Transportation

Unpatchable 'Flaw' Affects Most of Today's Modern Cars (bleepingcomputer.com) 185

Catalin Cimpanu, writing for BleepingComputer: A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others. The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components. The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team. Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.
Government

Justice Department Demands 1.3 Million IP Addresses Related To Anti-Trump Website (theverge.com) 384

An anonymous reader quotes a report from The Verge: In a blog post today, online web hosting provider DreamHost disclosed that it has been involved in a months-long legal battle with the Justice Department over records on visitors to an anti-Trump website. The dispute focuses on a Justice Department demand for information on data related to disruptj20.org, which describes itself as a group of activists "building the framework needed for mass protests to shut down the inauguration of Donald Trump and planning widespread direct actions to make that happen." DreamHost is taking issue with a warrant issued by the department for "all files" related to the website, which DreamHost says would compel them to turn over electronic data like visitor logs. That would include IP addresses and other information that could be used to identify anyone who visited the site. "The request from the DOJ demands that DreamHost hand over 1.3 million visitor IP addresses -- in addition to contact information, email content, and photos of thousands of people -- in an effort to determine who simply visited the website," the company said in its blog post. The warrant, DreamHost argues, would also require it to hand over any communications that are even tangentially related to the website.

"In essence, the Search Warrant not only aims to identify the political dissidents of the current administration, but attempts to identify and understand what content each of these dissidents viewed on the website," the company said in a legal filing arguing against the warrant. A hearing on the situation is set for Friday in Washington, DC Superior Court.

Space

Startup To Put Cellphone Tower on the Moon (space.com) 76

An astronaut wandering the moon next year could use a smartphone to call home. If everything goes according to a plan, that is. A German startup is preparing to set up the first telecommunication infrastructure on the lunar surface. From a report: The German company Part Time Scientists, which originally competed for the Google Lunar X Prize race to the moon, plans to send a lander with a rover in late 2018 to visit the landing site of Apollo 17. (Launched in 1972, this was NASA's final Apollo mission to the moon.) Instead of using a complex dedicated telecommunication system to relay data from the rover to the Earth, the company will rely on LTE technology -- the same system used on Earth for mobile phone communications. "We are cooperating with Vodafone in order to provide LTE base stations on the moon," Karsten Becker, who heads embedded electronics development and integration for the startup, told Space.com. "What we are aiming to do is to provide commercial service to bring goods to the moon and also to provide services on the surface of the moon," Becker added.
Businesses

Almost All of FCC's New Advisory Panel Works For Telecoms (thedailybeast.com) 84

New submitter simkel writes: When the Federal Communications Commission went looking this year for experts to sit on an advisory committee regarding deployment of high-speed internet, Gary Carter thought he would be a logical choice. Carter works for the city of Santa Monica, California, where he oversees City Net, one of the oldest municipal-run networks in the nation. The network sells high-speed internet to local businesses, and uses the revenue in part to connect low-income neighborhoods. That experience seemed to be a good match for the proposed Broadband Deployment Advisory Committee (BDAC), which FCC Chairman Ajit Pai created this year. One of the panel's stated goals is to streamline city and state rules that might accelerate installation of high-speed internet. But one of the unstated goals, members say, is to make it easier for companies to build networks for the next generation wireless technology, called 5G. The advanced network, which promises faster speeds, will require that millions of small cells and towers be erected nationwide on city- and state-owned public property. The assignment seemed to call out for participation from city officials like Carter, since municipal officials approve where and what equipment telecommunications companies can place on public rights of way, poles and buildings. But the FCC didn't choose Carter -- or almost any of the other city or state government officials who applied. Sixty-four city and state officials were nominated for the panel, but the agency initially chose only two: Sam Liccardo, mayor of San Jose, California, and Kelleigh Cole from the Utah Governor's Office, according to documents obtained by the Center for Public Integrity through a Freedom of Information Act request. Pai later appointed another city official, Andy Huckaba, a member of the Lenexa, Kansas, city council. Instead the FCC loaded the 30-member panel with corporate executives, trade groups and free-market scholars. More than three out of four seats on the BDAC are filled by business-friendly representatives from the biggest wireless and cable companies such as AT&T, Comcast, Sprint, and TDS Telecom. Crown Castle International Corp., the nation's largest wireless infrastructure company, and Southern, the nation's second-largest utility firm, have representatives on the panel.
The Internet

Maybe Americans Don't Need Fast Home Internet Service, FCC Suggests (arstechnica.com) 377

An anonymous reader shares an excerpt from a report via Ars Technica: Americans might not need a fast home Internet connection, the Federal Communications Commission suggests in a new document. Instead, mobile Internet via a smartphone might be all people need. The suggestion comes in the FCC's annual inquiry into broadband availability. Section 706 of the Telecommunications Act requires the FCC to determine whether broadband (or more formally, "advanced telecommunications capability") is being deployed to all Americans in a reasonable and timely fashion. If the FCC finds that broadband isn't being deployed quickly enough to everyone, it is required by law to "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market."

The FCC found during George W. Bush's presidency that fast Internet service was being deployed in a reasonable and timely fashion. But during the Obama administration, the FCC determined repeatedly that broadband isn't reaching Americans fast enough, pointing in particular to lagging deployment in rural areas. These analyses did not consider mobile broadband to be a full replacement for a home (or "fixed") Internet connection via cable, fiber, or some other technology. Last year, the FCC updated its analysis with a conclusion that Americans need home and mobile access. Because home Internet connections and smartphones have different capabilities and limitations, Americans should have access to both instead of just one or the other, the FCC concluded under then-Chairman Tom Wheeler.
The report goes on to add that with Republican Ajit Pai as chairman of the FCC, "the FCC seems poised to change that policy by declaring that mobile broadband with speeds of 10Mbps downstream and 1Mbps upstream is all one needs." Furthermore, "In doing so, the FCC could conclude that broadband is already being deployed to all Americans in a reasonable and timely fashion, and thus the organization would take fewer steps to promote deployment and competition."
Microsoft

Microsoft Dumps Notorious Chinese Secure Certificate Vendor (zdnet.com) 57

Soon, neither Internet Explorer nor Edge will recognize new security certificates from Chinese Certificate Authorities WoSign and its subsidiary StartCom. ZDNet reports: A CA is a trusted entity that issues X.509 digital certificates that verify a digital entity's identity on the internet. Certificates include its owner's public key and name, the certificate's expiration date, encryption method, and other information about the public key owner. Typically, these are used to secure websites with the https protocol, lock down internet communications with Secure Sockets Layer and Transport Layer Security (SSL/TLS), and secure virtual private networks (VPNs). A corrupted certificate is barely better than no protection at all. It can be used to easily hack websites and "private" internet communications.

Microsoft has joined [Mozilla, Google and Apple] in abandoning trust in their certificates. A Microsoft representative wrote: "Microsoft has concluded that the Chinese CAs WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) [issuance and management rules for public certificates] violations." Microsoft will start "the natural deprecation of WoSign and StartCom certificates by setting a 'NotBefore' date of 26 September 2017. This means all existing certificates will continue to function until they self-expire. Windows 10 will not trust any new certificates from these CAs after September 2017."

The Military

A US Spy Plane Has Been Flying Circles Over Seattle For Days (thedrive.com) 232

turkeydance shares Thursday's report from The Drive: A very unique U.S. Air Force surveillance aircraft has been flying highly defined circles over Seattle and its various suburbs for nine days now... The aircraft, which goes by the callsign "SPUD21" and wears a nondescript flat gray paint job with the only visible markings being a U.S. Air Force serial on its tail, is a CASA CN-235-300 transport aircraft that has been extensively modified... It is covered in a dizzying array of blisters, protrusions, humps and bumps. These include missile approach warning detectors and large fairings on its empennage for buckets of forward-firing decoy flares, as well as both microwave -- the dome antenna behind the wing and flat antenna modification in front of the wing -- and ultra high-frequency satellite communications -- the platter-like antenna behind the dome antenna. A communications intelligence suite also appears to be installed on the aircraft, with the antenna farm on the bottom of its fuselage being a clear indication of such a capability. But what's most interesting is the aircraft's apparent visual intelligence gathering installation...

This particular CN-235, with the serial 96-6042, is one of six that researchers commonly associated with the Air Force's top secret 427th Special Operations Squadron... The 427th occupies the same space with a host of other "black" U.S. military aviation elements, most of which are affiliated to some degree with Joint Special Operations Command and the Intelligence Community... [I]f the military placed the aircraft under civilian control to some degree and with an appropriate legal justification, the U.S. military could possibly fly it in support of a domestic operation or one focused on a foreign suspect or organization operating within the United States... It's also entirely possible, if not probable, that the aircraft could be involved in a realistic training exercise rather than an actual operation... The area could have simply provided a suitable urban area to test existing or new surveillance technologies, too, though this could spark serious privacy concerns if true.

Friday an Air Force Special Operations Command public affairs officer confirmed that the plane was one of theirs, describing its activity as "just a training mission," according to Russia Today.
Communications

The FCC Is Full Again, With Three Republicans and Two Democrats (arstechnica.com) 81

An anonymous reader quotes a report from Ars Technica: The U.S. Senate today confirmed the nominations of Republican Brendan Carr and Democrat Jessica Rosenworcel to fill the two empty seats on the Federal Communications Commission. FCC Chairman Ajit Pai congratulated the commissioners in a statement. "As I know from working with each of them for years, they have distinguished records of public service and will be valuable assets to the FCC in the years to come," Pai said. "Their experience at the FCC makes them particularly well-suited to hit the ground running. I'm pleased that the FCC will once again be at full strength and look forward to collaborating to close the digital divide, promote innovation, protect consumers, and improve the agency's operations."

Carr served as Pai's Wireless, Public Safety and International Legal Advisor for three years. After President Trump elevated Pai to the chairmanship in January, Pai appointed Carr to become the FCC's general counsel. Rosenworcel had to leave the commission at the end of last year when the Republican-led US Senate refused to re-confirm her for a second five-year term. But Democrats pushed Trump to re-nominate Rosenworcel to fill the empty Democratic spot and he obliged. FCC commissioners are nominated by the president and confirmed by the Senate. esides Pai, Carr, and Rosenworcel, the five-member commission includes Republican Michael O'Rielly and Democrat Mignon Clyburn.

Businesses

Charter Has Moved Millions of Customers To New -- And Often Higher -- Pricing (arstechnica.com) 84

After Charter closed the acquisitions of Time Warner Cable and Bright House Networks in May 2016, it moved 30 percent of the customers it acquired onto new pricing plans, resulting in many people paying higher prices. "Before the merger, Charter had about 6.8 million customers; afterward, Charter had 25.4 million customers in 41 states and became the second-largest U.S. cable company after Comcast," reports Ars Technica. From the report: Charter came up with new prices and packages, and many customers saw their bills rise when their previous discounts expired and they were switched to non-promotional pricing. Now, 30 percent of the ex-TWC and ex-Bright House customers are paying different -- and often higher -- prices. Charter CEO Thomas Rutledge provided the update in an earnings call last week (hat tip to FierceCable). According to a Seeking Alpha transcript, Rutledge said: "In June, we finished the rollout of our new pricing, packaging, and branding across our national footprint with the last launch of Spectrum in Hawaii. We now offer a simple, straightforward, high-value product using a consistent and uniform approach across our 50 million passings under one brand, Spectrum. The new product is succeeding with consumers across our footprint. In the second quarter, our customers and PSU [primary service unit] connects were higher year-over-year. And as of the end of the second quarter, 30 percent of Time Warner Cable and Bright House legacy customers were in our new pricing and packaging, up from 17 percent at the end of last quarter. In areas where we've had Spectrum in place for at least three quarters, 43 percent of our residential customers have Spectrum package products."
Privacy

NSA Unlawfully Surveilled Kim Dotcom In New Zealand, Says Report (thehill.com) 133

According to new documents from New Zealand's Government Communications Security Bureau (GCSB), the NSA illegally used technology to spy on Megaupload founder Kim Dotcom. "The New Zealand Herald first reported that the GCSB told the nation's high court that it ceased all surveillance of Dotcom in early 2012, but that 'limited' amounts of communications from Dotcom were later intercepted by its technology without the bureau's knowledge," reports The Hill. From the report: Dotcom was surveilled by the NSA and the GCSB in a joint intelligence operation named Operation Debut. According to the Herald, that surveillance was scheduled to end in January 2012, but the United States continued to use New Zealand's technology. According to court documents obtained by the Herald, "Limited interception of some communications continued beyond the detasking date without the knowledge of GCSB staff." The court papers don't explain how the NSA was able to use the GCSB's spying technology without the bureau's knowledge. According to the Herald, "The GCSB documents do contain an admission of NSA involvement, although it was not made outright." Dotcom is facing charges of copyright infringement and money laundering related to Megaupload, a file-sharing website shut down in 2012. He is currently fighting U.S. attempts to extradite him from New Zealand.
Government

Senators Propose Bill Targeting Websites That Facilitate Sex Trafficking (usatoday.com) 187

An anonymous reader quotes a report from USA Today: A bipartisan group of lawmakers introduced legislation Tuesday that aims to make it easier to sue and criminally prosecute operators of online classified sites like Backpage.com that have been used to advertise sex workers. The proposed bill would amend the Communications Decency Act to eliminate a provision that shields operators of websites from being liable for content posted by third-party users. In addition to removing liability protections for websites that facilitate "unlawful sex acts with sex trafficking victims," lawmakers are seeking to amend the CDA to allow state prosecutors -- not just federal law enforcement -- to take action against individuals and businesses that use websites to violate federal sex trafficking laws. "For too long, courts around the country have ruled that Backpage can continue to facilitate illegal sex trafficking online with no repercussions," said Sen. Rob Portman, R-Ohio. "The Communications Decency Act is a well-intentioned law, but it was never intended to help protect sex traffickers who prey on the most innocent and vulnerable among us. This bipartisan, narrowly crafted bill will help protect vulnerable women and young girls from these horrific crimes."
United States

Trump Removes Anthony Scaramucci From Communications Director Role (nytimes.com) 463

Maggie Haberman, Michael D. Shear, and Glenn Thrush reporting for The New York Times: President Trump has decided to remove Anthony Scaramucci from his position as communications director (Editor's note: the link could be paywalled; alternative source), three people close to the decision said Monday, relieving him just days after Mr. Scaramucci unloaded a crude verbal tirade against other senior members of the president's senior staff. Mr. Scaramucci's abrupt removal came just 10 days after the wealthy New York financier was brought on to the West Wing staff, a move that convulsed an already chaotic White House and led to the departures of Sean Spicer, the former press secretary, and Reince Priebus, the president's first chief of staff. From a report: Anthony Scaramucci will be leaving his role as White House Communications Director," the statement read. "Mr. Scaramucci felt it was best to give Chief of Staff John Kelly a clean slate and the ability to build his own team. We wish him all the best." Press secretary Sarah Huckabee Sanders is scheduled to brief the press corps, on-camera, at 12:45 pm PST. Scaramucci was given the job on Friday, June 21, and by Thursday, July 27, became something of a national laughingstock when The New Yorker reported his profanity-laced conversation with the magazine's Washington correspondent the night before. He was hired by the president to take charge of a communications operation in disarray, and his hiring coincided with the departure of White House press secretary Sean Spicer. Scaramucci, in his conversation with The New Yorker's Ryan Lizza, was extremely critical of White House chief strategist Steve Bannon and predicted, correctly, that then-chief of staff Reince Priebus would be removed from his position. Following the publication of Lizza's article, it became an open question in Washington whether Scaramucci would keep his job.
Apple

Apple is About To Do Something Their Programmers Definitely Don't Want (medium.com) 315

Last week, The Wall Street Journal had a big feature on Apple Campus, the big new beautiful office the company has spent north of $5 billion on. The profile, in which the reporter interviewed Apple's design chief Jony Ive, also mentioned about an open space where all the programmers would sit and work. Ever since the profile came out, several people have expressed their concerns about the work environment for the developers. American entrepreneur and technologist Anil Dash writes: [...] There have been countless academic studies confirming the same result: Workers in open plan offices are frustrated, distracted and generally unhappy. That's not to say there's no place for open plan in an offices -- there can be great opportunities to collaborate and connect. For teams like marketing or communications or sales, sharing a space might make a lot of sense. But for tasks that require being in a state of flow? The science is settled. The answer is clear. The door is closed on the subject. Or, well, it would be. If workers had a door to close. Now, when it comes to jobs or roles that need to be in a state of flow, programming may be the single best example of a task that benefits from not being interrupted. And Apple has some of the best coders in the world, so it's just common sense that they should be given a great environment. That's why it was particularly jarring to see this side note in the WSJ's glowing article about Apple's new headquarters: "Coders and programmers are concerned their work surroundings will be too noisy and distracting." Usually, companies justify putting programmers into an open office plan for budget reasons. It does cost more to make enough room for every coder to have an office with a door that closes. But given that Apple's already invested $5 billion into this new campus, complete with iPhone-influenced custom-built toilets for the space, it's hard to believe this decision was about penny-pinching. The other possible argument for skipping private offices would be if a company didn't know that's what its workers would prefer.
Privacy

Russia Bans VPNs To Stop Users From Looking at Censored Sites (cnn.com) 119

Russia is cracking down on software that allows users to view internet sites banned by the government. From a report: President Vladimir Putin has signed a bill that prohibits services, including virtual private networks (VPNs), that enable users to skirt government censorship efforts. The law will take effect on November 1. Russian internet regulator Roskomnadzor maintains a blacklist of thousands of websites. Leonid Levin, chairman of a parliamentary committee on information policy and communications, said the law signed by Putin does not "introduce any new restrictions and especially no censorship." "My colleagues only included the restriction of access to information that is already forbidden by law or a court decision," he told state news agency RIA Novosti earlier this month.
Stats

Should The Government Fix Slow Internet Access? (fivethirtyeight.com) 315

An anonymous reader quotes a story from Nate Silver's FiveThirtyEight site about "the worst internet in America": FiveThirtyEight analyzed every county's broadband usage using data from researchers at the University of Iowa and Arizona State University and found that Saguache, Colorado was at the bottom. Only 5.6 percent of adults were estimated to have broadband... It has some of the worst internet in the country. That's in part because of the mountains and the isolation they bring... Its population of 6,300 is spread across 3,169 square miles 7,800 feet above sea level, but on land that is mostly flat, so you can almost see the full scope of two mountain ranges as you drive the county's highway...

But Saguache isn't alone in lacking broadband. According to the Federal Communications Commission, 39 percent of rural Americans -- 23 million people -- don't have access. In Pew surveys, those who live in rural areas were about twice as likely not to use the internet as urban or suburban Americans.

In Saguache County download speeds of 12 Mbps (with an upload speed of 2 Mbps) cost $90 a month, and the article points out that when it comes to providing broadband, "small companies and cooperatives are going it more or less alone, without much help yet from the federal government." But that raises an inevitable question. Should the federal government be subsidizing rural internet access?
China

Apple Pulls Anti-Censorship Apps from China's App Store (fortune.com) 108

An anonymous reader quotes Fortune:Services helping Chinese users circumvent the "Great Firewall of China" have been pulled from Apple's Chinese App Store en masse. On Saturday morning, at least some software makers affected by the sweep received notification from Apple that their tools were removed for violating Chinese law. Internet censorship in China restricts communications about topics including democracy, Tibetan freedom, and the 1989 Tienanmen Square protests. The culling primarily seems to have affected virtual private networks, or VPNs, which mask users' Internet activity and data from outside monitoring. According to a report by the New York Times, many of the most popular such apps are now missing from the Chinese App Store.
United States

Congress Asks US Agencies For Kaspersky Lab Cyber Documents (reuters.com) 28

Reuters reports: A U.S. congressional panel this week asked 22 government agencies to share documents on Moscow-based cyber firm Kaspersky Lab, saying its products could be used to carry out "nefarious activities against the United States," according to letters seen by Reuters. The requests made on Thursday by the U.S. House of Representatives Committee on Science, Space and Technology are the latest blow to the antivirus company, which has been countering accusations by U.S. officials that it may be vulnerable to Russian government influence. The committee asked the agencies for all documents and communications about Kaspersky Lab products dating back to Jan. 1, 2013, including any internal risk assessments. It also requested lists of any systems that use Kaspersky products and the names of any U.S. government contractors or subcontractors that do so. Kaspersky has repeatedly denied that it has ties to any government and said it would not help any government with cyber espionage. It said there is no evidence for the accusations made by U.S. officials. The committee "is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage, or other nefarious activities against the United States," wrote the panel's Republican chairman, Lamar Smith, in the letters.
Government

Intelligence Chairman Accuses Obama Aids of Hundreds of Unmasking Requests (thehill.com) 330

mi writes: When American spies capture our communications with foreigners, the identities of Americans on the other side of the conversation are generally protected -- if not by bona-fide laws, then certainly by rules and regulations. A transcript of the conversation should have their name replaced with labels like "U.S. person 1". The citizen involved can only be "unmasked" with a good reason. In 2011, Obama relaxed these rules, making it much simpler even for officials without any intelligence role to obtain the identities. Predictably, certain top officials of the Obama Administration abused their access to get this information: "The [House Intelligence] committee has learned that one official, whose position had no apparent intelligence related function, made hundreds of unmasking requests during the final year of the Obama administration," [Intelligence Chairman Devin] Nunes wrote. "Of those requests, only one offered a justification that was not boilerplate."
Communications

Why Your Call Center is Only Getting Noisier (mckinsey.com) 105

From a report by research firm McKinsey & Company: Organizations have been investing in all manner of customer-facing technology solutions to replace live calls. Of all operational call-center technologies, digital solutions were ranked as one of the most important over the next five years by four out of five executives. Only agent desktop tools ranked higher. These technologies begin with websites, chat bots, and apps and extend to artificial-intelligence robots that simulate human conversations -- redefining the way organizations interact with customers -- as well as more tried-and-tested functionalities such as improved web, app, or self-service capabilities in interactive voice-response (IVR) systems. And yet, despite this plethora of technology solutions, we see that calls are not going away and instead are catching call-center executives off guard in their efforts to reduce volumes. It's not that a spike in call volumes is necessarily a bad thing. On the contrary, the proliferation of digital tools can awaken previously dormant customers, sparking new inquiries from an engaged customer base. But in many instances, we've also observed that the volumes of unwanted calls exceed what would be expected during a learning period, or remain constant or rise over time, defeating strategic goals and leaving managers bewildered and unable to tie tech investments to improved operational outcomes. Why are so many organizations struggling with reaping the full benefits from these investments? In our experience, the answer often lies in two core areas. First, as companies turn to technology to address call-center volumes, they allow customer experience to take a back seat to digital technology in their operations, creating dissonance in direct customer interaction, where the objective is harmony and efficiency. Second, by counting on technology to solve their call-center issues, executives lose focus on core operations and upset the balance between human interaction and automation in an era of evolved customer service.
Businesses

More Than One Billion People Use Facebook's WhatsApp Service Every Day (whatsapp.com) 87

Facebook has announced that more than one billion people use its instant messages and voice calling app WhatsApp every day. To put that in perspective, there are 7.5 billion people on this planet. And Facebook, whose marquee service itself is used by more than two billion people every month, says that 13.3 percent of the world's population is using Whatsapp every day.

Slashdot Top Deals