AT&T outclassed Verizon in hurricane response, and it wasn’t close, union says

A Florida man sets up a sign that says,

Enlarge / PANAMA CITY, Fla. – OCTOBER 19: Mark Mauldin hangs a sign near the front of his property expressing his dissatisfaction with his Verizon cell phone service following Hurricane Michael, which slammed into the Florida Panhandle on October 10. (credit: Getty Images | Scott Olson )

filing with the Federal Communications Commission, which recently found that carriers’ mistakes prolonged outages caused by the hurricane. Many customers had to go without cellular service for more than a week.

It’s not surprising for a union to argue that union workers are preferable to contractors, of course. But it seems clear that AT&T did a better job than Verizon after the storm. In the days following the October 2018 hurricane, Florida Governor Rick Scott slammed Verizon for its poor hurricane response while praising AT&T for quickly restoring service.

Read 15 remaining paragraphs | Comments

>20,000 Linksys routers leak historic record of every device ever connected

>20,000 Linksys routers leak historic record of every device ever connected

(credit: US Navy)

(credit: Troy Mursch)

Independent researcher Troy Mursch said the leak is the result of a flaw in almost three dozen models of Linksys routers. It took about 25 minutes for the Binary Edge search engine of Internet-connected devices to find 21,401 vulnerable devices on Friday. A scan earlier in the week found 25,617. They were leaking a total of 756,565 unique MAC addresses. Exploiting the flaw requires only a few lines of code that harvest every MAC address, device name, and operating system that has ever connected to each of them.

Read 9 remaining paragraphs | Comments

The radio navigation planes use to land safely is insecure and can be hacked

A plane in the researchers' demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway.

Enlarge / A plane in the researchers’ demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway. (credit: Sathaye et al.)

software defined radio, the researchers can spoof airport signals in a way that causes a pilot’s navigation instruments to falsely indicate a plane is off course. Normal training will call for the pilot to adjust the plane’s descent rate or alignment accordingly and create a potential accident as a result.

Read 36 remaining paragraphs | Comments

Unless you want your payment card data skimmed, avoid these commerce sites

Unless you want your payment card data skimmed, avoid these commerce sites

Enlarge (credit: Mighty Travels / Flickr)

found 105 websites that executed card-skimming JavaScript hosted on the malicious domain magento-analytics[.]com. While the domain returns a 403 error to browsers that try to visit it, a host of magento-analytics[.]com URLs host code that’s designed to extract the name, number, expiration date, and CVV of payment cards that are used to make purchases. The e-commerce sites are infected when the attackers add links that cause the malicious JavaScript to be executed.

One of the infected sites identified by Netlab 360 is ilybean[.]com, an Orlando, Florida, business that sells baby beanies. As the screenshot below shows, the site executes JavaScript hosted at magento-analytics[.]com.

Read 9 remaining paragraphs | Comments

A mysterious hacker gang is on a supply-chain hacking spree

Stylized photo of desktop computer.

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

software supply-chain attack represents one of the most insidious forms of hacking. By breaking into a developer’s network and hiding malicious code within apps and software updates that users trust, supply-chain hijackers can smuggle their malware onto hundreds of thousands—or millions—of computers in a single operation, without the slightest sign of foul play. Now what appears to be a single group of hackers has managed that trick repeatedly, going on a devastating supply-chain hacking spree—and the hackers have become more advanced and stealthy as they go.

Over the past three years, supply-chain attacks that exploited the software distribution channels of at least six different companies have now all been tied to a single group of likely Chinese-speaking hackers. The group is known as Barium, or sometimes ShadowHammer, ShadowPad, or Wicked Panda, depending on which security firm you ask. More than perhaps any other known hacker team, Barium appears to use supply-chain attacks as its core tool. Its attacks all follow a similar pattern: seed out infections to a massive collection of victims, then sort through them to find espionage targets.

Read 18 remaining paragraphs | Comments

Pornhub wants to buy Tumblr and restore site to former porn-filled glory

A Verizon logo displayed along with stock prices at the New York Stock Exchange.

Enlarge / A monitor seen on the floor of the New York Stock Exchange on Tuesday, Sept. 4, 2018. (credit: Getty Images | Bloomberg)

Less than two years after buying Tumblr as part of its Yahoo acquisition, Verizon is reportedly trying to sell the blogging platform. Pornhub has also announced that it wants to buy Tumblr and end the site’s Verizon-imposed porn ban.

“Verizon Communications Inc. is seeking a buyer for blogging website Tumblr, according to people familiar with the matter, as it tries to steady a media business that has struggled to meet revenue targets,” The Wall Street Journal reported yesterday.

Pornhub quickly announced its interest after the news broke, although it isn’t clear whether the two companies have talked. Verizon banned all adult content from Tumblr in December 2018, and Pornhub wants to restore the site to its former porn-filled glory.

Read 9 remaining paragraphs | Comments

Department of Justice opens investigation into failed carbon-capture plant

Cranes stand at the construction site for Southern Co.'s Kemper County power plant near Meridian, Miss., on Tuesday, Feb. 25, 2014.

Enlarge / Cranes stand at the construction site for Southern Co.’s Kemper County power plant near Meridian, Miss., on Tuesday, Feb. 25, 2014. (credit: Gary Tramontina/Bloomberg via Getty Images)

Southern’s most recent financial statement (PDF).

The Mississippi-based facility had received $387 million in federal grants to build a state-of-the-art coal gasification and carbon-capture power plant (otherwise known as an Integrated Gasification Combined Cycle, or IGCC, plant). But in 2017, Southern’s subsidiary, Mississippi Power, decided to scrap the cutting-edge tech and only use the power plant to burn cheaper natural gas, in a major blow to the proponents of carbon capture.

Bad timing

Kemper was a complicated project. It was located near a lignite coal mine, which was intended to serve Kemper exclusively. Lignite is a low-grade coal compared to the anthracite and bituminous coal that’s found in Wyoming and Montana, so Kemper planned to synthetically transform the plentiful local coal to gas. The plant would then burn the syngas in a turbine, strip the carbon dioxide (CO2) from the power plant’s flue, and send that CO2 through a pipeline to an oilfield where it would be used for enhanced oil recovery. (That is, CO2 is forced down into an oil well to increase the pressure of the well so more oil can be recovered.)

Read 9 remaining paragraphs | Comments

Google unveils auto-delete for location, Web activity, and app usage data

A large Google sign seen on a window of Google's headquarters.

Enlarge / Mountain View, Calif.—May 21, 2018: Exterior view of a Googleplex building, the corporate headquarters of Google and parent company Alphabet. (credit: Getty Images | zphotos)

Google will soon let users automatically delete location history and other private data in rolling intervals of either three months or 18 months.

“Choose a time limit for how long you want your activity data to be saved—3- or 18-months—and any data older than that will be automatically deleted from your account on an ongoing basis,” Google announced yesterday. “These controls are coming first to Location History and Web & App Activity and will roll out in the coming weeks.”

Google location history saves locations reported from mobile devices that are logged into your Google account, while saved Web and app activity includes “searches and other things you do on Google products and services, like Maps; your location, language, IP address, referrer, and whether you use a browser or an app; Ads you click, or things you buy on an advertiser’s site; [and] Information on your device like recent apps or contact names you searched for.”

Read 11 remaining paragraphs | Comments