Month: January 2016

GM's vulnerability coordination portal on HackerOne. (credit: GM / HackerOne)

On January 5, General Motors quietly flipped the switch on Detroit's first public security vulnerability disclosure program, launched in partnership with the bug bounty and disclosure portal provider HackerOne. General Motors Chief Cybersecurity Officer Jeff Massimilla told Ars the new portal was a first step in creating relationships with outside security researchers and increasing the speed with which GM discovers and addresses security issues.

"We very highly value third-party security research," Massimilla said. He explained that under the program, those third parties can reveal vulnerabilities they find with the guarantee that GM will work with them and not take legal action—as long as they follow the fairly straightforward guidelines posted on the program's portal.

The choice of HackerOne was a key part of the program strategy, Massimilla said, because of that company's existing relationship with security researchers. "We don't have a lot of experience with this sort of program," Massimilla admitted. HackerOne is hosting the program's Web portal, which handles much of the workflow of managing disclosures. "We also have e-mail addresses and other contact points where we can communicate," he added.

(credit: Aurich Lawson / Thinkstock)

Facebook, Google, Microsoft, Twitter, and Yahoo have made an unusual collective submission of written evidence to the Draft Investigatory Powers Bill Joint Committee, in which they criticise a number of key elements of the UK government's proposed Snooper's Charter. They write: "We believe the best way for countries to promote the security and privacy interests of their citizens, while also respecting the sovereignty of other nations, is to ensure that surveillance is targeted, lawful, proportionate, necessary, jurisdictionally bounded, and transparent. These principles reflect the perspective of global companies that offer borderless technologies to billions of people around the globe."

As global companies, the group are particularly worried about the extraterritorial nature of the proposals: "Unilateral assertions of extraterritorial jurisdiction will create conflicting legal obligations for overseas providers who are subject to legal obligations elsewhere." There are two problems here. First, the five companies are already subject to US law; and second, if the UK government claims it has a right to instruct companies located outside the UK what to do, other nations—including places like China and Russia—will be able to do the same.

To resolve problems of clashing jurisdictions, the US companies suggest: "the Bill should consistently and explicitly state that no company is required to comply with any notice/warrant, which in doing so would contravene its legal obligations in other jurisdictions." In the longer term, the companies suggest "an international framework should be developed to establish a common set of rules to resolve these conflicts across jurisdictions."

TP-Link has unveiled the world's first 802.11ad (aka WiGig) router: the rather unique looking Talon AD7200. The router is on the show floor at CES in Las Vegas and will be available to buy "in early 2016." No word on price, but I doubt it'll be less than £200/$250.

The Talon AD7200 isn't just a WiGig router: it also supports the usual 2.4GHz and 5GHz Wi-Fi protocols, from 4x4 802.11ac all the way down to a/b/g/n. The idea is that when you're in range for WiGig, it'll use WiGig—otherwise it'll fall back to the slower (but hardier) links. The Talon is capable of up to 800Mbps on 2.4GHz, 1733Mbps on 5GHz, and 4600Mbps on 60GHz (WiGig). Add those together and you get roughly 7200—the name of the router.

As you'd expect from a bleeding-edge router, it has plenty of other high-end features as well. There are eight fold-flat antennas for some sweet beamforming MU-MIMO action (i.e. even if multiple people are in the same room on the same router, you should get a decently fast connection); four Gigabit Ethernet ports on the back; two USB 3.0 ports; and the usual fancy management software that most modern routers have. I'm not entirely sure why the antennas can be folded flat; for storage, perhaps?