news.buyenne.com

OPM officials did nearly everything wrong as far as security goes and then lied about it, House Oversight Committee Republicans said in a final report on the OPM breach. (credit: Photo illustration by Sean Gallagher, based on image by Colin)

A report from the Republican majority on the House Oversight and Government Reform Committee published today places blame for the 2014 and 2015 data breaches at the Office of Personnel Management squarely on the OPM's leadership. The report finds that the long-time network infiltration that exposed sensitive personal information on about 21.5 million individuals could have been prevented but for "the longstanding failure of OPM's leadership to implement basic cyber hygiene."

"Tools were available that could have prevented the breaches, but OPM failed to leverage those tools to mitigate the agency's extensive responsibilities," the report concluded. And the committee's majority report also asserted that former OPM Chief Information Officer Donna Seymour lied repeatedly during her testimony, misstating how the agency responded to the breach and misleading Congress and the public about the damage done by the attack. Ars extensively covered the shortfalls in OPM's security last year.

The House Oversight report reveals that there were two separate extensive breaches—one beginning as early as November of 2013, which went undiscovered until March 2014 and was finally shut down completely two months later, allowed attackers to obtain manuals and technical information about the types of data stored in OPM systems. A second attack began shortly afterward, targeting background investigation data, personnel records, and fingerprint data. These breaches were determined to be likely conducted by the "Axiom Group" and "Deep Panda," respectively, two China-based hacking groups alleged to have ties to the Chinese government. The attacks used a series of domains—some with OPM-related names (opmsecurity.org and opmlearning.org) and registered under the names of Marvel superheroes Tony Stark (Iron Man) and Steve Rogers (Captain America)—to control malware and exfiltrate stolen data.

Questions regarding the safety of Tesla's electric vehicles—and their ability to drive semi-autonomously—are being raised once again, following reports of a fatal crash on Wednesday morning in the town of Baarn, in the Netherlands. However there's no evidence as yet that Autopilot was involved when a Model S left the road at high speed and hit a tree.

The impact was sufficient to damage the Model S' battery pack enough that part of it ended up alight on the road surface. There are some reports in Dutch media that rescue attempts by the emergency services were hampered by this blaze, although it may just have been due to the nature of the wreck.

Tesla sent a representative to the crash site. The carmaker has said it will launch an investigation and that "[o]nce the outcome is known, Tesla will share with the audience," something it has done for other high-profile crashes. Wednesday's crash isn't the first to make news in the Netherlands, and in July the Dutch vehicle approval authority was reportedly looking into differences between European and US implementations of Autopilot.

US Supreme Court building. (credit: MitchellShapiroPhotography)

The US Supreme Court is giving Backpage.com a victory over the US Senate, at least in the short term. Chief Justice John Roberts says the online classified ad portal, for now, does not have to comply with a Senate subpoena investigating how Backpage conducts its business. The investigation demands documents about the ins and outs of the site's editorial practices.

The Permanent Subcommittee on Investigations contends that the site is littered with ads that amount to offering sex services by women and children forced into prostitution, and it wants to know how it screens ads posted to its site by third parties.

The chief justice's decision Tuesday comes days after a federal appeals court upheld a ruling by a lower court judge and said (PDF) Backpage must comply with the subpoena. The Senate and Backpage have been deadlocked in a legal battle for more than a year. Backpage said the First Amendment shields it from having to comply with the subpoena, (PDF) while the Senate maintains that the First Amendment implications are secondary (PDF) to cutting down on sex trafficking ads on the site.

PS4's mod support in Fallout 4 is still as barren as the game's landscape.

Update, September 9, 12:44 p.m. EDT: Bethesda has finally confirmed why Fallout 4 mods haven't arrived on PlayStation 4, and the developer is saying that it's Sony's fault.

"Sony has informed us they will not approve user mods the way they should work: where users can do anything they want for either Fallout 4 or Skyrim Special Edition," Bethesda told fans on its official blog on Friday. "Like you, we are disappointed by Sony’s decision given the considerable time and effort we have put into this project, and the amount of time our fans have waited for mod support to arrive."

Only one of the technical limits mentioned in our original report (below), about mod storage limits, is on Sony's side, so that may very well be the sticking point that Sony refuses to budge on. Bethesda's statement leaves room for Sony to change its tune and enable the same kind of console-mod support that Xbox One players of Fallout 4 are currently enjoying.