President Trump on Thursday signed a long-delayed executive order on cybersecurity that “makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the internet, ” reports The Washington Post. From the report: Picking up on themes advanced by the Obama administration, Trump’s order also requires agency heads to use Commerce Department guidelines to manage risk to their systems. It commissions reports to assess the country’s ability to withstand an attack on the electric grid and to spell out the strategic options for deterring adversaries in cyberspace. [Thomas Bossert, Trump’s homeland security adviser] said the order was not, however, prompted by Russia’s targeting of electoral systems last year. In fact, the order is silent on addressing the security of electoral systems or cyber-enabled operations to influence elections, which became a significant area of concern during last year’s presidential campaign. The Department of Homeland Security in January declared election systems “critical infrastructure.” The executive order also does not address offensive cyber operations, which are generally classified. This is an area in which the Trump administration is expected to be more forward-leaning than its predecessor. Nor does it spell out what type of cyberattack would constitute an “act of war” or what response the attack would invite. “We’re not going to draw a red line, ” Bossert said, adding that the White House does not “want to telegraph our punches.” The order places the defense secretary and the head of the intelligence community in charge of protecting “national security” systems that operate classified and military networks. But the secretary of homeland security will continue to be at the center of the national plan for protecting critical infrastructure, such as the electric grid and financial sector. Read more of this story at Slashdot.
Read More:
Trump Signs Executive Order On Cybersecurity
Amazon is taking a tough stance against vendors who sell fully-loaded Kodi boxes and other “pirate” media players through its platform. From a report: The store now explicitly bans media players that “promote” or “suggest” the facilitation of piracy. Sellers who violate this policy, of which there are still a few around, risk having their inventory destroyed. While Kodi itself is a neutral platform, millions of people use third-party add-ons to turn it into the ultimate pirate machine. In some cases, the pirate add-ons are put onto the devices by vendors, who sell these “fully-loaded” boxes through their own stores or marketplaces such as Amazon. The ecommerce giant appears to be well aware of the controversy, as it recently published an updated policy clarifying that pirate media players are not permitted on the platform. Merely ‘suggesting’ that devices can be used for infringing purposes is enough to have them delisted. Read more of this story at Slashdot. 
Reader coondoggie writes: The Federal Trade Commission has filed a complaint against network equipment vendor D-Link saying inadequate security in the company’s wireless routers and Internet cameras left consumers open to hackers and privacy violations. The FTC, in a complaint filed in the Northern District of California charged that “D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras.” For its part, D-Link Systems said it “is aware of the complaint filed by the FTC.” According to the FTC’s complaint, D-Link promoted the security of its routers on the company’s website, which included materials headlined “Easy to secure” and “Advance network security.” But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws such as “hard-coded” login credentials integrated into D-Link camera software — such as the username âoeguestâ and the password âoeguestâ — that could allow unauthorized access to the cameras’ live feed, etc. Read more of this story at Slashdot. 
An anonymous reader writes: As if 2016 wasn’t shitty enough for Yahoo — which admitted to two separate breaches that saw 500 million users’ and then 1 billion users’ details stolen by hackers — the New York Times reports that a billion-user database was sold on the Dark Web last August for $300, 000. That’s according to Andrew Komarov, chief intelligence office at security firm InfoArmor. He told NYT that three buyers, including two prominent spammers and another who might be involved in espionage tactics purchased the entire database at the aforementioned price from a hacker group believed to based in Eastern Europe. It’s lovely to know that it only costs $300, 000 to be able to threaten a billion people’s online existence — which means each account is only worth $0.0003 to hackers who can ruin your life online in a matter of minutes. Yahoo also doesn’t yet know who made off with all the data from the attack in 2013, which is said to be the largest breach of any company ever. Read more of this story at Slashdot. 