An anonymous reader quotes Motherboard: Less than 24 hours after a software developer revoked access to Lerna, a popular open-source software management program, for any organization that contracted with U.S. immigrations and Customs Enforcement, access has been restored for any organization that wishes to use it and the developer has been removed from the project... The modified version specifically banned 16 organizations, including Microsoft, Palantir, Amazon, Northeastern University, Johns Hopkins University, Dell, Xerox, LinkedIn, and UPS... Although open-source developer Jamie Kyle acknowledged that it's "part of the deal" that anyone "can use open source for evil," he told me he couldn't stand to see the software he helped develop get used by companies contracting with ICE.

Kyle's modification of Lerna's license was originally assented to by other lead developers on the project, but the decision polarized the open-source community. Some applauded his principled stand against ICE's human rights violations, while others condemned his violation of the spirit of open-source software. Eric Raymond, the founder of the Open Source Initiative and one of the authors of the standard-bearing Open Source Definition, said Kyle's decision violated the fifth clause of the definition, which prohibits discrimination against people or groups. "Lerna has defected from the open-source community and should be shunned by anyone who values the health of that community," Raymond wrote in a blog post on his website.
The core contributor who eventually removed Kyle also apologized for Kyle's licensing change, calling it a "rash decision" (which was also "unenforceable.")

Eric Raymond had called the decision "destructive of one of the deep norms that keeps the open source community functional -- keeping politics separated from our work."

Eric Berger writes via Ars Technica: The Apollo missions that flew to the Moon during the 1960s were designed and controlled by what is now known as Johnson Space Center, the home of the famous "Mission Control." Moreover, the astronauts that flew to the Moon all lived in Houston. It would stand to reason, therefore, that as NASA gears up to return to the Moon, major elements of this program would likewise be controlled from the Texas metropolis that styles itself "Space City." Times change, however. In recent months, the politically well-positioned Marshall Space Flight Center, in Huntsville, Alabama, has been quietly pressing leaders with NASA Headquarters for program management of mid- to large-size landers to the lunar surface, which would evolve into human landers. Sources indicated this effort was having some success.

However, Texas legislators have now begun to push back. On Tuesday, both of Texas' senators (John Cornyn and Ted Cruz), as well as three representatives with space-related committee chairs (John Culberson, Lamar Smith, and Brian Babin), wrote a letter to NASA Administrator Jim Bridenstine. "We support NASA's focus on returning to the Moon and using it as part of a stepping stone approach to place American boots on the surface of Mars in the 2030s," the Texas Republicans wrote. "As NASA reviews solicitations for lunar landers, we write to express our strong support for the establishment of NASA's lunar lander program at the Johnson Space Center." The letter reminds Bridenstine of Houston's strong spaceflight heritage.

An anonymous reader quotes a report from The Verge: President Donald Trump intensified his criticism of Google today, posting a native video of unknown origin to his Twitter account this afternoon claiming the search giant stopped promoting the State of the Union (SOTU) address on its homepage after he took office. It turns out the video he posted is not only misleading, but also contains what appears to be a fake screenshot of the Google homepage on the day in question. It has since been viewed more than 1.5 million times. In a statement given to The Verge, a Google spokesperson clarifies that the company promoted neither former President Barack Obama nor Trump's inaugural SOTU addresses in 2009 and 2017, respectively. That's because they were not technically State of the Union addresses, but "addresses to a joint session" of Congress, a tradition set back in 1993 so that new presidents didn't have to immediately deliver SOTU addresses after holding office for just a few weeks. Google resumed promoting Obama's SOTU address in 2010 and continued to do so through 2016, as he held office for all six of those years.

With regards to the 2018 SOTU, Google says it did in fact promote it on its homepage. "On January 30th 2018, we highlighted the livestream of President Trump's State of the Union on the google.com homepage," reads Google's statement. "We have historically not promoted the first address to Congress by a new President, which is not a State of the Union address. As a result, we didn't include a promotion on google.com for this address in either 2009 or 2017."

Headlines from Def Con, a hacking conference held this month in Las Vegas, might have left some thinking that infiltrating state election websites and affecting the 2018 midterm results would be child's play. Articles reported that teenage hackers at the event were able to "crash the upcoming midterm elections" and that it had taken "an 11-year-old hacker just 10 minutes to change election results." A first-person account by a 17-year-old in Politico Magazine described how he shut down a website that would tally votes in November, "bringing the election to a screeching halt." But now, elections experts are raising concerns that misunderstandings about the event -- many of them stoked by its organizers -- have left people with a distorted sense of its implications. From a report: In a website published before r00tz Asylum, the youth section of Def Con, organizers indicated that students would attempt to hack exact duplicates of state election websites, referring to them as "replicas" or "exact clones." (The language was scaled back after the conference to simply say "clones.") Instead, students were working with look-alikes created for the event that had vulnerabilities they were coached to find. Organizers provided them with cheat sheets, and adults walked the students through the challenges they would encounter. Josh Franklin, an elections expert formerly at the National Institute of Standards and Technology and a speaker at Def Con, called the websites "fake." "When I learned that they were not using exact copies and pains hadn't been taken to more properly replicate the underlying infrastructure, I was definitely saddened," Franklin said. Franklin and David Becker, the executive director of the Center for Election Innovation & Research, also pointed out that while state election websites report voting results, they do not actually tabulate votes. This information is kept separately and would not be affected if hackers got into sites that display vote totals.

Four US senators, members of the US Senate Select Committee on Intelligence, sent a letter on Wednesday to Election Systems and Software (ES&S), the largest voting machine vendor in the US, asking for clarifications on why the vendor is trying to discourage independent security reviews of its products. From a report: The four senators who signed the letter are Kamala D. Harris (D-CA), Mark Warner (D-VA), Susan Collins (R-ME), and James Lankford (R-OK). The senators sent the letter to ES&S following the conclusion of the Voting Village at the DEF CON 26 security conference held in Las Vegas at the start of the month, where security researchers found several security vulnerabilities in the company's products. "We are disheartened that ES&S chose to dismiss these demonstrations as unrealistic and that your company is not supportive of independent testing," the letter reads. "Many of the world's leading electronics and software companies have opened their arms to the research community, maintaining active presences at the largest security research conferences and inviting 'white hat' hackers to probe their products to identify how they can improve product security," the letter continued. At DEF CON, security researchers found vulnerabilities in the voting machines of other vendors. Only ES&S is mentioned in the senators' letter because of the company's dismissive approach to external security research.

U.S. President Donald Trump accused social media companies on Friday of silencing "millions of people" in an act of censorship, but without offering evidence to support the claim. From a report: "Social Media Giants are silencing millions of people. Can't do this even if it means we must continue to hear Fake News like CNN, whose ratings have suffered gravely. People have to figure out what is real, and what is not, without censorship!" Trump wrote on Twitter, not mentioning any specific companies. Trump also criticized social media outlets last week, saying without providing proof that unidentified companies were "totally discriminating against Republican/Conservative voices." Mr. President's Friday remarks comes days after he expressed concerns over Twitter and Facebook regulating the content on their own platforms. He found such practice "very dangerous."

A former government contractor who pleaded guilty to leaking U.S. secrets about Russia's attempts to hack the 2016 presidential election was sentenced Thursday to five years and three months in prison. From a report: It was the sentence that prosecutors had recommended in the plea deal -- the longest sentence ever given for a federal crime involving leaks to the news media -- for Reality Winner, the Georgia woman at the center of the case. Winner was also sentenced to three years of supervised release and no fine, except for a $100 special assessment fee. The crime carried a maximum penalty of 10 years. U.S. District Court Judge J. Randal Hall in Augusta, Georgia, was not bound to follow the plea deal, but elected to give Winner the amount of time prosecutors requested. Winner, 26, who contracted for the National Security Agency, pleaded guilty in June to copying a classified report that detailed the Russian government's efforts to penetrate a Florida-based voting software supplier. Further reading: How a Few Yellow Dots Burned the Intercept's NSA Leaker.

furry_wookie writes: A suspected attempt to hack into the Democratic National Committee's voter database was actually a cybersecurity test [Editor's note: the originally submitted article might be paywalled; an alternative source], the organization said. The DNC, which was [allegedly] hacked by Russian intelligence officers during the 2016 presidential campaign, said Tuesday it had contacted the Federal Bureau of Investigation after being alerted to an apparent phishing scheme by the computer security firm Lookout Inc., which uncovered a replica of the login page to the DNC's Votebuilder database during an online scan. In a statement early Wednesday, Bob Lord, the DNC's chief information security officer, said the DNC and its partners who reported the site 'now believe it was built by a third party as part of a simulated phishing test.'

A new voting system that uses open-source software for counting ballots has been approved by California elections officials. "The certification of the new tally system for the county paves the way for other improvements, including redesigned absentee ballot packets, in the Nov. 6 election," reports Los Angeles Times. "It is the first election system of its kind, using publicly available source code that has been certified for use in California." From the report: The ballot-counting equipment is part of a broader redesign of Los Angeles County's voting system, which will include new equipment while relying on a traditional paper ballot. The county's existing system, portions of which are now decades old, has been targeted for replacement for several years.

The Democratic National Committee contacted the FBI on Tuesday after it detected what it believes was the beginning of a sophisticated attempt to hack into its voter database, a Democratic source tells CNN. From a report: The DNC was alerted in the early hours of Tuesday morning by a cloud service provider and a security research firm that a fake login page had been created in an attempt to gather usernames and passwords that would allow access to the party's database, the source said. The page was designed to look like the access page Democratic Party officials and campaigns across the country use to log into a service called Votebuilder, which hosts the database, the source said, adding the DNC believed it was designed to trick people into handing over their login details. The source said the DNC is investigating who may have been responsible for the attempted attack, but that it has no reason to believe its voter file was accessed or altered.

From a report: On Tuesday, nine Senators introduced a bill that would require state and local governments to use paper ballots in an effort to secure elections from hackers. The bill would also require rigorous audits for all federal elections to ensure that results match the votes. "Leaving the fate of America's democracy up to hackable election machines is like leaving your front door open, unlocked and putting up a sign that says 'out of town,'" Sen. Ron Wyden, a Democrat from Oregon, said in a release. "Any failure to secure our elections amounts to disenfranchising American voters." The Protecting American Votes and Elections Act of 2018 was drafted amid intense scrutiny of voting systems ahead of the mid-term elections in November. Russian interference in the 2016 presidential election has elevated concern over the security of the country's voting systems. The senators said rigorous audits will ensure votes are legitimate. Currently, 22 states don't require post-election audits, according to the release.

retroworks shares a report: Hackers linked to Russia's government tried to target the websites of two right-wing U.S. think-tanks, suggesting they were broadening their attacks in the build-up to November elections, Microsoft said. The software giant said it thwarted the attempts last week by taking control of sites that hackers had designed to mimic the pages of The International Republican Institute and The Hudson Institute. Users were redirected to fake addresses where they were asked to enter usernames and passwords. There was no immediate comment from Russian authorities, but the Kremlin was expected to address the report later on Tuesday. It has regularly dismissed accusations that it has used hackers to influence U.S. elections and political opinion. Casting such allegations as part of an anti-Russian campaign designed to justify new sanctions on Russia, it says it wants to improve not worsen ties with Washington. Further reading: Microsoft Reveals First Known Midterm Campaign Hacking Attempts, and Microsoft Launches Pilot Program To Provide Cybersecurity Protection To Political Campaigns and Election Authorities.

Anonymous readers share a report: Sen. Bill Nelson, a Florida Democrat, has reaped the political whirlwind in the 10 days since he proclaimed that Russian hackers had "penetrated" some of his state's county voting systems. The governor of Florida, Rick Scott, a Republican who is running against Nelson for his U.S. Senate seat this fall, has blasted his claim as irresponsible. The top Florida elections official, also a Republican, said he had seen no indication it's true. And The Washington Post weighed in Friday with a 2,717-word fact check that all but accused Nelson -- without evidence -- of making it up. However, three people familiar with the intelligence tell NBC News that there is a classified basis for Nelson's assertion, which he made at a public event after being given information from the leaders of the Senate Intelligence Committee. The extent and seriousness of the threat remains unclear, shrouded for reasons of national security.

[...] Through a spokesman, Nelson declined to comment. At a, Aug. 7 campaign event in Florida's capital, Nelson said Intelligence Committee leaders asked that he "let supervisors of elections in Florida know that Russians are inside our records." He added that Russian hackers "have already penetrated certain counties in the state and they now have free rein to move about." "Either Bill Nelson knows of crucial information the federal government is withholding from Florida election officials, or he is simply making things up," said Scott, who is seeking to take Nelson's Senate seat, which the senator has held since 2001. But Scott, who as governor has a security clearance, has not actually disputed Nelson's assertion. His spokesman said the governor had not personally called anyone at the Department of Homeland Security to seek a classified briefing to get to the bottom of the matter.

A majority of U.S. states has adopted technology that allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers. From a report: Two years after Russian hackers breached voter registration databases in Illinois and Arizona, most states have begun using the government-approved equipment, according to three sources with knowledge of the deployment. Voter registration databases are used to verify the identity of voters when they visit polling stations. The rapid adoption of the so-called Albert sensors, a $5,000 piece of hardware developed by the Center for Internet Security www.cisecurity.org, illustrates the broad concern shared by state government officials ahead of the 2018 midterm elections, government cybersecurity experts told Reuters. [...] As of August 7, 36 of 50 states had installed Albert at the "elections infrastructure level," according to a Department of Homeland Security official. The official said that 74 individual sensors across 38 counties and other local government offices have been installed. Only 14 such sensors were installed before the U.S. presidential election in 2016.

President Trump has reversed an Obama-era memorandum dictating how and when the U.S. government can deploy cyberweapons against its adversaries, in an effort to loosen restrictions on such operations [Editor's note: the link may be paywalled; alternative source], WSJ reports. From the report: Mr. Trump signed an order on Wednesday reversing the classified rules, known as Presidential Policy Directive 20, that had mapped out an elaborate interagency process that must be followed before U.S. use of cyberattacks, particularly those geared at foreign adversaries. The change was described as an "offensive step forward" by an administration official briefed on the decision, one intended to help support military operations, deter foreign election influence and thwart intellectual property theft by meeting such threats with more forceful responses. The Trump administration has faced pressure to show that it is taking seriously national-security cyberthreats -- particularly those that intelligence officials say are posed by Moscow.

An anonymous reader quotes a report from TechCrunch: In an effort to provide more transparency and deliver on a promise to Congress, Google just published an archive of political ads that have run on its platform. Google's new database, which it calls the Ad Library, is searchable through a dedicated launch page. Anyone can search for and filter ads, viewing them by candidate name or advertiser, spend, the dates the ads were live, impressions and type. For anyone looking for the biggest ad budget or the farthest reaching political ad, the ads can be sorted by spend, impressions and recency, as well. Google also provided a report on the data, showing ad spend by U.S. state, by advertiser and by top keywords.

The United States voiced deep suspicion on Tuesday over Russia's pursuit of new space weapons, including a mobile laser system to destroy satellites in space, and the launch of a new inspector satellite which was acting in an "abnormal" way. From a report: Russia's pursuit of counterspace capabilities was "disturbing," Yleem D.S. Poblete, U.S. Assistant Secretary of State for Arms Control, Verification and Compliance, told the U.N.'s Conference on Disarmament which is discussing a new treaty to prevent an arms race in outer space. A Russian delegate at the conference dismissed Poblete's remarks as unfounded and slanderous. Russian Foreign Minister Sergei Lavrov, at the Geneva forum in February, said a priority was to prevent an arms race in outer space, in line with Russia's joint draft treaty with China presented a decade ago.

About 30 percent of House candidates running for office this year have significant cybersecurity issues with their campaign websites, according to a new study. Reuters: The research was unveiled on Sunday at the annual Def Con security conference in Las Vegas, where some attendees have spent three days hacking into voting machines to highlight vulnerabilities in technology running polling operations. A team of four independent researchers led by former National Institutes for Standards and Technology security expert Joshua Franklin concluded that the websites of nearly one-third of U.S. House candidates, Democrats and Republicans alike, are vulnerable to attacks. NIST is a U.S. Commerce Department laboratory that provides advice on technical issues, including cyber security. Using automated scans and test programs, the team identified multiple vulnerabilities, including problems with digital certificates used to verify secure connections with users, Franklin told Reuters ahead of the presentation. The warnings about the midterm elections, which are less than three months away, come after Democrats have spent more than a year working to bolster cyber defenses of the party's national, state and campaign operations.

UnknowingFool writes: At this year's DEFCON, a group of 50 children aged 8 to 16 participated in a hack of 13 imitation election websites. One 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes. Overall, more than 30 of the 50 children were able to hack the websites in some form. The so-called "DEFCON Voting Machine Hacking Village" allowed kids the chance to manipulate vote tallies, party names, candidate names and vote count totals. The 11-year-old girl was able to triple the number of votes found on the website in under 15 minutes.

The National Association of Secretaries of State said in a statement that it is "ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections." But the organization expressed skepticism over the hackers' abilities to access the actual state websites. "It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols," it read. "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."

Top officials at the Environmental Protection Agency pushed through a measure to review applications for using asbestos in consumer products, and did so over the objections of E.P.A.'s in-house scientists and attorneys, internal agency emails show. From a report: The clash over the proposal exposes the tensions within the E.P.A. over the Trump administration's efforts to roll back environmental rules and rewrite other regulations that industries have long fought. Asbestos, a naturally occurring mineral and known carcinogen, was once common in insulation and fireproofing materials, but today most developed countries ban it. The United States still allows limited use in products including gaskets, roofing materials and sealants. The proposed new rule would create a new process for regulating uses of asbestos, something the E.P.A. is obliged to do under a 2016 amendment to a toxic substances law.