The Equifax Hack Has the Hallmarks of State-Sponsored Pros

The average American had no reason to notice Apache’s post but it caught the attention of the global hacking community. Within 24 hours, the information was posted to FreeBuf.com, a Chinese security website, and showed up the same day in Metasploit, a popular free hacking tool. On March 10, hackers scanning the internet for computer systems vulnerable to the attack got a hit on an Equifax server in Atlanta, according to people familiar with the investigation.

Source: The Equifax Hack Has the Hallmarks of State-Sponsored Pros – Bloomberg

The massive breach occurred even though Equifax had invested millions in sophisticated security measures, ran a dedicated operations center and deployed a suite of expensive anti-intrusion software. The effectiveness of that armory appears to have been compromised by poor implementation and the departure of key personnel in recent years. But the company’s challenges may go still deeper. One U.S. government official said leads being pursued by investigators include the possibility that the hackers had help from someone inside the company. “We have no evidence of malicious inside activity,” the Equifax spokesperson said. “We understand that law enforcement has an ongoing investigation.”

China orders bitcoin exchanges to shut down

Bitcoin is created and exchanged without the involvement of banks or governments. Transactions allow anonymity, which has made bitcoin popular with people who want to conceal their activity. Bitcoin can be converted to cash when deposited into accounts at prices set in online trading.

Source: Reports: China orders bitcoin exchanges to shut down – ABC News

The hackers who broke into Equifax exploited a flaw in open-source server software

That vulnerability, according to a report on the data breach by William Baird & Co., was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017. One was announced in March, and another was announced earlier this week on Sept. 4. At the moment, it’s unclear which vulnerability the Baird report was referring to.

Source: The hackers who broke into Equifax exploited a flaw in open-source server software — Quartz

The bug specifically affects a popular plugin called REST, which developers use to handle web requests, like data sent to a server from a form a user has filled out. The vulnerability relates to how Struts parses that kind of data and converts it into information that can be interpreted by the Java programming language. When the vulnerability is successfully exploited, malicious code can be hidden inside of such data, and executed when Struts attempts to convert it.

Equifax Breach Response Turns Dumpster Fire

I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans.

Source: Equifax Breach Response Turns Dumpster Fire — Krebs on Security

Judge Kills AT&T’s Attempt to Slow Google Fiber in Louisville

A Federal Judge has shot down an AT&T lawsuit against the city of Louisville, one of several company bids to slow down Google Fiber’s arrival to the region. AT&T sued the city back in February of last year after Louisville streamlined its utility pole attachment rules to speed up the arrival of competing broadband services to the city. Incumbent ISPs have long abused the absurdly bureaucratic pole attachment process to slow competitors, and Louisville’s “one touch make ready” reforms streamlined the process significantly.

Source: Judge Kills AT&T’s Attempt to Slow Google Fiber in Louisville

3 ISPs Have Spent $572 Million to Kill Net Neutrality Since 2008

Writer Andrew Jerell Jones also points out how Comcast-owned NBC News, CNBC and MSNBC can rarely be bothered to reveal their parent company’s lobbying on this subject, or in fact cover net neutrality in their news reporting much at all. Even purportedly “progressive” MSNBC has been frequently criticized for rarely talking about the subject.

Source: 3 ISPs Have Spent $572 Million to Kill Net Neutrality Since 2008 | DSLReports, ISP Information

More than 40 ISPs Across the Country Tell Chairman Pai to Not Repeal Network Neutrality and Maintain Title II Enforcement

The 2015 Order famously outlined clear net neutrality rules. But those rules only passed muster because the Order also explicitly classified broadband service as a “common carrier” service, regulated by Title II of the Communications Act, rather than an “information service” regulated by Title I of the same Act. And that classification has several corollary effects, because Title II isn’t just about net neutrality. It is also meant to curtail the anti-competitive conduct from incumbent monopolists like Comcast, AT&T, and Verizon. In essence, as common carriers, they are not able to use their power to control the Internet experience, and they are not able to directly harm their competitors in the broadband market.

Source: More than 40 ISPs Across the Country Tell Chairman Pai to Not Repeal Network Neutrality and Maintain Title II Enforcement | Electronic Frontier Foundation

Google Fiber’s deployment ran into snags in Austin, Texas when those poles were owned by AT&T, because the surest way to prevent competition is to just physically prevent their entry into your market. If a company the size of Google could be stifled without the law supporting them, what hope does a smaller ISP have in entering into a market where the incumbent broadband provider owns the poles that are a necessary component to deploying the network? The FCC Chairman’s plan fundamentally ignores this problem and offers no clear solution to competitors. An incumbent broadband provider that owns a lot of the poles is going to have no federal legal obligation to share that access at fair market rates if broadband is no longer a common carrier service.

Augmented reality lawsuit provides augmented view of 1st Amendment

“Texas Rope ‘Em is not entitled to First Amendment protection because it does not convey any messages or ideas. Unlike books, movies, music, plays and video games—mediums of expression that typically enjoy First Amendment protection—Texas Rope ‘Em has no plot, no storylines, no characters, and no dialogue. All it conveys is a random display of cards and a map. Absent the communicative features that invoke the First Amendment, Candy Lab has no First Amendment claim,” the county said. (PDF)

Source: Augmented reality lawsuit provides augmented view of 1st Amendment | Ars Technica

No plot, storylines, characters, and dialog describes the Academy Award winner for best picture last year.

Supreme Court Overturns Patent Ruling in Blow Against Trolls

The justices sided 8-0 with beverage flavoring company TC Heartland in its legal battle with food and beverage company Kraft Heinz, ruling that patent infringement suits can be filed only in courts located in the jurisdiction where the targeted company is incorporated. Justice Neil Gorsuch did not participate in the decision.

Source: Supreme Court Overturns Patent Ruling in Blow Against Trolls | Fortune.com

Theresa May Wants To Regulate The Internet

New laws will be introduced to implement these rules, forcing internet companies such as Facebook to abide by the rulings of a regulator or face sanctions: “We will introduce a sanctions regime to ensure compliance, giving regulators the ability to fine or prosecute those companies that fail in their legal duties, and to order the removal of content where it clearly breaches UK law.”

Source: Theresa May Wants To Regulate The Internet