Domain fronting has a dwindling future

Getting around government censorship of the internet — like China’s “Great Firewall,” for instance — requires an arsenal of tricks. One of the most common ways is known as “domain fronting,” which can mask internet traffic that would otherwise be blocked. However, the practice was recently banned by Amazon and Google, two cloud behemoths that run the underlying technology behind much of the world’s web traffic. While U.S. lawmakers are calling on tech giants to reconsider their bans, the practice may be soon a relic of the past. Domain fronting uses HTTPS encryption to disguise internet traffic, so that a person who may be using a censored service or visiting a blocked website looks to be visiting a benign website like Google.com. As this in-depth 2015 research paper lays out, it’s an easy technique that can be done without any explicit support from a cloud host. Its been used for years by developers and engineers, including those behind […]

The post Domain fronting has a dwindling future appeared first on Cyberscoop.

Continue reading Domain fronting has a dwindling future

EAC reassures lawmaker regarding security of voting systems

The top federal authority on elections is seeking to reassure a security-focused lawmaker that it is doing everything in its power to provide state election officials with all available resources in order to secure equipment and computer systems. The heads of the Election Assistance Commission were responding to Sen. Ron Wyden, D-Ore., who wrote to the EAC in June asking how the agency is coordinating with them about security amid ongoing concerns over foreign election interference. In the response letter obtained by CyberScoop, EAC commissioners Thomas Hicks and Christy McCormick lay out the many ways the commission works with states on election security, including developing testing requirements and voting machine standards, offering guidance for spending federal grants and informing states about services available from other agencies. Earlier this year, Congress allocated $380 million to be split among the states for the sake of improving the administration of elections under the […]

The post EAC reassures lawmaker regarding security of voting systems appeared first on Cyberscoop.

Continue reading EAC reassures lawmaker regarding security of voting systems

Lawmakers ask Google, Facebook not to work with Vietnamese government on new data laws

A bipartisan and bicameral group of lawmakers has asked Google and Facebook not to share sensitive user data with the Vietnamese government that could enable surveillance and censorship of the country’s citizens. The lawmakers object to a heavy-handed Vietnamese law that requires tech companies to remove content within 24 hours of getting a request from Vietnamese authorities. Three senators and 17 members of the House of Representatives wrote to Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichai asking the companies not to store data in Vietnam if it means it can be seized by authorities. The Southeast Asian country has a stifling climate for online expression, and the new law, which will take effect in January after its approval by legislators last month, will further tighten the screws. The human rights advocacy group Amnesty International urged tech companies to resist the measure, saying “this law can only work if tech […]

The post Lawmakers ask Google, Facebook not to work with Vietnamese government on new data laws appeared first on Cyberscoop.

Continue reading Lawmakers ask Google, Facebook not to work with Vietnamese government on new data laws

Lawmakers call on Amazon and Google to reconsider ban on domain fronting

Amazon and Google face sharp questions from a bipartisan pair of U.S. senators over the tech giants’ decisions to ban domain fronting, a technique used to circumvent censorship and surveillance around the world. Sen. Ron Wyden, D-Ore., and Sen. Marco Rubio, R-Fla., sent a letter on Tuesday to Google CEO Larry Page and Amazon CEO Jeff Bezos over decisions by both companies in April to ban domain fronting. Amazon then warned the developers of encrypted messaging app Signal that the organization would be banned from Amazon’s cloud services if the service didn’t stop using Amazon’s cloud as cover. “We respectfully urge you to reconsider your decision to prohibit domain fronting given the harm it will do to global internet freedom and the risk it will impose upon human rights activists, journalists, and others who rely on the internet freedom tools,” the senators wrote. The technique uses HTTPS encryption to communicate with […]

The post Lawmakers call on Amazon and Google to reconsider ban on domain fronting appeared first on Cyberscoop.

Continue reading Lawmakers call on Amazon and Google to reconsider ban on domain fronting

TechCongress program grows as Capitol Hill plays catch-up on tech issues

Interest is rising in a program that stations technology experts with Congress, giving lawmakers a sorely needed way to understand the litany of society-shifting tech issues that come to their attention. TechCongress opened up its application process for its 2019 Congressional Innovation Fellowship class last week. Started in 2016 with two fellows, the number of fellows has been rising every year since. The 2018 class saw seven fellows, with a record-high five receiving job offers. The 2019 class which will have up to ten fellows. Although cybersecurity and data privacy experts are in the highest demand, health and transportation experts like former Economist editor Sunmin Kim and biotechnologist Robbie Narang have gone through the program. The 2018 class of fellows, which is still active, includes Washington D.C.-based researcher Collin Anderson, former Mandiant consultant James Gimbi and former U.S. Army special operations veteran James Price. The most publicly well-known fellow may be Chris Soghoian, […]

The post TechCongress program grows as Capitol Hill plays catch-up on tech issues appeared first on Cyberscoop.

Continue reading TechCongress program grows as Capitol Hill plays catch-up on tech issues

Voting machine vendor says it installed remote software connections in a ‘small number’ of systems

A top manufacturer of voting machines has conceded that it installed remote-access software for a “small number” of election management systems from 2000 to 2006, a practice that experts say leaves the equipment vulnerable to hackers. The revelation could be a teachable moment as state and local election officials work to shore up their voting infrastructure security for the 2018 midterm elections. In an April letter to Sen. Ron Wyden, D-Ore., obtained by CyberScoop, Election Systems and Software (ES&S) said it implemented the remote-access software on systems over a six-year period in order to facilitate customer support. Among other voting-related tasks, election management systems are used to program voting machines across a county. The software in question, pcAnywhere, has proven to be vulnerable to hackers, who stole its source code in 2006. The Nebraska-based vendor said it never set up a remote connection on voting devices like tabulators or ballot-marking […]

The post Voting machine vendor says it installed remote software connections in a ‘small number’ of systems appeared first on Cyberscoop.

Continue reading Voting machine vendor says it installed remote software connections in a ‘small number’ of systems

Senators call for DOJ investigation of Fancy Bear’s ‘CyberCaliphate’ ruse

A bipartisan pair of senators is calling on the Department of Justice to investigate the alleged harassment of U.S. military families by Russian government hackers posing as Islamic State sympathizers. “We urge you to investigate this potential false flag operation and to hold any perpetrators accountable,” Sens. Cory Gardner, R-Colo., and Ron Wyden, D-Ore., wrote in a July 9 letter to Attorney General Jeff Sessions. The senators’ call for inquiry builds on evidence that Russian military hackers have masqueraded as Islamic State extremists to harass U.S. military family members. A group calling itself the CyberCaliphate sent death threats to the wives of U.S. military personnel in 2015. However, activity from the CyberCaliphate coincided with attempts by the Russian hacking group, known as APT28 or Fancy Bear, to breach the women’s email accounts, the Associated Press reported in May. The same Russian hacking group is accused of meddling in the 2016 presidential […]

The post Senators call for DOJ investigation of Fancy Bear’s ‘CyberCaliphate’ ruse appeared first on Cyberscoop.

Continue reading Senators call for DOJ investigation of Fancy Bear’s ‘CyberCaliphate’ ruse

4G is vulnerable to same types of attacks as 3G, researchers say

The 4G wireless telecommunications protocol is vulnerable to the same types of remote exploitation as its 3G predecessor, new research emphasizes. As with the flaw-ridden protocol underlying 3G, the 4G protocol is susceptible to attacks that disclose mobile users’ information or impose a denial of service, according to a report from mobile-security company Positive Technologies. Security researchers have long warned that spies or hackers could exploit the protocol supporting 3G — known as Signaling System No. 7 (SS7) — to intercept or track call data. The move from 3G to 4G, and the latter’s Diameter protocol, was supposed to mitigate some vulnerabilities, but security experts also have made clear that Diameter is no safeguard against hacking. While the new research indicates 4G is vulnerable to a smaller scope of attacks than 3G, it shows that attackers could shift a user’s device to 3G mode to exploit the less-secure SS7. Further, most mobile […]

The post 4G is vulnerable to same types of attacks as 3G, researchers say appeared first on Cyberscoop.

Continue reading 4G is vulnerable to same types of attacks as 3G, researchers say

Election security legislation gains attention on Capitol Hill

Senators are making a renewed push to secure voting infrastructure ahead of the midterm elections through measures that would boost states’ cooperation with U.S. intelligence agencies and require the use of paper ballots. As the Senate considers an annual defense policy bill, Sen. Amy Klobuchar, D-Minn., is urging support for a bipartisan amendment that would tighten cyberthreat information sharing between states and the intelligence community. “With the new kind of [information] warfare we’re seeing,” Klobuchar said Tuesday at a Senate Judiciary Committee hearing, failing to update U.S. law would be “a very big lost opportunity.” The Secure Elections Act sponsored by Klobuchar and Sen. James Lankford, R-Okla., would task the Department of Homeland Security – which is already a hub for passing intelligence from federal to state officials – with quickly sharing election-related threats with all state election agencies. The bill also aims to speed up the security-clearance process for state […]

The post Election security legislation gains attention on Capitol Hill appeared first on Cyberscoop.

Continue reading Election security legislation gains attention on Capitol Hill