Trailrunner7 writes "Those of you who like to tinker and jailbreak Android phones should take notice of some new research conducted on Samsung Galaxy S4 Android devices shipped by AT&T and Verizon. Both devicemakers ship the Galaxy S4 smartphones with a locked-down bootloader that prevents users from uploading custom kernels or from making modifications to software on the phone. Azimuth Security researcher Dan Rosenberg has found a vulnerability in the manner in which the devices do cryptographic checks of boot image signatures and was able to exploit the flaw and upload his own unsigned kernel to the device."

An anonymous reader writes "A California user of Verizon's FiOS fiber-optic internet service put his unlimited data plan to the test. Over the month of March, he totaled over 77 terabytes of internet traffic, which finally prompted a call from a Verizon employee to see what he was doing. The user had switched to a 300Mbps/65Mbps plan in January, and averaged 50 terabytes of traffic per month afterward. 'An IT professional who manages a test lab for an Internet storage company, [the user] has been providing friends and family a personal VPN, video streaming, and peer-to-peer file service—running a rack of seven servers with 209TB of raw storage in his house.' The Verizon employee who contacted him said he was violating the service agreement. "Basically he said that my bandwidth usage was excessive (like 30,000 percent higher than their average customer)," [the user] said. '[He] wanted to know WTF I was doing. I told him I have a full rack and run servers, and then he said, "Well, that's against our ToS." And he said I would need to switch to the business service or I would be disconnected in July. It wasn't a super long call.'"

In the U.S., subsidized phones are the norm: for post-paid, long-term contract use, getting a low up-front price on a phone is one of the few upsides. New submitter Apptopia writes "After T Mobile mostly did away with subsidized phone plans, the other major carriers (Verizon, AT&T, Sprint) are paying attention. Carriers lose money with phone subsidies for high-end smartphones (particularly Apple's iPhone). If they do away with the subsidy, you will have to pay full retail price for phones, but your monthly bill will be lower." If people had a better idea what they were paying for, though, manufacturers might fight harder on price. There are lots of well-reviewed, multi-band, unlocked phones on Amazon and DealExtreme from lesser-known companies, and Nokia's new Asha 501 (though limited in many ways, including availability, having just launched in India) shows that the "smartphone" label can apply even to a sub- $100 phone.

An anonymous reader writes with a bit from the Asbury Park Press: "'Devastated and wiped out by superstorm Sandy, Verizon has no plans to rebuild its copper-line telephone network in Mantoloking. Instead, Verizon says Mantoloking is the first town in New Jersey, and one of the few areas in the country, to have a new service called Verizon Voice Link. Essentially, it connects your home's wired and cordless telephones to the Verizon Wireless network.' So no copper or fiber to a fairly densely populated area. Comcast will now be the only voice/data option with copper to the area."

tdog17 writes "Verizon and MySpace scored a zero out of a possible six stars in a test of how far 18 technology service providers will go to protect user data from government data demands. Twitter and Internet service provider Sonic.net scored a perfect six in the third annual Electronic Frontier Foundation 'Who Has Your Back?' report. Apple, AT&T and Yahoo ranked near the bottom, each scoring just one star. 'While we are pleased by the strides these companies have made over the past couple years, there’s plenty of room for improvement. Amazon holds huge quantities of information as part of its cloud computing services and retail operations, yet does not promise to inform users when their data is sought by the government, produce annual transparency reports, or publish a law enforcement guide. Facebook has yet to publish a transparency report. Yahoo! has a public record of standing up for user privacy in courts, but it hasn't earned recognition in any of our other categories. Apple and AT&T are members of the Digital Due Process coalition, but don’t observe any of the other best practices we’re measuring. ... We remain disappointed by the overall poor showing of ISPs like AT&T and Verizon in our best practice categories.'"

itwbennett writes "According to a study (PDF) by the Georgetown Center for Business and Public Policy, restricting the ability of Verizon Wireless and AT&T to bid in upcoming spectrum auctions would drive down the bidding during the auction, and could cost the U.S. treasury as much as $12 billion. Even a partial restriction of bids by Verizon and AT&T could have a significant impact on auction revenues, said Douglas Holtz-Eakin, a co-author of the Georgetown study. Matt Wood, policy director at digital rights group Free Press, fired back, saying 'No one is talking about completely barring AT&T and Verizon from the incentive auction. Sensible people are talking about making sure that more than two companies have a chance at obtaining spectrum. The fact that these duopolists hired economists to parrot the companies' own talking points isn't really that newsworthy.'"

colinneagle writes "Verizon's 2013 Data Breach Investigation Report is out and includes data gathered by its own forensics team and data breach info from 19 partner organizations worldwide. China was involved in 96% of all espionage data-breach incidents, most often targeting manufacturing, professional and transportation industries, the report claims. The assets China targeted within those industries included laptop/desktop, file server, mail server and directory server, in order to steal credentials, internal organization data, trade secrets and system info. A whopping 95% of the attacks started with phishing to get a toehold into their victim's systems. The report states, 'Phishing techniques have become much more sophisticated, often targeting specific individuals (spear phishing) and using tactics that are harder for IT to control. For example, now that people are suspicious of email, phishers are using phone calls and social networking.' It is unknown who the nation-state actors were in the other 4% of breaches, which the report says 'may mean that other threat groups perform their activities with greater stealth and subterfuge. But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today.'" The report also notes that financially-motivated incidents primarily came from the U.S. and various Eastern European countries.

An anonymous reader writes with this excerpt from Motherboard about the immediate aftermath of yesterday's bomb attack in Boston, which attempts to explain the (unsurprisingly) poor accessibility of the cellular network after the blasts: "Gut instinct suggests that the network must've been overloaded with people trying to find loved ones. At first, the Associated Press said it was a concerted effort to prevent any remote detonators from being used, citing a law enforcement official. After some disputed that report, the AP reversed its report, citing officials from Verizon and Sprint who said they'd never had a request to shut down the network, and who blamed slowdowns on heavy load. (Motherboard's Derek Mead was able to send text messages to both his sister and her boyfriend, who were very near the finish line, shortly after the bombing, which suggests that networks were never totally shut down. Still, shutting down cell phone networks to prevent remote detonation wouldn't be without precedent: It is a common tactic in Pakistan, where bombings happen with regularity.)"

concealment writes with news that a court battle has brought to light details on how the FBI's "stingray" surveillance tool works, and how they used it with Verizon's help to collect evidence about an alleged identity thief. Quoting: "Air cards are devices that plug into a computer and use the wireless cellular networks of phone providers to connect the computer to the internet. The devices are not phones and therefore don’t have the ability to receive incoming calls, but in this case Rigmaiden asserts that Verizon reconfigured his air card to respond to surreptitious voice calls from a landline controlled by the FBI. The FBI calls, which contacted the air card silently in the background, operated as pings to force the air card into revealing its location. In order to do this, Verizon reprogrammed the device so that when an incoming voice call arrived, the card would disconnect from any legitimate cell tower to which it was already connected, and send real-time cell-site location data to Verizon, which forwarded the data to the FBI. This allowed the FBI to position its stingray in the neighborhood where Rigmaiden resided. The stingray then "broadcast a very strong signal" to force the air card into connecting to it, instead of reconnecting to a legitimate cell tower, so that agents could then triangulate signals coming from the air card and zoom-in on Rigmaiden’s location. To make sure the air card connected to the FBI’s simulator, Rigmaiden says that Verizon altered his air card’s Preferred Roaming List so that it would accept the FBI’s stingray as a legitimate cell site and not a rogue site, and also changed a data table on the air card designating the priority of cell sites so that the FBI’s fake site was at the top of the list."

Via the EFF comes news that, during a case involving the use of a Stingray device, the DOJ revealed that it was standard practice to use the devices without explicitly requesting permission in warrants. "When Rigmaiden filed a motion to suppress the Stingray evidence as a warrantless search in violation of the Fourth Amendment, the government responded that this order was a search warrant that authorized the government to use the Stingray. Together with the ACLU of Northern California and the ACLU, we filed an amicus brief in support of Rigmaiden, noting that this 'order' wasn't a search warrant because it was directed towards Verizon, made no mention of an IMSI catcher or Stingray and didn't authorize the government — rather than Verizon — to do anything. Plus to the extent it captured loads of information from other people not suspected of criminal activity it was a 'general warrant,' the precise evil the Fourth Amendment was designed to prevent. ... The emails make clear that U.S. Attorneys in the Northern California were using Stingrays but not informing magistrates of what exactly they were doing. And once the judges got wind of what was actually going on, they were none too pleased:"

CowboyRobot writes with this excerpt from Wall Street & Technology: "[Wednesday of this week], Mayor Michael Bloomberg announced the opening [of] a 1 million square foot high-rise data center [in the] old Verizon switching building at 375 Pearl Street. Sabey Data Center Properties, the owner of the property, has named the data center Intergate.Manhattan and says the building's location, power supply and connectivity to underground fiber make it an ideal location for a data center in New York City. ... Intergate.Manhattan has only one tenant so far, the New York Genome Center, a compute and storage platform for 12 leading medical institutions to tackle the big data challenges that will bring the benefits of genomics to patient care." Let's hope they keep plenty of fuel around for next storm season.

Bennett Haselton writes "Recently I wrote an article about what I considered to be the sorry state of cooking instructions on the web (and how-to instructions in general), using as a jumping-off point a passage from Evgeny Morozov's new book To Save Everything, Click Here. My point was that most "newbie" instructions never seemed to get judged by the basic criteria by which all instructions should be judged: If you give these instructions to a group of beginners, and have them attempt to follow the instructions without any additional help from the author, what kind of results do they get? The original title of my article was "Better Cooking Through Algorithms," but due to some confusion in the submission process the title got changed to "Book Review: To Save Everything, Click Here" even though, as multiple commenters pointed out, it didn't make much sense as a "book review" since it only mentioned a short passage from the actual book. This article, on the other hand, really is intended as a review of The 4-Hour Chef, even though the article only covers a similarly tiny fraction of the book's 671-page length. That's because even before buying the book, I was determined to review it according to a simple process: Try three recipes from the book. Follow the directions step by step. (If any direction is ambiguous, then follow what could be a plausible interpretation of the directions.) My estimation of the quality of the book, as an instructional cooking guide for beginners, is then determined by the quality of the food produced by my attempt to follow the directions. (I've done this so many times for so many "beginner cookbooks," that I've probably lost my true "beginner" cook status in the process — which means that the results obtained by a real beginner using The 4-Hour Chef, would probably be a little worse than what I achieved.)" Read on for the rest of Bennett's Thoughts

The new Copyright Alert System, a.k.a. the 'Six Strikes' policy, went into effect on Monday. Comcast and Verizon activated it today. Ars Technica asked them and other participating ISPs to see the copyright alerts that will be sent to customers who have been identified as infringing. Comcast was the only one to grant their request, saying that a "small number" of the alerts have already been sent out. The alerts will be served to users in the form of in-browser popups. They explain what triggered the alert and ask the user to sign in and confirm they received the alert. (Not admitting guilt, but at least closing off the legal defense of "I didn't know.") The article points out that the alerts also reference an email sent to the Comcast email address associated with the account, something many users not be aware of. The first two notices are just notices. Alert #5 indicates a "Mitigation Measure" is about to be applied, and that users will be required to call Comcast's Security Assurance group and to be lectured on copyright infringement. The article outlines some of the CAS's failings, such as being unable to detect infringement through a VPN, and disregarding fair use. Comcast said, "We will never use account termination as a mitigation measure under the CAS. We have designed the pop-up browser alerts not to interfere with any essential services obtained over the Internet." Comcast also assures subscribers that their privacy is being protected, but obvious that's only to a point. According to TorrentFreak, "Comcast can be asked to hand over IP-addresses of persistent infringers, and the ISP acknowledges that copyright holders can then obtain a subpoena to reveal the personal details of the account holder for legal action."

An anonymous reader sends this excerpt from the Daily Dot: "Starting next week, most U.S. Internet users will be subject to a new copyright enforcement system that could force them to complete educational programs, and even slow their Internet speeds to a crawl. A source with direct knowledge of the Copyright Alert System [said] the five participating Internet service providers will start the controversial program Monday. The ISPs — industry giants AT&T, Cablevision, Comcast, Time Warner, and Verizon — will launch their versions of the CAS on different days throughout the week. Comcast is expected to be the first, on Monday." Of course, there are many ways around the Copyright Alert System, so it probably won't be terribly effective.

First time accepted submitter Lirodon writes "Just when you thought Google's rumored Chrome OS laptop, the Chromebook Pixel, was an elaborate fake, think again. This high-end Chromebook with a 12.85-inch high resolution touchscreen (available in both Wi-Fi only and Verizon LTE versions) and an Intel Core i5 processor under the hood is super fancy, and also super expensive: starting at $1299. Would you want to pay that much for what is essentially a premium netbook?" Engadget has a hands-on with the device.

jfruh writes "U.S. Mobile companies are working hard to get customers on fancy high-speed LTE plans with expensive smartphones. But Verizon is shrewdly working to eke out profit from its older infrastructure as well. The company is offering no-contract pay-as-you-go 3G-only plans, which might appeal to those who don't use a lot of wireless data and who might want to take advantage of the glut of older Android and iOS phones available on the market." It's good to see prices dropping from one of the biggest names in the industry, but it seems there are some cheaper options already around, especially for unlocked phones or for people who don't need data.

Frequent contributor Bennett Haselton writes "With the announcement of Verizon's "six strikes plan" for movie pirates (which includes reporting users to the RIAA and MPAA), and content companies continuing to sue users en masse for peer-to-peer downloads, I think it's inevitable that we'll see the rise of p2p software that proxifies your downloads through other users. In this model, you would not only download content from other users, but you also use other users' machines as anonymizing proxies for the downloads, which would make it impossible for third parties to identify the source or destination of the file transfer. This would hopefully put an end to the era of movie studios subpoenaing ISPs for the identities of end users and taking those users to court." Read below for the rest of Bennett's thoughts.

sconeu writes "My wife uses an assistive communication device. She wants to use it for SMS texting... We currently have Verizon, so we don't have a SIM. The computer will take a SIM. I'm looking for a pay-as-you-go plan where I can take the SIM from a cheap phone and put it in her computer. Any suggestions?" It would be interesting to hear how this question would be best answered both in the U.S. and around the world.

Bennett Haselton writes "Here are three hacks that I adopted in the last few weeks, each of which solved a minor problem that I had lived with for so long that I no longer thought of it as a problem — until a solution came along, which was like a small weight off my shoulders. None of these hacks will help impress anyone with your technical prowess; I'm just putting them here because they made my life easier." Read on for the rest of Bennett's thoughts.

adeelarshad82 writes "The three things any streaming service needs in order to be successful are: a good price, a massive content library, and a decent app that is available on as many devices as possible. Unfortunately the only thing Redbox Instant has going for it right now is the price. The digital library that comprises Redbox Instant at the moment is limited to a handful of comedies, budget horror flicks, and one or two blockbuster titles from the last year. However, there is hope that once the final version is launched, Verizon FiOS On Demand's massive libraries of current television shows will be made available on Redbox. As for the app itself: while it's well designed and offers filtering by search, genre and rating, its biggest drawback is that it's only available on iOS and Android devices. You can't even stream from the Redbox website."