weird little Disney ride in the middle of LA" will be available to the public is unclear.
Android

With Steam Link App, Your Smartphone Can Be An Imperfect Gaming Monitor (arstechnica.com) 47

Ars Technica's Kyle Orland shares his experience with Valve's recently announced Steam Link app, which lets users play games running on a PC via a tablet, mobile phone, or Apple TV on the same network. The app launches today for Android 5.0+ devices; iOS support is "pending further review from Apple." From the report: Valve isn't kidding when it says a Wi-Fi router in the 5Ghz band is required for wireless streaming. I first tested iPad streaming on the low-end 2.4Ghz router provided with my Verizon FiOS subscription (an Actiontec MI424WR), with a wired Ethernet connection to my Windows gaming rig on the other end. The Steam Link network test warned me that "your network may not work well with Steam Link," thanks to 1- to 2-percent frame loss and about 15ms of "network variance," depending on when I tested. Even graphically simple games like The Binding of Isaac ran at an unplayably slowed-down rate on this connection, with frequent dropped inputs to boot.

Switching over to a 5GHz tri-band router (The Netgear Nighthawk X6, to be precise), the same network test reported a "fantastic" connection that "look[s] like it will work well with Steam." On this router, remotely played games ran incredibly smoothly at the iPad's full 1080p resolution, with total round-trip display latency ranging anywhere from 50 to 150ms, according to Steam Link's reports (and one-way "input lag" of less than 1ms). At that level of delay, playing felt practically indistinguishable from playing directly on the computer, with no noticeable gameplay impact even on quick-response titles like Cuphead.

Security

Hardcoded Password Found in Cisco Enterprise Software, Again (bleepingcomputer.com) 70

Catalin Cimpanu, writing for BleepingComputer: Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated "Critical" and which received a maximum of 10 out of 10 on the CVSSv3 severity score. The three vulnerabilities include a backdoor account and two bypasses of the authentication system for Cisco Digital Network Architecture (DNA) Center. The Cisco DNA Center is a piece of software that's aimed at enterprise clients and which provides a central system for designing and deploying device configurations (aka provisioning) across a large network. This is, arguably, a pretty complex piece of software, and according to Cisco, a recent internal audit has yielded some pretty bad results.
Businesses

Faster Flights Are Coming With New Satellite Tracking Technology (bloomberg.com) 34

An anonymous reader shares a report: The company that provides the U.K.'s air-traffic control service is taking a 10 percent stake in Aireon, a U.S. firm that's building a satellite-based tracking system and will offer commercial services to controllers starting next year. Aireon plans to use a constellation of 66 Iridium Communications. Next satellites in low Earth orbit to track aircraft. Iridium has 50 in orbit already, 47 of which are operational. Each carries equipment to offer aircraft position data to ground controllers.

Iridium plans to launch five additional satellites on May 22 from California, completing its full network later this year. Aireon said 70 percent of the world's airspace lacks satellite tracking or airline surveillance coverage, including most oceans and parts of Africa and Latin America.

Bitcoin

Nobody Knows How Much Energy Bitcoin Is Using (vice.com) 161

dmoberhaus writes: A new report published in 'Joule' today claims Bitcoin may use up to 0.5% of the world's energy by the end of this year. We often hear about how bad Bitcoin is for the environment -- it already uses the same amount of energy as the country of Ireland -- but these numbers are usually just the /minimum/ amount of energy the network must be using. The actual amount of energy used by the Bitcoin network is likely substantially higher, but getting an accurate reading on that energy level is hard. The only researcher trying to quantify Bitcoin's energy use spoke to Motherboard about opening Bitcoin's 'black box.'
The Almighty Buck

Ecuador Spent $5 Million Protecting and Spying On Julian Assange, Says Report (theverge.com) 165

Citing reports from The Guardian and Focus Ecuador, The Verge reports that Ecuador's intelligence program spent at least $5 million "on an elaborate security and surveillance network around WikiLeaks founder Julian Assange." The intelligence program was known as "Operator Hotel," which began as "Operation Guest" when Assange took refuge in Ecuador's UK embassy in 2012. From the report: Operation Hotel has allegedly covered expenses like installing CCTV cameras and hiring a security team to "secretly film and monitor all activity in the embassy," including Assange's daily activities, moods, and interactions with staff and visitors. The Guardian estimates Ecuadorian intelligence agency Senain has spent at least $5 million on Assange-related operations, based on documents they reviewed. The report details attempts to improve Assange's public image and potentially smuggle him out of the embassy if he was threatened. But it also writes that relations between Assange and Ecuador have badly deteriorated over the past several years. In 2014, Assange allegedly breached the embassy's network security, reading confidential diplomatic material and setting up his own secret communications network.
Facebook

Facebook Deleted 583 Million Fake Accounts in the First Three Months of 2018 (cnet.com) 75

Facebook said Tuesday that it had removed more than half a billion fake accounts and millions of pieces of other violent, hateful or obscene content over the first three months of 2018. From a report: In a blog post on Facebook, Guy Rosen, Facebook's vice president of product management, said the social network disabled about 583 million fake accounts during the first three months of this year -- the majority of which, it said, were blocked within minutes of registration. That's an average of over 6.5 million attempts to create a fake account every day from Jan. 1 to March 31. Facebook boasts 2.2 billion monthly active users, and if Facebook's AI tools didn't catch these fake accounts flooding the social network, its population would have swelled immensely in just 89 days.

Slashdot Top Deals