By SCOTT NEUMAN • MAY 10, 2021
Updated May 10, 2021 at 8:29 PM ET
A critical pipeline that runs from refineries on the U.S. Gulf Coast to terminals as far north as New York was shut down over the weekend after being hit by a massive ransomware attack.
The company announced Monday evening that its Line 4 between Greensboro, N.C., to Woodbine, Md., was operating under manual control, although its main lines were still shut down.
In remarks Monday at the White House, President Biden said the federal government is investigating the attack. “My administration takes this very seriously,” he said.
Here’s what we know so far:
What happened?
Colonial Pipeline Co., which operates a 5,500-mile pipeline that delivers 45% of the gasoline and jet fuel supplied to the U.S. East Coast, said Friday that it had been the victim of a ransomware attack.
In response to the attack, the company quickly “took certain systems offline to contain the threat,” it said in a statement. Colonial said those actions “temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring.”
The BBC reported that Colonial’s network was compromised on Thursday and almost 100 gigabytes of data were taken hostage. The hackers reportedly locked the data on some computers and servers and are threatening to leak it to the internet if the undisclosed ransom is not paid.
At a White House media briefing Monday, homeland security adviser Elizabeth Sherwood-Randall said that Colonial had shut down the pipeline as a “precautionary measure” to “ensure that ransomware could not transfer from business systems to those that control and operate the pipeline.”
Who is responsible for the attack?
Suspicion quickly landed on a relatively new but shadowy group of hackers and veteran cybercriminals who have developed ransomware software known as DarkSide. On Monday, the FBI in a brief statement said that it “confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks.”
At Monday’s White House briefing, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, described the attack as “ransomware as a service variant” in which “criminal affiliates conduct attacks and then share proceeds with the ransomware’s developers.”
She called this type of attack “new and troubling” and said that the FBI had been investigating DarkSide since October.
The website Bleeping Computer, which covers computer technology, published an article in August introducing DarkSide and saying that the group had begun attacks that month.
The website published a “press release” purporting to be from DarkSide that said the group “will only attack companies that can pay the requested amount, we do not want to kill your business.”
“Based on our principles,” it continued, “we will not attack” hospitals, schools and universities, nonprofit organizations and the government sector.
DarkSide, in the purported press release, threatened to publish data it locks and send notification of the leak to “the media and your partners and customers” and to “NEVER provide you decryptors” unless the ransom is paid.
At the time, DarkSide’s ransom demands ranged from $200,000 to $2 million.
Reuters reported that like many other such groups, DarkSide “seems to spare Russian, Kazakh and Ukrainian-speaking companies, suggesting a link to the former Soviet republics.”
Biden suggested that the hackers who targeted Colonial Pipeline are in Russia, though “so far there is no evidence from our intelligence people that Russia is involved.”
Biden said, “There is evidence that the actor’s ransomware is in Russia. They have some responsibility to deal with this.” The president said he would raise the matter with Russian President Vladimir Putin at a proposed meeting now under discussion.
Last month, the Biden administration imposed new sanctions on Russia, specifically targeting technology companies that support efforts by the Kremlin’s intelligence services to target the U.S. with cyberattacks. The sanctions came after hackers, believed to be directed by Russia’s SVR foreign intelligence service, used a routine software update to slip malicious code into software produced by SolarWinds and then used it as a vehicle for a massive cyberattack.
Russia has denied any involvement in the SolarWinds attack.
What will be the impact?
Gas prices are sensitive to sudden disruptions, and the results of the cyberattack could be felt at the gas pump.
Patrick De Haan, the head of petroleum analysis at GasBuddy, tweeted, “The challenges brought on by the Colonial Pipeline [shutdown] would likely not appear for several days or longer.”
The average price of gasoline in the U.S. on Monday is $2.967 per gallon, up just a fraction of a cent from Sunday, according to AAA.
Spot shortages of diesel and jet fuel could also occur, according to Natural Gas Intelligence, a provider of data and news on North American energy markets.
At the White House, Sherwood-Randall said that “right now there is not a supply shortage.”
“We are preparing for multiple possible contingencies because that’s our job, especially on the homeland security team,” she said.
How long will it be shut down?
We don’t know yet. Colonial Pipeline said its return to service will take time.
“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” it said.
Homeland security adviser Sherwood-Randall said: “Thus far, Colonial has told us that the pipeline has not suffered damage and can be brought back online relatively quickly,” but she said the company stressed the need for safety “given that it has never before taken the whole pipeline down.”
What is being done to mitigate the disruption?
There are smaller pipelines that serve some areas of the country but none as big as the one run by Colonial — so a long-term shutdown could be significant.
The Biden administration sought over the weekend to “mitigate potential disruptions to supply,” White House press secretary Jen Psaki said in a tweet. The Department of Transportation issued a temporary easing of some restrictions on drivers hauling fuel “to allow flexibility for truckers in 17 states,” she said.
Meanwhile, Reuters, quoting data from the analytics firm Refinitiv Eikon, reported that traders have provisionally booked at least six tankers to ship gasoline from Europe to the United States.
Should we have expected this?
Ransomware attacks have become increasingly common in recent years, with several municipalities, such as the city of Atlanta, having their data or computer systems held hostage by hackers.
In testimony last week before the House Subcommittee on Cybersecurity, Infrastructure Protection & Innovation, Christopher Krebs, the former top cyber official in the Department of Homeland Security, told lawmakers that the ransomware emergency in the U.S. was a “digital dumpster fire.”
“Even if software and services were more secure, the allure of a quick buck and no real repercussions means the forward-looking prospects for ransomware actors are quite good,” he said.
Late last year, Krebs tried to correct disinformation about election fraud and was subsequently fired by then-President Donald Trump.
In 2018, the Government Accountability Office issued an audit concluding that the Department of Homeland Security wasn’t doing enough to protect natural gas and oil pipelines. It said such pipelines “are vulnerable to accidents, operating errors, and malicious physical and cyber-based attack or intrusion.”
Correction: 5/10/21
A previous version of this story incorrectly said that a purported press release from DarkSide claimed the group is prepared to attack hospitals, schools and universities, nonprofit organizations and the government sector. The press release in fact said DarkSide would not attack such targets, because of “our principles.”
Copyright 2021 NPR. To see more, visit https://www.npr.org.
WASHINGTON (Reuters) – The U.S. government on Monday appealed a federal judge’s order that blocked the Commerce Department from imposing restrictions on Chinese-owned short video-sharing app TikTok that would have effectively barred its use in the United States.
President Donald Trump’s administration has cited national security concerns in its targeting of TikTok, arguing that the personal data of U.S. users could be obtained by China’s government. TikTok, which has over 100 million users in the United States, denies the allegation.
In a Dec. 7 ruling, U.S. District Court Judge Carl Nichols in Washington issued an order that prevented the Commerce Department from barring data hosting within the United States for TikTok, content delivery services and other technical transactions that Bytedance said would have prevented TikTok’s U.S. use.
The Justice Department said it was appealing Nichols’ order to the U.S. Court of Appeals for the District of Columbia.
A separate U.S. appeals court is set to hear an appeal in February of an October ruling by U.S. District Judge Wendy Beetlestone in Pennsylvania, who blocked the same restrictions that had been set to take effect on Nov. 12.
Officials briefed on the matter told Reuters it is increasingly unlikely the government will resolve the fate of TikTok in the United States before Trump leaves office on Jan. 20. There is still an outside chance a deal could be struck in January, they said.
In a separate ruling in September, Nichols issued an order blocking the Commerce Department from requiring Apple Inc and Alphabet’s Google to remove the TikTok app from their stores.
A U.S. appeals court in Washington heard the government’s appeal of that ruling two weeks ago.
Earlier this month, the Trump administration opted not to grant TikTok-owner ByteDance a new extension of an order issued by the president in August requiring the company to divest TikTok’s U.S. assets. That gave the Justice Department the power to enforce the divestiture order once the deadline expired.
In a Dec. 16 interview with Reuters, then-Deputy Attorney General Jeffrey Rosen declined to say if the Justice Department would seek to enforce the order. Rosen has since become the acting U.S. attorney general.
Under pressure from the U.S. government, ByteDance has been in talks for months to finalize a deal with Walmart Inc and Oracle Corp to shift TikTok’s U.S. assets into a new entity.
Reporting by David Shepardson; Editing by Chizu Nomiyama and Paul Simao
Source: Reuters
Moving Windows entirely to Linux makes a great deal of financial sense for the software giant.
Over the past few years, Microsoft has wholeheartedly embraced Linux and open source which is why the developer and writer Eric S. Raymond (ESR) believes that the next version of Windows could end up running entirely on Linux.
In a new blog post, ESR points to the fact that the software giant recently released its Windows System for Linux 2 (WSL2) and that it is currently porting its Edge browser to Linux as reasons why the company could one day retire the Windows kernel in favor of the Linux kernel.
WSL2 also allows for unmodified Linux binaries to run under Windows 10 with no emulation or shim layer.
At the same time though, Microsoft developers are now adding features to the Linux kernel in an effort to improve WSL.
- We have put together a list of the best cloud computing
- These are the best alternative operating systems
- Also check out our roundup of the best Linux distros for privacy and security.
ESR thinks that Linux could finally win the desktop wars “not by displacing Windows but by co-opting it”.
Source: TechRadar
Zoom video chat’s full encryption won’t be a free feature
But the videoconferencing service could make exceptions so nonprofits get end-to-end encryption without paying.
Zoom is working on end-to-end encryption to protect privacy on its increasingly popular video chat service, but the company will make it a premium feature not available to free accounts. Alex Stamos, a Zoom security consultant and former chief security officer for Yahoo, told Reuters the company could include exceptions like nonprofits or political dissidents, though.
Zoom encrypts connections between the company’s servers and the devices of people using its service. End-to-end encryption, though, secures connections all the way from each device to every other device on a call. It’s available in some Zoom alternatives, like Apple FaceTime.
The company’s business has surged with the coronavirus pandemic and resulting orders to stay home that increased the demand for online work and personal videoconferencing. However, the increased scrutiny revealed several Zoom security problems and the fact that an earlier Zoom boast of end-to-end encryption was baseless.
Zoom’s end-to-end encryption approach “is very much a work in progress — everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to,” the company said in a statement.
End-to-end encryption will only be for paid accounts, Zoom said in a blog post this week. Even where that protection isn’t being used, though, Zoom is moving all its users to stronger encryption, 256-bit AES (Advanced Encryption Standard) using GCM, or Galois/Counter Mode.
Zoom 5.0 added GCM encryption as an option in April, but on Saturday, it became mandatory for anyone to join a Zoom meetings to improve security. The earlier Zoom approach, in contrast, was a “bad idea,” according to Citizen Lab security researchers who found some of the earlier Zoom shortcomings.
Source: Cnet.com
As VPNs strain to meet the needs of increased use, it’s make-or-break time for services across the globe.
By Rae Hodge
Global demand for commercial virtual private networks is surging following work-from-home trends in the battle against the coronavirus pandemic. VPN providers and internet service providers are flexing major muscle to handle the increased overall internet traffic of quarantined populations around the world. Before the pandemic sent people into a remote work and entertainment streaming frenzy, VPN use was already projected to grow exponentially. But with new growth comes new risks.
According to new investigations from independent research and review firm Top10VPN, demand for VPNs increased by 44% over the second half of March and remains 22% higher than prepandemic levels. While US demand has waned slightly since, it peaked at 65% above average on March 23, just one day after President Donald Trump signed a $2 trillion stimulus package. That’s 36% higher than normal.
“Online searches for VPN began to surge around the world in mid-March in the days following the World Health Organization’s declaration of a pandemic on March 11,” Top10VPN research expert Simon Migliano wrote in the report. “We’ve seen demand suddenly double in countries where lockdowns have been announced or expected.”
In the months prior to the outbreak, VPN use had already grown to include around 31% of internet users. Post-outbreak, however, Top10VPN found demand surged in 75 countries since COVID-19 social distancing measures were implemented, doubling prior levels in 21 countries.
The largest hikes in VPN demand came out of Egypt. Increased demand reached 224% and was sustained longest there. Countries which saw the largest volume of VPN demand, however, were led by France, whose increase peaked at 80%, followed by the US at 41% and the UK at 35%.
Migliano’s global findings offer a macro-scale view of trends currently being navigated by individual consumers, VPN providers and ISPs worldwide.
VPNs ride the usage wave
Despite the rapid expansion of user bases, most VPNs appear to be surfing the user wave rather than drowning.
Figures released by NordVPN revealed that global use of its business-focused VPN had increased by 165% since March 11, with US and the UK usage jumping by 66% and 48% respectively. While the numbers mainly reflect the use of NordVPN’s corporate-level product, the results still reflect a surge in total remote work hours put in by individual users.
As pointed out by Forbes’ Zak Doffman, NordVPN’s US users appear to be putting in an average of three full hours of extra work a day during lockdown. European users are close behind, putting in as much as two extra hours of work daily. NordVPN recently told industry research outfit VPN Pro that it is constantly adding new servers to keep up with the demand.
In a March release, ExpressVPN similarly reported general consumer use growing globally by 36% from February to March, hitting 45% in the US alone. ExpressVPN saw its greatest traffic increase, at 56%, in Belgium. UK traffic rose by 32%, while Australia’s jumped 36% and Mexico’s shot up 22%.
Relative newcomer Surfshark made competitive strides as well, offering free six-month subscriptions to businesses with up to 10 employees. In a single month, the company told VPN Pro, its traffic had doubled in Italy, Germany and Portugal. It tripled in Turkey.
Atlas VPN said use of its product has increased in almost every single country with significant COVID-19 cases. Usage took off in Italy, spiking 112% in a single week, while US use of Atlas VPN rose 53% between the weeks starting March 2 and March 9.
“We estimate that VPN usage in the US could increase over 150% by the end of the month. Overall, the usage of VPNs should continue to surge if the coronavirus pandemic worsens,” Atlas VPN’s COO Rachel Welch wrote in a blog post.
ISPs feel the squeeze
AT&T offers its own version of a VPN, called Anira. Use of the VPN surged roughly 700% over just a few weeks, according to the company.
“These were customers in health care, financial services and other vital segments around the world,” AT&T’s Andre Fuetsch wrote in an April blog post. “AT&T was able to accommodate that demand surge without missing a beat. Just a few years ago, that would have been impossible. In fact, we’ve been adding more capacity to be ready for future needs.”
In late March, Verizon reported a 9% week-over increase of VPN traffic on its network, with a 52% increase in VPN use over a typical day. By April 15, VPN detection on Verizon’s network had plateaued and crept down.
Notably, that downward trend could indicate either less VPN use or — as is increasingly common — consumer use of less detectable VPNs, equipped with obfuscation technology that camouflages the use of a VPN.
Streaming services spike demand
More people are using VPNs to stream content through services such as Disney Plus.
It’s not just the tidal waves of email and additional load of Zoom conferences that are causing enormous global spikes in VPN use, though. Top10VPN research points to some family-friendly culprits behind the traffic spikes.
“With Disney Plus still progressively rolling out globally over March, it’s clear that families stuck indoors with children have been looking for ways to get earlier access to hugely popular shows such as The Mandalorian. This steep surge finally began to flatten out from March 30 as the service became more widely available,” he wrote.
Migliano predicts some streaming service demand spikes will be sustained, however, as Netflix viewers in countries with more limited libraries use VPNs to unblock restricted content during quarantine.
“It’s notable that all interest in VPNs that work with particular services increased over the past seven days as the reality of long social restrictions really starts to sink in around the world,” he wrote.
As VPN use grows, so do risks
As it stands, GlobalWebTKIndex holds that more than 400 million businesses and consumers are currently using encrypted connections — including VPNs and other technology — around the world. And that number is set to grow.
Data from Statista and Orbis Research pegged the value of the global VPN market at $15.64 billion in 2016. By 2018, that value had risen to $20.6 billion. By 2022, it’s projected to reach $36 billion.
With increased VPN demand comes increased security risk. While the field has recently seen some innovative privacy developments, the nature of current VPN technology makes it a prime target for exploitation. All of a user’s data is essentially funneled to a single company, whose servers may be located anywhere, and accessed by anyone.
Malicious actors have long used VPNs as cheaply created vehicles for data harvesting and malware injection. Even seemingly innocuous VPNs can — via shoddy security — endanger users in countries where VPNs are outlawed. Insecure VPN apps are routinely spotted and removed from app marketplaces.
In early April, Google removed one of the most popular VPN apps in its Play Store due to a significant security vulnerability that opened users up to a common hack, known as a “man in the middle” attack, where users’ data is intercepted by an unauthorized third party.
SuperVPN had already achieved 100 million installs by March 19, according to VPN Pro, which discovered the vulnerability in February and alerted Google. Google removed the app on April 7. Users who still have the app installed, however, remain vulnerable to attack and are advised to uninstall it.
Likewise, enterprise-scale VPN use has developed its own set of separate but related concerns. The US Cybersecurity and Infrastructure Security Agency issued guidance in early March, noting the increased potential risk during a pandemic-spurred lockdown, and urged companies to take measures to scale up and reinforce their corporate VPNs to fend off expected attacks on vulnerabilities.
We advise that you evaluate new VPNs carefully before subscribing, and review CNET’s regularly updated directory of VPNs for secure recommendations.
Source: Cnet.com
/* --- footer.php --- */
By SCOTT NEUMAN • MAY 10, 2021
Updated May 10, 2021 at 8:29 PM ET
A critical pipeline that runs from refineries on the U.S. Gulf Coast to terminals as far north as New York was shut down over the weekend after being hit by a massive ransomware attack.
The company announced Monday evening that its Line 4 between Greensboro, N.C., to Woodbine, Md., was operating under manual control, although its main lines were still shut down.
In remarks Monday at the White House, President Biden said the federal government is investigating the attack. “My administration takes this very seriously,” he said.
Here’s what we know so far:
What happened?
Colonial Pipeline Co., which operates a 5,500-mile pipeline that delivers 45% of the gasoline and jet fuel supplied to the U.S. East Coast, said Friday that it had been the victim of a ransomware attack.
In response to the attack, the company quickly “took certain systems offline to contain the threat,” it said in a statement. Colonial said those actions “temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring.”
The BBC reported that Colonial’s network was compromised on Thursday and almost 100 gigabytes of data were taken hostage. The hackers reportedly locked the data on some computers and servers and are threatening to leak it to the internet if the undisclosed ransom is not paid.
At a White House media briefing Monday, homeland security adviser Elizabeth Sherwood-Randall said that Colonial had shut down the pipeline as a “precautionary measure” to “ensure that ransomware could not transfer from business systems to those that control and operate the pipeline.”
Who is responsible for the attack?
Suspicion quickly landed on a relatively new but shadowy group of hackers and veteran cybercriminals who have developed ransomware software known as DarkSide. On Monday, the FBI in a brief statement said that it “confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks.”
At Monday’s White House briefing, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, described the attack as “ransomware as a service variant” in which “criminal affiliates conduct attacks and then share proceeds with the ransomware’s developers.”
She called this type of attack “new and troubling” and said that the FBI had been investigating DarkSide since October.
The website Bleeping Computer, which covers computer technology, published an article in August introducing DarkSide and saying that the group had begun attacks that month.
The website published a “press release” purporting to be from DarkSide that said the group “will only attack companies that can pay the requested amount, we do not want to kill your business.”
“Based on our principles,” it continued, “we will not attack” hospitals, schools and universities, nonprofit organizations and the government sector.
DarkSide, in the purported press release, threatened to publish data it locks and send notification of the leak to “the media and your partners and customers” and to “NEVER provide you decryptors” unless the ransom is paid.
At the time, DarkSide’s ransom demands ranged from $200,000 to $2 million.
Reuters reported that like many other such groups, DarkSide “seems to spare Russian, Kazakh and Ukrainian-speaking companies, suggesting a link to the former Soviet republics.”
Biden suggested that the hackers who targeted Colonial Pipeline are in Russia, though “so far there is no evidence from our intelligence people that Russia is involved.”
Biden said, “There is evidence that the actor’s ransomware is in Russia. They have some responsibility to deal with this.” The president said he would raise the matter with Russian President Vladimir Putin at a proposed meeting now under discussion.
Last month, the Biden administration imposed new sanctions on Russia, specifically targeting technology companies that support efforts by the Kremlin’s intelligence services to target the U.S. with cyberattacks. The sanctions came after hackers, believed to be directed by Russia’s SVR foreign intelligence service, used a routine software update to slip malicious code into software produced by SolarWinds and then used it as a vehicle for a massive cyberattack.
Russia has denied any involvement in the SolarWinds attack.
What will be the impact?
Gas prices are sensitive to sudden disruptions, and the results of the cyberattack could be felt at the gas pump.
Patrick De Haan, the head of petroleum analysis at GasBuddy, tweeted, “The challenges brought on by the Colonial Pipeline [shutdown] would likely not appear for several days or longer.”
The average price of gasoline in the U.S. on Monday is $2.967 per gallon, up just a fraction of a cent from Sunday, according to AAA.
Spot shortages of diesel and jet fuel could also occur, according to Natural Gas Intelligence, a provider of data and news on North American energy markets.
At the White House, Sherwood-Randall said that “right now there is not a supply shortage.”
“We are preparing for multiple possible contingencies because that’s our job, especially on the homeland security team,” she said.
How long will it be shut down?
We don’t know yet. Colonial Pipeline said its return to service will take time.
“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” it said.
Homeland security adviser Sherwood-Randall said: “Thus far, Colonial has told us that the pipeline has not suffered damage and can be brought back online relatively quickly,” but she said the company stressed the need for safety “given that it has never before taken the whole pipeline down.”
What is being done to mitigate the disruption?
There are smaller pipelines that serve some areas of the country but none as big as the one run by Colonial — so a long-term shutdown could be significant.
The Biden administration sought over the weekend to “mitigate potential disruptions to supply,” White House press secretary Jen Psaki said in a tweet. The Department of Transportation issued a temporary easing of some restrictions on drivers hauling fuel “to allow flexibility for truckers in 17 states,” she said.
Meanwhile, Reuters, quoting data from the analytics firm Refinitiv Eikon, reported that traders have provisionally booked at least six tankers to ship gasoline from Europe to the United States.
Should we have expected this?
Ransomware attacks have become increasingly common in recent years, with several municipalities, such as the city of Atlanta, having their data or computer systems held hostage by hackers.
In testimony last week before the House Subcommittee on Cybersecurity, Infrastructure Protection & Innovation, Christopher Krebs, the former top cyber official in the Department of Homeland Security, told lawmakers that the ransomware emergency in the U.S. was a “digital dumpster fire.”
“Even if software and services were more secure, the allure of a quick buck and no real repercussions means the forward-looking prospects for ransomware actors are quite good,” he said.
Late last year, Krebs tried to correct disinformation about election fraud and was subsequently fired by then-President Donald Trump.
In 2018, the Government Accountability Office issued an audit concluding that the Department of Homeland Security wasn’t doing enough to protect natural gas and oil pipelines. It said such pipelines “are vulnerable to accidents, operating errors, and malicious physical and cyber-based attack or intrusion.”
Correction: 5/10/21
A previous version of this story incorrectly said that a purported press release from DarkSide claimed the group is prepared to attack hospitals, schools and universities, nonprofit organizations and the government sector. The press release in fact said DarkSide would not attack such targets, because of “our principles.”
Copyright 2021 NPR. To see more, visit https://www.npr.org.
WASHINGTON (Reuters) – The U.S. government on Monday appealed a federal judge’s order that blocked the Commerce Department from imposing restrictions on Chinese-owned short video-sharing app TikTok that would have effectively barred its use in the United States.
President Donald Trump’s administration has cited national security concerns in its targeting of TikTok, arguing that the personal data of U.S. users could be obtained by China’s government. TikTok, which has over 100 million users in the United States, denies the allegation.
In a Dec. 7 ruling, U.S. District Court Judge Carl Nichols in Washington issued an order that prevented the Commerce Department from barring data hosting within the United States for TikTok, content delivery services and other technical transactions that Bytedance said would have prevented TikTok’s U.S. use.
The Justice Department said it was appealing Nichols’ order to the U.S. Court of Appeals for the District of Columbia.
A separate U.S. appeals court is set to hear an appeal in February of an October ruling by U.S. District Judge Wendy Beetlestone in Pennsylvania, who blocked the same restrictions that had been set to take effect on Nov. 12.
Officials briefed on the matter told Reuters it is increasingly unlikely the government will resolve the fate of TikTok in the United States before Trump leaves office on Jan. 20. There is still an outside chance a deal could be struck in January, they said.
In a separate ruling in September, Nichols issued an order blocking the Commerce Department from requiring Apple Inc and Alphabet’s Google to remove the TikTok app from their stores.
A U.S. appeals court in Washington heard the government’s appeal of that ruling two weeks ago.
Earlier this month, the Trump administration opted not to grant TikTok-owner ByteDance a new extension of an order issued by the president in August requiring the company to divest TikTok’s U.S. assets. That gave the Justice Department the power to enforce the divestiture order once the deadline expired.
In a Dec. 16 interview with Reuters, then-Deputy Attorney General Jeffrey Rosen declined to say if the Justice Department would seek to enforce the order. Rosen has since become the acting U.S. attorney general.
Under pressure from the U.S. government, ByteDance has been in talks for months to finalize a deal with Walmart Inc and Oracle Corp to shift TikTok’s U.S. assets into a new entity.
Reporting by David Shepardson; Editing by Chizu Nomiyama and Paul Simao
Source: Reuters
Moving Windows entirely to Linux makes a great deal of financial sense for the software giant.
Over the past few years, Microsoft has wholeheartedly embraced Linux and open source which is why the developer and writer Eric S. Raymond (ESR) believes that the next version of Windows could end up running entirely on Linux.
In a new blog post, ESR points to the fact that the software giant recently released its Windows System for Linux 2 (WSL2) and that it is currently porting its Edge browser to Linux as reasons why the company could one day retire the Windows kernel in favor of the Linux kernel.
WSL2 also allows for unmodified Linux binaries to run under Windows 10 with no emulation or shim layer.
At the same time though, Microsoft developers are now adding features to the Linux kernel in an effort to improve WSL.
- We have put together a list of the best cloud computing
- These are the best alternative operating systems
- Also check out our roundup of the best Linux distros for privacy and security.
ESR thinks that Linux could finally win the desktop wars “not by displacing Windows but by co-opting it”.
Source: TechRadar
Zoom video chat’s full encryption won’t be a free feature
But the videoconferencing service could make exceptions so nonprofits get end-to-end encryption without paying.
Zoom is working on end-to-end encryption to protect privacy on its increasingly popular video chat service, but the company will make it a premium feature not available to free accounts. Alex Stamos, a Zoom security consultant and former chief security officer for Yahoo, told Reuters the company could include exceptions like nonprofits or political dissidents, though.
Zoom encrypts connections between the company’s servers and the devices of people using its service. End-to-end encryption, though, secures connections all the way from each device to every other device on a call. It’s available in some Zoom alternatives, like Apple FaceTime.
The company’s business has surged with the coronavirus pandemic and resulting orders to stay home that increased the demand for online work and personal videoconferencing. However, the increased scrutiny revealed several Zoom security problems and the fact that an earlier Zoom boast of end-to-end encryption was baseless.
Zoom’s end-to-end encryption approach “is very much a work in progress — everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to,” the company said in a statement.
End-to-end encryption will only be for paid accounts, Zoom said in a blog post this week. Even where that protection isn’t being used, though, Zoom is moving all its users to stronger encryption, 256-bit AES (Advanced Encryption Standard) using GCM, or Galois/Counter Mode.
Zoom 5.0 added GCM encryption as an option in April, but on Saturday, it became mandatory for anyone to join a Zoom meetings to improve security. The earlier Zoom approach, in contrast, was a “bad idea,” according to Citizen Lab security researchers who found some of the earlier Zoom shortcomings.
Source: Cnet.com
As VPNs strain to meet the needs of increased use, it’s make-or-break time for services across the globe.
By Rae Hodge
Global demand for commercial virtual private networks is surging following work-from-home trends in the battle against the coronavirus pandemic. VPN providers and internet service providers are flexing major muscle to handle the increased overall internet traffic of quarantined populations around the world. Before the pandemic sent people into a remote work and entertainment streaming frenzy, VPN use was already projected to grow exponentially. But with new growth comes new risks.
According to new investigations from independent research and review firm Top10VPN, demand for VPNs increased by 44% over the second half of March and remains 22% higher than prepandemic levels. While US demand has waned slightly since, it peaked at 65% above average on March 23, just one day after President Donald Trump signed a $2 trillion stimulus package. That’s 36% higher than normal.
“Online searches for VPN began to surge around the world in mid-March in the days following the World Health Organization’s declaration of a pandemic on March 11,” Top10VPN research expert Simon Migliano wrote in the report. “We’ve seen demand suddenly double in countries where lockdowns have been announced or expected.”
In the months prior to the outbreak, VPN use had already grown to include around 31% of internet users. Post-outbreak, however, Top10VPN found demand surged in 75 countries since COVID-19 social distancing measures were implemented, doubling prior levels in 21 countries.
The largest hikes in VPN demand came out of Egypt. Increased demand reached 224% and was sustained longest there. Countries which saw the largest volume of VPN demand, however, were led by France, whose increase peaked at 80%, followed by the US at 41% and the UK at 35%.
Migliano’s global findings offer a macro-scale view of trends currently being navigated by individual consumers, VPN providers and ISPs worldwide.
VPNs ride the usage wave
Despite the rapid expansion of user bases, most VPNs appear to be surfing the user wave rather than drowning.
Figures released by NordVPN revealed that global use of its business-focused VPN had increased by 165% since March 11, with US and the UK usage jumping by 66% and 48% respectively. While the numbers mainly reflect the use of NordVPN’s corporate-level product, the results still reflect a surge in total remote work hours put in by individual users.
As pointed out by Forbes’ Zak Doffman, NordVPN’s US users appear to be putting in an average of three full hours of extra work a day during lockdown. European users are close behind, putting in as much as two extra hours of work daily. NordVPN recently told industry research outfit VPN Pro that it is constantly adding new servers to keep up with the demand.
In a March release, ExpressVPN similarly reported general consumer use growing globally by 36% from February to March, hitting 45% in the US alone. ExpressVPN saw its greatest traffic increase, at 56%, in Belgium. UK traffic rose by 32%, while Australia’s jumped 36% and Mexico’s shot up 22%.
Relative newcomer Surfshark made competitive strides as well, offering free six-month subscriptions to businesses with up to 10 employees. In a single month, the company told VPN Pro, its traffic had doubled in Italy, Germany and Portugal. It tripled in Turkey.
Atlas VPN said use of its product has increased in almost every single country with significant COVID-19 cases. Usage took off in Italy, spiking 112% in a single week, while US use of Atlas VPN rose 53% between the weeks starting March 2 and March 9.
“We estimate that VPN usage in the US could increase over 150% by the end of the month. Overall, the usage of VPNs should continue to surge if the coronavirus pandemic worsens,” Atlas VPN’s COO Rachel Welch wrote in a blog post.
ISPs feel the squeeze
AT&T offers its own version of a VPN, called Anira. Use of the VPN surged roughly 700% over just a few weeks, according to the company.
“These were customers in health care, financial services and other vital segments around the world,” AT&T’s Andre Fuetsch wrote in an April blog post. “AT&T was able to accommodate that demand surge without missing a beat. Just a few years ago, that would have been impossible. In fact, we’ve been adding more capacity to be ready for future needs.”
In late March, Verizon reported a 9% week-over increase of VPN traffic on its network, with a 52% increase in VPN use over a typical day. By April 15, VPN detection on Verizon’s network had plateaued and crept down.
Notably, that downward trend could indicate either less VPN use or — as is increasingly common — consumer use of less detectable VPNs, equipped with obfuscation technology that camouflages the use of a VPN.
Streaming services spike demand
More people are using VPNs to stream content through services such as Disney Plus.
It’s not just the tidal waves of email and additional load of Zoom conferences that are causing enormous global spikes in VPN use, though. Top10VPN research points to some family-friendly culprits behind the traffic spikes.
“With Disney Plus still progressively rolling out globally over March, it’s clear that families stuck indoors with children have been looking for ways to get earlier access to hugely popular shows such as The Mandalorian. This steep surge finally began to flatten out from March 30 as the service became more widely available,” he wrote.
Migliano predicts some streaming service demand spikes will be sustained, however, as Netflix viewers in countries with more limited libraries use VPNs to unblock restricted content during quarantine.
“It’s notable that all interest in VPNs that work with particular services increased over the past seven days as the reality of long social restrictions really starts to sink in around the world,” he wrote.
As VPN use grows, so do risks
As it stands, GlobalWebTKIndex holds that more than 400 million businesses and consumers are currently using encrypted connections — including VPNs and other technology — around the world. And that number is set to grow.
Data from Statista and Orbis Research pegged the value of the global VPN market at $15.64 billion in 2016. By 2018, that value had risen to $20.6 billion. By 2022, it’s projected to reach $36 billion.
With increased VPN demand comes increased security risk. While the field has recently seen some innovative privacy developments, the nature of current VPN technology makes it a prime target for exploitation. All of a user’s data is essentially funneled to a single company, whose servers may be located anywhere, and accessed by anyone.
Malicious actors have long used VPNs as cheaply created vehicles for data harvesting and malware injection. Even seemingly innocuous VPNs can — via shoddy security — endanger users in countries where VPNs are outlawed. Insecure VPN apps are routinely spotted and removed from app marketplaces.
In early April, Google removed one of the most popular VPN apps in its Play Store due to a significant security vulnerability that opened users up to a common hack, known as a “man in the middle” attack, where users’ data is intercepted by an unauthorized third party.
SuperVPN had already achieved 100 million installs by March 19, according to VPN Pro, which discovered the vulnerability in February and alerted Google. Google removed the app on April 7. Users who still have the app installed, however, remain vulnerable to attack and are advised to uninstall it.
Likewise, enterprise-scale VPN use has developed its own set of separate but related concerns. The US Cybersecurity and Infrastructure Security Agency issued guidance in early March, noting the increased potential risk during a pandemic-spurred lockdown, and urged companies to take measures to scale up and reinforce their corporate VPNs to fend off expected attacks on vulnerabilities.
We advise that you evaluate new VPNs carefully before subscribing, and review CNET’s regularly updated directory of VPNs for secure recommendations.
Source: Cnet.com
/* --- front-page.php --- */