Archive for the ‘Biz & IT’ Category

Mass email hoax causes closures across the US and Canada

December 14th, 2018
Tape reading

Enlarge / Police tape. (credit: Tony Webster / Flickr)

A tsunami of emailed bomb threats is prompting closures at hospitals, schools, public transit agencies, and business across the US and Canada.

Word of the emails surfaced Thursday morning in tweets such as this one:

And this one:

Read 5 remaining paragraphs | Comments

Posted in bitcoin, Biz & IT, bomb threats, email, Hoax | Comments (0)

Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail

December 13th, 2018
Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail

Enlarge

A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.

Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.

“In other words, they check victims’ usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too,” Certfa Lab researchers wrote.

Read 7 remaining paragraphs | Comments

Posted in 2FA, Biz & IT, google, security keys, SMS, Text, two-factor authentication | Comments (0)

Verizon cuts 10,000 jobs and admits its Yahoo/AOL division is a failure

December 13th, 2018
A Verizon logo on a red background.

Enlarge (credit: Getty Images | Spencer Platt)

Verizon is parting ways with 10,400 employees in "a voluntary separation program," despite the Trump administration providing a tax cut and various deregulatory changes that were supposed to increase investment in jobs and broadband networks. The cuts represent nearly seven percent of Verizon's workforce and were announced along with a $4.6 billion charge related to struggles in Verizon's Yahoo/AOL business division.

Verizon described the voluntary buyouts as well as ongoing Yahoo/AOL failures in a Securities and Exchange Commission filing on Tuesday. The buyouts affect "US-based management employees" in multiple business segments, not just Yahoo and AOL.

Here's what Verizon says about its Yahoo/AOL problem:

Read 9 remaining paragraphs | Comments

Posted in AOL, Biz & IT, oath, Policy, verizon, yahoo | Comments (0)

Ohio Congressman: We can fund border wall with “WallCoin”

December 13th, 2018
A serious man in a heavy coat and hat.

Enlarge / Rep. Warren Davidson (R-Ohio) wants Americans, Mexicans, or just about anyone else to be able to donate cash to build a wall. And he thinks a "WallCoin" could help do that. (credit: Tom Williams/CQ Roll Call via Getty Images)

As President Donald Trump threatened to allow a government shutdown if Congress did not provide funding for his proposed wall along the Mexican border, a Republican congressman from Ohio offered up alternative routes to getting the wall built: through Internet crowdfunding or through an initial coin offering.

During an interview with NPR's Morning Edition on December 12, Rep. Warren Davidson said that he had offered what he referred to as a "modest proposal" in the form of his "Buy a Brick, Build a Wall Act." The bill, which he submitted on November 30, would authorize the Secretary of the Treasury to accept monetary gifts from anyone "on the condition that it be used to plan, design, construct, or maintain a barrier along the international border between the United States and Mexico." The funds would go into an account called the "Border Wall Trust Fund," and a public website would be set up to process donations electronically.

Rep. Davidson told NPR's Steve Inskeep that the donations could come from anyone and be gathered in a number of ways."You could do it with this sort of, like, crowdfunding site," Davidson explained. "Or you could do it with blockchain—you could have Wall Coins."

Read 1 remaining paragraphs | Comments

Posted in Biz & IT, Blockchain, border security, Border wall, crowd funding, crowdfunding, ico, initial coin offering, Policy | Comments (0)

T-Mobile lied to the FCC about its 4G coverage, small carriers say

December 13th, 2018
A person's hand holding a smartphone with a

Enlarge (credit: Getty Images)

T-Mobile lied to the Federal Communications Commission about the extent of its 4G LTE coverage, according to a trade group that represents rural wireless providers.

T-Mobile claimed—under penalty of perjury—to have coverage in areas where it hadn't yet installed 4G equipment, the Rural Wireless Association (RWA) said in an FCC filing Monday. The same group previously reported to the FCC that Verizon lied about its 4G coverage, leading to the FCC starting an investigation and announcing that at least one carrier exaggerated its 4G coverage.

Inaccurate coverage maps could make it difficult for rural carriers to get money from the Mobility Fund, a government fund intended to build networks in unserved areas. The FCC last year required Verizon and other carriers to file maps and data indicating their current 4G LTE coverage with speeds of at least 5Mbps. Carriers must provide "a certification, under penalty of perjury, by a qualified engineer that the propagation maps and model details reflect the filer's coverage as of the generation date of the map in accordance with all other parameters," the FCC order said.

Read 9 remaining paragraphs | Comments

Posted in 4G, Biz & IT, FCC, Policy, rural wireless association, t-mobile, verizon | Comments (0)

Amazon Web Services aims to colonize your network with Outpost

December 12th, 2018
Amazon's going to need some bigger boxes to ship those Outpost racks next year.

Enlarge / Amazon's going to need some bigger boxes to ship those Outpost racks next year. (credit: Christopher Lee/Bloomberg via Getty Images)

If you want to know what Amazon's big plans are for Amazon Web Services (AWS), one of the most reliable tells is to watch where Microsoft and Google cloud services are gaining traction. At last year's annual Amazon re:Invent technical conference, the big news for cloud customers was Elastic Kubernetes Service (EKS), a managed container service based on industry-leading Kubernetes—an open source platform championed by Google. And this last year, at last week's re:Invent 2018, Amazon announced its counter to Microsoft's Azure Stack with a new on-premises offering of its own.

Amazon Outposts, a service scheduled to become available in the second half of 2019, will allow customers to provision physical racks of Amazon Web Services (AWS) servers and have them shipped to their own data centers. The racks will be configured with the same servers that Amazon runs in its AWS data centers; once installed, the racks will connect back to the AWS mothership over the Internet and then can be configured with storage services and virtual machines through Amazon's AWS Management Console. And just as with services hosted in Amazon's own data centers, customers won't own these racks—they'll rent them. The costs and connectivity requirements associated with Outpost have yet to be determined.

Living on the edge

Using Outpost's "edge computing" model has some potential benefits for companies transitioning to the cloud or with large existing hybrid cloud deployments mixing on-site and cloud resources. In his re:Invent keynote, AWS CEO Andy Jassy said that consistency in operations was the primary motivation for Outpost, since customers will be able to use the same Application Programming Interfaces (APIs) and control pane with Outposts that they currently use with AWS. But Outpost also guarantees on-demand access to the virtual machines and storage on these systems, whereas in normal AWS cloud usage, customers would have to reserve those services in advance to guarantee on-demand availability. Additionally, customers may be able to eventually run many AWS cloud services locally in their own data center—services that they might currently rely on third-party software for because of performance or security concerns related to using AWS.

Read 9 remaining paragraphs | Comments

Posted in amazon, Amazon Web Services, AWS, Biz & IT, edge compiuting, hybrid cloud | Comments (0)

Audit: No Chinese surveillance implants in Supermicro boards found

December 11th, 2018
A letter posted by Supermicro executives today announcing that an audit had found no evidence of claims of espionage implants in the company's servers, part of a campaign by the company to counter a report by Bloomberg in October.

Enlarge / A letter posted by Supermicro executives today announcing that an audit had found no evidence of claims of espionage implants in the company's servers, part of a campaign by the company to counter a report by Bloomberg in October.

In a letter to customers issued December 11, Supermicro President and CEO Charles Liang and other top executives announced that an audit conducted by an outside investigating team had found no evidence of any malicious hardware incorporated into motherboards currently or previously manufactured by the company. The letter is the latest rebuttal to Bloomberg reports in October that claimed tiny chips that provided a backdoor for China's intelligence agencies had been integrated into boards provided to major Internet and cloud providers—a report also refuted by the companies the report claimed were targeted.

"After a thorough examination and a range of functional tests, the investigative firm found absolutely no evidence of malicious hardware on our motherboards," the letter signed by Liang, Supermicro Senior Vice President and Chief Compliance Officer David Weigland, and Senior VP and Chief Product Officer Raju Penumatcha stated. "These findings were no surprise to us... We appreciate the industry support regarding this matter from many of our customers, like Apple and AWS. We are also grateful for numerous senior government officials, including representatives of the Department of Homeland Security, the director of National Intelligence, and the director of the FBI, who early on appropriately questioned the truth of the media reports."

Reuters' Joseph Menn reported that the audit was apparently undertaken by Nardello & Co, a global investigative firm founded by former US federal prosecutor Daniel Nardello. According to Reuters' source, the firm examined sample motherboards that Supermicro had sold to Apple and Amazon, as well as software and design files for products. No malicious hardware was found in the audit, and no beacons or other network transmissions that would be indicative of a backdoor were detected in testing.

Read 3 remaining paragraphs | Comments

Posted in apple, AWS, Biz & IT, Bloomberg, Policy, Supermicro | Comments (0)

Comcast rejected by small town—residents vote for municipal fiber instead

December 11th, 2018
A person's hand holding a pencil and marking an X in a box labeled,

Enlarge (credit: Getty Images | TwilightEye)

A small Massachusetts town has rejected an offer from Comcast and instead plans to build a municipal fiber broadband network.

Comcast offered to bring cable Internet to up to 96 percent of households in Charlemont in exchange for the town paying $462,123 plus interest toward infrastructure costs over 15 years. But Charlemont residents rejected the Comcast offer in a vote at a special town meeting Thursday.

"The Comcast proposal would have saved the town about $1 million, but it would not be a town-owned broadband network," the Greenfield Recorder reported Friday. "The defeated measure means that Charlemont will likely go forward with a $1.4 million municipal town network, as was approved by annual town meeting voters in 2015."

Read 14 remaining paragraphs | Comments

Posted in Biz & IT, Comcast, municipal broadband, Policy | Comments (0)

Testing the first commercial VPN provider to offer WireGuard connectivity

December 11th, 2018
We don't recommend specific VPN solutions, but we sure like analyzing them.

Enlarge / We don't recommend specific VPN solutions, but we sure like analyzing them. (credit: Pixabay)

Following our earlier WireGuard coverage, commercial VPN provider IVPN's chief marketing officer reached out to me to let me know his company was adding WireGuard support to its offering and asked if I'd be interested in covering the launch. Honestly, I planned to brush him off—there are a million VPN providers out there, and at least 999,000 of them are pretty shady—so I answered with a quick, dirty trick question: what are you doing on the Windows side?

Viktor surprised me with a picture-perfect answer that ruined my plans to get rid of him fast:

The official Ars stance on VPN recommendations is that we can't recommend anyone whose policies we can't independently verify and whose log retention we can't audit ourselves. This sounds like a cop-out from having to make a recommendation, but this is a service that readers will likely be putting a significant amount of trust in, and it would be irresponsible to give a recommendation that important without being able to provide assurances.

Read 25 remaining paragraphs | Comments

Posted in Biz & IT, Tech | Comments (0)

Google+ bug exposes non-public profile data for 52 million users

December 10th, 2018
The Google Plus (G+, or Google +) social network logo is seen in the company's offices behind Android toys on August 21, 2014 in Berlin, Germany.

Enlarge / The Google Plus (G+, or Google +) social network logo is seen in the company's offices behind Android toys on August 21, 2014 in Berlin, Germany. (credit: Adam Berry/Getty Images)

Two months after disclosing an error that exposed the private profile data of almost 500,000 Google+ users, Google on Monday revealed a new leak that affects more than 52 million people. The programming interface bug allowed developers to access names, ages, email addresses, occupations, and a wealth of other personal details even when they were set to be nonpublic.

The bug was introduced in a release that went live at an undisclosed date in November and was fixed a week later, Google officials said in a blog post. During the time the bug was active, developers of apps that requested permission to view profile information that a user had added to their Google+ profile received permission to view profile information about that user even when the details were set to not-public. What’s more, apps with access to users’ Google+ profile data had permission to access non-public profile data that other Google+ users shared with the consenting user. In all, the post said, 52.5 million users are affected.

“The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft,” Monday’s post said. “No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.”

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, google, Google Plus, Policy, Privacy | Comments (0)