A New Jersey federal appeals court overturned the conviction of Andrew “Weev” Auernheimer on Friday. Auernheimer was previously sentenced to three and a half years in prison under the Computer Fraud and Abuse Act after he hacked into and exposed a security flaw in AT&T’s website.
Auernheimer’s conviction gained national attention after many in the tech community said it set a precedent that compromised the role of hackers in the online security community. Hackers often attempt to break into websites with the intent of discovering security weaknesses; they then report these weaknesses to the involved companies and the media so that they can be fixed before hackers with bad intentions discover the flaws.
Auernheimer’s conviction wasn’t overturned on these grounds, though. Perhaps, not wanting to deal with the time involved in ruling in a precedent-setting case, the court dropped Auernheimer’s charges because the state he was being charged in – New Jersey – was not directly targeted by his hacks. Auernheimer was in Arkansas at the time of the hacks, and the servers he broke into were located in Atlanta, Ga., and Dallas, Texas.
“Venue in criminal cases is more than a technicality; it involves ‘matters that touch closely the fair administration of criminal justice and public confidence in it,’” the judges wrote in their opinion. “This is especially true of computer crimes in the era of mass interconnectivity. Because we conclude that venue did not lie in New Jersey, we will reverse the District Court’s venue determination and vacate Auernheimer’s conviction.
“The founders were so concerned with the location of a criminal trial that they placed the venue requirement … in the Constitution in two places,” the judges continued. “They did so for good reason. A defendant who has been convicted ‘in a distant, remote, or unfriendly forum solely at the prosecutor’s whim,’… has had his substantial rights compromised.”
“The court determined that the Department of Justice brought this case in the wrong district," Matthew Reilly, a spokesman for the U.S. attorney’s office in New Jersey, said. "We’re reviewing our options.”
It is not clear if prosecutors will try to bring Auernheimer on trial again in a more appropriate district.
In case you aren’t already familiar, a serious internet security bug was discovered recently. The bug, called Heartbleed, is a flaw in the encryption software OpenSSL.
The bug lets anyone on the internet read the memory of systems protected by OpenSSL. According to Heartbleed.com, the bug “allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
The websites affected, which include internet giants like Google, Yahoo, and Amazon, have for the most part updated their servers with a patch for the bug. Once a website updates their server, though, it’s on you to change your password for the site.
To check if a site is still vulnerable to the Heartbleed bug, go here and type in the URL of the site you are inquiring about. To see a list of sites that have or have not updated their servers with the Heartbleed patch, check out this Mashable list.
Here is a quick summary of which ones you need to change your passwords for:
Social Networks: Facebook, Twitter, Instagram, Pinterest, Tumblr
Companies: Google, Yahoo
E-mail: Gmail, Yahoo Mail
Stores/Services: Amazon, GoDaddy, DropBox, OKCupid
Those in the internet security industry warn users not to take the bug lightly.
“It's a big deal for Internet users, especially when it comes to protecting financial information," LastPass Ceo Joe Siegrist said.
This week, sites like Soundcloud announced that they would be routinely logging users out to protect them from Heartbleed, a bug in OpenSSL software that’s used to encrypt traffic but ends up leaving users vulnerable.
The bug was recently uncovered, and there's now a handy guide explaining how the flaw works, what information can be extracted and how it can be stopped. The bug has enormous implications that could put the majority of the Internet at risk. Essentially, the security vulnerability allows hackers to spy on communications, data and other information of users on websites that otherwise appeared to be safe and encrypted without leaving a trace in the logs. This bug has existed for at least two years, leaving keys usernames, passwords, and other information open and accessible to anyone who knows how to navigate the system.
According to a report from Wired, the NSA may have been using Heartbleed to conduct spying operations on a mass scale. There is, however, currently no concrete evidence suggesting that the agency has done so.
“It would not surprise me if the NSA had discovered this long before the rest of us had. It’s certainly something that the NSA would find extremely useful in their arsenal,” University of Pennsylvania professor of cryptography and computer security Matt Blaze told Wired.
Whether or not the NSA is involved, the security flaw is certainly cause for major concern. A new version of OpenSSL has been created, and it’s up to service providers to integrate the new software to prevent future attacks.
A programming flaw in widely used Internet security software may have left thousands of websites vulnerable to having users’ passwords stolen. The glitch has been dubbed “Heartbleed,” and security analysts are still struggling to determine the scope of the problems it may have created.
The Yahoo-owned site Tumblr was the largest website to announce on Tuesday that it had been affected by the bug, according to the Los Angeles Times. Officials at Yahoo urged users to change their passwords for Tumblr as well as all other websites.
The technology website CNET reported that testers were able to exploit the glitch and lift passwords from other Yahoo sites as well.
Yahoo issued a statement Tuesday saying it had repaired the main vulnerabilities.
"As soon as we became aware of the issue, we began working to fix it,” the statement read. “Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, and Tumblr) and we are working to implement the fix across the rest of our sites right now.”
Heartbleed is a vulnerability in OpenSSL technology. That is the encryption technology used by 66 percent of all servers on the public Internet. Analysts have not gone so far as to tell people to stay off the Internet completely, but they have suggested that people stay away from sensitive things like online banking until the flaw is completely understood.
The scope of this is immense," said Kevin Bocek, a vice president at Venafi, a Salt Lake City cyber security company. "And the consequences are still scary. I've talked about this like a 'Mad Max' moment. It's a bit of anarchy right now. Because we don't know right now who has the keys and certificates on the Internet right now.”
An update to OpenSSL has already been released so that sites can fix the problem. For now, though, it will be up to users to determine if sites they regularly use have updated the software making them safe again.
"Avoid things like online banking and avoid sensitive sites if you're not sure," said Andrew Storms of CloudPassage. "Some people will see it as overkill. But I think that's the simplest guidance. If you can hold off doing something online for a couple days, then you should."
A Business Insider story offers suggestions to users for protecting themselves. The story indicates that researchers who discovered the bug let programmers know several days in advance of announcing the vulnerability, so most sites should already be in the process of updating their servers' software. Once users have confirmed that has been done, they should change their passwords to the sites.
Athlete Raija Ogden was only meters away from finishing a western Australia triathlon when she was injured by a falling drone.
Ogden was treated at the scene before she was taken to a hospital, where she had to get three stitches to treat a head wound.
“Basically we should all just thank our lucky stars that there [were] no injuries to a child or nobody’s eye got taken out,” Ogden said after the incident.
The drone’s operator, local photographer Warren Abrams, had set the drone up to hover about 10 meters above the race. His intention was to capture images of the triathletes in the final 10km stretch of the run portion of western Australia’s Geraldton Endure Batavia triathalon.
In the initial investigation, Abrams suggested that someone else had briefly taken over flying the drone, causing him to lose control of it. However, because such an attack could easily be carried out with a smartphone, Abrams said that it would be extremely difficult to determine who was responsible for the attack.
Conflicting reports about the incident have surfaced in local media. While some say that the drone fell directly onto Ogden, others say that she tripped and fell after being startled by the falling drone.
Abrams maintains that video footage clearly demonstrates that the drone did not, in fact, fall onto Ogden; it fell directly behind her.
Ogden disputed this version of events, noting that she sat down after the drone hit her because she thought she was going to faint.
Australia’s Civil Aviation Safety Authority is looking into the reports. The authority’s rules state that unmanned aircraft, such as a drone, must fly at least 30 meters away from people. Furthermore, drone operators must be certified by the agency; news reports raised questions as to whether Abrams was legally certified to operate the drone.
Geraldton Triathlon club has apologized to Ogden.
A beloved New Hampshire substitute teacher quit her job after her school told her she had to unfriend students on Facebook.
Carol Thebarge, 79, took to Facebook to announce that her 35-year career as a paraprofessional and substitute teacher had come to an end after she was left with no choice but to quit.
"Today will be my last day at Stevens High," wrote Thebarge on her Facebook page. "I was given an ultimatum; to either delete every student from my Facebook page and do not post pictures of them, or be terminated."
"Those of you who know me and my philosophy in life, that of marching to the beat of my own drummer, would assume I would choose the latter of the two choices,” continued Thebarge. “And I did.”
Thebarge went on to note that the same administrator first asked her to delete thousands of students as friends on Facebook four years ago and said she actually began the process, but after about 50, she stopped.
“At that time, I could not begin to fathom on where to begin,” wrote Thebarge in her post. “Now I have over 3000 … the parents that I had in kindergarten, to those I had in the sixth grade who are now grandparents. It was like picking a needle out of a haystack. And when I did delete at that time, I had students that were asking me ‘what did they do wrong that I would do this to them.’ And then I hid my list. And I realized that I, who always taught them to ‘live their truth’, was demonstrating deceit. So I unblocked it and she [administrator] left me alone. Until now.”
Now, the administrator gave Thebarge the ultimatum after a fellow teacher was accused of sexual assault against a 14-year-old student. The dedicated substitute refused to delete her students, so she decided to quit.
"I will continue to stay in touch with all of them here,” Thebarge continued on Facebook. “No man or institution will dictate my relationships here, or otherwise that are within the range of my own consciousness. This is not rebellion. It is standing up for my beliefs ... for silence and compliance is agreement.”
School Superintendent Middleton McGoodwin defended the school’s policy and said that although Thebarge is a great teacher, she is not exempt from following the rules.
“In truth, being a caring, lovely woman doesn’t give you immunity to ignore a school board policy that’s designed to protect everyone,” said McGoodwin.
According to reports, a change.org petition was drafted to ask McGoodwin to reinstate Thebarge, and so far, it has gotten almost 700 signatures.
Mazda is recalling 42,000 Mazda6 cars because spiders are building webs in the fuel systems.
Yellow sac spiders, which are attracted to hydrocarbons, build webs in the vent hose of the vehicle, causing pressure to build and crack the fuel tank.
The recall includes the Mazda6 models from 2010 to 2012 equipped with 2.5 liter engines.
Mazda says there have been no injuries or fires as a result of the spiders.
In 2011, Mazda recalled vehicles for the same spider problem.
They originally tried to solve the problem with covers on the vent lines, but the spiders got past them.
Cheiracanthium is a venomous spider about one quarter to 3/8 of an inch long.
Mazda will update the cars’ software this month to monitor fuel pressure, according to The Associated Press.
Five-year-old Kristoffer Von Hassel managed to hack his father’s Xbox live account. He now has the attention of Microsoft and the gaming world.
Kristoffer found a security flaw through Microsoft’s Xbox One console. It allowed him to log into his father’s Xbox Live account without permission, reports CNN.
"I was like ... yeah!" Kristoffer told KGTV-10.
It all began after Christmas when Kristoffer’s father, Robert Davies, noticed he was logging into his account and playing games inappropriate for his age. When Davies asked Kristoffer how he had done it, he showed him the hack he discovered.
Kristoffer found a work-around for his father’s password by “first typing in a wrong password, then typing only space keys and hitting enter when shown a password verification screen, allowing him into the account,” reports the Huffington Post.
"How awesome is that?" asked Davies, who works in online security himself. "Just being 5 years old and being able to find a vulnerability and latch on to that. I thought that was pretty cool."
This is not the only hack Kristoffer has discovered. One other includes getting past the lock on a smartphone by holding down the “home” key long enough.
Microsoft was notified of the security flaw by Davies and they will be issuing a fix for the vulnerability.
"We're always listening to our customers and thank them for bringing issues to our attention," the company said in a written statement. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."
To show their appreciation to Kristoffer, Microsoft gave him four games, $50, and a yearlong subscription to Xbox Live.
Microsoft even included Kristoffer’s name on a list of security researchers who have “helped make online Microsoft products safer.”
The U.S. government was behind the development of a text-messaging network in Cuba that was intended to spread unrest among the nation’s youth. A new Associated Press story indicates that the U.S. Agency for International Development modeled the network after Twitter and named it ZunZuneo, the Cuban slang for a hummingbird’s tweet.
According to documents cited in the story, the network was intended to fly below the radar of Cuba’s strict Internet usage restrictions. The Miami Herald reported last year that “Cuba’s Internet remains one of the least free in the world.” In order to evade Cuban regulators, the USAID sought to build a subscriber base by promoting “non-controversial content” such as sports scores and hurricane updates. Once a sufficient number of subscribers was reached, operators of ZunZuneo would introduce political content.
The content would be aimed at creating mass gatherings, or “smart mobs,” charged with a message of political change. One USAID document said the goal was to encourage citizens to “renegotiate the balance of power between the state and society.”
USAID spokesman Matt Herrick told the AP that the agency was proud of the program.
“USAID is a development agency, not an intelligence agency, and we work all over the world to help people exercise their fundamental rights and freedoms and give them access to tools to improve their lives and connect with the outside world,” he said.
Sen. Patrick Leahy, D-Vt., said several aspects of the program were troubling.
“There is the risk to young, unsuspecting Cuban cellphone users who had no idea this was a U.S. government-funded activity,” he said. “There is the clandestine nature of the program that was not disclosed to the appropriations subcommittee with oversight responsibility. And there is the disturbing fact that it apparently activated shortly after Alan Gross, a USAID subcontractor who was sent to Cuba to help provide citizens access to the Internet, was arrested.”
The nature of the program is sure to spark more controversy, but it is unclear what lawmakers will do with the information. Herrick noted the program was reviewed by investigators last year, and it was found to be consistent with U.S. law.
ZunZuneo no longer operates in Cuba.
USAID said the program simply ended when it ran out of money in 2012. Internet service is still restricted in Cuba. Cuban users of the network told the AP it disappeared as mysteriously as it appeared. By late 2012, anyone who tried to access the network’s website was redirected to a children’s site.
“The moment when ZunZuneo disappeared was like a vacuum,” said one user. “In the end, we never learned what happened. We never learned where it came from.”
Chicago is the American city with the most active online users in a committed relationship who are looking to cheat, according to Victoria Milan, a site dedicated to helping facilitate the practice.
According to the website, Chicagoans spend 25 percent more time on the website than the national average. They spend more hours online, chat more, and send more pictures, messages and virtual gifts than residents from any other city.
“I can’t help but notice that Chicago is the coldest large city here,” Victoria Milan CEO Sigurd Vedal said. “And when things get cold, cheating gets hot.”
According to Facebook data accumulated between 2010 and 2011, Vedal’s estimate is not completely off-base. During the winter, people are more likely to begin new relationships.
Following just behind Chicago in most active Victoria Milan users is Los Angeles (21 percent more time spent online than the national average), New York City (18 percent), Houston (11 percent) and Dallas (9 percent).