aggregator

Inspector General Says NSA Still Hasn't Implemented Its Post-Snowden Internal Security Measures

Slashdot - Your Rights Online - Cz, 2018-08-02 05:30
An anonymous reader quotes a report form Techdirt: In the immediate aftermath of an NSA contractor springing numerous leaks back in 2013, the NSA vowed this would never happen again. It has happened again and it hasn't just been documents. It's also been software exploits, which contributed to a worldwide plague of ransomware. The NSA was going to make sure no one could just walk out of work with thousands of sensitive documents. It laid out a plan to exercise greater control over access and fail safe procedures meant to keep free-spirited Snowdens in check. The NSA is the world's most powerful surveillance agency. It is also a sizable bureaucracy. Over the past half-decade, the NSA has talked tough about tighter internal controls. But talk is cheap -- at least labor-wise. Actual implementation takes dedication and commitment. The NSA just doesn't have that in it, according to a recent Inspector General's report: "The nation's cyber spy agency is suffering from substantial cyber vulnerabilities, according to a first-of-its-kind unclassified audit overview from the agency's inspector general released Wednesday. Those vulnerabilities include computer system security plans that are inaccurate or incomplete, removable media that aren't properly scanned for viruses, and an inadequate process for tracking the job duties of National Security Agency cyber defenders to ensure they're qualified for the highest-level work they do, according to the overview."

Read more of this story at Slashdot.

Canada's Ontario Government Ends Basic Income Project

Slashdot - Your Rights Online - Cz, 2018-08-02 04:05
Lisa MacLeod, Progressive Conservative member and Children, Community and Social Services Minister of the Legislative Assembly of Ontario, said Tuesday that she would end the city's basic income pilot project, calling it expensive and "clearly not the answer for Ontario families." Few details are available as to how the project will come to an end, but MacLeod said her government will end the program "ethically" for anyone who is currently enrolled. Slashdot reader kenh shares an excerpt from a CBC.ca report: Close to 4,000 people were enrolled in the basic income pilot program in Thunder Bay, Lindsay, Hamilton, Brantford and Brant County. The pilot project started in April 2017. It was originally set to last three years, and explore the effectiveness of providing a basic income to those living on low incomes -- whether they were working or not. Under the project, a single person could have received up to about $17,000 a year, minus half of any income he or she earned. "A couple could have received up to $24,000 per year." People with disabilities could have received an additional $6,000.

Read more of this story at Slashdot.

Google Categorically Refuses To Remove the Pirate Bay's Homepage

Slashdot - Your Rights Online - Cz, 2018-08-02 02:03
An anonymous reader quotes a report from TorrentFreak: This year alone, at least 15 separate takedown notices ask Google to remove ThePirateBay.org from its index. Most of these are sent by the reporting agency Digimarc, on behalf of book publishers such as Penguin Random House, Kensington Publishing, and Recorded Books. This year alone, at least 15 separate takedown notices ask Google to remove ThePirateBay.org from its index. Most of these are sent by the reporting agency Digimarc, on behalf of book publishers such as Penguin Random House, Kensington Publishing, and Recorded Books. Over the years, The Pirate Bay's homepage has been targeted more than 70 times. While there's no shortage of reports, TPB's homepage is still in Google's index. Since TPB's homepage is not infringing, Google categorically refuses to remove it from its search results. While the site itself has been downranked, due to the high number of takedown requests Google receives for it, ThePirateBay.org remains listed. Google did remove The Pirate Bay's homepage in the past, by accident, but that was swiftly corrected. "Google received a (Digital Millennium Copyright Act) take-down request that erroneously listed Thepiratebay.org, and as a result, this URL was accidentally removed from the Google search index," Google said at the time. "We are now correcting the removal, and you can expect to see Thepiratebay.org back in Google search results this afternoon," the company added.

Read more of this story at Slashdot.

US Indicts Ukrainian Hackers Who Stole Millions of Credit and Debit Card Numbers

Slashdot - Your Rights Online - Śr, 2018-08-01 21:20
Three Ukrainians associated with the hacking group FIN7 have been arrested in Europe in connection with hacks of more than 100 U.S. companies that led to tens of millions of dollars in losses, Reuters reported Wednesday, citing U.S. officials and court documents. From the report: Fin7 has been linked to breaches affecting hotels bearing the name of U.S. President Donald Trump, Whole Foods, Chipotle, Saks Fifth Avenue and Lord & Taylor, according to cyber security firm Trend Micro. The suspects, Fedir Hladyr, Dmytro Fedorov and Andrii Kolpakov, were arrested in Europe between January and June of this year, the Justice Department said on Wednesday. Hladyr is in U.S. custody and U.S. authorities are seeking extradition of the other two, the department said. The three were arrested in connection with computer hacks to steal customer payment card data and other information from more than 100 U.S. companies, the department said.

Read more of this story at Slashdot.

A Hacker Broke Into a Few of Reddit's Systems and Managed To Access Some User Data, Company Says

Slashdot - Your Rights Online - Śr, 2018-08-01 19:30
A hacker broke into a few of Reddit's systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords, Reddit said Wednesday. From the announcement: Since then we've been conducting a painstaking investigation to figure out just what was accessed, and to improve our systems and processes to prevent this from happening again. Reddit says the incident occurred between June 14 and June 18 when the hacker "compromised a few of our employees' accounts with our cloud and source code hosting providers." Interestingly, even as Reddit employees maintain 2FA on their accounts, the attacker managed to get access to their data. "We learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept," the company said. The company says it has a reason to believe the attacker had access to the following data: All Reddit data from 2007 and before including account credentials and email addresses. What was accessed: A complete copy of an old database backup containing very early Reddit user data -- from the site's launch in 2005 through May 2007. In Reddit's first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + salted hashed passwords), email addresses, and all content (mostly public, but also private messages) from way back then. How to tell if your information was included: We are sending a message to affected users and resetting passwords on accounts where the credentials might still be valid. If you signed up for Reddit after 2007, you're clear here.

Read more of this story at Slashdot.

Call Me, Comrade: The Surprise Rise of North Korean Smartphones

Slashdot - Your Rights Online - Śr, 2018-08-01 17:20
Tia Han, reporting for NK News: 2018 marks the tenth year that cellphones have been legally available in North Korea. The number of users has been growing significantly since then, but overall use remains low: according to the country's state-run Sogwang outlet in January, more than 3.5 million -- out of a population of 25 million -- have mobile subscriptions. "We started providing the 3G service in December 2008, so this year marks the 10th year of the service," Han Jong Nye, from the Arirang Information and Technology Center in Future Scientist Street in Pyongyang, was quoted as having said in Sogwang in January. "The demand for mobile phones is growing larger and larger." [...] North Korean mobile users cannot access the worldwide internet, of course: use is limited to the country's state-run intranet. Reports suggest various kinds of applications are now accessible for mobile users -- from games to shopping -- several state-run North Korean outlets have reported on their recent technological development, often with a great deal of emphasis on their local origins. State media suggests that North Koreans are playing games, reading books, listening to music, doing karaoke, learning to cook, and even increasing crop output on their smartphones. [...] Since the majority of smartphone users do not have an access to the internet, according to one expert, users have to go to a technology service center where technicians install apps to their cell phone. "Most mobile users do not have data service even if they buy a smartphone, so they have to be happy with pre-loaded apps such as games and dictionaries," Yonho Kim, a non-resident fellow at Korea Economic Institute, told NK News.

Read more of this story at Slashdot.

Microsoft Launches Pilot Program To Provide Cybersecurity Protection To Political Campaigns and Election Authorities

Slashdot - Your Rights Online - Śr, 2018-08-01 16:40
An anonymous reader shares a report: Microsoft has launched a pilot program aimed at providing cybersecurity protection for political campaigns and election authorities. The pilot program -- named AccountGuard -- was launched at the end of July, Bleeping Computer has learned, and was set in motion for the 2018 US midterm elections. According to the pilot's website, AccountGuard "provides additional security and threat monitoring for Microsoft accounts belonging to participating US campaigns, political committees, campaign tech vendors, and their staff, who are likely to be at a higher risk in the lead up to elections." Microsoft is now running a website where participants in the 2018 US midterm elections can sign up for this increased protection. According to the portal, participation is offered on a non-partisan basis and is by invitation only. Users from the following organizations are eligible to participate: (1) US-based political campaigns (2) US-based political committees (3) Select campaign technology vendors (4) Select individuals may also participate, if invited by eligible campaigns and affiliated organizations Last month, Microsoft said they had detected and helped block hacking attempts -- the first known example of cyber interference in the midterm elections -- against three congressional candidates this year. On Tuesday, Facebook said it was blocking more than two dozen pages that it believed were part of an ongoing political influence campaign.

Read more of this story at Slashdot.

Google Plans To Launch Censored Search Engine In China, Leaked Documents Reveal

Slashdot - Your Rights Online - Śr, 2018-08-01 16:00
Google is planning to launch a censored version of its search engine in China that will blacklist websites and search terms about human rights, democracy, religion, and peaceful protest, The Intercept reported Wednesday, citing leaked documents and people familiar with the matter. From the report: The project -- code-named Dragonfly -- has been underway since spring of last year, and accelerated following a December 2017 meeting between Google's CEO Sundar Pichai and a top Chinese government official, according to internal Google documents and people familiar with the plans. Teams of programmers and engineers at Google have created a custom Android app, different versions of which have been named "Maotai" and "Longfei." The app has already been demonstrated to the Chinese government; the finalized version could be launched in the next six to nine months, pending approval from Chinese officials. The planned move represents a dramatic shift in Google's policy on China and will mark the first time in almost a decade that the internet giant has operated its search engine in the country. Google's search service cannot currently be accessed by most internet users in China because it is blocked by the country's so-called Great Firewall. The app Google is building for China will comply with the country's strict censorship laws, restricting access to content that Xi Jinping's Communist Party regime deems unfavorable. [...] When a person carries out a search, banned websites will be removed from the first page of results, and a disclaimer will be displayed stating that "some results may have been removed due to statutory requirements." Examples cited in the documents of websites that will be subject to the censorship include those of British news broadcaster BBC and the online encyclopedia Wikipedia.

Read more of this story at Slashdot.

Judge Blocks Release of Blueprints For 3D-Printed Guns

Slashdot - Your Rights Online - Śr, 2018-08-01 04:10
U.S. District Judge Robert Lasnik issued a temporary restraining order Tuesday to stop the release of blueprints to make untraceable and undetectable 3D-printed plastic guns, saying they could end up in the wrong hands. Defense Distributed reached a settlement with the federal government in late June allowing them to freely publish the 3D files. NBC News reports: "There is a possibility of irreparable harm because of the way these guns can be made," he said. Congressional Democrats have urged President Donald Trump to reverse the decision to let Defense Distributed publish the plans. Trump said Tuesday that he's "looking into" the idea, saying making 3D plastic guns available to the public "doesn't seem to make much sense!" Eight Democratic attorneys general had filed a lawsuit Monday seeking to block the federal government's settlement with Defense Distributed. They also sought the restraining order, arguing the 3D guns would be a safety risk. Earlier today, Senate Democrats introduced two bills addressing 3D-printed guns. The first bill would make it illegal to publish 3D-printed gun blueprints. The second bill would require weapons to include at least one metal component with a serial number to make them traceable. Downloads of the 3D-printed gun blueprints have been suspended until Cody Wilson [the owner of Defense Distributed] reviews Lasnik's order. It is unclear how many times the blueprints were downloaded, but some news outlets say the online manuals have been downloaded thousands of times and posted elsewhere online.

Read more of this story at Slashdot.

Facebook Shuts Off Access To User Data For Hundreds of Thousands of Apps

Slashdot - Your Rights Online - Śr, 2018-08-01 02:03
In a blog post, Facebook said that it's shutting off access to its application programming interface for hundreds of thousands of inactive apps. This interface is what lets app developers access user data. The Verge reports: The company had set an August 1st deadline back in May, during its F8 developer conference, for developers and businesses to re-submit apps to an internal review, a process that involves signing new contracts around user data collection and verifying one's authenticity. The goal is to ensure third-party software on Facebook was in line with the company's data privacy rules and new restrictions put in place in the wake of the Cambridge Analytica scandal, in which a third-party developer siphoned user data and sold it to another firm in violation of Facebook's terms of service. Now, after it identified numerous apps that were either inactive or from developers who had not submitted the software for review, Facebook is cutting off those apps' access to its Platform API.

Read more of this story at Slashdot.

DHS Forms New Cyber Hub To Protect Critical US Infrastructure

Slashdot - Your Rights Online - Wt, 2018-07-31 22:04
The Department of Homeland Security announced on Tuesday the creation of a new center aimed at guarding the nation's banks, energy companies and other industries from major cyberattacks that could cripple critical infrastructure. From a report: The launch of the National Risk Management Center was unveiled by DHS Secretary Kirstjen Nielsen at a government-hosted cyber summit in New York City, at which Vice President Mike Pence and several other cabinet secretaries are expected to speak. In prepared remarks, Ms. Nielsen said that cyber threats now posed a greater threat to the country than physical attacks. DHS was founded 15 years ago to prevent another Sept. 11, 2001, Ms. Nielsen said, but "today I believe the next major attack is more likely to reach us online than on an airplane." The center's creation was motivated by a growing recognition in government that sophisticated cyberattacks, particularly those deployed by foreign adversaries, can not only harm a company or industry but can cause systemic failure across society, Chris Krebs, DHS's top cyber official, said in an interview.

Read more of this story at Slashdot.

How an Ex-Cop Rigged McDonald's Monopoly Game and Stole Millions

Slashdot - Your Rights Online - Wt, 2018-07-31 20:40
An anonymous reader shares a report: In August 22, 2001, Jerome Jacobson, director of security for a subcontracting company called Simon Marketing, was arrested along with eight co-conspirators for orchestrating a massive scheme to defraud McDonald's Monopoly promotion out of more than $24 million. Jeff Maysh of The Daily Beast tells the inside story in 8,800 words. Between 1989 and 2001, "Uncle Jerry" used his position as the head of the McDonald's Monopoly account to steal winning "pieces" worth between $10,000 and $1 million. He proceeded to gift the pieces to family members and a growing network of associates -- which included "mobsters, psychics, strip club owners, convicts, drug traffickers, and even a family of Mormons" -- in exchange for a cut of the laundered winnings. A former police officer known for his attention to detail, Jacobson was personally responsible for overseeing the printing of paper game pieces, cutting out the winning tickets, and transporting them to McDonald's packaging factories throughout the country. Read the full story here.

Read more of this story at Slashdot.

Concert Ticket Retailer AXS Collects Personally Identifiable Data Through Its App, Which is Mandatory To Download, and Sells It To 3rd Party Without Anonymizing

Slashdot - Your Rights Online - Wt, 2018-07-31 17:57
AXS, a digital marketplace operated by Anschutz Entertainment Group (AEG), is the second largest presenter of live events in the world after Live Nation Entertainment (i.e. Ticketmaster). Paris Martineau of The Outline reports that the company forces customers to download a predatory app which goes on to snatch up a range of personally identifiable data and sells it to a range of companies, including Facebook and Google, without ever anonymizing or aggregating them. From the report: The company requires users to download an app to use any ticket for a concert, game, or show bought through AXS, and it doesn't come cheap. AXS uses a system called Flash Seats, which relies on a dynamically generated barcode system (read: screenshotting doesn't work) to fight off ticket scalping and reselling. [...] Here's a brief overview of all of the information that can be collected from just the mobile app alone, nearly all of which is shared with third parties without being anonymized or aggregated: first and last name, precise location (as determined by GPS, WiFi, and other means), how often the app is used, what content is viewed using the app, which ads are clicked, what purchases are made (and not made), a user's personal advertising identifier, IP address, operating system, device make and model, billing address, credit card number, security code, mailing address, phone number, and email address, among many others. [...] AXS also shares the personal data collected on its customers with event promoters and other clients, none of whom are bound even by this (extremely lax) privacy policy.

Read more of this story at Slashdot.

Senate Democrat Floats First Serious Proposals For Regulating Big Tech

Slashdot - Your Rights Online - Wt, 2018-07-31 05:30
On Monday, Senator Mark Warner published 20 proposals on how to regulate big tech platforms. What's interesting is that none of the proposals call for breaking up the pseudo-monopolies. Instead, they aim to start a substantive debate by laying out different paths to address problems posed by the platforms. Gizmodo reports: What may be more important than the individual proposals themselves is that the document is at least trying to organize a holistic way of thinking about the issues now on the table. It breaks down the areas that need addressing into the promotion of disinformation, privacy and consumer protection, and ensuring competition in the marketplace. Just to highlight a few of the good issues on the table, the white paper blessedly brings the conversation back to privacy and data ownership -- something that seems to have been lost as the conversation has turned to content moderation. The easiest recommendation is to implement what it calls "GDPR-like" data protection legislation that would give Americans similar data rights as EU citizens gained in May. The jury is still out on the long-term consequences of those reforms, but they require greater transparency and consent for a company's terms of service, along with many more tools for keeping track of what information a company collects on you. On the competition side of things, the proposal suggests a data-transparency bill that would give users a more granular idea of how their data is being used and how much its worth to an individual platform. One concern it addresses is that platforms expand how they monetize a person's data while the user is often unaware of how much they're actually giving up, value-wise, when they agree to hand over their data in exchange for a particular service. Another benefit would be that regulators would have a better idea of what they're evaluating in antitrust enforcement cases. The proposals relating to disinformation are a little more worrisome. A requirement that platforms "clearly and conspicuously label bots" wouldn't be so bad, but it's a daunting task and opens up the potential for false positives. Likewise, demanding networks identify a user's true identity is unrealistic, and the option of anonymity online should be protected. Axios was first to publish the list of 20 proposals compiled by Warner's staff. Is there a proposal that resonates with you? If not, how would you regulate the Big Tech platforms?

Read more of this story at Slashdot.

20 States Take Aim At 3D Gun Company, Sue To Get Files Off the Internet

Slashdot - Your Rights Online - Pn, 2018-07-30 23:30
An anonymous reader quotes a report from Ars Technica: Twenty states announced Monday that they plan to ask a federal judge in Seattle to immediately issue a temporary restraining order against Defense Distributed, a Texas-based group that has already begun making 3D-printer gun files available on its DEFCAD website after a recent legal settlement with the US State Department. "After almost 18 months I was skeptical that there was anything else that this administration would do that would truly shock me, but they have," Washington Attorney General Bill Ferguson told reporters assembled in Olympia and by phone. "Frankly, it is terrifying... We think that it is important to put a stop to this right away and make it as difficult as humanly possible to access this information." The new lawsuit, which Ferguson explained will be filed "within hours," comes just one day after Defense Distributed voluntarily agreed to block IP addresses from Pennsylvania after that state's attorney general filed a similar motion in federal court there. "Pennsylvania is still suing and we are still responding," Defense Distributed's founder, Cody Wilson, told Ars. Preemptively on Sunday, Defense Distributed sued the attorney general of New Jersey and the city attorney of Los Angeles to stop those lawsuits, largely on First Amendment grounds. In this new 20-state initiative, the Washington attorney general argued that the State Department settlement violated the Administrative Procedure Act and also infringed upon states' Tenth Amendment right to regulate firearms within their own states. Ferguson pointed out, for example, people convicted of domestic abuse are flagged when they attempt to legally buy a gun. Allowing anyone to download and manufacture their own gun circumvents that process, he said. But Wilson told Ars it may be too late, as the files went up last Friday evening -- days before he said he would resume publishing them on August 1.

Read more of this story at Slashdot.

Cops Accuse 20-Year-Old College Student of Stealing More Than $5 Million in Bitcoin by Hijacking Phone Numbers

Slashdot - Your Rights Online - Pn, 2018-07-30 20:10
California authorities say a 20-year-old college student hijacked more than 40 phone numbers to steal $5 million in Bitcoin, including some from cryptocurrency investors at a blockchain conference Consensus. Motherboard, which broke the story citing court documents: This is the first reported case of an alleged hacker who was using SIM swapping (also known as SIM hijacking or Port Out Scam) specifically to target people in the blockchain and cryptocurrency worlds. Joel Ortiz was arrested at the Los Angeles International Airport on his way to Europe, according to sources close to the investigation, who said Ortiz was flashing a Gucci bag as part of a recent spending spree they believe was financed by the alleged crimes. He is facing 28 charges: 13 counts of identity theft, 13 counts of hacking, and two counts of grand theft, according to the complaint filed against him on the day before his arrest.

Read more of this story at Slashdot.

Several Small Countries and Territories Have Passed Laws, or Have Legislation in the Works, To Make Themselves More Welcoming To Cryptocurrency Companies

Slashdot - Your Rights Online - Pn, 2018-07-30 17:21
The race is on to become the go-to destination for cryptocurrency companies that are looking for shelter from regulatory uncertainty in the United States and Asia, the New York Times reports. From the report: In Malta, the government passed three laws on July 4 so companies can easily issue new cryptocurrencies and trade existing ones. In Bermuda this year, the legislature passed a law that lets start-ups doing initial coin offerings apply to the minister of finance for speedy approval. "We are 65,000 people, and 20 square miles, but we have a very advanced economy," the premier of Bermuda, E. David Burt, said in an interview at a cryptocurrency conference in May in New York, where he was trying to pitch companies on the island's charms. "We want to position Bermuda as the incubator for this industry." The competition for cryptocurrency companies is part of a broader rush by governments to figure out how to approach a new industry that took on outsize prominence over the last year. Becoming a crypto center has many potential upsides, including jobs and tax revenue. But the drive to be a crypto nexus also comes with significant risk. Hackings and scams have followed the industry everywhere it has gone. They have been aided by the underlying technology introduced by Bitcoin, known as the blockchain, which was built to make it possible to send money without requiring approval from government agencies or existing financial institutions.

Read more of this story at Slashdot.

DARPA Has an Ambitious $1.5 Billion Plan To Reinvent Electronics

Slashdot - Your Rights Online - Pn, 2018-07-30 16:00
The Defense Advanced Research Projects Agency (DARPA), which funds a range of blue-sky research efforts relevant to the US military, last year launched a $1.5 billion, five-year program known as the Electronics Resurgence Initiative (ERI) to support work on advances in chip technology. It has now unveiled the first set of research teams selected to explore unproven but potentially powerful approaches that could revolutionize US chip development and manufacturing. From a report: The ERI's budget represents around a fourfold increase in DARPA's typical annual spending on hardware. Initial projects reflect the initiative's three broad areas of focus: chip design, architecture, and materials and integration. One project aims to radically reduce the time it takes to create a new chip design, from years or months to just a day, by automating the process with machine learning and other tools so that even relatively inexperienced users can create high-quality designs. "No one yet knows how to get a new chip design completed in 24 hours safely without human intervention," says Andrew Kahng of the University of California, San Diego, who's leading one of the teams involved. "This is a fundamentally new approach we're developing." William Chappell, the head of the DARPA office that manages the ERI program, said, "We're trying to engineer the craft brewing revolution in electronics." The agency hopes that the automated design tools will inspire smaller companies without the resources of giant chip makers, just as specialized brewers in the US have innovated alongside the beer industry's giants.

Read more of this story at Slashdot.

European Court Ruling Raises Hurdles For CRISPR Crops

Slashdot - Your Rights Online - Pn, 2018-07-30 15:13
Okian Warrior shares a report from Science Magazine: Hopes for an easier regulatory road for genetic engineering in European agriculture were dashed by the Court of Justice of the European Union. In a closely watched decision, the court ruled that plants created with new gene-editing techniques that don't involve transferring genes between organisms -- such as CRISPR -- must go through the same lengthy approval process as traditional transgenic plants. Many researchers had argued that regulators should take a lighter touch when evaluating products created with the new technologies, but environmental groups and their allies successfully argued that they should be subject to the same EU rules that apply to other genetically modified organisms. The case focused on crops that have been made resistant to herbicides without transferring genes from other species. The French government had passed a law exempting these new gene-edited crops from regulation under the European Union's directive on genetically modified organisms (GMOs), which requires an assessment of risks to health and the environment, as well as labeling, tracking, and monitoring of the products. Confederation Paysanne, a French union in Bagnolet representing small farms, and eight other groups, sued and charged that the plants modified with gene-editing techniques should be regulated under the GMO directive, because they could cause significant harm. The court decided that gene-editing techniques are covered by the GMO directive because they "alter the genetic material of an organism in a way that does not occur naturally." (The court exempted conventional mutagenesis -- the unnatural use of chemicals or radiation to create mutations for plant breeding -- because it has "a long safety record.") It also said the new gene-editing techniques have risks that could be similar to those of transgenic engineering.

Read more of this story at Slashdot.

Pentagon Creates 'Do Not Buy' List of Russian, Chinese Software

Slashdot - Your Rights Online - Pn, 2018-07-30 00:22
An anonymous reader quotes a report from Defense One: The Pentagon is warning the military and its contractors not to use software it deems to have Russian and Chinese connections, according to the U.S. Defense Department's acquisition chief. Officials have begun circulating a "Do Not Buy" list of software that does not meet "national security standards," Ellen Lord, defense undersecretary for acquisition and sustainment, said Friday. The Pentagon started compiling the list about six months ago. Suspicious companies are put on a list that is circulated to the military's software buyers. Now the Pentagon is working with the three major defense industry trade associations -- the Aerospace industries Association, National Defense Industrial Association and Professional Services Council -- to alert contractors small and large. Lord said defense officials have also been working with the intelligence community to identify "certain companies that do not operate in a way consistent with what we have for defense standard." Asked if programs and weapons were compromised by foreign software, Lord said, "These are more widespread issues. I don't think we're focused on one particular system."

Read more of this story at Slashdot.