In communications earlier this month, Trustico notified DigiCert that 50,000 Symantec-issued certificates Trustico had resold should be mass revoked because of security concerns. When Jeremy Rowley, an executive vice president at DigiCert, asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security... In a statement, Trustico officials said the keys were recovered from "cold storage," a term that typically refers to offline storage systems. "Trustico allows customers to generate a Certificate Signing Request and Private Key during the ordering process," the statement read. "These Private Keys are stored in cold storage, for the purpose of revocation."
"There's no indication the email was encrypted," reports Ars Technica, and the next day DigiCert sent emails to Trustico's 23,000+ customers warning that their certificates were being revoked, according to Bleeping Computer.
In a related development, Thursday Trustico's web site went offline, "shortly after a website security expert disclosed a critical vulnerability on Twitter that appeared to make it possible for outsiders to run malicious code on Trustico servers."
Several major internet companies, including Alphabet Inc's Google and Facebook Inc, had been reluctant to support any congressional effort to dent what is known as Section 230 of the Communications Decency Act, a decades-old law that protects them from liability for the activities of their users. But facing political pressure, the internet industry slowly warmed to a proposal that gained traction in the Senate last year, and eventually endorsed it after it gained sizable bipartisan support. The legislation is a result of years of law-enforcement lobbying for a crackdown on the online classified site backpage.com, which is used for sex advertising. It would make it easier for states and sex-trafficking victims to sue social media networks, advertisers and others that fail to keep exploitative material off their platforms.
"The grassroots movement to reinstate net neutrality is growing by the day, and we will get that one more vote needed to pass my CRA resolution," Markey said. "I urge my Republican colleagues to join the overwhelming majority of Americans who support a free and open Internet. The Internet is for all -- the students, teachers, innovators, hard-working families, small businesses, and activists, not just Verizon, Charter, AT&T, and Comcast and corporate interests."
The Frankfurt simulation is the more basic network, based on 100 MHz of 3.5GHz spectrum with an underlying gigabit-LTE network on 5 LTE spectrum bands, but the results are still staggering. Browsing jumped from 56 Mbps for the median 4G user to more than 490 Mbps for the median 5G user, with roughly seven times faster response rates for browsing. Download speeds also improved dramatically, with over 90 percent of users seeing at least 100 Mbps download speeds on 5G, versus 8 Mbps on LTE.
"Starting with an initial $50,000,000 in funding, we can now increase the size of our team, our capacity, and our ambitions," wrote Signal founder Moxie Marlinspike (a former Twitter executive).
Acton will now also serve as the executive chairman of the newly-formed Signal Foundation, which according to its web site will "develop open source privacy technology that protects free expression and enables secure global communication."
- A 12-year-old gamer heard a knock at his door Sunday -- which turned out to be "teams of Los Angeles police officers and other rescue personnel who believed two people had just hung themselves." The Los Angeles Police Department "said there's no way to initially discern swatting calls from actually emergencies, so they handle every scenario as if someone's life is in danger," according to the Los Angeles Times. The seventh-grader described it as "the most terrifying thing in my life."
- 36-year-old David Pearce has been arrested for falsely reporting an emergency at a Beverly Hills hotel involving "men with guns" holding him hostage. A local police captain later said that the people in the room had not made the call and in fact might have been asleep through much of the emergency. The Los Angeles Times reports that there's roughly 400 'SWATting' cases each year, according to FBI estimates, adding that "Some experts have said police agencies need to take the phenomenon more seriously and provide formal training to dispatchers and others to better recognize hoax callers."
Meanwhile, in the wake of a fatal shooting in Wichita, Kansas lawmakers have passed a new bipartisan bill increasing the penalties for SWAT calls. If a fake call results in a fatality -- and the caller intentionally masks their identity -- it's the equivalent of second-degree murder. "The caller must be held accountable," one lawmaker told the Topeka Capital-Journal.
The signature achievement that helped Pai win the NRA courage award came in December when the FCC voted to eliminate net neutrality rules. The rules, which are technically still on the books for a while longer, prohibited Internet service providers from blocking and throttling lawful Internet traffic and from charging online services for prioritization. Schneider did not explain how eliminating net neutrality rules preserved anyone's "free speech rights." Right Wing Watch posted a video of the ceremony.