Government

Democrat Senators Introduce National Data Breach Notification Law (cyberscoop.com) 162

New submitter unarmed8 shares a report from CyberScoop: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users. The scope of what kind of data breach falls under this is limited. For instance, if only a last name, address or phone number is breached, the law would not apply. If an organization "reasonably concludes that there is no reasonable risk of identity theft, fraud, or other unlawful conduct," the incident is considered exempt from the legislation.

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," Sen. Bill Nelson, D-Fla., said in a statement. "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what's best for consumers, the choice is clear."

Intel

System76 Will Disable Intel Management Engine On Its Linux Laptops (liliputing.com) 148

System76 is rolling out a firmware update for its recent laptops that will disable the Intel Management Engine altogether. The decision comes after a major security vulnerability was discovered that would allow an attacker with local access to execute arbitrary code. Liliputing reports: What's noteworthy in the System76 announcement is that the PC maker isn't just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME "provides no functionality for System76 laptop customers and is safe to disable." Right now the firmware update will only be available for computers running Ubuntu 16.04 or later or a related operating system with the System76 driver. But the company says it's working on developing a command line tool that should work on laptops running other GNU/Linux-based operating systems. System76 says it will also release an update for its desktop computers... but on those machines the update will patch the security vulnerability rather than disabling Intel ME altogether.
Desktops (Apple)

High Sierra Root Login Bug Was Mentioned on Apple's Support Forums Two Weeks Ago (daringfireball.net) 85

John Gruber, reporting for DaringFireball: It's natural to speculate how a bug as egregious as the now-fixed High Sierra root login bug could escape notice for so long. It seems to have been there ever since High Sierra 10.3.0 shipped on September 25, and may have existed in the betas through the summer. One explanation is that logging in with the username "root" and a blank password is so bizarre that it's the sort of thing no one would think to try. More insidious though, is the notion that it might not have escaped notice prior to its widespread publicization yesterday -- but that the people who had heretofore discovered it kept it to themselves. This exploit was in fact posted to Apple's own support forums on November 13. It's a bizarre thread. The thread started back on June 8 when a user ran into a problem after installing the WWDC developer beta of High Sierra.
Security

'Bomb on Board' Wi-Fi Network Causes Turkish Airlines Flight To Be Diverted (reuters.com) 177

A Turkish Airlines flight from Nairobi to Istanbul was diverted after the detection of a wi-fi network called "bomb on board" that alarmed the passengers, the airline said on Thursday. From a report: In a statement, Turkish Airlines said the flight made an emergency landing at the Khartoum airport in Sudan, but the flight was safely resumed after security inspections on all passengers and the aircraft. Individuals can create personal wi-fi networks on devices such as mobile phones and name them what they want.
Bug

American Airlines Accidentally Let Too Many Pilots Take Off The Holidays (npr.org) 200

A glitch in American Airlines' pilot scheduling system means that thousands of flights during the holiday season currently do not have pilots assigned to fly them. From a report: The shortage was caused by an error in the system pilots use to bid for time off, the Allied Pilots Association told NPR. The union represents the airline's 15,000 pilots. "The airline is a 24/7 op," union spokesman Dennis Tajer told CNBC. "The system went from responsibly scheduling everybody to becoming Santa Claus to everyone." "The computer said, 'Hey ya'll. You want the days off? You got it.'"

Slashdot Top Deals