TIME privacy

Activists Flood Congress With Faxes to Protest Cybersecurity Bill

"We figured we’d use some 80s technology to try to get our point across"

Internet activists opposed to a controversial cybersecurity bill are trying to get Congress’ attention the old-fashioned way: by flooding its fax machines.

The nonprofit group Fight For the Future has set up eight phone lines to convert emails and tweets protesting the Cybersecurity Information Sharing Act (CISA) into faxes that will be sent to all 100 U.S. senators. Supporters can fax their own messages via FaxBigBrother.com or with the hashtag #faxbigbrother.

The legislation, first introduced last year by Senator Dianne Feinstein (D-Calif.), would give tech companies more freedom to collect user data and share it with federal agencies in the name of cybersecurity; the data they share would then be exempt from Freedom of Information Act requests.

“Groups like Fight for the Future have sent millions of emails [about the issue], and they still don’t seem to get it,” campaign manager Evan Greer told the Guardian on Monday. “Maybe they don’t get it because they’re stuck in 1984, and we figured we’d use some 80s technology to try to get our point across.”

 

 

 

TIME Security

Hackers Threaten to Expose Millions of Ashley Madison’s ‘Cheating Dirtbags’

Attackers breached adult affair website Ashley Madison

Hackers of unknown origin have begun leaking large chunks of user data from the website of Ashley Madison — a social-networking site promising “discreet encounters” for married people and which operates under the rubric “Life is short. Have an affair.”

KrebsOnSecurity — the Internet security blog run by former Washington Post cybercrime reporter Brian Krebs — says the hackers, calling themselves the Impact Team, are demanding that Avid Life Media (ALM), a Canadian company that owns Ashley Madison as well as Established Men (which promises to set successful men up with “young, beautiful women”) to take the two sites down permanently.

If ALM doesn’t comply, the hackers say they will continue releasing “all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” Krebs reports.

Ashley Madison gives users the option to delete their user data for the price of $19, but the hackers claim the feature is flawed and doesn’t actually successfully wipe customers’ information.

They also say Ashley Madison’s customers are “cheating dirtbags” who do not deserve discretion, Krebs writes. “With over 37 million members, mostly from the U.S. and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people,” the hackers reportedly stated.

ALM says it is trying to contain the huge leak and has condemned the hackers’ actions. “We’re not denying this happened,” ALM CEO Noel Biderman told Krebs. “Like us or not, this is still a criminal act.”

[KrebsOnSecurity]

Read next: A Creepy Amount of Tinder Users Aren’t Even Single

Download TIME’s mobile app for iOS to have your world explained wherever you go

TIME cybersecurity

Want Free Airline Flights? Hack Into United

United is using free miles as an incentive to uncover security flaws in its systems.

United on Thursday said that it had awarded millions of frequent flier miles to unlikely recipients: hackers.

The airline, in an effort to ramp up its web security, offered “bug bounties” to hackers who uncovered cyber risks within its systems. United wants helpful hackers to find the weaknesses before malicious ones do.

United first announced the program in May and told Reuters on Thursday that it has twice paid out its maximum award worth 1 million miles to individuals who flagged security flaws. One million miles can be cashed in for dozens of free domestic flights on the airline.

To receive the free miles, hackers must be the first to discover a bug and notify United of it, according to the airline’s website.

Jordan Wiens, who researches cyber vulnerabilities, tweeted last week that he was the recipient of one of the 1 million mile awards.

 

TIME People

U.S. Personnel Chief Resigns After Massive Data Breach

The Office of Personnel Management Director Katherine Archuleta arrives late for a hearing of the Senate Homeland Security and Governmental Affairs Committee about the recent OPM data breach in the Dirksen Senate Office Building on Capitol Hill June 25, 2015 in Washington.
Chip Somodevilla—Getty Images The Office of Personnel Management Director Katherine Archuleta arrives late for a hearing of the Senate Homeland Security and Governmental Affairs Committee about the recent OPM data breach in the Dirksen Senate Office Building on Capitol Hill June 25, 2015 in Washington.

There was a strong bipartisan call for Katherine Archuleta's resignation

(WASHINGTON) — The head of the government’s personnel office has resigned in the wake of a massive data breach on her watch.

A White House official says President Barack Obama accepted the resignation of Office of Personnel Management Director Katherine Archuleta on Friday morning. She’ll stay on the job through the end of the day.

The official says deputy director Beth Cobert will become acting director starting Saturday.

Archuleta’s resignation comes the day after her agency disclosed that hackers stole the personal information of more than 21 million people. Previous government estimates of how many were affected by the breach were far smaller.

Members of Congress in both parties had demanded Archuleta’s resignation.

TIME Security

These Apps Can Help You Unsend an Email

businessman-nervous-computer-mouse-hand
Getty Images

The right one could save you a lot of embarrassment

Have you ever regretted an email immediately after you’ve sent it? Do you wish you had the ability to unsend a message? It’s not just some tech fantasy: After nearly five years of beta testing in Google Labs, Gmail this week officially launched a new feature called Undo Send. Once enabled, it will allow you a brief time window where you can successfully retract your message before it reaches its end destination.

The new feature is making big waves across the Googleverse, but did you know that Gmail isn’t the only mail app that lets you unsend email? In fact, there are a number of different iOS and Android programs and web services that add an unsend button to your current email provider, even if it’s not Google. Take a look at some of the best unsending options we’ve found below – the right one could save you a lot of embarrassment!

Google Gmail Undo Send

While Gmail’s Undo Send has been kicking around in testing for a while (we briefly discussed it in our 2011 article titled 10 Tips to Get the Most out of Gmail), it’s only now become an official part of the service. It works by holding your emails in limbo for a few minutes after you click send, giving you a chance to change your mind before delivering it. You get to choose the time period emails are held for – 5, 10, 20 or 30 seconds.

Before you can use Undo Send, however, you need to tell Google to enable the feature on your Gmail account. This can be accomplished by entering your Gmail Settings (cogwheel icon). Choose the Settings option from the menu, then choose the General tab. Scroll down and click the check box next to “Enable Undo Send.” Set the expiration timer to whatever is most convenient for you, and that’s all there is to it.

Remember, Gmail Undo Send doesn’t go into other people’s inboxes for you to scrub them clean, it simply delays sending all your emails. As such, you’ll want to note that enabling the feature will add short delays to the delivery of all your communications. Few emails are high priority enough that every second matters, but still, it’s something to keep in the back of your mind, especially when comparing Gmail’s Undo Send against the other options available.

Criptext

Do you feel the need for an Gmail unsend window greater than a mere 30 seconds? If so, check out the new Safari and Chrome browser extension Criptext. It allows you to scrub the contents of any Gmail message any time after you’ve sent it. It doesn’t matter if your message has been sitting in the boss’s inbox all week – if it hasn’t been read yet, Criptext can ensure it never will be. Criptext also lets you create self-destructing emails that erase themselves if not read in a timely manner.

Criptext works by converting the text of your emails to a picture file, which is sent to recipients instead. You can’t pull the entire email – your recipient will always know you’ve sent one – but you can have Criptext delete the created picture file or any included file attachments. The free version of the service also adds a garish advertisement for Criptext to all your emails, so be aware of that as well.

You can get the Criptext extension for your browser by visiting criptext.com. The extension is currently available for Chrome and Safari, support for Outlook and Firefox is coming soon.

UnSend.it

UnSend.it is an email delivery service that, like Criptext, converts your text-based communications to images so they can later be withdrawn. But unlike Criptext, UnSend.it doesn’t just work with Gmail – it’s compatible with most providers. Emails can be sent through the UnSend.it dashboard, or you can set up your existing email client (AOL, Outlook, etc.) to use UnSend.it servers instead.

The biggest drawback here is that UnSend.it is an incredibly new service – so new that the web version is missing important basic features like BCC and attachments. And unsending email still results in its recipient getting a blank email, just like with Criptext. That’s not a huge issue for many people, but do be prepared to explain why you are sending blank emails to your contacts.

You can sign up for UnSend.it by visiting the service’s website at – naturally – http://unsend.it.

Virtru

Looking for a more professional way to embrace undo send? Take a look at Virtru. It’s an email add-on that allows you to lock files and messages with strong encryption, allowing them to only be accessed by their intended recipient. That’s because recipients need to verify their identity before they can read your email. It’s this added verification step that gives Virtru users the ability to delete email contents before they’re read.

Virtru is well-designed, but its unsend feature is not free to use. It can only be accessed through a $2.50 per month subscription to Virtru. Fortunately, though, the company offers a 14-day free trial, so you can test the service out before shelling out the cash for it.

You can sign up for Virtru by visiting the company’s website.

This article originally appeared on Techlicious

More from Techlicious:

TIME Gadgets

Meet the Home Security Camera That Burglars Totally Ignore

Canary
Canary

The $249 Canary has already helped cops find a suspected robber

For the past eight years, Melanie, whose name has been changed to protect her privacy, shared her Chandler, Ariz. home with several roommates. But when she finally got the place to herself this past spring, she felt her newfound privacy came at the cost of security. So, she decided buy a Canary all-in-one home security device, placing it in the bedroom of her 2,000-square-foot house.

“You don’t think you’re actually going to use it for home security,” says the 43-year-old. “I called it my puppy cam.”

You can indeed see Melanie’s dogs in a video her Canary recorded on May 4. But the device captured something else, too. On that day, a man later identified by police as Brian Pantoja appears to break Melanie’s window, climb inside her home, and rifle through her belongings. According to local news reports, thousands of dollars worth of jewelry went missing from Melanie’s home that day; the investigation remains open as of May. But before apparently pilfering Melanie’s home, Pantoja appears to grab a bottle of water from right in front of the camera that was recording him.

Here’s the footage from Melanie’s Canary, provided by the company and posted here with Melanie’s permission:

“It’s so sleek,” says Melanie. “[Pantoja] had no idea — he looked at it a couple of times . . . he just had no clue.”

In fairness to the burglar, coming in black, white, or silver and about the size of a large soup can, the Canary looks nothing like most webcams. With air vents at the top and no obvious camera lens, it’s not the kind of device you’d expect to find standing vigil over a home. And Pantoja was hardly the first person to be busted by one. Since the device launched in late March, it has caught at least 30 serious incidents on video, the company claims, from alleged burglaries to caretaker abuse and arson.

Other than Canary’s discrete appearance, its 1080p HD camera with a 147-degree viewing angle is the killer feature. Besting the specs of the newly-announced and much ballyhooed Nest Cam, Canary’s video feed looks great on its mobile app, and that was key in solving Melanie’s burglary. Amidst a roomful of police officers, she pulled up the video and zoomed in on the burglar’s face. The authorities recognized him immediately.

“Everybody was just saying they’ve never seen a video that was such good quality,” she says.

Able to detect motion, light, temperature, and humidity, the $249 Canary is more than just a camera. Through the app, Canary can notify users of movement, loud sounds, and changes in air quality when they’re away from home. A built-in microphone lets users talk to the room when they’re away, and an embedded 90-plus decibel siren can scare off intruders at the push of a button.

But as useful as all this sounds, the Canary isn’t for everyone. Digital privacy has become an increasing concern, and gadget makers face an uphill battle in convincing people their private moments are safe from peering eyes online. Melanie never disclosed any trepidation about having a web-connected camera in her bedroom, but my wife shooed my review unit out of our living room like it was one of the neighbor’s cats.

In my wife’s defense — and she is employed as a crime prevention expert — I promised her I would never review a webcam in our home without her permission. But as I set it up in my office instead, she reminded me of an excellent point: devices like Canary will not prevent crimes from occurring. In fact, once a person has broken into your house, that’s already breaking and entering. But, as the Chandler Police Department might attest, it’s clear that cameras like these can help catch the bad guys after the deed is done.

Once I installed the Canary, I also started thinking of it as my puppy cam, watching as my dog pace back and forth while I was out running errands. Though it was nice to know she doesn’t get nervous in my absence, I discovered the Canary itself was on high alert. Via the Canary app and your phone’s GPS, the device knows when you’re home and when you’re away, automatically arming itself when you step out. This is good because you won’t get overwhelmed with sound and motion notifications when you’re walking around your house. That’s also a very robust way of arming the device — by tracking the owner’s (or owners’, as multiple phone-toting users can be detected) location, Canary doesn’t rely on a spotty Bluetooth or Wi-Fi connection with your smartphone to know that you’re home.

But personally, I found this feature a little creepy, as it kept tracking me even after I unplugged the camera. That’s has more to do with how geo-location works than with the Canary itself, but most smartphone users don’t understand that when you allow an app to track your location, it will do that until you tell it to stop.

Still, there’s no way my paranoia would sway Melanie and the dozens of other users who have found the Canary and similar devices to be tremendously helpful home security tools. In her case, even if the culprit hadn’t been caught, she’d find some sort of relief by seeing the crime in action.

“The best part about it for me is that I know exactly what he did,” says Melanie. “There’s no question of, did he hurt my dogs? Did he do something to my bed? I know exactly where he was; I know everything he touched; I know everything he took.” And as a result, the suspected burglar wasn’t able to steal her sense of security.

TIME Security

This Website May Have Just Solved Passwords Forever

Now you can sign into Medium with your e-mail

Blogging site Medium has launched a password-free login system that uses only e-mail.

The e-mail login option provides an alternative to Medium’s previous login routes, which included only Facebook and Twitter, according to the site’s announcement. The change arrived after many users said they either did not have social media accounts or preferred not to use them. Other users lived in regions where Facebook and Twitter are blocked.

According to Medium, the feature works similarly to the familiar “forgot password” function. Users simply enter their e-mail addresses on the site, which sends them an e-mail with a link to login within 15 minutes.

Still, the e-mail login feature can’t detect whether a user’s e-mail has been compromised, so if someone has access to the e-mail account, they’ll be able to login.

TIME Security

This Is What World War III Will Look Like

Houghton Mifflin Harcourt

P.W. Singer is Strategist at New America and August Cole is a Nonresident Fellow at the Atlantic Council. They are the co-authors of Ghost Fleet: A Novel of the Next World War.

An array of science-fiction-like technologies would likely make their debut

U.S. and Chinese warships battle at sea, firing everything from cannons to cruise missiles to lasers. Stealthy Russian and American fighter jets dogfight in the air, with robotic drones flying as their wingmen. Hackers in Shanghai and Silicon Valley duel in digital playgrounds. And fights in outer space decide who wins below on Earth. Are theses scenes from a novel or what could actually take place in the real world the day after tomorrow? The answer is both.

Great power conflicts defined the 20th century: Two world wars claimed tens of millions of lives, and the Cold War that followed shaped everything from geopolitics to sports. But at the start of the 21st century, the ever-present fear of World War III seemed to be in our historic rearview mirror.

Yet that risk of the past has made a dark comeback. Russian land grabs in Ukraine and constant flights of bombers decorated with red stars probing Europe’s borders have put NATO at its highest levels of alert since the mid 1980s. In the Pacific, the U.S. and a newly powerful and assertive China are engaged in a massive arms race. China built more warships and warplanes than any other nation during the last several years, while the Pentagon just announced a strategy to “offset” it with a new generation of high-tech weapons. Indeed, it’s likely China’s alleged recent hack of federal records at the Office of Personnel Management was not about cyber crime, but a classic case of what is known as “preparing the battlefield,” gaining access to government databases and personal records just in case.

The worry is that the brewing 21st century Cold War with China and its junior partner Russia could at some point turn hot. “A U.S.-China war is inevitable” recently warned the Communist Party’s official People’s Daily newspaper after recent military face-offs over rights of passage and artificial islands built in disputed territory. This may be a bit of posturing both for U.S. policymakers and a highly nationalist domestic audience: A 2014 poll by the Perth U.S.-Asia center found that 74% of Chinese think their military would win in a war with the U.S. But it points to how the global context is changing. Many Chinese officers have begun to lament out loud what they call “peace disease,” their term for never having served in combat.

Wars start through any number of pathways: One world war happened through deliberate action, the other was a crisis that spun out of control. In the coming decades, a war might ignite accidentally, such as by two opposing warships trading paint near a reef not even marked on a nautical chart. Or it could slow burn and erupt as a reordering of the global system in the late 2020s, the period at which China’s military build up is on pace to match the U.S.

Making either scenario more of a risk is that military planners and political leaders on all sides assume their side would be the one to win in a “short” and “sharp” fight, to use common phrases. It would be anything but.

A great power conflict would be quite different from the small wars of today that the U.S. has grow accustomed to and, in turn, others think reveal a new American weakness. Unlike the Taliban or even Saddam’s Iraq, great powers can fight across all the domains; the last time the U.S. fought a peer in the air or at sea was in 1945. But a 21st century fight would also see battles for control of two new domains.

The lifeblood of military communications and control now runs through space, meaning we’d see humankind’s first battles for the heavens. Similarly, we’d learn “cyber war” is far more than stealing Social Security Numbers or e-mail from gossipy Hollywood executives, but the takedown of the modern military nervous system and Stuxnet-style digital weapons. Worrisome for the U.S. is that last year, the Pentagon’s weapons tester found nearly every single major weapons program had “significant vulnerabilities” to cyber attack.

A total mindshift is required for this new reality. In every fight since 1945, U.S. forces have been a generation ahead in technology, having uniquely capable weapons like nuclear-powered aircraft carriers. It has not always translated to decisive victories, but it has been an edge every other nation wants. Yet U.S. forces can’t count on that “overmatch” in the future. These platforms are not just vulnerable to new classes of weapons like long-range missiles, but China, for example, overtook the EU in R&D spending last year and is on pace to match the U.S. within five years, with new projects ranging from the world’s fastest supercomputers to three different long-range drone-strike programs. And now off-the-shelf technologies can be bought to rival even the most advanced tools in the U.S. arsenal. The winner of a recent robotics test, for instance, was not a U.S. defense contractor but a group of South Korea student engineers.

An array of science-fiction-like technologies would likely make their debut in such a war, from AI battle management systems to autonomous robotics. But unlike the ISIS’s of the world, great powers can also go after high-tech’s new vulnerabilities, such as by hacking systems and knocking down GPS. The recent steps taken by the U.S. Naval Academy illustrate where things might be headed. It added a cybersecurity major to develop a new corps of digital warriors, and also requires all midshipmen learn celestial navigation, for when the high tech inevitably runs into the age old fog and friction of war.

While many leaders on both sides think any clash might be geographically contained to the straights of Taiwan or the edge of the Baltic, these technological and tactical shifts mean such a conflict is more likely to reach into each side’s homelands in new ways. Just as the Internet reshaped our notions of borders, so too would a war waged partly online.

The civilian players would also be different than those in 1941. The hub of any war economy wouldn’t be Detroit. Instead, tech geeks in Silicon Valley and shareholders in Bentonville, Ark., would wrestle with everything from microchip shortages to how to retool the logistics and allegiance of a multinational company. The new forms of civilian conflict actors like Blackwater private military firms or Anonymous hacktivist groups are unlikely to just sit out the fight.

A Chinese officer argued in a regime paper, “We must bear a third world war in mind when developing military forces.” But there is a far different attitude in Washington’s defense circles. As the U.S. Chief of Naval Operations worried last year, “If you talk about it openly, you cross the line and unnecessarily antagonize. You probably have a sense about how much we trade with that country, it’s astounding.”

This is true, but both the historic trading patterns between great powers before each of the last world wars and the risky actions and heated rhetoric out of Moscow and Beijing over the last year demonstrate it is no longer useful to avoid talking about the great power rivalries of the 21st century and the dangers of them getting out of control. We need to acknowledge the real trends in motion and the real risks that loom, so that we can take mutual steps to avoid the mistakes that could create such an epic fail of deterrence and diplomacy. That way we can keep the next world war where it belongs, in the realm of fiction.

TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email ideas@time.com.

TIME technology

Federal Agency Announces Temporary Shutdown of Hacked Database

Katherine Archuleta
Susan Walsh — AP Office of Personnel Management (OPM) Director Katherine Archuleta testifies on Capitol Hill in Washington. The federal personnel agency whose records were plundered by hackers linked to China says it has temporarily shut down a massive database used to update and store background investigation records.

Hackers linked to China are believed to have stolen records for as many as 18 million current and former employees

(WASHINGTON) — The federal personnel agency whose records were plundered by hackers linked to China announced on Monday the temporary shutdown of a massive database used to update and store background investigation records after newly discovering a flaw that left the system vulnerable to additional breaches.

There is no evidence the vulnerability has been exploited by hackers, agency spokesman Samuel Schumach said in a statement, adding that the Office of Personnel Management took the step protectively. He said the system could be shut down for four to six weeks.

Hackers suspected of working for the Chinese government are believed to have stolen records for as many as 18 million current and former federal employees and contractors last year. Detailed background investigations for security clearances of military and intelligence agency employees were among the documents taken.

The shutdown announced Monday is expected to hamper agencies’ ability to initiate investigations for new employees and contractors, as well as renewal investigations for security clearances, Schumach said.

But, he added, the federal government will still be able to hire, and in some cases grant clearances on an interim basis.

The database is known as e-QIP, short for Electronic Questionnaires for Investigations Processing.

TIME cybersecurity

U.S. Intelligence Chief Points Finger at China for Data Hack

Director Of Nat'l Intelligence James Clapper Speaks At Council On Foreign Relations
Bryan Thomas—Getty Images Director of National Intelligence James Clapper speaks at the Council on Foreign Relations on March 2, 2015 in New York City.

Large data breach left millions of Social Security numbers exposed

The most senior U.S. intelligence official has openly implicated China in a large hack of U.S. government data.

James Clapper, the U.S. Director of National Intelligence, said Thursday that China was a “leading suspect” in a recent security breach that saw millions of personnel records of Americans stolen from government computers.

Previously, U.S. officials hadn’t named a suspect for the breach, which was disclosed in early June. Clapper mentioned China at an intelligence conference in Washington, D.C. “You have to kind of salute the Chinese for what they did,” he said, noting the difficulty of the attack.

Earlier this year Barack Obama signed an executive order that grants the Treasury greater ability to impose sanctions on countries who conduct cyberattacks against the U.S. China has denied involvement in the attack, which may have exposed as many as 18 million Social Security numbers.

[WSJ]

Your browser is out of date. Please update your browser at http://update.microsoft.com