aggregator

Apple Says It's Already Fixed Many WikiLeaks Security Issues

Slashdot - Your Rights Online - Cz, 2017-03-09 00:00
An anonymous reader quotes a report from USA Today: Apple says many of the vulnerabilities to its devices and software that came to light in WikiLeaks' revelations of CIA cyber weapons were already fixed in its latest updates. Late Tuesday, Apple emailed the following statement to USA TODAY: "Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates." For its part, Samsung emailed its own statement Wednesday: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."

Read more of this story at Slashdot.

Federal Criminal Probe Being Opened Into WikiLeaks' Publication of CIA Documents

Slashdot - Your Rights Online - Śr, 2017-03-08 20:00
A federal criminal investigation is being opened into WikiLeaks' publication of documents detailing alleged CIA hacking operations, CNN reports citing several U.S. officials. From the report: The officials said the FBI and CIA are coordinating reviews of the matter. The investigation is looking into how the documents came into WikiLeaks' possession and whether they might have been leaked by an employee or contractor. The CIA is also trying to determine if there are other unpublished documents WikiLeaks may have. The documents published so far are largely genuine, officials said, though they are not yet certain if all of them are and whether some of the documents may have been altered. One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas. Security expert Robert Graham, wrote on Tuesday: The CIA didn't remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There's no evidence of them doing so remotely over the Internet. The CIA didn't defeat Signal/WhatsApp encryption. The CIA has some exploits for Android/iPhone. If they can get on your phone, then, of course they can record audio and screenshots. Technically, this bypasses/defeats encryption -- but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening. [...] This hurts the CIA a lot. Already, one AV researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak. We can develop anti-virus and intrusion-detection signatures based on this information that will defeat much of what we read in these documents. This would put a multi-year delay in the CIA's development efforts. Plus, it'll now go on a witch-hunt looking for the leaker, which will erode morale.

Read more of this story at Slashdot.

Big Tech Lobbying Is On the Verge of Killing Right To Repair Legislation In Minnesota

Slashdot - Your Rights Online - Śr, 2017-03-08 19:20
Jason Koebler, writing for Motherboard: Statehouse employees in Minnesota say that lobbying efforts by big tech companies and John Deere are on the verge of killing right to repair legislation in the state that would have made it easier for consumers and small businesses to fix their electronics. According to two of the bill's sponsors, the bill, which would have introduced "fair repair" requirements for manufacturers in the state, will not get a hearing that's necessary to move the legislation forward. Minnesota Senate rules automatically kills any bills that do not have a hearing scheduled by a certain date (this year, it's March 10). Last year, tech industry lobbying killed a similar bill in New York. "Unfortunately, it's not going to make deadline this session," Republican Sen. David Osmek, one of the sponsors, told me in an email. Osmek would not give additional specifics about his colleagues' concerns with the bill, but a legislative assistant for the bill's other sponsor told me that electronic manufacturer lobbying is likely to blame, while another source close to the legislature told me that tractor manufacturer John Deere -- a long time enemy of fair repair -- helped kill the bill as well.

Read more of this story at Slashdot.

Hey CIA, You Held On To Security Flaw Information -- But Now It's Out. That's Not How It Should Work

Slashdot - Your Rights Online - Śr, 2017-03-08 16:40
Cindy Cohn, writing for EFF: The dark side of this story is that the documents confirm that the CIA holds on to security vulnerabilities in software and devices -- including Android phones, iPhones, and Samsung televisions -- that millions of people around the world rely on. The agency appears to have failed to accurately assess the risk of not disclosing vulnerabilities to responsible vendors and failed to follow even the limited Vulnerabilities Equities Process. As these leaks show, we're all made less safe by the CIA's decision to keep -- rather than ensure the patching of -- vulnerabilities. Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans.

Read more of this story at Slashdot.

WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault 7'

Slashdot - Your Rights Online - Śr, 2017-03-08 02:45
Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux. 2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s). 3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on. 4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them. 5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest. 6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said. You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."

Read more of this story at Slashdot.

Ask Slashdot: How Do You Best Protect Client Files From Wireless Hacking?

Slashdot - Your Rights Online - Śr, 2017-03-08 02:05
dryriver writes: A client has given you confidential digital files containing a design for a not-yet-public consumer product. You need to work on those files on a Windows 10 PC that has a wireless chipset built into it. What can you do, assuming that you have to work under Windows 10, that would make 3rd party wireless access to this PC difficult or impossible? I can imagine that under a more transparent, open-source, power-user OS like Linux, it would be a piece of cake to kill all wireless access completely and reliably even if the system contains wireless hardware. But what about a I-like-to-phone-home-sometimes, non open-source OS like Windows 10 that is nowhere near as open and transparent? Is there a good strategy for making outside wireless access to a Windows 10 machine difficult or impossible?

Read more of this story at Slashdot.

Trump Renominates Ajit Pai For Five More Years at the FCC

Slashdot - Your Rights Online - Śr, 2017-03-08 00:40
According to Axios, Bloomberg, and several other publications, President Trump has nominated FCC chairman Ajit Pai for a second five-year term at the commission. "Pai's current term ended last June, though he's been able to stick around through the end of the year even without reconfirmation," reports The Verge. From the report: The nomination comes just days after Pai sat down with the president for a meeting, during which they're said to have "reconnected" but without actually discussing anything the commission is actively considering. Pai will need confirmation from the Senate for the nomination to be approved. He was first nominated in 2012 to fill the slot of a commissioner. With approval, he'll be able to stick around through at least the entirety of Trump's current term. The question now is when Trump will nominate people to fill the two slots still vacant at the commission. The FCC remains short staffed, with only three out of five seated leaders, which somewhat limits how quickly Pai is able to get through his agenda.

Read more of this story at Slashdot.

China's ZTE Pleads Guilty, Will Pay $1.19 Billion For Violating US Trade Sanctions

Slashdot - Your Rights Online - Wt, 2017-03-07 23:20
An anonymous reader quotes a report from Reuters: Chinese telecom equipment maker ZTE Corp will plead guilty and pay $1.19 billion ($892 million in the Iran case) to settle allegations it violated U.S. laws that restrict the sale of American-made technology to Iran and North Korea, the company and U.S. government agencies said on Tuesday. ZTE entered into an agreement to plead guilty to conspiring to violate the International Emergency Economic Powers Act, obstruction of justice and making a material false statement, the U.S. Justice Department said. The Commerce Department investigation followed reports by Reuters in 2012 that ZTE had signed contracts to ship millions of dollars worth of hardware and software from some of the best-known U.S. technology companies to Iran's largest telecoms carrier. Between January 2010 and January 2016, ZTE directly or indirectly shipped approximately $32 million of U.S.-origin items to Iran without obtaining the proper export licenses from the U.S. government. ZTE then lied to federal investigators during the investigation when it insisted that the shipments had stopped, Justice said. It also took actions involving 283 shipments of controlled items to North Korea, authorities said. Shipped items included routers, microprocessors and servers controlled under export regulations for security, encryption and anti-terrorism reasons.

Read more of this story at Slashdot.

WikiLeaks Reveals CIA's Secret Hacking Tools and Spy Operations

Slashdot - Your Rights Online - Wt, 2017-03-07 16:41
Mark Wilson, writing for BetaNews: WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive. The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe. WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. In a statement, WikiLeaks said CIA has tools to bypass the encryption mechanisms imposed by popular instant messenger apps Signal, Confide, WhatsApp (used by more than a billion people), and Telegram.

Read more of this story at Slashdot.

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018

Slashdot - Your Rights Online - Wt, 2017-03-07 15:00
prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.

Read more of this story at Slashdot.

Amazon Shares Data With Arkansas Prosecutor In Murder Case

Slashdot - Your Rights Online - Wt, 2017-03-07 04:05
An anonymous reader quotes a report from Associated Press: Amazon dropped its fight against a subpoena issued in an Arkansas murder case after the defendant said he wouldn't mind if the technology giant shared information that may have been gathered by an Amazon Echo smart speaker. James Andrew Bates has pleaded not guilty to first-degree murder in the death of Victor Collins, who was found dead in a hot tub at Bates' home. In paperwork filed Monday, Bates said Amazon could share the information and Amazon said it handed over material on Friday. The Echo "listens" for key words and may have recorded what went on before Collins was found dead in November 2015. Amazon had fought a subpoena, citing its customers' privacy rights. A hearing had been set for Wednesday on whether any information gathered was even pertinent.

Read more of this story at Slashdot.

Sprint 'Betting Big On Trump,' Could Merge With T-Mobile Or Comcast

Slashdot - Your Rights Online - Pn, 2017-03-06 23:20
An anonymous reader quotes a report from Ars Technica: Speculation that Sprint will merge with T-Mobile USA or another competitor has ramped up since the inauguration of President Donald Trump. That continued Friday when a report from The New York Times suggested that Sprint could be combined with either T-Mobile or Comcast, the nation's largest cable company. Masayoshi Son, founder and CEO of Sprint owner SoftBank, "and his financial advisers are weighing several major possible deals for Sprint," the Times wrote. "Be it a tie-up with T-Mobile U.S., Sprint's closest competitor, or a more ambitious marriage with the cable colossus Comcast, a transaction would allow Mr. Son to fulfill a long-held ambition to invest aggressively in wireless networks in the United States and enable next-generation mobile technology." Titled "The World's Top Tech Investor Is Betting Big on Trump," the Times report says that "the Trump administration's push for lighter regulation and lower taxes has been a powerful lure for cash-rich investors the world over." SoftBank, which is based in Japan, had several of its executives "spen[d] a day in Washington talking to senior members of Mr. Trump's economic team" last month, according to bankers who were briefed on the meetings, the Times report said. U.S. regulators opposed wireless consolidation during the Obama administration, preventing potential mergers between AT&T and T-Mobile and later between Sprint and T-Mobile. With four major nationwide carriers, U.S. wireless competition recently led to an expansion of unlimited data plans.

Read more of this story at Slashdot.

Streaming Pirate Content Isn't Illegal, UK Trading Standards Says

Slashdot - Your Rights Online - Pn, 2017-03-06 22:00
Every day millions of people use PCs, tablets, phones and Kodi-style devices to stream pirated content, but is it illegal? According to Trading Standards, local UK authorities tasked with investigating commercial organizations, if users only stream and don't download, they're likely exempt from copyright law. An anonymous reader shares a TorrentFreak report: "Accessing premium paid-for content without a subscription is considered by the industry as unlawful access, although streaming something online, rather than downloading a file, is likely to be exempt from copyright laws," the spokesperson added. This statement certainly carries some weight. Although in a different region of the UK, Trading Standards is the driving force behind the prosecution of Kodi box seller Brian Thompson who entered a not guilty plea in January. He'll face a trial in a couple of months but it now seems more clear than ever that his customers and millions like them around the country are not breaking the law, a position that's shared by the EU Commission.

Read more of this story at Slashdot.

New York State To Launch Electric Vehicle Rebate

Slashdot - Your Rights Online - Pn, 2017-03-06 21:20
An anonymous reader shares an AP report: New York state will soon launch a rebate intended to make electric vehicles more price competitive with traditional cars. Officials said they'll launch the initiative by April 1. The rebate of up to $2,000 will be available for zero-emission and plug-in electric hybrid vehicles. It's part of an effort to reduce automotive carbon emissions, the state's largest climate change contributor. "We want to make electric vehicles a mainstream option," said state Assemblywoman Amy Paulin, a Westchester County Democrat who leads the Assembly energy committee. "They are becoming more affordable and we need to encourage them." Environmentalists supported the rebate when it was approved by lawmakers in 2016 and have been eagerly awaiting the launch.

Read more of this story at Slashdot.

Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation

Slashdot - Your Rights Online - Pn, 2017-03-06 20:40
One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37bn email addresses thanks to a faulty backup. From a report: A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security." Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected." The leaked, and unprotected, database is what's behind the sending of over a billion spam emails every day -- helped, as Vickery points out, by "a lot of automation, years of research, and fair bit of illegal hacking techniques." But it's more than a database that has leaked -- it's River City Media's entire operation.

Read more of this story at Slashdot.

Exploit that Caused iPhones To Repeatedly Dial 911 Reveals Grave Cybersecurity Threat, Say Experts

Slashdot - Your Rights Online - Pn, 2017-03-06 17:20
Ben Lovejoy, writing for 9to5Mac: We reported back in October on an iOS exploit that caused iPhones to repeatedly dial 911 without user intervention. It was said then that the volume of calls meant one 911 center was in 'immediate danger' of losing service, while two other centers had been at risk -- but a full investigation has now concluded that the incident was much more serious than it appeared at the time. It was initially thought that a few hundred calls were generated in a short time, but investigators now believe that one tweeted link that activated the exploit was clicked on 117,502 times, each click triggering a 911 call. The WSJ reports that law-enforcement officials and 911 experts fear that a targeted attack using the same technique could prove devastating. Of the 6,500 911 call centers nationwide, just 420 are believed to have implemented a cybersecurity program designed to protect them from this kind of attack.

Read more of this story at Slashdot.

The US Waged A Secret Cyber War Against North Korean Missiles

Slashdot - Your Rights Online - Pn, 2017-03-06 07:14
Early Monday morning North Korea fired four ballistic missiles into the sea of Japan, lending a new urgency to Saturday's revelation from the New York Times of America's "secret cyberwar" with North Korea. Slashdot reader Frosty Piss summarizes its suspected effects succinctly: "Soon after ex-President Obama ordered the secret program three years ago, North Korean missiles began exploding, veering off course, or crashing into the sea." The Times reports the program was started when Obama "concluded that the $300 billion spent since the Eisenhower era on traditional anti-missile systems...had failed the core purpose of protecting the continental United States," with tests of missile interceptors showing an overall failure rate of at least 56%. But after interviewing government officials, the Times concludes that the U.S. "still does not have the ability to effectively counter the North Korean nuclear and missile programs." Options include escalating the cyber and electronic warfare, trying to negotiate a freeze, asking the Chinese to cut off trade and support, or preparing for direct missile strikes on the launch sites, "which Obama also considered, but there is little chance of hitting every target." The New York Times article concludes: The White House is looking at military options against North Korea, a senior Trump administration official said. Putting U.S. tactical nuclear weapons back in South Korea -- they were withdrawn a quarter-century ago -- is also under consideration, even if that step could accelerate an arms race with the North.

Read more of this story at Slashdot.