Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 131

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Crime

Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI (bleepingcomputer.com) 212

An anonymous reader writes: "VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity," writes Bleeping Computer, "but a recent criminal case shows that at least some do store user activity logs." According to the FBI, VPN providers played a key role in identifying an aggressive cyberstalker by providing detailed logs to authorities, even if they claimed in their privacy policies that they don't. The suspect is a 24-year-old man that hacked his roommate, published her private journal, made sexually explicit collages, sent threats to schools in the victim's name, and registered accounts on adult portals, sending men to the victim's house...
FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."
Businesses

Netflix is Raising Its Prices, Again (mashable.com) 277

Jason Abbruzzese, writing for Mashable: Get ready to pay just a bit more for your Netflix subscription. The streaming video service will be raising prices on its middle and top tier plans in the U.S. starting in November. Subscribers who currently pay for the standard $9.99 service will be charged $10.99. The price of the premium tier will rise from $11.99 to $13.99. Good news for people on the basic $7.99 plan -- that price is staying put, for now. The U.S.-only price hikes will begin to go into effect in November, varying depending on individuals' billing cycles. Starting on Oct. 19, subscribers will be notified and given at least 30 days notice about the increase.
Businesses

Apple is Really Bad At Design (theoutline.com) 366

Joshua Topolsky, writing for the Outline: Once upon a time, Apple could do little wrong. As one of the first mainstream computer companies to equally value design and technical simplicity, it upended our expectations about what PCs could be. "Macintosh works the way people work," read one 1992 ad. Rather than requiring downloads and installations and extra memory to get things right (as often required by Windows machines), Apple made it so you could just plug in a mouse or start up a program and it would just... work. Marrying that functionality with the groundbreaking design the company has embodied since the early Macs, it's easy to see how Apple became the darling of designers, artists, and the rest of the creative class. The work was downright elegant; unheard of for an electronics company. [...] But things changed. In 2013 I wrote about the confusing and visually abrasive turn Apple had made with the introduction of iOS 7, the operating system refresh that would set the stage for almost all of Apple's recent design. The product, the first piece of software overseen by Jony Ive, was confusing, amateur, and relatively unfinished upon launch. [...] It's almost as if the company is being buried under the weight of its products. Unable to cut ties with past concepts (for instance, the abomination that is iTunes), unable to choose clear paths forward (USB-C or Lightning guys?), compromising core elements to make room for splashy features, and executing haphazardly to solve long-term issues. [...] Pundits will respond to these arguments by detailing Apple's meteoric and sustained market-value gains. Apple fans will shout justifications for a stylus that must be charged by sticking it into the bottom of an iPad, a "back" button jammed weirdly into the status bar, a system of dongles for connecting oft-used devices, a notch that rudely juts into the display of a $1,000 phone. But the reality is that for all the phones Apple sells and for all the people who buy them, the company is stuck in idea-quicksand, like Microsoft in the early 2000s, or Apple in the 90s.
Iphone

Apple Investigating Reports of iPhone 8 Plus Devices 'Splitting Open' (9to5mac.com) 106

Apple is currently investigating reports of the iPhone 8 Plus splitting open while being charged with the included cable and plug adapter. The first claim comes from a Taiwanese iPhone 8 Plus owner, who posted photos which show damage consistent with a swollen battery. The second claim is from a Japanese owner who posted similar photos of his device, which he says arrived in this state. The Next Web reports: The phone belonged to a Ms. Wu, who recently renewed her phone contract and purchased a 64GB rose gold iPhone 8 Plus. The issue emerged five days after purchasing the phone. Wu placed her phone on charge, using the supplied cable and adaptor. After three minutes, she reported seeing the front panel bulge, and eventually lift completely from the device. According to multiple Taiwanese outlets, the phone was later recovered by the carrier, and has since been shipped to Apple for analysis. 9to5Mac adds: While any incident affecting a new iPhone model is bound to attract media attention, it's worth noting the usual disclaimers. First, any device manufactured in the millions will include some faulty models -- the real news would be if this were not the case. Second, investigations into charging-related incidents often reveal that a third-party charger was used, even when an owner initially claims to have used the supplied Apple one.
Social Networks

Facebook Will Share Copies of Political Ads Purchased by Russian Sources With the US Congress (recode.net) 234

An anonymous reader shares a report: Facebook will turn over copies of political ads purchased by Russian sources to congressional lawmakers, who are investigating the country's potential interference in the 2016 U.S. presidential election. Initially, Facebook had only released those ads -- 3,000 of them, valued at about $100,000 -- to Robert Mueller, the former FBI director who is spearheading the government's probe into Russia's actions. Facebook had withheld those details from House and Senate leaders, citing privacy concerns. But the move drew sharp rebukes from the likes of Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee, who has charged in recent days that Facebook may not have done enough to scan its systems for potential Russian influence and to ensure that such foreign purchases -- otherwise illegal under U.S. law -- don't happen again. "After an extensive legal and policy review, today we are announcing that we will also share these ads with congressional investigators," wrote Colin Stretch, the company's general counsel. "We believe it is vitally important that government authorities have the information they need to deliver to the public a full assessment of what happened in the 2016 election."
Businesses

Judge Kills FTC Lawsuit Against D-Link for Flimsy Security (dslreports.com) 100

Earlier this year, the Federal Trade Commission filed a complaint against network equipment vendor D-Link saying inadequate security in the company's wireless routers and internet cameras left consumers open to hackers and privacy violations. The FTC, in a complaint filed in the Northern District of California charged that "D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras." For its part, D-Link Systems said it "is aware of the complaint filed by the FTC." Fast forward nine months, a judge has dismissed the FTC's case, claiming that the FTC failed to provide enough specific examples of harm done to consumers, or specific instances when the routers in question were breached. From a report: "The FTC does not identify a single incident where a consumer's financial, medical or other sensitive personal information has been accessed, exposed or misused in any way, or whose IP camera has been compromised by unauthorized parties, or who has suffered any harm or even simple annoyance and inconvenience from the alleged security flaws in the [D-Link] devices," wrote the Judge. "The absence of any concrete facts makes it just as possible that [D-Link]'s devices are not likely to substantially harm consumers, and the FTC cannot rely on wholly conclusory allegations about potential injury to tilt the balance in its favor."
Businesses

CEO Catches Stranger After Hours, Prompting Espionage Charges (wsj.com) 242

An anonymous reader shares a report: Samuel Straface thought he was the last one out the door one recent evening at the medical-technology startup he leads in suburban Boston. But as he passed a glass-walled conference room on the second floor, Dr. Straface says he saw a man he didn't recognize, sitting by himself in front of two open laptops and a tablet device. He continued walking a few steps toward the exit, but then, feeling uneasy, he turned back (Editor's note: the submitted link could be paywalled; alternative source). The man was later identified as Dong Liu, a dual citizen of China and Canada. And his after-hours computing at Medrobotics is at the center of an economic-espionage case brought by U.S. prosecutors. Mr. Liu is in federal custody, charged with attempting to steal trade secrets and trying to gain unauthorized access to the company's computer system, prosecutors said. If convicted of both charges, he could face a maximum sentence of 15 years in prison. "Mr. Liu adamantly asserts his innocence and we fully expect he'll be exonerated after a careful review of the evidence," said Robert Goldstein, Mr. Liu's defense attorney. The U.S. attorney's office for the District of Massachusetts declined to comment on the case beyond details in court records. Before his arrest, police said Mr. Liu told them he was there to discuss doing business with the company -- but Dr. Straface says no one had scheduled a meeting with Mr. Liu.
China

Chinese Man Jailed For Helping Net Users Evade State Blocks (bbc.com) 47

An anonymous reader shares a report: A Chinese man has been given a nine-month jail sentence for helping people evade government controls on where they can go online. Deng Jiewei, from Guangdong, was charged with illegally selling programs known as virtual private networks (VPNs), according to court papers. VPNs are illegal in China because they let people avoid government monitoring of what they are doing. The sentence is part of a larger crackdown on the use of VPNs in China. Deng started selling VPNs in late 2015 and was arrested in August 2016 for selling software which lets users "visit foreign websites that could not be accessed by a mainland IP address," reported the South China Morning Post. The Chinese government operates a massive monitoring system, known as the "great firewall," that watches what people do and say online. It also blocks access to sites, such as Facebook and YouTube, that are popular outside the country.
Hardware

Samsung Unveils Galaxy Note8 With 6.3-inch Infinity Display, Dual Rear Cameras (venturebeat.com) 95

VentureBeat reports: After months of leaks, Samsung today unveiled the Galaxy Note8 in an event in New York City. The company's latest stylus-equipped flagship smartphone is expected to be available for preorder starting tomorrow, August 24. The phone ships "in mid-September" with Android 7.1.1 Nougat, but you can expect it will be upgradeable to Android Oreo, which was only officially announced two days ago. The Galaxy Note8 succeeds the Galaxy Note7 (you may think that's obvious, but the Note7 succeeded the Note5). Samsung is likely holding its breath with the Galaxy Note8 given the Galaxy Note7 fiasco due to exploding batteries that led to a product recall. The direct result of this is that the Note8 has a smaller 3300mAh battery, which can be charged either via the USB-C port or wirelessly. Samsung's Galaxy Note8 features a 6.3-inch SuperAMOLED edge display (1440 x 2960 resolution, 18.5:9 aspect ratio, 521 pixels per inch) and has minimal top and bottom bezels which the company markets as Infiniti. For those wondering, yes, this is the biggest screen ever on a Note device. The phone is powered by an Exynos 8895 system-on-chip globally and Qualcomm's Snapdragon 835 in the U.S., 6GB of RAM, and starts at 64GB of internal storage (128GB and 256GB variants also available, all expandable via a microSD slot). The device is also IP68-certified, meaning it is dust and water resistant. The phone weighs 195g and physical dimensions come in at 162.5mm by 74.6mm by 8.5mm. No word on pricing yet. Update: Between $930-$960.
Operating Systems

PlayStation 4 Update 5.0 Officially Revealed (gamespot.com) 33

After the PlayStation 4's 5.0 update was leaked last week, Sony decided to officially reveal what's coming in the update. GameSpot highlights the new features in their report: Some of the enhancements center around streaming using the PS4's built-in broadcasting capabilities. PS4 Pro users will be able to stream in 1080p and 60 FPS, provided their connection is strong enough, and PSVR users will be able to see new messages and comments coming through while broadcasting. PSVR is also adding 5.1ch and 7.1ch virtual surround sound support. Next up, the PS4's Friends List is being updated with greater management tools, such as the ability to set up separate lists of friends. You'll be able to create a list of all the people you play Destiny with and send them all an invite, for example. This feature replaces the old Favorite Groups tab. In another move to help reduce the amount of time spent in menus, the Quick Menu is being updated to have more options. For example, you'll be able to check on download progress and see new party invites. You can also leave a party from within that menu and see your current Spotify playlist. Notifications are also being improved when watching films and TV, as you can now disable message and other notification pop-ups while watching media. You can also change how much of a message is displayed, as well as its color, when playing or watching any form of content.

Finally, Parental Control features are being overhauled in favor of what Sony calls "Family on PSN." This replaces the old Master/Sub account system; instead, one user is deemed the Family Manager, and they can set up other accounts and appoint them as a Parent/Guardian, Adult, or Child. Parents or Guardians can restrict Child accounts in their "use of online features and communication with other players, set restrictions for games, restrict the use of the internet browser, and set spending limits for PlayStation Store." Note that Sony says the first time any North American user tries to set up an Adult account, they will be charged $0.50 "to verify that you are an adult."

Social Networks

Thai Activist Jailed For the Crime of Sharing an Article on Facebook (eff.org) 120

An anonymous reader shares a report: Thai activist Jatuphat "Pai" Boonpattaraksa was sentenced this week to two and a half years in prison -- for the crime of sharing a BBC article on Facebook. The Thai-language article profiled Thailand's new king and, while thousands of users shared it, only Jutaphat was found to violate Thailand's strict lese majeste laws against insulting, defaming, or threatening the monarchy. The sentence comes after Jatuphat has already spent eight months in detention without bail. During this time, Jatuphat has fought additional charges for violating the Thai military junta's ban on political gatherings and for other activism with Dao Din, an anti-coup group. While in trial in military court, Jatuphat also accepted the Gwangzu Prize for Human Rights. When he was arrested last December, Jatuphat was the first person to be charged with lese majeste since the former King Bhumibol passed away and his son Vajiralongkorn took the throne. (He was not, however, the first to receive a sentence -- this past June saw one of the harshest rulings to date, with one man waiting over a year in jail to be sentenced to 35 years for Facebook posts critical of the royal family.) The conviction, which appears to have singled Jatuphat out among thousands of other Facebook users who shared the article, sends a strong message to other activists and netizens: overbroad laws like lese majeste can and will be used to target those who oppose military rule in Thailand.
United States

US Product Safety Commission Warns That Some Fidget Spinners Explode (cnn.com) 97

An anonymous reader quotes a report from CNN: Fidget spinners are supposed to be calming and fun, especially for students struggling to focus. But after some dangerous incidents involving the popular gizmos, the US Consumer Product Safety Commission has issued new fidget spinner safety guidance for consumers and businesses. There have been a handful of choking incidents reported with the toys, as well as two instances of battery-operated spinners catching on fire and another incident in which a fidget spinner melted, the agency said. No deaths have been reported. The agency also issued safety guidance on battery-operated fidget spinners. Consumers should always be present when the product is charging, never charge it overnight and always use the cable it came with, the statement said. Users should unplug their spinner immediately once it's fully charged and make sure they have working smoke detectors in their home.

"As the agency investigates some reported incidents associated with this popular product, fidget spinner users or potential buyers should take some precautions," Ann Marie Buerkle, acting chief of the Consumer Product Safety Commission, said in a statement. "Keep them from small children; the plastic and metal spinners can break and release small pieces that can be a choking hazard; and older children should not put fidget spinners in their mouths." Fidget spinners should be kept away from children under the age of 3, the statement said.

The Courts

Volkswagen Executive Faces Jail Time After Guilty Plea (arstechnica.com) 135

An anonymous reader quotes Ars Technica: A former Volkswagen executive has pleaded guilty to two charges related to the company's diesel emissions scandal. He is the second VW Group employee to do so, following retired engineer James Liang pleading guilty last summer. The VW Group executive, Oliver Schmidt, was based outside of Detroit and was in charge of emissions compliance for Volkswagen in the years before the company was caught using illegal software to cheat on federal emissions tests.

Schmidt, a German citizen who was 48 when he was arrested in Miami in January on vacation, was originally charged with 11 felony counts. In accepting a plea deal from US federal officials, Schmidt will only plead guilty to two charges: conspiracy to defraud the US government and violate the Clean Air Act, and making a false statement under the Clean Air Act. Schmidt will be sentenced in December. He could face up to seven years in prison, as well as fines from $40,000 to $400,000, according to the plea agreement. After that, Schmidt could also be required to serve four years of supervised release.

Businesses

Wells Fargo Sued Again For Misbilling Car Owners And Veterans (reuters.com) 75

UnknowingFool writes: A new class action lawsuit from a former Wells Fargo customer claimed the bank charged loan customers for auto insurance they did not need. With auto loans, the bank often requires that full coverage auto insurance be bought when the loan is made. However, lead plaintiff Paul Hancock says that Wells Fargo charged him for auto insurance even though he informed them he already had an insurance policy with another company. Wells Fargo also charged him a late fee when he disputed the charge. Wells Fargo does not dispute that it did this to customers and has offered to refund $80 million to 570,000 customers who were charged for insurance. The lawsuit however is to recoup late fees, delinquency charges, and other fees that the refund would not cover.
NPR describes Wells Fargo actually repossessing the car of a man who was "marked as delinquent for not paying this insurance -- which he didn't want or need or even know about." Friday the bank also revealed the number of "potentially unauthorized accounts" from its earlier fake accounts scandal could be much higher than previous estimates -- and that they're now expecting their legal costs to exceed the $3.3 billion they'd already set aside.

And Reuters reports that the bank will also be paying $108 million "to settle a whistleblower lawsuit claiming it charged military veterans hidden fees to refinance their mortgages, and concealed the fees when applying for federal loan guarantees."
Math

Math Journal Editors Resign To Start Rival Journal That Will Be Free To Read (insidehighered.com) 59

An anonymous reader writes: To protest the high prices charged by their publisher, Springer, the editors of the Journal of Algebraic Combinatorics will start a rival journal that will be free for all to read. The four editors in chief of the Journal of Algebraic Combinatorics have informed their publisher, Springer, of their intention to launch a rival open-access journal to protest the publisher's high prices and limited accessibility. This is the latest in a string of what one observer called "editorial mutinies" over journal publishing policies. In a news release, the editors said their decision was not made because of any "particular crisis" but was the result of it becoming "more and more clear" that Springer intended to keep charging readers and authors large fees while "adding little value."
United Kingdom

UK Security Researcher Who Stopped WannaCry Outbreak Arrested in US (zdnet.com) 176

Zack Whittaker, reporting for ZDNet: A security researcher who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Marcus Hutchins, 23, a British national, was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends confirmed to ZDNet. A friend told ZDNet that he was "was pulled by Marshals at the lounge" after clearing security. He was briefly detained in a federal facility in Nevada until he was moved. "We went to see him this morning and we had already been moved," said the friend. Hutchins is now understood to be in custody at an FBI field office in the state. Motherboard first broke the story on Thursday. Update: A Motherboard reporter tweets, "Here's the indictment accusing @MalwareTechBlog of running the Kronos banking malware."
Update 2: New DOJ statement: Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan.
Businesses

Insider Trader Arrested After He Googled 'Insider Trading,' Authorities Allege 124

Spy Handler writes: Fei Yan, a research scientist at the Massachusetts Institute of Technology and 31-year-old Chinese citizen, was arrested by federal authorities on Wednesday on insider trading charges. Mr. Yan used Google to search for phrases such as "how sec detect unusual trade" and "insider trading with international account." He also allegedly read an article titled "Want to Commit Insider Trading? Here's How Not to Do It," according to the U.S. attorney prosecuting the case. Further reading: Associated Press, CNBC, USA Today
The Internet

Cox Expands Home Internet Data Caps, While CenturyLink Abandons Them (arstechnica.com) 73

An anonymous reader quotes a report from Ars Technica: Cox, the third largest U.S. cable company, last week started charging overage fees to customers in four more states. Internet provider CenturyLink, on the other hand, recently ended an experiment with data caps and is giving bill credits to customers in the state of Washington who were charged overage fees during the yearlong trial. Cox, which operates in 18 states with about six million residential and business customers, last week brought overage fees to Arizona, Louisiana, Nevada, and Oklahoma. Cox was already enforcing data caps and overage fees in Arkansas, Connecticut, Florida, Georgia, Idaho, Iowa, Kansas, Nebraska, and Ohio. California, Rhode Island, and Virginia technically have monthly caps but no enforcement of overage fees, according to Cox's list of data caps by location. Massachusetts and North Carolina seem to be exempt from the Cox data caps altogether. Similar to Comcast, Cox lets capped customers use 1TB of data a month and charges $10 for each additional block of 50GB. Cox will introduce a pricier "unlimited" plan later this year, Multichannel News reported. If Cox continues to match Comcast's pricing, the unlimited data plan would cost an additional $50 a month above what customers normally pay. A year ago, CenturyLink started a data-cap trial in Yakima, Washington, imposing a 300GB-per-month cap and overage fees of $10 for each additional 50GB. But instead of expanding the overage fees to more cities, CenturyLink ended the "usage-based billing program."
Youtube

Seeking YouTube Fame, A Teenager Kills Her Boyfriend (arstechnica.com) 605

Last Monday a 19-year-old woman named Monalisa Perez gave the police a strange reason for why her boyfriend, Pedro Ruiz III, was dead. An anonymous reader quotes Ars Technica: A Minnesota woman has been charged with manslaughter after she shot and killed her boyfriend as part of the pair's attempt to become YouTube celebrities... The two had set up two video cameras to capture Perez firing the gun at Ruiz while he held a book in front of his chest. Ruiz apparently convinced Perez that the book would stop the bullet from a foot away. The gun, a Desert Eagle .50 caliber pistol, was not hindered by the book. Ruiz, who was found with a single gunshot in his chest, was pronounced dead at the scene. Hours before the incident, Perez posted on Twitter, "Me and Pedro are probably going to shoot one of the most dangerous videos ever. HIS idea not MINE."
The teenager -- who is pregnant with the couple's second child -- now faces second-degree manslaughter charges, which carries a maximum sentence of 10 years in prison, a fine of up to $20,000, or both. A local sheriff told the New York Times, "I really have no idea what they were thinking. I just don't understand the younger generation on trying to get their 15 minutes of fame."

Slashdot Top Deals