An anonymous reader quotes a report from DSLReports: Sources claim that Google Fiber has been disappointed with the company's overall number of total subscribers since launching five years ago. A paywalled report over at The Information cites a variety of anonymous current and former Google employees, who say the estimated 200,000 or so broadband subscribers the company had managed to sign up by the end of 2014 was a fary cry from the company's original projection of somewhere closer to 5 million. Google Fiber has never revealed its total number of subscribers. A report last October pegged the company's total broadband subscribers at somewhere around 120,000, though it's unclear how many of those users had signed up for Google Fiber's symmetrical 5 Mbps tier, which was originally free after users paid a $300 installation fee. Disappointed by sluggish subscriber tallies, The Information report states that last month Alphabet CEO Larry Page ordered Google Fiber boss Craig Barratt to cut the total Google Fiber staff in half to roughly 500 people. That's a claim that's sure to only fuel continued speculation that the company is starting to get cold feet about its attempts to bring broadband competition to a broken duopoly market.

Read more of this story at Slashdot.

An anonymous reader quotes a report from DSLReports: Sources claim that Google Fiber has been disappointed with the company's overall number of total subscribers since launching five years ago. A paywalled report over at The Information cites a variety of anonymous current and former Google employees, who say the estimated 200,000 or so broadband subscribers the company had managed to sign up by the end of 2014 was a fary cry from the company's original projection of somewhere closer to 5 million. Google Fiber has never revealed its total number of subscribers. A report last October pegged the company's total broadband subscribers at somewhere around 120,000, though it's unclear how many of those users had signed up for Google Fiber's symmetrical 5 Mbps tier, which was originally free after users paid a $300 installation fee. Disappointed by sluggish subscriber tallies, The Information report states that last month Alphabet CEO Larry Page ordered Google Fiber boss Craig Barratt to cut the total Google Fiber staff in half to roughly 500 people. That's a claim that's sure to only fuel continued speculation that the company is starting to get cold feet about its attempts to bring broadband competition to a broken duopoly market.

Read more of this story at Slashdot.

Rescue teams searching for earthquake survivors in central Italy have asked locals to unlock their Wifi passwords. The Italian Red Cross says residents' home networks can assist with communications during the search for survivors, reports BBC. From the report: On Wednesday a 6.2 magnitude earthquake struck central Italy and killed more than 240 people. More than 4,300 rescuers are looking for survivors believed to still be trapped in the rubble. On Twitter, the Italian Red Cross posted a step-by-step guide which explains how local residents can switch off their Wifi network encryption. Similar requests have been made by the National Geological Association and Lazio Region. A security expert has warned that removing encryption from a home Wifi network carries its own risks, but added that those concerns are trivial in the context of the rescue operation.

Read more of this story at Slashdot.

Indian government has proposed legislation to restrict the use of surrogates in bid to stop exploitation of poor women.

Karl Bode, reporting for DSLReports:Telecom lobbyists are pushing hard for a rewrite of the Telecom Act, this time with a notable eye on cutting FCC funding and overall authority. AT&T donated at least $70,000 to back Republican House Speaker Paul Ryan, and clearly expects him to spearhead the rewrite and make it a priority in 2017. The push is an industry backlash to a number of consumer friendly initiatives at the FCC, including new net neutrality rules, the reclassification of ISPs under Title II, new broadband privacy rules, new cable box reform and an attempt to protect municipal broadband. AT&T's Ryan donation is the largest amount AT&T has ever donated to a single candidate, though outgoing top AT&T lobbyist Jim Cicconi has also thrown his support behind Hillary Clinton.

Read more of this story at Slashdot.

A new spyware has been discovered on the Apple platform. Called Pegasus [1], it turns out to be a sophisticated targeted spyware. Developed by professionals, it uses 0-day vulnerabilities, code obfuscation and encryption techniques.

Apple released today an out-of-band patch for iOS (version 9.3.5) [2]. It fixes three critical vulnerabilities:

CVE-2016-4655 (Memory Corruption in Safari Webkit)
A memory corruption vulnerability exists in Safari Webkit that allows an attacker to execute arbitrary code. Pegasus exploits this vulnerability to obtain initial code execution privileges within the context of the Safari web browser.

CVE-2016-4656(Kernel Information Leak Circumvents KASLR)
Before Pegasus can execute its jailbreak, it must determine where the kernel is located in memory. Kernel Address SpaceLayout Randomization (KASLR) makes this task difficult by mapping the kernel into different and unpredictable locationsin memory.

CVE-2016-4657(Memory Corruption in Kernel leads to Jailbreak)
The third vulnerability in Pegasus Trident is the one that is used to jailbreak the phone. A memory corruption vulnerabilityin the kernel is used to corrupt memory in both the 32- and 64-bit versions. The exploits are performed differently oneach version.

Check on the Apple website if the patch is available for your device and install it as soon as possible (via the usual way: iTunes or Software Updates on your device)

[1]">[2]">https://support.apple.com/en-us/HT207107

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A new spyware has been discovered on the Apple platform. Called Pegasus [1], it turns out to be a sophisticated targeted spyware. Developed by professionals, it uses 0-day vulnerabilities, code obfuscation and encryption techniques.

Apple released today an out-of-band patch for iOS (version 9.3.5) [2]. It fixes three critical vulnerabilities:

CVE-2016-4655 (Memory Corruption in Safari Webkit)
A memory corruption vulnerability exists in Safari Webkit that allows an attacker to execute arbitrary code. Pegasus exploits this vulnerability to obtain initial code execution privileges within the context of the Safari web browser.

CVE-2016-4656(Kernel Information Leak Circumvents KASLR)
Before Pegasus can execute its jailbreak, it must determine where the kernel is located in memory. Kernel Address SpaceLayout Randomization (KASLR) makes this task difficult by mapping the kernel into different and unpredictable locationsin memory.

CVE-2016-4657(Memory Corruption in Kernel leads to Jailbreak)
The third vulnerability in Pegasus Trident is the one that is used to jailbreak the phone. A memory corruption vulnerabilityin the kernel is used to corrupt memory in both the 32- and 64-bit versions. The exploits are performed differently oneach version.

Check on the Apple website if the patch is available for your device and install it as soon as possible (via the usual way: iTunes or Software Updates on your device)

[1]">[2]">https://support.apple.com/en-us/HT207107

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Citadel.org protocol coverage

Non-blocking HTTPS client

Tied construct for hash key checking.

extensions and convenience methods to manage background processes

Thousands of rebels and residents to exit Daraya in deal that cedes control of besieged suburb to government forces.