Google won’t comply with an order from France’s privacy watchdog group to apply the right to be forgotten to all its search results around the world.In June, CNIL, France’s data protection authority, ordered Google to remove search results meeting “right to be forgotten” criteria from any regional version of Google’s search engine. However, granting CNIL’s request could have a “serious chilling effect on the web,” Google said Thursday in a blog post.The request stems from May 2014 decision issued by the European Court of Justice that allows Europeans to ask search engines in the region to scrub results that contain information about them that’s found to be inadequate, irrelevant or not in the public interest. This has been dubbed the right to be forgotten.To read this article in full or to leave a comment, please click here
Attackers could exploit a new vulnerability in BIND, the most popular Domain Name System (DNS) server software, to disrupt the Internet for many users.The vulnerability affects all versions of BIND 9, from BIND 9.1.0 to BIND 9.10.2-P2, and can be exploited to crash DNS servers that are powered by the software.The Domain Name System is the Internet’s phone book. It’s used to convert domain and host names into numerical Internet Protocol (IP) addresses that computers need to communicate with each other. The DNS is made up of a global network of servers and a very large number of them run BIND, a software package developed and maintained by a nonprofit corporation called the Internet Systems Consortium (ISC).To read this article in full or to leave a comment, please click here
Opponents of a U.S. Senate bill intended to encourage businesses to share information about cyberthreats may have stalled a vote on the legislation.Recent news reports had Senate Majority Leader Mitch McConnell pushing for a vote on the Cybersecurity Information Sharing Act (CISA) before a four-week summer recess starting Aug. 10, but a spokesman for the Kentucky Republican said Thursday there were no immediate plans for a vote.CISA is “one of the bills we want to get done,” however, the spokesman said by email.CISA would give businesses immunity from customer lawsuits when they share information about cyberthreats with the U.S. Department of Homeland Security, but opponents of the legislation say it would allow businesses to share personal information about customers. DHS could then pass that personal information on to the National Security Agency and other intelligence agencies, critics say.To read this article in full or to leave a comment, please click here
Next-generation endpoint protection vendor SentinelOne has received the same certification that many traditional antivirus platforms seek, meaning it can be considered suitable for meeting certain requirements of industry and governmental regulations.The company’s new endpoint protection platform, called EPP, has won an Approved Corporate Endpoint Protection seal of approval from AV-Test, a firm that evaluates and certifies a range of security products. The seal of approval means the device meets AV-Test standards, and those standards carry weight in determining whether corporate defenses comply with regulations.+More on Network World: Next-generation endpoint protection not as easy as it sounds+To read this article in full or to leave a comment, please click here
A group has been singled out as the attacker behind the recently disclosed hack against Anthem, believed to be the largest waged against a health care company.It was Black Vine that broke into the health insurer's systems and stole more than 80 million patients records, Symantec said Tuesday in a report.For Black Vine, it was the latest in a long line of hacks that began in 2012. Black Vine has gone after other businesses that deal with sensitive and critical data, including organizations in the aerospace, technology and finance industries, according to Symantec. The majority of the attacks (82 percent) were waged against U.S. businesses.To read this article in full or to leave a comment, please click here
Image by NASA Goddard Space Flight Center CC BY 2.0There’s never a good time to run into software bugs, but some times are worse than others - like during a mission to space. Spacecraft of all shapes and sizes rely heavily on software to complete their objectives. But those missions can be quickly ended by the simplest of human errors when writing code. The omission of an overbar here or overflow error checking code there can mean the difference between success or failure, not to mention the loss of hundreds of millions of dollars, years of work and, on manned missions, human life. Use the arrows above to read about 9 examples that show that, despite the care with which these systems are built, bugs have occurred in spacecraft software since we started to fling rockets into space - and will, no doubt, continue to crop up.To read this article in full or to leave a comment, please click here
Obama wants to boost U.S. supercomputing powerWith China currently sitting at the top of the supercomputing heap—its Tianhe-2 computer has been considered the world’s most powerful for the last two years—U.S. President Barack Obama is looking to step up American efforts via the new National Strategic Computing Initiative. Set up by an executive order signed Wednesday, NSCI will coordinate government agencies, academia and the private sector with the objective of delivering a system with about 100 times the performance of current 10 petaflop systems.To read this article in full or to leave a comment, please click here
The cyberespionage group that stole the personal records of millions of Americans from U.S. health insurer Anthem and the U.S. Office of Personnel Management (OPM) has also reportedly breached United Airlines.The data stolen from United includes flight manifests, which contain information on passengers, their travel origins and destinations, Bloomberg reported Wednesday citing unnamed people familiar with the investigation.The breach may have been discovered with the help of investigators in the OPM case who built a list of other potential victims after analyzing the domain names, phishing emails and attack infrastructure used by the group, the media organization reported.To read this article in full or to leave a comment, please click here
Here’s a nightmare scenario: A simple smartphone exploit that doesn’t require the user to do anything other than receive a text message. If such a thing worries you (and, if you’re an IT manager, in a shop that allows BYOD, it should) then there’s bad news for you: Such an exploit exists for, it estimated, roughly 95% of Android smartphones which runs roughly 82% of the world’s estimated 1.91 billion smartphones.To read this article in full or to leave a comment, please click here
A malicious application or Web page could be used to crash Android devices, in some cases persistently, due to a vulnerability in a multimedia processing component.The announcement, by security researchers from Trend Micro, comes days after other Android media processing flaws were revealed. Those flaws could allow attackers to compromise devices with a simple MMS message.The latest vulnerability is located in Android’s mediaserver component, more specifically in how this service handles files that use the Matroska video container (MKV), the Trend Micro researchers said in a blog post Wednesday.To read this article in full or to leave a comment, please click here
It’s the big Windows 10 launch day and Microsoft has reserved a huge amount of bandwidth for the massive rollout, reportedly “up to 40Tb/s per second of capacity from all of the third-party CDNs combined.” If you haven’t done so yet, then you should review Microsoft’s new privacy and service agreements as well as the privacy dashboard to consider making changes to your settings for Windows and Cortana, as well as Microsoft services such as Office 365, Xbox Live, Groove Music, Office Online, OneDrive, Skype, Outlook.com and Bing Rewards.According to Horatio Gutierrez, Microsoft’s deputy general counsel, the company’s updated Privacy Statement and Services Agreement were guided by simplicity, transparency, and privacy. Gutierrez said consumers need “clear terms and policies that both respect individual privacy and don’t require a law degree to read.” The new Privacy Statement, which kicks into effect on August 1 – mere days after Windows 10 – is supposed to have “straightforward terms and policies that people can easily understand.” Yet since the new privacy policy is 22 pages long and the service agreement is 23 pages long, the European Digital Rights (EDRi) group said, “So much for clearly understandable Continue reading
It's no secret that U.S. government agencies and businesses are the target of around-the-clock cyber intrusions, many carried out by or at the behest of foreign nation-states.But how exactly should the feds respond to those incursions?Ask a random sample of Americans and you'll likely get a very different answer than if you polled the State Department.In a recent flash survey of more than 1,000 U.S. adults commissioned by the security vendor Vormetric, a quarter of the respondents said that the United States should cut off all ties to any nation responsible for compromising U.S. government data.To read this article in full or to leave a comment, please click here
RFID card access systems are used by most companies to let people into their buildings. But over the last few years, researchers have shown how these systems can be easily bypassed.Francis Brown, a partner at the computer security firm Bishop Fox, has been on the forefront of much of the research. In fact, he recognized some of his tools and methods being used in the TV program Mr. Robot, which has been noted for highly accurate technical detail.Lately, he’s been looking closely at breaching high- and ultra-high frequency RFID (radio-frequency identification) systems, which are increasingly being used for physical security systems.He’s due to give a presentation at this year’s Def Con Hacking Conference in Las Vegas early next month with a bevy of new and improved software and hardware goodies.To read this article in full or to leave a comment, please click here
After Wired showed two hackers remotely gain access and immobilize a moving Jeep by exploiting software vulnerabilities last week, Fiat Chrysler responded by patching the vulnerability in several Jeep, Dodge, and Chrysler models that were equipped with the Uconnect software that was hacked. How they went about issuing the patch, however, may just put the company's customers further at risk.Rather than simply treating the software patch as a traditional recall (i.e. requiring them to visit a service center and have an expert make the fix), Fiat Chrysler is mailing a USB thumb drive to owners of the affected cars. From there, the cars' owners can plug the USB drive into the cars' USB port to patch the software vulnerability. This seems like a convenient way to issue a recall for something that car owners can fix themselves. To read this article in full or to leave a comment, please click here
When the co-pilot of Virgin Galactic’s SpaceshipTwo prematurely unlocked the feathering -- or braking system on the spacecraft it set off a chain of events that lead to a chain of events that brought the ship down.+MORE ON NETWORK WORLD: The weirdest, wackiest and coolest sci/tech stories of 2015 (so far!)+That was but one of the findings released today by the National Transportation Safety Board which has ben investigating the Virgin Galactic crash 10 months ago that killed the copilot and badly injured the pilot.To read this article in full or to leave a comment, please click here
U.S. President Barack Obama won’t pardon National Security Agency leaker Edward Snowden, despite strong public support for it, the White House said Tuesday.A petition on WhiteHouse.gov calling for Obama to pardon Snowden has nearly 168,000 signatures, but that’s not enough to sway the president, said Lisa Monaco, Obama’s advisor on homeland security and counterterrorism.Obama has pushed for surveillance reforms “since taking office,” Monaco wrote on the WhiteHouse.gov petition site. “Instead of constructively addressing these issues, Mr. Snowden’s dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it,” she added.To read this article in full or to leave a comment, please click here
The former administrator of Darkode, the online cybercrime forum that was recently shut down by law enforcement agencies, is preparing to bring it back, with better security and privacy for its members.On July 15, the U.S. Department of Justice announced that the Darkode hacking forum where cybercriminals had gathered to exchange services and tools for years, was dismantled following an operation that involved agencies in 20 countries.Seventy suspected Darkode members from many countries were searched, arrested or charged after the FBI infiltrated the forum’s invitation-only membership and gathered evidence.To read this article in full or to leave a comment, please click here
Google will now let enterprise customers of one of its Cloud Platform services lock up their data with their own encryption keys, in case they’re concerned about the company snooping on their corporate information.On Tuesday, Google started offering users of its Compute Engine service the option, in beta, to deploy their own encryption keys, instead of the industry standard AES 256-bit encryption keys Google itself provides. Encryption keys are used to lock data so it can not be read by other parties.“Absolutely no one inside or outside Google can access your at rest data without possession of your keys. Google does not retain your keys, and only holds them transiently in order to fulfill your request,” wrote Leonard Law, Google product manager, in a blog post describing the new feature.To read this article in full or to leave a comment, please click here
As European Union lawmakers in the Commission, Parliament and Council debate a new data protection law, the EU’s data protection watchdog has chimed in, expressing some concerns and saying individuals’ privacy rights should be at the core of the legislation.Although he is perhaps best placed to offer an opinion on the matter, legislators have no obligation to listen to European Data Protection Supervisor (EDPS) Giovanni Buttarelli, who released his own proposed draft of the law on Monday.A lot is at stake, said Buttarelli. “This reform will shape data processing for a generation which has no memory of living without the internet. The EU must therefore fully understand the implications of this act for individuals, and its sustainability in the face of technological development.”To read this article in full or to leave a comment, please click here
Google is now requiring that publishers that carry its ads comply with a European Union directive and ask their site visitors’ for permission before setting cookies on their computers.Google spelled out the requirement in its new EU User Consent Policy for publishers that participate in services including AdSense, DoubleClick Ad Exchange and DoubleClick for Publishers.“If your websites are getting visitors from any of the countries in the European Union, you must comply with the EU user consent policy. We recommend you start working on a policy-compliant user consent mechanism today,” said Jason Woloz, Google’s security and privacy program manager for display and video ads, in a blog postTo read this article in full or to leave a comment, please click here