An anonymous reader writes from a report via Bleeping Computer: Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month, on April 10. The attack, which the company claimed was a "malicious hacking event," was the work of BrickerBot, an IoT malware family that bricks unsecured IoT and networking devices. "BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity." The crook, going by Janit0r, tried to pin some of the blame on Mirai, but all the clues point to BrickerBot, as Sierra Tel had to replace bricked modems altogether, or ask customers to bring in their modems at their offices to have them reset and reinstalled. Mirai brought down over 900,000 Deutsche Telekom modems last year, but that outage was fixed within hours with a firmware update. All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.

Sometimes it's very important to know that the servers of the web services you're using are situated somewhere in your neighbourhood. And it's not just because of privacy concerns. The Outline has a story this week in which it talks about gamers in Hawaii who're increasingly finding it difficult to compete in global tournaments because the games' servers are almost every time placed overseas. From the article: [...] The game's server is in Chicago. That means if you live in the Midwest, your computer can communicate with it almost instantaneously. If you're in L.A., it can take roughly 60 milliseconds. But if you're in Hawaii, it can take 120 milliseconds, with some players reporting as long as 200 milliseconds. And at the highest echelons of competitive video gaming, milliseconds matter. [...] In League and other eSports games, playing on a high ping is a big disadvantage. The goal of the game is to set up defenses to protect your base while pushing forward to capture the enemy's base, and there are typically lightning bolts and fireballs and slime-spitting dragons shooting across the screen. Playing on a high ping means players may not see all of the action that happens in a game. Latency can really screw things up for a young eSports scene, said Zack Johnson, who runs gg Circuit, a global tournament provider for gaming centers like PC Gamerz. Players on the mainland sometimes say they don't want to compete against Hawaii players, he said, because the high ping throws things off.

Thelasko shares an excerpt from a report via The Atlantic, which describes how price discrimination is used in online shopping and how businesses like Amazon try to extract consumer surplus: Will you pay more for those shoes before 7 p.m.? Would the price tag be different if you lived in the suburbs? Standard prices and simple discounts are giving way to far more exotic strategies, designed to extract every last dollar from the consumer. We live in the age of the variable airfare, the surge-priced ride, the pay-what-you-want Radiohead album, and other novel price developments. But what was this? Some weird computer glitch? More like a deliberate glitch, it seems. "It's most likely a strategy to get more data and test the right price," Guru Hariharan explained, after I had sketched the pattern on a whiteboard. The right price -- the one that will extract the most profit from consumers' wallets -- has become the fixation of a large and growing number of quantitative types, many of them economists who have left academia for Silicon Valley. It's also the preoccupation of Boomerang Commerce, a five-year-old start-up founded by Hariharan, an Amazon alum. He says these sorts of price experiments have become a routine part of finding that right price -- and refinding it, because the right price can change by the day or even by the hour. (Amazon says its price changes are not attempts to gather data on customers' spending habits, but rather to give shoppers the lowest price out there.)

According to Bloomberg, Square has acquired the engineering team of Yik Yak for "less than $3 million." From the report: The payments processor paid less than $3 million for between five and ten of Yik Yak's engineers, according to the person. Atlanta-based Yik Yak's Chief Executive Officer Tyler Droll will not join Square, the person added, asking not to be identified talking about a private matter. Atlanta-based Yik Yak, which started in 2013, created a smartphone app that allowed people to contribute to anonymous chat groups in a narrow geographical radius -- like college campuses.

An anonymous reader writes: In an interview today, the author of BrickerBot, a malware that bricks IoT and networking devices, claimed he destroyed over 2 million devices, but he never intended to do so in the first place. His intentions were to fight the rising number of IoT botnets that were used to launch DDoS attacks last year, such as Gafgyt and Mirai. He says he created BrickerBot with 84 routines that try to secure devices so they can't be taken over by Mirai and other malware. Nevertheless, he realized that some devices are so badly designed that he could never protect them. He says that for these, he created a "Plan B," which meant deleting the device's storage, effectively bricking the device. His identity was revealed after a reporter received an anonymous tip about a HackForum users claiming he was destroying IoT devices since last November, just after BrickerBot appeared. When contacted, BrickerBot's author revealed that the malware is a personal project which he calls "Internet Chemotherapy" and he's "the doctor" who will kill all the cancerous unsecured IoT devices.

An anonymous reader shares: MIT no longer owns 18.0.0.0/8. That's a very big block of scarce IPv4 addresses that have become available again. One block inside this /8, more specifically 18.145.0.0/16, was transferred to Amazon.

An anonymous reader quotes a report from Fortune: The Navy and Marine Corps issued new regulations that ban members from sharing nude photographs following a scandal involving military personnel sharing intimate pictures of their female colleagues -- some of which were taken without their knowledge -- in a secret Facebook group. The new statute, which was signed Tuesday by Acting Navy Secretary Sean Stackley, went into effect immediately and will be made permanent when the next edition of the Navy's regulations is printed, according to Navy Times. Military courts will handle violations of the new rule. The crackdown comes after a Facebook group was uncovered featuring naked photos of female service members. The group was eventually shut down by Facebook after a request from the Marine Corps. The Center for Investigative Reporting found that some of the photographs posted on the Facebook group may have been taken consensually, but others may not have been.

An anonymous reader quotes a report from TorrentFreak: Former Pirate Bay spokesperson and co-founder Peter Sunde has just announced his latest venture. Keeping up his fight for privacy on the Internet, he's launching a new company called Njalla, that helps site operators to shield their identities from prying eyes. The name Njalla refers to the traditional hut that Sami people use to keep predators at bay. It's built on a tall stump of a tree or pole and is used to store food or other goods. On the Internet, Njalla helps to keep people's domain names private. While anonymizer services aren't anything new, Sunde's company takes a different approach compared to most of the competition. With Njalla, customers don't buy the domain names themselves, they let the company do it for them. This adds an extra layer of protection but also requires some trust. A separate agreement grants the customer full usage rights to the domain. This also means that people are free to transfer it elsewhere if they want to.

"Back in the days, Cisco fixed the vulnerability, but we are not sure about all other router vendors and models because there are too many of them," writes the DefenseCode team. Orome1 quotes a new report from Help Net Security: Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers. The flaw was actually found in Broadcom's UPnP implementation used in popular routers, and ultimately the researchers extended the list of vulnerable routers to encompass devices manufactured by the likes of ASUS, D-Link, Zyxel, US Robotics, TP-Link, Netgear, and others. Since there were millions of vulnerable devices out there, the researchers refrained from publishing the exploit they created for the flaw, but now, four years later, they've released their full research again, and this time they've also revealed the exploit. The researchers pointed out that most users don't update their router's firmware -- meaning many routers may still be vulnerable.

An anonymous reader quotes a report from WRGB: The discovery of two working computers hidden in a ceiling at the Marion Correctional Institution prompted an investigation by the state into how inmates got access. In late July, 2015 staff at the prison discovered the computers hidden on a plywood board in the ceiling above a training room closet. The computers were also connected to the Ohio Department of Rehabilitation and Correction's network. Authorities say they were first tipped off to a possible problem in July, when their computer network support team got an alert that a computer "exceeded a daily internet usage threshold." When they checked the login being used, they discovered an employee's credentials were being used on days he wasn't scheduled to work. That's when they tracked down where the connection was coming from and alerted Marion Correctional Institution of a possible problem. Investigators say there was lax supervision at the prison, which gave inmates the ability to build computers from parts, get them through security checks, and hide them in the ceiling. The inmates were also able to run cabling, connecting the computers to the prison's network. Furthermore, "investigators found an inmate used the computers to steal the identify of another inmate, and then submit credit card applications, and commit tax fraud," reports WRGB. "They also found inmates used the computers to create security clearance passes that gave them access to restricted areas."

An anonymous reader quotes a report from Ars Technica: The Google Assistant, Google's voice assistant that powers the Google app on Android phones, tablets, and Google Home, has just gotten a major downgrade. In a move reminiscent of all the forced and user-hostile Google+ integrations, Google has gutted the Google Assistant's shopping list functionality in order to turn it into a big advertisement for Google's shopping site, Google Express. The shopping list has been a major feature of the Google Assistant. You can say "Add milk to my shopping list," and the Google Assistant would dutifully store this information somewhere. The shopping list used to live in Google Keep. Keep is Google's primary note-taking app, making it a natural home for the shopping list with lots of useful tools and management options. Now the shopping list lives in Google Express. Express is an online shopping site, and it has no business becoming a dedicated place to store a shopping list that probably has nothing to do with Google's online marketplace. Since Google Express is an online shopping site (and, again, has no business having a note-taking app grafted onto it), the move from Keep to Google Express means the Assistant's shopping list functionality loses the following features: Being able to reorder items with drag and drop; Reminders; Adding images to the shopping list; Adding voice recordings to the shopping list; Real time collaboration with other users (Express has sharing, but you can't see other people as they type -- you have to refresh.); Android Wear integration; Desktop keyboard shortcuts; Checkbox management: deleting all checked items, unchecking all items, hiding checkboxes. Alternatively, the move from Keep to Google Express means the Assistant shopping list gains the following features: Google Express advertising next to every list item; Google Express advertising at the bottom of the page.

McDonald's Australian subsidiary is now accepting job applications via Snapchat. Specifically, McDonald's wants potential candidates to send the company a 10-second video using a filter that shows them wearing a McDonald's uniform. Matthew Hughes reports via The Next Web: The job applications, which McDonalds calls "Snaplications" (I vomited a little), will be the first step in the recruitment process. The company will then review the submissions, pick out the favorites, and send digital applications to those selected. Speaking to Australian news website news.com.au, McDonald's Australia COO Shaun Ruming said the company is looking for applicants with a "bubbly personality." He also added that he'd "learned a lot about Snapchat recently from my 14-year-old daughter."

An anonymous reader quotes a report from The Verge: Most Americans want to let local governments build out internet service if the internet providers in their area aren't any good, according to the Pew Research Center. In a phone survey of over 4,000 people last month, Pew found that 70 percent of respondents agreed that local governments should have the power to start their own high-speed networks if current offerings are "too expensive or not good enough." The results show an overwhelming support for municipal broadband -- networks that are at least somewhat run by local governments -- at a time when encouraging broadband buildout is a top federal priority. But despite the support, in much of the US, building out municipal networks just isn't possible. More than 20 states have passed laws banning local governments from starting their own broadband service, largely at the behest of internet providers that want to avoid competition at all cost. Though Pew's survey found some positive results for municipal broadband, it found less support for broadband subsidies for low-income homes. Under half of all Americans, 44 percent, said they supported subsidies, while nearly everyone else surveyed said they felt internet service "is affordable enough" that most households should be able to pay for it. (At the same time, nearly half of all people surveyed said they didn't know what speed of internet they received.)

"The transition to internet protocol version 6 has opened up a whole new range of threat vectors that allow attackers to set up undetectable communications channels across networks, researchers have found." Slashdot reader Bismillah summarizes a report from IT News. Researchers at NATO's Cooperative Cyber Defence Centre of Excellence and Estonia's University of Tallinn have worked out how to set up communications channels using IPv6 transition mechanisms, to exfiltrate data and for systems control over IPv4-only and dual-stack networks -- without being spotted by network intrusion detection systems.
The article argues that "Since IPv6 implementations and security solutions are relatively new and untested, and systems engineers aren't fully aware of them, the new protocol can become a network backdoor attackers can exploit undetected." The researchers' paper is titled "Hedgehog In The Fog."

The end of the FCC's spectrum auction last week "should give a clear indication of how much space will be available in each TV market for Super Wi-Fi," according to the Bay Area Newsgroup. An anonymous reader quotes their report: [T]he technology has promised speedy internet for rural citizens and to help urban dwellers get connected in buildings and rooms that are now twilight zones for Wi-Fi signals... And because the spectrum is regulated and largely reserved for television signals, Super Wi-Fi transmissions don't have to contend with interference from random devices like microwaves or cordless phones, as do signals in other wireless bands. Super Wi-Fi signals generally won't be as fast as regular Wi-Fi signals, but for many customers, they'll be faster and provide better service than what they'd get otherwise...

It's widely expected that there will be plenty of room for Super Wi-Fi in rural areas where there are few television signals, which is why companies like Cal.net and Q-Wireless have pressed forward with the technology even before the auction closes. The big question is whether regulators will preserve sufficient space for Super Wi-Fi in areas like New York and Los Angeles where there are lots of broadcast stations and in cities like Detroit and San Diego that have to share the airwaves with cities from other countries. If there's not enough space in those areas, Super Wi-Fi, in this country at least, will likely be relegated to rural areas.

A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that's no longer supported but still widely used. From a report on PCWorld: The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003. Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.

The First Responder Network, FirstNet, an independent arm of the Department of Commerce, has awarded a contract to AT&T to build a nationwide wireless broadband network to better equip first responders. "FirstNet will provide 20MHz of high-value, telecommunications spectrum and success-based payments of $6.5 billion over the next five years to support the network buildout," AT&T said in its announcement. Reuters reports: The effort to set up a public safety network was triggered by communications failures during the Sept. 11, 2001 attacks, when first responders were unable to effectively communicate as they used different technologies and networks. The FirstNet network will help emergency medical personnel, firefighters and police officers communicate vital information on one single network in real time, as opposed to using thousands of separate, incompatible systems. The rollout of the network, which will cover will cover all states, five U.S. territories and the District of Columbia, will begin later this year, AT&T said on Thursday. AT&T will spend about $40 billion over the period of the 25-year agreement to build, operate and maintain the network.

Comcast has been testing its Xfinity prepaid internet service for several years and now it appears to be ready for the masses. "The package allows consumers to pay for internet service on a pay-as-you-go basis, with refills ranging from seven to 30 days," reports The Verge. From the report: Comcast is partnering with Boost Mobile to sell the $80 prepaid internet starter kits, which come with a wireless DOCSIS 3.0 gateway and 30 days of service. Download speeds measure up to 10 Mbps downstream and 1 Mbps for uploads, and refills start at $15 for one week. The prepaid plans works anywhere within Xfinity's coverage area, and while there's no credit check involved, you do have to be 18 years or older to sign up. The partnership also gives Boost Mobile customers $5 off refills. At launch, customers will be able to find the the Xfinity starter kits at Boost Mobile stores around Illinois, Michigan, Pennsylvania, and Texas. The company plans to roll out the kits to all 4,000 stores (that are within Comcast's coverage area) by the end of the year.

Cisco has built a new network operating system that will allow users to run its most sophisticated networking features on older and lower-cost Cisco routers and switches, according to a report. From a report: The move to potentially disrupt its networking hardware business was first reported by The Information, which said that Cisco, for now, is not looking to have its network operating system available for non-Cisco switches. Customers who want to run the new operating system, known as Lindt, will be able to move away from switches based on proprietary high-performance Cisco chips to Cisco hardware that works with lower-cost chips, according to the report.

An anonymous reader quotes a report from Bleeping Computer: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting -- Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel's method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV's background processes, meaning users won't notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA's Weeping Angel toolkit, which makes his work even more impressing. Furthermore, Scheel says that "about 90% of the TVs sold in the last years are potential victims of similar attacks," highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe. At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV. Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.