Starlink is adding a 1TB data cap for usage during peak hours

Starlink raised its prices this spring, and now it’s increasing the costs for its most demanding users. As The Vergereports, the SpaceX-run satellite internet provider is instituting a 1TB “Priority Access” monthly cap for data use between 7AM and 11PM…

Google Fiber will offer 5Gbps and 8Gbps internet plans in early 2023

Google Fiber’s sudden revival will include a dramatic boost to internet speeds. Google has revealed that it will offer 5Gbps and 8Gbps plans in early 2023 at respective monthly rates of $125 and $150. Both tiers will include symmetric upload and download rates, a WiFi 6 router and up to two mesh network extenders. The upgrades should help with massive file transfers while keeping lag and jittering to a bare minimum, according to the company.

Current customers, particularly in Kansas City, Utah and West Des Moines, can try the speedier plans as soon as November if they sign up to become “trusted testers.” If you’re eligible, Google will ask you how you expect to use the extra bandwidth.

This is a big jump from the previous-best 2Gbps service Google introduced in 2020, and could make a big difference if you’re a gamer or thrive on cloud computing. If a 150GB Microsoft Flight Simulator download takes 11 minutes at 2Gbps, the 8Gbps plan could cut that wait to less than three minutes in ideal conditions. It certainly makes typical cable internet plans seem expensive. Comcast is already offering 6Gbps service in some areas, for instance, but that costs $300 per month on contract and doesn’t yet include symmetric uploads.

Either way, the new plans represent a declaration of intent. Alongside the first network expansions in five years, the upgraded speeds suggest Google is getting back to Fiber’s roots. That is, it’s both raising expectations for truly fast internet access and (to a degree) spurring competition among incumbent providers. This could help Google pitch its other services, of course, but you might not mind if it gives telecoms an extra incentive to roll out ’10G’ and similar upgrades sooner than they might have otherwise.

SpaceX wants to put Starlink internet on rural school buses

Starlink satellite internet access has already spread to boats and RVs, and now it might accompany your child on the way home from class. SpaceX told the FCC in a filing that it’s piloting Starlink aboard school buses in the rural US. The project would keep students connected during lengthy rides (over an hour in the pilot), ensuring they can complete internet-related homework in a timely fashion even if broadband is slow or non-existent at home.

The spaceflight company simultaneously backed FCC chair Jessica Rosenworcel’s May proposal to bring WiFi to school buses, and said it supported the regulator’s efforts to fund school and library internet access through the E-Rate program. To no one’s surprise, SpaceX felt it had the best solution thanks to rapid satellite deployment, portable dishes and fast service for the “most remote” areas.

We’ve asked the FCC and SpaceX for comment, and will let you know if they respond. The pitch comes just two months after the FCC cleared the use of Starlink in vehicles, noting that it would serve the “public interest” to keep people online while on the move. The concept isn’t new — Google outfitted school buses with WiFi in 2018 following tests, for example.

There’s no guarantee the FCC will embrace SpaceX and fund bus-based Starlink service. The Commission rejected SpaceX’s request for $885.5 million in help through the Rural Digital Opportunity Fund, and the firm responded by blasting the rejection as “grossly unfair” and allegedly unsupported by evidence. Satellite internet service theoretically offers more consistent rural coverage than cellular data, though, and Starlink competitors like Amazon’s Project Kuiper have yet to deploy in earnest.

LastPass was hacked, but it says no user data was compromised

In August, LastPass had admitted that an “unauthorized party” gained entry into its system. Any news about a password manager getting hacked can be alarming, but the company is now reassuring its users that their logins and other information weren’t compromised in the event.

In his latest update about the incident, LastPass CEO Karim Toubba said that the company’s investigation with cybersecurity firm Mandiant has revealed that the bad actor had internal access to its systems for four days. They were able to steal some of the password manager’s source code and technical information, but their access was limited to the service’s development environment that isn’t connected to customers’ data and encrypted vaults. Further, Toubba pointed out that LastPass has no access to users’ master passwords, which are needed to decrypt their vaults.

The CEO said there’s no evidence that this incident “involved any access to customer data or encrypted password vaults.” They also found no evidence of unauthorized access beyond those four days and of any traces that the hacker injected the systems with malicious code. Toubba explained that the bad actor was able to infiltrate the service’s systems by compromising a developer’s endpoint. The hacker then impersonated the developer “once the developer had successfully authenticated using multi-factor authentication.” 

Back in 2015, LastPass suffered a security breach that compromised users’ email addresses, authentication hashes, password reminders and other information. A similar breach would be more devastating today, now that the service supposedly has over 33 million registered customers. While, LastPass isn’t asking users to do anything to keep their data safe this time, it’s always good practice not to reuse passwords and to switch on multi-factor authentication.

Microsoft Teams has been storing authentication tokens in plaintext

Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization, according to the security firm Vectra. The flaw affects the desktop app for Windows, Mac and Linux built using Microsoft’s Electron framework. Microsoft is aware of the issue but said it has no plans for a fix anytime soon, since an exploit would also require network access.

According to Vectra, a hacker with local or remote system access could steal the credentials for any Teams user currently online, then impersonate them even when they’re offline. They could also pretend to be the user through apps associated with Teams, like Skype or Outlook, while bypassing the multifactor authentication (MFA) usually required. 

“This enables attackers to modify SharePoint files, Outlook mail and calendars, and Teams chat files,” Vectra security architect Connor Peoples wrote. “Even more damaging, attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks.”

Attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks.

Vectra created a proof-of-concept exploit that allowed them to send a message to the account of the credential holder via an access token. “Assuming full control of critical seats–like a company’s Head of Engineering, CEO, or CFO — attackers can convince users to perform tasks damaging to the organization.”  

The problem is mainly limited to the desktop app, because the Electron framework (that essentially creates a web app port) has “no additional security controls to protect cookie data,” unlike modern web browsers. As such, Vectra recommends not using the desktop app until a patch is created, and using the web application instead.

When informed by cybersecurity news site Dark Reading of the vulnerability, Microsoft said it “does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network,” adding that it would consider addressing it in a future product release. 

However, threat hunter John Bambenek told Dark Reading it could provide a secondary means for “lateral movement” in the event of a network breach. He also noted that Microsoft is moving toward Progressive Web Apps that “would mitigate many of the concerns currently brought by Electron.”