Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Under Public Pressure, India Withdraws Draft Encryption Policy
An anonymous reader writes: The government of India withdrew its draft policy on encryption owing to public responses just a day after releasing the document. The Communications and Information Technology minister Ravi Shankar Prasad said — "I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded." While it is encouraging that the government recognized it mistake and withdrew, many fear that this is part of a larger problem when it comes to this government taking technology policy decisions. Recently, the government was in the dock for its lack of clarity on Net Neutrality. -
Under Public Pressure, India Withdraws Draft Encryption Policy
An anonymous reader writes: The government of India withdrew its draft policy on encryption owing to public responses just a day after releasing the document. The Communications and Information Technology minister Ravi Shankar Prasad said — "I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded." While it is encouraging that the government recognized it mistake and withdrew, many fear that this is part of a larger problem when it comes to this government taking technology policy decisions. Recently, the government was in the dock for its lack of clarity on Net Neutrality. -
Legislation Requiring Tech Industry To Report Terrorist Activity Dropped
itwbennett writes: John Ribeiro reports that 'the U.S. Senate Intelligence Committee has dropped a provision that would have required Internet companies to report on vaguely-defined terrorist activity on their platforms.' The draft legislation, which was unanimously passed by the Committee in July, was widely derided by the tech industry for its technical difficulty and by users for invasion of privacy. -
Number of XcodeGhost-Infected iOS Apps Rises
An anonymous reader writes: As the list of apps infected with the XcodeGhost malware keeps expanding, Apple, Amazon and Baidu are doing their best to purge their online properties of affected apps, malicious Xcode installers, and C&C servers used by the attackers to gather the stolen information and control the infected apps/devices. China-based jailbreaking Pangu Team claims that the number of infected app is higher than 3,400, and have offered for download a free app that apparently detects the Trojanized apps. -
Volkswagen CEO Issues Apology Over Emission-Cheating Software
cartechboy writes: Last Friday we learned that Volkswagen got caught cheating on emissions testing via software programming. The punishment? It could get slapped with up to $18 billion in fines. While the company has yet to admit to any wrong doing, the CEO has now issued a formal apology and said the automaker will cooperate fully with any and all investigations. It's issued a stop-sale on all new and used TDI vehicles until further notice. VW's currently in talks with the EPA and the California Air Resources Board in regards to these allegations. It's also ordered an external investigation of its own into the matter. Whether criminal charges will be filed is yet to be seen. -
Volkswagen CEO Issues Apology Over Emission-Cheating Software
cartechboy writes: Last Friday we learned that Volkswagen got caught cheating on emissions testing via software programming. The punishment? It could get slapped with up to $18 billion in fines. While the company has yet to admit to any wrong doing, the CEO has now issued a formal apology and said the automaker will cooperate fully with any and all investigations. It's issued a stop-sale on all new and used TDI vehicles until further notice. VW's currently in talks with the EPA and the California Air Resources Board in regards to these allegations. It's also ordered an external investigation of its own into the matter. Whether criminal charges will be filed is yet to be seen. -
Why Hardware Development Takes Longer in the West Than in China (Video)
This was originally going to be a second video about the Popup Factory Demo we talked about last Wednesday. But this section of Tim's lengthy interview with people from the Popup Factory seemed like it would be of broader interest to Slashdot people -- and your coworkers, bosses, and friends who may be involved in device production or prototyping. There are some hard words here, because David Cranor is talking about problems that go way beyond the usual perceived Chinese advantages such as low labor costs and a lack of environmental regulations. -
Volkswagen Could Face $18 Billion Fine Over Emission-Cheating Software
After getting caught cheating on emissions testing by means of software, Volkswagen could face up to $18 billion in fines, reports USA Today. That number is based on the company being assessed the maximum penalty of $37,500 per affected vehicle. That's not the only bad news for Volkswagen, which has halted sales of its 4-cylinder diesel cars; the linked article reports that the violations "could also invite charges of false marketing by regulators, a vehicle recall and payment to car owners, either voluntarily or through lawsuits. Volkswagen advertised the cars under the 'Clean Diesel' moniker. The state of California is also investigating the emissions violations." -
Skype For Microsoft Edge Will Work From the Browser, No Plug-Ins Required
We mentioned a few months back Microsoft's beta of a browser-based intrerface to Skype. Now, reports Engadget, Skype will be able to work without a plug-in (as was required for the beta). However, it will work -- at least at first -- only with Microsoft's Edge browser. The latest Windows 10 Insider Preview build comes with Object RTC API. That's the element that allows real-time audio and video communication without the need for any installation not just for Skype for Web and Outlook.com, but also for other WebRTC-compatible services. To note, Chrome, Firefox and Safari all support WebRTC standards, but it's unclear if and when Skype will enable a plug-in-less experience for those browsers, as well. -
Hardware Projects (and Pranks) That Have Scared Observers
In the wake of the arrest of Ahmed Mohamed in Irving, Texas, for carrying to school an electronics project believed by a teacher to look like a bomb, Make Magazine has a timely reminder that Ahmed's project is one of many home-brew efforts that sparked (or could have sparked) extreme reactions. Make's list includes a few from tinkerers -- and pranksters -- that not only looked like bombs, but were fully intended to look that way. ("Back in 1967, Apple co-founder Steve Wozniak was arrested for building a metronome and storing it in a friend’s locker. He rigged a tin-foil contract sensor to the metronome in the locker, and set up the device to tick faster when his buddy opened the locker.") The article doesn't note the 2007 incident in Boston in which a guerilla advertising campaign for "Aqua Teen Hunger Force" raised fears of a terrorism and led to two arrests. Gawker has a slightly more pointed article about other students who have specifically brought home-assembled clocks to school, without being arrested. -
Microsoft and Others Mean Stiff Competition For Apple iPad Pro
MojoKid writes: When Microsoft first announced the Surface Pro back in 2012, many Apple fans snickered. Here was Microsoft, releasing a somewhat thick and heavy tablet that not only had a kickstand, but also an odd cover that doubled as a keyboard. And to top things off, the device made use of a stylus. Steve Jobs famously said in 2010, "If you see a stylus, they blew it." But Microsoft forged ahead with the Surface Pro 2, and later with the Surface Pro 3. Not only were customers becoming more aware of the Surface but competitors were also taking note. We've seen Lenovo introduce the ideapad MIIX 700, which incorporates its own kickstand and an Intel Skylake-based Core m7 processor. And most recently, we've seen Apple pull a literal 180 on this design and platform approach, announcing the iPad Pro — a device that features a fabric keyboard cover similar in concept to the Surface Pro and a stylus. Dell and ASUS have also brought compelling offerings to the table as well. However, the big head-to-head competition will no doubt be between the Surface Pro 4, which is set to be unveiled early next month and Apple's iPad Pro when it finally goes on sale. -
Microsoft and Others Mean Stiff Competition For Apple iPad Pro
MojoKid writes: When Microsoft first announced the Surface Pro back in 2012, many Apple fans snickered. Here was Microsoft, releasing a somewhat thick and heavy tablet that not only had a kickstand, but also an odd cover that doubled as a keyboard. And to top things off, the device made use of a stylus. Steve Jobs famously said in 2010, "If you see a stylus, they blew it." But Microsoft forged ahead with the Surface Pro 2, and later with the Surface Pro 3. Not only were customers becoming more aware of the Surface but competitors were also taking note. We've seen Lenovo introduce the ideapad MIIX 700, which incorporates its own kickstand and an Intel Skylake-based Core m7 processor. And most recently, we've seen Apple pull a literal 180 on this design and platform approach, announcing the iPad Pro — a device that features a fabric keyboard cover similar in concept to the Surface Pro and a stylus. Dell and ASUS have also brought compelling offerings to the table as well. However, the big head-to-head competition will no doubt be between the Surface Pro 4, which is set to be unveiled early next month and Apple's iPad Pro when it finally goes on sale. -
Crash Chrome With 16 Characters
An anonymous reader writes: Remember when it took just eight characters to crash Skype? Apparently it takes double that to take out Chrome: Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser. To try it yourself, fire up Chrome 45 (the latest stable version) or older and put this into your address bar: http: //a/%%30%30 (without the space). -
Microsoft Spending $75M To Boost K-12 CS Education, Put TEALS In 4,000 Schools
theodp writes: An NSF-funded evaluation of the Microsoft TEALS program — which sends volunteer software engineers with no teaching experience into high schools to teach kids and their teachers computer science — isn't scheduled to be completed until 2018. But having declared a K-12 CS education emergency (which it's linked to an H-1B visa emergency), Microsoft is going full speed ahead and spending $75 million to boost computer science in schools. The software giant told USA today that it aims to put TEALS in 700 high schools in the next three years and in 4,000 over the next decade, focusing on urban and rural districts to reach more young women and minorities. "In the U.S. alone, the economy will create 1.4 million new computing jobs by the year 2022," wrote Microsoft President and Code.org Board member Brad Smith. "Yet, less than a quarter of U.S. high schools currently teach computer science. That's not enough and we're working with schools and policy-makers to change that." -
Microsoft Spending $75M To Boost K-12 CS Education, Put TEALS In 4,000 Schools
theodp writes: An NSF-funded evaluation of the Microsoft TEALS program — which sends volunteer software engineers with no teaching experience into high schools to teach kids and their teachers computer science — isn't scheduled to be completed until 2018. But having declared a K-12 CS education emergency (which it's linked to an H-1B visa emergency), Microsoft is going full speed ahead and spending $75 million to boost computer science in schools. The software giant told USA today that it aims to put TEALS in 700 high schools in the next three years and in 4,000 over the next decade, focusing on urban and rural districts to reach more young women and minorities. "In the U.S. alone, the economy will create 1.4 million new computing jobs by the year 2022," wrote Microsoft President and Code.org Board member Brad Smith. "Yet, less than a quarter of U.S. high schools currently teach computer science. That's not enough and we're working with schools and policy-makers to change that." -
Microsoft Spending $75M To Boost K-12 CS Education, Put TEALS In 4,000 Schools
theodp writes: An NSF-funded evaluation of the Microsoft TEALS program — which sends volunteer software engineers with no teaching experience into high schools to teach kids and their teachers computer science — isn't scheduled to be completed until 2018. But having declared a K-12 CS education emergency (which it's linked to an H-1B visa emergency), Microsoft is going full speed ahead and spending $75 million to boost computer science in schools. The software giant told USA today that it aims to put TEALS in 700 high schools in the next three years and in 4,000 over the next decade, focusing on urban and rural districts to reach more young women and minorities. "In the U.S. alone, the economy will create 1.4 million new computing jobs by the year 2022," wrote Microsoft President and Code.org Board member Brad Smith. "Yet, less than a quarter of U.S. high schools currently teach computer science. That's not enough and we're working with schools and policy-makers to change that." -
Microsoft Spending $75M To Boost K-12 CS Education, Put TEALS In 4,000 Schools
theodp writes: An NSF-funded evaluation of the Microsoft TEALS program — which sends volunteer software engineers with no teaching experience into high schools to teach kids and their teachers computer science — isn't scheduled to be completed until 2018. But having declared a K-12 CS education emergency (which it's linked to an H-1B visa emergency), Microsoft is going full speed ahead and spending $75 million to boost computer science in schools. The software giant told USA today that it aims to put TEALS in 700 high schools in the next three years and in 4,000 over the next decade, focusing on urban and rural districts to reach more young women and minorities. "In the U.S. alone, the economy will create 1.4 million new computing jobs by the year 2022," wrote Microsoft President and Code.org Board member Brad Smith. "Yet, less than a quarter of U.S. high schools currently teach computer science. That's not enough and we're working with schools and policy-makers to change that." -
Club Concorde Wants To Put a Concorde Back In the Air
The Verge (relying on The Telegraph) reports that the Concorde, grounded since just a few years after the disastrous loss of flight 4590 in 2000, may yet fly again, with the help of a private coalition of Concorde enthusiasts that's already managed to raise $160 million. ("A massive war chest," says Jalopnik.) The Verge explains that Club Concorde ("a club for all things Concorde, run by ex-Captains, ex-charterers and people passionate about Concorde") would like to buy two of the existing but idle Concordes, turning one of them into a ground-based tourist attraction for gawking and for dining on Concorde-style meals. But as for the second? The more ambitious initiative is to purchase the second plane, have it restored, and get it in the air once more. Concorde Club president Paul James is aiming to resume flights by 2019, while the tourist attraction would be opened around 2017 if all goes according to plan. British Airways and Air France have no plans to resume commercial Concorde flights, meaning it would likely cost quite a lot of money to grab a private ticket if and when the plane gets off the ground again. -
Ahmed Mohamed, His Clock, and the Curious Turn of Events
New submitter poity writes: After the news first broke of the 9th grader getting cuffed for scaring school officials with what turned out to be a digital clock, Ahmed Mohamed has experienced a surge of popular support — hailed as a genius and a hero, with college scholarships, internship offers, and even an invitation to the White House by President Obama himself. Now, amid rumors of possible racial discrimination lawsuits against the school and local police, some people have begun to more deeply scrutinize the details of the case, especially on the tech side with regard to the homemade clock in question. Recently, a writer at the creative site Artvoice posted a remarkable analysis of Ahmed's clock project, which raises new questions about the case and the manner in which people and the media alike have reacted. The linked analysis posits that Ahmed's clock started out as another clock, rather than a box of parts, and Ahmed can be said to have repackaged rather than "invented" a wholly new clock, but acknowledges that "none of us were there and knows what happened." -
Ahmed Mohamed, His Clock, and the Curious Turn of Events
New submitter poity writes: After the news first broke of the 9th grader getting cuffed for scaring school officials with what turned out to be a digital clock, Ahmed Mohamed has experienced a surge of popular support — hailed as a genius and a hero, with college scholarships, internship offers, and even an invitation to the White House by President Obama himself. Now, amid rumors of possible racial discrimination lawsuits against the school and local police, some people have begun to more deeply scrutinize the details of the case, especially on the tech side with regard to the homemade clock in question. Recently, a writer at the creative site Artvoice posted a remarkable analysis of Ahmed's clock project, which raises new questions about the case and the manner in which people and the media alike have reacted. The linked analysis posits that Ahmed's clock started out as another clock, rather than a box of parts, and Ahmed can be said to have repackaged rather than "invented" a wholly new clock, but acknowledges that "none of us were there and knows what happened." -
AeroVelo Breaks Human-powered Land Speed Record
yyzmcleod sends news that AeroVelo, a Canadian team of engineers and students, has built a bike that successfully broke the human-powered land speed record. (This is the same group that built a human-powered helicopter in 2013.) The team's Eta recumbent speed bike managed a speed of 85.7mph (137.9km/h). The previous record was 83.1 mph. -
Creator of Top iOS Ad Blocker Pulls App After Two Days
An anonymous reader writes: One of the most important aspects of the iOS 9 launch was that ad blocking software is now allowed on the App Store. Ad blocking apps rocketed to the top of the store's rankings, led by Marco Arment's Peace. A day afterward, Arment talked about the cognitive dissonance he felt from having his software blocking the (admittedly well-behaving) ads on his own website. Now, Arment has pulled Peace from the App Store, saying its success "just doesn't feel good." He continues, "Ad blockers come with an important asterisk: while they do benefit a ton of people in major ways, they also hurt some, including many who don't deserve the hit. Peace required that all ads be treated the same — all-or-nothing enforcement for decisions that aren't black and white. This approach is too blunt, and Ghostery and I have both decided that it doesn't serve our goals or beliefs well enough. If we're going to effect positive change overall, a more nuanced, complex approach is required than what I can bring in a simple iOS app." Arment also posted a link with detailed instructions on how to get a refund, if you already bought the app. -
JetBrains Reconsiders Subscription Licensing Changes
craigtp writes: On 3rd September, JetBrains, maker of IDEs and other productivity software, announced big changes to the way they sell and license their software. The changes were not well received by certain members of their user base. Within a few days, JetBrains announced that they were listening to the user feedback and that they would reconsider their changes. Today, they've finally announced their revised licensing changes, and while the subscription model remains, some important concessions have been made. Once a user pays for a year's subscription, they'll receive a perpetual fallback license, so they can keep using the software even if the subscription lapses later. They're also providing an option for offline license keys, so the software can run without needing to phone home. -
Bitcoin Is Officially a Commodity
Taco Cowboy writes: According to the Commodity Futures Trading Commission (CFTC), Bitcoin and other all virtual currencies have been officially categorized as commodities, just like crude oil or wheat. The CFTC on Thursday announced it had filed and settled charges against a Bitcoin exchange for facilitating the trading of option contracts on its platform.
By this action, the CFTC asserts its authority to provide oversight of the trading of cryptocurrency futures and options, which will now be subject to the agency's regulations. In the event of wrongdoing, such as futures manipulation, the CFTC will be able to bring charges against bad actors. If a company wants to operate a trading platform for Bitcoin derivatives or futures, it will need to register as a swap execution facility or designated contract market, just like the CME Group. And Coinflip—the target of the CFTC action—is hardly the only company that provides a platform to trade Bitcoin derivatives or futures In other Bitcoin news, reader McGruber notes that the CFO of BitPay, a Bitcoin payment service, was successfully phished, costing the company $1.8 million worth of Bitcoins. The company is attempting to recover the money from its insurer. -
AMD Confirms Vulkan Driver For Linux, But To Start Off As Closed-Source
An anonymous reader writes: AMD has finally revealed some basic details concerning their support of Vulkan on Linux. AMD has a Vulkan driver but it will begin its life as closed-source, reports Phoronix. In time the AMD Vulkan driver will transition to being open-source. This Vulkan driver is built to interface with their new AMDGPU kernel DRM driver that's part of their long talked about AMD open-source strategy for Linux. This closed-then-open Vulkan driver will be competing with Valve's Intel Vulkan driver that will be open from day one. -
AMD Confirms Vulkan Driver For Linux, But To Start Off As Closed-Source
An anonymous reader writes: AMD has finally revealed some basic details concerning their support of Vulkan on Linux. AMD has a Vulkan driver but it will begin its life as closed-source, reports Phoronix. In time the AMD Vulkan driver will transition to being open-source. This Vulkan driver is built to interface with their new AMDGPU kernel DRM driver that's part of their long talked about AMD open-source strategy for Linux. This closed-then-open Vulkan driver will be competing with Valve's Intel Vulkan driver that will be open from day one. -
AMD Confirms Vulkan Driver For Linux, But To Start Off As Closed-Source
An anonymous reader writes: AMD has finally revealed some basic details concerning their support of Vulkan on Linux. AMD has a Vulkan driver but it will begin its life as closed-source, reports Phoronix. In time the AMD Vulkan driver will transition to being open-source. This Vulkan driver is built to interface with their new AMDGPU kernel DRM driver that's part of their long talked about AMD open-source strategy for Linux. This closed-then-open Vulkan driver will be competing with Valve's Intel Vulkan driver that will be open from day one. -
Book Review: Abusing the Internet of Things
New submitter sh0wstOpper writes: The topic of the Internet of Things (IoT) is gaining a lot of attention because we are seeing increasing amounts of "things", such as cars, door locks, baby monitors, etc, that are connected and accessible from the Internet. This increases the chances of someone being able to "attack" these devices remotely. The premise of Abusing the Internet of Things is that the distinction between our "online spaces" and our "physical spaces" will become harder to define since the connected objects supporting the IoT ecosystems will have access to both. Keep reading for the rest of sh0wstOpper's review. Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts author Nitesh Dhanjani pages 296 publisher O'Reilly rating 9/10 reviewer Dan Smith ISBN 1491902337 summary Attack & penetration techniques for the Internet of Things In chapter one the author takes apart the popular Philips hue lighting systems by examining the various types of communication protocols (Zigbee, TCP/IP). Packet captures of communications between various systems are presented in an easy to understand fashion. An actual vulnerability that can be abused to cause a blackout is also described.
This chapter also discusses how the lighting system and other IoT objects are starting to integrate with each other using the If This Then That (IFTTT) platform. As such, cross-platform vulnerabilities are discussed. I appreciated this section in particular because it did a good job of helping me think of how attackers are likely to leverage the fact that various IoT devices will want to integrate with each other and the compromise of one device can give someone access to other devices.
There has been a lot of research in the area of wireless door locks. It is easy to see how a simple vulnerability in such a device can compromise physical safety. Chapter 2 clearly articulates vulnerabilities in popular door locks in hotel rooms and how they have been already abused for theft. This chapter also discusses security issues in the Bluetooth Low Energy protocol and closes with good recommendations for consumers as well as for people responsible for designing locks.
I found chapter 3 interesting because it covers the "saga" of popular audio and video monitors manufactured by a company called Foscam. Many researchers have published multiple vulnerabilities in these monitors and this chapter shows how to actually locate hundreds of thousands of exploitable monitors on the Internet. This chapter shows how discussion on Foscam's own user forums have exploded vulnerabilities.
The Belkin WeMo baby monitor (audio only) is discussed next along with packet captures to show communication details. I like that this book lists such details because it helped me understand how the IoT devices are designed and that made me easier to understand the cause of vulnerabilities.
Real stories of concerned parents as well as incidents of how pranksters have been able to scare parents are also discussed. This really drives home the fact that security issues in these products are being exploited.
The topic of concern of chapter 4 is IoT based devices that can be leveraged to protect physical safety. The popular SmartThings suite of IoT devices are the scope of this chapter. Security issues that include hijacking credentials, abusing SmartThings' own IDE platform, and SSL validation vulnerabilities are described.
I enjoyed chapter 5 in particular because it walks through multiple security vulnerabilities targeting multiple products of one vendor: Samsung. The chapter describes the "TOCTTOU" attack and how it's exploited. I've tried to read the original researcher's white paper on this attack and found it confusing but this chapter described it elegantly and I was then able to go back and read the white paper easily.
Bad encryption is the focus of this chapter and I laughed at the heading "You call that encryption?" followed by the sub-heading "I call that encraption". These sections talk about how badly encryption (using XOR) by Samsung have been used to reverse engineer code. The section ends with the line "The slang term *encraption* (with the emphasis on *crap*) is affectionately used by the cyber- security community to call out badly implemented encryption. As this case shows, the title of this section is entirely justified."
Since the chapter is focused on one company, the author does a good job of equating the situation to other companies in the past (such as Microsoft) and how systemic security issues like these should ultimately be addressed by the leadership so that security is embedded into the DNA of the company. I found this perspective valuable.
The topic of car hacking is one of the reasons I bought this book. I have heard of the author in the past based on his research on the Tesla Model S since I came across his presentation at the Black Hat conference last year. Chapter 6 includes emphasis on the Tesla along with how the back end API works to support features such as locating the car remotely, unlocking it, and even starting it. The lack of 2 factor authentication is an an issue that gives rise to simple technique like phishing that can be used to steal a Tesla. Developers are insecurely leveraging Tesla's API in a way that is making car owners send over their clear-text credentials to them. I am amazed that this is currently happening and most Tesla owners don't even know that they are basically handing over their keys to people who they don't know.
This chapter also covers popular research by Chris Vaslek and Charlie Miller, along with remotely exploitable vulnerabilities in telematics systems which has gained a lot of media attention and concern recently.
I found chapter 7 refreshing because it approaches security from the eyes of someone who wants to design a new IoT product. The chapter walks though a design of a wireless door bell using the littleBits IoT platform which is primarily focused on prototyping. The main point of this chapter is that it is much more valuable to design security earlier on in the prototyping stage than deal with security bugs later on in the process. I liked that the chapter uncovered security flaws earlier on in the prototyping of the wireless door bell and tied it back to vulnerabilities found in previous chapters in existing IoT products.
A comprehensive list of threat agents, i.e. the types of entities that may attack an IoT device is presented. This list includes nation states, terrorists, criminal organizations, disgruntled employees, hacktivists, vandals, cyberbullies, and predators. The author does a good job of demonstrating that it is useful to take the use cases of IoT devices and see how each of these threat agents may want to leverage vulnerabilities to achieve their own goals.
The last topic covered here is the concept of bug bounty programs and why it is important for IoT companies to reward researchers who submit security bugs to them for free. I'm close to implementing such a program in my organization so I felt the content in this section was spot on.
Looking into the future, chapter 8 goes through very interesting methods in ways IoT ecosystems can be exploited, starting with the deployment of drones to track individuals, a group of people, or even take over a city. A 'cross-device' attack scenario (with code) to show how a website on a victim's laptop can verbally instruct the Amazon echo to turn lights off was fun an thought provoking, i.e. the fact that IoT devices around us will be able to tell each other what to do and how this can lead to chaos. In addition to other threats in our future, this chapter opens up discussion on the security of interspace communication (with respect to our goals to send manned spacecraft to mars) and also the importance of treading carefully when it comes to super intelligence.
Chapter 9 includes 2 short stories, i.e. "hypothetical scenarios" of an security executive abusing the "buzz" around IoT and failing to think of how to secure his company because of lack of strategical thinking. The second short story demonstrates how IoT companies also need to think of human elements, emotions, and public relations in addition to the technical content in this book.
Overall, I enjoyed this book and I would recommend it to others. I do feel that a lot of the content can be absorbed even if the reader isn't technical, but there may be some parts that may be frustrating to someone who doesn't understand basic concepts of HTTP, TCP/IP, and/or some coding. After reading this book, I feel I have a better grasp of what IoT means to us and what security issues we are facing, and will face.
You can purchase Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know -
Book Review: Abusing the Internet of Things
New submitter sh0wstOpper writes: The topic of the Internet of Things (IoT) is gaining a lot of attention because we are seeing increasing amounts of "things", such as cars, door locks, baby monitors, etc, that are connected and accessible from the Internet. This increases the chances of someone being able to "attack" these devices remotely. The premise of Abusing the Internet of Things is that the distinction between our "online spaces" and our "physical spaces" will become harder to define since the connected objects supporting the IoT ecosystems will have access to both. Keep reading for the rest of sh0wstOpper's review. Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts author Nitesh Dhanjani pages 296 publisher O'Reilly rating 9/10 reviewer Dan Smith ISBN 1491902337 summary Attack & penetration techniques for the Internet of Things In chapter one the author takes apart the popular Philips hue lighting systems by examining the various types of communication protocols (Zigbee, TCP/IP). Packet captures of communications between various systems are presented in an easy to understand fashion. An actual vulnerability that can be abused to cause a blackout is also described.
This chapter also discusses how the lighting system and other IoT objects are starting to integrate with each other using the If This Then That (IFTTT) platform. As such, cross-platform vulnerabilities are discussed. I appreciated this section in particular because it did a good job of helping me think of how attackers are likely to leverage the fact that various IoT devices will want to integrate with each other and the compromise of one device can give someone access to other devices.
There has been a lot of research in the area of wireless door locks. It is easy to see how a simple vulnerability in such a device can compromise physical safety. Chapter 2 clearly articulates vulnerabilities in popular door locks in hotel rooms and how they have been already abused for theft. This chapter also discusses security issues in the Bluetooth Low Energy protocol and closes with good recommendations for consumers as well as for people responsible for designing locks.
I found chapter 3 interesting because it covers the "saga" of popular audio and video monitors manufactured by a company called Foscam. Many researchers have published multiple vulnerabilities in these monitors and this chapter shows how to actually locate hundreds of thousands of exploitable monitors on the Internet. This chapter shows how discussion on Foscam's own user forums have exploded vulnerabilities.
The Belkin WeMo baby monitor (audio only) is discussed next along with packet captures to show communication details. I like that this book lists such details because it helped me understand how the IoT devices are designed and that made me easier to understand the cause of vulnerabilities.
Real stories of concerned parents as well as incidents of how pranksters have been able to scare parents are also discussed. This really drives home the fact that security issues in these products are being exploited.
The topic of concern of chapter 4 is IoT based devices that can be leveraged to protect physical safety. The popular SmartThings suite of IoT devices are the scope of this chapter. Security issues that include hijacking credentials, abusing SmartThings' own IDE platform, and SSL validation vulnerabilities are described.
I enjoyed chapter 5 in particular because it walks through multiple security vulnerabilities targeting multiple products of one vendor: Samsung. The chapter describes the "TOCTTOU" attack and how it's exploited. I've tried to read the original researcher's white paper on this attack and found it confusing but this chapter described it elegantly and I was then able to go back and read the white paper easily.
Bad encryption is the focus of this chapter and I laughed at the heading "You call that encryption?" followed by the sub-heading "I call that encraption". These sections talk about how badly encryption (using XOR) by Samsung have been used to reverse engineer code. The section ends with the line "The slang term *encraption* (with the emphasis on *crap*) is affectionately used by the cyber- security community to call out badly implemented encryption. As this case shows, the title of this section is entirely justified."
Since the chapter is focused on one company, the author does a good job of equating the situation to other companies in the past (such as Microsoft) and how systemic security issues like these should ultimately be addressed by the leadership so that security is embedded into the DNA of the company. I found this perspective valuable.
The topic of car hacking is one of the reasons I bought this book. I have heard of the author in the past based on his research on the Tesla Model S since I came across his presentation at the Black Hat conference last year. Chapter 6 includes emphasis on the Tesla along with how the back end API works to support features such as locating the car remotely, unlocking it, and even starting it. The lack of 2 factor authentication is an an issue that gives rise to simple technique like phishing that can be used to steal a Tesla. Developers are insecurely leveraging Tesla's API in a way that is making car owners send over their clear-text credentials to them. I am amazed that this is currently happening and most Tesla owners don't even know that they are basically handing over their keys to people who they don't know.
This chapter also covers popular research by Chris Vaslek and Charlie Miller, along with remotely exploitable vulnerabilities in telematics systems which has gained a lot of media attention and concern recently.
I found chapter 7 refreshing because it approaches security from the eyes of someone who wants to design a new IoT product. The chapter walks though a design of a wireless door bell using the littleBits IoT platform which is primarily focused on prototyping. The main point of this chapter is that it is much more valuable to design security earlier on in the prototyping stage than deal with security bugs later on in the process. I liked that the chapter uncovered security flaws earlier on in the prototyping of the wireless door bell and tied it back to vulnerabilities found in previous chapters in existing IoT products.
A comprehensive list of threat agents, i.e. the types of entities that may attack an IoT device is presented. This list includes nation states, terrorists, criminal organizations, disgruntled employees, hacktivists, vandals, cyberbullies, and predators. The author does a good job of demonstrating that it is useful to take the use cases of IoT devices and see how each of these threat agents may want to leverage vulnerabilities to achieve their own goals.
The last topic covered here is the concept of bug bounty programs and why it is important for IoT companies to reward researchers who submit security bugs to them for free. I'm close to implementing such a program in my organization so I felt the content in this section was spot on.
Looking into the future, chapter 8 goes through very interesting methods in ways IoT ecosystems can be exploited, starting with the deployment of drones to track individuals, a group of people, or even take over a city. A 'cross-device' attack scenario (with code) to show how a website on a victim's laptop can verbally instruct the Amazon echo to turn lights off was fun an thought provoking, i.e. the fact that IoT devices around us will be able to tell each other what to do and how this can lead to chaos. In addition to other threats in our future, this chapter opens up discussion on the security of interspace communication (with respect to our goals to send manned spacecraft to mars) and also the importance of treading carefully when it comes to super intelligence.
Chapter 9 includes 2 short stories, i.e. "hypothetical scenarios" of an security executive abusing the "buzz" around IoT and failing to think of how to secure his company because of lack of strategical thinking. The second short story demonstrates how IoT companies also need to think of human elements, emotions, and public relations in addition to the technical content in this book.
Overall, I enjoyed this book and I would recommend it to others. I do feel that a lot of the content can be absorbed even if the reader isn't technical, but there may be some parts that may be frustrating to someone who doesn't understand basic concepts of HTTP, TCP/IP, and/or some coding. After reading this book, I feel I have a better grasp of what IoT means to us and what security issues we are facing, and will face.
You can purchase Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know -
Apple's First Android App, Move To iOS, Is Getting Killed With One-Star Reviews
An anonymous reader writes: Apple today launched Move to iOS, the company's first Android app built in-house. As we noted earlier, "It should surprise no one that the first app Apple built for Android helps you ditch the platform." The fact that the app is getting flooded with one-star reviews is not particularly surprising, either. At the time of publication, the app has an average rating of 1.8. The larger majority (almost 79 percent) are one-star reviews, followed by five-star reviews (almost 19 percent). -
Obama Invites Texas Teen To White House After "Bomb" Clock Incident At School
The Grim Reefer writes: In a followup to this morning's story about the arrest of 14-year-old Ahmed Mohamed for bringing a homemade clock to school that was mistaken for a bomb, President Obama has invited the teen to the White House via Twitter. The President tweeted: "Cool clock, Ahmed. Want to bring it to the White House? We should inspire more kids like you to like science. It's what makes America great." The Irving Independent School District in Irving, Texas sent an email to parents about the incident asking students to: "immediately report any suspicious items and / or suspicious behavior." -
AT&T Offers $250k Reward To Find the California Fiber-Optic Ripper
An anonymous reader writes: AT&T have offered a $250,000 reward to anyone providing information leading to the arrest and conviction of what appears to be a serial disruptor of fiber-optic connections in California. The latest incident has taken place in Livermore in the San Francisco Bay Area, where an individual thought by the FBI to possess expert knowledge and specialist tools severed a critical AT&T cable, gaining access to the enclosure via a manhole. The attack precedes 11 previous ones in California in the preceding twelve months. -
Followup: Library Board Unanimously Supports TOR Relay
Wrath0fb0b writes: Last week, the administrators of the Kilton Public Library in New Hampshire suspended a project to host a Tor relay after the DHS sent them an email asking them to reconsider. At a board meeting yesterday, the exit node was reinstated by unanimous vote. Board member Francis Oscadal said, "With any freedom there is risk. It came to me that I could vote in favor of the good ... or I could vote against the bad. I’d rather vote for the good because there is value to this." Deputy Police Chief Philip Roberts said, "We simply came in as law enforcement and said, 'These are the concerns.' We wanted to inform everyone so it was an educated decision by everyone involved." Deputy City Manager Paula Maville added, "This is about making an informed decision. Whatever you need to do, we’re here to support that." -
Interviews: Ask John McAfee About His Presidential Run
samzenpus writes: He's run a multi-billion dollar company and hidden in the jungles of Central America while being chased by Belizean authorities, but John McAfee's presidential bid may be his most interesting adventure yet. Last week John said: "Our government is in a dysfunctional state. It is also illiterate when it comes to technology. Technology is not a tool that should be used for a government to invade our privacy. Technology should not be the scapegoat when we fail to protect our digital assets and tools of commerce. These are matters of priorities," when announcing his run. According to his Cyber Party website: "Donkeys and elephants just don't make sense in the modern world. If the federal bureaucracy adopts technology in a meaningful way, it will become much easier to adapt to changes in policy or procedure. 10 hour long congressional hearings will no longer be needed for a simple change in workflow. By adapting a lean approach to government, the amount of savings that can be realized by improved efficiency will eliminate the need for wholesale changes to foundational policies. Other parties consistently lag behind trends in technology – Cyber Party members are committed to staying ahead of the curve and remaining proactive in policymaking." John has agreed to answer any questions you have about his step into politics or any other questions you may have. As usual, ask as many as you'd like, but please, one question per post. -
Interviews: Ask John McAfee About His Presidential Run
samzenpus writes: He's run a multi-billion dollar company and hidden in the jungles of Central America while being chased by Belizean authorities, but John McAfee's presidential bid may be his most interesting adventure yet. Last week John said: "Our government is in a dysfunctional state. It is also illiterate when it comes to technology. Technology is not a tool that should be used for a government to invade our privacy. Technology should not be the scapegoat when we fail to protect our digital assets and tools of commerce. These are matters of priorities," when announcing his run. According to his Cyber Party website: "Donkeys and elephants just don't make sense in the modern world. If the federal bureaucracy adopts technology in a meaningful way, it will become much easier to adapt to changes in policy or procedure. 10 hour long congressional hearings will no longer be needed for a simple change in workflow. By adapting a lean approach to government, the amount of savings that can be realized by improved efficiency will eliminate the need for wholesale changes to foundational policies. Other parties consistently lag behind trends in technology – Cyber Party members are committed to staying ahead of the curve and remaining proactive in policymaking." John has agreed to answer any questions you have about his step into politics or any other questions you may have. As usual, ask as many as you'd like, but please, one question per post. -
A More Down-To-Earth Way To Bring the Internet To the Rest of the World
An anonymous reader writes: Elon Musk wants to bring the internet to less-developed countries using satellites. Facebook wants to use drones. Google's betting on balloons. These crazy high-tech solutions are interesting, but are they really needed? Mark Summer doesn't think so. His company focuses on building out internet infrastructure the old fashioned way: trenching pipes, raising cell towers, and getting local governments to lease what they've already installed. "A major problem in emerging countries is that when Internet access is available, it's often expensive. That's due in part to a lack of competition among providers ... While the costs of terrestrial Internet connections are high, they're relatively predictable. And the business model is proven around the world." -
A More Down-To-Earth Way To Bring the Internet To the Rest of the World
An anonymous reader writes: Elon Musk wants to bring the internet to less-developed countries using satellites. Facebook wants to use drones. Google's betting on balloons. These crazy high-tech solutions are interesting, but are they really needed? Mark Summer doesn't think so. His company focuses on building out internet infrastructure the old fashioned way: trenching pipes, raising cell towers, and getting local governments to lease what they've already installed. "A major problem in emerging countries is that when Internet access is available, it's often expensive. That's due in part to a lack of competition among providers ... While the costs of terrestrial Internet connections are high, they're relatively predictable. And the business model is proven around the world." -
A More Down-To-Earth Way To Bring the Internet To the Rest of the World
An anonymous reader writes: Elon Musk wants to bring the internet to less-developed countries using satellites. Facebook wants to use drones. Google's betting on balloons. These crazy high-tech solutions are interesting, but are they really needed? Mark Summer doesn't think so. His company focuses on building out internet infrastructure the old fashioned way: trenching pipes, raising cell towers, and getting local governments to lease what they've already installed. "A major problem in emerging countries is that when Internet access is available, it's often expensive. That's due in part to a lack of competition among providers ... While the costs of terrestrial Internet connections are high, they're relatively predictable. And the business model is proven around the world." -
HP To Jettison Up To 30,000 Jobs As Part of Spinoff
An anonymous reader writes: Hewlett-Packard says its upcoming spinoff of its technology divisions focused on software, consulting and data analysis will eliminate up to 30,000 jobs. The cuts announced Tuesday will be within the newly formed Hewlett Packard Enterprise, which is splitting from the Palo Alto, California company's personal computer and printing operation. "The new reductions amount to about 10 percent of the new company's workforce, and will save about $2.7 billion in annual operating costs." The split is scheduled to be completed by the end of next month. "The head of the group, Mike Nefkens, outlined a plan under which it is cutting jobs in what he called 'high-cost countries' and moving them to low-cost countries. He said that by the end of HP Enterprise’s fiscal year 2018, only 40 percent of the group’s work force will be located in high-cost countries." -
Federal Court Invalidates 11-Year-old FBI Gag Order On NSL Recipient
vivaoporto writes: The Calyx Institute reports that an 11-year-old gag order has been lifted from the recipient of a National Security Letter served by the FBI in 2004. A federal court found there wasn't a "good reason" to keep the man, Nicholas Merrill, from talking about it, "nor has the Government provided the Court with some basis to assure itself that the link between disclosure and risk of harm is substantial." The judge who invalidated the gag order, Victor Marrero, is the same judge that struck down a portion of the revised USA PATRIOT Act in 2007, forcing investigators to go through the courts to obtain approval before ordering ISPs to give up information on customers, instead of just sending them a National Security Letter. After a 90-day waiting period (for the government to mull an appeal), Merrill will be able to say whatever he wants about the case, finally completing the partial victory he managed back in 2010. -
Federal Court Invalidates 11-Year-old FBI Gag Order On NSL Recipient
vivaoporto writes: The Calyx Institute reports that an 11-year-old gag order has been lifted from the recipient of a National Security Letter served by the FBI in 2004. A federal court found there wasn't a "good reason" to keep the man, Nicholas Merrill, from talking about it, "nor has the Government provided the Court with some basis to assure itself that the link between disclosure and risk of harm is substantial." The judge who invalidated the gag order, Victor Marrero, is the same judge that struck down a portion of the revised USA PATRIOT Act in 2007, forcing investigators to go through the courts to obtain approval before ordering ISPs to give up information on customers, instead of just sending them a National Security Letter. After a 90-day waiting period (for the government to mull an appeal), Merrill will be able to say whatever he wants about the case, finally completing the partial victory he managed back in 2010. -
GameStart Uses Minecraft to Teach Kids Programming (Video 2)
As we said last week, "You can't teach all programming by using Minecraft to keep kids interested, but you can use Minecraft, Java, and Eclipse to give them a good start." That's what Tyler Kilgore and his colleagues at GameStart are doing. Watch today's video (number 2), go back to last week's video (number 1) if you missed it, and read both days' transcripts for the full scoop. -
Mt. Gox CEO Charged With Stealing $2.7 Million
An anonymous reader writes: After being arrested six weeks ago in Japan, Mt. Gox CEO Mark Karpeles has now been formally charged with the theft of $2.66 million worth of clients' money. "Tokyo-based MtGox shuttered last year after admitting 850,000 coins — worth around $480 million at the time, or $387 million at current exchange rates — had disappeared from its digital vaults. The exchange, which once said it handled around 80 percent of global Bitcoin transactions, filed for bankruptcy protection soon after the cyber-money went missing, leaving a trail of angry investors calling for answers." Karpeles still denies doing anything illegal. The case is proving difficult for Japanese authorities to unravel, and they're taking it as slowly as they legally can. -
Nintendo Names Tatsumi Kimishima As New President
RogueyWon writes: Following the death of Satoru Iwata in July, Nintendo has announced the appointment of Tatsumi Kimishima as its new president. The 65-year-old Mr. Kimishima has been serving as Nintendo's human resources director (PDF), following a previous stint as the CEO of Nintendo of America and earlier work on the management of the Pokémon franchise. Kimishima takes up post at a time of considerable change for Nintendo, with the company beginning a tentative step into the mobile games market and preparing for the launch of a new console, codenamed "NX", in 2016. -
Microsoft Resurrects the Title of President
theodp writes: Microsoft CEO Satya Nadella promoted General Counsel Brad Smith to president and chief legal officer Friday, the first time Microsoft has had a company-wide president since 2002. Smith has been Microsoft's point person on convincing Congress of America's tech-worker shortage, an assertion that is disputed by others. At a 2012 forum on STEM education and immigration reform, Smith discussed "producing a crisis" to galvanize action on Microsoft's National Talent Strategy, which calls for increasing the number of H-1B visas to ostensibly make up for U.S. children's lack of CS-savvy. Coincidentally, a real national K-12 CS and tech immigration crisis emerged shortly thereafter, thanks to the efforts of new deep-pocketed nonprofit organizations like Code.org (headed by Smith's next-door neighbor) and Mark Zuckerberg's FWD.us PAC. Smith is a Code.org Board member and a FWD.us 'Major Contributor'. "We took this idea of connecting immigration to education last fall," Smith explained to the Daily Princetonian in 2013, "and when I started in September, we were the only ones talking about it. To have the White House endorse it, to have it embodied in the Senate Bill, to have people in both houses of Congress supporting it means that potentially this is a magic moment for some important steps for education reform as well." While crying crisis wolf to further its agenda has worked well for Microsoft, a Federal judge recently overturned 'emergency' tech immigration changes enacted by Homeland Security in 2008, saying that "the 17-month duration of the STEM extension appears to have been adopted directly from the unanimous suggestions by Microsoft." -
Microsoft Resurrects the Title of President
theodp writes: Microsoft CEO Satya Nadella promoted General Counsel Brad Smith to president and chief legal officer Friday, the first time Microsoft has had a company-wide president since 2002. Smith has been Microsoft's point person on convincing Congress of America's tech-worker shortage, an assertion that is disputed by others. At a 2012 forum on STEM education and immigration reform, Smith discussed "producing a crisis" to galvanize action on Microsoft's National Talent Strategy, which calls for increasing the number of H-1B visas to ostensibly make up for U.S. children's lack of CS-savvy. Coincidentally, a real national K-12 CS and tech immigration crisis emerged shortly thereafter, thanks to the efforts of new deep-pocketed nonprofit organizations like Code.org (headed by Smith's next-door neighbor) and Mark Zuckerberg's FWD.us PAC. Smith is a Code.org Board member and a FWD.us 'Major Contributor'. "We took this idea of connecting immigration to education last fall," Smith explained to the Daily Princetonian in 2013, "and when I started in September, we were the only ones talking about it. To have the White House endorse it, to have it embodied in the Senate Bill, to have people in both houses of Congress supporting it means that potentially this is a magic moment for some important steps for education reform as well." While crying crisis wolf to further its agenda has worked well for Microsoft, a Federal judge recently overturned 'emergency' tech immigration changes enacted by Homeland Security in 2008, saying that "the 17-month duration of the STEM extension appears to have been adopted directly from the unanimous suggestions by Microsoft." -
Microsoft Resurrects the Title of President
theodp writes: Microsoft CEO Satya Nadella promoted General Counsel Brad Smith to president and chief legal officer Friday, the first time Microsoft has had a company-wide president since 2002. Smith has been Microsoft's point person on convincing Congress of America's tech-worker shortage, an assertion that is disputed by others. At a 2012 forum on STEM education and immigration reform, Smith discussed "producing a crisis" to galvanize action on Microsoft's National Talent Strategy, which calls for increasing the number of H-1B visas to ostensibly make up for U.S. children's lack of CS-savvy. Coincidentally, a real national K-12 CS and tech immigration crisis emerged shortly thereafter, thanks to the efforts of new deep-pocketed nonprofit organizations like Code.org (headed by Smith's next-door neighbor) and Mark Zuckerberg's FWD.us PAC. Smith is a Code.org Board member and a FWD.us 'Major Contributor'. "We took this idea of connecting immigration to education last fall," Smith explained to the Daily Princetonian in 2013, "and when I started in September, we were the only ones talking about it. To have the White House endorse it, to have it embodied in the Senate Bill, to have people in both houses of Congress supporting it means that potentially this is a magic moment for some important steps for education reform as well." While crying crisis wolf to further its agenda has worked well for Microsoft, a Federal judge recently overturned 'emergency' tech immigration changes enacted by Homeland Security in 2008, saying that "the 17-month duration of the STEM extension appears to have been adopted directly from the unanimous suggestions by Microsoft." -
Microsoft Resurrects the Title of President
theodp writes: Microsoft CEO Satya Nadella promoted General Counsel Brad Smith to president and chief legal officer Friday, the first time Microsoft has had a company-wide president since 2002. Smith has been Microsoft's point person on convincing Congress of America's tech-worker shortage, an assertion that is disputed by others. At a 2012 forum on STEM education and immigration reform, Smith discussed "producing a crisis" to galvanize action on Microsoft's National Talent Strategy, which calls for increasing the number of H-1B visas to ostensibly make up for U.S. children's lack of CS-savvy. Coincidentally, a real national K-12 CS and tech immigration crisis emerged shortly thereafter, thanks to the efforts of new deep-pocketed nonprofit organizations like Code.org (headed by Smith's next-door neighbor) and Mark Zuckerberg's FWD.us PAC. Smith is a Code.org Board member and a FWD.us 'Major Contributor'. "We took this idea of connecting immigration to education last fall," Smith explained to the Daily Princetonian in 2013, "and when I started in September, we were the only ones talking about it. To have the White House endorse it, to have it embodied in the Senate Bill, to have people in both houses of Congress supporting it means that potentially this is a magic moment for some important steps for education reform as well." While crying crisis wolf to further its agenda has worked well for Microsoft, a Federal judge recently overturned 'emergency' tech immigration changes enacted by Homeland Security in 2008, saying that "the 17-month duration of the STEM extension appears to have been adopted directly from the unanimous suggestions by Microsoft." -
Microsoft Resurrects the Title of President
theodp writes: Microsoft CEO Satya Nadella promoted General Counsel Brad Smith to president and chief legal officer Friday, the first time Microsoft has had a company-wide president since 2002. Smith has been Microsoft's point person on convincing Congress of America's tech-worker shortage, an assertion that is disputed by others. At a 2012 forum on STEM education and immigration reform, Smith discussed "producing a crisis" to galvanize action on Microsoft's National Talent Strategy, which calls for increasing the number of H-1B visas to ostensibly make up for U.S. children's lack of CS-savvy. Coincidentally, a real national K-12 CS and tech immigration crisis emerged shortly thereafter, thanks to the efforts of new deep-pocketed nonprofit organizations like Code.org (headed by Smith's next-door neighbor) and Mark Zuckerberg's FWD.us PAC. Smith is a Code.org Board member and a FWD.us 'Major Contributor'. "We took this idea of connecting immigration to education last fall," Smith explained to the Daily Princetonian in 2013, "and when I started in September, we were the only ones talking about it. To have the White House endorse it, to have it embodied in the Senate Bill, to have people in both houses of Congress supporting it means that potentially this is a magic moment for some important steps for education reform as well." While crying crisis wolf to further its agenda has worked well for Microsoft, a Federal judge recently overturned 'emergency' tech immigration changes enacted by Homeland Security in 2008, saying that "the 17-month duration of the STEM extension appears to have been adopted directly from the unanimous suggestions by Microsoft." -
Microsoft Resurrects the Title of President
theodp writes: Microsoft CEO Satya Nadella promoted General Counsel Brad Smith to president and chief legal officer Friday, the first time Microsoft has had a company-wide president since 2002. Smith has been Microsoft's point person on convincing Congress of America's tech-worker shortage, an assertion that is disputed by others. At a 2012 forum on STEM education and immigration reform, Smith discussed "producing a crisis" to galvanize action on Microsoft's National Talent Strategy, which calls for increasing the number of H-1B visas to ostensibly make up for U.S. children's lack of CS-savvy. Coincidentally, a real national K-12 CS and tech immigration crisis emerged shortly thereafter, thanks to the efforts of new deep-pocketed nonprofit organizations like Code.org (headed by Smith's next-door neighbor) and Mark Zuckerberg's FWD.us PAC. Smith is a Code.org Board member and a FWD.us 'Major Contributor'. "We took this idea of connecting immigration to education last fall," Smith explained to the Daily Princetonian in 2013, "and when I started in September, we were the only ones talking about it. To have the White House endorse it, to have it embodied in the Senate Bill, to have people in both houses of Congress supporting it means that potentially this is a magic moment for some important steps for education reform as well." While crying crisis wolf to further its agenda has worked well for Microsoft, a Federal judge recently overturned 'emergency' tech immigration changes enacted by Homeland Security in 2008, saying that "the 17-month duration of the STEM extension appears to have been adopted directly from the unanimous suggestions by Microsoft."