Trump’s infrastructure plan has no dedicated money for broadband

Enlarge / President Donald Trump unveils his infrastructure plan in the State Dining Room at the White House February 12, 2018 in Washington, DC. (credit: Getty Images | Chip Somodevilla )

President Trump’s new 10-year plan for “rebuilding infrastructure in America” doesn’t contain any funding specifically earmarked for improving Internet access. Instead, the plan sets aside a pool of funding for numerous types of infrastructure projects, and broadband is one of the eligible categories.

The plan’s $50 billion Rural Infrastructure Program lists broadband as one of five broad categories of eligible projects. Here’s the full list:

  • Transportation: roads, bridges, public transit, rail, airports, and maritime and inland waterway ports.
  • Broadband (and other high-speed data and communication conduits).
  • Water and Waste: drinking water, wastewater, storm water, land revitalization, and Brownfields.
  • Power and Electric: governmental generation, transmission, and distribution facilities.
  • Water Resources: flood risk management, water supply, and waterways.

Eighty percent of the program’s $50 billion would be “provided to the governor of each state.” Governors would take the lead in deciding how the money would be spent in their states. The other 20 percent would pay for grants that could be used for any of the above project categories.

Read 20 remaining paragraphs | Comments

The harmful drive-by currency mining scourge shows no signs of abating

Aw, damn. (credit: cibomahto)

The scourge of drive-by currency mining—in which websites and apps covertly run resource-draining code on other people’s devices—shows no sign of abating. Over the weekend, researchers added two more incidents: one involves more than 4,200 sites (some operated by government agencies), while the other targets millions of Android devices.

The first incident affected sites that offer a free text-to-speech translation service called Browsealoud. On Sunday, someone changed the JavaScript code hosted here to include currency-mining code from Coinhive, a controversial site that uses the devices of site visitors, usually without their permission, to generate digital coin known as Monero.

In the process, any site that included a link to the Browsealoud JavaScript suddenly saddled its visitors with code that, by default, uses 100 percent of its CPU resources, with no attempt to warn end users or get their permission. Search results show that the breach affected 4,275 sites, including those operated by the UK government’s Information Commissioner’s Office, US federal courts, and the state of Indiana. The CTO of Texthelp, the company that offers Browsealoud, issued a statement saying it suspended the service until Tuesday. The move put an end to the illicit mass mining, which lasted about four hours. At no time was customer data accessed or lost, the statement said.

Read 8 remaining paragraphs | Comments

Pyeongchang Winter Olympics opening disrupted by malware attack

Enlarge / Tonga’s flagbearer at the 2018 Pyeongchang Winter Olympics may not have been able to order a shirt off the Games’ official site in time, thanks to wiper malware bringing the Olympics’ networks down. (credit: Steve Russell/ Getty Images)

The Pyeongchang Winter Olympics organizing committee confirmed on Sunday that a malware attack was responsible for disruptions to the Olympics’ network before and during opening ceremonies on Friday. Just before the opening ceremony, the official website for the Winter Games went down, leaving attendees unable to print tickets for events or get venue information. The site wasn’t restored until 8am Saturday morning. Multiple networks went down, including the Wi-Fi network in the stadium and the network in the Olympic press center.

The cause was an apparent “wiper” malware attack that had spread throughout the Pyeongchang Games’ official network using stolen credentials. The network was not fully restored until 8am local time on Saturday, a full 12 hours after the attack began, The Guardian reported.

In a blog post today, Cisco Talos Intelligence researchers Warren Mercer and Paul Rascagneres revealed that Talos had identified (“with medium confidence”) some of the malware used in the attack. It has not been determined how the malware was introduced into the network, but the binaries examined by Talos showed the attacker had intimate knowledge of the Pyeongchang network’s systems.

Read 6 remaining paragraphs | Comments

FCC report finds almost no broadband competition at 100Mbps speeds

Enlarge (credit: Getty Images | jangeltun)

If you live in the US and want home Internet service at speeds of at least 100Mbps, you will likely find one Internet service provider in your area or none at all.

The latest Internet Access Services report was released by the Federal Communications Commission last week. The report’s broadband competition chart finds that 44 percent of developed Census blocks had zero home broadband providers offering download speeds of at least 100Mbps and upload speeds of at least 10Mbps.

Forty-one percent of developed Census blocks had one ISP offering such speeds, for a total of 85 percent with zero or one ISP. The remaining 15 percent had two or three providers at that level, as of the end of 2016. That’s up a bit from June 30, 2016, when about 12 percent of Census blocks had at least two providers of 100Mbps services.

Read 15 remaining paragraphs | Comments

That mega-vulnerability Cisco dropped is now under exploit

Enlarge (credit: Cisco)

Hackers are actively trying to exploit a high-severity vulnerability in widely used Cisco networking software that can give complete control over protected networks and access to all traffic passing over them, the company has warned.

When Cisco officials disclosed the bug last week in a range of Adaptive Security Appliance products, they said they had no evidence anyone was actively exploiting it. Earlier this week, the officials updated their advisory to indicate that was no longer the case.

“The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory,” the officials wrote. “Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory.”

Read 7 remaining paragraphs | Comments

Accused “In fraud we trust” kingpin arrested while vacationing in Thailand

Enlarge (credit: Lionel Allorge)

The de facto kingpin of an online crime bazaar that peddled stolen identities, credit card skimming devices, and many more illicit wares and services was arrested in Thailand by dozens of heavily armed police officers, it was widely reported Friday.

Sergey Medvedev, 31, was co-founder of Infraud, a massive enterprise that acted something like an eBay for criminal buyers and sellers, prosecutors said in a federal indictment unsealed Wednesday. In 2015, he reportedly became Infraud’s top-ranking administrator when alleged founder Svyatoslav Bondarenko stopped posting to forums under unexplained circumstances. Prosecutors said the group’s tag line was “In fraud we trust.” Justice Department officials said on Wednesday that Medvedev had been arrested but provided no other details.

On Friday, the Associated Press, Agence France, and other news outlets reported Medvedev was arrested on February 2 in Thailand. The reports cited a police statement that said officers seized 29 electronic items from the suspect’s Bangkok apartment and that Infraud’s servers had been seized on Tuesday. The Bangkok Post, citing an unnamed source, said the confiscated items included more than 100,000 bitcoins, currently worth nearly $840 million and valued at substantially more until the recent price correction in digital currencies.

Read 2 remaining paragraphs | Comments

Russian nuclear weapons engineers caught ­­­­minting blockchange with supercomputer

A reproduction of the Tsar Bomba, the biggest nuclear weapon ever detonated, at the Nuclear Weapons Museum at RFNC-VNIIEF in Sarov, where Russia designs and builds its nuclear weapons—and some engineers apparently decided to try to do some nuclear-powered blockchain mining. (credit: Croquant & Hex)

Russia’s Interfax News Agency reports that engineers at the All-Russian Research Institute of Experimental Physics (RFNC-VNIIEF)—the Russian Federation Nuclear Center facility where scientists designed the Soviet Union’s first nuclear bomb—have been arrested for mining cryptocurrency with “office computing resources,” according to a spokesperson for the Institute. “There has been an unsanctioned attempt to use computer facilities for private purposes including so-called mining,” said Tatyana Zalesskaya, head of the Institute’s press service.

Zalesskaya did not say how many people were detained, and the Federal Security Service (FSB) has not issued a statement on the arrests or criminal charges pending. But reports indicate that the group was caught trying to harness the lab’s supercomputer to mine cryptocurrency.

The Institute is located in Sarov, a “closed” city east of Moscow where nuclear weapons research has been conducted since 1946. The facility is so secret that it was left off Soviet maps; Savrov is surrounded by fences and guarded by the Russian military accordingly. While the city is the home of Russia’s Nuclear Weapons Museum, don’t plan a visit anytime soon—access to Sarov is restricted, and no one who does not live in the city is allowed to visit without permission. Foreigners visiting on official business have to surrender their passports, cell phones, and other electronic devices at the city’s checkpoints.

Read 3 remaining paragraphs | Comments

Amazon to take on UPS, FedEx via “Shipping with Amazon”

Enlarge

Amazon’s plans to take on UPS and FedEx are reportedly coming to fruition. According to a report by The Wall Street Journal, the online retailer’s new shipping service, named “Shipping with Amazon” (SWA), will roll out in Los Angeles in the coming weeks. With SWA, Amazon will pick up packages from businesses and ship them to customers, relying almost entirely on Amazon’s shipping infrastructure.

Aside from first starting in LA, SWA will first serve third-party merchants that already sell on Amazon. The company plans to send drivers to pick up shipments from these businesses and deliver the packages for them. While shipping and delivery will mostly go through Amazon, anything outside of the retailer’s reach will be given to the USPS and other shipping services for the “last mile” portion of the delivery.

In the future, Amazon reportedly wants to open up SWA to businesses that aren’t affiliated with the site—meaning Amazon could ship and deliver packages from companies of all sizes. Amazon also believes it can compete with UPS and FedEx by making SWA more affordable for business customers, but its pricing structure hasn’t been revealed.

Read 2 remaining paragraphs | Comments