Security

A Plea For Websites To Stop Blocking Password Managers 313 313

An anonymous reader writes: Password managers aren't a security panacea, but experts widely agree that it's better to use one than to have weak (but easy-to-remember) passwords. Just this week, they were listed as a tool non-experts don't use as much as experts do. I use one, and a pet peeve of mine is when a website specifically (or through bad design) interferes with the copying and pasting of a password. Thus, I appreciated this rant about it in Wired: "It's unacceptable that in an age where our lives are increasingly being played out online, and are sometimes only protected by a password, some sites deliberately stop their users from being as secure as possible, for no really justifiable reason."
Google

Gmail Messages Can Now Self-Destruct 189 189

New submitter Amarjeet Singh writes: Dmail is a Chrome extension developed by the people behind Delicious, the social bookmarking app/extension. This extension allows you to set a self-destruct timer on your emails. You can use Dmail to send emails from Gmail as usual, but you will now have a button which can set an self destruct timer of an hour, a day or a week. Dmail claims it will also unlock a feature that won't allow forwarding, meaning only the person you sent your message to will be able to see it.
The Internet

Gigabit Internet Access Now Supported By 84 US ISPs 111 111

An anonymous reader writes: According to Michael Render, principal analyst at market researcher RVA LLC, 83 Internet access providers have joined Google to offer gigabit Internet access service (all priced in the $50-$150 per month range).Render's data shows that new subscribers are signing up at an annualized growth rate of 480 percent each year. That "annualized" is an important thing to note, though; this is early days, and adding a few households, relatively speaking, means an impressive percentage change.
Communications

An Interview With Hacking Team's CEO 80 80

Alastair Stevenson writes: I talked to the leader of the world's most hated surveillance company about its path to recovery and morals, following a massive attack on its systems. CEO David Vincenzetti, as you might expect, thinks that his company "deserves the protection of law and order," and disclaims (also as you'd expect) responsibility for what its clients do with the privacy-unraveling software it provides: Law enforcement must have a way to do what it has always done, that is to track criminals and prevent or prosecute crime. With the development of global terrorism and especially the ‘lone wolf’ terrorist, this requirement is even more important. Hacking Team has helped fight crime by providing a surveillance tool to law enforcement. The company believes this is a small step toward a more secure world for all who wish to used the Internet and digital tools lawfully.
AT&T

FCC Approves AT&T's DirecTV Purchase 100 100

An anonymous reader writes: The U.S. Federal Communications Commission has granted approval to AT&T to purchase DirecTV for $48.5 billion. AT&T will become the largest provider of cable or satellite TV in the U.S., with 26.4 million subscribers. "Adding TV customers gives AT&T more power to negotiate with big media companies over prices for those channels. The deal also combines a nationwide satellite TV service, the country's largest, with the No. 2 nationwide wireless network as time spent on mobile devices increases." The FCC did put conditions on the deal: AT&T must make fiber internet service available to 12.5 million people, offer cheaper internet plans to low-income customers, and not mess with the internet traffic of online video competitors.
The Internet

Secret Service Agents Stake Out the Ugliest Corners of the Internet 169 169

HughPickens.com writes: Josephine Wolff reports at The Atlantic that Secret Service Internet Threat Desk is a group of agents tasked with identifying and assessing online threats to the president and his family. The first part of this mission — finding threats — is in many ways made easier by the Internet: all you have to do is search! Pulling up every tweet which uses the words "Obama" and "assassinate" takes mere seconds, and the Secret Service has tried to make it easier for people to draw threats to its attention by setting up its own Twitter handle, @secretservice, for users to report threatening messages to. The difficulty is trying to figure out which ones should be taken seriously.

The Secret Service categorizes all threats, online and offline alike, into one of three categories. Class 3 threats are considered the most serious, and require agents to interview the individual who issued the threat and any acquaintances to determine whether that person really has the capability to carry out the threat. Class 2 threats are considered to be serious but issued by people incapable of actually follow up on their intentions, either because they are in jail or located at a great distance from the president. And Class 1 threats are those that may seem serious at first, but are determined not to be. The overall number of threats directed at the first family that require investigation has stayed relatively steady at about 10 per day — except for the period when Obama was first elected, when the Secret Service had to follow up on roughly 50 threats per day. "That includes threats on Twitter," says Ronald Kessler, author of In the President's Secret Service. "It makes no difference to [the Secret Service] how a threat is communicated. They can't take that chance of assuming that because it's on Twitter it's less serious."
Transportation

Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack 157 157

swinferno writes: Fiat Chrysler announced today that it's recalling 1.4 million automobiles just days after researchers demonstrated a terrifying hack of a Jeep that was driving down the highway at 70 miles per hour. They are offering a software patch for some of their internet-connected vehicles. Cybersecurity experts Chris Valasek and Charlie Miller have publicly exposed a serious vulnerability that would allow hackers to take remote control of Fiat Chrysler Automobile (FCA) cars that run its Uconnect internet-accessing software for connected car features. Despite this, the researchers say automakers are being slow to address security concerns, and are often approaching security in the wrong way.
The Internet

Twitch Is Ditching Flash For HTML5, Just Like YouTube 93 93

An anonymous reader writes: Twitch is becoming the latest to transition from Adobe Flash to HTML5. Twitch will start to release its HTML5-based video player controls slowly and in small increments. The video underneath the controls will still be powered by Flash for now. Twitch says this is "an important step to releasing the much-anticipated full HTML5 player" and to "stay tuned for more HTML5 updates."
OS X

A Tweet-Sized Exploit Can Get Root On OS X 10.10 129 129

vivaoporto writes: The Register reports a root-level privilege-escalation exploit that allows one to gain administrator-level privileges on an OS X Yosemite Mac using code so small that fits in a tweet. The security bug, documented by iOS and OS X guru Stefan Esserwhich, can be exploited by malware and attackers to gain total control of the computer. This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5 but is already fixed in the preview beta of El Capitan (OS X 10.11) Speaking of exploits: Reader trailrunner 7 notes that "HP’s Zero Day Initiative has released four new zero days in Internet Explorer that can lead to remote code execution."
Mars

Interviews: Shaun Moss Answers Your Questions About Mars and Space Exploration 48 48

Recently the founder of the Mars Settlement Research Organization and author of The International Mars Research Station Shaun Moss agreed to sit down and answer any questions you had about space exploration and colonizing Mars. Below you will find his answers to your questions.
Privacy

FCC CIO: Consumers Need Privacy Controls In the Internet of Everything Era 46 46

Lemeowski writes: Who is responsible for ensuring security and privacy in the age of the Internet of Things? As the number of Internet-connected devices explodes — Gartner estimates that 25 billion devices and objects will be connected to the Internet by 2020 — security and privacy issues are poised to affect everyone from families with connected refrigerators to grandparents with healthcare wearables. In this interview, U.S. Federal Communications Commission CIO David Bray says control should be put in the hands of individual consumers. Speaking in a personal capacity, Bray shares his learnings from a recent educational trip to Taiwan and Australia he took as part of an Eisenhower Fellowship: "A common idea Bray discussed with leaders during his Eisenhower Fellowship was that the interface for selecting privacy preferences should move away from individual Internet platforms and be put into the hands of individual consumers." Bray says it could be done through an open source agent that uses APIs to broker their privacy preferences on different platforms.
Biotech

Genetic Access Control Code Uses 23andMe DNA Data For Internet Racism 312 312

rjmarvin writes: A GitHub project is using the 23andMe API for genetic decoding to act as a way to bar users from entering websites based on their genetic data — race and ancestry. "Stumbling around GitHub, I came across this bit of code: Genetic Access Control. Now, budding young racist coders can check out your 23andMe page before they allow you into their website! Seriously, this code uses the 23andMe API to pull genetic info, then runs access control on the user based on the results. Just why you decide not to let someone into your site is up to you, but it can be based on any aspect of the 23andMe API. This is literally the code to automate racism."
Music

Grooveshark Co-founder Josh Greenberg Dead At 28 172 172

alphadogg writes: The tech startup world has been shaken today by news that 28-year-old Josh Greenberg, co-founder of recently defunct music sharing service Grooveshark, was found dead on Sunday in the Florida apartment he shared with his girlfriend. No foul play is suspected, but the local medical examiner is conducting an autopsy, according to the Gainesville Sun. Grooveshark was shut down in April after the company was threatened with legal action and possibly hundreds of millions in damages by several big music labels.
Security

How Developers Can Rebuild Trust On the Internet 65 65

snydeq writes: Public keys, trusted hardware, block chains — InfoWorld's Peter Wayner discusses tech tools developers should be investigating to help secure the Internet for all. 'The Internet is a pit of epistemological chaos. As Peter Steiner posited — and millions of chuckles peer-reviewed — in his famous New Yorker cartoon, there's no way to know if you're swapping packets with a dog or the bank that claims to safeguard your money,' Wayner writes. 'We may not be able to wave a wand and make the Internet perfect, but we can certainly add features to improve trust on the Internet. To that end, we offer the following nine ideas for bolstering a stronger sense of assurance that our data, privacy, and communications are secure.'
Privacy

Affair Site Hackers Threaten Release of All User Data Unless It Closes 446 446

heretic108 writes: According to KrebsOnSecurity, the infamous Ashley Madison affairs hookup website has been hacked by a group calling itself The Impact Team. This group is demanding the immediate and permanent shutdown of Ashley Madison, as well as similar sites Cougar Life and Established Man, owned by the same company: Avid Life Media. If the sites aren't shut down, the hackers are threatening to publicly release personal data for 37 million users. ALM has confirmed that a hack took place, and the hackers posted snippets of account data, as well as bank and salary information from the company itself.
The Internet

Internet Dating Scams Target Older American Women 176 176

HughPickens.com writes: The NYT reports: "Janet N. Cook, a church secretary in Virginia, had been a widow for a decade when she joined an Internet dating site and was quickly overcome by a rush of emails, phone calls and plans for a face-to-face visit. "I'm not stupid, but I was totally naïve," says Cook, now 76, who was swept off her feet by a man who called himself Kelvin Wells and described himself as a middle-aged German businessman looking for someone "confident" and "outspoken" to travel with him to places like Italy, his "dream destination." But very soon he began describing various troubles, including being hospitalized in Ghana, where he had gone on business, and asked Cook to bail him out. In all, she sent him nearly $300,000, as he apparently followed a well-honed script that online criminals use to bilk members of dating sites out of tens of millions of dollars a year."

According to the Times internet scammers are targeting women in their 50s and 60s, often retired and living alone, who say that the email and phone wooing forms a bond that may not be physical but that is intense and enveloping. Between July 1 and Dec. 31, 2014, nearly 6,000 people registered complaints of such confidence fraud with losses of $82.3 million, according to the federal Internet Crime Complaint Center. Older people are ideal targets because they often have accumulated savings over a lifetime, own their homes and are susceptible to being deceived by someone intent on fraud. The digital version of the romance con is now sufficiently widespread that AARP's Fraud Watch Network has urged online dating sites to institute more safeguards to protect against such fraud. The AARP network recommends that dating site members use Google's "search by image" to see if the suitor's picture appears on other sites with different names. If an email from "a potential suitor seems suspicious, cut and paste it into Google and see if the words pop up on any romance scam sites," the network advised. The website romancescams.org lists red flags to look for to identify such predators, who urgently appeal to victims for money to cover financial setbacks like unexpected fines, money lost to robbery or unpaid wages. Most victims say they are embarrassed to admit what happened, and they fear that revealing it will bring derision from their family and friends, who will question their judgment and even their ability to handle their own financial affairs."It makes me sound so stupid, but he would be calling me in the evening and at night. It felt so real. We had plans to go to the Bahamas and to Bermuda together," says Louise Brown. "When I found out it was a scam, I felt so betrayed. I kept it secret from my family for two years, but it's an awful thing to carry around. But later I sent him a message and said I forgave him."
Piracy

Popular Torrent Site Disappears From Google After Penalty 165 165

An anonymous reader writes: Following what appears to be a severe penalty, the popular torrent site KickassTorrents has become pretty much unfindable in Google. Meanwhile, the top search result in many locations points to a scam site that's serving malware to its visitors. For now, only DuckDuckGo presents the real site as a main result. With millions of visitors per day, KickassTorrents is arguably the most visited torrent site on the Internet, and has gained new users during the moments when the notorious Pirate Bay has been offline.
Bug

New Unicode Bug Discovered For Common Japanese Character "No" 196 196

AmiMoJo writes: Some users have noticed that the Japanese character "no", which is extremely common in the Japanese language (forming parts of many words, or meaning something similar to the English word "of" on its own). The Unicode standard has apparently marked the character as sometimes being used in mathematical formulae, causing it to be rendering in a different font to the surrounding text in certain applications. Similar but more widespread issues have plagued Unicode for decades due to the decision to unify dissimilar characters in Chinese, Japanese and Korean.
Spam

A Welcome Shift: Spam Now Constitutes Less Than Half of All Email 114 114

An anonymous reader writes: According to Symantec's latest Intelligence Report, spam has fallen to less than 50% of all email in June – a number we haven't seen in over a decade. Of all emails received by Symantec clients in June, junk emails only accounts for 49.7% down from 52.1% in April which shows a huge drop. Year over year, spam has decreased as well due to internet providers doing a better job at filtering and shutting down spam bots.
Privacy

ProxyGambit Replaces Defunct ProxyHam 26 26

msm1267 writes: Hardware hacker Samy Kamkar has picked up where anonymity device ProxyHam left off. After a DEF CON talk on ProxyHam was mysteriously called off, Kamkar went to work on developing ProxyGambit, a similar device that allows a user to access the Internet without revealing their physical location.

A description on Kamkar's site says ProxyGambit fractures traffic from the Internet through long distance radio links or reverse-tunneled GSM bridges that connect and exit the Internet through wireless networks far from the user's physical location. ProxyHam did not put as much distance between the user and device as ProxyGambit, and routed its signal over Wi-Fi and radio connections. Kamkar said his approach makes it several times more difficult to determine where the original traffic is coming from.