Uber Is Under Investigation By Multiple States Over a 2016 Data Breach ( 25

Yesterday, it was reported that Uber concealed a massive cyberattack that exposed 57 million people's data. Recode reports that at least five states -- Illinois, Massachusetts, Missouri, New York and Connecticut -- would investigate the matter. From the report: Meanwhile, Uber must contend with the possible threat of a new probe at the Federal Trade Commission. The agency, which acts as the U.S. government's top privacy and security watchdog, penalized Uber for its privacy and security practices just this August. But it may not have known that Uber had suffered a major security breach in 2016, even as they investigated the company at the same time for other, unrelated security missteps. For now, the agency merely said it's "closely evaluating the serious issues raised." And some affected customers are similarly taking action. On Wednesday -- hours after the breach became public -- an Uber user filed a lawsuit accusing the company of negligence and deceptive business practices. The plaintiff, Alejandro Flores, is seeking to represent a class of affected riders and drivers alike.

For one thing, 48 states maintain some version of a law that requires companies that suffer a data breach to communicate what happened to consumers. In most cases, companies must disclose a security incident if hackers steal very sensitive customer data -- such as driver's license numbers, which happened with Uber in late 2016. To that end, the attorneys general in Illinois, Connecticut and New York have said they are probing the breach at Uber -- perhaps with an eye on whether the company skirted state laws. The top prosecutors in other major states, like Pennsylvania and Florida, did not immediately respond to emails on Wednesday seeking comment. California's AG declined to comment.


Television's Most Infamous Hack Is Still a Mystery 30 Years Later ( 116

It has been 30 years since the Max Headroom hack, arguably the creepiest hack in the television history took place. Caroline Haskins, writes about the incident for Motherboard: It was a few minutes after 9 PM on Sunday, November 22, 1987. Chicago sportscaster Dan Roan was cheerily summarizing the Bears's victory that day for Channel 9 local news. Suddenly, televisions went silent, and their screens went black. At first, it seemed like an equipment malfunction. Without warning, televisions in the area blasted loud radio static. It was overlain with the screech of a power saw cutting into metal, or a jet engine malfunctioning. At center screen, a person wore a Max Headroom mask -- a character who appeared on various television shows and movies in the 1980s. He appeared to have yellow skin, yellow clothes, and yellow slicked-back hair. As purple and black lines spun behind him, Max nodded and swayed back and forth. His plastic face was stuck in laughter, and opaque sunglasses covered his eyes, which seemed to peer through the screen. The screen went black again. After a moment, Roan reappeared. "Well if you're wondering what'll happen," Roan said with a laugh, unaware of what had happened during the interruption, "so am I." Two hours later, it happened again on another channel. This time, Dr. Who had just turned to get his companion, Leela, a hot drink, when a line of static rolled across the screen, revealing the yellow man. After 30 years and an intense FCC investigation, the people behind the Headroom hack remain unknown. The correspondent has spoken to the newscasters who were interrupted and mocked that day. You can read the interview here.

How a Wi-Fi Pineapple Can Steal Your Data (And How To Protect Yourself From It) ( 46

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."

Slashdot Top Deals