China

China Cracks Down on VPN Vendors (bbc.com) 25

An anonymous reader shares a BBC report: China's latest crackdown on those attempting to skirt state censorship controls has seen it warn e-commerce platforms over the sale of illegal virtual private networks (VPNs). Five websites, including shopping giant Alibaba, have been asked to remove vendors that sell VPNs. It is the latest in a series of measures from the Chinese government to maintain strict control over content. Apple has previously been asked to remove VPN apps. China's cyber-regulator the Cyberspace Administration of China (CAC) has ordered the websites to carry out immediate "self-examination and correction." "The CAC has ordered these five sites to immediately carry out a comprehensive clean-up of harmful information, close corresponding illegal account.. and submit a rectification report by a deadline," the regulator said in a statement.
The Internet

Cloudflare Stops Supporting Neo-Nazi Site The Daily Stormer (arstechnica.com) 409

Timothy B. Lee reports via Ars Technica: All week, the infamous hate site Daily Stormer has been battling to stay online in the face of a concerted social media campaign to shut it down. The site lost its "dailystormer.com" domain on Monday after first GoDaddy and then Google Domains blacklisted it from their domain registration services. The site re-appeared online on Wednesday morning at a new domain name, dailystormer.ru. But within hours, the site had gone offline again after it was dropped by Cloudflare, an intermediary that defends customers against denial-of-service attacks. Daily Stormer's Andrew Anglin reported Cloudflare's decision to drop the site in a post on the social media site Gab. His post was first spotted by journalist Matthew Sheffield.
Security

Email Provider ProtonMail Says It Hacked Back, Then Walks Claim Back (vice.com) 30

An anonymous reader shares a report: On Wednesday, encrypted email provider ProtonMail claimed it had hacked someone who was impersonating its service in phishing emails, and the company then swiftly deleted the tweet. Early Wednesday morning, the security researcher known as x0rz tweeted out a series of screenshots allegedly showing someone sending emails that directed targets to a fake ProtonMail login screen. "You have an overdue invoice," the message read. In response, ProtonMail said it had taken action. "We also hacked the phishing site so the link is down now," ProtonMail tweeted. Depending on the context and what exactly the retaliating organization did, hacking back can be illegal. Hacking could violate the Computer Fraud and Abuse Act, or perhaps even wiretapping legislation. A recently proposed bill would attempt to legalize the practice. ProtonMail swiftly deleted its tweet, but not before x0rz could grab and subsequently tweet a screenshot. x0rz then deleted his own tweet at the request of ProtonMail.
Security

Shipping Company Maersk Says June Cyberattack Could Cost It Up To $300 Million (cnbc.com) 40

An anonymous reader shares an article: Container shipping company A.P. Moller Maersk on Tuesday said it expects that computer issues triggered by the NotPetya cyberattack will cost the company as much as $300 million in lost revenue. "In the last week of the [second] quarter we were hit by a cyber-attack, which mainly impacted Maersk Line, APM Terminals and Damco," Maersk CEO Soren Skou said in a statement. "Business volumes were negatively affected for a couple of weeks in July and as a consequence, our Q3 results will be impacted. We expect that the cyber-attack will impact results negatively by USD 200-300m." Maersk Line was able to take bookings from existing customers two days after the attack, and things gradually got back to normal over the following week, the company said. It said it did not lose third-party data as a result of the attack.
Microsoft

The Docx Games: Three Days At the Microsoft Office World Championship (theverge.com) 55

An anonymous reader shares a report: On a Sunday night two weeks back, in the Rose Court Garden of the Disneyland Hotel in Anaheim, California, 150 antsy competitors between the ages of 13 and 22 milled around eating miniature whoopie pies by the light of the Moon, sizing up their global rivals in the efficient use of Excel, PowerPoint, and Word. It was as if the Olympics opening ceremony was replaced by a networking event: teens were decked out in national T-shirts, while others handed out business cards specially made for the event. At one table off by the bar, two chaperones nudged their folding chairs closer together and taught each other how to say hello ("Yassas," "Ciao") in their respective mother tongues. In the distance, through the palms, the tiki torches of Trader Sam's, the hotel's poolside lounge, were flickering into the black sky. This marked the first night of the 16th Microsoft Office Specialist (MOS) World Championship, in which teens and young 20-somethings compete for the title of World Champion in their chosen professional application. It's an event put on annually by Certiport, a Utah-based subsidiary of standardized testing giant Pearson VUE. It's also a marketing stunt, pure and simple, devised to promote Certiport's line of Microsoft Office certifications. This allows the certified to confirm the line on their resume that claims "proficiency in MS Office" is backed up by some solid knowledge of deep formatting and presentation design.
Communications

Guam Radio Stations Accidentally Conduct Emergency Alert Amid North Korea Threat (theguardian.com) 50

the_webmaestro writes: A couple of radio stations in Guam conducted an unscheduled test of the Emergency Alert Broadcast System, sending some residents -- already on edge due to the back and forth between the North Korean regime and the tweets made by the President of the United States -- into a panic. From the Guam Homeland Security/Office of Civil Defense Facebook page: "The Offices of Guam Homeland Security and Civil Defense (GHS/OCD), in conjunction with the Mariana Regional Fusion Center (MRFC), our federal and military partners, continue to monitor the recent events surrounding North Korea and their threatening actions. Residents and visitors may have noticed at 12:25 a.m., an unscheduled test of the Emergency Alert Broadcast System (EAS) was triggered from KTWG/KSTO AM. The message read: 'A BROADCAST STATION OR CABLE SYSTEM HAS ISSUED A CIVIL DANGER WARNING FOR THE FOLLOWING COUNTIES/AREAS: Guam, Guam; AT 12:25 AM ON AUG 15, 2017 EFFECTIVE UNTIL 12:40 AM. MESSAGE FROM KTWGKSTO.' The unauthorized test was NOT connected to any emergency, threat or warning. GHS/OCD has worked with KSTO to ensure the human error will not occur again. There is no scheduled test of the EAS or All Hazards Alert Warning System sirens today."

In addition, the Guam Power Authority (GPA) reported there were two scheduled outages, for emergency interruption of power, at 2:30 p.m. and 7 p.m., August 14: "Unrelated to the EAS unauthorized test, the Guam Power Authority (GPA) reported there were two scheduled outages, for emergency interruption of power, at 2:30 p.m. and 7 p.m., August 14 for customers located in Talofofo located along along Rte.17, Chalan J. Kindo, Vicente Borja Dr., Felix Dydasco St., Henry Simpson area to bus shelter by Bishop Street and other customers in these locations."

The Internet

Cloudflare is the One Tech Company Still Sticking By Neo-Nazi Websites (qz.com) 549

An anonymous reader shares a report: One company is sticking by The Daily Stormer and other far-right websites: the cloud security and performance service Cloudflare. Cloudflare acts as a shield between websites and the outside world, protecting them from hackers and preserving the anonymity of the sites' owners. But Cloudflare is not a hosting service: It does not store website content on its servers. And that fact, as far as the company is concerned, exempts it from judgment over who its clients are -- even if those clients are literally Nazis. In a statement Cloudflare sent to Quartz and other publications yesterday, the company refused to explicitly say it will continue to do business with sites like The Daily Stormer, but pointed out that the content would exist regardless of what Cloudflare does or doesn't do. "Cloudflare is aware of the concerns that have been raised over some sites that have used our network. We find the content on some of these sites repugnant. While our policy is to not comment on any user specifically, we are cooperating with law enforcement in any investigation. Cloudflare is not the host of any website. Cloudflare is a network that provides performance and security services to more than 10% of all Internet requests. Cloudflare terminating any user would not remove their content from the Internet, it would simply make a site slower and more vulnerable to attack."
UPDATE: The Daily Stormer now says Cloudflare has decided to drop their site after all.
The Military

US Army Walks Back Decision To Ban DJI Drones Ever So Slightly (suasnews.com) 27

garymortimer shares a report from sUAS News: News has reached me that another DJI memo was passed around on Friday the 11th of August. An exception to policy with recommendations from the asymmetric warfare group that will permit the use of DJI kit once some conditions have been met. The Android Tactical Assault Kit will become the ground control station (GCS) of choice when a DJI plugin has passed OPSEC (Operational Security) scrutiny. In a separate report from Reuters, DJI said it is "tightening data security in the hopes that the U.S. Army will lift its ban on DJI drones because of 'cyber vulnerabilities.'" The company is "speeding deployment of a system that allows users to disconnect from the internet during flights, making it impossible for flight logs, photos or videos to reach DJI's computer servers," reports Reuters. While the security measure has been in the works for several months, it's being rolled out sooner than planned because of the Army's decision to discontinue the use of DJI drones.
Google

From Google To Yahoo, Tech Grapples With White Male Discontent (bloomberg.com) 569

Reader joshtops shares a Bloomberg report: Google isn't the only Silicon Valley employer being accused of hostility to white men. Yahoo and Tata Consultancy Services were already fighting discrimination lawsuits brought by white men before Google engineer James Damore ignited a firestorm -- and got himself fired -- with an internal memo criticizing the company's diversity efforts and claiming women are biologically less suited than men to be engineers. The Yahoo case began last year when two men sued, claiming they'd been unfairly fired after managers allegedly manipulated performance evaluations to favor women. They claim Marissa Mayer approved the review process and was involved in their terminations, and last month a judge ordered the former chief executive be deposed. TCS, meanwhile, is fighting three men who claim the Mumbai-based firm discriminates against non-Indians at its U.S. offices.
The Internet

I Bought a Book About the Internet From 1994 and None of the Links Worked (vice.com) 180

An anonymous reader shares a report (condensed for space and clarity): For crate-diggers of all stripes, the internet is awesome for one reason: The crate never ends. There's always something new to find online, because people keep creating new things to throw into that crate. But that crate has a hole at the bottom. Stuff is falling out just as quickly, and pieces of history that would stick around in meatspace disappear in an instant online. So as a result, there aren't a lot of websites from 1995 that made it through to the present day. Gopher sites? Odds are low. Text files? Perhaps. The endless pace of linkrot has left books about the internet in a curious limbo -- they're dead trees about the dead-tree killer, after all. [...] Recently, I bought a book -- a reference book, the kind that you can still pick up at Barnes and Noble today. The book, titled Free $tuff From the Internet (Coriolis Group Books, 1994), promises to help you find free content online. And, crucially, it focuses less on the web, which was still quite young, than on many of the alternative protocols of the era. This book links to FTP sites, telnet servers, and Gopher destinations, and I've tried many of them in an effort to figure out whether something, anything in this book works in the present day. These FTP servers were often based at universities which have a vested interest in keeping information online for a long-term period -- think the University of North Carolina, or Kansas State University. But despite this, I could not get most of these servers to load -- they were long ago murdered by the World Wide Web.
Security

Spyware Apps Found on Google Play Store (bleepingcomputer.com) 37

Researchers at the security firm Lookout have identified a family of malicious Android apps, referred to as SonicSpy. From a report: Experts say the malware author modified a version of the official Telegram app, injected the spyware code, rebranded it, and uploaded the modified app on the Play Store. In total, the crook uploaded the app three times on the Play Store under the names Soniac, Hulk Messenger, and Troy Chat. Only Soniac was active on Google's app store when researchers first spotted the spyware, as the other two apps were already taken down, most likely by the developer himself. At the time of writing, Lookout says they identified over 1,000 variations of this new spyware called SonicSpy, which they believe to be a new version of an older Android spyware named SpyNote.
The Courts

Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware (vice.com) 71

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.
Bug

Hundreds Of Smart Locks Get Bricked By A Buggy Firmware Update (bleepingcomputer.com) 119

An anonymous reader quotes BleepingComputer: On Tuesday, August 8, smart locks manufacturer LockState botched an over-the-air firmware update for its WiFi enabled [RemoteLock 6i] smart locks, causing the devices to lose connectivity to the vendor's servers and the ability to open doors for its users... The device costs $469 and is sold mainly to Airbnb hosts via an official partnership LockState has signed with the company. Hosts use the smart locks to configure custom access codes for each Airbnb renter without needing to give out a physical key to each one. The botched firmware bricked the device's smart code access mode. Physical keys continued to work. The botched firmware was a nuisance for private home owners, but it was a disaster for Airbnb hosts, who had to scramble to get customers physical keys so they could enter their rents.
The post includes tweets from angry lock owners, one complaining about a two-week wait for a replacement. The company is also offering to fix the defective units within "5-7 days," promising that "Every employee and resource at LockState is focused on resolving this for you as quickly as possible."
Bug

Deserialization Issues Also Affect .NET, Not Just Java (bleepingcomputer.com) 187

"The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016," reports BleepingComputer. An anonymous reader writes: The issue at hand is in how some .NET libraries deserialize JSON or XML data, doing it in a total unsecured way, but also how developers handle deserialization operations when working with libraries that offer optional secure systems to prevent deserialized data from accessing and running certain methods automatically. The issue is similar to a flaw known as Mad Gadget (or Java Apocalypse) that came to light in 2015 and 2016. The flaw rocked the Java ecosystem in 2016, as it affected the Java Commons Collection and 70 other Java libraries, and was even used to compromise PayPal's servers.

Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products. The Java deserialization flaw was so dangerous that Google engineers banded together in their free time to repair open-source Java libraries and limit the flaw's reach, patching over 2,600 projects. Now a similar issue was discovered in .NET. This research has been presented at the Black Hat and DEF CON security conferences. On page 5 [of this PDF], researchers included reviews for all the .NET and Java apps they analyzed, pointing out which ones are safe and how developers should use them to avoid deserialization attacks when working with JSON data.

Transportation

Amateur Drone Lands On British Air Carrier, Wired Reviews Anti-Drone Technology (bbc.com) 152

Long-time Slashdot reader mi quotes the BBC: The Ministry of Defence is reviewing security after a tiny drone landed on the deck of Britain's biggest warship. The Queen Elizabeth aircraft carrier was docked at Invergordon in the Highlands when an amateur photographer flew the drone close to the giant ship. When the aircraft sensed a high wind risk, it landed itself on the £3bn warship. The pilot told BBC Scotland: "I could have carried two kilos of Semtex and left it on the deck... I would say my mistake should open their eyes to a glaring gap in security."
Meanwhile, tastic007 shares Wired's footage of anti-drone products being tested (like net guns, air-to-air combat counter-drones, and drone net shotgun shells) -- part of the research presented at this year's DEFCON.
IT

Should Workplaces Be Re-Defined To Retain Older Tech Workers? (wired.com) 312

rgh02 submitted this article from Backchannel which argues companies "need to work harder and more persistently to attract, retain, and recognize talent" -- especially older talent: We "elders" know perfectly well that our workplaces are by and large not about us. We don't drive how roles, functions, advancement, and success are seen. Career development options and the hierarchical career ladders everyone is expected to climb are designed for the majority: younger workers. What can be done? There has to be a systems overhaul...
The article suggests restructuring workplaces with "individual contributor tracks" which reward people who don't go on to become managers, as well as things like paid mentoring positions and "phased retirement" programs that create part-time positions to allow a more gradual transition into retirement.
Chrome

Chrome Extension Developers Under a Barrage of Phishing Attacks (bleepingcomputer.com) 40

An anonymous reader quotes Bleeping Computer: Google's security team has sent out warnings via email to Chrome extension developers after many of them have been the targets of phishing attacks, some of which have been successful and resulted in crooks taking over extensions. These phishing attacks have come into the limelight this past week when phishers managed to compromise the developer accounts for two very popular Chrome extensions -- Copyfish and Web Developer. The phishers used access to these developer accounts to insert adware code inside the extensions and push out a malicious update that overlaid ads on top of web pages users were navigating.

According to new information obtained by Bleeping Computer, these attacks started over two months ago and had been silently going on without anyone noticing. All phishing emails contained the same lure -- someone posing as Google was informing extension developers that their add-on broke Chrome Web Store rules and needed to be updated. The extension developer was lured onto a site to view what was the problem and possibly update the extension. Before seeing the alert, the site asked extension developers to log in with their Google developer account, a natural step when accessing a secure backend.

Democrats

Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com) 190

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.
Government

FBI Says Islamic State Used eBay, PayPal To Channel Money To the US (theverge.com) 57

An anonymous reader quotes a report from The Verge: Islamic State allegedly used PayPal and fake eBay transactions to channel money to an operative in the U.S., The Wall Street Journal reports. The man who allegedly received the money was American citizen Mohamed Elshinawy, who was arrested last year in Maryland. The FBI claims that Elshinawy, in his early 30s, sold computer printers on eBay as a front in order to receive the payments through PayPal. The details have come to light because of a recently unsealed FBI affidavit, which alleges Elshinawy was part of a worldwide network that used such channels to fund ISIS. Elshinawy received $8,700 from ISIS, including five PayPal payments from senior ISIS official Siful Sujan through his technology company. Those funds were used to buy a laptop, a cellphone, and a VPN to communicate with IS, according to the affidavit. Sujan was killed in a drone strike in 2015. eBay told The Wall Street Journal it "has zero tolerance for criminal activities taking place on our marketplace." Meanwhile, a spokeswoman for PayPal said it "invests significant time and resources in working to prevent terrorist activity on our platform. We proactively report suspicious activities and respond quickly to lawful requests to support law enforcement agencies in their investigations."
Security

HBO Hacker Leaks Message From HBO Offering $250,000 'Bounty Payment' (variety.com) 60

The HBO hacker has struck yet again. From a report: Variety has obtained a copy of another message released Thursday by the anonymous hacker to select journalists in which HBO is apparently responding to the initial video letter that was sent informing the Time Warner-owned company of the massive data breach. The message from HBO, dated July 27, features the network's offer to make a "bounty payment" of $250,000 as part of a program in which "white hat IT professionals" are rewarded for "bringing these types of things to our attention." While the message takes a curiously non-confrontational tone in response to a hacker out to damage HBO, a source close to the investigation who confirmed the veracity of the email explained it was worded that way to stall for time while the company attempted to assess the serious situation.

Slashdot Top Deals