FBI director demands access to private cell phone data

From the cnet.com article ‘FBI director demands access to private cell phone data’ by  ()

To stop terrorists and other criminals, cell phones should have encryption backdoors to enable US government surveillance, argues FBI Director James Comey.

Cell phone encryption will prevent the federal government from stopping terrorists and child molesters unless the government is given special access, Federal Bureau of Investigation Director James Comey told a Washington, DC, think tank on Thursday.

Comey, who noted that “both real-time communication and stored data are increasingly encrypted,” said that the trend by service providers to encrypt their customer data could prevent the government from lawfully pursuing criminals.

“Justice may be denied, because of a locked phone or an encrypted hard drive,” Comey said in his prepared remarks at the Brookings Institute. He explained that while Communications Assistance for Law Enforcement Act (CALEA) from 1994 mandated that telephone companies build wiretapping backdoors into their equipment, no such law forces new communication companies to do the same.

However, he didn’t mention that CALEA was expanded from its original mandate to include broadband Internet and Voice over Internet Protocol (VoIP) systems like Skype in 2004.

Comey called out the default encryption in Apple’s iOS 8, and the optional Android encryption that will become the default for that operating system when Android 5.0 Lollipop is released next month, as blocking law enforcement from fully gathering evidence against suspects. He said that the solution was for tech firms to build “front-doors” on consumer cell phones and smartphones.

“We aren’t seeking a back-door approach,” Comey said, referring to a common term for encryption that has been intentionally weakened. “We want to use the front door, with clarity and transparency, and with clear guidance provided by law,” including court orders, he said.

The spying scandal that kicked off when former National Security Agency contractor Edward Snowden leaked classified surveillance documents has seen tech titans including Apple, Google, Yahoo, Microsoft and Facebook scramble to build tougher encryption into their products. Google’s Eric Schmidt warned that the spying will “break the Internet.”

The current fight over how to secure customer data isn’t the first time that tech firms and the US government have gone to war over encryption. In the 1990s, the “crypto wars” saw tech companies and industry advocates force the US government to repeal laws that deemed cryptography a weapon.

While evoking imagery of children at play and innocents exonerated of false accusations thanks to FBI investigations unencumbered by encryption, Comey derided concerns by the tech community that weakening encryption made devices more susceptible to cyber-criminal attacks.

He acknowledged that “adversaries will exploit any vulnerability they find,” but that those exploits introduced by a backdoor could be mitigated by “developing intercept solutions during the design phase,” he said.

Cryptography expert and University of Pennsylvania professor Matt Blaze disagreed with that assumption. Comey’s speech, he said on Twitter, “didn’t merely dismiss or minimize the technical risks of back doors, it completely ignored them.”

Christopher Soghoian, the American Civil Liberties Union’s principal technologist on its Speech, Privacy and Technology Project, said that Comey’s insistence on weakening encryption opens the data to “foreign governments and criminals,” he said, “whether you call it a ‘front door’ or a ‘back door.'”

Soghoian noted in a blog post from 2010 that CALEA explicitly protects the right of a telecommunications company to build encryption to which only the customer possesses the cryptographic keys.

Comey’s speech appears to want to change that. The FBI didn’t return a request for comment.

Google declined to comment specifically on Comey’s statements, but reiterated its support for encryption. “People previously used safes and combination locks to keep their information secure — now they use encryption. It’s why we have worked hard to provide this added security for our users,” a Google spokesperson said.

Apple didn’t respond to a request for comment.

Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City, Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City, Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City, Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City

Snapchat warns users outside apps ‘can’t be trusted’

From the Cnet.com Article by Seth Rosenblatt (@sethr)

Snapchat tells its more than 100 million users that some third-party apps pose a threat. But the photo-sharing service doesn’t address why outsiders were able to connect to Snapchat in the first place.

Snapchat cautioned its 100 million active users on Tuesday morning to stay away from any and all apps that claim to work with its messaging service.

Snapchat, which lets users share a photo or video that’s deleted soon after the recipient sees it, has been under fire since last week. A third party-service that connected to Snapchat and allowed “snap” recipients to back up the photos and videos sent to them was hacked. More than 13 gigabytes of data — most of them photos that Snapchat users had stored on the third-party site – were stolen and made public, including tens of thousands of sexually explicit images. The hack affected about 200,000 Snapchat users.

Snapchat blamed the third-party services for putting Snapchat users at risk in a new blog post today. “It takes time and a lot of resources to build an open and trustworthy third-party application ecosystem,” Snapchat wrote today. “That’s why we haven’t provided a public API to developers and why we prohibit access to the private API we use to provide our service.”

This is the second time since the breach was reported that Snapchat has said third-party Snapchat services were at fault, and that users assume multiple risks by using them. On Friday, Snapchat told CNET News in a statement that its users were “victimized” by using third-party Snapchat services, which often back up the photos and videos posted to Snapchat without the sender’s consent.

Snapchat told CNET News said that third-party use of its API is, “a practice that we expressly prohibit in our Terms of Use” because they “compromise our users’ security.”

At least two independent security experts think Snapchat, founded in 2011, bears at least part of the responsibility for the hack. It should have secured its API in the first place, said Chris Eng, vice president of research at computer-security research firm Veracode. Snapchat “absolutely could” have better security, he said.

“They are using Terms of Service instead of having strong security in place, Eng told CNET. “From a security perspective [that] has zero effectiveness…they are trying to do the absolute bare minimum without considering how effective it is.”

Patrick Wardle, director of research at security-intelligence firm Synack, said that part of the problem is that all APIs — including Snapchat’s — are designed to have services connect to them. If a third-party service knows how an API is built, all it needs are user login credentials to connect to the service.

“Whether or not the API is public or private, if users are providing their account information then hackers can still make use of the API to access user content,” Wardle said. End-to-end encryption, which is used to protect electronic messages from being spied on, would help Snapchat ensure not only user privacy but also limit API access, Wardle said.

Snapchat didn’t respond to a request for comment.

The stolen photos and videos were taken from an unauthorized third-party Snapchat service called Snapsaved, which backed up users’ “snaps.” Snapsaved was one of many unauthorized third-party Snapchat services, which shut down several months ago. Snapsaved said it was to blame for the hack in a Facebook post on Saturday. It said 500 megabytes of photos and videos had been stolen, not 13 gigabytes.

Complicating the hack is that at least one estimate says half of Snapchat’s users are teenagers between 13 and 17 years old, and many of the photos and videos are rumored to be sexually explicit. Snapchat isn’t saying how many of the photos were sexually explicit and neither is Snapsaved. But one user of the popular Internet community Reddit said that of the 13 gigabytes of stolen snaps, around 100 megabytes were of pornographic photos and videos. That still translates into tens of thousands of images.

Since its debut, Snapchat has become the third-most popular social media app in the US, behind Facebook and Facebook’s photo-sharing service Instagram, because of its ability to automatically delete messages. Facebook reportedly tried to buy the startup for $3 billion last year.

The Snapsaved hack follows September’s attack against Apple’s iCloud service, which targeted photos of celebrities, including actress Jennifer Lawrence, in sexually explicit situations. Lawrence told Vanity Fair that the iCloud hack isn’t “a scandal. It is a sex crime,” and attacked the sites that posted the stolen photos and called them “disgusting.”

CNET staff writer Ian Sherr contributed to this report.

Updated at 2:18 p.m. PT with comment from Patrick Wardle.

PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Overland Park, Mac Repair Overland Park, Mac Repair Overland Park, Mac Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park

 

 

Google exposes ‘Poodle’ flaw in Web encryption standard

An excerpt from the Cnet.com Article by Seth Rosenblatt ( @sethr)

Older Web technology continues to be dogged by revelations that show how insecure it is. A trio of Google security engineers proved that the encryption standard Secure Socket Layer can be circumvented thanks to a new vulnerability they dubbed “POODLE.”

POODLE is a new security hole in Secure Socket Layer (SSL) 3.0 that makes the 15-year-old protocol nearly impossible to use safely, said Google security engineers Bodo Möller, Krzysztof Kotowicz and Thai Duong in a new report published on Tuesday.

The vulnerability allows encrypted, ostensibly-secret information to be exposed by an attacker with network access. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption (PDF), is a problem because it’s used by both websites and Web browsers. Both must be reconfigured to prevent using SSL 3.0, and POODLE will remain a problem as long as SSL 3.0 is supported.

While SSL 3.0 is no longer the most advanced form of Web encryption in use, Möller explained browsers and secure HTTP servers still need it in case they encounter errors in Transport Layer Security (TLS), SSL’s more modern, less vulnerable younger sibling.

The good news is that not much of the Web relies on SSL 3.0 anymore. A study by the University of Michigan shows that few sites rely on SSL 3.0 for anything. Less than 0.3 percent of communication between site and server depends on SSL 3.0, while 0.42 percent of the top 1 million domains on Alexa use it in even partially.

The reason that POODLE is a problem is that attackers can force your browser to downgrade to SSL 3.0.

If either browser or server runs into problems connecting with TLS, sites and browsers will often fall back to SSL. The problem is that attackers can force a connection failure which would force a site to use SSL 3.0, which would then expose it to hackers.

Because disabling SSL 3.0 outright causes compatibility problems for sites and servers, Möller recommended that administrators for both add support for TLS_FALLBACK_SCSV, a TLS protocol that blocks attackers from conning browsers into downgrading to not only SSL 3.0, but TLS 1.0 and 1.1 as well. It “may help prevent future attacks,” he wrote.

Möller said that Google Chrome and Google servers have supported this solution “since February,” which he said proves that it can be used without compatibility problems.

Robert Hansen, a browser specialist at the security firm White Hat Security, compared POODLE to another widespread vulnerability — Firesheep. Firesheep was a browser add-on that can grab unencrypted communications over the Web. While Firesheep could be defeated by using encryption, POODLE is a problem because the flaw lies with the encryption itself.

“[POODLE] is pretty bad,” Hansen told CNET, “But you have to keep in mind that it only affects a Man-In-The-Middle situation,” an attack where the hacker surreptitiously intercepts network traffic.

Legacy browsers are especially at risk, most notably Internet Explorer 6, which only supports SSL 3.0 and none of the encryption protocol that followed.

Hansen noted that there haven’t been any publicly-known attacks using POODLE yet, but he said it’s only a matter of time until there’s a tool to help hackers exploit POODLE.

“Once somebody creates a tool like Firesheep, then this gets more serious,” he said. “We possibly could see one by the end of the week.”

Research analyst Andrew Conway, who works for the Web and messaging security analysis firm CloudMark, highlighted the fact that an attack using POODLE would be “very difficult to implement.”

That, he said, makes it a bad exploit for your run-of-the-mill cybercriminal, but a potentially attractive one to “national security services” which could use it to spy on “high value targets.”

“The NSA, GCHQ and Russian and Chinese intelligence all have access to Internet traffic in and out of their countries, as well as the skills and resources to implement this attack,” Conway said. “I could imagine that it might be used against military and intelligence targets that use encrypted communications as a matter of course.”

Although Hansen didn’t specifically mention government surveillance, he did add that public Wi-Fi networks and Tor exit nodes could be likely spots to see POODLE exploits — which would fit with Conway’s analysis.

Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City

 

Russian hackers tap Windows flaw to hit NATO, Ukraine

From the Cnet.com Article by Charlie Osborne

Security firm iSight says the “Sandworm” team has targeted NATO, the European Union, Ukraine and industry through a previously unrecognized Windows zero-day exploit.

Russian hackers have exploited a bug in Microsoft’s Windows operating system in order to target computers used by NATO, the European Union, Ukraine and the telecommunications and energy sectors, according to security firm iSight.

In a blog post Tuesday, Dallas-based iSight, in collaboration with Microsoft, said the zero-day vulnerability impacts all supported versions of Microsoft Windows and Windows Server 2008 and 2012. The software giant is readying a patch for the CVE-2014-4114 vulnerability, used for the “Sandworm” cyberattack.

The automatic fix will be part of today’s Patch Tuesday release.

The exploit has been used as part of a five-year cyberespionage campaign, according to iSight. The hackers, dubbed the “Sandworm team” — based on coded references to the science fiction series ‘Dune” — have been monitored by iSight from late 2013 to the present day, although the campaign appears to have been in action since 2009. Spear phishing with malicious files attached is one of the favored methods of infiltrating computer systems, and other exploit methods include the use of BlackEnergy crimeware, as well as Microsoft’s Windows zero-day flaw.

The Windows CVE-2014-4114 vulnerability has been in use since August last year, mainly through weaponized PowerPoint documents.

iSight says that the team previously launched campaigns targeting the US and EU intelligence communities, military establishments, news organizations and defense contractors — as well as jihadists and rebels in Chechnya. However, focus has turned towards the Ukrainian conflict with Russia, energy industries and political issues concerning Russia based on evidence gleaned from phishing emails.

The cybersecurity experts do not know what data has been lifted throughout the Sandworm campaign, however, “the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree.”

The security team notified government agencies and private sector companies that have been targeted, and began working with Microsoft to patch the zero-day vulnerability, which allows the remote execution of arbitrary code. iSight says:

Although the vulnerability impacts all versions of Microsoft Windows — having the potential to impact an enormous user population — from our tracking it appears that its existence was little known and the exploitation was reserved to the Sandworm team.

By disclosing the security flaw on the eve of Patch Tuesday, iSight believes that the possibility of other hacking teams exploiting the zero-day vulnerability has been minimized.

 

 

Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park

 

Lenovo builds a projector into the Yoga Tablet 2 Pro

From the Cnet.com Article by Dan Ackerman

Lenovo has made some minor updates to its 8-inch and 10-inch Yoga 2 tablets , changing the kickstand design and adding a Windows 8 version, but it’s another new Yoga tablet product that really stands out as different.

The new Yoga Tablet 2 Pro is a 13-inch Android tablet with the same cylindrical edge/kickstand design, but inside that bulging hinge is a built-in pico projector.

It’s a surprising addition that makes this a unique product. The projector is activated by a physical button on the side of the chassis, or by a software button on the main interface screen. It projects a 16:9 image that Lenovo says will work up to 50 inches diagonally. A small focus slider is built into the rounded edge for adjusting the picture.

The speakers are a step above what we normally see in tablets, with 8 watts of output and a small built-in JBL-branded subwoofer. The tablet’s 13-inch screen has a better-than-HD resolution of 2,560×1,440 pixels, but the projector throws its image at a lower resolution.

As an Android tablet, the 13-inch Yoga Tablet Pro 2 is bigger than most, and the big, rounded edge makes it less portable than many other tablets — it’ll take up more room in your bag than a simple, fully flat tablet. That said, the rounded edge gives you something to grip when holding the tablet in your hand, and the kickstand makes it easy to set up as a display. Like the smaller Yoga 2 tablets, this version has a cutout in the kickstand that can be used to hang the entire device from a hook.

Lenovo says the battery life should be about 3 hours if you’re using the projector, or up to 15 hours without. The Yoga Tablet 2 Pro will go on sale around the end of October in the US and Europe, starting at $499 and €499, and £449 in the UK. In Australia, it’ll be on sale from mid-October in JB Hi-Fi and Harvey Norman for AU$799.

 

PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Overland Park, Mac Repair Overland Park, Mac Repair Overland Park, Mac Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park

US spying scandal will ‘break the Internet,’ says Google’s Schmidt

US government surveillance is destroying the digital economy, a roundtable of execs from Google, Microsoft, Facebook and other tech companies tell Sen. Ron Wyden

From the CNET.com Article by Seth Rosenblatt ( @sethr)

PALO ALTO, Calif. — The impact of US government surveillance on tech firms and the economy is going to get worse before it gets better, leaders at some of the biggest tech firms warned US Sen. Ron Wyden on Wednesday during a roundtable on the impact of US government surveillance on the digital economy.

The senior Democratic senator from Oregon took the floor at the Palo Alto High School gymnasium — where he played high school basketball well enough to earn a college scholarship for his court-side abilities more than 50 years ago — to discuss the economic impact and future risks of US government surveillance on technology firms.

Google Executive Chairman Eric Schmidt, who has been outspoken on the topic, pulled no punches with his assessment of how the spying scandal has and will continue to impact Google and other tech companies.

The impact is “severe and is getting worse,” Schmidt said. “We’re going to wind up breaking the Internet.”

Also on the panel with Schmidt was Microsoft General Counsel Brad Smith, another critic who became more outspoken of government surveillance after Edward Snowden leaked National Security Agency documents in 2013 that showed a much wider federal spying apparatus than previously believed.

“Just as people won’t put their money in a bank they won’t trust, people won’t use an Internet they won’t trust,” Smith said.

Panelist Ramsey Homsany, general counsel for online storage company Dropbox, said the trust between customers and businesses that is at the core of the Internet’s economic engine has begun to “rot it from the inside out.”

“The trust element is extremely insidious,” Homsany said. “It’s about personal emails, it’s about photos, it’s about plans, it’s about medical records.”

The documents leaked by Snowden indicate that the US government has been collecting a record of most calls made within the US, including the initiating and receiving phone numbers, and the length of the call; emails, Facebook posts and instant messages of an unspecified number of people; and the vast majority of unencrypted Internet traffic including searches and social media posts. Documents from Snowden show that the British equivalent of the NSA, the Government Communications Headquarters (GCHQ), has a similar program.

Trouble abroad

In prepared remarks to open the roundtable, Wyden noted that he warned back in 2011 that people were going to be stunned and angry when they found out how the US government had been “secretly applying its surveillance authority” to its citizens. What he wasn’t counting on was the international backlash.

Some of the international pushback is in response to data collection by tech companies, not the US government. Europe’s new and controversial “right to be forgotten” law, which says European citizens have a right to ask search engines to remove any results that might infringe on their privacy, is causing headaches for Google. Critics contend that Google policies placed data collection over privacy.

The tech execs on the panel were most upset and scared about international efforts to impose “data localization,” as Microsoft’s Smith put it, referring to a burgeoning efforts by countries to force companies to build data centers based within their borders.

The cost of building data centers in each country that a tech firm wants to do business in could wind up destroying US tech firms, Schmidt and Smith warned.

Schmidt called data localization a “national emergency.” Tech titans have yet to go in-depth as to the actual financial impact data localization has had on them, but in addition to the costs of having to build at least one separate data center for each country that demanded it, data localization could also subject the data to local laws in a way that tech firms worry would erode user trust — and their ability to trade on that trust — even further.

Smith noted that 96 percent of the world does not live in the US, and that the American tech economy depends on convincing them that American tech services are trustworthy. “Foreign data centers would compromise American [economic] growth” and leadership, he said.

Abroad, efforts are already underway to force international tech companies to be more respectful of their own national interests — efforts that could erode consumer trust further, said Wyden. German Chancellor Angela Merkel has said publicly that Germany is looking at European email service providers so that their messages “don’t have to go across the Atlantic.” The government of Brazil’s President Dilma Rousseff is considering forcing US tech firms to build data centers in Brazil, if they want to do business with Brazil.

The biggest indication of the decline of America’s ability to guide the Internet, according to Wyden, is that Chinese officials told the senator earlier this summer that they considered the Chinese theft of US tech trade secrets no different than US government surveillance of foreign governments and firms.

Rebuilding trust

Part of reclaiming leadership in the digital economy since the Snowden document leaks has been efforts by tech companies to encrypt user data to protect it. Facebook has used its leverage to help convince tech companies to implement tougher webmail encryption standards, while Google and Yahoo are seeking to push the envelope of how encryption can safeguard webmail.

Panelist Colin Stretch, general counsel for Facebook, called efforts to encrypt user data “a key business objective of all of us.”

“I’d be fundamentally surprised if anybody takes the foot off the pedal of building encryption into their products,” he said.

Wyden reiterated his stance that he is not opposed to all government surveillance: He supports Section 702 of the Foreign Intelligence Surveillance Act Amendments from 2008, which allows the director of National Intelligence and the US attorney general to team up to target non-US citizens located outside the US.

While Wyden and the panelists discussed the need to revise American laws as the first step to regain the trust of American citizens and international governments, they didn’t talk about what to do with the data that’s already been collected.

Wyden told CNET after the panel that he had no plans at the moment to address the data that the government has currently collected.

“I have to reflect on that,” he said, but added, “The cat’s out of the bag. I want to get policies right for the future.”

“There’s no question that Washington, DC, does overreach well,” quipped the senator.

Wyden concluded with a promise to make Congress take action to preserve the digital economy.

“The message here today is that there is a clear and present danger to the Internet economy,” he said. “The reality is that we can pass a good bipartisan bill by the end of the year.”

Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City

AMD’s CEO steps down, COO takes over

From the Cnet.com Article by Ben Fox Rubin ( @benfoxrubin)

AMD named Lisa Su, its chief operating officer, as its new CEO, effective immediately, replacing Rory Read as the struggling maker of PC chips continues its attempt at a turnaround.

Read, 52 years old, stepped down as president and chief executive, and as a board member. He will support the transition as an adviser, remaining with the company through the end of this year. Prior to joining AMD in 2011, Read was computer-maker Lenovo’s chief operating officer, and before then spent 23 years at IBM.

The company said it’s currently negotiating a transition and separation agreement with Read.

Su, 44 years old, joined AMD in 2012, and most recently has been responsible for integrating AMD’s business units, sales, global operations and infrastructure enablement teams. Before coming to the chipmaker, she worked at chipmaker Freescale and at IBM.

“Leadership succession planning has been a joint effort between Rory and the board and we felt that Lisa’s expertise and proven leadership in the global semiconductor industry make this an ideal time for her to lead the company,” Bruce Claflin, AMD’s chairman, said in a statement.

The company has attempted to turn its business around as it tries to become a tougher rival to Intel, though it has struggled along the way. For its second quarter, AMD reported stronger revenue, of $1.44 billion, and narrowed its loss to $36 million from $74 million a year earlier.

AMD is scheduled to report third-quarter results next Thursday.

 

PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Overland Park, Mac Repair Overland Park, Mac Repair Overland Park, Mac Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park

Twitter sues US government over user data-request gag rules

Social network says current government restrictions on transparency are preventing tech companies from being fully honest with the public.

From the cnet.com article by Seth Rosenblatt ( @sethr)

Twitter is suing the US government in federal court to loosen restrictions that prevent full disclosure of government demands for Twitter user data.

The suit, filed by the San Francisco-based social networking company in the US District Court of Northern California, says that US government prohibitions on sharing the nature of some of its demands for Twitter user data violate the First Amendment’s free speech clause (PDF). Twitter legal counsel Ben Lee said in a blog post that the firm believes that current government restrictions on transparency are preventing tech companies from being fully honest with the public.

“It’s our belief that we are entitled under the First Amendment to respond to our users’ concerns and to the statements of US government officials by providing information about the scope of US government surveillance — including what types of legal process have not been received,” Lee said. “We should be free to do this in a meaningful way, rather than in broad, inexact ranges.”

Lee said that currently government restrictions “prohibit and even criminalize” the company from discussing the mere number of Foreign Intelligence Surveillance Act and National Security Letter court orders its received — “even if that number is zero.” FISA and NSL court orders for user data play a key role in the government’s surveillance apparatus, as revealed in documents leaked by former NSA contractor Edward Snowden.

Before Snowden’s leaks to the media, most if not all companies couldn’t disclose that they’d received those court orders in the first place. Currently, Twitter and other tech firms can only disclose to the nearest thousand how many orders its has received.

Lee said that Twitter submitted a draft of its most recent Transparency Report to the Federal Bureau of Investigation and Department of Justice in an attempt to negotiate a deal without resorting to the courts. After “months of discussions,” however, the government refused to budge, he said.

The breakdown in talks appears to contradict a promise by President Obama that tech firms would be given a freer hand to report on government requests.

The Department of Justice did not return a request for comment.

The American Civil Liberties Union applauded Twitter’s lawsuit and encouraged other tech firms to follow suit.

“The Constitution doesn’t permit the government to impose so broad a prohibition on the publication of truthful speech about government conduct,” said ACLU deputy legal director Jameel Jaffer in a statement. “Technology companies have an obligation to protect their customers’ sensitive information against overbroad government surveillance, and to be candid with their customers about how their information is being used and shared.”

 

Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park

Microsoft sets cloud event for October 20

From the Cnet.com article by Mary Jo Foley

Microsoft is holding a “What’s ahead for Microsoft’s Cloud” event on October 20 in San Francisco.

CEO Satya Nadella and Executive Vice President of Microsoft’s Cloud & Enterprise group Scott Guthrie will both be presiding during the one-hour event for press and analysts.

The event will take place from 11 a.m. to noon Pacific Time and will be webcast live on the Microsoft News Center.

I’m hearing the event will include both a look at how Microsoft’s approach is different from its competitors, as well as a recap on cloud investments the company has been making. No doubt there will be some news, as well.

During a recent Citi Global Tech Conference appearance, Guthrie talked up Microsoft’s scale as one of its big differentiators. The company is running data centers in 17 regions worldwide.

Guthrie also talked up the importance of Intune, Microsoft’s mobile-device management service, and the Enterprise Mobility Suite, which includes Intune, during his Citi appearance. He also mentionedMicrosoft’s Azure ML machine-learning service, currently available in preview form, as key to the company’s cloud strategy.

Microsoft is continuing to crank out meaty, regular updates to Azure about every two to three weeks. Last week alone, Microsoft announced general availability of its Redis Cache Service; general availability of its Disaster Recovery to Azure (using Azure Site Recovery) service; the public preview of Elastic Scale for Azure SQL Database; additional features for its DocumentDB NoSQL service and more.

This story originally appeared as “CEO Nadella to talk up what’s next for Microsoft’s cloud” on ZDNet.

Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City

Critical USB Hack Goes Public; How Bad Is The Risk?

From the Newsy.com’s Matt Pitch

Because we just didn’t have enough tech security problems to worry about, computer science researchers have just published a potentially catastrophic security exploit. It’s ubiquitous, it’s nearly impossible to fix, and it’s all thanks to these little devices.

The problem first came to light several months ago, when a pair of researchers, Karsten Nohl and Jakob Lell, unveiled BadUSB, a way to transform common USB devices into malware-laden attack vectors which could hijack any computer they were attached to.

The firmware-based exploit involves altering the very nature of how a USB device communicates with a computer — which meant traditional malware detectors wouldn’t pick up on the attacks, and countering the threat would be nearly impossible. (Video via Vimeo / Offensive Security)

When they first revealed BadUSB, the hackers declined to reveal how they made the malware, citing security reasons. But another pair of researchers has now reverse-engineered the hack — and they’ve opened up their work to the public.

Adam Caudill and Brandon Wilson have made some of the code behind their version of BadUSB freely available on GitHub. The hackers say they’re publishing their work so the community can come up with a solution.

ADAM CAUDILL VIA YOUTUBE / ADRIAN CRENSHAW“If you’re going to say something, if you’re going to prove that there’s a flaw, you need to release the material so people can defend against it.”

But The Verge notes a fix is likely to require “a full update to the USB standard itself, which means years of insecurity. However the industry responds, we’re likely to be living with it for a long, long time.”

It’s also possible we’ve already been living with this problem: BadUSB looks a bit like COTTONMOUTH, a National Security Agency product revealed during the Snowden leaks which hijacks USB devices.

Now that the instructions for building BadUSB attacks are out in the wild, it’s possible malicious hackers could start building these types of attacks. So, should we freak out?

In a blog post, Caudill stated his release is just a harmless demo, and doesn’t contain anything that might enable malware. “The kind of people that have what it takes to do this, could do it regardless of our release. … I firmly believe that by releasing this code, the risk to the average user isn’t increased at all.”

And Mashable notes there are a few basic ways to guard against BadUSB attacks — for one thing, don’t let suspicious or untrusted USB sticks anywhere near your computer. It’s also possible to lock USB port use on Windows systems, or by using endpoint security software.

Boing Boing’s Cory Doctorow has a slightly more apocryphal bit of advice — apparently, someone with high-level connections to the U.S. intelligence community told Doctorow “the spooks he worked with would only trust USB thumb-drives from one vendor, a U.S.-based firm that had been vetted by American spies.”

So, y’know, if you can find that vendor, you should be safe from most black-hat USB attacks! Until then, it’s probably better to not put anything in your computer if you don’t know where it’s been.

Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City