Businesses

More Than 40 ISPs Across the Country Tell Chairman Pai to Not Repeal Network Neutrality (eff.org) 56

An anonymous reader shares a report: One excuse FCC Chairman Ajit Pai regularly offers to explain his effort to gut net neutrality protections is the claim that open Internet rules have harmed ISPs, especially small ones. During a speech earlier this year, he stressed that 22 small ISPs told him that the 2015 Open Internet Order hurt their ability to invest and deploy. In reality, though, many more ISPs feel very differently. Today, more than 40 ISPs told the FCC that they have had no problem with the Open Internet Order (PDF) and that it hasn't hurt their ability to develop and expand their networks. What is more, that they want the FCC to do its job and address the problem Congress created when it repealed the broadband privacy rules in March.
Security

Contractors Lose Jobs After Hacking CIA's In-House Vending Machines (techrepublic.com) 181

An anonymous reader quotes a report from TechRepublic: Today's vending machines are likely to be bolted to the floor or each other and are much more sophisticated -- possibly containing machine intelligence, and belonging to the Internet of Things (IoT). Hacking this kind of vending machine obviously requires a more refined approach. The type security professionals working for the U.S. Central Intelligence Agency (CIA) might conjure up, according to journalists Jason Leopold and David Mack, who first broke the story A Bunch Of CIA Contractors Got Fired For Stealing Snacks From Vending Machines. In their BuzzFeed post, the two writers state, "Several CIA contractors were kicked out of the Agency for stealing more than $3,000 in snacks from vending machines according to official documents... ." This October 2013 declassified Office of Inspector General (OIG) report is one of the documents referred to by Leopold and Mack. The reporters write that getting the records required initiating a Freedom Of Information Act lawsuit two years ago, adding that the redacted files were only recently released. The OIG report states Agency employees use an electronic payment system, developed by FreedomPay, to purchase food, beverages, and goods from the vending machines. The payment system relies on the Agency Internet Network to communicate between vending machines and the FreedomPay controlling server. The OIG report adds the party hacking the electronic payment system discovered that severing communications to the FreedomPay server by disconnecting the vending machine's network cable allows purchases to be made using unfunded FreedomPay cards.
Network

Comcast and Charter In Talks With Sprint To Offer Wireless Service (theverge.com) 40

According to The Wall Street Journal, Sprint's merger talks with T-Mobile are temporarily on hold while the carrier mulls over a number of potential deals with the United States' two biggest cable companies, Comcast and Charter. While Comcast is already using Verizon's wireless service under their own name, the company may want to use Sprint's network as well. Charter doesn't have a wireless phone offering yet, but the company's CEO indicated last year that it has every intention of launching one. The Verge reports: Such a deal would likely involve the two cable companies making an investment in Sprint, which the carrier would then use to build out its network, generally known to be the worst of the four major phone service providers. The Journal also reports that Comcast and Charter could make a bid to acquire Sprint outright, but it said the outcome was seen as less likely. Though they're usually an unlikely pairing, Comcast and Charter agreed in May to team up when making deals around wireless coverage for a full year. For the most part, both companies have been slowly losing TV subscribers year after year as customers shift over to online services. They see phone service as a new offering that could help to restore growth and lock in subscribers.
Security

Heritage Valley Health System Target Of Cyber Attack (cbslocal.com) 24

The Heritage Valley Health System says it has been hit with a cyber attack. From a report: A spokeswoman confirmed the attack Tuesday morning. "Heritage Valley Health System has been affected by a cyber security incident. The incident is widespread and is affecting the entire health system including satellite and community locations. We have implemented downtime procedures and made operational adjustments to ensure safe patient care continues un-impeded." Heritage Valley is a $480 million network that provides care for residents of Allegheny, Beaver, Butler and Lawrence counties, in Pennsylvania; parts of eastern Ohio; and the panhandle of West Virginia. Also read: Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World.
The Almighty Buck

Fake Online Stores Reveal Gamblers' Shadow Banking System (reuters.com) 63

randomErr shares an exclusive report from Reuters: A network of dummy online stores offering household goods has been used as a front for internet gambling payments. The seven sites in Europe to sell items including fabric, DVD cases, and maps are fake outlets. The faux store fronts are a multinational system to disguise payments for the $40 billion global online gambling industry. Online gambling is illegal in many countries and some U.S. states. The dummy sites underline a strategy which regulators, card issuers and banks have yet to tackle head-on. The scheme found by Reuters involved websites which accepted payments for household items from a reporter but did not deliver any products. Instead, staff who answered helpdesk numbers on the sites said the outlets did not sell the product advertised, but that they were used to help process gambling payments, mostly for Americans.
Space

SpaceX Livestreams Sunday's Rocket Launch (space.com) 74

An anonymous reader quotes Space.com: A SpaceX Falcon 9 rocket carrying the 10 satellites for Iridium Communications is scheduled to liftoff from Vandenberg Air Force Base in California at 1:25 p.m. PDT (4:25 p.m. EDT/2025 GMT). The live webcast is expected to begin about 1 hour before the opening of the launch window, and you can watch it on SpaceX's website, or at Space.com. This is the second of eight planned Iridium launches with SpaceX. The launches will deliver a total of 75 satellites into space for the $3 billion Iridium NEXT global communications network. "Iridium NEXT will replace the company's existing global constellation in one of the largest technology upgrades ever completed in space," according to a statement from Iridium. "It represents the evolution of critical communications infrastructure that governments and organizations worldwide rely upon to drive business, enable connectivity, empower disaster relief efforts and more."
After the mission the booster rocket will attempt to land on a droneship. The droneships name is "Just Read The Instructions."
Cloud

Should Your Company Switch To Microservices? (cio.com) 117

Walmart Canada claims that it was microservices that allowed them to replace hardware with virtual servers, reducing costs by somewhere between 20 and 50 percent. Now Slashdot reader snydeq shares an article by a senior systems automation engineer arguing that a microservices approach "offers increased modularity, making applications easier to develop, test, deploy, and, more importantly, change and maintain."

The article touts things like cost savings and flexibility for multiple device types, suggesting microservices offer increased resilience and improved scalabiity (not to mention easier debugging and a faster time to market with an incremental development model). But it also warns that organizations need the resources to deploy the new microservices quicky (and the necessary server) -- along with the ability to test and monitor them for database errors, network latency, caching issues and ongoing availability. "You must embrace devops culture," argues the article, adding that "designing for failure is essential... In a traditional setting, developers are focused on features and functionalities, and the operations team is on the hook for production challenges. In devops, everyone is responsible for service provisioning -- and failure."

The original submission ends with a question for Slashdot reader. "What cautions do you have to offer for folks considering tapping microservices for their next application?"
Space

FCC Grants OneWeb Approval To Launch Over 700 Satellites For 'Space Internet' (theverge.com) 89

OneWeb has been granted approval from the FCC to launch a network of internet-beaming satellites into orbit. FCC chairman Ajit Pai said in a statement: "Humans have long sought inspiration from the stars, from the ancient Egyptians orienting the pyramids toward certain stars to the Greeks using constellations to write their mythology. In modern times, we've done the same, with over 1,000 active satellites currently in orbit. Today, the FCC harnesses that inspiration as we seek to make the promise of high-speed internet access a reality for more Americans, partly through the skies..." The Verge reports: OneWeb plans to launch a constellation of 720 low-Earth orbit satellites using non-geostationary satellite orbit (NGSO) technology in order to provide global, high-speed broadband. The company's goal has far-reaching implications, and would provide internet to rural and hard-to-reach areas that currently have little access to internet connectivity. Additionally, OneWeb has a targets of "connecting every unconnected school" by 2022, and "bridging the digital divide" by 2027. According to OneWeb, the company plans to launch an initial 10 production satellites in early 2018, which, pending tests, will then be followed by a full launch as early as 2019.
Network

WikiLeaks Doc Dump Reveals CIA Tools For Hacking Air-Gapped PCs (bleepingcomputer.com) 74

An anonymous reader writes: "WikiLeaks dumped today the manuals of several hacking utilities part of Brutal Kangaroo, a CIA malware toolkit for hacking into air-gapped (offline) networks using tainted USB thumb drives," reports Bleeping Computer. The CIA uses these tools as part of a very complex attack process, that allows CIA operatives to infect offline, air-gapped networks. The first stage of these attacks start with the infection of a "primary host," an internet-connected computer at a targeted company. Malware on this primary host automatically infects all USB thumb drives inserted into the machine. If this thumb drive is connected to computers on an air-gapped network, a second malware is planted on these devices. This malware is so advanced, that it can even create a network of hacked air-gapped PCs that talk to each other and exchange commands. To infect the air-gapped computers, the CIA malware uses LNK (shortcut) files placed on the USB thumb drive. Once the user opens and views the content of the thumb drive in Windows Explorer, his air-gapped PC is infected without any other interaction.
Network

Lawsuit Accuses Comcast of Cutting Competitor's Wires To Put It Out of Business (arstechnica.com) 142

An anonymous reader quotes a report from Ars Technica: A tiny Internet service provider has sued Comcast, alleging that the cable giant and its hired contractors cut the smaller company's wires in order to take over its customer base. Telecom Cable LLC had "229 satisfied customers" in Weston Lakes and Corrigan, Texas when Comcast and its contractors sabotaged its network, the lawsuit filed last week in Harris County District Court said. Comcast had tried to buy Telecom Cable's Weston Lakes operations in 2013 "but refused to pay what they were worth," the complaint says. Starting in June 2015, Comcast and two contractors it hired "systematically destroyed Telecom's business by cutting its lines and running off its customers," the lawsuit says. Comcast destroyed or damaged the lines serving all Telecom Cable customers in Weston Lakes and never repaired them, the lawsuit claims. Telecom Cable owner Anthony Luna estimated the value of his business at about $1.8 million, which he is seeking to recover. He is also seeking other damages from Comcast and its contractors, including exemplary damages that under state statute could "amount to a maximum of twice the amount of economic damages, plus up to $750,000 of non-economic damages," the complaint says. CourtHouse News Service has a story about the lawsuit, and it posted a copy of the complaint.
Firefox

Chrome and Firefox Headless Modes May Spur New Adware & Clickfraud Tactics (bleepingcomputer.com) 80

From a report: During the past month, both Google and Mozilla developers have added support in their respective browsers for "headless mode," a mechanism that allows browsers to run silently in the OS background and with no visible GUI. [...] While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware. In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user's knowledge. The adware won't need to include or download any extra tools and could use locally installed software to perform most of its malicious actions. In the past, there have been quite a few adware families that used headless browsers to perform clickfraud. Martijn Grooten, an editor at Virus Bulletin, also pointed Bleeping Computer to a report where miscreants had abused PhantomJS, a headless browser, to post forum spam. The addition of headless mode in Chrome and Firefox will most likely provide adware devs with a new method of performing surreptitious ad clicks.
Network

Ask Slashdot: Best Way To Isolate a Network And Allow Data Transfer? 235

Futurepower(R) writes: What is the best way to isolate a network from the internet and prevent intrusion of malware, while allowing carefully examined data transfer from internet-facing computers? An example of complete network isolation could be that each user would have two computers with a KVM switch and a monitor and keyboard, or two monitors and two keyboards. An internet-facing computer could run a very secure version of Linux. Any data to be transferred to that user's computer on the network would perhaps go through several Raspberry Pi computers running Linux; the computers could each use a different method of checking for malware. Windows computers on the isolated network could be updated using Autopatcher, so that there would never be a direct connection with the internet. Why not use virtualization? Virtualization does not provide enough separation; there is the possibility of vulnerabilities. Do you have any ideas about improving the example above?
Security

How Hollywood Got Hacked: Studio at Center of Netflix Leak Breaks Silence (variety.com) 79

Earlier this year, hackers obtained and leaked the episodes of TV show Orange Is the New Black. In a candid interview, Larson Studios' chief engineer David Dondorf explained how the audio post-production business allowed the hacker group to gain access to the Netflix original content. Dandorf says the company hired private data security experts to find how it was breached. The investigation found that the hacker group had been searching the internet for PCs running older versions of Windows and stumbled across an old computer at Larson Studios still running Windows 7. From the report: Larson's employees just didn't know all that much about it. Having a computer running an ancient version of Windows on the network was clearly a terrible lack of oversight, as was not properly separating internal servers from the internet. "A lot of what went on was ignorance," admitted Rick Larson. "We are a small company. Did we even know what the content security departments were at our clients? Absolutely not. I couldn't have told you who to call. I can now." It's a fascinating story about how the hacker group first made contact and tried to threaten Larson Studios' president and his wife, and how they responded. Worth a read.
Security

Honda Shuts Down Factory After Finding NSA-derived Wcry In Its Networks (arstechnica.com) 63

A Honda factory near Tokyo was shuttered for over 24 hours this week after its computers became infected with WannaCry, the same ransomware virus responsible for crippling systems in dozens of countries last month, the car manufacturer said Wednesday. From a report: The automaker shut down its Sayama plant northwest of Tokyo on Monday after finding that WCry had affected networks across Japan, North America, Europe, China, and other regions, Reuters reported Wednesday. Discovery of the infection came on Sunday, more than five weeks after the onset of the NSA-derived ransomware worm, which struck an estimated 727,000 computers in 90 countries. [...] Honda officials didn't explain why engineers found WCry in their networks 37 days after the kill switch was activated. One possibility is that engineers had mistakenly blocked access to the kill-switch domain. That would have caused the WCry exploit to proceed as normal, as it did in the 12 or so hours before the domain was registered. Another possibility is that the WCry traces in Honda's networks were old and dormant, and the shutdown of the Sayama plant was only a precautionary measure. In any event, the discovery strongly suggests that as of Monday, computers inside the Honda network had yet to install a highly critical patch that Microsoft released in March.
Bitcoin

NYTimes: Move Over, Bitcoin. Ether Is the Digital Currency of the Moment. (nytimes.com) 117

An anonymous reader shares a report: The price of Bitcoin has hit record highs in recent months, more than doubling in price since the start of the year. Despite these gains, Bitcoin is on the verge of losing its position as the dominant virtual currency. The value of Ether, the digital money that lives on an upstart network known as Ethereum, has risen an eye-popping 4,500 percent since the beginning of the year (alternative source). With the recent price increases, the outstanding units of the Ether currency were worth around $34 billion as of Monday -- or 82 percent as much as all the Bitcoin in existence. At the beginning of the year, Ether was only about 5 percent as valuable as Bitcoin. The sudden rise of Ethereum highlights how volatile the bewildering world of virtual currency remains, where lines of computer code can be spun into billions of dollars in a matter of months. [...] The two-year old system has picked up backing from both tech geeks and big corporate names like JPMorgan Chase and Microsoft, which are excited about Ethereum's goal of providing not only a digital currency but also a new type of global computing network, which generally requires Ether to use. In a recent survey of 1,100 virtual currency users, 94 percent were positive about the state of Ethereum, while only 49 percent were positive about Bitcoin, the industry publication CoinDesk said this month.
Encryption

Equipment Already In Space Can Be Adapted For Extremely Secure Data Encryption (helpnetsecurity.com) 20

Orome1 quotes a report from Help Net Security: In a new study, researchers from the Max Planck Institute in Erlangen, demonstrate ground-based measurements of quantum states sent by a laser aboard a satellite 38,000 kilometers above Earth. This is the first time that quantum states have been measured so carefully from so far away. A satellite-based quantum-based encryption network would provide an extremely secure way to encrypt data sent over long distances. Developing such a system in just five years is an extremely fast timeline since most satellites require around 10 years of development. For the experiments, the researchers worked closely with satellite telecommunications company Tesat-Spacecom GmbH and the German Space Administration. The German Space Administration previously contracted with Tesat-Spacecom on behalf of the German Ministry of Economics and Energy to develop an optical communications technology for satellites. This technology is now being used commercially in space by laser communication terminals onboard Copernicus -- the European Union's Earth Observation Program -- and by SpaceDataHighway, the European data relay satellite system. It turned out that this satellite optical communications technology works much like the quantum key distribution method developed at the Max Planck Institute. Thus, the researchers decided to see if it was possible to measure quantum states encoded in a laser beam sent from one of the satellites already in space. In 2015 and the beginning of 2016, the team made these measurements from a ground-based station at the Teide Observatory in Tenerife, Spain. They created quantum states in a range where the satellite normally does not operate and were able to make quantum-limited measurements from the ground. The findings have been published in the journal Optica.
Businesses

Dropbox Is Rolling Out a Private Network to Speed Up File Access (fortune.com) 40

Dropbox, the file storage company that last year moved 90 percent of its data out of Amazon Web Services cloud and into its own data centers, is at it again. From a report on Fortune: The San Francisco company is building its own international private network to make sure users abroad can access their files -- most of which reside in those aforementioned Dropbox U.S. data centers -- faster. "What people don't realize about the internet is that it is very 'bursty' and can hit bottlenecks," Akhil Gupta, vice president of engineering at Dropbox tells Fortune. That is why the company is ripping out third-party load balancers and replacing them with its own software running on standard Linux hardware. Insulating itself from the balky internet is also the reason Dropbox is contracting to use its own dedicated fiber cable to carry that traffic. "We want to make user experience as real time as possible since 70 percent of our users are outside the U.S. and most of the data lives in North America," says Dan Williams, Dropbox's head of production engineering. Dropbox still partners with Amazon for customers in some countries, like Germany, which require user data to stay in the country of origin.
Television

'Star Trek: Discovery' Gets September Premiere Date On CBS & CBS All Access, Season 1 Split In Two (deadline.com) 243

Nellie Andreeva, writing for Deadline: Star Trek: Discovery will debut Sunday, September 24, with a special broadcast premiere on the CBS TV network airing 8:30-9:30 PM. The first as well as the second episode of the sci-fi series will be available on-demand on CBS All Access immediately following the broadcast premiere, with subsequent new episodes released on All Access each Sunday. Originally slated for a January 2017 premiere, Star Trek: Discovery's debut was first pushed to May and then to fall 2017. At CBS' upfront presentation, the company announced that Star Trek: Discovery's first-season order had been increased from 13 to 15 episodes. The expanded season now will be split into two. The first eight episodes will run Sundays from September 24 through November 5. The season then will resume with the second chapter in January 2018. The break also will allow the show more time for postproduction on latter episodes.
Encryption

Microsoft, Accenture Team Up On Blockchain-based Digital ID Network (reuters.com) 53

Accenture and Microsoft are teaming up to build a digital ID network using blockchain technology, as part of a United Nations-supported project to provide legal identification to 1.1 billion people worldwide with no official documents. From a report: The companies unveiled a prototype of the network on Monday at the UN headquarters in New York during the second summit of ID2020, a public-private consortium promoting the UN 2030 Sustainable Development Goal of providing legal identity for everyone on the planet. The project aims to help individuals such as refugees prove who they are in order to gain access to basic services such as education and healthcare. Blockchain, first developed as a public ledger of all transactions in the digital currency bitcoin, is increasingly being used to securely track data in other fields.
United States

Louisville's Fiber Internet Expansion Opposed By Koch Brothers Group (usatoday.com) 230

Slashdot reader simkel shared an article from the Courier-Journal: A group affiliated with the Koch brothers' powerful political network is leading an online campaign against Mayor Greg Fischer's $5.4 million proposal to expand Louisville's ultra-fast internet access... Critics argue that building roughly 96 miles of fiber optic cabling is an unnecessary taxpayer giveaway to internet service providers, such as Google Fiber, which recently announced plans to begin building its high-speed network in the city. "Fundamentally, we don't believe that taxpayers should be funding broadband or internet systems," said David Williams, president of the taxpayers alliance, which is part of industrialists Charles and David Koch's political donor network... The group says $5.4 million is a misuse of taxpayer funds when the city has other needs, such as infrastructure and public safety.
To shore up public support, the mayor has begun arguing that high-speed connectivity would make it cheaper to install crime-monitoring cameras in violent neighborhoods.

Slashdot Top Deals