Dan Goodin

The Federal Aviation Administration is investigating the cause of mysterious GPS interference that, over the past few days, has closed one runway at the Dallas-Fort Worth International Airport and prompted some aircraft in the region to be rerouted to areas where signals were working properly. The interference first came to light on October 17 when the FAA issued an advisory warning  flight personnel and air traffic controllers of GPS interference over a 40-mile swath of airspace near the Dallas-Fort Worth airport.

Rumors of Russian Internet services degrading have been greatly exaggerated, despite unprecedented announcements recently from two of the world’s biggest backbone providers that they were exiting the country following its invasion of Ukraine. Just as ISPs provide links connecting individuals or organizations to the Internet, backbone services are the service providers that connect ISPs in one part of the world with those elsewhere. These so-called transit providers route massive amounts of traffic from one ISP or backbone to another.

The Long Term Evolution (LTE) mobile device standard used by billions of people was designed to fix many of the security shortcomings in the predecessor standard known as Global System for Mobile communications. Mutual authentication between end users and base stations and the use of proven encryption schemes were two of the major overhauls. Now, researchers are publicly identifying weaknesses in LTE that allow attackers to send nearby users to malicious websites and fingerprint the sites they visit.

Hackers possibly working for an advanced nation have infected more than 500,000 home and small-office routers around the world with malware that can be used to collect communications, launch attacks on others, and permanently destroy the devices with a single command, researchers at Cisco warned. VPNFilter—as the modular, multi-stage malware has been dubbed—works on consumer-grade routers made by Linksys, MikroTik, Netgear, TP-Link, and on network-attached storage devices from QNAP, Cisco researchers said. It’s one of the few pieces of Internet-of-things malware that can survive a reboot.

A new technique that abuses poorly secured servers is fueling record-breaking denial-of-service attacks, along with notes demanding the targets pay hefty ransoms for the debilitating flood of junk traffic to stop. Memcached, a database caching system for speeding up websites and networks, lets DDoS vandals amplify their attacks by an unprecedented factor of 51,000. That means a single home computer with a 100 megabit-per-second upload capacity from its ISP is capable of bombarding a target with a once-unimaginable 5 terabits per second of traffic, at least in theory.

If you have the uncomfortable sense someone is looking over your shoulder as you surf the Web, you're not being paranoid.

The official Android app for the NBA's Golden State Warriors continuously listens in on users' private conversations without permission, according to a federal lawsuit that alleges the practice is a violation of privacy statutes. The 15-page complaint filed in San Francisco (CA) federal court said the monitoring was part of beaconing technology integrated into the Golden State Warriors app. The beaconing is used to track users' precise locations so the app can provide content that's tailored to that locale. The app "listens to and records all audio within range" of a user's microphone, and when the app detects a unique audio signal, it is able to determine the user is in close proximity to a specific location associated with the signal.

The beaconing technology, the complaint alleged, is provided by a Signal360, a developer of proximity-related products. The lawsuit names the Golden State Warriors, Signal360, and app developer Yinzcam as defendants. It was filed on behalf of New York state resident Latisha Satchell, and the lawsuit seeks class action status so that other smartphone users who installed apps with similar behavior may also seek damages. It was filed on Aug 29, and its docket currently shows no hearings are yet scheduled on the matter. "Unbeknownst to plaintiff and without her consent, defendants programmed the app to turn on her smartphone's microphone and listen-in," the complaint alleges. "Specifically, because plaintiff carried her smartphone to locations where she would have private conversations and the app was continuously running on her phone, defendants app listened-in to private oral communications."

Microsoft has surrendered the 23 domain names it confiscated from dynamic domain hosting service No-IP.com, a move that begins the process of restoring millions of connections that went dark as a result of the highly controversial legal action.

At the time this post was being prepared, No-IP had recovered 18 of the domains and was in the process of reacquiring the remaining five from Public Interest Registry, the registry for Internet addresses ending in .org, No-IP spokeswoman Natalie Goguen told Ars.

People who rely on No-IP subdomains that don't end in .org should already have service restored, as long as the domain name service (DNS) server they use has been updated to reflect the transfer. Users who are still experiencing connectivity problems should try using DNS services from Google or OpenDNS, which have both updated their lookups to incorporate the transfers.

Microsoft confiscated the No-IP domains in late June through a secretive legal maneuver that didn't give the dynamic DNS provider an opportunity to oppose the motion in court. Microsoft's ex parte request was part of a legal action designed to dismantle two sprawling networks of infected Windows computers that were abusing No-IP in an attempt to evade takedown. As partial justification for the request, Microsoft lawyers argued No-IP didn't follow security best practices.

Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.

Microsoft enforced a federal court order making the company the domain IP resolver for the No-IP domains. Microsoft said the objective of the seizure was to identify and reroute traffic associated with two malware families that abused No-IP services.

Almost immediately, end users, some of which were actively involved in Internet security, castigated the move as heavy handed, since there was no evidence No-IP officially sanctioned or actively facilitated the malware campaign, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm).

"By becoming the DNS authority for those free dynamic DNS domains, Microsoft is now effectively in a position of complete control and is now able to dictate their configuration," Claudio Guarnieri, co-founder of Radically Open Security, wrote in an e-mail to Ars Technica. "Microsoft fundamentally swept away No-IP, which has seen parts of its own DNS infrastructure legally taken away."

A researcher has uncovered another severe vulnerability in the OpenSSL cryptographic library. It allows attackers to decrypt and modify Web, e-mail, and virtual private network traffic protected by the transport layer security (TLS) protocol, the Internet's most widely used method for encrypting traffic traveling between end users and servers.

Library updates are available on the front page of the OpenSSL website. People who administer servers running OpenSSL should update as soon as possible. The underlying vulnerability, formally cataloged as CVE-2014-0224, resides in the ChangeCipherSpec processing, according to an overview by Lepidum, the software developer that discovered the flaw and reported it privately to OpenSSL. It makes it possible for attackers who can monitor a connection between an end user and server to force weak cryptographic keys on client devices. Attackers can then exploit those keys to decrypt the traffic or even modify the data before sending it to its intended destination.

"OpenSSL's ChangeCipherSpec processing has a serious vulnerability," the Lepidum advisory stated. "This vulnerability allows malicious intermediate nodes to intercept encrypted data and decrypt them while forcing SSL clients to use weak keys which are exposed to the malicious nodes. There are risks of tampering with the exploits on contents and authentication information over encrypted communication via web browsing, e-mail and VPN, when the software uses the affected version of OpenSSL."