ISPs Can Sell Browsing History, Minnesota Senate Votes to Prevent ISPs from selling Browsing History, Hacking Tractors, and Fake VPNs!
Infosec News
INFORMATION SECURITY NEWS
For The Week of 3/28-4/4 2017
The Information Security News Service is a project of LARS (Laboratory for Advanced Research in Systems) in the CS Department at the University of Minnesota Duluth. We send out top stories in information security every Tuesday (except during some academic breaks). If you have stories you’d like to see featured, please email them to infosec...@d.umn.edu.
CURRENT NEWS
ISPs Freed to Sell Browsing History
The 1934 Communications Act set rules for telecommunications providers concerning consumer privacy. Last year, the FCC updated these rules to apply to broadband providers. Mostly, these rules would prevent ISPs from selling your data to advertisers. They also would prohibit mobile phone carriers from placing spyware on your phones to subvert https. A new senate vote rejected the new rules (which were put in place late 2016), making it so ISPs can still do these things. https://arstechnica.com/tech-policy/2017/03/senate-votes-to-let-isps-sell-your-web-browsing-history-to-advertisers/
https://qz.com/945261/how-to-get-a-personal-vpn-and-why-you-need-one-now/
Minnesota Senate Votes to Bar ISPs From Selling Personal Data Without Written Consent
In reaction to the US Senate vote to revert new rules preventing ISPs from selling user data, the Minnesota Senate passed a bill requiring ISPs in Minnesota to get written consent to sell the data. The Minnesota House also passed a similar bill. After the two chambers come to an agreement on specifics and pass a bill, Governor Mark Dayton will have to to sign it before Minnesotans’ privacy is protected.
http://www.twincities.com/2017/03/29/minnesota-senate-passes-passes-internet-privacy-protections/
Farmers Using Cracked Firmware in John Deere Tractors
John Deere requires any repairs to tractors to be authorized by them -- a farmer can replace a transmission by themselves, but without the software authorization, the tractor won’t start. In response, farmers have been running cracked firmware, which is distributed online for pay. Selling cracked firmware would be illegal, but an exception added to the Digital Millennium Copyright Act (DMCA) in 2015 made it so the act doesn’t apply to software that controls “land vehicles”, and tractors qualify as land vehicles. While it’s not illegal, this has sparked a debate as to whether or not farmers have a “right to repair” their tractors.
Previously: https://www.wired.com/2015/04/dmca-ownership-john-deere/
Phony VPN Services Are Cashing in on America’s War on Privacy
Scammers pretending to run a VPN service called www.mysafevpn.com (don’t click!) have started advertising to customers of streaming media startup Plex, as well as its former rival, Boxee. Both Plex and Boxee have had their message boards hacked, exposing user email addresses. It is likely this scam is hoping to ensnare people who are worried about privacy after the repeal of privacy rules, but don’t know much about privacy. Make sure to use a reputable VPN!