A controversial program allowing the U.S. National Security Agency to collect millions of domestic telephone records expired Sunday night after the Senate failed to vote on a bill to extend the authority for the surveillance.The Senate, meeting on Sunday as provisions of the counterterrorism Patriot Act were hours from expiring, voted on a so-called cloture to limit debate and move toward a vote on the USA Freedom Act, a bill that would rein in the NSA’s bulk collection of U.S. telephone records while allowing the agency to collect records in a more targeted manner.The 77-17 vote for cloture on the USA Freedom Act sets up a final vote on the bill, but the Senate isn’t likely to take action before Tuesday.To read this article in full or to leave a comment, please click here
Right around the time that the Stuxnet attack so famously sabotaged Iran’s nuclear program in 2009 and 2010, the U.S. National Security Agency reportedly was trying something similar against North Korea.The NSA-led U.S. effort used a version of the Stuxnet virus designed to be activated by Korean-language computer settings, but it ultimately failed to sabotage North Korea’s nuclear weapons program, according to a Friday Reuters report, which attributed the information to people familiar with the campaign.The NSA did not respond to a request for comment.To read this article in full or to leave a comment, please click here
The creator and chief operator of the Silk Road has been sentenced to two life sentences in jail for running the online drug marketplace, which federal prosecutors estimated facilitated the sales of more than US$213 million worth of drugs and other unlawful goods between 2011 and 2013.The life sentences are to be served concurrently, along with a five-year sentence for hacking and twenty years for money laundering. The government is also seeking $183 million from Ulbricht based on the profits he made.In February, Ross Ulbricht was found guilty of multiple charges related to the operation of Silk Road, including narcotics conspiracy, engaging in a continuing criminal enterprise, conspiracy to commit computer hacking and money laundering. The narcotics and criminal enterprise charges carry maximum penalties of life in prison. Under current federal sentencing laws, Ulbricht faced at least 20 years behind bars.To read this article in full or to leave a comment, please click here
Google targeted people’s growing digital insecurity at its I/O developer conference this week with a number of new products that aim to protect communications and improve authentication.Project Vault is a new hardware device created by Google’s Advanced Technology and Products (ATAP) lab for people who need the absolute highest security for their communications. The device, which is packed in the form factor of a MicroSD card, is designed to provide encryption for sensitive data at rest, and allow end-to-end protection of streaming data (including streaming video) as well. The Vault card contains its own antenna, processor and operating system, which means that the device can authenticate directly with the Project Vault servers without requiring the use of other potentially insecure hardware.To read this article in full or to leave a comment, please click here
Two U.S. senators are pushing proposals to extend the National Security Agency’s domestic telephone records dragnet, but a diverse coalition of civil liberties and advocacy groups have called on lawmakers to vote against those plans.Proposals by Senator Richard Burr, a North Carolina Republican, and Dianne Feinstein, a California Democrat, to extend expiring parts of the counterterrorism Patriot Act, “contain flaws and omissions that are incompatible with the goal of stopping domestic bulk collection,” the coalition said in a letter to Senate leaders sent Thursday.To read this article in full or to leave a comment, please click here
Identifying users who access Tor hidden services—websites that are only accessible inside the Tor anonymity network—is easier than de-anonymizing users who use Tor to access regular Internet websites.Security researchers Filipo Valsorda and George Tankersley showed Friday at the Hack in the Box security conference in Amsterdam why Tor connections to hidden services are more vulnerable to traffic correlation attacks.One of Tor’s primary goals is to provide anonymity for Internet users. This is achieved by routing their Web traffic through a series of randomly chosen nodes or relays before passing it back onto the public Internet.To read this article in full or to leave a comment, please click here
Uber Technologies is revising its privacy policy to allow it to access a rider’s location when its smartphone app is running in the background, and to send special offers to users’ friends and family.Users will be in control in either case, and will be able to choose whether to share that data with the ride-hailing company, wrote Katherine Tassi, managing counsel of data privacy at Uber in a blog post Thursday.The company has faced criticism in the past over how it handles sensitive information, particularly over its so-called ”God view” tool that apparently lets some Uber employees track the location of customers that have requested car service. U.S. Senator Al Franken wrote to Uber last year for information on its privacy policy, including on measures taken to limit access to the tool.To read this article in full or to leave a comment, please click here
A Louisiana man has been accused of creating counterfeit coupons and selling them on the Silk Road underground websites, potentially defrauding businesses of more than US$1 million, the Justice Department said Thursday.Prosecutors said Beau Wattigney, 30, of New Orleans, created coupons that look like print-at-home coupons from manufacturers, including fake logos. The coupons offered vast discounts on the retail price of some items.He offered one of the coupons, for a $50 Visa gift card, for 1 cent, prosecutors said.To read this article in full or to leave a comment, please click here
The majority of 3G and 4G USB modems offered by mobile operators to their customers have vulnerabilities in their Web-based management interfaces that could be exploited remotely when users visit compromised websites.The flaws could allow attackers to steal or manipulate text messages, contacts, Wi-Fi settings or the DNS (Domain Name System) configuration of affected modems, but also to execute arbitrary commands on their underlying operating systems. In some cases, the devices can be turned into malware delivery platforms, infecting any computers they’re plugged into.Russian security researchers Timur Yunusov and Kirill Nesterov presented some of the flaws and attacks that can be used against USB modems Thursday at the Hack in the Box security conference in Amsterdam.To read this article in full or to leave a comment, please click here
German telecom and Internet operators could once again be forced to store customer traffic and location metadata for police investigation purposes, five years after a previous data retention law was declared unconstitutional.The draft data retention law unveiled on Wednesday would oblige providers to store call and Internet traffic metadata for a maximum of 10 weeks while location data would have to be stored for four weeks, the German government said.The measure is meant to help law enforcement agencies in their fight against terrorism and serious crime. According to the government, it strikes the right balance between freedom and security in the digital world.To read this article in full or to leave a comment, please click here
A fix has been released for a vulnerability in a widely used piece of code in Android devices, which could cause apps to crash or display unwanted dialog boxes.The flaw lies in Apache Cordova, which is a set of APIs (application programming interfaces) that let developers access functions such as a camera or accelerometer using JavaScript, according to its website.Trend Micro, which found the problem, wrote that 5.6 percent of apps in Google’s Play store use Cordova and are vulnerable. iOS is not affected.Apps using Cordova that “don’t have explicit values set in Config.xml can have undefined configuration variables set by Intent,” according to a description of the flaw on the Cordova website.To read this article in full or to leave a comment, please click here
Many Android applications collect information on Wi-Fi access points, which researchers contend can be used to figure out where a person is more than 90 percent of the time.The privacy implications of Wi-Fi access point scanning is often overlooked but presents a risk if the information is abused, according to the study, written by the Technical University of Denmark, the Massachusetts Institute of Technology and the University of Copenhagen.Wi-Fi information isn’t considered location data, and Android applications such as Candy Crush Saga, Pandora and Angry Birds routinely collect it.“This makes it possible for third party developers to collect high-resolution mobility data under the radar, circumventing the policy and the privacy model of the Android ecosystem,” wrote Sune Lehmann, an associate professor at DTU Informatics at the Technical University of Denmark, in a blog post.To read this article in full or to leave a comment, please click here
A lawsuit that alleges Yahoo’s email scanning practices are illegal can proceed as a class action complaint, a development that will shine the spotlight on the Yahoo Mail use of messages’ content for advertising purposes.Plaintiffs allege that emails sent to Yahoo Mail users by people who do not have Yahoo Mail accounts are scanned by Yahoo in violation of federal and California wiretapping laws.In a decision Tuesday evening, Judge Lucy Koh said all U.S. residents who are not Yahoo Mail subscribers but who have sent emails to or received emails from a Yahoo Mail subscriber between Oct. 2, 2011, and now may sue the company.California residents who are not Yahoo Mail subscribers but who have sent emails to or received emails from a Yahoo Mail subscriber between Oct. 2, 2012, and now may sue the company, according to the judge’s filing in the U.S. district court in the northern district of California.To read this article in full or to leave a comment, please click here
The U.S. Senate will return early from a week-long recess in a last-ditch effort to extend provisions of the Patriot Act that the National Security Agency have used to collect millions of domestic telephone records over the past nine years.The Senate is scheduled to resume debating whether to extend or amend Section 215 of the Patriot at 4 p.m. ET Sunday, hours before that part of the counterterrorism law is due to expire. The Senate was previously scheduled to return from an extended Memorial Day break on Monday, but Section 215 of the Patriot Act expires at 12:01 a.m. that day.It’s unclear what direction the Senate debate will take. As of Wednesday morning, Senate Majority Leader Mitch McConnell hadn’t announced what votes will be taken Sunday evening.To read this article in full or to leave a comment, please click here
Hyundai is first to roll with Android AutoHyundai is the first carmaker to put Android Auto into vehicles, starting with navigation features on the 2015 Sonata, where the vehicle’s dashboard infotainment system mirrors a connected Android smartphone. Google’s automotive software competes with Apple’s CarPlay, which Hyundai has previously said would be offered as an option on the 2015 Sonata.EMC scoops up Virtustream for cloud management for $1.2 billionEMC will expand its portfolio of cloud management tools in a $1.2 billion deal to buy Virtustream. Virtustream’s xStream software is used to manage complex enterprise applications, such as SAP’s S/4HANA, so they can be run effectively on hosted infrastructure services.To read this article in full or to leave a comment, please click here
A sizable Internet advertising campaign is planned to alert people to a proposed class-action settlement over MacKeeper, a security program for Macs accused of deceptive practices.MacKeeper’s developer, ZeoBit, was sued in May 2014 in U.S. District Court for the Western District of Pennsylvania. Filed on behalf of Pennsylvania resident Holly Yencha, the class-action suit alleges MacKeeper was deceptively marketed and did not fully function as advertised.Under a proposed settlement, ZeoBit—a company started in Ukraine but now based in California—will put US$2 million into a fund to reimburse customers but admit no fault, which is customary in class-action settlements.To read this article in full or to leave a comment, please click here
Criminals stole sensitive information about roughly 100,000 taxpayers through the Internal Revenue Service’s “Get Transcript” application, a major data breach at the U.S.’s national tax agency.
The thieves first stole information including Social Security details, dates of birth and street addresses from an outside, non-IRS source, the government agency said Tuesday. They then used that information to clear a multistep authentication process and access the IRS site, along with all the personal tax details stored there.
The matter is now under review by the Treasury Inspector General for Tax Administration and the IRS’ Criminal Investigation unit. The Get Transcript application has also been temporarily shut down.To read this article in full or to leave a comment, please click here
Network-attached storage (NAS) manufacturer Synology fixed several vulnerabilities in its devices’ software, one of which could allow attackers to compromise the data stored on them.The most serious vulnerability is located in the Synology Photo Station, a feature of DiskStation Manager (DSM), the Linux-based operating system that runs on the company’s NAS devices.Synology Photo Station allows users to create online photo albums and blogs that can be accessed remotely using the NAS device’s public IP (Internet Protocol) address.Researchers from Dutch firm Securify found that Photo Station did not properly sanitize user input, allowing potential attackers to inject system commands that would be executed with the privileges of the Web server.To read this article in full or to leave a comment, please click here
Charter strikes $55 billion deal for Time Warner CableCharter Communications will spend US$55 billion to buy Time Warner Cable in a deal that would create a broadband powerhouse in the U.S., the Wall Street Journal reports. Comcast’s bid to buy Time Warner fell apart last month when it became clear that key regulators in the U.S. were opposed. Expect Charter’s plans to be closely scrutinized for their impact on competition, as well.Legendary Apple designer Jony Ive moves up into less hands-on roleThe British design genius who partnered with the late Steve Jobs to create some of the most iconic products in tech is moving up into a newly created executive role at Apple—and one that will likely have him in a less hands-on role, re/code reports. Jony Ive was named chief design officer, a role where he’ll focus on new ideas and future initiatives, while day-to-day oversight will fall to Richard Howarth on industrial design and Alan Dye on user interfaces.To read this article in full or to leave a comment, please click here
Cybercriminals are targeting employees who browse the Web or check their email from point-of-sale (PoS) computers, a risky but unfortunately common practice.Researchers from security firm FireEye recently came across a spam campaign that used rogue email messages masquerading as job inquiries.The emails had fake resumes attached that were actually Word documents with an embedded malicious macro. If allowed to run, the macro installed a program that downloaded additional malware from a remote server.Among those additional programs, the FireEye researchers identified a new memory-scraping malware threat that steals payment card data from PoS terminals. They’ve dubbed the new threat NitlovePOS.To read this article in full or to leave a comment, please click here