All posts by Grant Gross

Microsoft heads to court to protect data stored in Ireland from DOJ search

Microsoft is headed back to court this week in its longstanding effort to fight a U.S. Department of Justice search warrant seeking access to a crime suspect’s digital documents stored on a server in Ireland.

The company, on the losing side of two lower court decisions, including one from mid-2014, will argue its case before the U.S. Court of Appeals for the Second Circuit on Wednesday.

Microsoft and its allies have argued that the DOJ didn't have the authority to seek the December 2013 search warrant, related to a New York criminal case, because the suspect's data resides in the company's Dublin data center. If the DOJ insists its search warrants extend to overseas data, the agency will expose U.S. citizens' data to searches by other governments, Microsoft has argued.

To read this article in full or to leave a comment, please click here

Microsoft heads to court to protect data stored in Ireland from DOJ search

Microsoft is headed back to court this week in its longstanding effort to fight a U.S. Department of Justice search warrant seeking access to a crime suspect’s digital documents stored on a server in Ireland.

The company, on the losing side of two lower court decisions, including one from mid-2014, will argue its case before the U.S. Court of Appeals for the Second Circuit on Wednesday.

Microsoft and its allies have argued that the DOJ didn't have the authority to seek the December 2013 search warrant, related to a New York criminal case, because the suspect's data resides in the company's Dublin data center. If the DOJ insists its search warrants extend to overseas data, the agency will expose U.S. citizens' data to searches by other governments, Microsoft has argued.

To read this article in full or to leave a comment, please click here

CISA likely coming back to Senate, amid doubts about effectiveness

Supporters of a controversial cyberthreat information-sharing bill will push for the U.S. Senate to pass it this fall, even as some security experts question whether it would be effective.

Backers of the Cybersecurity Information Sharing Act (CISA) will resume efforts to get the bill passed when Congress returns from a month-long recess next week, although Senate Majority Leader Mitch McConnell, a Kentucky Republican, has not yet put CISA on the Senate floor schedule, a spokesman said.

Backers of CISA and similar bills say the sharing of cyberthreat information is necessary for businesses and government agencies to respond to ongoing attacks. But cyberthreat information-sharing may not have prevented several recent, high-profile attacks on government agencies, said Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint, a cloud-based security vendor.

To read this article in full or to leave a comment, please click here

DOJ tightens policies on use of simulated cells for surveillance

The U.S. Department of Justice will regularly delete extra data collected in a controversial cellular surveillance tool called a stingray, the agency said Thursday.

A new DOJ policy on the use of stingrays, or cell-site simulators, requires the agency to delete all data as soon as a mobile device is located through the technology, and data must be deleted no less than once daily when DOJ investigators are targeting a known device.

The new policy covers DOJ divisions such as the FBI and Drug Enforcement Administration.

To read this article in full or to leave a comment, please click here

DOJ tightens policies on use of simulated cells for surveillance

The U.S. Department of Justice will regularly delete extra data collected in a controversial cellular surveillance tool called a stingray, the agency said Thursday.

A new DOJ policy on the use of stingrays, or cell-site simulators, requires the agency to delete all data as soon as a mobile device is located through the technology, and data must be deleted no less than once daily when DOJ investigators are targeting a known device.

The new policy covers DOJ divisions such as the FBI and Drug Enforcement Administration.

To read this article in full or to leave a comment, please click here

Privacy disclosures in kid apps are better, but still need work, says U.S. FTC

Mobile apps aimed at children have improved privacy disclosures in the past three years, but as a group, still need work, according to the U.S. Federal Trade Commission.

About 45 percent of children’s apps now include a direct link to privacy policies on their app store pages, according to survey results from the FTC’s Office of Technology Research and Investigation. That’s up from just 20 percent in December 2012, the FTC said in a blog post Thursday.

Still, “the glass is both half-full and half-empty,” wrote the FTC’s Kristin Cohen and Christina Yeung, with the research and investigation office. “For many kids’ apps ... parents still don’t have an easy way to learn about their data collection and usage practices.”

To read this article in full or to leave a comment, please click here

Privacy disclosures in kid apps are better, but still need work, says U.S. FTC

Mobile apps aimed at children have improved privacy disclosures in the past three years, but as a group, still need work, according to the U.S. Federal Trade Commission.

About 45 percent of children’s apps now include a direct link to privacy policies on their app store pages, according to survey results from the FTC’s Office of Technology Research and Investigation. That’s up from just 20 percent in December 2012, the FTC said in a blog post Thursday.

Still, “the glass is both half-full and half-empty,” wrote the FTC’s Kristin Cohen and Christina Yeung, with the research and investigation office. “For many kids’ apps ... parents still don’t have an easy way to learn about their data collection and usage practices.”

To read this article in full or to leave a comment, please click here

IT salaries in the U.S. rose more than 4% last year

U.S. IT salaries rose by 4.25 percent in 2014, the largest increase in six years, according to a survey from IEEE-USA.

The median income for U.S. electrical engineers, computer scientists and other information technology professionals rose from $124,700 to $130,000 between 2013 and 2014, according to the survey of 10,215 IT workers. The survey covers income from salary, commissions, bonuses and self-employment.

The last time that IT salaries rose by more than 4 percent was 2008, according to IEEE-USA. Median salaries rose 4.87 percent that year, to $116,000, then dropped to $113,500 in 2009 as the U.S. and other countries faced an economic slowdown.

To read this article in full or to leave a comment, please click here

IT salaries in the U.S. rose more than 4% last year

U.S. IT salaries rose by 4.25 percent in 2014, the largest increase in six years, according to a survey from IEEE-USA.

The median income for U.S. electrical engineers, computer scientists and other information technology professionals rose from $124,700 to $130,000 between 2013 and 2014, according to the survey of 10,215 IT workers. The survey covers income from salary, commissions, bonuses and self-employment.

The last time that IT salaries rose by more than 4 percent was 2008, according to IEEE-USA. Median salaries rose 4.87 percent that year, to $116,000, then dropped to $113,500 in 2009 as the U.S. and other countries faced an economic slowdown.

To read this article in full or to leave a comment, please click here

Russia, China said to use hacked databases to find U.S. spies

Foreign spy agencies, including those from Russia and China, are cross-checking hacked databases to identify U.S. intelligence operatives, according to a news report.

One secret network of U.S. engineers and scientists providing technical assistance to the country's overseas undercover agencies has been compromised, according to a story Monday in the Los Angeles Times.

Foreign intelligence agencies are cross-referencing several compromised databases, whose information includes security clearance applications and airline records, to identify U.S. intelligence agents, the report said.

To read this article in full or to leave a comment, please click here

Russia, China said to use hacked databases to find U.S. spies

Foreign spy agencies, including those from Russia and China, are cross-checking hacked databases to identify U.S. intelligence operatives, according to a news report.

One secret network of U.S. engineers and scientists providing technical assistance to the country's overseas undercover agencies has been compromised, according to a story Monday in the Los Angeles Times.

Foreign intelligence agencies are cross-referencing several compromised databases, whose information includes security clearance applications and airline records, to identify U.S. intelligence agents, the report said.

To read this article in full or to leave a comment, please click here

Officials question FCC’s broadband subsidy plan

Elected officials in several cities and states aren't completely on board with a U.S. Federal Communications Commission proposal to allow low-income people to purchase broadband service through a program subsidizing voice service.

State and local officials from New York, Maryland, Texas and Oregon are among those objecting to parts of the FCC's proposal to allow recipients of the agency's controversial Lifeline program to use a monthly subsidy for broadband instead of mobile or fixed telephone services.

While many of the politicians voiced support for the FCC's goal of subsidizing broadband for poor people, some questioned whether the agency's current plan would force some families to choose between voice and broadband service. The FCC proposal, from May, would continue the Lifeline program's $9.25 monthly subsidy, allowing recipients to choose whether to use it for broadband or voice service.

To read this article in full or to leave a comment, please click here

Officials question FCC’s broadband subsidy plan

Elected officials in several cities and states aren't completely on board with a U.S. Federal Communications Commission proposal to allow low-income people to purchase broadband service through a program subsidizing voice service.

State and local officials from New York, Maryland, Texas and Oregon are among those objecting to parts of the FCC's proposal to allow recipients of the agency's controversial Lifeline program to use a monthly subsidy for broadband instead of mobile or fixed telephone services.

While many of the politicians voiced support for the FCC's goal of subsidizing broadband for poor people, some questioned whether the agency's current plan would force some families to choose between voice and broadband service. The FCC proposal, from May, would continue the Lifeline program's $9.25 monthly subsidy, allowing recipients to choose whether to use it for broadband or voice service.

To read this article in full or to leave a comment, please click here

U.S. agency to seek consensus on security-vulnerability disclosures

A U.S. agency hopes to gather security researchers, software vendors and other interested people and reach consensus on the sticky topic of how to disclose cybersecurity vulnerabilities.

Beginning in September, the U.S. National Telecommunications and Information Administration (NTIA) will host a series of meetings intended to improve collaboration among security researchers, software vendors and IT system operators on the disclosure of, and response to, vulnerabilities.

The first NTIA-hosted meeting will be Sept. 29 at the University of California, Berkeley, School of Law. Registration is open to all who want to participate, and the meeting will also be webcast, NTIA said.

To read this article in full or to leave a comment, please click here

U.S. agency to seek consensus on security-vulnerability disclosures

A U.S. agency hopes to gather security researchers, software vendors and other interested people and reach consensus on the sticky topic of how to disclose cybersecurity vulnerabilities.

Beginning in September, the U.S. National Telecommunications and Information Administration (NTIA) will host a series of meetings intended to improve collaboration among security researchers, software vendors and IT system operators on the disclosure of, and response to, vulnerabilities.

The first NTIA-hosted meeting will be Sept. 29 at the University of California, Berkeley, School of Law. Registration is open to all who want to participate, and the meeting will also be webcast, NTIA said.

To read this article in full or to leave a comment, please click here

NSA wins battle over phone records collection as court lifts injunction

A U.S. appeals court has sided with the National Security Agency, striking down a lower court's injunction ordering the agency to stop collecting some domestic telephone records.

The U.S. Court of Appeals for the District of Columbia Circuit on Friday reversed a preliminary injunction against the NSA ordered by Judge Richard Leon of the U.S. District Court for the District of Columbia. Leon, in a strongly worded December 2013 decision, ruled that the NSA's bulk collection of domestic phone records likely violated the U.S. Constitution, but he delayed the injunction pending an appeal by the NSA and Department of Justice.

To read this article in full or to leave a comment, please click here

Amazon scales down its Fire smartphone team

Amazon has reportedly laid off dozens of engineers who worked on its slow-selling Fire smartphone in recent weeks, according to a news report.

The layoffs come from Amazon's Lab126 hardware development center in Silicon Valley, the Wall Street Journal reported. The number of layoffs was not available, and Amazon.com representatives did not return a message seeking more information.

According to the Journal's article, Amazon has also reorganized Lab126, as well as scaled back and killed some other projects in the division, which was founded in 2004 and has developed a variety of consumer devices, including the Kindle family of e-readers, the Fire tablets and the Echo voice-activated speaker.  

To read this article in full or to leave a comment, please click here

Amazon scales down its Fire smartphone team

Amazon has reportedly laid off dozens of engineers who worked on its slow-selling Fire smartphone in recent weeks, according to a news report.

The layoffs come from Amazon's Lab126 hardware development center in Silicon Valley, the Wall Street Journal reported. The number of layoffs was not available, and Amazon.com representatives did not return a message seeking more information.

According to the Journal's article, Amazon has also reorganized Lab126, as well as scaled back and killed some other projects in the division, which was founded in 2004 and has developed a variety of consumer devices, including the Kindle family of e-readers, the Fire tablets and the Echo voice-activated speaker.  

To read this article in full or to leave a comment, please click here

Spam King pleads guilty to Facebook hack, email scheme

A notorious spammer is facing up to three years in prison after pleading guilty to charges related to sending millions of unwanted email messages after breaching Facebook's computer network.

Sanford Wallace, who called himself the Spam King starting in the late '90s, pleaded guilty this week to one count of fraud and related activity in connection with email and one count of criminal contempt.

Between November 2008 and March 2009, Wallace fraudulently obtained Facebook users' login credentials in order to send spam email, the U.S. Department of Justice said, citing his plea agreement. Wallace pled guilty on Monday in U.S. District Court for the Northern District of California.

To read this article in full or to leave a comment, please click here

Spam King pleads guilty to Facebook hack, email scheme

A notorious spammer is facing up to three years in prison after pleading guilty to charges related to sending millions of unwanted email messages after breaching Facebook's computer network.

Sanford Wallace, who called himself the Spam King starting in the late '90s, pleaded guilty this week to one count of fraud and related activity in connection with email and one count of criminal contempt.

Between November 2008 and March 2009, Wallace fraudulently obtained Facebook users' login credentials in order to send spam email, the U.S. Department of Justice said, citing his plea agreement. Wallace pled guilty on Monday in U.S. District Court for the Northern District of California.

To read this article in full or to leave a comment, please click here

Spam King pleads guilty to Facebook hack, email scheme

A notorious spammer is facing up to three years in prison after pleading guilty to charges related to sending millions of unwanted email messages after breaching Facebook's computer network.

Sanford Wallace, who called himself the Spam King starting in the late '90s, pleaded guilty this week to one count of fraud and related activity in connection with email and one count of criminal contempt.

Between November 2008 and March 2009, Wallace fraudulently obtained Facebook users' login credentials in order to send spam email, the U.S. Department of Justice said, citing his plea agreement. Wallace pled guilty on Monday in U.S. District Court for the Northern District of California.

To read this article in full or to leave a comment, please click here

U.S. agency warns electric utilities to bolster authentication

U.S. electric utilities should pay close attention to their authentication systems and access controls to reduce data breaches, a government agency says in a new cybersecurity guide.

About 5 percent of all cybersecurity incidents that the U.S. Department of Homeland Security's industrial control cyber team responded to in 2014 were tied to weak authentication, said the U.S. National Institute of Standards and Technology (NIST). Another four percent of industrial control incidents were related to abuses of access authority, the agency said.

The new cybersecurity guide, released in draft form by NIST's National Cybersecurity Center of Excellence (NCCoE) Tuesday, focuses on helping energy companies reduce their cybersecurity risks by showing them how they can control access to facilities and devices from a single console.

To read this article in full or to leave a comment, please click here

U.S. agency warns electric utilities to bolster authentication

U.S. electric utilities should pay close attention to their authentication systems and access controls to reduce data breaches, a government agency says in a new cybersecurity guide.

About 5 percent of all cybersecurity incidents that the U.S. Department of Homeland Security's industrial control cyber team responded to in 2014 were tied to weak authentication, said the U.S. National Institute of Standards and Technology (NIST). Another four percent of industrial control incidents were related to abuses of access authority, the agency said.

The new cybersecurity guide, released in draft form by NIST's National Cybersecurity Center of Excellence (NCCoE) Tuesday, focuses on helping energy companies reduce their cybersecurity risks by showing them how they can control access to facilities and devices from a single console.

To read this article in full or to leave a comment, please click here

U.S. agency warns electric utilities to bolster authentication

U.S. electric utilities should pay close attention to their authentication systems and access controls to reduce data breaches, a government agency says in a new cybersecurity guide.

About 5 percent of all cybersecurity incidents that the U.S. Department of Homeland Security's industrial control cyber team responded to in 2014 were tied to weak authentication, said the U.S. National Institute of Standards and Technology (NIST). Another four percent of industrial control incidents were related to abuses of access authority, the agency said.

The new cybersecurity guide, released in draft form by NIST's National Cybersecurity Center of Excellence (NCCoE) Tuesday, focuses on helping energy companies reduce their cybersecurity risks by showing them how they can control access to facilities and devices from a single console.

To read this article in full or to leave a comment, please click here

Investment group settles FTC complaint in Yahoo takeover bid

An investment advisor and two sister investment funds violated U.S. law when they failed to disclose their takeover dreams when acquiring more than $66 million worth of Yahoo stock in 2011, the Federal Trade Commission (FTC) has charged.

Investment advisor Third Point Partners and funds Third Point Ultra and Third Point Offshore Fund violated U.S. premerger reporting laws during their purchase of Yahoo stock, the FTC said Monday.

The three related companies, which have agreed to settle the FTC charges, reported the stock purchases were made solely for investment purposes, but the companies contacted people about becoming CEO or board members of Yahoo and took steps to field an alternate slate of directors for Yahoo's board, the U.S. Department of Justice said in a complaint filed on behalf of the FTC.

To read this article in full or to leave a comment, please click here