News in brief: Pi bakes in security; net neutrality fears; Rule 41 delay fails

Raspberry Pi bakes in tighter security

The people behind the Raspberry Pi, the cheap and cheerful computer that powers countless homebrew projects from smart doorbells to tweeting catflaps, have released a security update to the customised operating system based on Linux to thwart would-be malware-bearing attackers.

As they say on their blog, they usually don’t announce updates to Raspbian, but the concern over the rise of IoT-based botnets such as Mirai means they’ve tightened up their “intensely relaxed” approach to security. So with the updated version, SSH will be disabled by default and they’ve added a clear warning about changing the default password.

It’s all made admirably clear on the Raspberry Pi blog, and, in a fuss-free way, shuts down a feature designed to make things easy for the newbie in a way that’s easy to understand and wonderfully transparent.

Net neutrality fears as Trump names advisers

Fears about the future of net neutrality are heating up as Donald Trump’s presidential transition team fills out. Trump had already sparked concerns by appointing Jerry Eisenach, a former consultant for Verizon and a noted critic of net neutrality, and former Sprint lobbyist Mark Jamison, who has argued in the past about the necessity of having the FCC.

Now Trump has added Roslyn Layton to his team of advisers to guide Trump on telecoms policy. Layton is also a noted opponent of net neutrality, having said in the past that the FCC “should focus on other matters” than net neutrality.

With all three thus far announced having lined up against the principle, things are looking concerning for net neutrality in the US.

Bid to delay Rule 41 fails

So much for that bid to delay Rule 41 in the US Senate: despite attempts by Democratic Senator Ron Wyden to delay the changes, they take effect today.

That means that judges can issue warrants if someone has been using anonymizing technology to conceal the location of their device or for an investigation into a network of hacked or infected computers, such as a botnet.

Magistrate judges could only order searches within the jurisdiction of their court, which is typically limited to a few counties. Now judges can order the hacking of a suspect’s device regardless of where they are.

Speaking from the Senate floor, Wyden said the changes to Rule 41 amounted to “one of the biggest mistakes in surveillance policy in years”.

Catch up with all of today’s stories on Naked Security