Frank Abagnale, world-famous con-man, explains why technology won’t stop breaches

Frank Abagnale is world-famous for pretending to be other people. The former teenage con-man, whose exploits 50 years ago became a Leonardo DiCaprio film called Catch Me If You Can, has built a lifelong career as a security consultant and advisor to the FBI and other law enforcement agencies. So it’s perhaps ironic that four and a half years ago, his identity was stolen—along with those of 3.6 million other South Carolina taxpayers.

“When that occurred,” Abagnale recounted to Ars, “I was at the FBI office in Phoenix. I got a call from [a reporter at] the local TV news station, who knew that my identity was stolen, and they wanted a comment. And I said, ‘Before I make a comment, what did the State Tax Revenue Office say?’ Well, they said they did nothing wrong. I said that would be absolutely literally impossible. All breaches happen because people make them happen, not because hackers do it. Every breach occurs because someone in that company did something they weren’t supposed to do, or somebody in that company failed to do something they were supposed to do.” As it turned out (as a Secret Service investigation determined), a government employee had taken home a laptop that shouldn’t have left the office and connected it—unprotected—to the Internet.

Government breaches of personal information have become all too common, as demonstrated by the impact of the hacking of the Office of Management and Budget’s personnel records two years ago. But another sort of organization is now in the crosshairs of criminals seeking identity data to sell to fraudsters: doctors’ offices. Abagnale was in Orlando this week to speak to health IT professionals at the 2017 HIMSS Conference about the rising threat of identity theft through hacking medical records—a threat made possible largely because of the sometimes haphazard adoption of electronic medical records systems by health care providers.

Read 16 remaining paragraphs | Comments

T-Mobile wants you to ignore last-place finish in nationwide network test

Verizon’s mobile network has once again been named the best in the US by testing firm RootMetrics, and T-Mobile USA finished last among the four major wireless carriers.

While Verizon Wireless bragged about its victory, T-Mobile claimed that the results are meaningless and that its network is the fastest in the US. The RootMetrics reports have been an ongoing problem for T-Mobile, which has repeatedly claimed that the results shouldn’t be trusted.

RootMetrics releases its reports every six months, based on drive tests conducted throughout the country a few months previously. T-Mobile used to claim that the tests are outdated, but that argument has gotten harder to make as T-Mobile keeps losing to Verizon and AT&T in the tests. In March 2014, T-Mobile said it had been the network leader for “months” and that the RootMetrics data was outdated. Six months later, T-Mobile lost again and predicted that it would “win in their studies in the future as [RootMetrics] data catches up to where our network performance is today.” In August 2015, T-Mobile CEO John Legere slammed the RootMetrics reports as “bullshit” and “antiquated.”

Read 16 remaining paragraphs | Comments

T-Mobile wants you to ignore last-place finish in nationwide network test

Verizon’s mobile network has once again been named the best in the US by testing firm RootMetrics, and T-Mobile USA finished last among the four major wireless carriers.

While Verizon Wireless bragged about its victory, T-Mobile claimed that the results are meaningless and that its network is the fastest in the US. The RootMetrics reports have been an ongoing problem for T-Mobile, which has repeatedly claimed that the results shouldn’t be trusted.

RootMetrics releases its reports every six months, based on drive tests conducted throughout the country a few months previously. T-Mobile used to claim that the tests are outdated, but that argument has gotten harder to make as T-Mobile keeps losing to Verizon and AT&T in the tests. In March 2014, T-Mobile said it had been the network leader for “months” and that the RootMetrics data was outdated. Six months later, T-Mobile lost again and predicted that it would “win in their studies in the future as [RootMetrics] data catches up to where our network performance is today.” In August 2015, T-Mobile CEO John Legere slammed the RootMetrics reports as “bullshit” and “antiquated.”

Read 16 remaining paragraphs | Comments

At death’s door for years, widely used SHA1 function is now dead

For more than six years, the SHA1 cryptographic hash function underpinning Internet security has been at death’s door. Now it’s officially dead, thanks to the submission of the first known instance of a fatal exploit known as a “collision.”

Despite more than a decade of warnings about the lack of security of SHA1, the watershed moment comes as the hash function remains widely used. Git, the world’s most widely used system for managing software development among multiple people, relies on it for data integrity. The GnuPG e-mail encryption program still deems SHA1 safe. And hundreds if not thousands of big-name software packages rely on SHA1 signatures to ensure installation and update files distributed over the Internet haven’t been maliciously altered.

A collision occurs when the two different files or messages produce the same cryptographic hash. The most well-known collision occurred sometime around 2010 against the MD5 hash algorithm, which is even weaker than SHA1. A piece of nation-sponsored espionage malware known as Flame used the attack to hijack the Windows update mechanism Microsoft uses to distribute patches to hundreds of millions of customers. By forging the digital signature used to cryptographically prove the authenticity of Microsoft servers, Flame was able to spread from one infected computer to another inside targeted networks.

Read 8 remaining paragraphs | Comments

T-Mobile promises big LTE boost from 5GHz Wi-Fi frequencies

T-Mobile USA is ready to deploy a new LTE technology over the same 5GHz frequencies used by Wi-Fi following US government approval of the first “LTE-U” devices.

The Federal Communications Commission today authorized the first LTE-U (LTE for unlicensed spectrum) devices after a controversial process designed to ensure that cellular network use of the 5GHz band won’t interfere with Wi-Fi networks.

“With LTE-U, starting this spring, T-Mobile customers will be able to tap into the first 20MHz of underutilized unlicensed spectrum on the 5GHz band and use it for additional LTE capacity,” T-Mobile said immediately after the FCC decision. T-Mobile is deploying LTE-U technology from Ericsson and Nokia, who had their equipment certified by the FCC today.

Read 8 remaining paragraphs | Comments

Google Fiber makes expansion plans for $60 wireless gigabit service

Google Fiber’s new wireless Internet division is apparently ready to expand. The company’s Webpass subsidiary says in a job listing that it is “searching for a General Manager to launch our Seattle market.” The new GM will be “directly responsible for the growth of our local telecom network and revenue” and will oversee construction and installation schedules.

Webpass, which offers up to 1Gbps upload and download speeds for $60 a month and without data caps, was purchased by Google Fiber in October 2016 and already sells wireless home Internet service in Boston, Chicago, Miami, San Diego, Oakland, and San Francisco. (Advertised speeds are anywhere from 100Mbps to 1Gbps, depending on location.) GeekWire, which wrote about the Webpass job listing yesterday, notes that the plan “would bring Google’s wireless option to Seattle’s dense urban center where creating a new physical fiber network can be expensive and impractical.”

Google Fiber is known primarily for its fiber-to-the-home service that it offers in nine metro areas. But the Alphabet-owned ISP recently decided to reduce its staff and “pause” fiber operations in 10 cities where it hadn’t fully committed to building. Fiber deployments are still planned for a few cities where Google Fiber had committed to building, namely Huntsville, Alabama; San Antonio, Texas; and Louisville, Kentucky. Another planned deployment in Irvine, California, which Google Fiber had described as definitely moving forward, was then canceled. San Francisco was also previously slated to get fiber, but it will have to make do with Webpass wireless.

Read 3 remaining paragraphs | Comments

CPU competition at last: AMD Ryzen brings 8 cores from just $329

SAN FRANCISCO—Oasis’ smash hit “Wonderwall” was playing as the throng of journalists assembled in the ballroom of a Grand Hyatt hotel in San Francisco at AMD’s Ryzen Tech Day. I don’t know why the song was picked—normally these events prefer something a little more current and upbeat—but it sure seemed apt. As CEO Lisa Su and others were preparing to speak, one of the Gallagher brothers (who knows which one) drearily droned the question, “You’re gonna be the one that saves me?”

AMD is a company that needs saving. Although there have been occasional high spots, such as the design wins for both the PlayStation 4 and the Xbox One, the last few years have been heavy going for the chip designer. Its main products—desktop and server processors—haven’t been very good at all, forcing it to sell only to the very lowest of the low-end customers. Intel has handily dominated the performance-oriented desktop processor market for the last decade, after AMD’s Bulldozer family brought widespread disappointment.

But in 2015, Su made clear that the company needed high-performance, high-end parts, and those parts are very nearly here.

Read 12 remaining paragraphs | Comments

Microsoft confirms second major Windows 10 update coming in 2017

MSPoweruser

There’s a second major Windows 10 update coming later in 2017, Microsoft has confirmed. The second update, code-named Redstone 3, will follow sometime after the putative April release of the Windows 10 Creators Update.

This new update was revealed at Microsoft Ignite in Australia via a “Windows 10 release cadence” slide, pictured below. The purple sections show the few months where an update is available via the Windows Insider programme, and then the plus sign indicates mainstream release. Teal indicates the period where enterprise customers “pilot” the new update, and dark blue is the “production” period where Microsoft provides active support. So, you can see that Microsoft plans to support two versions of Windows 10 concurrently before moving onto the next update.

Read 4 remaining paragraphs | Comments