Skip to content

IT News

F.C.C. Plans Net Neutrality Repeal in a Victory for Telecoms

Quote

The Federal Communications Commission released a plan on Tuesday to dismantle landmark regulations that ensure equal access to the internet, clearing the way for internet service companies to charge users more to see certain content and to curb access to some websites.

The proposal, made by the F.C.C. chairman, Ajit Pai, is a sweeping repeal of rules put in place by the Obama administration. The rules prohibit high-speed internet service providers, or I.S.P.s, from stopping or slowing down the delivery of websites. They also prevent the companies from charging customers extra fees for high-quality streaming and other services.

The announcement set off a fight over free speech and the control of the internet, pitting telecom titans like AT&T and Verizon against internet giants like Google and Amazon. The internet companies warned that rolling back the rules could make the telecom companies powerful gatekeepers to information and entertainment. The telecom companies say that the existing rules prevent them from offering customers a wider selection of services at higher and lower price points.

Nothing to see here folks, just normal government for big business, by big business, and all for the best democracy that money can buy.

As The FCC Guts Net Neutrality, Comcast Again Falsely Claims You Have Nothing To Worry About

Quote

With the FCC formally confirming its plan to kill existing net neutrality protections December 15, Comcast is back again insisting that you have absolutely nothing to worry about. In a new blog post, top Comcast lobbyist “Chief Diversity Officer” David Cohen once again claims that net neutrality harmed industry investment (independent analysis and executive statements have repeatedly shown this to be a lie), that Comcast will be able to self-regulate in the absence of real oversight, and that gutting the Title II foundation underpinning the agency’s rules just isn’t that big of a deal:

“As we have said previously, this proposal is not the end of net neutrality rules. With the FCC transparency requirement and the restoration of the FTC‘s role in overseeing information services, the agencies together will have the authority to take action against any ISP which does not make its open Internet practices clearly known to consumers, and if needed enforce against any anti-competitive or deceptive practices. Comcast has already made net neutrality promises to our customers, and we will continue to follow those standards, regardless of the regulations in place.”

Monoplists

She flipped off President Trump — and got fired from her government contracting job

She should of been given a hero’s welcome, but instead she got the boot from here job at Akima.

In about Akima

Akima ensures non-discrimination in all programs and activities in accordance with Title VI of the Civil Rights Act of 1964

More Bullshit. This company which is now essentially another I.T. Beltway Bandit is a disgrace. They stood up for money over common sense, money over fair employee treatment and justice, and money over decency. Too bad my tax dollars funds their ilk.

And hypocrisy and favoritism do not escape them either.

She identifies herself as an Akima employee on her LinkedIn account but makes no mention of the middle-finger photo there.

Wait. It gets even more obscene.

Because Briskman was in charge of the firm’s social-media presence during her six-month tenure there, she recently flagged something that did link her company to some pretty ugly stuff.

As she was monitoring Facebook this summer, she found a public comment by a senior director at the company in an otherwise civil discussion by one of his employees about the Black Lives Matter movement.

“You’re a f—— Libtard a——,” the director injected, using his profile that clearly and repeatedly identifies himself as an employee of the firm.

In fact, the person he aimed that comment at was so offended by the intrusion into the conversation and the coarse nature of it that he challenged the director on representing Akima that way.

So Briskman flagged the exchange to senior management.

Did the man, a middle-aged executive who had been with the company for seven years, get the old “Section 4.3” boot?

Nope. He cleaned up the comment, spit-shined his public profile and kept on trucking at work.

But the single mother of two teens who made an impulsive gesture while on her bike on her day off?

Adios, amiga.

Source: WP Article

According to their code of conduct

While using social media sites and other social networking tools we must keep the best interests of the Company in mind. Employees are prohibited from posting illegal or prohibited materials on Company social media sites, including but not limited to materials that are harassing or discriminatory. Confidential information must be protected and never disclosed in an unauthorized manner, including posted to any unauthorized site.

Well she was not at work and not using company’ assets. She was on her day off. She was exercising her 1st amendment rights. Or does one surrender their 1st amendment rights to work for Akima?

Another malware outbreak in Google’s Play Store

Regular readers (are their any?) will note that I often rail against Google not policing their Good Play Store. Users think that since it has Google’s name on it, it is safe. Not in the least bit. In addition to the fact that the majority of apps have built in spyware, there are even more serious malware laden apps as the following article delineates.

Quote

50 apps get pulled as ExpensiveWall malware runs riot in the store

Google has had to pull 50 malware-laden apps from its Play Store after researchers found that virus writers had once again managed to fool the Chocolate Factory’s code checking system.

The malware was dubbed ExpensiveWall by Check Point security researchers because it was found in the Lovely Wallpaper app. It carries a payload that registers victims for paid online services and sends premium SMS messages from a user’s phone and leaves them to pick up the bill. It was found in 50 apps on the Play Store and downloaded by between 1 million and 4.2 million users.

Once downloaded, the malware asks for permission to access the internet and send and receive SMS messages. It then pings its command and control server with information on the infected handset, including its location and unique identifiers, such as MAC and IP addresses, IMSI, and IMEI numbers.

The servers then send the malware a URL, which it opens in an embedded WebView window. It then downloads the attack JavaScript code and begins to clock up bills for the victim. The researchers think the malware came from a software development kit called GTK.

“Check Point notified Google about ExpensiveWall on August 7, 2017, and Google promptly removed the reported samples from its store,” the researchers note. “However, even after the affected Apps were removed, within days another sample infiltrated Google Play, infecting more than 5,000 devices before it was removed four days later.”

It appears that Google missed warnings about the malware infection. The user comments section of at least one of the infected apps was filled with outraged users noting that it was carrying a malicious payload and it appears that the apps were being promoted on Instagram.

Cases of malware infecting Google’s Play Store are becoming depressingly common. Just last month it was banking malware and a botnet controller, in July commercial spyware made it in, advertising spamming code popped up in May (preceded by similar cases in March and April), and there was a ransomware outbreak in January.

By contrast, Apple’s App Store appears to do a much better job at checking code, and malware is a rarity in Cupertino’s app bazaar. While some developers complain that it can take a long time to get code cleared by Apple, at least the firm is protecting its customers by doing a thorough job, although Apple’s small market share also means malware writers tend not to use iOS for their apps.

By contrast, Google’s Bouncer automated code-checking software appears to be very easily fooled. Google advised users to only download apps from its Store, since many third-party marketplaces are riddled with dodgy apps, but that advice is getting increasingly untenable.

It’s clear something’s going to have to change down at the Chocolate Factory to rectify this. A big outbreak of seriously damaging malware could wreak havoc, given Android’s current market share, and permanently link the reputation of the operating system with malware, in the same way as Windows in the 90s and noughties. ®

HOTSPOT VPN == Spyware

Quote

Hotspot Shield VPN throws your privacy in the fire, injects ads, JS into browsers – claim
CDT tries to set fed trade watchdog on internet biz
By Thomas Claburn in San Francisco 7 Aug 2017 at 20:20

The Center for Democracy & Technology (CDT), a digital rights advocacy group, on Monday urged US federal trade authorities to investigate VPN provider AnchorFree for deceptive and unfair trade practices.

AnchorFree claims its Hotspot Shield VPN app protects netizens from online tracking, but, according to a complaint filed with the FTC, the company’s software gathers data and its privacy policy allows it to share the information.

Worryingly, it is claimed the service forces ads and JavaScript code into people’s browsers when connected through Hotspot Shield: “The VPN has been found to be actively injecting JavaScript codes using iframes for advertising and tracking purposes.”

“Hotspot Shield tells customers that their privacy and security are ‘guaranteed’ but their actual practices starkly contradict this,” said Michelle De Mooy, Director of CDT’s Privacy & Data Project, in a statement. “They are sharing sensitive information with third party advertisers and exposing users’ data to leaks or outside attacks.”

….
IP address and unique device identifiers are generally considered to be private personal information, but AnchorFree’s Privacy Policy explicitly exempts this data from its definition of Personal Information.

“Contrary to Hotspot Shield’s claims, the VPN has been found to be actively injecting JavaScript codes using iFrames for advertising and tracking purposes,” the complaint says, adding that the VPN uses more than five different third-party tracking libraries.

What’s the alternative? Rool your own, set up a VPS or Algo or both

Robocalls Flooding Your Cellphone? Here’s How to Stop Them

So here is a New York Times article on the subject. There are a few good ideas, but another layer is to always block your caller id and only unblock it for contacts you trust. Here is the FULL ARTICLE, but I summarize below

Rule No. 1 The most simple and effective remedy is to not answer numbers you don’t know, Mr. Quilici said.

“Just interacting with these calls is just generally a mistake,” he said.

If you do answer, don’t respond to the invitation to press a number to opt out. That will merely verify that yours is a working number and make you a target for more calls, experts said.

List your phones on the National Do Not Call Registry and report them there!

Use apps such as Truecaller, RoboKiller (fee), Mr. Number (owned by Hiya<below>), Nomorobo (free for landlines, fee for mobile) and Hiya (fee??), which will block the calls.  (Note: I have not reviewed any of these for security issues, so caveat emptor)

Phone companies, such as T-Mobile, Verizon and AT&T, also have tools to combat robocalls. They work by blocking calls from numbers known to be problematic  (Note: Oh yea, after being going through 10 minutes of voice response and being on hold for another 20 minutes)

Turn the tables And then there is the Jolly Roger Telephone Company, which turns the tables on telemarketers. This program allows a customer to put the phone on mute and patch telemarketing calls to a robot, which understands speech patterns and inflections and works to keep the caller engaged.  (Note – I kind of like this idea, but many of these miscreants use fake caller IDs of legitimate business phone numbers. Also note, the services is NOT free, but not that expensive either for that matter.)

 

Nasty Hole in Skype

Nothing to see here, says Microsoft, just more crappy code

Infosec researchers have discovered a nasty and exploitable security vulnerability in older versions of Skype on Windows.The stack buffer overflow flaw allows miscreants to inject malicious code into Windows boxes running older versions of Skype, bug hunters at Vulnerability Laboratory warn: The issue can be exploited remotely via session or by local interaction. The problem is located in the print clipboard format & cache transmit via remote session on Windows XP, Windows 7, Windows 8 and Windows 10. In Skype v7.37 the vulnerability is patched.The CVE-2017-9948 bug involves mishandling of remote RDP clipboard content within the message box.Microsoft said the bug isn’t a problem for those running the latest version of its software.”Users on the latest Skype client are automatically protected, and we recommend upgrading to this version for the best protection,” a Microsoft spokesperson told El Reg.Vulnerability Laboratory’s Benjamin Kunz Mejri responded that although Microsoft had fixed this issue with version 7.37, widely used versions 7.2, 7.35 and 7.36 are still vulnerable to what he described as a “critical” security issue.
Source

If you are using XP you are screwed maybe as 7.36 is the last version… but

CVE-2017-9948 allows local or remote attackers to execute own codes on the affected and connected systems via Skype.
CVE-2017-9948 Fixed in v7.2, v7.3.5 & v7.3.6 Skype Versions

“In a software update of the v7.2, v7.3.5 & v7.3.6 version of Skype, a limitation has been implemented for the clipboard function”, researchers explain. Users of older versions of Skype are advised to update to the latest version as soon as possible to avoid becoming victims of malicious attacks.

Also, it’s important to note that the security risk associated with this flaw is high, as the exploitation of the buffer overflow software vulnerability requires no user interaction and only a low privilege Skype user account.

Source
https://sensorstechforum.com/cve-2017-9948-severe-skype-flaw/

Oh, that Apple Link you clicked on — it is Russian or Chinese or anything but Apple

Quote

Click this link (don’t fret, nothing malicious). Chances are your browser displays “apple.com” in the address bar. What about this one? Goes to “epic.com,” right?

Wrong. They are in fact carefully crafted but entirely legitimate domains in non-English languages that are designed to look exactly the same as common English words. The real domains for the two above links are: xn--80ak6aa92e.com and xn--e1awd7f.com.

In quick testing by El Reg, Chrome 57 on Windows 10 and macOS 10.12, and Firefox 52 on macOS, display apple.com and epic.com rather than the actual domains. We’re told Chrome 57 and Firefox 52 are vulnerable while Safari and Internet Explorer are in the clear. Bleeding-edge Chrome 60 on macOS 10.12 was not vulnerable.

This domain disguising, which tricks people into visiting a site they think is legit but really isn’t, is called a “homograph attack” – and we were supposed to have fixed it more than a decade ago when the exact same problem was noticed with respect to the address “paypal.com.”

So what is this, how does it work, and why does it still exist?

Well, thanks to the origins of the internet in the United States, the global network’s addressing systems were only designed to handle English – or, more accurately, the classic Western keyboard and computer ASCII text.

The limitations of this approach became apparent very soon after people in other countries started using the domain name system and there was no way to represent their language.

And so a lengthy and often embarrassingly tone-deaf effort was undertaken by largely American engineers to resolve this by assigning ASCII-based codes to specific symbols. Unicode became “Punycode.”

PS: To fix the issue with Chrome, wait for Chrome 58 to arrive around April 25 and install it. On Firefox, Firefox Mobile, and Seamonkey, go to about:config and set network.IDN_show_punycode to true.

Dear Microsoft: absolutely not!

Great Rant–Quote

#MakeWhatsNext: Change the Odds

And it has nothing to do with your software. It has to do with your new ad campaign, which I happened to see while I was at the gym last week. Here’s the gist: brilliant young girls express their ambitions to cure cancer and explore outer space and play with the latest in virtual reality tech. Then—gotcha!—they’re shown a statistic that only 6.7% of women graduate with STEM degrees. They look crushed. The tagline? “Change the world. Stay in STEM.”

Are you fucking kidding me?

Microsoft, where’s your ad campaign telling adult male scientists not to rape their colleagues in the field? Where’s the campaign telling them not to steal or take credit for women’s work? Or not to serially sexually harass their students? Not to discriminate against them? Not to ignore, dismiss, or fail to promote them at the same rate as men? Not to publish their work at a statistically significant lower rate? Not to refuse to take women on field expeditions, as did my graduate advisor, now tenured at University of Washington? Where’s your ad campaign telling institutions not to hire, shelter, or give tenure to serial harassers or known sexists, as UW and countless others have done? Where’s your ad campaign encouraging scientific journals to switch to blind submissions and blind peer reviewers? Or to pay women at the same rate as men? I could keep linking articles all day. But I’m tired. Everyones’ noses have been pushed in these same data for decades and nothing changes.

There’s a reason women and girls leave STEM. It is because STEM is so hostile to women that leaving the field is an act of survival. It was for me.

Microsoft, do not dump this shit on the shoulders of young girls. It’s not their responsibility; it’s the responsibility of those in power. That means you.