Government

US State Department Suffers Worldwide Email Outage (usatoday.com) 53

An anonymous reader quotes USA Today: The U.S. State Department's email system underwent a worldwide outage Friday, affecting all its unclassified communications within and outside of the department. The system was fully restored by Friday afternoon [after 12 hours], said a State Department official briefed on the incident who was not authorized to speak publicly and requested anonymity.

It was not clear what caused the early morning outage, but spokeswoman Heather Nauert told reporters it was not "any external action or interference."

Science

Self-sufficient Eclipse Chasers Hit the Road To 'Totality' (reuters.com) 39

An anonymous reader shares a report: Michael Zeiler packed his portable toilet then headed out on a 10-hour drive from New Mexico to Wyoming where, on Monday, he intends to mark the ninth time he has seen the moon pass in front of the sun in a total solar eclipse. Zeiler is a self-described "eclipse chaser," part of a group of avid astronomy buffs, telescope hobbyists and amateur photographers whose passion for such celestial events takes them to the far corners of the earth. For the first coast-to-coast total solar eclipse in the United States in almost a century, and the first visible anywhere in the Lower 48 states since 1979, Zeiler had only to drive some 650 miles (1,046 km) from the desert Southwest to the Rockies. He showed up prepared and early on Wednesday at his destination in Casper, Wyoming, within the "path of totality," the corridor over which the moon's 70-mile-wide shadow will be cast as it crosses the United States over 93 minutes. Along that path at the height of the eclipse on Aug. 21, the sun will be completely blotted out except for its outer atmosphere, known as the corona.
Encryption

How Security Pros Look at Encryption Backdoors (helpnetsecurity.com) 49

An anonymous reader shares a report: The majority of IT security professionals believe encryption backdoors are ineffective and potentially dangerous, with 91 percent saying cybercriminals could take advantage of government-mandated encryption backdoors. 72 percent of the respondents do not believe encryption backdoors would make their nations safer from terrorists, according to a Venafi survey of 296 IT security pros, conducted at Black Hat USA 2017. Only 19 percent believe the technology industry is doing enough to protect the public from the dangers of encryption backdoors. 81 percent feel governments should not be able to force technology companies to give them access to encrypted user data. 86 percent believe consumers don't understand issues around encryption backdoors.
Communications

Tech Companies Urge Supreme Court To Boost Cellphone Privacy (reuters.com) 29

More than a dozen high technology companies and the biggest wireless operator in the United States, Verizon, have called on the U.S. Supreme Court to make it harder for government officials to access individuals' sensitive cellphone data. From a report: The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user's whereabouts. Signed by some of Silicon Valley's biggest names, including Apple, Facebook, Twitter, Snap and Alphabet's Google, the brief said that as individuals' data is increasingly collected through digital devices, greater privacy protections are needed under the law. "That users rely on technology companies to process their data for limited purposes does not mean that they expect their intimate data to be monitored by the government without a warrant," the brief said.
The Military

US Army Walks Back Decision To Ban DJI Drones Ever So Slightly (suasnews.com) 27

garymortimer shares a report from sUAS News: News has reached me that another DJI memo was passed around on Friday the 11th of August. An exception to policy with recommendations from the asymmetric warfare group that will permit the use of DJI kit once some conditions have been met. The Android Tactical Assault Kit will become the ground control station (GCS) of choice when a DJI plugin has passed OPSEC (Operational Security) scrutiny. In a separate report from Reuters, DJI said it is "tightening data security in the hopes that the U.S. Army will lift its ban on DJI drones because of 'cyber vulnerabilities.'" The company is "speeding deployment of a system that allows users to disconnect from the internet during flights, making it impossible for flight logs, photos or videos to reach DJI's computer servers," reports Reuters. While the security measure has been in the works for several months, it's being rolled out sooner than planned because of the Army's decision to discontinue the use of DJI drones.
Transportation

Uber and Lyft May Cause Lower Car Ownership In Big Cities, Says Report (slashgear.com) 118

A new study from the University of Michigan Transportation Research Institute has shed light on what may turn out to be a growing trend: lower car ownership in cities where ride-sharing services are available. SlashGear reports: While Uber and Lyft have both deployed in a number of cities, they have, at times, had to abandon those cities due to local governments driving them out for one reason or another. That's what happened in Austin, Texas, opening the door for an interesting study on personal car ownership. Did the sudden absence of these two services cause increased car usage and/or ownership, or did things remain unaffected? The result, according to the study, was a big increase in personal car usage and a statistically significant increase in car ownership. The researchers surveyed a total of 1,200 people from the Austin region, and found that 41-percent of them started using their own car more often to make up for the lack of Uber and Lyft rides. As well, a total of 9-percent of those surveyed bought their own personal car to make up for the services' absences.
Power

Mass Market Hopes For Battery-free Cell Phone Technology (reuters.com) 102

Mark Hanrahan, writing for Reuters: Researchers in the United States have unveiled a prototype of a battery-free mobile phone, using technology they hope will eventually come to be integrated into mass-market products. The phone is the work of a group of researchers at the University of Washington in Seattle and works by harvesting tiny amounts of power from radio signals, known as radio frequency or 'RF' waves. "Ambient RF waves are all around us so, as an example, your FM station broadcasts radio waves, your AM stations do that, your TV stations, your cellphone towers. They all are transmitting RF waves," team member Vamsi Talla told Reuters. The phone is a first prototype and its operation is basic - at first glance it looks little more than a circuit board with a few parts attached and the caller must wear headphones and press a button to switch between talking and listening.
United States

Net Neutrality Rollback Faces New Criticism From US Congress -- And 16 Million Comments (techcrunch.com) 147

An anonymous reader quotes TechCrunch's newest update on the FCC's attempt to gut net neutrality protections: 10 Representatives who helped craft the law governing the FCC itself have submitted an official comment on the proposal ruthlessly dismantling it... The FCC is well within its rights to interpret the law, and it doesn't have to listen to contrary comments from the likes of you and me. It does, however, have to listen to Congress -- "congressional intent" is a huge factor in determining whether an interpretation of the law is reasonable. And in the comment they've just filed, Representatives Pallon, Doyle et al. make it very clear that their intent was and remains very different from how the FCC has chosen to represent it.

"The law directs the FCC to look at ISP services as distinct from those services that ride over the networks. The FCC's proposal contravenes our intent... While some may argue that this distinction should be abandoned because of changes in today's market, that choice is not the FCC's to make. The decision remains squarely with those of us in Congress -- and we have repeatedly chosen to leave the law as it is."

In another letter Thursday, 15 Congressmen asked FCC Chairman Ajit Pai to extend the time period for comments. They note the proposed changes have received more than 16 million comments, more than four times the number of comments on any previous FCC item. The Hill reports that the previous record was 4 million comments -- during the FCC's last net neutrality proceeding in 2014 -- and "the lawmakers also noted that the comment period for approving net neutrality in 2014 was 60 days. Pai has only allowed a 30-day comment period for his plan to rollback the rules."
The Military

A US Spy Plane Has Been Flying Circles Over Seattle For Days (thedrive.com) 232

turkeydance shares Thursday's report from The Drive: A very unique U.S. Air Force surveillance aircraft has been flying highly defined circles over Seattle and its various suburbs for nine days now... The aircraft, which goes by the callsign "SPUD21" and wears a nondescript flat gray paint job with the only visible markings being a U.S. Air Force serial on its tail, is a CASA CN-235-300 transport aircraft that has been extensively modified... It is covered in a dizzying array of blisters, protrusions, humps and bumps. These include missile approach warning detectors and large fairings on its empennage for buckets of forward-firing decoy flares, as well as both microwave -- the dome antenna behind the wing and flat antenna modification in front of the wing -- and ultra high-frequency satellite communications -- the platter-like antenna behind the dome antenna. A communications intelligence suite also appears to be installed on the aircraft, with the antenna farm on the bottom of its fuselage being a clear indication of such a capability. But what's most interesting is the aircraft's apparent visual intelligence gathering installation...

This particular CN-235, with the serial 96-6042, is one of six that researchers commonly associated with the Air Force's top secret 427th Special Operations Squadron... The 427th occupies the same space with a host of other "black" U.S. military aviation elements, most of which are affiliated to some degree with Joint Special Operations Command and the Intelligence Community... [I]f the military placed the aircraft under civilian control to some degree and with an appropriate legal justification, the U.S. military could possibly fly it in support of a domestic operation or one focused on a foreign suspect or organization operating within the United States... It's also entirely possible, if not probable, that the aircraft could be involved in a realistic training exercise rather than an actual operation... The area could have simply provided a suitable urban area to test existing or new surveillance technologies, too, though this could spark serious privacy concerns if true.

Friday an Air Force Special Operations Command public affairs officer confirmed that the plane was one of theirs, describing its activity as "just a training mission," according to Russia Today.
Security

Should the Internet Be Secure By Default? (esecurityplanet.com) 154

darthcamaro writes: There are lots of tools and different secure protocols that could be used by internet service providers to embed security into the fabric of the internet, making the internet secure by default, but that's not something that Facebook's Chief Security Officer, Alex Stamos wants to happen. Instead of security by default, his view is that carriers should be neutral and let malicious traffic do whatever it wants.

"I believe strongly in the end-to-end principle, I think we should have neutral carriers in the middle and it should not be the responsibility of ISPs to secure the internet," Stamos said in a press conference at the Black Hat USA conference last week.

Slashdot reader Darth Technoid disagrees, calling a lack of security "the Original Sin of the Internet," and speculating that Vint Cerf and Bob Metcalfe "thought that future technology would resolve the issues." What do other Slashdot readers think?

Should the internet be secure by default?
Robotics

MegaBots Is Finally Going To Take On Japan In the World's First Giant Robot Duel (qz.com) 38

A company called MegaBots released a video two years ago challenging a Japanese collective to a giant robot fight. About a week later, the Japanese group, Suidobashi Heavy Industry, agreed. Now, according to MegaBots co-founderes, Matt Oehrlein and Gui Cavalcanti, the battle is set to take place in September. Quartz reports: The battle would have happened a bit sooner, but apparently there have been "logistical issues at the originally-chosen venue," according to a release shared with Quartz by MegaBots. Unfortunately for fans hoping to see the battle in action -- presumably including those who backed the Kickstarter project to the tune of $550,000 to bring this robot to life -- the event will be closed to the public and recorded, for fears over the teams' ability to keep spectators safe. (One of the earliest conversations MegaBots had with Suidobashi was trying to figure out how the human pilots inside the robots would themselves "figure out how to not die.") Fans will be able to watch the fight on MegaBots' Facebook and YouTube sites, but it's not clear whether the fight will be live.
Businesses

Monsanto Leaks Suggest It Tried To Kill Cancer Research On Roundup Weed Killer (rt.com) 242

Danny Hakim reports via The New York Times (Warning: article may be paywalled; alternate source): Documents released Tuesday in a lawsuit against Monsanto raised new questions about the company's efforts to influence the news media and scientific research and revealed internal debate over the safety of its highest-profile product, the weed killer Roundup. The active ingredient in Roundup, glyphosate, is the most common weed killer in the world and is used by farmers on row crops and by home gardeners. While Roundup's relative safety has been upheld by most regulators, a case in federal court in San Francisco continues to raise questions about the company's practices and the product itself.

The documents underscore the lengths to which the agrochemical company goes to protect its image. Documents show that Henry I. Miller, an academic and a vocal proponent of genetically modified crops, asked Monsanto to draft an article for him that largely mirrored one that appeared under his name on Forbes's website in 2015. Mr. Miller could not be reached for comment. A similar issue appeared in academic research. An academic involved in writing research funded by Monsanto, John Acquavella, a former Monsanto employee, appeared to express discomfort with the process, writing in a 2015 email to a Monsanto executive, "I can't be part of deceptive authorship on a presentation or publication." He also said of the way the company was trying to present the authorship: "We call that ghost writing and it is unethical." Mr. Miller's 2015 article on Forbes's website was an attack on the findings of the International Agency for Research on Cancer, a branch of the World Health Organization that had labeled glyphosate a probable carcinogen, a finding disputed by other regulatory bodies. In the email traffic, Monsanto asked Mr. Miller if he would be interested in writing an article on the topic, and he said, "I would be if I could start from a high-quality draft." The article appeared under Mr. Miller's name, and with the assertion that "opinions expressed by Forbes Contributors are their own." The magazine did not mention any involvement by Monsanto in preparing the article.

Businesses

Uber Knowingly Leased Unsafe Cars To Drivers, Says Report (usatoday.com) 35

According to a report by the Wall Street Journal, Uber knowingly rented recalled Honda sports utility vehicles to its drivers in Singapore, where at least one of which caught fire. USA Today reports: The paper reported Uber's Singapore office bought more than 1,000 Honda Vezel sports utility vehicles to rent to its drivers there. The cars contained a faulty electrical part that could catch on fire and Honda had recalled in Japan and elsewhere. There had been at least six reports of fires in the Vezel. In a statement Uber said that as soon as it learned of a Honda Vezel catching fire, it took swift action to fix the problem, coordinating with Singapore's Land Transport Authority as well as technical experts. However it acknowledged that it could have done more. The company said it has since introduced robust protocols and hired three dedicated experts in Singapore to ensure that it is fully responsive to safety recalls.
AT&T

Verizon, AT&T Customers Are Getting Slower Speeds Because of Unlimited Data Plans (recode.net) 102

An anonymous reader quotes a report from Recode: Unlimited data plans are slowing down mobile speeds for Verizon and AT&T customers, according to data released today by mobile network measurement company OpenSignal. Verizon and AT&T reinstated their unlimited plans in February to compete with T-Mobile and Sprint, which have long offered unlimited data plans, and have since seen a deluge of demand. Greater data demand -- either more data usage or more customers -- means slower speeds. Think of it as increased traffic on a highway. Verizon and AT&T also have nearly double the subscribers of T-Mobile and Sprint, so changes in their offerings hit their networks harder. Both Verizon and AT&T saw a notable decline in speeds after introducing unlimited plans. T-Mobile and Sprint have been able to gradually account for the increase in data demand, so their speeds weren't negatively affected this year -- indeed, they both got faster since OpenSignal's February report. Verizon and T-Mobile were basically tied for speeds at the beginning of this year. Now, T-Mobile has taken the lead with an average LTE download speed of 17.5 Mbps, compared with Verizon's 14.9 Mbps. Here's a good comparison of the unlimited plans currently offered by the "Big 4" carriers.
Government

Senators Propose Bill Targeting Websites That Facilitate Sex Trafficking (usatoday.com) 187

An anonymous reader quotes a report from USA Today: A bipartisan group of lawmakers introduced legislation Tuesday that aims to make it easier to sue and criminally prosecute operators of online classified sites like Backpage.com that have been used to advertise sex workers. The proposed bill would amend the Communications Decency Act to eliminate a provision that shields operators of websites from being liable for content posted by third-party users. In addition to removing liability protections for websites that facilitate "unlawful sex acts with sex trafficking victims," lawmakers are seeking to amend the CDA to allow state prosecutors -- not just federal law enforcement -- to take action against individuals and businesses that use websites to violate federal sex trafficking laws. "For too long, courts around the country have ruled that Backpage can continue to facilitate illegal sex trafficking online with no repercussions," said Sen. Rob Portman, R-Ohio. "The Communications Decency Act is a well-intentioned law, but it was never intended to help protect sex traffickers who prey on the most innocent and vulnerable among us. This bipartisan, narrowly crafted bill will help protect vulnerable women and young girls from these horrific crimes."
Government

US Senators To Introduce Bill To Secure 'Internet of Things' (reuters.com) 138

Dustin Volz, reporting for Reuters: A bipartisan group of U.S. senators on Tuesday plans to introduce legislation seeking to address vulnerabilities in computing devices embedded in everyday objects -- known in the tech industry as the "internet of things" -- which experts have long warned poses a threat to global cyber security. The new bill would require vendors that provide internet-connected equipment to the U.S. government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities. Republicans Cory Gardner and Steve Daines and Democrats Mark Warner and Ron Wyden are sponsoring the legislation, which was drafted with input from technology experts at the Atlantic Council and Harvard University. A Senate aide who helped write the bill said that companion legislation in the House was expected soon.
Government

The US Congress Is Investigating Government Use Of Kaspersky Software (reuters.com) 47

An anonymous reader quotes Reuters: A U.S. congressional panel this week asked 22 government agencies to share documents on Moscow-based cyber firm Kaspersky Lab, saying its products could be used to carry out "nefarious activities against the United States," according to letters seen by Reuters. The requests made on Thursday by the U.S. House of Representatives Committee on Science, Space and Technology are the latest blow to the antivirus company, which has been countering accusations by U.S. officials that it may be vulnerable to Russian government influence... The committee "is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage, or other nefarious activities against the United States," wrote the panel's Republican chairman, Lamar Smith, in the letters... A committee aide told Reuters the survey was a "first step" designed to canvas the U.S. government and that more action may follow depending on the results.
Agencies contacted include both the Deparatment of Homeland Security and NASA. The committee wants to see internal risk assessments, plus a list of all systems using Kaspersky products and the names of government contractors using the software.
Debian

Systemd Named 'Lamest Vendor' At Pwnie Security Awards (theregister.co.uk) 436

Long-time Slashdot reader darkpixel2k shares a highlight from the Black Hat USA security conference. The Register reports: The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas... The gongs are divided into categories, and nominations in each section are voted on by the hacker community... The award for best server-side bug went to the NSA's Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers...

And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"

CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.
United States

Congress Asks US Agencies For Kaspersky Lab Cyber Documents (reuters.com) 28

Reuters reports: A U.S. congressional panel this week asked 22 government agencies to share documents on Moscow-based cyber firm Kaspersky Lab, saying its products could be used to carry out "nefarious activities against the United States," according to letters seen by Reuters. The requests made on Thursday by the U.S. House of Representatives Committee on Science, Space and Technology are the latest blow to the antivirus company, which has been countering accusations by U.S. officials that it may be vulnerable to Russian government influence. The committee asked the agencies for all documents and communications about Kaspersky Lab products dating back to Jan. 1, 2013, including any internal risk assessments. It also requested lists of any systems that use Kaspersky products and the names of any U.S. government contractors or subcontractors that do so. Kaspersky has repeatedly denied that it has ties to any government and said it would not help any government with cyber espionage. It said there is no evidence for the accusations made by U.S. officials. The committee "is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage, or other nefarious activities against the United States," wrote the panel's Republican chairman, Lamar Smith, in the letters.
Bitcoin

US Indicts Suspected Russian 'Mastermind' of $4 Billion Bitcoin Laundering Scheme (reuters.com) 99

schwit1 shares a report from Reuters: A U.S. jury indicted a Russian man on Wednesday as the operator of a digital currency exchange he allegedly used to launder more than $4 billion for people involved in crimes ranging from computer hacking to drug trafficking. Alexander Vinnik was arrested in a small beachside village in northern Greece on Tuesday, according to local authorities, following an investigation led by the U.S. Justice Department along with several other federal agencies and task forces. U.S. officials described Vinnik in a Justice Department statement as the operator of BTC-e, an exchange used to trade the digital currency bitcoin since 2011. They alleged Vinnik and his firm "received" more than $4 billion in bitcoin and did substantial business in the United States without following appropriate protocols to protect against money laundering and other crimes. U.S. authorities also linked him to the failure of Mt. Gox, a Japan-based bitcoin exchange that collapsed in 2014 after being hacked. Vinnik "obtained" funds from the hack of Mt. Gox and laundered them through BTC-e and Tradehill, another San Francisco-based exchange he owned, they said in the statement.

Slashdot Top Deals