Friday, April 30

More US agencies potentially hacked, this time with Pulse Secure exploits

More US agencies potentially hacked, this time with Pulse Secure exploits

Enlarge (credit: Getty Images)

At least five US federal agencies may have experienced cyberattacks that targeted recently discovered security flaws that give hackers free rein over vulnerable networks, the US Cybersecurity and Infrastructure Security Agency said on Friday.

The vulnerabilities in Pulse Connect Secure, a VPN that employees use to remotely connect to large networks, include one that hackers had been actively exploiting before it was known to Ivanti, the maker of the product. The flaw, which Ivanti disclosed last week, carries a severity rating of 10 out of a possible 10. The authentication bypass vulnerability allows untrusted users to remotely execute malicious code on Pulse Secure hardware, and from there, to gain control of other parts of the network where it's installed.

Federal agencies, critical infrastructure, and more

Security firm FireEye said in a report published on the same day as the Ivanti disclosure that hackers linked to China spent months exploiting the critical vulnerability to spy on US defense contractors and financial institutions around the world. Ivanti confirmed in a separate post that the zeroday vulnerability, tracked as CVE-2021-22893, was under active exploit.

Read 9 remaining paragraphs | Comments

Mysterious health attack like those seen in Cuba have come to DC

The White House, the South Lawn, and part of the Ellipse are seen from the observation deck of the Washington Monument on October 1, 2014, in Washington, DC.

Enlarge / The White House, the South Lawn, and part of the Ellipse are seen from the observation deck of the Washington Monument on October 1, 2014, in Washington, DC. (credit: Getty | Chip Somodevilla )

At least two US government officials have experienced mysterious health incidents in the Washington, DC, area that are strikingly similar to the brain-damaging “health attacks” that plagued US diplomats in Cuba beginning in 2016.

Last November, a National Security Council official reported being sickened while near the Ellipse, the White House’s large, oval-shaped southern lawn ,according to a report by CNN. In a separate 2019 incident, a White House staff member said she also experienced something akin to a health attack while walking her dog in Arlington, Virginia, a suburb of Washington, DC. The 2019 incident, which occurred just after Thanksgiving, was first reported by GQ last year. The magazine wrote at the time:

According to a government source familiar with the incident, the staffer passed a parked van. A man got out and walked past her. Her dog started seizing up. Then she felt it too: a high-pitched ringing in her ears, an intense headache, and a tingling on the side of her face.

The staffer also said she had experienced a similar incident just a few months earlier, in August of 2019, while she was traveling in London with then-National Security Adviser John Bolton. According to GQ, the staffer reported again feeling a tingling in the side of her head, which was facing the window of her hotel room, as well as intense pressure and ringing in her ears. All of those symptoms stopped when she left the room.

Read 8 remaining paragraphs | Comments

The NYPD retires “Digidog” robot after public backlash

The NYPD's Digidog is just a Boston Dynamics robot in blue livery.

Enlarge / The NYPD's Digidog is just a Boston Dynamics robot in blue livery. (credit: Daniel Valls/FNTV freedomnews.tv)

The Guardian reports that the New York City Police Department (NYPD) is retiring "Digidog," a Boston Dynamics Spot robot the state started testing in December. The department described the robot as a tool that could be used to defuse dangerous situations and said it would help officers stay out of harm's way. In an environment where critics question the amount of resources police departments are given, having a state-of-the-art robot dog patrolling the streets of NYC drew a lot of negative attention and viral videos. The local ABC News affiliate reports that testing was supposed to continue until August.

With the robot set to be returned to Boston Dynamics, New York City Mayor Bill de Blasio said he is "glad the Digidog was put down," adding through a spokesperson that the robot is "creepy, alienating, and sends the wrong message to New Yorkers." The police signed a $94,200 contract for the robot, about enough for one $74,500 spot unit and one 360 degree "Spot Cam" camera for $21,800. US Representative Alexandria Ocasio-Cortez argued that the money should be invested in communities instead, saying, "When was the last time you saw next-generation, world class technology for education, healthcare, housing, etc consistently prioritized for underserved communities like this?"

The high-tech robot police dog naturally sent imaginations running wild, but Spot is just a human-operated mobile camera, as opposed to an autonomous, weaponized dog version of RoboCop. Boston Dynamics' terms of sale prohibit weaponizing Spot, with the "prohibited uses" section (5.2) banning "intentional use of the Equipment to harm or intimidate any person or animal, as a weapon, or to enable any weapon." Rules are only good if they're enforced, though, and there's an argument to be made that police use of the robot counts as "intimidation." Either way, arming the police with a $100,000 surveillance device did not earn the department a lot of praise.

Read 2 remaining paragraphs | Comments

New York requires $15 broadband for poor people, promptly gets sued by ISPs

A pen and book resting atop a paper copy of a lawsuit.

Enlarge (credit: Getty Images | eccolo74)

Internet service providers today sued New York to block a state law that requires ISPs to sell $15-per-month broadband plans to low-income households.

The lawsuit was filed by lobby groups including USTelecom and CTIA–The Wireless Association, both of which count Verizon and AT&T among their members. Lobby groups for many other ISPs also joined the lawsuit, with plaintiffs including NTCA–The Rural Broadband Association, the Satellite Broadcasting & Communications Association, and the New York State Telecommunications Association. The biggest cable lobby group, NCTA, did not join the lawsuit, but a cable lobby group representing small providers—America's Communications Association—is one of the plaintiffs suing New York.

New York enacted its cheap-broadband law two weeks ago and called it a "first-in-the-nation requirement for affordable Internet for qualifying low-income families."

Read 11 remaining paragraphs | Comments

Porsche rumored to be entering F1 with Red Bull Racing

A blurry photo of a Red Bull Racing F1 car at speed

Enlarge / Red Bull is assuming control of its own engine development next year once Honda leaves the sport. But could we see Porsche badges on the cars before too long? The rumors won't stop swirling. (credit: Lars Baron/Getty Images)

Even though we're only two races in, this year's Formula 1 season is already shaping up to be the most competitive in years. Thanks to the resurgent Red Bull Racing, Mercedes-AMG has a real fight on its hands for the first time since the introduction of hybrid powertrains in 2014.

Red Bull is in the final year of a partnership with Honda, and the Japanese OEM has pulled out all the stops in an effort to leave the sport with a little glory. Starting next year, Red Bull will take over the engine program from Honda, developing its own engines à la Mercedes-AMG, Ferrari, and Alpine. But could we see the energy-drink team partner with Porsche?

Rumors that Volkswagen Group is going to enter F1, either through its Porsche or Audi brands, are almost ever-present in the sport. Both Porsche and Audi scaled back their factory racing efforts as a result of dieselgate and then the pandemic, although both companies are planning to return to endurance racing at Le Mans and here in the US by 2023.

Read 8 remaining paragraphs | Comments

Climate law jeopardizes freedoms, German court rules—but not how you think

Wind turbines near a coal plant.

Enlarge / Wind turbines spin as steam rises from the cooling towers of the Jäenschwalde coal-fired power plant in the distance. (credit: Sean Gallup/Getty Images)

Germany’s top court struck down part of the nation’s sweeping climate law, saying it violates people’s freedoms. 

By many standards, the law is aggressive, requiring the country to slash emissions 55 percent below 1990 levels by 2030 and reach net zero by 2050. The country has already trimmed 35 percent of its carbon pollution, leaving just another 20 percent to be cut over the next nine years. And that’s where the court found fault with the law, saying that it left too much of the burden to future generations.

“The regulations irreversibly postpone high emission reduction burdens until periods after 2030,” the Constitutional Court wrote in a release explaining the ruling. 

Read 7 remaining paragraphs | Comments

Roku vs. Google, part 2: The YouTube TV app gets pulled from the Roku Store

Roku vs. Google, part 2: The YouTube TV app gets pulled from the Roku Store

Enlarge

Roku warned us on Monday that this could happen. This morning, the company announced that YouTube TV is no longer available on the Roku Channel Store. Google and Roku are squabbling over Roku's carrying agreement, just like you might see in an old-school cable TV carriage dispute. The main point of contention seems to be over the AV1 video codec, a new, more efficient video standard that seems poised to be the new standard going forward.

With the two companies unable to come to an agreement, Roku says the YouTube TV app—an app for a $65-per-month service that delivers 85+ live cable TV channels over the Internet, not the normal YouTube app—has been pulled from the Roku channel store. Existing users will continue to be able to use the YouTube TV app on their Roku devices, but new users won't be able to sign up. Here is Roku's full statement:

We are disappointed that Google has allowed our agreement for the distribution of YouTube TV to expire. Roku has not asked for one dollar of additional financial consideration from Google to renew YouTube TV. ​

​We have only asked Google for four simple commitments. First, not to manipulate consumer search results. Second, not to require access to data not available to anyone else. Third, not to leverage their YouTube monopoly to force Roku to accept hardware requirements that would increase consumer costs. Fourth, not to act in a discriminatory and anticompetitive manner against Roku. ​

​Because our contract has expired, we have removed YouTube TV from our channel store. To continue to provide our users with a great streaming experience, we are taking the extra step to continue to offer existing subscribers access to YouTube TV on the Roku platform unless Google takes actions that require the full removal of the channel. Because of Google's conduct, new subscriptions will not be available going forward until an agreement is reached. ​

​It is well past time for Google to embrace the principles that have made streaming so popular for millions of users by giving consumers control of their streaming experience, by embracing fair competition and by ceasing anticompetitive practices. We believe consumers stand to benefit from Google and Roku reaching a fair agreement that preserves these principles and we remain committed to trying to achieve that goal.

Today, Google published a blog post in response, saying, "Despite our best efforts to come to an agreement in the best interests of our mutual users, Roku terminated our deal in bad faith amidst our negotiation. Unfortunately, Roku has often engaged in this tactic with other streaming providers." Google flatly denied Roku's claims that Google wanted user data and wanted to manipulate search, saying, "To be clear, we have never, as they have alleged, made any requests to access user data or interfere with search results. This claim is baseless and false."

Read 8 remaining paragraphs | Comments

Humble Bundle creator brings antitrust lawsuit against Valve over Steam

The Valve logo, as seen in an etched design at its offices.

Enlarge / The Valve logo, as seen in an etched design at its offices. (credit: Sam Machkovech)

Indie developer (and Humble Indie Bundle originator Wolfire Games has filed a proposed class-action lawsuit against Steam creator Valve, saying that the company is wielding Steam's monopoly power over the PC gaming market to extract "an extraordinarily high cut from nearly every sale that passes through its store—30%."

An unbreakable monopoly

The lawsuit, filed in a Washington state federal court, centers on what it considers an illegal tying of the Steam gaming platform (which provides game library management, social networking, achievement tracking, Steam Workshop mods, etc.) and the Steam game store (which processes online payments and delivers a copy of the game). After years of growth, the vast majority of PC gamers are locked in to the Steam platform thanks to "immense network effects" and the high switching costs to move to a new PC platform, the suit argues.

That makes the platform "a must-have for game publishers," who need access to the players on Steam to succeed. But games that use the Steam platform also have to be sold on the Steam Store, where Valve takes its 30 percent cut of all sales. By leveraging its monopoly platform power into a "gatekeeper role" for the store, Valve "wield[s] extreme power over publishers of PC Desktop Games" that leads to a "small but significant and non-transitory increase in price" for developers compared to a truly competitive market, the suit argues.

Read 10 remaining paragraphs | Comments

New iPad Pro, Apple TV 4K, and 24-inch iMac now available for order

An Apple-made image of the various Macs running on the M1 to date.

Enlarge / An Apple-made image of the various Macs running on the M1 to date. (credit: Apple)

As previously announced, today is the day: orders are open on the Apple Store and through other retailers for the remaining hardware products that Apple announced on April 20: the 24-inch iMac and the new iPad Pro and Apple TV 4K.

Yesterday, we reported that multiple leaks seemed to reveal a May 21 ship date for these products, and those leaks turned out to be correct. The initial ship date for all of the above was May 21, but ship estimates have slipped slightly due to demand for some products—and significantly for others.

Specifically, most configurations of the 24-inch iMac, 11-inch iPad Pro, and Apple TV 4K are currently showing ship dates between May 21 and 27, while some specific configurations of the iMac and 11-inch iPad Pro are shipping in early June. The worst case, though, is the 12.9-inch iPad Pro, which in some configurations is shipping as late as July.

Read 4 remaining paragraphs | Comments

EU says Apple’s 30% cut from rival music providers violates competition law

App icons for Spotify, Apple Music, and other apps on an iPhone screen.

Enlarge / Spotify and Apple Music on an iPhone in 2018. (credit: Getty Images | stockcam)

The European Commission today charged Apple with violating antitrust law, alleging that "it distorted competition in the music streaming market as it abused its dominant position for the distribution of music streaming apps through its App Store."

The EC sent a Statement of Objections to Apple reflecting its preliminary conclusion that Apple violated European Union competition law. This kicks off a legal process in which Apple will be able to respond in writing and request an oral hearing before a final judgment is made. The EC took today's action in response to a complaint from Spotify.

"If the case is pursued, the EU could demand concessions and potentially impose a fine of up to 10 percent of Apple's global turnover—as much as $27 billion, although it rarely levies the maximum penalty," according to Reuters.

Read 13 remaining paragraphs | Comments