Jump to content

Search the Community

Showing results for tags 'usa'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 43 results

  1. A cyberattack on a subcontractor for U.S. Customs and Border Protection (CBP) exposed surveillance plans and much more than was previously disclosed, according to a new report. Earlier this month, U.S. Customs and Border Protection said photos of travelers and license plates had been compromised during a cyberattack, adding that less than 100,000 people were affected. However, the Washington Post reported on Friday that the cyberattack also compromised documents including “detailed schematics, confidential agreements, equipment lists, budget spreadsheets, internal photos and hardware blueprints for security systems.” As the news outlet put it: The documents offer an unusually intimate glimpse of the machinery that U.S. officials depend on for the constant monitoring of legal immigration through the border. They also illuminate the government’s plans for expanding its use of license plate readers and facial-recognition cameras, including such details as how many cameras are focused on which traffic lanes at some of the busiest border crossings in the world. The hacked CBP subcontractor documents were put on the dark web and the subcontractor who appears to have been hacked was Tennessee-based Perceptics, according to the report. The available information taken was “hundreds of gigabytes,” the newspaper reported. You can read all of the Washington Post report here. Source
  2. Americans aren’t interested in the Moon and Mars—and that’s understandable After 15 years and $50 billion, we haven't really gotten that far. Enlarge / Mars or the Moon? It’s a debate that has bedeviled NASA for decades. Aurich Lawson / Getty Images Nearly two years ago, Vice President Mike Pence made the administration's space policy official, saying NASA would re-focus its program around "establishing a renewed American presence on the Moon, a vital strategic goal." In December 2017, President Trump signed a space-policy document codifying this human-exploration plan. Under this space-policy directive, a sustainable presence on the Moon would then become a stepping stone to destinations further out in space, such as Mars. The president recently made clear his preference for getting to Mars quickly, tweeting a few weeks ago: "For all of the money we are spending, NASA should NOT be talking about going to the Moon—we did that 50 years ago. They should be focused on the much bigger things we are doing, including Mars." A new poll suggests this talk about sending humans back to the Moon or on to Mars is out of step with the views of most Americans. The survey of 1,137 US. adults by The Associated Press-NORC Center for Public Affairs Research suggests only about one-in-four Americans believe sending humans to the Moon or Mars is "very" or "extremely" important. AP-NORC poll results for is the following "extremely" or "very" important. AN-NORC By contrast, 59 percent of respondents found scientific research on Earth, the Solar System, and the universe to be very or extremely important for NASA. An even greater number, 68 percent, attached such importance to monitoring asteroids, comets, or other objects from space that could strike the planet. These findings are consistent with a Pew Research Center survey from about a year ago, which found large majorities of the public much more interested in protecting the Earth's climate and protecting the planet from asteroids than the human exploration of the Moon and Mars. Lots of money, few results So what is going on here? It has long—and correctly, we believe—been said the American support for space exploration is a mile wide and an inch deep. So Americans like the idea of a space program, and they appreciate robotic probes landing on Mars. But they don't want to dig too deeply into their pockets to pay for it. (The public isn't very well-informed about this, however, as most Americans seem to think NASA claims about one-quarter of the US budget. It is, in fact, less than one-half of one percent). On some fundamental level, perhaps, Americans also realize that they haven't exactly been getting high returns on their investments in human exploration—especially when it comes to deep space. During the last 15 years, for example, NASA has been engaged in building the "capabilities" for a deep-space exploration program (principally the Orion spacecraft and two large rockets, the Ares V and then the Space Launch System). This has cost nearly $50 billion. And for what? None of these vehicles is yet ready for human spaceflight, and realistically, humans are unlikely to use them to fly into deep space before the early or mid-2020s. The implications of these findings for the next president are intriguing. The Trump administration will likely continue the same, slow slog it appears to be on (promises of a 2024 lunar landing notwithstanding) that involves continuing to spend in excess of $3 billion annually on Orion and the SLS rocket. But a Democratic president might see the largesse in the NASA budget for deep-space exploration vehicles, observe the public's preference for protecting Earth, and rearrange the budget accordingly. Source: Americans aren’t interested in the Moon and Mars—and that’s understandable (Ars Technica)
  3. (Reuters) - Alphabet Inc’s Google announced on Tuesday it would set aside $750 million in land and $250 million in financing to spur developers in the San Francisco Bay Area to build at least 20,000 homes and rehabilitate other housing over the next decade. Google, which told Reuters it has 45,000 employees in the region, has been the target of local activists who for several years have said the company’s growth and high salaries have contributed to rising rents and housing shortages. They have called on Google and other Silicon Valley tech companies to invest in affordable housing and rethink expansions. Google said housing had reached a “crisis point” in the Bay Area but declined to comment on whether its announcement in a blog post on Tuesday was a response to pressure from community activists, who plan to demonstrate Wednesday outside Alphabet’s annual shareholder meeting. Activist group Silicon Valley Rising called Google’s announcement “a great step in the right direction.” In January, Facebook Chief Executive Mark Zuckerberg’s philanthropy in partnership with other groups said they planned to raise $500 million to build or preserve more than 8,000 homes in the Bay Area over 10 years. And Microsoft Corp pledged $500 million toward addressing homelessness and developing affordable housing in the Seattle region. Google told Reuters it would lease land valued at $750 million, and largely zoned for offices or shops, to construct mostly apartments and some for-sale homes for a total of at least 15,000 units. It declined to elaborate on why the space is no longer needed for offices. The $250 million would go toward equity and debt investments in projects preserving existing affordable housing or constructing at least 5,000 new affordable units for people of various income levels. Google said it would prioritize developments near transportation hubs by its offices. Google has already proposed 5,700 new homes at one of its developments in Mountain View, California adding that it is also in discussions with the cities of Sunnyvale and San Jose. Source
  4. Round of devastating job cuts are deepest since the telecom giant said it would create jobs after the passage of the Tax Cuts and Jobs Act NATIONWIDE — AT&T Inc. (NYSE:T) plans to cut 1,880 American jobs over the next few months, continuing a pattern of drastic cuts to family-supporting jobs in communities across the country. The company began notifying employees that their jobs are at risk right before Father’s Day weekend, forcing thousands of working dads and families to spend the holiday figuring out what to do now that they are facing the loss of their paychecks. AT&T CEO Randall Stephenson was one of the most fervent proponents of the Tax Cuts and Jobs Act (TCJA) and said AT&T would use its tax dollars to create at least 7,000 jobs. But since the tax bill passed, the company has been aggressively eliminating tens of thousands of jobs. Meanwhile, AT&T has received a $21 billion windfall from the TCJA, slashed capital investments by $1.4 billion, given hefty pay increases to top executives and did not pay cash income taxes in 2018. These new cuts come just days after the Communications Workers of America (CWA) issued a series of reports showing AT&T’s network in the Midwest is in disrepair even as it is reducing the number of trained, career employees. “Instead of celebrating with my children on Father’s Day, I had to tell them that their dad may not have a job soon,” said Todd Menth, a father of two facing a job cut in Kent, Ohio. “I’ve worked hard at AT&T for nineteen years and I’m proud of my work. My message to AT&T is that it’s not too late to change course, to invest in next-generation networks and keep these good jobs in our community.” The job cut notifications began last Thursday, impacting technicians in the following states: Arkansas, California, Connecticut, Florida, Georgia, Illinois, Indiana, Kansas, Kentucky, Louisiana, Michigan, Missouri, Mississippi, North Carolina, New Jersey, Nevada, Ohio, Oklahoma, South Carolina, Tennessee, Texas, Virginia, and Wisconsin. The workers, members of CWA, are in a long-standing battle with the company to ensure that AT&T’s tax windfall is used as promised to create jobs and increase wages. Over 14,000 members of CWA in the Midwest, Puerto Rico and in AT&T’s national Legacy T unit are in contract negotiations with AT&T, and another 22,000 in the Southeast will begin negotiations this summer. In addition to this round of cuts, a CWA analysis from May 2019 showed the company has eliminated 23,328 jobs since the TCJA passed in late 2017, including nearly 6,000 in the first quarter of 2019. At the same time, the company continues to send work to low-wage contractors and overseas. AT&T has closed 44 call centers and eliminated 16,000 call center jobs in the last seven years, with the Midwest region being one of the hardest hit. Meanwhile, in Puerto Rico, where AT&T workers worked tirelessly to rebuild the AT&T network and help customers after Hurricane Maria, the company is refusing to ensure its two Puerto Rican call centers will stay open. Instead, AT&T recently opened Spanish-language call centers in Mexico that serve the U.S. market. “Hurricane Maria wreaked havoc on Puerto Rico, and the AT&T workers here played a critical role in making sure people could reach their loved ones,” said Daniel Borrero, an AT&T Mobility customer care representative in Puerto Rico. “Instead of acknowledging our dedication and investing in American jobs in the commonwealth, AT&T seems to be directing Spanish-language work to other countries. After today’s news about major job cuts, Puerto Rican workers like me are worried we’re next.” AT&T responds to criticism of its massive job cuts with boasts about hiring and by saying that workers have the option to relocate. But AT&T workers and their union note that hiring to address turnover is not the same as job creation, and relocation options are often hundreds of miles away from workers’ homes and families in communities with dramatically higher costs of living, making relocation unviable for the majority of employees. The facts in AT&T’s own reports are clear—they have 23,000 fewer people on their payroll than they did at the beginning of 2018. CWA has been leading the charge to hold AT&T accountable to the jobs promises the company made as part of its effort to pass the Tax Cut and Jobs Act. In March, CWA President Chris Shelton testified in front of the House Ways and Means Committee about the impact of the Tax Cut and Jobs Act on American workers, and called on Congress to probe AT&T on how it is spending its tax cut money, saying: “You may ask ‘what is AT&T doing with this money if it’s not being used to create jobs and invest in the U.S.?’ We’d like to know as well.” Economists too have been weighing in on how big employers like AT&T are using their increased profits from the tax windfall: “The strongest claim made by proponents of the 2017 Tax Cuts and Jobs Act was that it would trickle down to aid working families by boosting wages,” said Josh Bivens, director of research at the Economic Policy Institute (EPI). “This was never a convincing claim and we can see now just how cynical it was all along: after lobbying fiercely for a corporate tax cut that put literally billions in their coffers, AT&T is fighting tooth and nail to make sure that they don’t have to share any of this new profitability with their workers by committing to invest in good jobs.” Source
  5. You can watch a breakdown of the US broadband problem even if you can't stream it. The latest episode of Netflix variety talk show Patriot Act with Hasan Minhaj focuses on the digital divide. In it, Minhaj breaks down some of the many reasons why internet access is so terrible across much of the US, including the roles of carriers and the Federal Communications Commission. It's a topic we cover frequently on Engadget, and the episode, "Why Your Internet Sucks," is a compelling watch. It's a strong look at why millions of Americans are missing out on fixed broadband and why that's such a problem. For instance, "About three million kids across the country have trouble completing their homework because they don't have adequate internet," Minhaj said. He points out the irony that people who have a strong enough connection to stream the episode probably aren't affected by the problem. So, the Patriot Act team is putting the episode on DVD, which you can rent through Netflix's DVD mail rental service. Around 2.7 million people in the US still get Netflix's red DVD envelopes, so you can order the episode on a disc even if, say, you're struggling with a dial-up connection. Alternatively, the whole episode is on YouTube, so you can watch it even without a Netflix subscription. Source
  6. US report finds sky is the limit for geothermal energy beneath us US Dept. of Energy project estimates geothermal’s untapped potential. Enlarge / Sonoma Power Plant at The Geysers in California. Geothermal Resources Council/flickr With all attention focused on the plummeting prices and soaring popularity of solar and wind, geothermal energy is probably under-appreciated. Sure, you might think, it’s great where you can get it—in, say, Iceland or the Geysers area of California—but those are exceptions, right? Not entirely. Geothermal power sources come in many forms, and they're typically much more subtle than steam shooting out of the ground. In reality, geothermal energy could be a big player in our future mix. That is made clear by the US Department of Energy’s recently released “GeoVision” report. The report follows similar evaluations of wind, solar, and hydropower energy and leans on information from national labs and other science agencies. It summarizes what we know about the physical resources in the US and also examines the factors that have been limiting geothermal’s deployment. Overall, the report shows that we could do a whole lot more with geothermal energy—both for generating electricity and for heating and cooling—than we currently do. Heat and power Enlarge / The highest temperatures are found out West, but these aren't the only places where geothermal techniques can be applied. DOE There are opportunities to more than double the amount of electricity generated at conventional types of hydrothermal sites, where wells can easily tap into hot water underground. That's economical on the current grid. But the biggest growth potential, according to the report, is in so-called “enhanced geothermal systems.” These involve areas where the temperatures are hot but the bedrock lacks enough fractures and pathways for hot water to circulate freely—or simply lacks the water entirely. The technology used in natural gas fracking—injecting pressurized fluid underground to form fractures in the rock that released trapped gas into horizontally drilled wells—could be adapted to generate electricity in sites like these. Creating fractures and/or injecting water to get heated by these rocks eventually results in a similar geothermal plant setup, but it takes a lot more engineering than just jamming a straw into a source that's already sending hot water to the surface. Advancing enhanced geothermal techniques alone could produce 45 gigawatts of electricity by 2050. Add in the more conventional plants, and you’re at 60 gigawatts—26 times more than current geothermal generation. And in a scenario where natural gas prices go up, making geothermal even more competitive, we could double that to 120 gigawatts. That would be fully 16 percent of the total projected 2050 generation in the US. Additionally, that electricity can be generated around the clock and can even be flexibly ramped up or down, making it an excellent pairing with intermittent forms of renewable energy like wind and solar. Enlarge / The many flavors of geothermal. DOE On the heating (and cooling) side, there are two main areas of opportunity. Traditional ground-source heat pumps circulate fluid through loops in the ground to provide cooling in the summer and heating in the winter, and they could be much more widely adopted with minimal effort. The report estimates that installations could increase 14 times over, to 28 million homes by 2050, covering 23 percent of national residential demand. Accounting for limitations in how quickly the market could realistically change brings the number down to 19 million homes—still a massive increase. There’s even more potential for district heating systems, where a single, large geothermal installation pipes heat to all the buildings in an area. There are only a handful of such systems operating in the US today (Boise, Idaho, has an example), but the report finds more than 17,000 locations where it would make sense, covering heating needs for 45 million homes. Limited adoption The report focuses a great deal on the barriers that have so far prevented this eye-popping potential from being realized. Some barriers are indeed technological—those enhanced geothermal systems have yet to reach maturity, for example. Some barriers are simply down to a lack of awareness that things like ground-source heat pumps are already viable options. But the biggest barriers are financial. Geothermal power plant projects suffer from much higher capital costs (and therefore slower payback times) than other forms of renewable energy. Techniques for placing wells at traditional hydrothermal sites are surprisingly unsuccessful, with many wells failing to produce enough to go into use. With better maps and more advanced site characterization, the misses could be reduced, bringing down costs. The report also highlights permitting on federal lands as less than smooth. Between awkward overlaps when multiple agencies are involved and backlogs in understaffed departments, it points to approvals that could be consolidated to simplify the process. Streamlining, the report says, could shorten the time it takes to complete a project and reduce the financial risk of starting one. Separately, the constant uncertainty surrounding short-term tax credits for renewable projects also does geothermal no favors. The 2050 scenarios in the report are based on plausible improvements to these barriers combined with modeling of the economics and operation of the nation’s energy grid. To make the projected numbers a reality, a set of key steps are laid out. Those include the streamlining of permitting, continuing research into the engineering of “enhanced geothermal systems,” improving methods for reducing trial and error at new installations, and outreach to increase awareness of geothermal options. The other key is maximizing the value of each project. As flexibility is increasingly valued on the grid, compensating geothermal for that value would make it more profitable. There are also a variety of possible industrial uses for heat across the range of ground temperatures—everything from warming greenhouses to aiding cement production. A broader set of applications could help grow the geothermal industry, bringing costs down with scale. If you’re a geothermal fan and an optimist, the report lays out a tantalizing amount of potential, although it lists plenty of challenges between here and there. In an intro to the report, DOE Geothermal Technologies Office Director Susan Hamm writes, “[T]his report shows us how to move the geothermal dial from what we know exists to what we envision is possible over the next 30 years. The GeoVision analysis takes us beyond a declaration of resource potential by illustrating what is real today and painting a picture of what could be real tomorrow.” Source: US report finds sky is the limit for geothermal energy beneath us (Ars Technica)
  7. “The world should know that what they’re doing out here is crazy,” said a man who refused to share his passcode with police. As police now routinely seek access to people’s cellphones, privacy advocates see a dangerous erosion of Americans’ rights, with courts scrambling to keep up. William Montanez is used to getting stopped by the police in Tampa, Florida, for small-time traffic and marijuana violations; it’s happened more than a dozen times. When they pulled him over last June, he didn’t try to hide his pot, telling officers, "Yeah, I smoke it, there's a joint in the center console, you gonna arrest me for that?" They did arrest him, not only for the marijuana but also for two small bottles they believed contained THC oil — a felony — and for having a firearm while committing that felony (they found a handgun in the glove box). Then things got testy. As they confiscated his two iPhones, a text message popped up on the locked screen of one of them: “OMG, did they find it?” The officers demanded his passcodes, warning him they’d get warrants to search the cellphones. Montanez suspected that police were trying to fish for evidence of illegal activity. He also didn’t want them seeing more personal things, including intimate pictures of his girlfriend. So he refused, and was locked up on the drug and firearms charges. William Montanez Five days later, after Montanez was bailed out of jail, a deputy from the Hillsborough County Sheriff’s Office tracked him down, handed him the warrants and demanded the phone passcodes. Again, Montanez refused. Prosecutors went to a judge, who ordered him locked up again for contempt of court. “I felt like they were violating me. They can’t do that,” Montanez, 25, recalled recently. "F--- y’all. I ain’t done nothing wrong. They wanted to get in the phone for what?” He paid a steep price, spending 44 days behind bars before the THC and gun charges were dropped, the contempt order got tossed and he pleaded guilty to a misdemeanor pot charge. And yet he regrets nothing, because he now sees his defiance as taking a stand against the abuse of his rights. “The world should know that what they’re doing out here is crazy,” Montanez said. The police never got into his phones. While few would choose jail, Montanez’s decision reflects a growing resistance to law enforcement’s power to peer into Americans’ digital lives. The main portals into that activity are cellphones, which are protected from prying eyes by encryption, with passcodes the only way in. As police now routinely seek access to people’s cellphones, privacy advocates see a dangerous erosion of Americans’ rights, with courts scrambling to keep up. “It’s becoming harder to escape the reach of police using technology that didn’t exist before,” said Riana Pfefferkorn, the associate director of surveillance and cybersecurity at the Center for Internet and Society at Stanford Law School. “And now we are in the position of trying to walk that back and stem the tide.” While courts have determined that police need a warrant to search a cellphone, the question of whether police can force someone to share a passcode is far from settled, with no laws on the books and a confusing patchwork of differing judicial decisions. Last month, the Indiana Supreme Court heard arguments on the issue. The state supreme courts in Pennsylvania and New Jersey are considering similar cases. As this legal battle unfolds, police keep pursuing new ways of breaking into cellphones if the owners don’t cooperate — or are enlisting help from technology firms that can do it for them. This has put them at odds with cellphone makers, all of whom continually update their products to make them harder for hackers or anyone else to break into. But the hacking techniques are imperfect and expensive, and not all law enforcement agencies have them. That is why officials say compelling suspects to unlock their cellphones is essential to police work. Making the tactic more difficult, they say, would tilt justice in favor of criminals. “It would have an extreme chilling effect on our ability to thoroughly investigate and bring many, many cases, including violent offenses,” said Hillar Moore, the district attorney in East Baton Rouge, Louisiana, who got the FBI’s help in breaking into a cellphone belonging to a suspect in a deadly Louisiana State University fraternity hazing ritual. “It would basically shut the door.” Clashes over passcodes In the part of Florida where Montanez lives, authorities are guided by a case involving an upskirt photo. A young mother shopping at a Target store in Sarasota in July 2014 noticed a man taking a picture of her with his phone while crouching on the floor. She confronted him. He fled. Two days later, police arrested Aaron Stahl and charged him with video voyeurism. Authorities got a search warrant for Stahl’s iPhone, but he wouldn’t give them the passcode, citing his Fifth Amendment right not to incriminate himself. A trial judge ruled in his favor, but a state appellate court reversed the decision in December 2016, saying Stahl had to provide the code. Facing the possibility of getting convicted at trial and sentenced to prison, Stahl agreed to plead no contest in exchange for probation. While Stahl did not provide the passcode in the end, prosecutors still rely on the precedent established by the appellate ruling to compel others to turn over their passcodes under the threat of jail. “Up until that point you could be a pedophile or a child pornogropher and carry around the fruits of your crime in front of law enforcement officers, prosecutors and judges and taunt them with fact that they couldn’t get the passcode,” said Cynthia Meiners, who prosecuted Stahl at the 12th Judicial Circuit State’s Attorney’s Office. “You could say, ‘I’m a child pornographer and it’s on my phone but I’m not giving you my passcode because I would be incriminating myself.’” But that ruling only holds in a few counties of Florida. Elsewhere in the country, skirmishes remain unresolved. In Indiana, police officials are trying to force a woman to share her passcode as they investigate her for harassment, saying she was making it impossible for them to obtain key evidence. The woman’s lawyer says authorities haven’t said what evidence they think is in the phone, raising concerns about a limitless search. Her appeals reached the state Supreme Court, whose ruling could influence similar cases around the country. Attorneys general in eight other states filed a brief in support of the police, warning against a ruling that “drastically alters the balance of power between investigators and criminals.” The stakes are similar in New Jersey, where a sheriff’s deputy accused of tipping off drug dealers to police activities has refused to hand over passcodes to his iPhones. The state Supreme Court agreed in May to hear the case. These clashes aren’t limited to the use of passcodes. Police have also tried to force people to open phones through biometrics, such as thumbprints or facial recognition. Legal experts see the Fifth Amendment argument against self-incrimination as more of a stretch in those cases. The law has generally been interpreted as protecting data that someone possesses — including the contents of their mind, such as passcodes — but not necessarily their physical traits, such as thumbprints. Still, some judges have refused to sign warrants seeking permission to force someone to unlock their phone using their face or finger. The rules on compelled decryption are more lenient at the U.S. border, where federal agents have given themselves wide authority to search the phones of people entering the country ─ and have reportedly spent hundreds of thousands of dollars on third-party hacking tools. “Depending on where you are in the country, there is different case law on what police can do,” said Andrew Crocker, a senior staff attorney at the Electronic Frontier Foundation, a civil liberties nonprofit. In some states, there is no authoritative court ruling, leaving law enforcement authorities to decide for themselves. Virginia falls into that category. Bryan Porter, the prosecutor in the city of Alexandria, said he has told local police it’s OK to try to force someone under the threat of jail to open a cellphone by thumbprint or face. But demanding a password seems to go too far, he said. Criminals shouldn’t be able to inoculate themselves from investigations, Porter said. “But it kind of rubs me the wrong way to present a piece of paper to someone and say, ‘Give us your passcode.’” ‘What they were doing to me was illegal’ In Tampa, Florida, where Montanez was arrested last year, judges still rely on the 2016 ruling against Stahl by the Second District Court of Appeals. That is what prosecutors cited when they tried to force Montanez to give up his passcodes. But Montanez’s lawyer, Patrick Leduc, argued that, unlike Stahl’s case, police had no reason to search the phone, because it had no connection to the offenses he was charged with. The “OMG, did they find it?” text message — which turned out to be from Montanez’s mother, who owned the car and the gun in the glove box — was meaningless, Leduc said. He warned of a police “fishing expedition” in which authorities could search for anything potentially incriminating on his phone. While sitting in lockup for contempt, Montanez’s resolve not to give up his passcodes hardened. “What they were doing to me was illegal and I wasn’t going to give them their business like that,” he said. “They told me I got the key to my freedom,” he added. “But I was like, ‘F--- that.’” But the experience shook him. “I ain’t the toughest guy in the world, but I can protect myself. But it was crazy,” he said. “Bad food, fights here and there, people trying to take your food.” At the same time, the drugs and gun case against Montanez was crumbling. Laboratory tests on the suspected THC oil came back negative, voiding that felony charge and the gun charge related to it. That left prosecutors with only minor pot charges. But he remained in jail on the contempt charge while his lawyer and prosecutors negotiated a plea deal. In August 2018, after Montanez had spent more than five weeks in jail for refusing to provide the passcode, an appellate court dismissed the contempt case on a technicality. The court invited prosecutors to try again, but by then the passcode’s value had diminished. Instead, prosecutors allowed Montanez to plead no contest to misdemeanor drug charges and he was freed. When he was released, Montanez carried a notoriety that made him feel unwelcome in his own neighborhood. He noticed people looking at him differently. He was banned from his favorite bar. The police keep pulling him over, and he now fears them, he said. He finally left Tampa and lives in Pasco County, about an hour away. “Yeah, I took a stand against them,” he said. “But I lost all that time. I gotta deal with that, going to jail for no reason.” Source
  8. How many more will die in US heatwaves as world warms? The difference between 1.5°C and 3°C worlds can be thousands of lives. Enlarge Garrett Ziegler / Flickr One of the more obvious risks of climate change is an increased frequency of extreme heatwaves. Particularly in cities, heatwaves can be more than sticky and unpleasant—they can be deadly. The emissions cuts pledged so far in the international Paris Agreement in 2015—if followed through—would limit global warming to the neighborhood of 3°C. That won't prevent an increase in deaths due to heatwaves, but just how much worse is 3°C than the international goals of stopping warming at 2°C or event 1.5°C? To find out, a team led by Eunice Lo at the University of Bristol analyzed the relationship between extreme summer temperatures and deaths for 15 US cities with data: Atlanta, Boston, Chicago, Dallas, Detroit, Houston, Los Angeles, Miami, New York City, Philadelphia, Phoenix, San Francisco, Seattle, St. Louis, and Washington DC. Turning up the (simulated) heat Using climate model simulations, Lo and her team estimated the changes in summer temperatures for these cities at 1.5°C, 2°C, and 3°C of global warming. (The first two scenarios had already been done, but they added a 3°C scenario run by the volunteer [email protected] computing network.) The warmest days on land (as opposed to over the ocean) generally increase faster than the global average, so the difference between these scenarios is more than you might think. The half-degree difference between 1.5°C and 2°C, for example, translates to a 0.6°C to 1°C (about 1 to 2°F) increase in summer extremes for these cities. Using the simplifying assumptions that population doesn't change, vulnerability to heatwaves does not increase, and adaptations aren't undertaken (more on these later), the researchers were able to apply the past heatwave-death relationships to these higher temperatures. Because there is a threshold where temperature and humidity crosses into the danger zone, the differences in these scenarios can be stark. For example, San Francisco would see a month of additional days with an elevated risk of deaths in the 3°C scenario than it would in the 2°C scenario. By counting up the days above the threshold, you can compare the change in estimated heat-related deaths to the average number of deaths from all causes. The difference between a 1.5°C world and a 3 °C world is an increase in the fraction of heat-related deaths of 1 percent in Chicago or 3 percent in Philadelphia. That is, an additional 1 or 3 percent of all deaths would be heat-related. Extreme events For what is perhaps a more concrete comparison, the researchers also zeroed in on especially extreme heatwave events. From their model simulations (which generated 900 years of weather), they identified the magnitude of the once-in-30-years heatwave—the kind of weather event that makes news. Then they calculated the estimated number of deaths that would result from such a heatwave in each scenario. The biggest effects are found in the biggest cities. Take New York: going from a 1.5°C to 3°C global warming means an additional 2,700 deaths in a heatwave like that. The difference between 2°C to 3°C is 2,000 deaths. In LA, the lives saved in those scenarios are about 1,100 and 750, respectively. Enlarge / Numbers for a once-in-30-years heatwave for each city and scenario. Union of Concerned Scientists For Chicago, those numbers are about 875 and 640 lives. For context, the researchers point to the July 1995 Chicago heatwave that killed an estimated 514 people, a number smaller than the difference between the future scenarios. In a 3°C world, heatwaves as deadly as that 1995 event would occur every year or two. Of course, we don’t expect population to remain constant in these cities. Most are growing, which means more people experiencing future heatwaves. On top of that, demographics are shifting toward an aging population that is more vulnerable to the heat. On the flip side, there is a lot that could be done to reduce vulnerability. Access to air conditioning can save lives, and adaptations like shade cover and cool roofs can reduce the “urban heat island effect” that raises temperatures in the concrete jungle. But separate from those factors, the researchers note that one thing is clear: “Ratcheting up global mitigation ambition to achieve the Paris Agreement long-term temperature goal would significantly reduce these cities’ exposure to extreme heat[...] Our results demonstrate that strengthened mitigation ambition would result in substantial benefits to public health in the United States.” Science Advances, 2019. DOI: 10.1126/sciadv.aau4373 (About DOIs). Source: How many more will die in US heatwaves as world warms? (Ars Technica)
  9. President Donald Trump’s recent Executive Order on America’s Cybersecurity Workforce has created surprisingly little buzz within the cybersecurity training community. This is likely because, as exciting as it is to have the leader of the free world focused on our slice of the industry, the EO is extremely high-level. Unless the policy has some serious teeth in the form of enforceable sanctions, sufficient funds and manpower, an executive order is little more than a press statement. Still, I’m optimistic about this one. Given the scope of the cybersecurity talent shortage, I’m confident that the need for well-trained, experienced cybersecurity professionals will drive the market to produce them one way or another. But cybersecurity work is inherently tied into America’s national defense, economic durability and growth. Especially given the talent shortage, it’s highly appropriate for the federal government to give the country’s cybersecurity workforce the boost it needs. Moving the EO Forward Industry insiders are wondering out loud just how useful the EO will be. I think there’s a lot to like. However, as many others have noted, it’s light on details. And when it comes to executing an ambitious initiative at federal scale, the devil is most definitely in the details. Still, I believe it can make it off the page, and have a few ideas on how to take it a few steps down the road: Wide, Enforced Adoption of the NICE Cybersecurity Workforce Framework NICE a subset of NIST’s cybersecurity standard, stands for National Initiative for Cybersecurity Education. It includes a framework that “establishes a taxonomy and common lexicon that describes cybersecurity work and workers irrespective of where or for whom the work is performed…” and is … “intended to be applied in the public, private, and academic sectors.” In other words, NICE has already done the heavy lifting of codifying the wide spectrum of cybersecurity roles, tasks, skills, knowledge and abilities into a standard language. Many “Security-first” organizations I work with are already putting NICE into practice. Though many of them will admit it’s not an easy undertaking, NICE has already become the standard for top academic cybersecurity programs and the organizations eager to hire their graduates. But NICE is a standard, not a regulation. As a cornerstone of the EO, NICE framework adoption needs to be mandated, with clear, standardized enforcement and/or compliance mechanisms across public, private sector and academic institutions. And, to avoid a bureaucratic nightmare, it should be handled by a single government agency. Otherwise, adoption won’t happen fast enough to move the needle. … Starting with Managed Security Service Providers Managed security services providers (MSSPs) likely will be the first impacted by the new executive order, which requires any entity interested in pursuing government and public sector cybersecurity contracts to frame their qualifications in terms of NICE. This could translate into a fierce competitive advantage for MSSPs that have already developed an efficient way to verify their staff is up to muster with the NICE skills, knowledge and abilities. With that being the case, it makes sense to use the MSSP community as a test case for how to enforce NICE compliance. Once the kinks are worked out, the private sector can begin incorporating NICE as a benchmark for their managed security contracts. If the government agencies effectively enforce the NICE requirement with MSSPs, they can continue to scale incrementally. Higher Education Should Standardize on NICE-Aligned Experiential Learning The NICE framework advocates real-world, practical skills and abilities—a.k.a. experiential learning—and makes it clear that higher education institutions will need to make hands-on experience an integral focus of their cybersecurity programs. Many schools have already invested in on-campus cyber training and simulation facilities, called cyber ranges, that align with the guidelines outlined in NICE. The federal government can facilitate the construction of cyber ranges by offering colleges and universities government grants, no-interest loans and other financial assistance and incentives. Student work-study programs that allow students to undergo an initial, intense training phase, then work in cybersecurity roles and gain critical experience as they continue studies, would make the programs even more popular and accessible to a wider potential student population. Training the Trainers Setting up high-quality, experiential cybersecurity degree programs and cyber ranges is the easy part. The real challenge will be finding enough qualified instructors to teach cybersecurity coursework and lead simulation training sessions. The one chorus I hear loud and clear from customers across all industries—academia, large enterprises, FBSI and MSSPs—is the need for cybersecurity instructors. Workforce development programs are only as good as the instructors who teach them, and at the moment they are a painfully scarce resource. There isn’t much point in drumming up interest among students and mid-career pros in retraining if there aren’t enough teachers to lead the courses. Therefore, to support the EO, the government should take action to help establish a NICE instructor certification process for cybersecurity trainers. The NICE instructors’ course could be offered to military personnel who served in cybersecurity roles upon re-entry to civilian life. The government also could offer incentives to businesses and academic institutions that send faculty members to receive certified NICE cybersecurity instructor training. President’s Cup Cybersecurity Competition The competition included in the executive order, if it takes off, will introduce a fun, competitive, yet highly practical culture to cybersecurity skills development that is aligned with the kind of cyber range-based training we know is essential for developing skills needed for so many cyber defense roles. Ask any teacher, coach, commanding officer or anyone who has played Capture the Flag at Black Hat; competitions are an extremely effective way to motivate effort and mastery of skills. Public sector organizations can offer cash prizes, paid vacation days or any other legal incentive to employees who successfully exhibit excellent hands-on cyber defense skills. So, as validating as the EO is for an experiential learning-based approach to cybersecurity skills development and training—an approach that I evangelize on a daily basis—we’ll have to wait another three months (at least) for the secretary of Homeland Security to provide the president with a plan on how to execute the EO. My fingers are crossed. Source
  10. Trump moves could stop Huawei from buying US tech or from selling to US firms. Enlarge / Customers purchase mobile phones at the Huawei Experience Center on May 16, 2019 in Hangzhou, Zhejiang Province of China. Getty Images | VCG/Long Wei The Trump administration yesterday took two actions that could effectively prevent Huawei from buying US technology and prevent it from selling products to US companies. An executive order issued by President Trump and a separate action taken by the US Commerce Department could "cut the Chinese telecommunications giant off from American suppliers and ban it from doing business in the US," The Wall Street Journal wrote. The order doesn't mention Huawei or China by name, but it was widely seen as targeting Huawei and other Chinese companies such as ZTE. Huawei is the second-biggest smartphone vendor in the world, according to IDC, and it sells a large amount of network equipment to telecom providers and other companies. Trump's executive order "declar[ed] a national emergency and barr[ed] US companies from using telecommunications equipment made by firms posing a national security risk," Reuters wrote. The executive order applies to future transactions only. Shortly after Trump's executive order, "the Commerce Department said it had added Huawei and 70 affiliates to its so-called Entity List—a move that bans the telecom giant from buying parts and components from US companies without US government approval," Reuters also wrote. This will make it difficult for Huawei to sell some products because of its reliance on US-made parts, and could potentially put its use of the Google Play store and Google apps on Android devices in jeopardy. ZTE had to shut down temporarily last year after a similar ban prevented it from using Qualcomm chips and Google software. (Huawei makes its own smartphone chips.) However, the Commerce Department hasn't yet announced all the exact details of the new restrictions, so it's hard to make specific predictions of what products will be affected. The US agency said it "will issue regulations within 150 days to establish procedures for reviewing such transactions." US-China trade war expands The moves expand a trade war between the US and China. Trump's executive order said the actions are necessary to prevent "economic and industrial espionage against the United States and its people," as US enemies could "create and exploit vulnerabilities in information and communications technology or services, with potentially catastrophic effects." The US government hasn't been able to find hard evidence that Huawei spies on behalf of China, however. "Huawei has denied those charges, and its chief executive [Ren Zhengfei] has said he would shut down the company rather than obey Chinese government orders to intercept or divert Internet traffic," the New York Times wrote. "American officials say he would have no choice: Chinese law requires that the country's firms obey instructions from the nation's Ministry of State Security." Both Huawei and the Chinese government condemned the Trump administration moves. "Restricting Huawei from doing business in the US will not make the US more secure or stronger; instead, this will only serve to limit the US to inferior yet more expensive alternatives, leaving the US lagging behind in 5G deployment, and eventually harming the interests of US companies and consumers," Huawei told CNBC. "In addition, unreasonable restrictions will infringe upon Huawei's rights and raise other serious legal issues." A Chinese foreign ministry spokesperson called the US moves "abuse of export control measures," according to the Associated Press. Source: Trump tries to shut Huawei out of US market with executive order (Ars Technica)
  11. U.S. Customs and Border Protection officials announced on Thursday that officers made a record-breaking seizure of fentanyl on the U.S.-Mexico border that was enough to kill tens of millions of Americans. "According to U.S. Customs and Border Protection, a canine officer alerted other officers to the presence of 254 pounds of fentanyl hidden inside an 18-wheeler carrying cucumbers, during a secondary inspection at the Mariposa port of entry just past noon on Saturday," The Arizona Republic reported. "This is the largest fentanyl seizure in any port of entry," CBP official Guadalupe Ramirez said. "In CBP, in the history of CBP, this is the largest fentanyl seizure." In addition to the record fentanyl seizure, agents also seized 395 pounds of methamphetamine from inside the 18-wheeler. CBP estimated the value of the fentanyl, which came in the form of powder and pills, to be approximately $3.5 million. CBP Arizona tweeted out photos from the press conference: "Authorities said it was driven by a 26-year-old man who was arrested and charged with possessing drugs with the intent to distribute them," NBC News reported. "His identity and nationality were not immediately available." The amount of fentanyl seized by agents was enough to kill well over 57,000,000 Americans, given that the DEA states that as little as 2 milligrams can be fatal. President Donald Trump weighed in on the bust, tweeting: "Our great U.S. Border Patrol Agents made the biggest Fentanyl bust in our Country’s history. Thanks, as always, for a job well done!" Fentanyl, developed in 1959, “is approximately 100 times more potent than morphine and 50 times more potent than heroin as an analgesic,” according to the DEA. "The occurrence of heroin mixed with fentanyl is also increasing," according to the DEA’s 2018 National Drug Threat Assessment. "Mexico remains the primary source of heroin available in the United States according to all available sources of intelligence, including law enforcement investigations and scientific data." The DEA further notes that "Illicit fentanyl and other synthetic opioids — primarily sourced from China and Mexico—are now the most lethal category of opioids used in the United States." The Centers for Disease Control estimated that "28,400 people died from overdoses involving synthetic opioids other than methadone in 2017," which is the latest year for which data is available. The announcement renewed calls from lawmakers about the crisis on the southern border. "Largest fentanyl bust in history. Border Patrol seized enough fentanyl to kill 57 MILLION people," Rep Jim Jordan tweeted. "That’s more than the population of Ohio, Michigan, Wisconsin, Pennsylvania, Indiana, Minnesota, and Iowa. COMBINED. We have a crisis on our southern border."
  12. AT&T already launched its initial mobile 5G network in parts of 12 U.S. cities last December, but it’s now preparing for full nationwide coverage — a dauntingly large task that its millimeter wave small cells won’t be able to handle alone. This morning, the carrier revealed that it will “offer nationwide 5G coverage with our lower band spectrum,” specifically the sub-6GHz frequencies discussed in our interview with AT&T VP Gordon Mansfield yesterday. Above: Netgear's Nighthawk 5G Mobile Hotspot is the first AT&T mobile 5G device, and already available for purchase. While the announcement isn’t entirely surprising given that AT&T began to distinguish between “5G” and “5G+” in December, noting that it planned to call high-speed millimeter wave service “5G+” and offer it only in select high-traffic areas, this is the first official confirmation that AT&T’s nationwide 5G network will rely upon aggregating lower-bandwidth radio signals, which spread more widely from larger towers. Rival T-Mobile has similarly said that it will use low-bandwidth towers for its nationwide 5G network, while Verizon has focused largely on “true 5G” using high-capacity millimeter wave spectrum. Even so, all of the carriers will eventually rely upon more than one radio band to provide 5G service. Each carrier is expected to convert some of its existing LTE spectrum into 5G spectrum, though there’s a substantial likelihood of a speed penalty for doing so — enough that there could be a noticeable performance gap between millimeter wave and sub-6GHz 5G networks. AT&T specifically says that it plans to “begin deploying that lower band spectrum in the second half of this year,” suggesting that the allocation of some existing LTE spectrum for 5G will happen sooner rather than later, supporting an already announced Samsung sub-6GHz smartphone. In the transition from 4G to 5G, AT&T says that it has brought two interim technologies into more markets than expected: 1Gbps LTE-LAA is now in parts of 55 cities, with its controversially named “5G Evolution” or “5G E” — actually just 4G LTE-Advanced — in over 400 markets, offering roughly 400Mbps speeds on select 4G devices. Towers with the 5G E hardware will be capable of flipping to actual 5G service in the near future, but until then will confuse 4G users into believing that they’re using 5G technologies. AT&T also said that it is expanding its agreement with AR purveyor Magic Leap to include business solutions, including manufacturing, retail, and health care applications. Magic Leap’s current-generation hardware has no cellular hardware, but the company is expected to offer a 5G version in the future, in partnership with AT&T. Source
  13. Two eighth grade students have been arrested after allegedly spreading a fake school shooting threat at a Maryland middle school. Earlier this month, a parent contacted Aberdeen Middle School to report seeing a social media post from a student, warning students not to come to classes the next day because another student was allegedly threatening a school shooting, the Aberdeen Police Department said in a statement Friday. After an investigation, police determined the student in question never made a threat and two eighth grade students were responsible for faking the report. One student was charged with make a false statement to a peace office and the other with disturbing school operations. False school shooting reports "will not be tolerated," the police department said. Source
  14. 'Some that have smoked are saying no, because they're scared that they may be banned for life' The mayor of Estevan, Sask., says local residents have been turned away at the nearby U.S. border after admitting to past pot use. "It is a fairly serious concern," said Roy Ludwig, mayor of the 11,258-person city located just 16 kilometres north of a North Dakota border crossing. "Even people that might have smoked it 20, 30 years ago, they're being asked, 'Have you ever smoked cannabis?' when they get to the U.S. border. We understand some people have said yes, that they have, and have been turned back." Ludwig said several Estevan residents have undergone strict questioning at the U.S. border since recreational cannabis was legalized in Canada less than two weeks ago. He said he knows of two people who were turned away and not allowed to cross the border. Recreational cannabis use is not legal in North Dakota, and pot possession is still illegal under U.S. federal law. The Canadian government warned people pre-legalization that "previous use of cannabis, or any substance prohibited by U.S. federal laws, could mean that you are denied entry to the U.S." Not everyone who wants to cross the border is reacting the same way to those rules, according Ludwig. "Some are saying the truth, saying yes, they have smoked it, and then some that have smoked are saying no because they're scared that they may be banned for life," he said. Store opening soon Estevan is one of the 32 Saskatchewan communities that either has or will have a recreational cannabis store. It's the southernmost place people will be able to buy legal cannabis in Saskatchewan. The community was originally supposed to get two stores, but the city — after consulting Estevan Police Services — asked that the second permit be put off until factors like traffic could be reviewed after the first store opened. That store is being prepared by Prairie Sky Cannabis, the same company currently operating legal pot stores in Martensville and Battleford. They operate those stores under the name Jimmy's Cannabis. Everything, except a steady supply stream, is in place for the Estevan store to open soon, said John Thomas, the president of the company. But that store will create a new wrinkle for American travellers coming to Estevan. An American customs official recently told CBC News that those found at the border with cannabis on their person, or in their car, could face arrest and prosecution by U.S. officials. That's why the Jimmy's Cannabis store in Estevan might tweak its product line compared with its sister stores. "There might be more things like pre-rolls and things that are higher-convenience for short-term use [inside Saskatchewan]," said Thomas. Stay overnight for the 'fine hotels' Ludwig said city councillors have talked about whether the flow of cannabis-craving Americans into Estevan might present the community with a business opportunity that also discourages people from driving under the influence. "People advertising and saying, 'Stay at some of our fine hotels and enjoy some of our fine restaurants and indulge in cannabis if you want to try it out. And then stay overnight and go back sober.' "We haven't done that yet," said Ludwig, "but we've definitely talked a little bit about it." Source
  15. President Donald Trump said he’s ready to impose tariffs on an additional $267 billion in Chinese goods on short notice, on top of a proposed $200 billion that his administration is putting the final touches on. The implementation of tariffs on $200 billion of products from China “will take place very soon depending on what happens,” Trump told reporters Friday on Air Force One. “I hate to do this, but behind that there is another $267 billion ready to go on short notice if I want.” US stocks erased gains after Trump’s remarks, with the S&P 500 Index falling by 0.3 percent to the lowest in two weeks by 1:26 p.m. in New York. Trump latest tariffs threats, if he follows through, would more than cover the value of all goods the US buys from China, according to US government data from last year. The US imported $505 billion of Chinese products in 2017, Census Bureau figures show. Levying duties on all Chinese purchases would hit “every aspect of our American lifestyle -- so the clothes that we put on our back, the food that we eat, the cars that we drive, the shoes that we wear,” Hun Quach, vice president of international trade for the Retail Industry Leaders Association, said by phone. The Trump administration has already slapped duties on $50 billion of Chinese exports since July, which spurred immediate in-kind retaliation from Beijing. China has said it would be forced to retaliate to all of the US’s tariff measures, fanning concerns that a deepening trade war could dent the global economic outlook. Members of the public had until Thursday to comment on the administration’s plan to slap tariffs on $200 billion of Chinese goods, ranging from bicycles and baseball gloves to digital cameras, paving the way for Trump to announce the tariffs as early as Friday. There’s no final decision on that round of tariffs as the US Trade Representative’s office continues to “run their process,” White House Deputy Press Secretary Lindsay Walters said on Friday. The president’s tough line contrasted with remarks earlier from White House economic adviser Larry Kudlow, who left open the possibility of a negotiated solution to the trade dispute, but said China must show it’s open to compromise. Trade Talks While China’s response to US demands has been unsatisfactory, Trump is still speaking to Chinese President Xi Jinping, and would be open to meeting in person, said Kudlow, director of the White House’s National Economic Council. An opportunity could take place when world leaders gather at the UN General Assembly in New York this month and the Group of 20 summit in Argentina in November, he said. “It’s never too late to make good trade policy,” said Kudlow. "But I will say this: the world trading system is broken.” Trump is “dead serious” in his determination to push China to reform its trade policies, he added. Trump is getting a last-minute earful from prominent technology companies and retailers as he considers whether to follow through with his plan to ratchet up tariffs on Chinese exports. Tariff Warning On Thursday, Cisco Systems Inc., Hewlett Packard Enterprise Co. and other technology companies sent a letter to US Trade Representative Robert Lighthizer urging the administration to avoid imposing more tariffs. By increasing duties on telecommunications networking gear, the administration would raise the cost of accessing the Internet and slow the roll-out of next-generation wireless technologies, the companies said. Manufacturers, and small and mid-sized firms in particular, can’t quickly adjust and the tariffs imposed so far haven’t led to any meaningful concessions, a coalition of the National Retail Federation and 150 organizations said in separate comments to Lighthizer. The administration should cease further tariffs actions and give another shot at talks for a trade deal with with China, it said. “Tit-for-tat tariffs are counterproductive and so far have only produced increased costs for American businesses, farmers, importers, exporters and consumers,’’ the coalition said. Source
  16. Techno-dem urges DHS, NSA and NIST to rid sites of buggy legacy media player content It's bug-ridden, eternally insecure, and on death row – yet Adobe Flash persists on too many US government webpages. Now Senator Ron Wyden (D-OR) wants to hear the sound of this deity-forsaken plugin torn from .gov websites, dragged behind a shed, and a single final gunshot. Regular Reg readers will remember that even Adobe has seen written the writing on the wall, and last year set 2020 as the end-of-support date for its beleaguered exploit magnet. In a letter [PDF] to NIST under-secretary Walter Copan, NSA director, US Cyber Command commander Paul Nakasone, and secretary of Homeland Security Kirstjen Neilsen, Wyden today asked the agencies to learn from Microsoft Windows XP: it's expensive to ask vendors continue fixing up out-of-support software. In other words, stop relying on it, get rid of it, and replace Flash files with HTML5. He has the NSA, DHS and NIST in his sights because those three government organizations carry “the majority of cybersecurity guidance” to the rest of Uncle Sam's agencies. Wyden wants government officials to stop creating new Flash content within 60 days, and also asks that: Agencies remove Flash content from their websites by August 2019; To aid in that effort, the DHS's “routine cyber-hygiene scans” should identify, and list for agencies, all Flash content found; and Agencies should pilot removing Flash from staff computers, starting in March 2019, ahead of expunging it by August 1, 2019. Wyden noted that US-CERT “has warned about the risks of using Flash since 2010” – making it a latecomer: the earliest Flash fsckup we can find in El Reg's archives seems to be this directory traversal horror from 2007. When the plugin falls out of support, Wyden wrote, “cybersecurity risks will only be compounded.” We couldn't agree more. Stop using Adobe Flash. Source
  17. Here are eight AT&T-owned locations, buildings that are reportedly central to the NSA's internet spying purposes. Have you ever wondered what locations on American soil serve as backbone or “peering” facilities that the NSA might secretly be using for eavesdropping purposes? The Intercept revealed eight such AT&T-owned locations: two in California, one in Washington, another in Washington, D.C., one in New York, one in Texas, one in Illinois, and one in Georgia. You might pass by these AT&T buildings having no idea that they are “central to an NSA spying initiative that has for years monitored billions of emails, phone calls, and online chats passing across U.S. territory.” While neither AT&T nor NSA spokespeople would confirm that the NSA has tapped into data at these eight locations that normally route telecom companies’ data traffic, former AT&T employees did confirm the locations of the “backbone node with peering” facilities. AT&T refers to the peering sites as “Service Node Routing Complexes.” The Intercept explained various code-named NSA surveillance programs, previously made public thanks to Edward Snowden, which seem to have taken place at these eight AT&T facilities. In addition, the Intercept article cites “a top-secret NSA memo” that “has not been disclosed before;” the memo “explained that the agency was collecting people’s messages en masse if a single one were found to contain a ‘selector’ – like an email address or phone number – that featured on a target list.” The NSA's past activity There’s a bit of a history lesson included in the article, going over how the NSA was hoovering emails if they mentioned information about surveillance targets, including domestic communications that violated citizens’ Fourth Amendment right to be protected against unreasonable searches and seizures. The NSA moved to using a cautionary banner that warned analysts not to read the communication unless it had been lawfully obtained. The NSA acknowledged the violations in April 2017. The messages had reportedly been part of upstream surveillance allowed under Executive Order 12333. After receiving a NSA memo via Freedom Of Information Act (FOIA) request, the ACLU previously warned that NSA analysts might even be “laughing at your sex tape” thanks to surveillance under EO 12333. At any rate, according to The Intercept, the eight AT&T buildings that have secretly served as NSA spying hubs for monitoring “billions of emails, phone calls, and online chats” – codenamed FAIRVIEW for NSA surveillance – are located at: 30 E Street Southwest in Washington, D.C. 1122 3rd Avenue in Seattle, Washington 611 Folsom Street in San Francisco, California 811 10th Avenue in New York City 420 South Grand Avenue in Los Angeles, California 4211 Bryan Street in Dallas, Texas 10 South Canal Street in Chicago, Illinois 51 Peachtree Center Avenue in Atlanta, Georgia Source
  18. The unemployment rate has plunged to about the lowest level in half a century. Yet at least one group of Americans is being left behind: men who didn’t go to college. Just 78 percent of men aged 25-54 who never went to college were employed in 2016, the latest year for which data are available in the American Community Survey. That contrasts with about 90 percent for those who have at least one year of college and is a big change from the 1950s, when employment rates for college and non-college men were the same. What’s driving the employment gap, which has been with us for decades? Economists have traditionally pointed the finger at what are known as demand-side factors, such as jobs moving out of the U.S. or robots. More recently, economists have been blaming the supply side, such as growing welfare payments and better video games that glue more men to their couches. Supply side just means that the explanation has to do with the individual – the supplier of labor — as opposed to something related to a company – the demand. My research attempts to get to the bottom of why non-college men aren’t working in hopes that it can suggest the right solutions to turn this around. Employment vs. unemployment One of the most important measures of an economy is the number of jobs it’s creating, typically measured by the unemployment rate. The latest jobs report, which came out on June 1, showed that the rate dipped to 3.8 percent in May, the lowest since 2000. If it falls any more, it’ll be the lowest since 1969. But the unemployment rate doesn’t tell the full story because it only includes people actively looking for work. People who report not having looked for work in the previous four weeks are completely left out of this number. The employment rate, which is the share who are actually employed, captures the full picture. And the numbers are stark. Back in the 1950s, there was no education-based gap in employment. About 90 percent of men aged 25-54 – regardless of whether they went to college – were employed. That began to change in the 70s and 80s as non-college men left the workforce. The Great Recession was particularly painful for men without any college. By 2010, only 74 percent had a job, compared with 87 percent of those with a year or more of college. In other words, employment rates diverged over 10 percentage points in just half a century. The gap extends to the wages of those who actually had jobs as well. As recently as 1980, real hourly wages for the two groups were nearly identical at about US$13. In 2015, men with at least a little college saw their wages soar 65 percent to over $22 an hour. Meanwhile, pay for those who never attended plunged by almost half to less than $8. Modeling the economy In fact, wages reveal the answer to this puzzle. In my analysis, which I’m planning to publish, I wanted to determine whether the widening employment rate gap was caused by factors related to the supply of workers — video games and welfare — or demand — trade and robots. So I built and calibrated an economic model aimed at finding the answer. Just as an architect builds a model city to test out ideas, economists build model economies out of math. Models allow architects and economists alike to push aside the gory details of reality and cut to the gist of things. They also allow us to run experiments on what would otherwise be untestable hypotheses. An architect might ask: If I build a balcony, will that compromise the building’s structural integrity? I asked: If the only things that changed since the 1970s were supply-side factors, what would have happened to employment rates? To answer this question, I plugged employment, wage and other relevant data into my model so that it replicates the real world. I then ran different analyses on the model to try to learn things, such as the underlying causes of the fall in employment for non-college men. The intuition is like this: If a significant part of the reason non-college men dropped out of the workforce was because of supply-side factors that allowed them to remain home yet still afford their lifestyles, companies would have had to pay them more to entice them to join the labor market. On the other hand, demand-side factors would have put downward pressure on wages. That’s exactly what my model helped me identify, suggesting that all the blame goes to demand-side factors like trade and automation, not video games. An important caveat with my analysis — and economic research in general — is that our models are not reality. Economists have to make tough judgment calls in hopes of approximating reality and teasing out underlying truths that are otherwise difficult to ascertain. Work wanted All the same, I think my work reveals some important truths. While it is true that many non-college men are home playing video games, collecting welfare payments and, unfortunately, addicted to opioids, it’s by and large not because they are choosing these over a job. Rather, sadly, it’s because they couldn’t find a job in the first place. The takeaway is if the government wants to get more of these men back into the workforce, it should focus on stimulating demand or helping people learn new skills. Even though we know what the problem is, we still have a lot of work ahead to solve it and get these men back into the workforce. Source
  19. Forget the old case, DoJ tells Supremes, all hail CLOUD Act The US government has issued Microsoft with a new warrant to get access to emails held on the firm's Irish servers, while asking the Supreme Court to dismiss the existing legal battle. The long-running wrangle began back in 2014, when Microsoft was taken to court by American prosecutors who wanted access to suspects' emails that Microsoft had stored overseas. The Feds demanded the private messages under section 2703 of the US Stored Communications Act, but Redmond refused, saying that the search warrant couldn't extend beyond US borders. In July 2016, the United States Court of Appeals for the Second Circuit ruled in Microsoft's favour – a decision the Department of Justice is in the process of appealing against in the Supreme Court. However, the passage of a new law, signed off last week, known as the CLOUD Act (Clarifying Lawful Overseas Use of Data Act) has thrown a huge question mark over the dispute. In contrast to existing laws, the CLOUD Act specifies that authorities can demand that firms pass on data, even if it's held outside the US. And so the DoJ has filed a motion (PDF) with the Supreme Court saying that, given the passage of the CLOUD Act, the court should vacate the judgment made by the Court of Appeals and dismiss the case as moot. The DoJ's argument is that the CLOUD Act now directly governs the warrant that is at the heart of the dispute, which it said settles the dispute. The US government insisted it was still possible for Microsoft to fully comply and disclose the information in question under the existing warrant, but complained Microsoft wasn't playing ball. "Microsoft has refused to acknowledge either that the CLOUD Act applies to the Section 2703 warrant at issue in this case or that Microsoft plans to disclose the required information under the original warrant," the document stated. As such, the DoJ said it had decided "the most efficient means of acquiring the information sought is through a new warrant under the CLOUD Act" – and did so on 30 March – even though it maintains it shouldn't have had to issue one. The government is "unquestionably entitled" to the information, the filing stated, adding: "Microsoft no longer has any basis for suggesting that such a warrant is impermissibly extraterritorial because it reaches foreign-stored data, which was the sole contention in its motion to quash... There is thus no longer any live dispute between the parties, and the case is now moot." We asked Microsoft to comment, but a spokesperson said the company had "nothing to share". However, president Brad Smith has previously issued broadly supportive statements about the CLOUD Act. When it was passed last week, Smith blogged to say it was a "critical step forward in resolving an issue that has been the subject of litigation for over four years". It remains to be seen whether the new law is quite as water-tight in its ability to force firms to hand over any and all data as the government wants. Frank Jennings, cloud lawyer at Wallace LLP, said that although the CLOUD Act offers useful clarity for providers, it might not be the end of the dispute. "The CLOUD Act requires a provider to preserve, backup or disclose data even if the data is outside the USA. This clarity is useful... Cloud providers can now point to a clear obligation to comply with an up-to-date law," he said. "However, the battle is not over yet." Jennings said the next stage "will be for US providers to show that data outside the US is not in their 'possession, custody, or control' but that of someone else", possibly the customer or a third party. They could also offer data encryption as standard, with the customer holding the decryption keys, he said. "This is the 'You can have it but we don't know what it says' approach." The passage of the CLOUD Act and the access it grants to data held on EU servers – which has been condemned by campaign groups in the bloc – might also lead to other battles, he said. For instance, it may give new impetus to those seeking to challenge the transatlantic data transfer deal Privacy Shield, and it isn't yet clear what the EU's data protection agencies will make of it. "We await to see whether the new European Data Protection Board [which will come into being with the General Data Protection Regulation] will recognise this as a 'necessary and proportionate measure... to safeguard national security' or an attempt to overreach and undermine GDPR from afar," said Jennings. Source
  20. Facebook has been collecting call records and SMS data from Android devices for years. Several Twitter users have reported finding months or years of call history data in their downloadable Facebook data file. A number of Facebook users have been spooked by the recent Cambridge Analytica privacy scandal, prompting them to download all the data that Facebook stores on their account. The results have been alarming for some. “Oh wow my deleted Facebook Zip file contains info on every single phone cellphone call and text I made for about a year,” says ‏Twitter user Mat Johnson. Another, Dylan McKay, says “somehow it has my entire call history with my partner’s mum.” Others have found a similar pattern where it appears close contacts, like family members, are the only ones tracked in Facebook’s call records. Ars Technica reports that Facebook has been requesting access to contacts, SMS data, and call history on Android devices to improve its friend recommendation algorithm and distinguish between business contacts and your true personal friendships. Facebook appears to be gathering this data through its Messenger application, which often prompts Android users to take over as the default SMS client. Facebook has, at least recently, been offering an opt-in prompt that prods users with a big blue button to “continuously upload” contact data, including call and text history. It’s not clear when this prompt started appearing in relation to the historical data gathering, and whether it has simply been opt-in the whole time. Either way, it’s clearly alarmed some who have found call history data stored on Facebook’s servers. FACEBOOK HASN’T BEEN ABLE TO COLLECT THIS DATA ON IPHONES THANKS TO APPLE’S PRIVACY CONTROLS While the recent prompts make it clear, Ars Technica points out the troubling aspect that Facebook has been doing this for years, during a time when Android permissions were a lot less strict. Google changed Android permissions to make them more clear and granular, but developers could bypass this and continue accessing call and SMS data until Google deprecated the old Android API in October. It’s not yet clear if these prompts have been in place in the past. Facebook has responded to the findings, but the company appears to suggest it’s normal for apps to access your phone call history when you upload contacts to social apps. “The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with,” says a Facebook spokesperson, in response to a query from Ars Technica. “So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.” The same call record and SMS data collection has not yet been discovered on iOS devices. While Apple does allow some specialist apps to access this data in limited ways like blocking spam calls or texts, these apps have to be specifically enabled through a process that’s similar to enabling third-party keyboards. The majority of iOS apps cannot access call history or SMS messages, and Facebook’s iOS app is not able to capture this data on an iPhone. Facebook may need to answer some additional questions on this data collection, especially around when it started and whether Android users truly understood what data they were allowing Facebook to collect when they agreed to enable phone and SMS access in an Android permissions dialogue box or Facebook’s own prompt. The data collection revelations come in the same week Facebook has been dealing with the fall out from Cambridge Analytica obtaining personal information from up to 50 million Facebook users. Facebook has altered its privacy controls in recent years to prevent such an event occurring again, but the company is facing a backlash of criticism over the inadequate privacy controls that allowed this to happen. CEO Mark Zuckerberg has also been summoned to explain how data was taken without users’ consent to a UK Parliamentary committee. Source
  21. A man from Waycross, Georgia, has been left scratching his head after he discovered a “Loch Ness-type thing” washed up on a beach while out his with his son. Jeff Warren said he found the strange sea creature after going boating at Wolf Island National Wildlife Refuge in Golden Isles, Georgia, reports Action News Jax. He initially thought the animal was a dead seal, but upon closure inspection he saw it resembled something from prehistoric times. The mystery creature, which had already started being devoured by birds on the beach, stretched to around 5ft and appeared to have an elongated neck. According to First Coast News, Warren recorded the creature and spoke about it at the nearby Skipper’s Fish House, where he was told of a legend called “Alty,” or Altahama, the local equivalent of the Loch Ness Monster who is said to roam the seas in the area. However, when Action News Jax the contacted the U.S. Fish and Wildlife Service for help in understanding what the creature could be, they offered an alternative explanation. According to the Director Dan Ashe, many sea animals have a way of decomposing which means they resemble a Plesiosaur, a long-necked marine dinosaur that first existed more than 200 million years ago. Ashe said there have been examples of 30ft-long basking sharks decomposing in such a way that they look as if they have a long neck and small head, in a similar way to a prehistoric creature. The U.S. Fish and Wildlife Service has so far been unable to sufficiently determine what the creature Warren found on the Georgian beach is. There was similar confusion last September in the wake of Hurricane Harvey after Preeti Desai found a mysterious fanged creature washed up on a beach in Texas City. Desai posted a picture of the animal onto Twitter along with the caption: “ Okay, biology twitter, what the heck is this??” According to biologist and eel specialist Dr Kenneth Tighe, it was likely that the creature was a fangtooth snake-eel or a garden or conger eel as “all three of these species occur off Texas and have large fang-like teeth," he told the BBC.
  22. U.S. has not found 'one dollar' of El Chapo’s money http://assets.nydailynews.com/polopoly_fs/1.3134052.1493833448!/img/httpImage/image.jpg_gen/derivatives/article_1200/mexico-crime.jpg The feds have hit a wall when it comes to seizing El Chapo’s money. After Texas Sen. Ted Cruz proposed a plan last month to stick reputed drug cartel king El Chapo with the tab for President Trump’s much-ballyhooed border wall, it was revealed Wednesday that American authorities have not been able to find a trace of his dirty money. According to Mexico’s attorney general, getting the jailed drug lord — whose real name is Joaquin Guzman — to foot the border bill is as reasonable as expecting him to turn over a new leaf. “As of today, U.S. authorities have not found not even one dollar of El Chapo’s assets,” Mexican Attorney General Raul Cervantes said in a local TV interview. EL CHAPO Act proposes funding Trump wall with cash from drug lord A federal indictment in the United States seeks the forfeiture of more than $14 billion of drug proceeds and illicit profits allegedly derived from the Sinaloa Cartel’s activities. Mexico has only found minor assets belonging to Guzman, Cervantes said. “His money hasn’t been found because he didn’t use the financial system,” he added. Prosecutors balk at Amnesty International jail probe for El Chapo But Trump was one-upped by Cruz, his former campaign rival, who said Guzman’s money should help pay for the wall http://www.nydailynews.com/new-york/u-s-not-found-dollar-el-chapo-money-article-1.3134053
  23. High winds, rain and flooding is taking place in Scituate and the surrounding coastal areas of Massachusetts as a storm known as a 'bomb cyclone' makes it way past the East Coast. At least five people have been killed by a powerful nor’easter that blasted the East Coast Friday and early Saturday. "Take this storm seriously!" the National Weather Service in Boston warned via Twitter Friday. "This is a LIFE & DEATH situation for those living along the coast, especially those ocean-exposed shorelines." The storm picked up strength quickly Friday, undergoing what’s known as bombogenesis—when a low pressure system drops 24 millibars in 24 hours. Like the deadly storm that hit the East Coast in January, it has been dubbed a “bomb cyclone.” Trees felled by strong winds killed at least five. Among them were: A 6-year-old boy who was killed in Virginia when a tree fell on his family’s home, an 11-year-old boy killed by a falling tree in New York State, a 57-year-old man killed after a tree fell on his car in Pennsylvania, a 77-year-old woman killed by a falling branch in Baltimore and a 44-year-old male passenger in a truck killed in Virginia when a tree fell on the vehicle. Wind speeds reached 80 to 90 mph on Cape Cod, while Ohio and upstate New York were blanketed by more than a foot of snow. Heavy snow also fell on areas including Pennsylvania and New Jersey, reported ABC. Almost 1.7 million homes and businesses were without power in the Northeast and Midwest Friday. Government offices in Washington closed as winds gusted to more than 60 mph in the U.S. capital. The storm grounded 5,489 flights, both domestic and international, and scores more were delayed, according to FlightAware.com. Storm damage caused Amtrack services between Washington D.C. and Boston to be halted Friday. Virginia Governor Ralph Northam declared a state of emergency, streamlining state aid to communities harmed by high winds. Massachusetts Governor Charlie Baker said he had called in the National Guard and urged caution and vigilance. A flood surge at extreme high tide sent seawater into Boston’s coastal streets, the second time this year that the area had flooded. Wind gusts approaching 70 mph helped force in the water while downing trees and power lines. The Weather Channel reported that though flooding in Boston fell short of record levels, life threatening floods are still possible Saturday. Jim Hayes, a meteorologist with the agency’s Weather Prediction Center in College Park, Maryland, said that snow and rain are forecast to taper off through Friday night and into Saturday as skies clear. Hayes added that winds are also expected to drop somewhat overnight and into Saturday as the offshore storm system recedes. Source
  24. U.S. and other Western scientists voice awe, and even alarm, at China’s quickening advances and spending on quantum communications and computing, revolutionary technologies that could give a huge military and commercial advantage to the nation that conquers them. The concerns echo — although to a lesser degree — the shock in the West six decades ago when the Soviets launched the Sputnik satellite, sparking a space race. In quick succession, China in recent months has utilized a quantum satellite to transmit ultra-secure data, inaugurated a 1,243-mile quantum link between Shanghai and Beijing, and announced a $10 billion quantum computing center. “To me, what is alarming is the level of coordination of what they’ve done,” said Christopher Monroe, a physicist and pioneer in quantum communication at the University of Maryland. Perhaps more than the accomplishments of the Chinese scientists, it is the resources that China is pouring into the research into how atoms, photons and other basic molecular matter can harness, process and transmit information. “It doesn’t necessarily mean that their scientists are better,” said Martin Laforest, a physicist and senior manager at the Institute for Quantum Computing at the University of Waterloo in Ontario, Canada. “It’s just that when they say, ‘We need a billion dollars to do this,’ bam, the money comes.” The engineering hurdles that China has cleared for quantum communication means that the United States will lag in that area for years. “The general feeling is that they’ll get there before us,” said Rene Copeland, a high-performance computer expert who is president of D-Wave (Government) Inc., a Vancouver-area company that uses aspects of quantum computing in its systems. But building a functioning quantum computer sets forth different kinds of challenges than mastering quantum communication, and may involve creating materials and processes that do not yet exist. Once thought to be decades off, scientists now presume a quantum computer may be built in a decade or less. The stakes are so high that advances by the U.S. government remain secret. “We don’t know exactly where the United States is. I fervently hope that a lot of this work is taking place in a classified setting,” said R. Paul Stimers, a lawyer at K&L Gates, a Washington law firm, who specializes in emerging technologies. “It is a race.” Pure quantum computers remain largely theoretical although simple prototypes exist. Many designs call for them to operate in super cold conditions, bordering on absolute zero, or around minus 458 degrees Fahrenheit, colder than outer space, without any noise or micro movements that can cause malfunction. What has made them the Holy Grail for nations and private industry is that quantum computers, in theory, are magnitudes better at sifting huge amounts of data than the binary processors that power mainframes, desktops and even smart phones today. They also can process algorithms that break all widely used encryption. Rather than doing a series of millions of computations, based on binary options of ones and zeros, quantum computers employ particles that exist in an infinite number of “superpositions” of the two states simultaneously, a condition that towering physicist Albert Einstein once labeled as “spooky.” A quantum computer “can feel all the possibilities at once,” said Warner A. Miller, a physicist at Florida Atlantic University, who, like the others, spoke last week at a forum on quantum computing at the Hudson Institute, a think tank in Washington. China splashed into the news in June when it announced that a satellite and a ground station had communicated through “entangled” quantum particles. Entangled particles, even if separated by thousands of miles, act in unison. Any change in one particle will induce a change in the other, almost as if a single particle existed in multiple places at once. Such long-distance quantum communication smashed records, occurring over 745 miles, far beyond the mile or so scientists had tested previously, and signaled Chinese mastery over a form of communication deemed ultra-secure and unhackable. “I read that on a Sunday and went, ‘oh sh-t,’” said Gregory S. Clark, an Australian-born mathematician who is chief executive of Symantec Corp., a global cybersecurity company with headquarters in Mountain View, California. Neither the U.S. military nor private industry is known to have such a capability. If the technology is refined, Clark said, it could make land-based communications infrastructure obsolete. “The whole world changes,” he said at a forum Sept. 19. In early September, China chalked up another milestone, completing a quantum communication link between its capital and Shanghai, by far the biggest such link in the world, surpassing anything in the United States or Europe. In such a link, if an encryption key used by either of two parties faces interference by a third party, the two parties know not to use it. China again demonstrated the prowess of its space-based quantum satellite, dubbed Micius, on Sept. 29 when the head of the Chinese Academy of Sciences held a video conference with an Austrian scientist over a distance of 4,630 miles. Also last month, China announced that it would build the world’s biggest quantum research facility, a $10 billion center in Hefei, capital of Anhui province, with the aim of building a working quantum computer that could break most any encryption within seconds. China already has the world’s fastest supercomputer, the Sunway TaihuLight, which captured the title in the 2016 and 2017 at a competition in Frankfurt, Germany. Monroe, the Maryland physicist, said China had set a goal of fully constructing the quantum research center within two years. “If it costs $10 billion, China will just do it without asking, and they’ll put an army together to do it,” Monroe said. “I don’t think any other government in the world is able to throw together something (so) fast.” Google, IBM and Microsoft all see huge opportunity in quantum computing and fund research labs. Commercial applications may include determining how polymers go together, mapping the genome, finding oil in complex geology, detecting cancer and handling air traffic. Quantum computers can sift through vast amounts of data. One that handles 60 quantum bits, or units of quantum information, could hold 64 exabytes of data – 2,560 times more than all the material managed by the Library of Congress, which has 838 miles of bookshelves. Military applications are vast and range beyond breaking enemy encryption to include quantum-enabled weaponry, navigation systems that can’t be jammed, and the use of quantum-powered artificial intelligence in war fighting. In those areas, China is not believed to have an advantage. “The point is, they are some distance from that quantum supremacy threshold,” said Arthur Herman, who leads the technology and defense program at the Hudson Institute. Still, Herman called for U.S. policymakers to focus hard on the quantum challenge. “We need a Manhattan Project style funding focus in order for a national quantum initiative to succeed,” Herman said, referring to the World War II era program to produce the first nuclear weapon. < Here >
  25. Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month. This outage took place on April 10, 2017, when Sierra Tel customers started complaining about losing Internet and telephone connectivity. While initially there were unconfirmed rumors that the company had botched a firmware update, in a statement released the following day, on April 11, Sierra Tel admitted it was the victim of a "malicious hacking event." "Hacking event" affected only Zyxel HN-51 modems The company said someone targeted and hacked Zyxel modems model HN-51, all of which couldn't connect to its network anymore. As the number of complaining users kept growing, Sierra Tel representatives asked customers to drop their Zyxel modems at their offices, where they could get a replacement. The company underestimated the size of the incident, and after a few hours, it ran out of replacement modems, while customers formed long lines outside their offices. Subsequent clients who came to receive replacements were asked to leave their devices at the company's offices, promising that staff would repair the modem, and give them a call when it would be ready. On Saturday, April 22, almost two weeks later, Sierra Tell representatives announced they finally managed to finish repairing all the affected modems. "The Sierra Tel family is pleased to report that we have nearly completed our response to the highly disruptive impacts of the illegal hacking of the HN-51 modem," the company wrote on Facebook. BrickerBot was active on Sierra Tel's network The outage was only reported by the local press and got little attention from national media, as it only affected Sierra Tel customers in the cities of Mariposa and Oakhurst, California. The incident was brought to Bleeping Computer's attention by Janit0r, a man who claims to have developed BrickerBot, an IoT malware family that bricks unsecured IoT devices. "BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity." Janit0r suggested the other culprit was Mirai, a malware also known to cause similar issues. Last year, a hacker known as Popopret deployed a defective Mirai version that caused over 900,000 modems belonging to Deutsche Telekom to go offline for nearly a day, before the German ISP retook control over its devices via a firmware update. A week later, several British ISPs suffered the same fate. While it is impossible to say what caused the Sierra Tel modems to go offline, all clues line up with BrickerBot entering "Plan B," the sequence Janit0r says is responsible with bricking devices. In a previous interview with Bleeping Computer, Janit0r said that BrickerBot is not intentionally configured to destroy devices. The malware will first try to secure the device, but if it fails or the device cannot be secured, it will wipe its flash storage and rewrite with random data. These actions render targeted devices useless, needing repair or replacement, the exact same actions Sierra Tel took. Janit0r also said he developed BrickerBot to go after the same devices targeted by other IoT malware families, which makes pinpointing the source of Sierra Tel's outage even harder. It's quite possible that Sierra Tel's Zyxel modems went offline as the result of a secret turf war waged among various families of IoT malware, such as Mirai, BrickerBot, Hajime, Wifatch, Gafgyt, Imeij, and others. As more and more IoT malware families emerge, they will eventually cause more problems like the Sierra Tel incident. BrickerBot author congratulates ISP on its transparency "I'm worried that Sierra is unfairly getting some bad PR for being honest about the hack rather than covering it up," Janit0r wrote in another email. "I think Sierra did the right thing by being transparent to its customers. [...] I've seen other ISPs covering up such problems as 'bad firmware upgrades' or 'temporary connectivity issues'." Nevertheless, Janit0r is not willing to give Sierra Tel too many praises. "Sierra Tel should've locked down their network better, to begin with," Janit0r also added. "Having control interfaces filtered from the WAN [Internet] is critically important for any ISP deployment." The "control interface" Janit0r is referring to is most likely TR-069, known to have security issues, and which Mirai has exploited in the past. In fact, this is the same control interface that Mirai exploited in the aforementioned incidents that took place in Germany and the UK, last year, and which also involved Zyxel modems. Sierra Tel has not responded to numerous requests for comment from Bleeping Computer, but said on Facebook that is working with law enforcement to track down and catch the culprit of "this illegal and malicious hacking of the ZyXel HN51 modems." Over the weekend, Radware, the cyber-security firm who first spotted BrickerBot issued another report unveiling two newer versions of the BrickerBot malware, with different bricking techniques compared to the first samples they discovered. The company also has a series of recommandations for keeping IoT devices safe from BrickerBot and other IoT malware. Source
  • Create New...