Author: Sean Gallagher

Part of an e-mail thread discussing workarounds to keep Hillary Clinton's private e-mail server from being blocked by security filters at the State Department.

2 more images in gallery

Documents recently obtained by the conservative advocacy group Judicial Watch show that in December 2010, then-US Secretary of State Hillary Clinton and her staff were having difficulty communicating with State Department officials by e-mail because spam filters were blocking their messages. To fix the problem, State Department IT turned the filters off—potentially exposing State's employees to phishing attacks and other malicious e-mails.

The mail problems prompted Clinton Chief of Staff Huma Abedin to suggest to Clinton, "We should talk about putting you on State e-mail or releasing your e-mail address to the department so you are not going to spam." Clinton replied, "Let's get [a] separate address or device but I don't want any risk of the personal [e-mail] being accessible."

The mail filter system—Trend Micro's ScanMail for Exchange 8—was apparently causing some messages from Clinton's private server (Clintonemail.com) to not be delivered. Some were "bounced;" others were accepted by the server but were quarantined and never delivered to the recipient. According to the e-mail thread published yesterday by Judicial Watch, State's IT team turned off both spam and antivirus filters on two "bridgehead" mail relay servers while waiting for a fix from Trend Micro.

The Musudan intermediate range ballistic missile. Five out of six of these missiles have failed in test launches over the past three months. The sixth may or may not have been an improvement.

After repeated failed tests of its intermediate range ballistic missile over the past few months, the Democratic People's Republic of Korea (North Korea) attempted this morning to once again demonstrate its ability to strike with nuclear weapons, launching two Musudan missiles within four hours. The first missile traveled a mere 95 miles (about 150km) before crashing into the sea off the east coast of the Korean peninsula.

The second flew a more impressive 250 miles (about 400km). There is some disagreement about whether that launch was a complete success, however. North Korea did not previously announce the test or issue a warning to the UN's civil aviation authority of the launches, so it is possible that the missile was aimed at an intentionally closer target area. The real measure of whether the test qualified as a success would be its trajectory—if the missile reached a sufficient altitude to reach more distant targets.

The Musudan, also known as the BM-25, has been estimated previously to have a range of between 2,500 and 4,000km (1,500 to 2,500 miles). Based on 1960s-era Soviet technology with some homegrown tweaks (including a larger fuel supply for extending range), kits for the Musudan were allegedly sold to Iran by North Korea. But despite the fact that North Korea has had Musudan missiles for over a decade, there have been no flight tests of the system in the past—likely because the North Korean regime believed that the Soviet-era design was already proven to be reliable.

Oracle is very proud of its cloud sales. But not everyone is very happy about how it got them. (credit: Håkan Dahlström)

On June 16, Oracle Corporation released financial results for the fourth quarter of fiscal year 2016, and corporate executives trumpeted the company's cloud services success. According to the latest report, Oracle's cloud infrastructure, platform, and software services collectively brought in $859 million for the quarter ending May 31, compared to $576 million for the same period in 2015. Oracle brought in $2.853 billion in revenues for cloud and had an $8.9 billion (£6.07 billion) profit for the year.

But those numbers don't tell the whole story. Oracle's overall revenue was down, largely because of its shrinking "on premises" software sales, which fell by $224 million versus 4Q FY2015 and by $1.245 billion (£0.85 billion) for the year as a whole. Software license and software maintenance sales still account for 73 percent of Oracle's revenue, while cloud accounts for only 5 percent. Oracle's hardware revenues, which still account for 14 percent of its overall income, fell by 9 percent during the quarter and 10 percent for the full year.

There's some controversy over Oracle's reported cloud sales numbers, however. On June 1, former Oracle senior finance manager Svetlana Blackburn filed suit against Oracle for wrongful termination in October of 2015, claiming that she was fired after she "resisted, refused to engage in, and threatened to blow the whistle on accounting practices she reasonably believed to be unlawful" surrounding how Oracle counted cloud revenues. In a statement to the press, an Oracle spokesperson denied that there was any wrongdoing.

No more nasty fake "download" button ads, which is a good thing—since Google Chrome has started blocking sites that have them.

5 more images in gallery

It has been six months since the company formerly known as Dice (DHI Group) sold off Slashdot Media—the business unit that runs Slashdot and SourceForge to BIZX, LLC, a San Diego-based digital media company. Since then, the new management has been moving to erase some of the mistakes made under the previous regime—mistakes that led to the site becoming a bit of a pariah among open source and free software developers.

In an e-mail to Ars, Logan Abbot—the new president of Slashdot and SourceForge—said, "SourceForge was in the media a lot last year due to several transgressions, which we have addressed since the acquisition. Unfortunately, the media has thus far elected not to cover the improvements (probably because bad press is more popular)." In the conversation that followed, Abbot emphasized the transformation underway at SourceForge.

Abbot has an uphill climb, to be sure. The shifting nature of the software development world has made repositories such as GitHub a go-to for open-source projects of all sorts, while the focus on application downloads has shifted heavily toward the mobile world. But Abbot said he believes SourceForge is still "a great distribution channel," and that developers will come back to host with the repository "when end users see us as a trusted destination once again."

Reusing four-year old passwords from MySpace for GitHub? (credit: ABC Photo Archives / Getty Images)

On June 14, someone using what appears to have been a list of e-mail addresses and passwords obtained from the breach of "other online services" made a massive number of login attempts to GitHub's repository service. A review of logins by GitHub's administrators found that the attacker had gained access to a number of accounts, according to a blog post by Shawn Davenport, Vice President of Security at GitHub.

It’s not clear what the source of the e-mail/password combinations was, but there are certainly plenty of them out there right now—the recent bounty of "megabreaches," consisting of aged passwords from MySpace, Tumblr, LinkedIn and the dating site Fling, totaled more than 642 million accounts in all. And though they date back more than three years, there may have still been some that were being re-used by their owners on GitHub.

Davenport said that the passwords of the accounts accessed successfully by the attacker have all been reset. GitHub has begun contacting each affected user individually with instructions on how to get back into their account. He also urged GitHub users to enable two-factor authentication for the service and to "practice good password hygiene"—providing a link to an xkcd comic on password strength to explain.

A conceptual illustration of how POSYDON will work. (credit: BAE Systems)

A technology being developed under a Defense Advanced Research Projects Agency (DARPA) program could soon bring GPS-like navigation below the waves. The POSYDON program seeks to create a network of acoustic underwater beacons that act like GPS satellites—broadcasting a burst of data encoded into sound waves that underwater craft can use to get a fix on their location.

GPS uses radio signals from satellites carrying time and position data, allowing a receiver to passively pick up that data and calculate its position. But while GPS works well for ships, ground vehicles, and aircraft, the radio signal from GPS satellites doesn't penetrate very far below the ocean's surface. It’s a technical problem that submarines have dealt with since long before GPS was available. It has forced subs to come close to the surface and raise an antenna mast if crews want to figure out where they are.

During the Cold War, the US developed an incredibly accurate—and expensive—technology for helping submarines navigate the seas without surfacing. The solution was based on inertial sensors: gyroscopes measured acceleration and movement relative to the Earth in a fashion similar to the guidance systems used for ballistic missiles. Gyroscopes have since gotten a lot smaller, and the fundamental parts of inertial navigation are now part of most smartphones. But precise inertial systems are still very expensive and not easy to miniaturize. Really accurate inertial navigation has continued to be a problem for undersea drones.

Apparently, backing up the database is not covered in this document.

The database of the Air Force's Automated Case Tracking System (ACTS)—which is used by the Air Force Inspector General's Office to manage investigations into complaints from whistleblowers of waste, fraud, and abuse; Freedom Of Information Act requests; and congressional inquiries—has become corrupted, rendering over 10,000 case files dating back to 2004 unreadable. And because of the way the database was backed up, an Air Force spokesperson said that neither the service nor Lockheed Martin—the contractor that operates the ATCS system for the Air Force—can recover the data.

"The database crashed and there is no data," Ann Stefanak of Air Force Media Operations said in a statement to press. "We’ve kind of exhausted everything we can to recover [the data internally]... and now we’re going to outside experts to see if they can help." Efforts are being made to see if the data was backed up in other locations, and the Air Force has begun asking for help from other organizations within the Department of Defense and from outside experts in recovering the database's contents.

Air Force officials were informed by Lockheed Martin employees of the database crash on June 6, after two weeks of attempting to recover the data. While much of the data in the system was historical, ACTS is primarily used to track ongoing investigations and inquiries—and those cases are now "experiencing significant delays,” Stefanek said.

White House Photo by Pete Souza (November 10, 2010).

President Obama places a call from his secure BlackBerry 8900 from the presidential limo while in Indonesia in 2010. When he took office, Obama pushed to keep a mobile device for unclassified use.

3 more images in gallery

When President Barack Obama took office in 2009, he pushed to keep his BlackBerry. Instead, he was issued another BlackBerry device—a BlackBerry 8830 World Edition with extra crypto—for unclassified calls and e-mail. Until recently, Obama continued to carry a BlackBerry handset, but mobile device technology shifts have finally caught up with the White House. Sadly, the Obamaberry is no more.

In an appearance on Late Night with Jimmy Fallon, Barack Obama noted that he now carries a secure "smartphone" that is so locked down that he compared it to an infant's toy phone. While Obama didn't mention the type of handset he now carries, there's only one mobile device supported by the Defense Information Systems Agency—the agency that provides the White House with communications services. That phone is a "hardened" Samsung Galaxy S4.

The S4 is currently the only device supported under DISA's DOD Mobility Classified Capability-Secret (DMCC-S) program. In 2014, a number of Samsung devices were the first to win approval from the National Security Agency under its National Information Assurance Partnership (NIAP) Commercial Solutions for Classified (CSfC) program—largely because of Samsung's KNOX security technology. And the S4, layered with services managed by DISA, is the first commercial phone to get approval to connect to the Secret classified DOD SIPRNet network.

The apparently fraudulent Twitter account associated with a scam site trying to turn the Orlando mass shooting into a Bitcoin factory.

The vultures have already begun to descend on the tragedy in Orlando, Florida. A fake Twitter account claiming to represent the nightclub where the largest mass shooting in modern US history took place in the early hours of June 12 was calling for donations to assist victims—by sending bitcoins to buy bottled water and Oreo cookies. The account was suspended on Monday afternoon.

The scammers used a common tactic—they hijacked the name of the Pulse nightclub, attached the account to the various "hashtags" associated with the shooting, and built the account's apparent profile by attaching an army of fake followers so they could draw the attention of people following conversations about the shooting. The Twitter account directed followers to a shortened Web address to make donations. That Web address linked to the six-month-old domain desifreemovies.net—a domain with a fake registration address in California and a contact e-mail account associated with the Hushmail anonymous e-mail service.

A screenshot of the highly sophisticated scam site linked to by the Twitter account.

The site itself was a fairly transparent scam—a grammatically incorrect plain HTML page with fake Amazon Prime links and a note that if the links "don't work in your area" to instead send Bitcoin to a specific anonymous address. Based on data from Blockonomics, the wallet pulled in 0.04293381 bitcoins (about $30 US)—so it wasn't exactly successful in cashing in on the tragedy. The site was shut down after Ars contacted the hosting company.

That groundswell of online support for Chinese Communist Party and government officials? Not so much actually grassroots. (credit: Robert Thivierge)

Data scientists at Harvard University have found that the government of the People's Republic of China generates an estimated 448 million fake social media posts per year. The posts are an effort to shape online conversations by citizens and to distract them from sensitive topics "and change the subject"—largely through "cheerleadering" posts promoting the Chinese Communist Party and the government.

The research, conducted by Harvard professor Gary King and former Harvard graduate students Jennifer Pan and Margaret Roberts and supported by Harvard's Institute for Quantitative Science, made use of a goldmine of propaganda content. This included a leaked archive of e-mails sent to the Zhanggong District Internet Propaganda Office from 2013 to 2014 that showed government workers' documentation of completion of fake post work, including screen shots. The research also analyzed social media posts on Chinese websites from 2010 to 2015.

Previously, posts like these were believed to be the work of what observers have called he "50-cent Party"—named for what some believed the posters are paid by the state for their propaganda work. As it turns out, the posts analyzed by King and his co-researchers were likely mostly written for free as an extra duty of government employees.