Leap Towards a Career in Ethical Hacking with 60+ Hours of Prep Toward CISM, CISA, & More Certification Exams at 95% off ×
Microsoft

Microsoft May Ban Your Favorite Password (securityweek.com) 92

wiredmikey writes from a report via SecurityWeek.Com: Microsoft is taking a step to better protect users by banning the use of weak and commonly-used passwords across its services. Microsoft has announced that it is dynamically banning common passwords from Microsoft Account and Azure Active Directory (AD) system. In addition to banning commonly used passwords to improve user account safety, Microsoft has implemented a feature called smart password lockout, meant to add an extra level of protection when an account is attacked. [Alex Weinert, Group Program Manager of Azure AD Identity Protection team explains in a blog post that] Microsoft is seeing more than 10 million accounts being attacked each day, and that this data is used to dynamically update the list of banned passwords. This list is then used to prevent people from choosing a common or similar password. Microsoft's new feature comes after last week's leak of 117 million LinkedIn credentials.
Cellphones

FCC Formalizes Massive Fines For Selling, Using Cell-Phone Jammers (networkworld.com) 35

An anonymous reader quotes a report from Network World: Two years ago the FCC announced its intention to fine a Chinese electronics maker $34.9 million and a Florida man $48,000 for respectively selling and using illegal cell-phone jammers. Today the agency has issued press releases telling us that those fines have finally been made official, without either of the offending parties having bothered to mount a formal defense of their actions. From the press release announcing the fine against CTS. Technology: "[...] The company's website falsely claimed that some jammers had been approved by the FCC, and advertised that the company could ship signal jammers to consumers in the United States." The company did not respond to the FCC's allegations, although the agency does report that changes were made to its website that appear to be aimed at complying with U.S. law. Next up is Florida man, Jason R. Humphreys, who is alleged to have used a jammer on his commute: "Mr. Humphreys' illegal operation of the jammer continued for up to two years, caused interference to cellular service along Interstate 4, and disrupted police communications." Last Fall, a Chicagoan was arrested for using a cell-phone jammer to make his subway commute more tolerable.
Piracy

The Pirate Bay Sails Back To Its .ORG Domain (cnet.com) 20

An anonymous reader writes: Following a report that the Swedish Court would seize the domain names 'ThePirateBay.se' and 'PirateBay.se,' The Pirate Bay is now sailing back to where it started in 2003, ThePirateBay.org. CNET reports: "The site is currently redirecting all traffic from the above two domains back to its .org home." In 2012, The Pirate Bay moved to the .se domain. It then moved to more secure domains, such as .sx and .ac, eventually returning to .se in 2015. Every alternative domain the site was using has been seized. Since the registry that manages the top level .org domains is based in Virginia, it's likely we'll see some legal action from the U.S. in response to the move. Meanwhile, Pirate Bay co-founder Fredrik Neij plans to appeal the Swedish's court's decision to seize the .se domains.
Open Source

CentOS Linux 6.8 Released (softpedia.com) 34

An anonymous reader writes: CentOS team is pleased to announce the immediate availability of CentOS Linux 6.8 and install media for i386 and x86_64 Architectures. Release Notes for 6.8 are available here. Softpedia writes: "CentOS Linux 6.8 arrives today with major changes, among which we can mention the latest Linux 2.6.32 kernel release from upstream with support for storing up to 300TB of data on XFS filesystems. The VPN endpoint solution implemented in the NetworkManager network connection manager utility is now provided on the libreswan library instead of the Openswan IPsec implementation used in previous release of the OS, and it looks like the SSLv2 protocol has been disabled by default for the SSSD (System Security Services Daemon), which also comes with support for smart cards now." In addition, the new release comes with updated applications, including the LibreOffice 4.3.7 office suite and Squid 3.4 caching and forwarding web proxy, many of which are supporting the Transport Layer Security (TLS) 1.2 protocol, including Git, YUM, Postfix, OpenLDAP, stunnel, and vsftpd. The dmidecode open-source tool now supports SMBIOS 3.0.0, you can now pull kickstart files from HTTPS (Secure HTTP) sources, the NTDp (Network Time Protocol daemon) package has an alternative solution as chrony, SSLv3 has been disabled by default, and there's improved support for Hyper-V.
Democrats

State Dept. IT Staff Told To Keep Quiet About Clinton's Server (computerworld.com) 166

dcblogs writes this report from Computerworld: Former U.S. Secretary of State Hillary Clinton's decision to use a private email server ran afoul of the government's IT security and record retention requirements, according to a report by the department's inspector general released today. This use of a private email server did not go unnoticed within the Department of State's IT department. Two IT staff members who raised concerns about Clinton's use of a private server were told not to speak of it. Clinton was secretary of state from 2009 to 2013 and during that period she used a private email server in her New York home. This report by the Department of State's Inspector General about Clinton's use of a private server makes clear that rules and regulations were not followed. It says that Clinton would not have received approval for this server had she sought it. According to the current CIO, the report said, "Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs." However, the report notes, according to these officials, The Bureau of Diplomatic Security and IRM (Bureau of Information Resource Management) "did not -- and would not -- approve her exclusive reliance on a personal email account to conduct Department business, because of the restrictions in the FAM [Foreign Affairs Manual] and the security risks in doing so."
The Military

US Military Uses 8-Inch Floppy Disks To Coordinate Nuclear Force Operations (cnbc.com) 160

An anonymous reader writes from a report via CNBC: A new report reveals the U.S. Defense Department is still using 8-inch floppy disks in a computer system that coordinates the operational functions of the nation's nuclear forces. The Defense Department's 1970s-era IBM Series/1 Computer and long-outdated floppy disks handle functions related to intercontinental ballistic missiles, nuclear bombers and tanker support aircraft, according to the new Governmental Accountability Office report. The report shows how outdated IT systems are being used to handle important functions related to the nation's taxpayers, federal prisoners and military veterans, as well as to the America's nuclear umbrella. "Federal legacy IT systems are becoming increasingly obsolete: Many use outdated software languages and hardware parts that are unsupported," the report found. "Agencies reported using several systems that have components that are, in some cases, at least 50 years old." From the report: "GAO pointed out that aging systems include the Treasury Department's 'individual master file,' which is the authoritative data source for individual taxpayers. It's used to assess taxes and generates refunds. That file 'is written in assembly language code -- a low-level computer code that is difficult to write and maintain -- and operates on an IBM mainframe,' the report said." The report also mentioned that several other departments, such as the departments of Treasury, Commerce, Health and Human Services and the Veterans' Administration, "reported using 1980s and 1990s Microsoft operating systems that stopped being supported by the vendor more than a decade ago."
Media

Tech Billionaire Peter Thiel Secretly Bankrolled Hulk Hogan's Lawsuit Against Gawker: Reports (gawker.com) 253

If you're a powerful Silicon Valley billionaire, and there's a media house which actively points out flaws in your investments, can you do something about it? If you're Peter Thiel, you certainly can. The New York Times and Forbes magazine have independently reported that Thiel has been funding a steady stream of lawsuits -- including three different ones filed by Hulk Hogan -- to destroy Gawker Media. Gawker reports: Gawker and Valleywag, Gawker Media's defunct tech gossip vertical, have often written critically of Thiel, a self-identified libertarian (and, it turns out, a California delegate for Donald Trump) and his investments, covering the failure of his hedge fund Clarium Capital, his right-wing politics, and his personal life. In just the last month, Gawker Media's tech site Gizmodo published a series of stories on Facebook's use of "news curators" to manipulate the site's "trending" module, sparking a congressional investigation into the social network's practices.Jay Rosen, media critic and a professor of journalism at New York University, said: Trying to kill a publication you don't like by funding lawsuits against them isn't very libertarian, is it?
Facebook

Facebook Could Be Eavesdropping On Your Phone Calls (news10.com) 160

An anonymous reader writes: Facebook is not just looking at user's personal information, interests, and online habits but also to your private conversations, revealed a new report. According to NBC report, this may be the case as Kelli Burns, a professor at University of South Florida states, "I don't think that people realize how much Facebook is tracking every move we're making online. Anything that you're doing on your phone, Facebook is watching." the professor said. Now how do you prove that? Professor Kelli tested out her theory by enabling the microphone feature, and talked about her desire to go on a safari, informing about the mode of transport she would take. "I'm really interested in going on an African safari. I think it'd be wonderful to ride in one of those jeeps," she said aloud, phone in hand. The results were shocking, as less than 60 seconds later, the first post on her Facebook feed was about a safari story out of nowhere, which was then revealed that the story had been posted three hours earlier. And, after mentioning a jeep, a car ad also appeared on her page. On a support page, Facebook explains how this feature works: "No, we don't record your conversations. If you choose to turn on this feature, we'll only use your microphone to identify the things you're listening to or watching based on the music and TV matches we're able to identify. If this feature is turned on, it's only active when you're writing a status update." I wonder how many people are actually aware of this.
Government

TSA Replaces Security Chief As Tension Grows At Airports 256

HughPickens.com writes: Ron Nixon reports at the NYT that facing a backlash over long security lines and management problems, TSA administrator Peter V. Neffenger has shaken up his leadership team, replacing the agency's top security official Kelly Hoggan (Warning: source may be paywalled) and adding a new group of administrators at Chicago O'Hare International Airport. Beginning late that year, Hoggan received $90,000 in bonuses over a 13-month period, even though a leaked report from the Department of Homeland Security showed that auditors were able to get fake weapons and explosives past security screeners 95 percent of the time in 70 covert tests. Hoggan's bonus was paid out in $10,000 increments, an arrangement that members of Congress have said was intended to disguise the payments. During a hearing of the House Oversight Committee two weeks ago, lawmakers grilled Mr. Neffenger about the bonus, which was issued before he joined the agency in July. Last week and over the weekend, hundreds of passengers, including 450 on American Airlines alone, missed flights because of waits of two or three hours in security lines, according to local news reports. Many of the passengers had to spend the night in the terminal sleeping on cots. The TSA has sent 58 additional security officers and four more bomb-sniffing dog teams to O'Hare. Several current and former TSA employees said the moves to replace Hoggan and add the new officials in Chicago, where passengers have endured hours long waits at security checkpoints, were insufficient. "The timing of this decision is too late to make a real difference for the summer," says Andrew Rhoades, an assistant federal security director at Minneapolis-St. Paul International Airport who testified his supervisor accused him of "going native" after attending a meeting at a local mosque and that TSA's alleged practice of "directed reassignments," or unwanted job transfers were intended to punish employees who speak their minds. "Neffenger is only doing this because the media and Congress are making him look bad."
Java

Pastejacking Attack Appends Malicious Terminal Commands To Your Clipboard (softpedia.com) 81

An anonymous reader writes: "It has been possible for a long time for developers to use CSS to append malicious content to the clipboard without a user noticing and thus fool them into executing unwanted terminal commands," writes Softpedia. "This type of attack is known as clipboard hijacking, and in most scenarios, is useless, except when the user copies something inside their terminal." Security researcher Dylan Ayrey published a new version of this attack last week, which uses only JavaScript as the attack medium, giving the attack more versatility and making it now easier to carry out. The attack is called Pastejacking and it uses Javascript to theoretically allow attackers to add their malicious code to the entire page to run commands behind a user's back when they paste anything inside the console. "The attack can be deadly if combined with tech support or phishing emails," writes Softpedia. "Users might think they're copying innocent text into their console, but in fact, they're running the crook's exploit for them."
Security

Elderly Use More Secure Passwords Than Millennials, Says Report (qz.com) 147

An anonymous reader writes from a report via Quartz: A report released May 24 by Gigya surveyed 4,000 adults in the U.S. and U.K. and found that 18- to 34-year-olds are more likely to use bad passwords and report their online accounts being compromised. The majority of respondents ages 51 to 69 say they completely steer away from easily cracked passwords like "password," "1234," or birthdays, while two-thirds of those in the 18-to-34 age bracket were caught using those kind of terms. Quartz writes, "The diligence of the older group could help explain why 82% of respondents in this age range did not report having had any of their online accounts compromised in the past year. In contrast, 35% of respondents between 18 and 34 said at least one of their accounts was hacked within the last 12 months, twice the rate of those aged 51 to 69."
Google

Google France Being Raided For Unpaid Taxes (reuters.com) 176

jones_supa writes: Investigators in France have raided Google's Paris headquarters amid a probe over the company's tax payments, Reuters reports. The French Finance Ministry is investigating $1.8 billion in back taxes. According to a report in French daily Le Parisien, at least 100 investigators are part of the raid at Google's offices. A source close to the finance ministry said that the raid at Google's offices has been ongoing on Tuesday since 03:00 GMT. In February, a source at the French Finance Ministry told Reuters that the government was seeking the $1.8 billion from Google. At the time, official spokespeople for Google France and the Finance Ministry refused to comment on the situation. Google could face up to a $11.14 million fine if it is found guilty, or a fine of half of the value of the laundered amount involved. In April, the EU revealed plans to force multinationals such as Google, Amazon and Facebook to disclose exactly where and how much tax they pay across the continent. A new clause was added since the Panama Papers leak requiring the companies to report how much money they make in so-called "tax havens."
Facebook

Too Fat For Facebook: Photo Banned For Depicting Body In 'Undesirable Manner' (theguardian.com) 455

An anonymous reader shares a report on The Guardian: Facebook has apologized for banning a photo of a plus-sized model and telling the feminist group that posted the image that it depicts "body parts in an undesirable manner". Cherchez la Femme, an Australian group that hosts popular culture talkshows with "an unapologetically feminist angle", said Facebook rejected an advert featuring Tess Holliday, a plus-sized model wearing a bikini, telling the group it violated the company's "ad guidelines". After the group appealed against the rejection, Facebook's ad team initially defended the decision, writing that the photo failed to comply with the social networking site's "health and fitness policy". "Ads may not depict a state of health or body weight as being perfect or extremely undesirable," Facebook wrote. "Ads like these are not allowed since they make viewers feel bad about themselves. Instead, we recommend using an image of a relevant activity, such as running or riding a bike." In a statement on Monday, Facebook apologized for its original stance and said it had determined that the photo does comply with its guidelines.Facebook said that its team scans millions of ad images every week, and sometimes understandably misses out on a few.
China

China's Huawei Sues Samsung Claiming Mobile Patent Infringement (reuters.com) 44

An anonymous reader writes: Huawei said on Wednesday it has filed lawsuits against Samsung claiming infringement of smartphone patents, in the first such case by the Chinese firm against the world's biggest mobile maker. Huawei has filed lawsuits in the United States and China seeking compensation for what it said was unlicensed use of fourth-generation (4G) cellular communications technology, operating systems and user interface software in Samsung phones. The lawsuit marks a reversal of roles in China where firms have often been on the receiving end of patent infringement disputes. In smartphones, makers have grown rapidly in recent years but different intellectual property laws outside of China have slowed overseas expansion. "We hope Samsung will ... stop infringing our patents and get the necessary license from Huawei, and work together with Huawei to jointly drive the industry forward," Ding Jianxing, president of Huawei's Intellectual Property Rights Department, said.
AT&T

AT&T Begins Capping Broadband Users (dslreports.com) 165

Karl Bode, reporting for DSLReports (edited for clarity): Just a reminder to AT&T customers: the company's usage caps on U-Verse broadband connections is now in effect. When AT&T originally announced broadband caps on fixed-line connections back in 2011, it capped DSL customers at 150 GB per month and U-Verse customers at 250 GB per month. But while the DSL customer cap was enforced (by and large because AT&T wants these users to migrate to wireless anyway), AT&T didn't enforce caps for its U-Verse customers. Until now, anyway. Back in March AT&T announced it would begin enforcing usage caps on all connections starting May 23. As of today, U-Verse customers face different caps depending on their speed tier. AT&T says customers on U-Verse tiers with speeds between 768 Kbps and 6 Mbps will now face a 300 GB cap; customers on U-Verse tiers of speeds between 12 Mbps and 75Mbps will see a 600 GB cap, and customers on speeds between 100 Mbps and 1 Gbps will see a cap of 1 terabyte. Users who exceed these caps in any given month will automatically have to pay for 50 GB of additional data for $10 each.
Facebook

Facebook Is Tweaking Trending Topics To Counter Charges of Bias (recode.net) 151

An anonymous reader writes: Facebook has said once again in an open letter to Sen. John Thune, chairman of the Senate Commerce Committee, that its Trending Topics section is free of any political bias or manipulation. But in response to Gizmodo's report that Facebook employees were suppressing conservative news stories, Facebook is revamping how editors find trending stories. "We could not fully exclude the possibility of isolated improper actions or unintentional bias in the implementation of our guidelines or policies," Facebook general Counsel Colin Stretch wrote. Of course, Facebook is going to train the human editors who work on their trending section; they're also going to abandon several automated tools it used to find and categorize trending news in the past. Recode provides some examples, writing, "[Facebook] will no longer use its "1K list," a group of 1,000 websites it used to help verify headlines." Facebook will also get rid of several top publications, including the New York Times and CNN.
The Internet

Hacker Phineas Fisher is Trying To Start a 'Hack Back' Political Movement (vice.com) 122

An anonymous reader writes: The hacker who breached Hacking Team and FinFisher is trying to get more people to "hack back" and fight "the system." For some, thanks to his targeted attacks and sophisticated political views, Phineas Fisher is quickly becoming the most influential hacktivist of the last few years. In response to his most recent hack where he released a 39-minute how-to video showing how to strip data from targeted websites, specifically a website of the Catalan police union, Phineas Fisher told Motherboard, "Everything doesn't have to be big. I wanted to strike a small blow at the system, teach a bit of hacking with the video, and inspire people to take action." Biella Coleman, professor at McGill University in Montreal, believes Phineas Fisher has a good chance of inspiring a new generation of hacktivists and "setting the stage for other hackers to follow in his footsteps." She says he has been better at choosing targets and justifying his actions with more rounded and sophisticated political and ethical views than Anonymous and LulzSec-inspired hackers. Phineas Fisher told Motherboard, "I don't want to be the lone hacker fighting the system. I want to inspire others to take similar action, and try to provide the information so they can learn how."
Iphone

Apple Sued Over iPhones Making Calls, Sending Email (fortune.com) 133

An anonymous reader quotes a report from Fortune: A company that seemingly does nothing but license patents or, if necessary, sue other companies to get royalties, has taken aim at Apple. But here's the kicker: the lawsuit alleges that Apple's last several iPhones and iPads violate a slew of patents related to seemingly standard features, including the ability to place calls as well as sending and receiving emails. A total of six patent infringement claims were brought against Apple by Corydoras Technologies on May 20, according to Apple-tracking site Patently Apple, which obtained a copy of the lawsuit. According to Patently Apple, the counts against Apple cover every iPhone dating back to the iPhone 4 and every iPad dating back to the iPad 2. In addition to taking issue with Apple's devices placing calls, the lawsuits also allege that the tech giant violates patents Corydoras holds related to video calling, which is similar to Apple's FaceTime, as well as displaying a person's geographic location through a feature like Find My iPhone and the ability to block unwanted calls. Last year, Apple was ordered to pay $533 million to Smartflash LLC for allegedly violating three patents related to copy protection.
Government

FBI Wants Biometric Database Hidden From Privacy Act (onthewire.io) 81

Trailrunner7 quotes a report from onthewire.io: The FBI is working to keep information contained in a key biometric database private and unavailable, even to people whose information is contained in the records. The database is known as the Next Generation Identification System (NGIS), and it is an amalgamation of biometric records accumulated from people who have been through one of a number of biometric collection processes. That could include convicted criminals, anyone who has submitted records to employers, and many other people. The NGIS also has information from agencies outside of the FBI, including foreign law enforcement agencies and governments. Because of the nature of the records, the FBI is asking the federal government to exempt the database from the Privacy Act, making the records inaccessible through information requests. From the report: "The bureau says in a proposal to exempt the database from disclosure that the NGIS should be exempt from the Privacy Act for a number of reasons, including the possibility that providing access 'could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another's personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.'" RT released a similar report on the matter.
The Almighty Buck

Amazon Stops Giving Refunds When an Item's Price Drops After You Purchase It (recode.net) 163

Amazon has for years issued refunds to users when the price of an item drops after they've purchased it. But lately the e-commerce giant hasn't been doing that on a number of products, except for televisions, according to price-tracking companies. Recode reports: The move may have something to do with the rise of startups that track prices for Amazon customers and automatically request refunds when appropriate. One of them, a Santa Monica-based startup called Earny that is backed by the startup incubator Science, first pointed out the change. Earny scours a customer's email inbox for digital receipts, and then continuously checks the price on a retailer's website to see if it drops.

Slashdot Top Deals