• Windows 10 is not really free: you are paying for it with your privacy

    Windows 10, it seems, is proving a hit with both the public and the technology press after its release last week. After two days, it had been installed on sixty-seven million PCs. For those concerned about privacy, it is the very fact that the upgrade is free that has them concerned that Microsoft has adopted a new, “freemium” model for making money from its operating system. Microsoft is employing a unique “advertising ID” that is assigned to a user when Windows 10 is installed. This is used to target personalized ads at the user. There are steps users can take to mitigate the worst of the privacy issues with Windows 10, and these are highly recommended. Microsoft should have allowed users to pay a regular fee for the product in exchange for a guarantee of the levels of privacy its users deserve.

  • Hackers take remote control of a Jeep, forcing it into a ditch

    Security experts have called on owners of Fiat Chrysler Automobiles vehicles to update their onboard software to make their vehicles better protected against hackers. The call comes after researchers demonstrated they could hack and take control of a Jeep over the Internet. The researchers disabled the engine and brakes and crashed the Jeep into a ditch – while the driver was sill behind the wheel.

  • Questions raised about Kaspersky’s close ties to the Russian government

    Kaspersky Lab is a Moscow-based company which sells security software, including antivirus programs. The company has 400 million customers, and it ranks sixth in revenue among security-software makers. Since 2012, the company began to replace senior managers with people with close ties to Russia’s military or intelligence services. The company is also helping the FSB, the KGB’s successor, in investigating hacks – and people in the know say the company provides the FSB with the personal data of customers. The company’s actual or perceived alliances have made it a struggle to win U.S. federal contracts.

  • Adobe deals with yet another flaw

    On the heels of the discovery of a zero-day defect, a vulnerability not known to the software developer, Adobe is scrambling to develop yet another patch for another vulnerability. The vulnerability, labeled CVE-2015-5119, causes a system to crash and allows a remote computer take control of the target machine. According to the United States Computer Emergency Readiness Team(US-CERT,) ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

  • D.C.-area becoming the Silicon Valley of cybersecurity

    A recent string of multi-billion dollar cybersecurity acquisitions in the greater Washington, D.C. metro area has led to the region being seen as a major hotbed for the industry. Spending by the Department of Defense (DOD) and a number of federal agencies has led to big contracts for many in the region, fuelling much of the growth. As the DOD focuses more of its budget on cyber issues and defense, the market has grown. “The D.C./NoVA/MD area, also known as the Cyber Corridor, is becoming the Silicon Valley of security,” say the CEO of one cybersecurity firm.

  • Washington State requires railroads to plan for the “largest foreseeable spill”

    Washington State governor Jay Inslee (D) has signed a new state law last month which requires railroad companies to plan with the state for the worst possible conditions when shipping crude oil. The law will require companies to plan for the “largest foreseeable spill in adverse weather conditions.” Much of the impetus for the new bill came after BNSF told Washington emergency responders in April that the company considers the worst-case spill scenario to involve 150,000 gallons of crude oil from the Bakken region, which includes parts of North Dakota, Montana, and Saskatchewan, Canada. That amount of crude is carried by five tanker cars — but BNSF crude-oil trains often consist of 100 or more rail tank cars.

  • USMobile launches Scrambl3 mobile, Top Secret communication-standard app

    Irvine, California-based USMobile, a developer of private mobile phone services, yesterday launched Scrambl3, a smartphone app that enables users to create their own Private Mobile Network. When Scrambl3 users communicate with each other, Scrambl3 creates a Dark Internet Tunnel between their smartphones. This Tunnel cloaks the calls and texts by making them invisible on the Internet. Scrambl3 App for Android-based phones is available for a 60-day free beta offering from the Google Play Store.

  • DHS awards $58.9 million biometric support contract to Ideal Innovations, Inc.

    Arlington, Virginia-based Ideal Innovations, Inc. (I3) has been awarded a contract by the Department of Homeland Security (DHS)’s Office of Biometric Identity Management (OBIM) to provide specialized fingerprint analysis in support of OBIM’s Biometric Support Center (BSC). The BSC provides fingerprint identification services when the automated matching capabilities of DHS’s central repository cannot determine whether two sets of fingerprints match.

  • Tech companies urge rejection of push by FBI, DOJ for electronic devices “backdoors”

    In a 19 May letter to President Barack Obama, a group of Silicon Valley tech companies, cyber-security experts, and privacy advocacy groups urged the president to reject the implementation of “backdoors” in smartphone and computer encryption. The letter offered evidence of the  strong objection of the tech industry to demands from the Justice Department and the Federal Bureau of Investigation (FBI) to allow secret backdoor passages into consumer electronics, which would make it possible for law enforcement to read encrypted private communications and data.

  • NRC ruling raises questions about future of Diablo Canyon reactors

    In a major victory for those who pointed, post-Fukushima, to the risks involved in having a nuclear power reactor operating too close to a seismic fault, as is the case with the Diablo Canyon nuclear reactors, U.S. Nuclear Regulatory Commissioners have ruled – in a decision that could mark the beginning of the end of Diablo Canyon — that an Atomic Safety Licensing Board will decide whether Pacific Gas & Electric Co. was allowed illegally to alter the plant’s license. This alteration was made in an effort to hide the risk from powerful earthquake faults discovered since it was designed and built.

  • More proof needed that PG&E’s Diablo Canyon nuclear plant is safe from earthquakes: NRC

    Despite repeated assertions by Pacific Gas & Electric Co. that the Diablo Canyon nuclear plant is safe from earthquakes, the U.S. Nuclear Regulatory Commission (NRC) has ordered PG&E to provide more proof. Critics of the plant’s continuing operation say the order confirms concerns that faults surrounding Diablo Canyon are capable of more ground motion than the reactors were built to withstand and that the plant is in violation of its operating license and should be closed immediately.

  • Major food companies must adapt to growing global water risks

    Escalating water competition, combined with weak government regulations, increasing water pollution, and worsening climate change impacts, is creating unprecedented water security risks for the food industry. In California, an estimated half-million acres of farmland have already been fallowed by a prolonged drought, causing more than $1 billion of economic losses for the agriculture sector. Major U.S. food companies need to adopt far stronger practices to use limited global water resources more efficiently, according to a new report. The report ranks the U.S. thirty-seven largest food companies on how effectively they are managing precious freshwater supplies. While a relatively small number of firms are taking broad actions to manage water risks in their operations and supply chains — Unilever, Coca-Cola, Nestlé, PepsiCo, General Mills, and Kellogg, among those — most have a long way to go in using water more sustainably, the report concludes.

  • States, cities vying to become U.S. “cyber hub”

    The global cybersecurity market reached $67 billion in 2011, and it is projected to grow as high as $156 billion by 2019. The need for cybersecurity solutions and experts is going to grow as more companies such as Sony Pictures, Target, Home Depot, and Chase are hacked, consumers demand better online security, and businesses become more aware of the potential cost to their sales and reputation if they do not provide cybersecurity. As private sector firms compete with government agencies for the best cyber professionals, cities and states are also competing to be the country’s “cyber hub.”

  • Improved structure firefighting glove commercially available

    When responding to structural fires, firefighters wear protective gloves known as “structure gloves” to shield their hands from burns and other injuries. Because structure gloves can be bulky and limit dexterity, firefighters often need to remove the gloves to complete routine tasks, such as handling operating tools or using communications equipment. Without gloves, firefighters’ hands are at a higher risk of injury. DHS S&T partnered with two companies to construct a new, improved structure glove that will provide the full range of protection firefighters need. This next-generation glove provides firefighters with enhanced dexterity, water repellency and fire resistance. The glove is now commercially available.

  • Breach of background-checks database may lead to blackmail

    Newly released documents show how hackers infiltrated servers used by US Investigations Services(USIS), a federal contractor which conducts background checks for DHS. In a House Oversight and Government Reform Committeehearing last week, Representative Elijah Cummings (D-Maryland) said more than 27,000 personnel seeking security clearances likely were affected by the USIS breach. Similar hacks also affected servers at the Office of Personnel Management(OPM), which holds information on security clearance investigations. Once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees’ lives for malicious gain.