An anonymous reader quotes a report from Ars Technica: Over the nine or so years that Mylan, Inc. has been selling -- and hiking the price -- of EpiPens, the drug company has been misclassifying the life-saving device and stiffing Medicaid out of full rebate payments, federal regulators told Ars. Under the Medicaid Drug Rebate Program, drug manufacturers, such as Mylan, can get their products covered by Medicaid if they agree to offer rebates to the government to offset costs. With a brand-name drug such as the EpiPen, which currently has no generic versions and has patent protection, Mylan was supposed to classify the drug as a "single source," or brand name drug. That would mean Mylan is required to offer Medicaid a rebate of 23.1 percent of the costs, plus an "inflation rebate" any time Mylan raises the price of the brand-name drug at a rate higher than inflation. Mylan has opted for such price increases -- a lot. Since Mylan bought the rights to EpiPen in 2007, it has raised the price on 15 separate occasions, bringing the current list price to $608 for a two-pack up from about $50 a pen in 2007. That's an increase of more than 500 percent, which easily beats inflation. But instead of classifying EpiPen as a "single source" drug, Mylan told regulators that it's a "non-innovator multiple source," or generic drug. Under that classification, Mylan is only required to offer a rebate of 13 percent and no inflation rebates. It's unclear how much money Mylan has skipped out on paying in total to state and federal governments. But according to the state health department of Minnesota, as reported by CNBC, the misclassification cost that state $4.3 million this year alone.
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
If you live in California, you may soon start to see self-driving cars on the road with no operators to be seen. California Governor Jerry Brown signed into law on Thursday a bill that allows a self-driving vehicle with no operator inside to test on a public road. Currently, companies are legally able to test self-driving cars in California as long as the operators are located inside the vehicles when they are being tested. Fortune reports: The bill introduced by Democratic Assemblywoman Susan Bonilla allows testing in Contra Costa County northeast of San Francisco of the first full-autonomous vehicle without a steering wheel, brakes, accelerator or operator. New legislation was necessary because although driverless vehicles can be tested on private land like the office park, the shuttle will cross a public road on its loop through the campus. The new law means that two cube-like Easymile shuttles that travel no faster than 25 mph (40 kph) will be tested for a period of up to six months before being deployed and used by people. In an interview with Reuters in March, Bonilla said the "natural tension" between regulators concerned about safety and lawmakers trying to encourage innovation in their state necessitated a new bill. "They're risk averse and we're saying we need to open the door here and take steps (to innovate)," Bonilla said, calling the driverless shuttle project "a very wise first out-of-the-gate opportunity" to show how the technology could work safely.
An anonymous reader quotes a report from Reuters: A U.S. government bureau set up to do "secret" and "top secret" security clearance investigations has turned for help to a private company whose login credentials were used in hack attacks that looted the personal data of 22 million current and former federal employees, U.S. officials said on Friday. Their confirmation of the hiring of KeyPoint Government Solutions by the new National Background Investigations Bureau (NBIB) comes just days ahead of the bureau's official opening, scheduled for next week. Its creation was spurred, in part, by the same hacks of the Office of Personnel Management that have been linked to the credentials of KeyPoint, one of four companies hired by the bureau. The officials asked not to be named when discussing sensitive information. A spokesman for OPM said the agency in the past has said in public statements and in congressional testimony that a KeyPoint contractor's stolen credentials were used by hackers to gain access to government personnel and security investigations records in two major OPM computer breaches. Both breaches occurred in 2014, but were not discovered until April 2015, according to investigators. One U.S. official familiar with the hiring of KeyPoint said personnel records were hacked in 2014 from KeyPoint and, at some point, its login credentials were stolen. But no evidence proves, the official said, that the KeyPoint credentials used by the OPM hackers were stolen in the 2014 KeyPoint hack. OPM officials said on Thursday one aim for NBIB is to reduce processing time for "top secret" clearances to 80 days from 170 days and for "secret" clearances to 40 days from 120 days.
After Newsweek published a report titled "How Donald Trump's Company Violated The United States Embargo Against Cuba," the site found itself on the receiving end of a "massive" denial-of-service attack that managed to shut down the site for several hours. TPM reports: Editor-In-Chief Jim Impoco noted that the attack came as the story earned national attention. "Last night we were on the receiving end of what our IT chief called a 'massive' DoS (denial of service) attack," Impoco wrote in an email to TPM. "The site was down most of last evening, at a time when Kurt Eichenwald's story detailing how Donald Trump's company broke the law by violating the U.S. trade embargo against Cuba was being covered extensively by prominent cable news programs. Our IT team is still investigating the hack." Later Friday afternoon, Impoco emailed TPM that in an initial investigation, the "main" IP addresses linked to the attack were found to be Russian. It should be noted that it is possible to fake an IP address. "As with any DDoS attack, there are lots of IP addresses, but the main ones are Russian, though that in itself does not prove anything," he wrote. "We are still investigating." Eichenwald tweeted Friday morning: "News: The reason ppl couldnt read #TrumpInCuba piece late yesterday is that hackers launched a major attack on Newsweek after it was posted."
An anonymous reader quotes a report from Ars Technica: Two lawyers and legal researchers based at Stanford University have formally asked a federal court in San Francisco to unseal numerous records of surveillance-related cases, as a way to better understand how authorities seek such powers from judges. This courthouse is responsible for the entire Northern District of California, which includes the region where tech companies such as Twitter, Apple, and Google, are based. According to the petition, Jennifer Granick and Riana Pfefferkorn were partly inspired by a number of high-profile privacy cases that have unfolded in recent years, ranging from Lavabit to Apple's battle with the Department of Justice. In their 45-page petition, they specifically say that they don't need all sealed surveillance records, simply those that should have been unsealed -- which, unfortunately, doesn't always happen automatically. The researchers wrote in their Wednesday filing: "Most surveillance orders are sealed, however. Therefore, the public does not have a strong understanding of what technical assistance courts may order private entities to provide to law enforcement. There are at least 70 cases, many under seal, in which courts have mandated that Apple and Google unlock mobile phones and potentially many more. The Lavabit district court may not be the only court to have ordered companies to turn over private encryption keys to law enforcement based on novel interpretations of law. Courts today may be granting orders forcing private companies to turn on microphones or cameras in cars, laptops, mobile phones, smart TVs, or other audio- and video-enabled Internet-connected devices in order to conduct wiretapping or visual surveillance. This pervasive sealing cripples public discussion of whether these judicial orders are lawful and appropriate."
Mazin Sidahmed and Nicky Woolf, reporting for The Guardian: A male Saudi Arabian teenager has been arrested in Riyadh over a series of online videos of conversations between him and a female Californian streaming-video star that went viral. A Riyadh police spokesperson, Colonel Fawaz Al-Mayman, said the teenager, known online as Abu Sin, was arrested on Sunday for engaging in "unethical behaviour" in videos with Christina Crockett, a popular broadcaster on the conversational live-streaming site YouNow. Abu Sin's real name is not known. "His videos received many comments and many of the commenters of the general public demanded for him to be punished for his actions," Al-Maymann added, according to the Saudi Gazette. The two amassed thousands of fans on the YouNow network, and later on YouTube after videos of the two speaking were uploaded there. The videos featured Abu Sin -- a nickname given to him for his broken teeth -- and Crockett communicating despite their significant language barriers. The popularity of the videos of the two of them surprised Crockett, she told the Guardian in an interview. As a broadcaster on YouNow, she can invite her fans to join her broadcasts on split-screen, which is known as "guesting."
AT&T has confirmed to ArsTechnica that it is getting rid of Internet Preferences, a controversial program that analyzed home internet customers' web browsing habits in order to serve some targeted ads. From the report:"To simplify our offering for our customers, we plan to end the optional Internet Preferences advertising program related to our fastest Internet speed tiers," an AT&T spokesperson said. "As a result, all customers on these tiers will receive the best rate we have available for their speed tier in their area. We'll begin communicating this update to customers early next week." Data collection and targeted ads will be shut off, AT&T also confirmed. Since AT&T introduced Internet Preferences for its GigaPower fiber Internet service in 2013, customers had to opt into the traffic scanning program in order to receive the lowest available rate. Customers who wanted more privacy had to pay another $29 a month for standalone Internet access; bundles including TV or phone service could cost more than $60 extra when customers didn't opt in.
turkeydance quotes a report from Hollywood Reporter: Given the increased frequency of terrorist bombings and mass shootings and an under-lying sense of havoc fed by divisive election politics, it's no surprise that home security is going over the top and hitting luxurious new heights. Or, rather, new lows, as the average depth of a new breed of safe haven that occupies thousands of square feet is 10 feet under or more. Those who can afford to pull out all the stops for so-called self-preservation are doing so -- in a fashion that goes way beyond the submerged corrugated metal units adopted by reality show "preppers" -- to prepare for anything from nuclear bombings to drastic climate-change events. Gary Lynch, GM at Rising S Bunkers, a Texas-based company that specializes in underground bunkers and services scores of Los Angeles residences, says that sales at the most upscale end of the market -- mainly to actors, pro athletes and politicians (who require signed NDAs) -- have increased 700 percent this year compared with 2015, and overall sales have risen 150 percent. Any time there is a turbulent political landscape, we see a spike in our sales. Given this election is as turbulent as it is, "we are gearing up for an even bigger spike," says marketing director Brad Roberson of sales of bunkers that start at $39,000 and can run $8.35 million or more (FYI, a 12-stall horse shelter is $98,500). Adds Mike Peters, owner of Utah-based Ultimate Bunker, which builds high-end versions in California, Texas and Minnesota: "People are going for luxury [to] live underground because they see the future is going to be rough. Everyone I've talked to thinks we are doomed, no matter who is elected." Robert Vicino, founder of Del Mar, Calif.-based Vivos, which constructs upscale community bunkers in Indiana (he believes coastal flooding scenarios preclude bunkers being safely built west of the Rockies), says, "Bill Gates has huge shelters under every one of his homes, in Rancho Santa Fe and Washington. His head of security visited with us a couple years ago, and for these multibillionaires, a few million is nothing. It's really just the newest form of insurance."
Orome1 quotes a report from Help Net Security: Despite high-profile, large-scale data breaches dominating the news cycle -- and repeated recommendations from experts to use strong passwords -- consumers have yet to adjust their own behavior when it comes to password reuse. A global Lab42 survey, which polled consumers across the United States, Germany, France, New Zealand, Australia and the United Kingdom, highlights the psychology around why consumers develop poor password habits despite understanding the obvious risk, and suggests that there is a level of cognitive dissonance around our online habits. When it comes to online security, personality type does not inform behavior, but it does reveal how consumers rationalize poor password habits. My personal favorite: password paradox. "The survey revealed that the majority of respondents understand that their digital behavior puts them at risk, but do not make efforts to change it," reports Help Net Security. "Only five percent of respondents didn't know the characteristics of a secure password, with the majority of respondents understanding that passwords should contain uppercase and lowercase letters, numbers and symbols. Furthermore, 91 percent of respondents said that there is inherent risk associated with reusing passwords, yet 61 percent continue to use the same or similar passwords anyway, with more than half (55 percent) doing so while fully understanding the risk." The report also found that when attempting to create secure passwords, "47 percent of respondents included family names or initials," while "42 percent contain significant dates or numbers and 26 percent use the family pet."
itwbennett writes from a report via CSO Online: After Yahoo raised eyebrows in the security community with its claim that state-sponsored hackers were responsible for the history-making breach, security firm InfoArmor now says it has evidence to the contrary. InfoArmor claims to have acquired some of the stolen information as part of its investigation into "Group E," a team of five professional hackers-for-hire believed to be from Eastern Europe. The database that InfoArmor has contains only "millions" of accounts, but it includes the users' login IDs, hashed passwords, mobile phone numbers and zip codes, said Andrew Komarov, InfoArmor's chief intelligence officer. Earlier this week, Chase Cunningham, director of cyber operations at security provider A10 Networks, called Yahoo's claim of state-sponsored actors a convenient, if trumped up, excuse: "If I want to cover my rear end and make it seem like I have plausible deniability, I would say 'nation-state actor' in a heartbeat." "Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations," Scottsdale, Arizona-based InfoArmor said Wednesday in a report. "The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur."
After recent bombings, the Federal Communications Commission has voted to update the four-year-old emergency smartphone alerts system, which is used by officials to ping smartphones to alert people of severe weather, missing children, terror attacks or other danger. Some of the new changes allow the system to send texts with links to pictures, maps and phone numbers. CNNMoney reports: The agency also voted to allow longer messages -- 360 characters, up from 90 -- and to require wireless providers to support Spanish-language alerts. Wireless carriers will be allowed to support embedded links later this year. They'll be required to next year. The system's limits were on display last week when millions of New Yorkers received a text alert seeking information on Ahmad Khan Rahami, suspected in bombings in New York and New Jersey. "See media for pic," the alert said. Emergency alerts still won't include embedded photos, but commissioners said they're open to the idea. "Vague directives in text about where to find information about a suspect, just as we saw in New York, are not good enough," said Jessica Rosenworcel, an FCC commissioner. "As we move into the 5G future, we need to ensure that multimedia is available in all of our alert messages." Not everyone was so sure. Michael O'Rielly, another commissioner, said adding links and multimedia could jam cell networks during emergencies.
An anonymous reader quotes a report from The Hill: Republican attorneys general in four states are filing a lawsuit to block the transfer of internet domain systems oversight from the U.S. to an international governing body. Texas Attorney General Ken Paxton, Arizona Attorney General Mark Brnovich, Oklahoma Attorney General Scott Pruitt and Nevada Attorney General Paul Laxalt filed a lawsuit on Wednesday night to stop the White House's proposed transition of Internet Assigned Numbers Authority (IANA) functions. The state officials cite constitutional concerns in their suit against the National Telecommunications and Information Administration, U.S. government and the Department of Commerce. "The Obama Administration's decision violates the Property Clause of the U.S. Constitution by giving away government property without congressional authorization, the First Amendment to the U.S. Constitution by chilling speech, and the Administrative Procedure Act by acting beyond statutory authority," a statement released by Paxton's office reads. The attorneys generals claim that the U.S. government is ceding government property, pointing to a Government Accountability Office (GAO) review that "concluded that the transition does not involve a transfer of U.S. government property requiring Congressional approval." Paxton also echoed Texas Sen. Ted Cruz's warnings that the transition could harm free speech on the internet by giving Russia, China and Iran a voice on the international governing body that would oversee internet domain systems. "Trusting authoritarian regimes to ensure the continued freedom of the internet is lunacy," Paxton said. "The president does not have the authority to simply give away America's pioneering role in ensuring that the internet remains a place where free expression can flourish."
An anonymous reader quotes a report from Politico: The FBI concluded that a computer technician working on Clinton's email was not engaged in an illicit cover-up when he asked on the Reddit website for a tool that could delete a "VIP" email address throughout a large file, FBI Director James Comey said Wednesday. Republican lawmakers have suggested that the July 2014 Reddit post from a user believed to be Platte River Networks specialist Paul Combetta showed an effort to hide Clinton's emails from investigators. However, at a House Judiciary Committee hearing Wednesday, Comey said FBI agents concluded that all the computer aide was trying to do was replace Clinton's email address so it wouldn't be revealed to the public. "Our team concluded that what he was trying to do was when they produced emails not have the actual address but have some name or placeholder instead of the actual dot-com address in the 'From:' line," Comey said. Comey said he wasn't sure whether the FBI knew about the Reddit posting when prosecutors granted Combetta immunity to get statements from him about what transpired. However, he added that such a deletion wouldn't automatically be considered an effort to destroy evidence. "Not necessarily ... It would depend what his intention was and why he wanted to do it," the FBI director said.
According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.
A former Verizon technician who worked in Alabama is being accused of selling customers' private call records and location data to an unnamed private investigator. Authorities said the data was sold for more than four years, from 2009 to 2014. The Associated Press reports: [Daniel Eugene Traeger] logged into one Verizon computer system to gain access to customers' call records, authorities said. He used another company system known as Real Time Tool to "ping" cellphones on Verizon's network to get locations of the devices, according to the plea agreement. He then compiled the data in spreadsheets, which he sent to the private investigator for years, the court records show. "Between April 2009 and January 2014, the defendant was paid more than $10,000 in exchange for his provision of confidential customer information and cellular location data to the PL, an unauthorized third party," court records state. Though Traeger was based in the Birmingham area, the court records do not indicate whether the information that was sold involved Verizon Wireless customers in Alabama or elsewhere. He faces up to five years in prison, but prosecutors are recommending a lesser sentence since he accepted responsibility, according to terms of the plea agreement.
CloudFlare has said it cannot shut down piracy websites. The CloudFlare's response comes two months after adult entertainment outfit ALS Scan filed a complaint at a California federal court two months ago in which the company accused the CDN service of various counts of copyright and trademark infringement. From a TorrentFreak report:"CloudFlare is not the operator of the allegedly infringing sites but is merely one of the many intermediaries across the internet that provide automated CDN services, which result in the websites in question loading a bit faster than they would if they did not utilize CDN services." If Cloudflare terminated the accounts of allegedly infringing websites, the sites themselves would still continue to exist. It would just require a simple DNS reconfiguration to continue their operation. "Indeed, there are no measures of any kind that CloudFlare could take to prevent this alleged infringement, because the termination of CloudFlare's CDN services would have no impact on the existence and ability of these allegedly infringing websites to continue to operate," Cloudflare writes. As such, the company argues that it's not "materially contributing" to any of the alleged copyright infringements.
Sadie Gurman and Eric Tucker, reporting for Associated Press:Police officers across the country misuse confidential law enforcement databases to get information on romantic partners, business associates, neighbors, journalists and others for reasons that have nothing to do with daily police work, an Associated Press investigation has found. Criminal-history and driver databases give officers critical information about people they encounter on the job. But the AP's review shows how those systems also can be exploited by officers who, motivated by romantic quarrels, personal conflicts or voyeuristic curiosity, sidestep policies and sometimes the law by snooping. In the most egregious cases, officers have used information to stalk or harass, or have tampered with or sold records they obtained. No single agency tracks how often the abuse happens nationwide, and record-keeping inconsistencies make it impossible to know how many violations occur. But the AP, through records requests to state agencies and big-city police departments, found law enforcement officers and employees who misused databases were fired, suspended or resigned more than 325 times between 2013 and 2015. They received reprimands, counseling or lesser discipline in more than 250 instances, the review found.
The Intercept is reporting that despite what Apple claims, it does keep a log of people you are receiving messages from and shares this and other potentially sensitive metadata with law enforcement when compelled by court order. Apple insists that iMessage conversations are safe and out of reach from anyone other than you and your friends. From the report:This log also includes the date and time when you entered a number, along with your IP address -- which could, contrary to a 2013 Apple claim that "we do not store data related to customers' location," identify a customer's location. Apple is compelled to turn over such information via court orders for systems known as "pen registers" or "tap and trace devices," orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are "likely" to obtain information whose "use is relevant to an ongoing criminal investigation." Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.
In what may be part of the original Democratic National Committee hack, the FBI is currently investigating a possible hack involving the cell phones of a small number of Democratic Party staffers. CNN reports: The development comes on the same day Homeland Security Secretary Jeh Johnson told lawmakers that 18 states have asked for help in warding off cyberattacks on their electronic voting systems. Law enforcement officials have reached out to the staffers individually about "imaging" their phones to search for evidence of hacking, such as malware. Investigators are still probing whether this attempted hack is part of the original breach of Democratic National Committee emails -- which is widely thought to be the work of the Russian government -- or a new hacking attempt. "Our struggle with the Russian hackers that we announced in June is ongoing -- as we knew it would be -- and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen," interim DNC Chairwoman Donna Brazile told CNN. Cybersecurity was a major theme at the debate last night between Republican nominee Donald Trump and Democratic nominee Hillary Clinton. While Clinton blamed the Russians for the "election-related cyberintrusions," Trump said "It could be Russia, but it could also be China. It could also be lots of other people. It could also be somebody sitting on their bed that weighs 400 pounds." We will update this story as it develops.