An anonymous reader quotes CyberScoop: The FBI has been briefing private sector companies on intelligence claiming to show that the Moscow-based cybersecurity company Kaspersky Lab is an unacceptable threat to national security, current and former senior U.S. officials familiar with the matter tell CyberScoop... The FBI's goal is to have U.S. firms push Kaspersky out of their systems as soon as possible or refrain from using them in new products or other efforts, the current and former officials say.

The FBI's counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. In light of successive cyberattacks against the electric grid in Ukraine, the FBI has focused on this sector due to the critical infrastructure designation assigned to it by the Department of Homeland Security... The U.S. government's actions come as Russia is engaged in its own push to stamp American tech giants like Microsoft out of that country's systems.
Meanwhile Bloomberg Businessweek claims to have seen emails which "show that Kaspersky Lab has maintained a much closer working relationship with Russia's main intelligence agency, the FSB, than it has publicly admitted" -- and that Kaspersky Lab "confirmed the emails are authentic."

Kaspersky Lab told ZDNet they have not confirmed the emails' authenticity. A representative for Kaspersky Lab says that the company does not have "inappropriate" ties with any government, adding that "the company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime."

An anonymous reader quotes the Electronic Frontier Foundation: Whistleblower and activist Chelsea Manning, Techdirt editor and open internet advocate Mike Masnick, and IFEX executive director and global freedom of expression defender Annie Game are the distinguished winners of the 2017 Pioneer Awards, which recognize leaders who are extending freedom and innovation on the electronic frontier. This year's honorees -- a whistleblower, an editor, and an international freedom of expression activist -- all have worked tirelessly to protect the public's right to know.

The award ceremony will be held the evening of September 14 at Delancey Street's Town Hall Room in San Francisco. The keynote speaker is Emmy-nominated comedy writer Ashley Nicole Black, a correspondent on Full Frontal with Samantha Bee who uses her unique comedic style to take on government surveillance, encryption, and freedom of information.
The EFF describes Chelsea Manning as "a network security expert, whistleblower, and former U.S. Army intelligence analyst whose disclosure of classified Iraq war documents exposed human rights abuses and corruption the government kept hidden from the public." Their annoncement also notes that Annie Game has led the IFEX network of 115+ journalism and civil liberties groups around the world for over 10 years, and that Mike Masnick coined the term "The Streisand Effect" -- and is currently being sued by that man who claims he invented email.

An anonymous reader shares a report: The majority of IT security professionals believe encryption backdoors are ineffective and potentially dangerous, with 91 percent saying cybercriminals could take advantage of government-mandated encryption backdoors. 72 percent of the respondents do not believe encryption backdoors would make their nations safer from terrorists, according to a Venafi survey of 296 IT security pros, conducted at Black Hat USA 2017. Only 19 percent believe the technology industry is doing enough to protect the public from the dangers of encryption backdoors. 81 percent feel governments should not be able to force technology companies to give them access to encrypted user data. 86 percent believe consumers don't understand issues around encryption backdoors.

A new feature baked into iOS 11 lets you quickly disable Touch ID, which could come in handy if you're ever in a situation where someone (a cop) might force you to unlock your device. Cult of Mac reports: To temporarily disable Touch ID, you simply press the power button quickly five times. This presents you with the "Emergency SOS" option, which you can swipe to call the emergency services. It also prevents your iPhone from being unlocked without the passcode. Until now, there were other ways to temporarily disable Touch ID, but they weren't quick and simply. You either had to restart your iPhone, let it sit idle for a few days until Touch ID was temporarily disabled by itself, or scan the wrong finger several times. The police, or any government agency, cannot force you to hand over your iPhone's passcode. However, they can force you to unlock your device with your fingerprint. That doesn't work if your fingerprint scanner has been disabled.

An anonymous reader quotes a report from Ars Technica: AT&T has lost a court case in which it tried to stall construction by Google Fiber in Louisville, Kentucky. AT&T sued the local government in Louisville and Jefferson County in February 2016 to stop a One Touch Make Ready Ordinance designed to give Google Fiber and other new ISPs quicker access to utility poles. But yesterday, U.S. District Court Judge David Hale dismissed the lawsuit with prejudice, saying AT&T's claims that the ordinance is invalid are false. "We are currently reviewing the decision and our next steps," AT&T said when contacted by Ars today. One Touch Make Ready rules let ISPs make all of the necessary wire adjustments on utility poles themselves instead of having to wait for other providers like AT&T to send work crews to move their own wires. Without One Touch Make Ready rules, the pole attachment process can cause delays of months before new ISPs can install service to homes. Google Fiber has continued construction in Louisville despite the lawsuit and staff cuts that affected deployments in other cities.

An anonymous reader shares a BBC report: China's latest crackdown on those attempting to skirt state censorship controls has seen it warn e-commerce platforms over the sale of illegal virtual private networks (VPNs). Five websites, including shopping giant Alibaba, have been asked to remove vendors that sell VPNs. It is the latest in a series of measures from the Chinese government to maintain strict control over content. Apple has previously been asked to remove VPN apps. China's cyber-regulator the Cyberspace Administration of China (CAC) has ordered the websites to carry out immediate "self-examination and correction." "The CAC has ordered these five sites to immediately carry out a comprehensive clean-up of harmful information, close corresponding illegal account.. and submit a rectification report by a deadline," the regulator said in a statement.

Following moves by China and Japan to regulate digital currencies, Australia is attempting to crackdown on money laundering and terrorism financing with plans to regulate bitcoin exchanges. From a report: "The threat of serious financial crime is constantly evolving, as new technologies emerge and criminals seek to nefariously exploit them. These measures ensure there is nowhere for criminals to hide," said Australia's Minister for Justice Michael Keenan in a press release. The Australian government proposed a set of reforms on Thursday which will close a gap in regulation and bring digital currency exchange providers under the remit of the Australian Transactions and Reporting Analysis Centre. These exchanges serve as marketplaces where traders can buy and sell digital currencies, such as bitcoin, using fiat currencies, such as the dollar. The reform bill is intended to strengthen the Anti-Money Laundering and Counter-Terrorism Financing Act and increase the powers of AUSTRAC.

An anonymous reader quotes a report from Ars Technica: More than 200 patients in more than 55 UK hospitals were discovered by healthcare workers to be infected or colonized by the multi-drug resistant fungus Candida auris, a globally emerging yeast pathogen that has experts nervous. Three of the hospitals experienced large outbreaks, which as of Monday were all declared officially over by health authorities there. No deaths have been reported since the fungus was first detected in the country in 2013, but 27 affected patients have developed blood infections, which can be life-threatening. And about a quarter of the more than 200 cases were clinical infections. Officials in the UK aimed to assuage fear of the fungus and assure patients that hospitals were safe. "Our enhanced surveillance shows a low risk to patients in healthcare settings. Most cases detected have not shown symptoms or developed an infection as a result of the fungus," Dr Colin Brown, of Public Health England's national infection service, told the BBC.

Yet, public health experts are uneasy about the rapid emergence and level of drug resistance the pathogen is showing. In a surveillance update in July, the U.S. Centers for Disease Control and Prevention said that C. auris "presents a serious global health threat." It was first identified in the ear of a patient in Japan in 2009. Since then, it has spread swiftly, showing up in more than a dozen countries, including the U.S., according to the CDC. So far, health officials have reported around 100 infections in nine U.S. states and more than 100 other cases where the fungus was detected but wasn't causing an infection.

More than a dozen high technology companies and the biggest wireless operator in the United States, Verizon, have called on the U.S. Supreme Court to make it harder for government officials to access individuals' sensitive cellphone data. From a report: The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user's whereabouts. Signed by some of Silicon Valley's biggest names, including Apple, Facebook, Twitter, Snap and Alphabet's Google, the brief said that as individuals' data is increasingly collected through digital devices, greater privacy protections are needed under the law. "That users rely on technology companies to process their data for limited purposes does not mean that they expect their intimate data to be monitored by the government without a warrant," the brief said.

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

Robotron23 writes: Vinod Khosla, a Silicon Valley venture capitalist, has lost his appeal to privatize Martins Beach -- a publicly-owned strip of coastline in California. Having previously fenced off the land in a bid to render the area private, Khosla has been ordered to restore access by a California court. Khosla had previously demanded the government pay him $30 million to reopen the gate to the beachfront. The law of California states that all beaches should be open to the public up to the "mean high tide line." "The decision this week, affirming a lower court ruling, stems from a lawsuit filed by the Surfrider Foundation, a not-for-profit group that says the case could have broader implications for beach access across the U.S.," reports The Guardian.

New submitter simkel writes: When the Federal Communications Commission went looking this year for experts to sit on an advisory committee regarding deployment of high-speed internet, Gary Carter thought he would be a logical choice. Carter works for the city of Santa Monica, California, where he oversees City Net, one of the oldest municipal-run networks in the nation. The network sells high-speed internet to local businesses, and uses the revenue in part to connect low-income neighborhoods. That experience seemed to be a good match for the proposed Broadband Deployment Advisory Committee (BDAC), which FCC Chairman Ajit Pai created this year. One of the panel's stated goals is to streamline city and state rules that might accelerate installation of high-speed internet. But one of the unstated goals, members say, is to make it easier for companies to build networks for the next generation wireless technology, called 5G. The advanced network, which promises faster speeds, will require that millions of small cells and towers be erected nationwide on city- and state-owned public property. The assignment seemed to call out for participation from city officials like Carter, since municipal officials approve where and what equipment telecommunications companies can place on public rights of way, poles and buildings. But the FCC didn't choose Carter -- or almost any of the other city or state government officials who applied. Sixty-four city and state officials were nominated for the panel, but the agency initially chose only two: Sam Liccardo, mayor of San Jose, California, and Kelleigh Cole from the Utah Governor's Office, according to documents obtained by the Center for Public Integrity through a Freedom of Information Act request. Pai later appointed another city official, Andy Huckaba, a member of the Lenexa, Kansas, city council. Instead the FCC loaded the 30-member panel with corporate executives, trade groups and free-market scholars. More than three out of four seats on the BDAC are filled by business-friendly representatives from the biggest wireless and cable companies such as AT&T, Comcast, Sprint, and TDS Telecom. Crown Castle International Corp., the nation's largest wireless infrastructure company, and Southern, the nation's second-largest utility firm, have representatives on the panel.

China recently launched a crackdown on the use of software which allows users to get around its heavy internet censorship. Now as the BBC reports, developers are facing growing pressure. From the report: The three plain-clothes policemen tracked him down using a web address. They came to his house and demanded to see his computer. They told him to take down the app he was selling on Apple's App Store, and filmed it as it was happening. His crime was to develop and sell a piece of software that allows people to get round the tough restrictions that limit access to the internet in China. A virtual private network (VPN) uses servers abroad to provide a secure link to the internet. It's essential in China if you want to access parts of the outside world like Facebook, Gmail or YouTube, all of which are blocked on the mainland. "They insisted they needed to see my computer," the software developer, who didn't want us to use his name, told us during a phone interview. "I said this is my private stuff. How can you search as you please?" No warrant was produced and when he asked them what law he had violated they didn't say. Initially he refused to co-operate but, fearing detention, he relented. Then they told him what they wanted: "If you take the app off the shelf from Apple's App Store then this will be all over." 'Sorry, I can't help you with that'. Up until a few months ago his was a legal business. Then the government changed the regulations. VPN sellers need a licence now.

An anonymous reader writes: European countries are currently implementing new data protection laws. Recently, despite leaving the European Union, the United Kingdom has expressed intent to implement the law called General Data Protection Regulation. As an extension, the UK wants to to ban re-identification (with a penalty of unlimited fines), the method of reversing anonymization, or pointing out the weakness of the used anonymisation process. One famous example was research re-identifying Netflix users from published datasets. By banning re-identification, UK follows the lead of Australia which is considering enacting similarly controversial law that can lead to making privacy research difficult or impossible. Privacy researchers express concerns about the effectiveness of the law that could even complicate security, a view shared by privacy advocates.

New submitter cdreimer writes: According to a report in The Wall Street Journal (Warning: source may be paywalled, alternative source), the author behind the U.S. government's password requirements regrets wasting our time on changing passwords so often. From the report: "The man who wrote the book on password management has a confession to make: He blew it. Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of 'NIST Special Publication 800-63. Appendix A.' The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers -- and to change them regularly. The document became a sort of Hammurabi Code of passwords, the go-to guide for federal agencies, universities and large companies looking for a set of password-setting rules to follow. The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn't keep the hackers at bay. Also off the mark: demanding a letter, number, uppercase letter and special character such as an exclamation point or question mark -- a finger-twisting requirement." "Much of what I did I now regret," Bill Burr told The Wall Street Journal. "In the end, [the list of guidelines] was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree."

An anonymous reader writes: Several Internet service providers in India have blocked access to Internet Archive -- a non-profit organisation that runs Wayback Machine, a massive archive of webpages dating back to over a decade -- Indian outlet NDTV reported Tuesday. Some subscribers of Airtel, Aircel, and Act Internet, among other carriers, are seeing a DoT notification when they attempt to access Internet Archive. The notification reads, 'Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India.' Popularly known as time-warping tool, Internet Archive's Way Back Machine has made copies of over three billion pages over the years. In the age of ephemeral media, Way Back Machine has become a cultural phenomenon, serving as a permanent registrar of popular websites and other webpages.

mi shares an opinion piece written by Jenny Beth Martin via The Hill: A study published in 2015 by The Los Angeles Times revealed that just three of Musk's ventures -- SolarCity Corp. (which manufactured and installed solar energy systems before its 2016 merger with Tesla Motors Inc.), Tesla Motors Inc. (which manufactures electric vehicles), and Space Exploration Technologies Corp., known as SpaceX (which builds rocket ships) -- had received $4.9 billion in government subsidies to that point in time. By now, Musk's various ventures have sucked well over $5 billion from government coffers. Worse: in order to induce car buyers to spend their money on electric vehicles, the federal government offers a $7,500 rebate on the purchase price. Some states enhance that rebate with rebates of their own. In California, for instance, purchasers of electric vehicles get a state-funded rebate of $2,500 more.

Slashdot reader mi asks: "Why are you and I subsidizing Elon Musk's products and when will his businesses be able to compete on their own?"

An anonymous reader shares a report from NPR: In a 3,300-word document that has been shared across Google's internal networks, an engineer at the company wrote that "biological causes" are part of the reason women aren't represented equally in its tech departments and leadership. The document also cited "men's higher drive for status." The engineer's criticism of Google's attempts to improve gender and racial diversity has prompted two Google executives to rebut the lengthy post, which accused the company of creating an "ideological echo chamber" and practicing discrimination. Wide sharing of the document has highlighted struggles with gender equality and the wage gap in the tech industry and particularly at Google, which was sued by the federal government earlier this year for refusing to share compensation amounts and other data.

But in contrast, the document's author -- whose identity hasn't been publicly released but who claims to work at the company's Mountain View, Calif., headquarters -- accused Google of having "a politically correct monoculture that maintains its hold by shaming dissenters into silence." Not enough has been done, the engineer said, to encourage a diversity of viewpoints and ideologies at Google. The author also faulted the company for offering mentoring and other opportunities to its employees based on gender or race. The engineer began the document by stating, "I value diversity and inclusion, am not denying that sexism exists, and don't endorse using stereotypes." The message ended with a similar sentiment -- but with the added notion, "Stereotypes are much more accurate and responsive to new information than the [company's] training suggests." In addition to the responses made from Google's VP of Diversity, Integrity and Governance, Danielle Brown, former engineer Yonatan Zunger, and Google VP of Engineering Ari Balogh, senior developer Sarah Mei wrote: "This guy almost certainly thinks of himself as a 'computer scientist,' but he does exactly what you're not supposed to do as a scientist. He draws a conclusion favorable to his ego, and then works backwards from there, constructing an argument to justify it. [...] This google dude literally works at the company that made it _trivially easy_ to locate relevant social science research."

An anonymous reader quotes Ars Technica: A former Volkswagen executive has pleaded guilty to two charges related to the company's diesel emissions scandal. He is the second VW Group employee to do so, following retired engineer James Liang pleading guilty last summer. The VW Group executive, Oliver Schmidt, was based outside of Detroit and was in charge of emissions compliance for Volkswagen in the years before the company was caught using illegal software to cheat on federal emissions tests.

Schmidt, a German citizen who was 48 when he was arrested in Miami in January on vacation, was originally charged with 11 felony counts. In accepting a plea deal from US federal officials, Schmidt will only plead guilty to two charges: conspiracy to defraud the US government and violate the Clean Air Act, and making a false statement under the Clean Air Act. Schmidt will be sentenced in December. He could face up to seven years in prison, as well as fines from $40,000 to $400,000, according to the plea agreement. After that, Schmidt could also be required to serve four years of supervised release.