Slashdot security articles

Syndicate content Slashdot: Generated for TarPitt (217247)
News for nerds, stuff that matters: Generated for TarPitt (217247)
Updated: 22 hours 12 min ago

Apple Targets Jailbreaking In Lawsuit Against iOS Virtualization Company

Fri, 01/03/2020 - 16:03
An anonymous reader quotes a report from Ars Technica: Apple has expanded a lawsuit against an iOS virtualization company, claiming that its actions facilitate jailbreaking and violate the Digital Millennium Copyright Act (DMCA) prohibition on circumvention of copyright-protection systems. Apple sued Corellium, a company that sells access to virtual machines that run copies of the operating system used in iPhones and iPads, in August 2019. Apple said that Corellium sells "perfect replicas" of iOS without a license from Apple and markets its software as "a research tool for those trying to discover security vulnerabilities and other flaws in Apple's software." But instead of aiding good-faith security research, Corellium "encourages its users to sell any discovered information on the open market to the highest bidder," Apple alleged. The first version of Apple's lawsuit accused Corellium of copyright infringement. A new version filed on December 27 alleges both copyright infringement and "unlawful trafficking of a product used to circumvent security measures in violation of 17 U.S.C. 1201," a statute that's part of the DMCA. Apple argued that Corellium gives users the ability to jailbreak iOS for either benign or malicious purposes. In response to the new allegations, Corellium CEO Amanda Gorton said "Apple's latest filing against Corellium should give all security researchers, app developers, and jailbreakers reason to be concerned." Corellium is "deeply disappointed by Apple's persistent demonization of jailbreaking," with Gorton writing that "developers and researchers rely on jailbreaks to test the security of both their own apps and third-party apps." Apple's filing, according to Corellium, essentially "assert[s] that anyone who provides a tool that allows other people to jailbreak, and anyone who assists in creating such a tool, is violating the DMCA." Apple, Gorton wrote, "is using this case as a trial balloon in a new angle to crack down on jailbreaking" and "is seeking to set a precedent to eliminate public jailbreaks."

Company Shuts Down Because of Ransomware, Leaves 300 Without Jobs Just Before Holidays

Fri, 01/03/2020 - 10:45
An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn't go according to plan following a ransomware incident that took place at the start of October 2019. From a report: Employees of Sherwood-based telemarketing firm The Heritage Company were notified of the decision just days before Christmas, via a letter sent by the company's CEO. Speaking with local media, employees said they had no idea the company had even suffered a ransomware attack, and the layoffs were unexpected, catching many off guard. "Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically 'held us hostage for ransom' and we were forced to pay the crooks to get the 'key' just to get our systems back up and running," wrote Sandra Franecke, the company's CEO, in the letter sent to employees. She goes on to say that data recovery efforts, initially estimated at one week, have not gone according to plan and the company had failed to recover full service by Christmas. Franecke said the company lost "hundreds of thousands of dollars" because of the incident and have been forced to "restructure different areas in the company." As a result of the botched ransomware recovery process, the company's leadership decided to suspend all services, leaving more than 300 employees without jobs.

New USB Cable Kills Your Linux Laptop if Stolen in a Public Place

Fri, 01/03/2020 - 06:00
A software engineer has designed a so-called USB "kill cable" that works as a dead man's switch to shut down or wipe a Linux laptop when the device is stolen off your table or from your lap in public spaces like parks, malls, and internet cafes. From a report: The cable, named BusKill, was designed by Michael Altfield, a software engineer and Linux sysadmin from Orlando, Florida. The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the laptop and triggers a udev script that executes a series of preset operations.

Xiaomi Camera Feed is Showing Random Homes on a Google Nest Hub, Including Still Images of Sleeping People

Thu, 01/02/2020 - 10:16
An anonymous reader shares a report: So-called "smart" security cameras have had some pretty dumb security problems recently, but a recent report regarding a Xiaomi Mijia camera linked to a Google Home is especially disturbing. One Xiaomi Mijia camera owner is getting still images from other random peoples' homes when trying to stream content from his camera to a Google Nest Hub. The images include sills of people sleeping (even an infant in a cradle) inside their own homes. This issue was first reported by user /r/Dio-V on Reddit and affects his Xiaomi Mijia 1080p Smart IP Security Camera, which can be linked to a Google account for use with Google/Nest devices through Xiaomi's Mi Home app/service. It isn't clear when Dio-V's feed first began showing these still images into random homes or how long the camera was connected to his account before this started happening. He does state that both the Nest Hub and the camera were purchased new. The camera was noted as running firmware version 3.5.1_00.66.

Chrome Extension Caught Stealing Crypto-Wallet Private Keys

Wed, 01/01/2020 - 21:30
A Google Chrome extension was caught injecting JavaScript code on web pages to steal passwords and private keys from cryptocurrency wallets and cryptocurrency portals. From a report: The extension is named Shitcoin Wallet (Chrome extension ID: ckkgmccefffnbbalkmbbgebbojjogffn), and was launched last month, on December 9. According to an introductory blog post, Shitcoin Wallet lets users manage Ether (ETH) coins, but also Ethereum ERC20-based tokens -- tokens usually issued for ICOs (initial coin offerings). Users can install the Chrome extension and manage ETH coins and ERC20 tokens from within their browser, or they can install a Windows desktop app, if they want to manage their funds from outside a browser's riskier environment. However, the wallet app wasn't what it promised to be. Yesterday, Harry Denley, Director of Security at the MyCrypto platform, discovered that the extension contained malicious code. According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk.

Major US Companies Breached, Robbed, and Spied on by Chinese Hackers

Tue, 12/31/2019 - 09:30
Rob Barry and Dustin Volz, reporting for Wall Street Journal: The hackers seemed to be everywhere. In one of the largest-ever corporate espionage efforts, cyberattackers alleged to be working for China's intelligence services stole volumes of intellectual property, security clearance details and other records from scores of companies over the past several years. They got access to systems with prospecting secrets for mining company Rio Tinto, and sensitive medical research for electronics and health-care giant Philips NV. They came in through cloud service providers, where companies thought their data was safely stored. Once they got in, they could freely and anonymously hop from client to client, and defied investigators' attempts to kick them out for years. Cybersecurity investigators first identified aspects of the hack, called Cloud Hopper by the security researchers who first uncovered it, in 2016, and U.S. prosecutors charged two Chinese nationals for the global operation last December. The two men remain at large. A Wall Street Journal investigation has found that the attack was much bigger than previously known. It goes far beyond the 14 unnamed companies listed in the indictment, stretching across at least a dozen cloud providers, including CGI Group, one of Canada's largest cloud companies; Tieto Oyj, a major Finnish IT services company; and International Business Machines. The Journal pieced together the hack and the sweeping counteroffensive by security firms and Western governments through interviews with more than a dozen people involved in the investigation, hundreds of pages of internal company and investigative documents, and technical data related to the intrusions. The Journal found that Hewlett Packard Enterprise was so overrun that the cloud company didn't see the hackers re-enter their clients' networks, even as the company gave customers the all-clear.

Microsoft Takes Down 50 Domains Operated by North Korean Hackers

Mon, 12/30/2019 - 18:06
Microsoft announced today that it successfully took down 50 web domains previously used by a North Korean government-backed hacking group. From a report: The OS maker said the 50 domains were used to launch cyberattacks by a group the company has been tracking as Thallium (also known as APT37). Microsoft said the Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) teams have been monitoring Thallium for months, tracking the group's activities, and mapping its infrastructure. On December 18, the Redmond-based company filed a lawsuit against Thallium in a Virginia court. Shortly after Christmas, US authorities granted Microsoft a court order, allowing the tech company to take over 50 domains that the North Korean hackers have been using as part of their attacks. The domains were used to send phishing emails and host phishing pages.

Security Camera Startup Wyze Leaked Data on Millions of Customers

Sun, 12/29/2019 - 12:40
An anonymous reader quotes CNET: Security camera startup Wyze has confirmed it suffered a data leak earlier this month that left the personal information for millions of its customers exposed on the internet. No passwords or financial information was exposed, but email addresses, Wi-Fi network IDs and body metrics for 2.4 million customers were left unprotected from Dec. 4 through Dec. 26, the company said Friday. The data was accidentally left exposed when it was transferred to a new database to make the data easier to query, but a company employee failed to maintain previous security protocols during the process, Wyze co-founder Dongsheng Song wrote in a forum post. "We are still looking into this event to figure out why and how this happened," he wrote... Among the data exposed in the Wyze leak was the height, weight, gender and other health information for about 140 beta users participating in testing of new hardware, Wyze said.

CNET Releases '2019 Data Breach Hall of Shame' Dishonoring This Year's Biggest Data Breaches

Sun, 12/29/2019 - 06:34
schwit1 quotes CNET's report on their newly-released "2019 Data Breach Hall of Shame." The biggest recurrent motif among the major data breaches of 2019 wasn't the black-hooded hacker in a dark room, digging into a screen full of green text. It was a faceless set of executives and security professionals under the fluorescent lights of an office somewhere, frantically dialing their attorneys and drafting public relations apologies after leaving the front doors of their servers unlocked in public. The words "unsecured database" seemed to run on repeat through security journalism in 2019. Every month, another company was asking its customers to change their passwords and report any damage. Cloud-based storage companies like Amazon Web Services and ElasticSearch repeatedly saw their names surface in stories of negligent companies -- in the fields of health care, hospitality, government and elsewhere -- which left sensitive customer data unprotected in the open wilds of the internet, to be bought and sold by hackers who barely had to lift a finger to find it. And it's not just manic media coverage. The total number of breaches was up 33% over last year, according to research from Risk Based Security, with medical services, retailers and public entities most affected. That's a whopping 5,183 data breaches for a total of 7.9 billion exposed records. In November, the research firm called 2019 the "worst year on record" for breaches.

How Should Students Respond To Their School's Surveillance Systems?

Sun, 12/29/2019 - 00:34
Hundreds of thousands of American students are being tracked by their colleges to monitor attendance, analyze behavior and assess their mental health, the Washington Post reported this week. That article has now provoked some responses... Jay Balan, chief security researcher at Bitdefender, told Gizmodo that the makers of the student-tracking apps should at least offer bug bounties and disclose their source code -- while rattling off easily foreseeable scenarios like the stalking of students. Gizmodo notes one app's privacy policy actually allows them to "collect or infer" students' approximate location -- even when students have turned off location tracking -- and allows third parties to "set and access their own tracking technologies on your devices." And cypherpunk Lance R. Vick tweeted in response to the article, "If you are at one of these schools asking you to install apps on your phone to track you, hit me up for some totally hypothetical academic ideas..." Gizmodo took him up on his offer -- and here's a bit of what he said: Students could reverse engineer the app to develop their own app beacon emulators to tell the tracking beacons that all students are present all the time. They could also perhaps deploy their own rogue tracking beacons to publish the anonymised attendance data for all students to show which teachers are the most boring as evidenced by lack of attendance. If one was hypothetically in an area without laws against harmful radio interference (like outside the U.S.) they could use one of many devices on the market to disrupt all Bluetooth communications in a target area so no one gets tracked... If nothing else, you could potentially just find a call in the API that takes a bit longer to come back than the rest. This tells you it takes some amount of processing on their side. What happens if you run that call a thousand times a second? Or only call it partway over and over again? This often brings poorly designed web services to a halt very quickly... Assuming explorations on the endpoints like the phone app or beacon firmware fail you could still potentially learn useful information exploring the wireless traffic itself using popular SDR tools like a HackRF, Ubertooth, BladeRF. Here you potentially see how often they transmit, what lives in each packet, and how you might convert your own devices, perhaps a Raspberry Pi with a USB Bluetooth dongle, to be a beacon of your own. Anyone doing this sort of thing should check their local and federal laws and approach it with caution. But these exact sorts of situations can, for some, be the start of a different type of education path -- a path into security research. Bypassing annoying digital restrictions at colleges was a part of how I got my start, so maybe a new generation can do similar. :) Gizmodo calls his remarks "hypothetical hacking that you (a student with a bright future who doesn't want any trouble) should probably not do because you might be breaking the law." But then how should students respond to their school's surveillance systems?

Would Social Media Have Made Life Worse For Richard Jewell?

Sat, 12/28/2019 - 18:34
Long-time Slashdot reader theodp writes: Clint Eastwood's new movie Richard Jewell recounts the incredible tale of the security guard. Jewell was later [erroneously] considered a suspect after being hailed by the media for saving many from injury or death by discovering a backpack containing three pipe bombs in Atlanta's Centennial Park during the 1996 Summer Olympics and helping to evacuate the area before the bomb exploded. Despite never being charged, he was subjected to an intense "trial by media" before receiving an apology from Attorney General Janet Reno and ultimately being completely exonerated. The movie prompted Henry Schuster, an investigative producer for CNN at the time of the bombing, to offer an overdue apology in the Washington Post for his and the press's role in turning Jewell from a hero to a villain by serving as "the FBI's megaphone...." Schuster warns, "Think how much worse it would have been for Jewell in 2019." The article mostly shares the thought processes of that investigative producer. (He remembers that in 2005, "I sat at the computer and started my letter of apology, got frustrated and hit save. A year after that, Jewell died at 44, after months of failing health; my letter remained unfinished and unsent.") But the CNN producer also writes that in the 23 years since the incident, social media has "made the rush to judgment instantaneous -- as quick as machine trading on Wall Street, but without any circuit-breakers." Would that have changed the way things played out if the incident happened in 2019? It's an interesting thought exercise -- so share your own thoughts in the comments. Would social media have made life worse for Richard Jewell?

FSF-Approved Hyperbola GNU/Linux Forking OpenBSD, Citing 'User Freedom' Concerns

Sat, 12/28/2019 - 15:34
Long-time Slashdot reader twocows writes: Hyperbola GNU/Linux, a FSF-approved distribution of GNU/Linux, has declared their intent to fork OpenBSD and become HyperbolaBSD..." The news came earlier this week in a roadmap announcement promising "a completely new OS derived from several BSD implementations" (though Hyperbola was originally based on Arch snapshots and Debian development). "This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom." In 2017 Hyperbola dropped its support for systemd -- but its concerns go far beyond that: This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones. Reasons for this include: - Linux kernel forcing adaption of DRM, including HDCP. - Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.) - Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software) - Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies....) HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.

UK Government Accidentally Doxxes Award Winners

Sat, 12/28/2019 - 13:34
More than 1,000 celebrities, government employees and politicians recognized in the U.K.'s traditional New Year's Honours list this year "have had their home and work addresses posted on a government website," reports the Guradian. Shimbo (Slashdot reader #100,005) quotes their report: The accidental disclosure of the tranche of personal details is likely to be considered a significant security breach, particularly as senior police and Ministry of Defence staff were among those whose addresses were made public. Many of the more than a dozen Ministry of Defence employees and senior counter-terrorism officers who received honours had their home addresses revealed, along with countless others who may believe the disclosure has put them in a vulnerable position. Prominent public figures including the musician Elton John, the cricketer Ben Stokes, NHS England's chief executive, Simon Stevens, the politicians Iain Duncan Smith and Diana Johnson, TV chef Nadiya Hussain, and the former director of public prosecutions Alison Saunders were among those whose home addresses were published... The vast majority of people on the list had their house numbers, street names and postcodes included. The director of the non-profit privacy group Big Brother Watch expressed concerns to the Guardian that the government "doesn't have a basic grip on data protection, and that people receiving some of the highest honours have been put at risk because of this. "It's a farcical and inexcusable mistake, especially given the new Data Protection Act passed by the government last year -- it clearly can't stick by its rules."

Amazon, Ring Face Class-Action Lawsuit Over Alleged Security Camera Hacks

Fri, 12/27/2019 - 16:45
Alabama resident John Orange has filed a class-action lawsuit accusing Amazon and Ring of failing to do enough to secure their security systems against hacks, including Orange's. Engadget reports: He alleged that a stranger compromised his Ring outdoor camera and spooked his kids as a "direct and proximate" result of the company's inability to protect its devices "against cyber-attack." He pointed to other incidents to support the argument for a class action, including a highly publicized event in December where a remote intruder harassed a Mississippi girl. Orange also claimed that Ring's response was evidence of the company blaming customers. It told Orange that there was "no evidence" someone had hacked the firm's infrastructure, and that his incident may be the result of a breach at a "non-Ring service" where the perpetrators reused info to sign into Ring accounts. In other words, Ring couldn't help it if people reused passwords with sites and services it can't control. The suit formally levels accusations of breach of contract, invasion of privacy, negligence, unjust enrichment and violating California's Unfair Competition Law (through misleading representations of security). If it achieves class action status, it would ask Amazon and Ring to compensate victims and implement "improved security procedures and measures."

Ask Slashdot: What Will the 2020s Bring Us?

Fri, 12/27/2019 - 05:00
dryriver writes: The 2010s were not necessarily the greatest decade to live through. AAA computer games were not only DRM'd and internet tethered to death but became increasingly formulaic and pay-to-win driven, and poor quality console ports pissed off PC gamers. Forced software subscriptions for major software products you could previously buy became a thing. Personal privacy went out the window in ways too numerous to list, with lawmakers failing on many levels to regulate the tech, data-mining and internet advertising companies in any meaningful way. Severe security vulnerabilities were found in hundreds of different tech products, from Intel CPUs to baby monitors and internet-connected doorbells. Thousands of tech products shipped with microphones, cameras, and internet connectivity integration that couldn't be switched off with an actual hardware switch. Many electronics products became harder or impossible to repair yourself. Printed manuals coming with tech products became almost non-existent. Hackers, scammers, ransomwarers and identity thieves caused more mayhem than ever before. Troll farms, click farms and fake news factories damaged the integrity of the internet as an information source. Tech companies and media companies became afraid of pissing off the Chinese government. Windows turned into a big piece of spyware. Intel couldn't be bothered to innovate until AMD Ryzen came along. Nvidia somehow took a full decade to make really basic realtime raytracing happen, even though smaller GPU maker Imagination had done it years earlier with a fraction of the budget, and in a mobile GPU to boot. Top-of-the-line smartphones became seriously expensive. Censorship and shadow banning on the once-more-open internet became a thing. Easily-triggered people trying to muzzle other people on social media became a thing. The quality of popular music and music videos went steadily downhill. Star Wars went to shit after Disney bought it, as did the Star Trek films. And mainstream cinema turned into an endless VFX-heavy comic book movies, remakes/reboots and horror movies fest. In many ways, television was the biggest winner of the 2010s, with many new TV shows with film-like production values being made. The second winner may be computer hardware that delivered more storage/memory/performance per dollar than ever before. To the question: What, dear Slashdotters, will the 2020s bring us? Will things get better in tech and other things relevant to nerds, or will they get worse?

New Rule Would Make it Possible To Track and Identify Nearly All Drones Flying in the US

Thu, 12/26/2019 - 10:11
The Federal Aviation Administration put forward a rule Thursday that would empower the government to track most drones in the U.S. From a report: The rule will require drones to implement a remote ID system, which will make it possible for third parties to track them. The measure will help law enforcement identify unauthorized drones that may pose a security threat, paving the way for wider adoption of commercial drone technology. The rule said that the FAA expects all eligible drones in the U.S. to comply with the rule within three years. The approval is a milestone in commercial drone delivery, as companies including Amazon, Uber and Google parent Alphabet are racing to add unmanned aircraft to their fleets to save costs and deliver goods faster. In June, Amazon debuted its newest delivery drone as part of a push inside Amazon to speed up its delivery times for Prime members. In October, Alphabet's drone unit Wing officially launched the country's first commercial drone delivery flight. UPS's Flight Forward subsidiary said in October that it received federal approval to operate a fleet of drones, giving it broad privileges to expand unmanned package delivery. It was the first time the FAA had granted such broad approval to a company to operate a fleet of drones as an airline.

Ring's Security Woes Cause Some Tech Review Sites To Rethink Glowing Endorsements

Thu, 12/26/2019 - 09:21
At least two tech review sites are discussing whether to rescind their positive recommendations of Ring's home surveillance cameras, a leading digital-rights organization announced this week. From a report: In the wake of reporting by Gizmodo and other outlets this year concerning Ring's troubled security and privacy practices, Fight for the Future has launched a campaign calling on tech review sites, such as Consumer Reports and PC Magazine, to suspend recommending Ring products. "Tech reviews and guides play an important role in people deciding which devices to buy," said Evan Greer, deputy director of Fight for the Future. [...] Last week, the tech review site Wirecutter announced it was suspending its recommendation of Ring products citing a report about a data leak by BuzzFeed's Caroline Haskins. This prompted Fight for the Future to contact other review sites and ask them to rescind their recommendations as well.

'Fox News Is Now a Threat to National Security'

Wed, 12/25/2019 - 18:30
The network's furthering of lies from foreign adversaries and flagrant disregard for the truth have gotten downright dangerous. Garrett M. Graff, writing for Wired earlier this month: Monday's split-screen drama, as the House Judiciary Committee weighed impeachment charges against President Trump and as the Justice Department's inspector general released a 476-page report on the FBI's handling of its 2016 investigation into Trump's campaign, made one truth of the modern world inescapable: The lies and obfuscations forwarded ad infinitum on Fox News pose a dangerous threat to the national security of the United States. The facts of both dramas were clear to objective viewers: In the one instance, there's conclusive and surprisingly consistent evidence that President Trump pushed Ukraine to concoct dirt on a domestic political rival to affect the 2020 presidential election, and in the other, Justice Department Inspector General Michael Horowitz found that the FBI was proper to investigate Trump's dealings with Russia in the 2016 presidential campaign. But that set of facts is not what anyone who was watching Fox News heard. Instead, Fox spent the night describing an upside-down world where the president's enemies had spun a web of lies about Trump and Ukraine, even as Horowitz blew open the base corruption that has driven every attack on the president since 2016. Sean Hannity, who had long trumpeted the forthcoming inspector general report and expected a thorough indictment of the behavior of former FBI director James Comey and other members of the "deep state," had a simple message for his viewers during Fox's Monday night prime time: "Everything we said, everything we reported, everything we told you was dead-on-center accurate," he said. "It is all there in black and white, it's all there." Except they weren't right and it wasn't there. But Fox News' viewers evidently were not to be told those hard truths -- they were to be kept thinking that everything in their self-selected filter bubble was just peachy keen. Over on Fox Business, Lou Dobbs said the mere fact that the IG found no political bias in the FBI's investigation of Trump and Russia in 2016 was de facto proof of the power of the deep state. John Harwood, long one of Washington's most respected conservative voices in journalism, summed up Fox's approach Monday night simply: "Lunacy." It's worse than lunacy, though. Fox's bubble reality creates a situation where it's impossible to have the conversations and debate necessary to function as a democracy. Facts that are inconvenient to President Trump simply disappear down Fox News' "memory hole," as thoroughly as George Orwell could have imagined in 1984. The idea that Fox News represents a literal threat to our national security, on par with Russia's Internet Research Agency or China's Ministry of State Security, may seem like a dramatic overstatement of its own but this week has made clear that, as we get deeper into the impeachment process and as the 2020 election approaches, Fox News is prepared to destroy America's democratic traditions if it will help its most important and most dedicated daily viewer. The threat posed to our democracy by Fox News is multifaceted: First and most simply, it's clearly advancing and giving voice to narratives and smears backed and imagined by our foreign adversaries. Second, its overheated and bombastic rhetoric is undermining America's foundational ideals and the sense of fair play in politics. Third, its unique combination of lies and half-truths has built a virtual reality so complete that it leaves its viewers too misinformed to fulfill their most basic responsibilities as citizens to make informed choices about the direction of the country.

Pentagon Wants Open-Source 5G Plan in Campaign Against Huawei

Wed, 12/25/2019 - 18:00
The Pentagon is urging US telecoms equipment makers to join forces on 5G technology in a drive to offer a homegrown alternative to China's Huawei. From a report: Lisa Porter, who oversees research and development at the defence department, has asked US companies to develop open-source 5G software -- in effect opening up their technology to potential rivals -- warning they risk becoming obsolete if they do not. Making 5G tech open-source could threaten American companies such as Cisco or Oracle, the biggest American suppliers of telecoms network equipment. This technology -- known as open radio access networks -- would allow telecoms carriers to buy off-the-shelf hardware from a range of vendors, rather than bespoke systems. US officials hope it will provide an alternative to Huawei. The Chinese equipment maker dominates the market, but many in Washington believe it poses a threat to US national security.

Russia 'Successfully Tests' Its Unplugged Internet

Wed, 12/25/2019 - 05:00
The Russian government says it has successfully tested a country-wide alternative to the global internet. Details of what the test involved were vague but, according to the Ministry of Communications, ordinary users did not notice any changes. The results will now be presented to President Putin. The BBC reports: The initiative involves restricting the points at which Russia's version of the net connects to its global counterpart, giving the government more control over what its citizens can access. "Sadly, the Russian direction of travel is just another step in the increasing breaking-up of the internet," said Prof Alan Woodward, a computer scientist at the University of Surrey. "That would effectively get ISPs [internet service providers] and telcos to configure the internet within their borders as a gigantic intranet, just like a large corporation does," explained Prof Woodward. "The Russian government has run into technical challenges in the past when trying to increase online control, such as its largely unsuccessful efforts to block Russians from accessing encrypted messaging app Telegram," Justin Sherman, a cyber-security policy fellow at the New America think tank, told the BBC. "Without more information about this test though, it's hard to assess exactly how far Russia has progressed in the path towards an isolatable domestic internet. "And on the business front, it remains to be seen just how much domestic and foreign pushback Russia will get."