Businesses

All Major ISPs Have Declined In Customer Satisfaction, Says Study (dslreports.com) 23

The latest American Customer Satisfaction Index survey finds that Verizon FiOS has been rated the highest in customer satisfaction with a score of 70 out of 100. But, as DSLReports notes, that's nothing to write home about since that score was a one point decline from one year earlier. Furthermore, the industry average was 64 points, which is not only a decline from last year but lower than most of the other industries the group tracks. From the report: According to the ACSI, high prices and poor customer service continues to plague an U.S. broadband industry with some very obvious competitive shortcomings. "According to users, most aspects of ISPs are getting worse," the ACSI said. "Courtesy and helpfulness of staff has waned to 76 and in-store service is slower (74). Bills are more difficult to understand (-3 percent to 71), and customers aren't happy with the variety of plans available (-3 percent to 64)." Not a single ISP tracked by the firm saw an improvement in customer satisfaction scores.

The worst of the worst according to the ACSI is Mediacom, which saw a 9% plummet year over year to a score of 53, which is lower than most airlines, banks, and even the IRS according to the report. Charter Spectrum and Suddenlink also saw 8% declines in satisfaction year over year, and despite repeated claims that customer service is now its top priority, Comcast saw zero improvement in broadband satisfaction and a slight decline in pay TV satisfaction.

Wireless Networking

FBI Tells Router Users To Reboot Now To Kill Malware Infecting 500,000 Devices (arstechnica.com) 30

The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices. Ars Technica reports: Researchers from Cisco's Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot. Later in the day, The Daily Beast reported that VPNFilter was indeed developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm. The Daily Beast also said the FBI had seized an Internet domain VPNFilter used as a backup means to deliver later stages of the malware to devices that were already infected with the initial stage 1. The seizure meant that the primary and secondary means to deliver stages 2 and 3 had been dismantled, leaving only a third fallback, which relied on attackers sending special packets to each infected device.

The redundant mechanisms for delivering the later stages address a fundamental shortcoming in VPNFilter -- stages 2 and 3 can't survive a reboot, meaning they are wiped clean as soon as a device is restarted. Instead, only stage 1 remains. Presumably, once an infected device reboots, stage 1 will cause it to reach out to the recently seized ToKnowAll.com address. The FBI's advice to reboot small office and home office routers and NAS devices capitalizes on this limitation. In a statement published Friday, FBI officials suggested that users of all consumer-grade routers, not just those known to be vulnerable to VPNFilter, protect themselves.
The Justice Department and U.S. Department of Homeland Security have also issued statements advising users to reboot their routers as soon as possible.
Security

Vulnerability in Z-Wave Wireless Communications Protocol, Used By Some IoT and Smart Devices, Exposes 100 Million Devices To Attack (bleepingcomputer.com) 56

An anonymous reader writes: The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. The attack -- codenamed Z-Shave -- relies on tricking two smart devices that are pairing into thinking one of them does not support the newer S-Wave S2 security features, forcing both to use the older S0 security standard.

The Z-Shave attack is dangerous because devices paired via an older version of Z-Wave can become a point of entry for an attacker into a larger network, or can lead to the theft of personal property. While this flaw might prove frivolous for some devices in some scenarios, it is a big issue for others -- such as smart door locks, alarm systems, or any Z-Wave-capable device on the network of a large corporation. The company behind the Z-Wave protocol tried to downplay the attack's significance, but its claims were knocked down by researchers in a video.

Communications

Newest NOAA Weather Satellite Suffers Critical Malfunction (arstechnica.com) 51

An anonymous reader quotes a report from Ars Technica: The U.S. National Oceanic and Atmospheric Administration released some bad news yesterday: the GOES-17 weather satellite that launched almost two months ago has a cooling problem that could endanger the majority of the satellite's value. GOES-17 is the second of a new generation of weather satellite to join NOAA's orbital fleet. Its predecessor is covering the U.S. East Coast, with GOES-17 meant to become "GOES-West." While providing higher-resolution images of atmospheric conditions, it also tracks fires, lightning strikes, and solar behavior. It's important that NOAA stays ahead of the loss of dying satellites by launching new satellites that ensure no gap in global coverage ever occurs.

Several weeks ago, it became clear that the most important instrument -- the Advanced Baseline Imager -- had a cooling problem. This instrument images the Earth at a number of different wavelengths, including the visible portion of the spectrum as well as infrared wavelengths that help detect clouds and water vapor content. The infrared wavelengths are currently offline. The satellite has to be actively cooled for these precision instruments to function, and the infrared wavelengths only work if the sensor stays below 60K -- that's about a cool -350F. The cooling system is only reaching that temperature 12 hours a day. The satellite can still produce visible spectrum images, as well as the solar and lightning monitoring, but it's not a glorious next-gen weather satellite without that infrared data.

Communications

YouTube Is Messing With the Order of Videos In Some User Feeds (gizmodo.com) 88

YouTube is testing non-chronological subscription feeds to try and serve you content that it thinks you'll want to see at the top. The problem with this is that the subscription feed exists because users subscribed to content that they want to see. If they don't, they will unsubscribe, thereby removing unwanted content from the feed. Gizmodo reports: YouTube confirmed the test on Twitter after some users noticed the change and inquired as to why the heck their subscription feed was no longer in chronological order. YouTube must have missed the memo about how users react when platforms mess with the order of the sacred feed.

Here's YouTube's how-to and troubleshooting Twitter account explained the test: "Just to clarify. We are currently experimenting with how to show content in the subs feed. We find that some viewers are able to more easily find the videos they want to watch when we order the subs feed in a personalized order vs always showing most recent video first." Weird, considering YouTube already offers recommended videos based on your viewing habits and subscribed channels in its sidebar.

The Courts

ACLU Sues ICE For License Plate Reader Contracts, Records (sfgate.com) 83

An anonymous reader quotes a report from SFGate: The American Civil Liberties Union on Wednesday sued U.S. Immigration and Customs Enforcement for records about the agency's use of license plate reader technology, after ICE apparently failed to turn over records following multiple requests. In December, ICE purchased access to two databases of ALPR data, the complaint reads. One of those databases is managed by Vigilant Solutions, which has contracts with more than two dozen Bay Area law enforcement agencies. "We believe the other is managed by Thomson Reuters," ACLU laywer Vasudha Talla said. The ACLU and other privacy advocates have expressed concern about how this data will be stored and used for civil immigration enforcement. The ACLU filed two requests under the Freedom of Information Act in March seeking records from ICE, including contracts, memos, associated communications, training materials and audit logs. Since then, ICE has not provided any records, the ACLU said in the complaint, which was filed Tuesday morning in the Northern District Court for the Northern District of California. "The excessive collection and storing of this data in databases -- which is then pooled and shared nationally -- results in a systemic monitoring that chills the exercise of constitutional rights to free speech and association, as well as essential tasks such as driving to work, picking children up from school, and grocery shopping," the complaint said. "We have essentially two concerns: one that is general to ALPR databases, and one that's specific to this situation with ICE," Talla said. "The ACLU has done a lot of work around surveillance technology and ALPR, and we're generally concerned about the aggregation of all this data about license plates paired with a time and location, stretching back for so many months and years."
Businesses

Elon Musk To Fight Fake News, Rate Journalists' Credibility Via a Site Called 'Pravda' 311

Elon Musk took to Twitter today to announce his next project: a site called "Pravda" that ranks journalists' credibility and fights fake news. "Going to create a site where the public can rate the core truth of any article & track the credibility score over time of each journalist, editor & publication," tweeted Musk. "Thinking of calling it Pravda..." Musk continued: "Even if some of the public doesn't care about the credibility score, the journalists, editors & publications will. It is how they define themselves." A subsequent Twitter poll (exposed to mostly Musk followers) reveals that most people believe "this would be good."

Accredited journalist Mark Harris replied to the Tesla and SpaceX CEO with a copy of a Statement and Designation by Foreign Corporation form that names the Pravda Corp. "Er, he's not kidding folks," Harris tweeted. "I noticed that one of Musk's agents had incorporated Pravda Corp in California back in October last year. I was wondering what it was all about..."

GeekWire has catalogued a string of replies between Musk and Twitter users who are supportive/unsupportive of his plans.
Security

Cyber Firms Warn on Suspected Russian Plan To Attack Ukraine (reuters.com) 72

Jim Finkle, reporting for Reuters: Cisco Systems on Wednesday warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with highly sophisticated malicious software, possibly in preparation for another massive cyber attack on Ukraine. Cisco's Talos cyber intelligence unit said it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, because the hacking software shares code with malware used in previous cyber attacks that the U.S. government has attributed to Moscow. Cisco said the malware could be used for espionage, to interfere with internet communications or launch destructive attacks on Ukraine, which has previously blamed Russia for massive hacks that took out parts of its energy grid and shuttered factories. Head of Ukraine's cyber police said on Wednesday that the agency is aware of new large malware campaign, and that it is working to protect Ukraine against possible new cyber threat.
AI

Microsoft Also Has An AI Bot That Makes Phone Calls To Humans (theverge.com) 61

An anonymous reader quotes a report from The Verge: At an AI event in London today, Microsoft CEO Satya Nadella showed off the company's Xiaoice (pronounced "SHAO-ICE") social chat bot. Microsoft has been testing Xiaoice in China, and Nadella revealed the bot has 500 million "friends" and more than 16 channels for Chinese users to interact with it through WeChat and other popular messaging services. Microsoft has turned Xiaoice, which is Chinese for "little Bing," into a friendly bot that has convinced some of its users that the bot is a friend or a human being. "Xiaoice has her own TV show, it writes poetry, and it does many interesting things," reveals Nadella. "It's a bit of a celebrity."

While most of Xiaoice's interactions have been in text conversations, Microsoft has started allowing the chat bot to call people on their phones. It's not exactly the same as Google Duplex, which uses the Assistant to make calls on your behalf, but instead it holds a phone conversation with you. "One of the things we started doing earlier this year is having full duplex conversations," explains Nadella. "So now Xiaoice can be conversing with you in WeChat and stop and call you. Then you can just talk to it using voice." (The term "full duplex" here refers to a conversation where both participants can speak at the same time; it's not a reference to Google's product, which was named after the same jargon.)

Communications

Senators Demand FCC Answer For Fake Comments After Realizing Their Identities Were Stolen (gizmodo.com) 185

Two US senators -- one Republican, one Democrat who both had their identities stolen and then used to post fake public comments on net neutrality -- are calling on FCC Chairman Ajit Pai to address how as many as two million fake comments were filed under stolen names. From a report: Senators Jeff Merkley, Democrat of Oregon, and Pat Toomey, Republican of Pennsylvania, are among the estimated "two million Americans" whose identities were used to file comments to the FCC without their consent. "The federal rulemaking process is an essential part of our democracy and allows Americans the opportunity to express their opinions on how government agencies decide important regulatory issues," the pair of lawmakers wrote [PDF].

"As such, we are concerned about the aforementioned fraudulent activity. We need to prevent the deliberate misuse of Americans' personal information and ensure that the FCC is working to protect against current and future vulnerabilities in its system. We encourage the FCC to determine who facilitated these fake comments," the letter continues. "While we understand and agree with the need to protect individuals' privacy, we request that the FCC share with the public the total number of fake comments that were filed."

United States

Trump Ignores 'Inconvenient' Security Rules To Keep Tweeting On His iPhone, Says Report (politico.com) 540

According to Politico, "President Donald Trump uses a White House cellphone that isn't equipped with sophisticated security features designed to shield his communications." The decision is "a departure from the practice of his predecessors that potentially exposes him to hacking or surveillance." From the report: The president uses at least two iPhones, according to one of the officials. The phones -- one capable only of making calls, the other equipped only with the Twitter app and preloaded with a handful of news sites -- are issued by White House Information Technology and the White House Communications Agency, an office staffed by military personnel that oversees White House telecommunications. While aides have urged the president to swap out the Twitter phone on a monthly basis, Trump has resisted their entreaties, telling them it was "too inconvenient," the same administration official said. The president has gone as long as five months without having the phone checked by security experts. It is unclear how often Trump's call-capable phones, which are essentially used as burner phones, are swapped out.
Communications

FCC is Hurting Consumers To Help Corporations, Mignon Clyburn Says On Exit (arstechnica.com) 100

Former Commissioner Mignon Clyburn, who left the agency this month, has taken aim at it in an interview, saying the agency has abandoned its mission to safeguard consumers and protect their privacy and speech. From her interview with ArsTechnica: "I'm an old Trekkie," Clyburn told Ars in a phone interview, while comparing the FCC's responsibility to the Star Trek fictional universe's Prime Directive. "I go back to my core, my prime directive of putting consumers first." If the FCC doesn't do all it can to bring affordable communications services to everyone in the US, "our mission will not be realized," she said. The FCC's top priority, as set out by the Communications Act, is to make sure all Americans have "affordable, efficient, and effective" access to communications services, Clyburn said. But too often, the FCC's Republican majority led by Chairman Ajit Pai is prioritizing the desires of corporations over consumers, Clyburn said. "I don't believe it's accidental that we are called regulators," she said. "Some people at the federal level try to shy away from that title. I embrace it."

Clyburn said that deregulation isn't bad in markets with robust competition, because competition itself can protect consumers. But "that is just not the case" in broadband, she said. "Let's just face it, [Internet service providers] are last-mile monopolies," she told Ars. "In an ideal world, we wouldn't need regulation. We don't live in an ideal world, all markets are not competitive, and when that is the case, that is why agencies like the FCC were constructed. We are here as a substitute for competition." Broadband regulators should strike a balance that protects consumers and promotes investment from large and small companies, she said. "If you don't regulate appropriately, things go too far one way or the other, and we either have prices that are too high or an insufficient amount of resources or applications or services to meet the needs of Americans," Clyburn said.

Privacy

Most GDPR Emails Unnecessary and Some Illegal, Say Experts (theguardian.com) 91

The vast majority of emails flooding inboxes across Europe from companies asking for consent to keep recipients on their mailing list are unnecessary and some may be illegal, privacy experts have said, as new rules over data privacy come into force at the end of this week. From a report: Many companies, acting based on poor legal advice, a fear of fines of up to $23.5 million and a lack of good examples to follow, have taken what they see as the safest option for hewing to the General Data Protection Regulation (GDPR): asking customers to renew their consent for marketing communications and data processing. But Toni Vitale, the head of regulation, data and information at the law firm Winckworth Sherwood, said many of those requests would be needless paperwork, and some that were not would be illegal.
Businesses

Faster Flights Are Coming With New Satellite Tracking Technology (bloomberg.com) 34

An anonymous reader shares a report: The company that provides the U.K.'s air-traffic control service is taking a 10 percent stake in Aireon, a U.S. firm that's building a satellite-based tracking system and will offer commercial services to controllers starting next year. Aireon plans to use a constellation of 66 Iridium Communications. Next satellites in low Earth orbit to track aircraft. Iridium has 50 in orbit already, 47 of which are operational. Each carries equipment to offer aircraft position data to ground controllers.

Iridium plans to launch five additional satellites on May 22 from California, completing its full network later this year. Aireon said 70 percent of the world's airspace lacks satellite tracking or airline surveillance coverage, including most oceans and parts of Africa and Latin America.

Twitter

Twitter Will Start Hiding Tweets That 'Detract From the Conversation' (slate.com) 186

Yesterday, Twitter announced several new changes to quiet trolls and remove spam. According to Slate, the company "will begin hiding tweets from certain accounts in conversations and search results." In order to see them, you'll now have to scroll to the bottom of the conversation and click "Show more replies," or go into your search settings and choose "See everything." From the report: When Twitter's software decides that a certain user is "detract[ing] from the conversation," all of that user's tweets will be hidden from search results and public conversations until their reputation improves. And they won't know that they're being muted in this way; Twitter says it's still working on ways to notify people and help them get back into its good graces. In the meantime, their tweets will still be visible to their followers as usual and will still be able to be retweeted by others. They just won't show up in conversational threads or search results by default. The change will affect a very small fraction of users, explained Twitter's vice president of trust and safety, Del Harvey -- much less than 1 percent. Still, the company believes it could make a significant difference in the average user's experience. In early testing of the new feature, Twitter said it has seen a 4 percent drop in abuse reports in its search tool and an 8 percent drop in abuse reports in conversation threads.
Businesses

Senate Votes To Save Net Neutrality (gizmodo.com) 288

In a monumental decision that will resonate through election season, the U.S. Senate on Wednesday voted to reinstate the net neutrality protections the Federal Communications Commission decided to repeal late last year. From a report: For months, procedural red tape has delayed the full implementation of the FCC's decision to drop Title II protections that prevent internet service providers from blocking or throttling online content. Last week, FCC Chairman Ajit Pai confirmed that the repeal of the 2015 Open Internet Order would go into effect on June 11. But Democrats put forth a resolution to use its power under the Congressional Review Act (CRA) to review new regulations by federal agencies through an expedited legislative process. All 49 Democrats in the Senate supported the effort to undo the FCC's vote. Republicans, Sen. Susan Collins of Maine, John Kennedy of Louisiana and Lisa Murkowski of Alaska crossed party lines to support the measure. Further reading: ArsTechnica.
United States

Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US (vice.com) 68

Securus, the company which tracks nearly any phone across the US for cops with minimal oversight, has been hacked, Motherboard reported Wednesday. From the report: The hacker has provided some of the stolen data to Motherboard, including usernames and poorly secured passwords for thousands of Securus' law enforcement customers. Although it's not clear how many of these customers are using Securus's phone geolocation service, the news still signals the incredibly lax security of a company that is granting law enforcement exceptional power to surveill individuals. "Location aggregators are -- from the point of view of adversarial intelligence agencies -- one of the juiciest hacking targets imaginable," Thomas Rid, a professor of strategic studies at Johns Hopkins University, told Motherboard in an online chat.
The Almighty Buck

Ecuador Spent $5 Million Protecting and Spying On Julian Assange, Says Report (theverge.com) 165

Citing reports from The Guardian and Focus Ecuador, The Verge reports that Ecuador's intelligence program spent at least $5 million "on an elaborate security and surveillance network around WikiLeaks founder Julian Assange." The intelligence program was known as "Operator Hotel," which began as "Operation Guest" when Assange took refuge in Ecuador's UK embassy in 2012. From the report: Operation Hotel has allegedly covered expenses like installing CCTV cameras and hiring a security team to "secretly film and monitor all activity in the embassy," including Assange's daily activities, moods, and interactions with staff and visitors. The Guardian estimates Ecuadorian intelligence agency Senain has spent at least $5 million on Assange-related operations, based on documents they reviewed. The report details attempts to improve Assange's public image and potentially smuggle him out of the embassy if he was threatened. But it also writes that relations between Assange and Ecuador have badly deteriorated over the past several years. In 2014, Assange allegedly breached the embassy's network security, reading confidential diplomatic material and setting up his own secret communications network.
Communications

US Cell Carriers Are Selling Access To Your Real-Time Phone Location Data (zdnet.com) 146

Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before. ZDNet: In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart. The story blew up because a former police sheriff snooped on phone location data without a warrant, according The New York Times. The sheriff has pleaded not guilty to charges of unlawful surveillance.

Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said.
Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.
Communications

Wi-Fi Alliance's Wi-Fi EasyMesh Certification Aims To Standardize Mesh Networks (pcworld.com) 39

The Wi-Fi Certified EasyMesh program that the Wi-Fi Alliance announced today promises to do for mesh networks what the Alliance has long done for wireless networking gear in general: Assure consumers that they can build out wireless home networks without worrying if one brand of device will be compatible with another. From a report: The emergence of mesh networking somewhat undermined that effort, because every manufacturer pursued its own path. Wi-Fi is still Wi-Fi, so you don't need to worry that your smartphone, or media streamer, or home security camera will connect to your wireless router, regardless of brand. But if you buy a Linksys Velop router today, for example, you can buy only Linksys Velop access points if you want to expand your network to cover more areas of your home later. EasyMesh promises to bring to mesh networks the same interoperability assurances that conventional routers have long offered.

Slashdot Top Deals