An anonymous reader quotes a report from Ars Technica: Four months after receiving a complaint claiming that Verizon "grossly overstated" its 4G LTE coverage in government filings, the Federal Communications Commission says that at least one carrier is apparently guilty of significant rules violations. The FCC did not name any specific carrier in its announcement and did not respond to our question about whether Verizon is among the carriers being investigated. But the investigation was apparently triggered by a complaint about Verizon filed in August by the Rural Wireless Association (RWA).

The RWA, which represents rural carriers, made its case to the FCC by submitting speed test data. The speed tests showed the Verizon network wasn't providing 4G LTE service in areas that Verizon claimed to cover, according to the RWA. Inaccurate coverage maps could make it difficult for rural carriers to get money from the Mobility Fund, a government fund intended for unserved areas. "A preliminary review of speed test data submitted through the challenge process suggested significant violations of the Commission's rules," FCC Chairman Ajit Pai said Friday in his announcement of the FCC investigation. The FCC said its investigation focuses on "whether one or more major carriers violated the Mobility Fund Phase II (MF-II) reverse auction's mapping rules and submitted incorrect coverage maps."

An anonymous reader quotes a report from The Hill: The Equifax data breach, one of the largest in U.S. history, was "entirely preventable," according to a new House committee investigation. The House Oversight and Government Reform Committee, following a 14-month probe, released a scathing report Monday saying the consumer credit reporting agency aggressively collected data on millions of consumers and businesses while failing to take key steps to secure such information. "In 2005, former Equifax Chief Executive Officer (CEO) Richard Smith embarked on an aggressive growth strategy, leading to the acquisition of multiple companies, information technology (IT) systems, and data," according to the 96-page report authored by Republicans. "Equifax, however, failed to implement an adequate security program to protect this sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable."

The report blames the breach on a series of failures on the part of the company, including a culture of complacency, the lack of a clear IT management operations structure, outdated technology systems and a lack of preparedness to support affected consumers. "A culture of cybersecurity complacency at Equifax led to the successful exfiltration of the personal information of approximately 148 million individuals," the committee staff wrote. "Equifax's failure to patch a known critical vulnerability left its systems at risk for 145 days. The company's failure to implement basic security protocols, including file integrity monitoring and network segmentation, allowed the attackers to access and remove large amounts of data." The Oversight staff found that the company not only lacked a clear management structure within its IT operations, which hindered it from addressing security matters in a timely manner, but it also was unprepared to identify and notify consumers affected by the breach. The report said the company could have detected the activity but did not have "file integrity monitoring enabled" on this system, known as ACIS, at the time of the attack.

Malware authors, ad farmers, and scammers are abusing a Firefox bug to trap users on malicious sites. From a report: This wouldn't be a big deal, as the web is fraught with this kind of malicious sites, but these websites aren't abusing some new never-before-seen trick, but a Firefox bug that Mozilla engineers appear to have failed to fix in the 11 years ever since it was first reported back in April 2007. The bug narrows down to a malicious website embedding an iframe inside their source code. The iframe makes an HTTP authentication request on another domain.

[...] For the past few years, malware authors, ad farmers, and scammers have been abusing this bug to lure users on sites where they show all sorts of nasties, such as tech support scams, ad farms that reload the page with new ads in a loop, pages that push users to buy fake gift cards, or sites that offer malware-laced software updates. Whenever users try to leave, the owners of these shady sites trigger the authentification modal in a loop.

The UK's NHS will be banned from buying fax machines from next month -- and has been told by the government to phase out the machines entirely by 31 March 2020. From a report: More than 9,000 fax machines are in use by the NHS, a July survey found. All will be replaced by email, according to a report from the BBC. The shift, ordered by UK health secretary Matt Hancock, is intended to improve patient safety and make communications more secure. Rebecca McIntyre, a cognitive behavioral therapist, told the BBC that using fax machines made it difficult to ensure patient's information was actually sent to the right place, and that it wasn't being seen by non-authorized people. "You would not believe the palaver we have in the work place trying to communicate important documents to services (referrals etc)," she said. "We constantly receive faxes meant for other places in error but this is never reported." Further reading: The Fax is Not Yet Obsolete.

Long time reader theodp writes: At Monday's kickoff event with Melinda Gates for Computer Science Education Week 2018, Microsoft President Brad Smith revealed how a 2013 driveway encounter led to Microsoft's decision to commit $25 million to Code.org, whose CEO Hadi Partovi happens to live next door to Smith. "At the top of the hill, we share a common driveway," Smith said. "I can't even drive into the garage at night if he is standing in the way. Well, actually I can, but running him over is not the right path." Five years ago, Smith recalled, Partovi was in his driveway (King of the Hill-inspired artist's impression), "and he said, 'I have an idea [for then-nascent Code.org]. There is an important problem that we can help solve, because for too many people they look at these opportunities in computer science, and they don't appreciate that in truth anybody can aspire to be the next Melinda Gates or the next Bill Gates or the next Jeff Bezos or the next Sheryl Sandberg or Mark Zuckerberg. What they need, what they deserve, is the opportunity to learn this fundamental field.'"

Earlier this year, Code.org celebrated its 5th anniversary and thanked Microsoft and other tech donors for making it possible for the nonprofit to change U.S. K-12 public education. Smith also announced Monday that Microsoft would invest an additional $10 million in Code.org to help expand the tech-bankrolled nonprofit's work. "The renewed partnership," Microsoft explained, "will focus on ensuring that by 2020 every state will have passed policies to expand access to computer science and every school in the U.S. will have access to Code.org professional development."