Bug

Trump Orders Government To Stop Work On Y2K Bug, 17 Years Later (bloomberg.com) 460

The federal government will finally stop preparing for the Y2K bug, seventeen years after it came and went. Yes, you read that right. Bloomberg reports: The Trump administration announced Thursday that it would eliminate dozens of paperwork requirements for federal agencies, including an obscure rule that requires them to continue providing updates on their preparedness for a bug that afflicted some computers at the turn of the century. As another example, the Pentagon will be freed from a requirement that it file a report every time a small business vendor is paid, a task that consumed some 1,200 man-hours every year. Seven of the more than 50 paperwork requirements the White House eliminated on Thursday dealt with the Y2K bug, according to a memo OMB released. Officials at the agency estimate the changes could save tens of thousands of man-hours across the federal government. The agency didn't provide an estimate of how much time is currently spent on Y2K paperwork, but Linda Springer, an OMB senior adviser, acknowledged that it isn't a lot since those requirements are already often ignored in practice.
Communications

CIA Created 'CherryBlossom' Toolkit For Hacking Hundreds of Routers Models (bleepingcomputer.com) 107

An anonymous reader writes: After a two-week hiatus, WikiLeaks dumped new files as part of the Vault 7 series -- documents about a CIA tool named CherryBlossom, a multi-purpose framework developed for hacking hundreds of home router models. The tool is by far one of the most sophisticated CIA malware frameworks in the CIA's possession. The purpose of CherryBlossom is to allow operatives to interact and control SOHO routers on the victim's network. The tool can sniff, log, and redirect the user's Internet traffic, open a VPN to the victim's local network, execute actions based on predefined rules, alert operators when the victim becomes active, and more. A 24-page document included with the CherryBlossom docs lists over 200 router models from 21 vendors that the CIA could hack. The biggest names on this list are Apple, D-Link, Belkin, Aironet (Cisco), Linksys, and Motorola.
Censorship

Japan Passes Controversial 'Anti-Conspiracy' Bill (privateinternetaccess.com) 93

An anonymous reader quotes a report from Virtual Privacy Network Blog, News: Earlier today, after an intentionally rushed consideration process, Japan's Prime Minister Shinzo Abe passed a new mass surveillance law conveniently called the "anti-conspiracy bill." With the vague wording of the bill, anyone suspected of planning any of [the 277 acts listed in the bill] could be put under targeted surveillance. Of course, the Japanese government has promised not to overstep their boundaries and emphasized that the new law is only meant to increase security before the 2020 Olympics. Among the noted crimes that would be punishable in Japan under the new anti-terrorism law is copyright violation, which is a criminal offense not a civil offense in Japan. Both the Japanese Bar Association and the United Nation's Special Rapporteur have spoken out against the law, saying that it will severely curtail civil liberties in Japan.

BBC laid out some of the most ridiculous things that someone in Japan can now catch a potentially terrorism-related charge for even planning or discussing on social media the acts of: Copying music; Conducting sit-ins to protest against the construction of apartment buildings; Using forged stamps; Competing in a motor boat race without a license; Mushroom picking in conservation forests; Avoiding paying consumption tax. The stated rationale of the government is that these now-illegal acts, such as copying music to CDs or foraging for mushrooms in conservation forests, could be used to fund terrorist activities. Hence, planning or thinking about them is bad. If this sounds like the Thought Police, that's because it is.

Government

US Intelligence Agencies Tried To Bribe Our Developers To Weaken Encryption, Says Telegram Founder (twitter.com) 135

In a series of tweets, Pavel Durov, the Russian founder of the popular secure messaging app Telegram has revealed that U.S. intelligence agencies tried twice to bribe his company's developers to weaken encryption in the app. The incident, Durov said, happened last year during the team's visit to the United States. "During our team's 1-week visit to the US last year we had two attempts to bribe our devs by US agencies + pressure on me from the FBI," he said. "And that was just 1 week. It would be naive to think you can run an independent/secure cryptoapp based in the US."

Telegram is one of the most secure messaging apps available today, though researchers have pointed flaws in it as well.
Security

NSA Links WannaCry To North Korea (washingtonpost.com) 99

An anonymous reader quotes a report from The Washington Post: The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300,000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with "moderate confidence" to North Korea's spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report. The assessment states that "cyber actors" suspected to be "sponsored by" the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers. Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called "the Lazarus Group," a name used by private-sector researchers.

Slashdot Top Deals