An anonymous reader quotes a report from Reuters: A U.S. government bureau set up to do "secret" and "top secret" security clearance investigations has turned for help to a private company whose login credentials were used in hack attacks that looted the personal data of 22 million current and former federal employees, U.S. officials said on Friday. Their confirmation of the hiring of KeyPoint Government Solutions by the new National Background Investigations Bureau (NBIB) comes just days ahead of the bureau's official opening, scheduled for next week. Its creation was spurred, in part, by the same hacks of the Office of Personnel Management that have been linked to the credentials of KeyPoint, one of four companies hired by the bureau. The officials asked not to be named when discussing sensitive information. A spokesman for OPM said the agency in the past has said in public statements and in congressional testimony that a KeyPoint contractor's stolen credentials were used by hackers to gain access to government personnel and security investigations records in two major OPM computer breaches. Both breaches occurred in 2014, but were not discovered until April 2015, according to investigators. One U.S. official familiar with the hiring of KeyPoint said personnel records were hacked in 2014 from KeyPoint and, at some point, its login credentials were stolen. But no evidence proves, the official said, that the KeyPoint credentials used by the OPM hackers were stolen in the 2014 KeyPoint hack. OPM officials said on Thursday one aim for NBIB is to reduce processing time for "top secret" clearances to 80 days from 170 days and for "secret" clearances to 40 days from 120 days.
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
After Newsweek published a report titled "How Donald Trump's Company Violated The United States Embargo Against Cuba," the site found itself on the receiving end of a "massive" denial-of-service attack that managed to shut down the site for several hours. TPM reports: Editor-In-Chief Jim Impoco noted that the attack came as the story earned national attention. "Last night we were on the receiving end of what our IT chief called a 'massive' DoS (denial of service) attack," Impoco wrote in an email to TPM. "The site was down most of last evening, at a time when Kurt Eichenwald's story detailing how Donald Trump's company broke the law by violating the U.S. trade embargo against Cuba was being covered extensively by prominent cable news programs. Our IT team is still investigating the hack." Later Friday afternoon, Impoco emailed TPM that in an initial investigation, the "main" IP addresses linked to the attack were found to be Russian. It should be noted that it is possible to fake an IP address. "As with any DDoS attack, there are lots of IP addresses, but the main ones are Russian, though that in itself does not prove anything," he wrote. "We are still investigating." Eichenwald tweeted Friday morning: "News: The reason ppl couldnt read #TrumpInCuba piece late yesterday is that hackers launched a major attack on Newsweek after it was posted."
An anonymous reader quotes a report from Ars Technica: Two lawyers and legal researchers based at Stanford University have formally asked a federal court in San Francisco to unseal numerous records of surveillance-related cases, as a way to better understand how authorities seek such powers from judges. This courthouse is responsible for the entire Northern District of California, which includes the region where tech companies such as Twitter, Apple, and Google, are based. According to the petition, Jennifer Granick and Riana Pfefferkorn were partly inspired by a number of high-profile privacy cases that have unfolded in recent years, ranging from Lavabit to Apple's battle with the Department of Justice. In their 45-page petition, they specifically say that they don't need all sealed surveillance records, simply those that should have been unsealed -- which, unfortunately, doesn't always happen automatically. The researchers wrote in their Wednesday filing: "Most surveillance orders are sealed, however. Therefore, the public does not have a strong understanding of what technical assistance courts may order private entities to provide to law enforcement. There are at least 70 cases, many under seal, in which courts have mandated that Apple and Google unlock mobile phones and potentially many more. The Lavabit district court may not be the only court to have ordered companies to turn over private encryption keys to law enforcement based on novel interpretations of law. Courts today may be granting orders forcing private companies to turn on microphones or cameras in cars, laptops, mobile phones, smart TVs, or other audio- and video-enabled Internet-connected devices in order to conduct wiretapping or visual surveillance. This pervasive sealing cripples public discussion of whether these judicial orders are lawful and appropriate."
An anonymous reader writes: Mozilla announced today Project Mortar, an initiative to explore the possibility of deploying alternative technologies in Firefox to replace its internal implementations. The project's first two goals are to test two Chrome plugins within the Firefox codebase. These are PDFium, the Chrome plugin for viewing PDF files, and Pepper Flash, Google's custom implementation of Adobe Flash. The decision comes as Mozilla is trying to cut down development costs, after Firefox took a nose dive in market share this year. "In order to enable stronger focus on advancing the Web and to reduce the complexity and long term maintenance cost of Firefox, and as part of our strategy to remove generic plugin support, we are launching Project Mortar," said Johnny Stenback, Senior Director Of Engineering at Mozilla Corporation. "Project Mortar seeks to reduce the time Mozilla spends on technologies that are required to provide a complete web browsing experience, but are not a core piece of the Web platform," Stenback adds. "We will be looking for opportunities to replace such technologies with other existing alternatives, including implementations by other browser vendors."
You don't need someone to point out to you that you probably spend too many hours on the internet. Maybe it's your job, maybe it's a growing habit, maybe it's both of them. An anonymous reader shared a link on Business Insider, in which an author named Roy Hessel shares what happened after he started to force himself to go offline for 24 hours every week. (He chose the duration between sundown on Friday to sunset on Saturday as the time for disconnect.) From the article:No emails, no calls, no Tweets, no tech, no matter what. For anyone who's struggling with finding time for self and family, I'd like to share what I've learned. For health, sanity, and happiness, I think it can make all the difference. It's not enough to carve out time in your schedule. You need to approach this blackout period with an unwavering belief in its benefit and a commitment to see it through. For me, this means abstaining from work and, in the deepest sense, simply resting. It grounds me and allows me to re-energize and focus on what's really important in my life. The key is to be unapologetic rather than aspirational about unplugging. As soon my family and I get home from our workweek, there's nothing, with the exception of a life and death situation, that would cause me to compromise that time. As far as business and my income is concerned, it can wait.We understand that not everyone wants or afford to go offline for a complete day, but do you also ensure that you are offline for a few hours everyday or every week or every month?
Paul Miller, a reporter at The Verge, went offline in 2012 for a complete year and shared his experience when he got back. You might find it insightful.
Paul Miller, a reporter at The Verge, went offline in 2012 for a complete year and shared his experience when he got back. You might find it insightful.
AT&T has confirmed to ArsTechnica that it is getting rid of Internet Preferences, a controversial program that analyzed home internet customers' web browsing habits in order to serve some targeted ads. From the report:"To simplify our offering for our customers, we plan to end the optional Internet Preferences advertising program related to our fastest Internet speed tiers," an AT&T spokesperson said. "As a result, all customers on these tiers will receive the best rate we have available for their speed tier in their area. We'll begin communicating this update to customers early next week." Data collection and targeted ads will be shut off, AT&T also confirmed. Since AT&T introduced Internet Preferences for its GigaPower fiber Internet service in 2013, customers had to opt into the traffic scanning program in order to receive the lowest available rate. Customers who wanted more privacy had to pay another $29 a month for standalone Internet access; bundles including TV or phone service could cost more than $60 extra when customers didn't opt in.
Orome1 quotes a report from Help Net Security: Despite high-profile, large-scale data breaches dominating the news cycle -- and repeated recommendations from experts to use strong passwords -- consumers have yet to adjust their own behavior when it comes to password reuse. A global Lab42 survey, which polled consumers across the United States, Germany, France, New Zealand, Australia and the United Kingdom, highlights the psychology around why consumers develop poor password habits despite understanding the obvious risk, and suggests that there is a level of cognitive dissonance around our online habits. When it comes to online security, personality type does not inform behavior, but it does reveal how consumers rationalize poor password habits. My personal favorite: password paradox. "The survey revealed that the majority of respondents understand that their digital behavior puts them at risk, but do not make efforts to change it," reports Help Net Security. "Only five percent of respondents didn't know the characteristics of a secure password, with the majority of respondents understanding that passwords should contain uppercase and lowercase letters, numbers and symbols. Furthermore, 91 percent of respondents said that there is inherent risk associated with reusing passwords, yet 61 percent continue to use the same or similar passwords anyway, with more than half (55 percent) doing so while fully understanding the risk." The report also found that when attempting to create secure passwords, "47 percent of respondents included family names or initials," while "42 percent contain significant dates or numbers and 26 percent use the family pet."
Google has renamed "Apps for Work" to "G Suite" to "help people everywhere work and innovate together, so businesses can move faster and go bigger." They have also added a bunch of new features, such as a "Quick Access" section for Google Drive for Android that uses machine learning to predict what files you're going to need when you open up the app, based off your previous behavior. Calendar will automatically pick times to set up meetings through the use of machine intelligence. Sheets is also using AI "to turn your layman English requests into formulas through its 'Explore' feature," reports The Next Web. "In Slides, Explore uses machine learning to dynamically suggest and apply design ideas, while in Docs, it will suggest backup research and images you can use in your musings, as well as help you insert files from your Drive account. Throughout Docs, Sheets, and Slides, you can now recover deleted files on Android from a new 'Trash' option in the side/hamburger menu." Google's cloud services will now fall under a new "Google Cloud" brand, which includes G Suite, Google Cloud Platform, new machine learning tools and APIs, and Google's various devices that access the cloud. Slashdot reader wjcofkc adds: I just received the following email from Google. When I saw the title, my first thought was that there was malware lying at the end -- further inspection proved it to be real. Is this the dumbest name change in the history of name changes? Google of all companies does not have to try so hard. "Hello Google Apps Customer, We created Google Apps to help people everywhere work and innovate together, so that your organization can move faster and achieve more. Today, we're introducing a new name that better reflects this mission: G Suite. Over the coming weeks, you'll see our new name and logo appear in familiar places, including the Admin console, Help Center, and on your invoice. G Suite is still the same all-in-one solution that you use every day, with the same powerful tools -- Gmail, Docs, Drive, and Calendar. Thanks for being part of the journey that led us to G Suite. We're always improving our technology so it learns and grows with your team. Visit our official blog post to learn more."
itwbennett writes from a report via CSO Online: After Yahoo raised eyebrows in the security community with its claim that state-sponsored hackers were responsible for the history-making breach, security firm InfoArmor now says it has evidence to the contrary. InfoArmor claims to have acquired some of the stolen information as part of its investigation into "Group E," a team of five professional hackers-for-hire believed to be from Eastern Europe. The database that InfoArmor has contains only "millions" of accounts, but it includes the users' login IDs, hashed passwords, mobile phone numbers and zip codes, said Andrew Komarov, InfoArmor's chief intelligence officer. Earlier this week, Chase Cunningham, director of cyber operations at security provider A10 Networks, called Yahoo's claim of state-sponsored actors a convenient, if trumped up, excuse: "If I want to cover my rear end and make it seem like I have plausible deniability, I would say 'nation-state actor' in a heartbeat." "Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations," Scottsdale, Arizona-based InfoArmor said Wednesday in a report. "The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur."
After recent bombings, the Federal Communications Commission has voted to update the four-year-old emergency smartphone alerts system, which is used by officials to ping smartphones to alert people of severe weather, missing children, terror attacks or other danger. Some of the new changes allow the system to send texts with links to pictures, maps and phone numbers. CNNMoney reports: The agency also voted to allow longer messages -- 360 characters, up from 90 -- and to require wireless providers to support Spanish-language alerts. Wireless carriers will be allowed to support embedded links later this year. They'll be required to next year. The system's limits were on display last week when millions of New Yorkers received a text alert seeking information on Ahmad Khan Rahami, suspected in bombings in New York and New Jersey. "See media for pic," the alert said. Emergency alerts still won't include embedded photos, but commissioners said they're open to the idea. "Vague directives in text about where to find information about a suspect, just as we saw in New York, are not good enough," said Jessica Rosenworcel, an FCC commissioner. "As we move into the 5G future, we need to ensure that multimedia is available in all of our alert messages." Not everyone was so sure. Michael O'Rielly, another commissioner, said adding links and multimedia could jam cell networks during emergencies.
An anonymous reader quotes a report from The Hill: Republican attorneys general in four states are filing a lawsuit to block the transfer of internet domain systems oversight from the U.S. to an international governing body. Texas Attorney General Ken Paxton, Arizona Attorney General Mark Brnovich, Oklahoma Attorney General Scott Pruitt and Nevada Attorney General Paul Laxalt filed a lawsuit on Wednesday night to stop the White House's proposed transition of Internet Assigned Numbers Authority (IANA) functions. The state officials cite constitutional concerns in their suit against the National Telecommunications and Information Administration, U.S. government and the Department of Commerce. "The Obama Administration's decision violates the Property Clause of the U.S. Constitution by giving away government property without congressional authorization, the First Amendment to the U.S. Constitution by chilling speech, and the Administrative Procedure Act by acting beyond statutory authority," a statement released by Paxton's office reads. The attorneys generals claim that the U.S. government is ceding government property, pointing to a Government Accountability Office (GAO) review that "concluded that the transition does not involve a transfer of U.S. government property requiring Congressional approval." Paxton also echoed Texas Sen. Ted Cruz's warnings that the transition could harm free speech on the internet by giving Russia, China and Iran a voice on the international governing body that would oversee internet domain systems. "Trusting authoritarian regimes to ensure the continued freedom of the internet is lunacy," Paxton said. "The president does not have the authority to simply give away America's pioneering role in ensuring that the internet remains a place where free expression can flourish."
You asked, he answered!
Raspberry Pi founder and CEO Eben Upton has responded to questions submitted by Slashdot readers. Read on for his answers.
Raspberry Pi founder and CEO Eben Upton has responded to questions submitted by Slashdot readers. Read on for his answers.
An anonymous reader quotes a report from Politico: The FBI concluded that a computer technician working on Clinton's email was not engaged in an illicit cover-up when he asked on the Reddit website for a tool that could delete a "VIP" email address throughout a large file, FBI Director James Comey said Wednesday. Republican lawmakers have suggested that the July 2014 Reddit post from a user believed to be Platte River Networks specialist Paul Combetta showed an effort to hide Clinton's emails from investigators. However, at a House Judiciary Committee hearing Wednesday, Comey said FBI agents concluded that all the computer aide was trying to do was replace Clinton's email address so it wouldn't be revealed to the public. "Our team concluded that what he was trying to do was when they produced emails not have the actual address but have some name or placeholder instead of the actual dot-com address in the 'From:' line," Comey said. Comey said he wasn't sure whether the FBI knew about the Reddit posting when prosecutors granted Combetta immunity to get statements from him about what transpired. However, he added that such a deletion wouldn't automatically be considered an effort to destroy evidence. "Not necessarily ... It would depend what his intention was and why he wanted to do it," the FBI director said.
Sperm bank? There's an app for that. The largest sperm bank in the United Kingdom -- the London Sperm Bank -- has released an official app that aims to "modernize the process of hooking prospective parents up with the biological material they need to make it happen," according to MIT Technology Review: The app is essentially just a mobile version of the filtered search function the London Sperm Bank offers on its website. But in doing something as simple as bringing its desktop services to mobile devices, the bank is making a play to further normalize reproductive technologies. The London Sperm Bank boasts that users will receive push notifications as soon as new donors are available, which could help speed things up for hopeful parents looking for a match. The road to conception can take years for people using reproductive technologies, so expediting any part of the process would be a welcome time-saver. But the bank has over 10,000 vials of sperm, so searching, even using filters, could still be a lengthy process. To combat this, the app also offers a wish list function that lets more focused users predetermine what they're looking for in a donor, and receive a notification when their criteria are met. The way the service works on mobile has been compared to Tinder, but there's actually no swiping involved. Its wish list function means it's more akin to apps like Anthology, which job seekers use to find their next career move. The report notes that, while there are other mobile sperm bank apps out there, the London Sperm Bank is the only one with several medical associations and the U.K. government's Human Fertilization and Embryology Authority on board. Also, the app is free to download, but the cost of ordering sperm is about $1,200 per order, which is the same as if you order through the London Sperm Bank catalogue.
According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.
Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.
CloudFlare has said it cannot shut down piracy websites. The CloudFlare's response comes two months after adult entertainment outfit ALS Scan filed a complaint at a California federal court two months ago in which the company accused the CDN service of various counts of copyright and trademark infringement. From a TorrentFreak report:"CloudFlare is not the operator of the allegedly infringing sites but is merely one of the many intermediaries across the internet that provide automated CDN services, which result in the websites in question loading a bit faster than they would if they did not utilize CDN services." If Cloudflare terminated the accounts of allegedly infringing websites, the sites themselves would still continue to exist. It would just require a simple DNS reconfiguration to continue their operation. "Indeed, there are no measures of any kind that CloudFlare could take to prevent this alleged infringement, because the termination of CloudFlare's CDN services would have no impact on the existence and ability of these allegedly infringing websites to continue to operate," Cloudflare writes. As such, the company argues that it's not "materially contributing" to any of the alleged copyright infringements.
An anonymous reader quotes a report from Bloomberg: Moscow city will replace Microsoft Corp. programs with domestic software on thousands of computers in answer to President Vladimir Putin's call for Russia's authorities to reduce dependence on foreign technology amid tensions with the U.S. and Europe. The city will initially replace Microsoft's Exchange Server and Outlook on 6,000 computers with an e-mail system installed by state-run carrier Rostelecom PJSC, Artem Yermolaev, head of information technology for Moscow, told reporters Tuesday. Moscow may expand deployment of the new software, developed by Russia's New Cloud Technologies, to as many as 600,000 computers and servers, and may also consider replacing Windows and Office, Yermolaev said. Putin is urging state entities and local companies to go domestic amid concerns over security and reliability after U.S. firms shut down paid services in Crimea following Russia's 2014 annexation. The plan poses a challenge to the likes of Microsoft, SAP SE and Oracle Corp. in the country's $3 billion software market. Adding to pressure, Putin's internet czar German Klimenko wants to raise taxes on U.S. technology companies to help Russian competitors such as Yandex NV and Mail.ru Group Ltd.
In what may be part of the original Democratic National Committee hack, the FBI is currently investigating a possible hack involving the cell phones of a small number of Democratic Party staffers. CNN reports: The development comes on the same day Homeland Security Secretary Jeh Johnson told lawmakers that 18 states have asked for help in warding off cyberattacks on their electronic voting systems. Law enforcement officials have reached out to the staffers individually about "imaging" their phones to search for evidence of hacking, such as malware. Investigators are still probing whether this attempted hack is part of the original breach of Democratic National Committee emails -- which is widely thought to be the work of the Russian government -- or a new hacking attempt. "Our struggle with the Russian hackers that we announced in June is ongoing -- as we knew it would be -- and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen," interim DNC Chairwoman Donna Brazile told CNN. Cybersecurity was a major theme at the debate last night between Republican nominee Donald Trump and Democratic nominee Hillary Clinton. While Clinton blamed the Russians for the "election-related cyberintrusions," Trump said "It could be Russia, but it could also be China. It could also be lots of other people. It could also be somebody sitting on their bed that weighs 400 pounds." We will update this story as it develops.
An anonymous reader quotes a report from TIME: The Anti-Defamation League (ADL) has declared a popular internet meme depicting a cartoon frog to be a hate symbol. Pepe the Frog's beginnings were unoffensive: he is the creation of comic book creator Matt Furie, who featured the frog as a character in the series Boy's Club beginning in 2005. The character subsequently became a beloved meme, often called the "sad frog meme" and shared with a speech bubble reading "Feels good man" or "Feels bad man." But recently, as the Daily Beast reported in May, the character has been co-opted by a faction of Internet denizens who decided to reclaim it from the mainstream, and began sharing it in anti-Semitic contexts. "Images of the frog, variously portrayed with a Hitler-like mustache, wearing a yarmulke or a Klan hood, have proliferated in recent weeks in hateful messages aimed at Jewish and other users on Twitter," the ADL wrote in a statement. "Once again, racists and haters have taken a popular Internet meme and twisted it for their own purposes of spreading bigotry and harassing users," wrote ADL CEO Jonathan A. Greenblatt.