Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Crime

Wired On 3-D Printers As Fraud Enablers 207

Posted by timothy
from the phoney-numbers-can-be-as-big-as-you-want dept.
An anonymous reader writes Citing a report from the Gartner Group estimating $100 billion in intellectual property losses within five years, Joshua Greenbaum warns of "the threat of a major surge in counterfeiting" as cheap 3-D printers get more sophisticated materials. Writing for Wired, Greenbaum argues that preventing counterfeiting "promises to be a growth market," and suggests that besides updating IP laws, possible solutions include nanomaterials for "watermarking" authentic copies or even the regulation of 3-D printing materials. Major retailers like Amazon are already offering 3-D print-on-demand products — though right now their selection is mostly limited to novelties like customized bobbleheads and Christmas ornaments shaped like cannabis leaves. Apropos: Smithonian Magazine has an article that makes a good companion piece to this one on the long political history of the copy machine, which raised many of the same issues being rediscovered in the context of 3-D printing.
Government

Homeland Security Urges Lenovo Customers To Remove Superfish 134

Posted by timothy
from the confessed-fully-as-soon-as-we-were-caught-red-handed dept.
HughPickens.com (3830033) writes "Reuters reports that the US Department of Homeland Security has advised Lenovo customers to remove "Superfish" software from their computers. According to an alert released through its National Cyber Awareness System the software makes users vulnerable to SSL spoofing and could allow a remote attacker to read encrypted web browser traffic, spoof websites and perform other attacks on Lenovo PCs with the software installed. Lenovo inititally said it stopped shipping the software because of complaints about features, not a security vulnerability. "We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," the company said in a statement to Reuters early on Thursday. On Friday, Lenovo spokesman Brion Tingler said the company's initial findings were flawed and that it was now advising customers to remove the software and providing instructions for uninstalling "Superfish". "We should have known about this sooner," Tingler said in an email. "And if we could go back, we never would have installed this software on our machines. But we can't, so we are dealing with this head on.""
Government

Crystal Pattern Matching Recovers Obliterated Serial Numbers From Metal 133

Posted by timothy
from the x-still-marks-the-spot dept.
chicksdaddy writes Criminals beware: researchers at the National Institute of Standards and Technology (NIST) have figured out how to recover serial numbers obliterated from metal surfaces such as firearms and automobiles — a common problem in forensic examinations. According to this report, NIST researchers used a technique called electron backscatter diffraction (EBSD) to read, in the crystal structure pattern, imprints on steel that had been removed by polishing. ... The more perfect the crystal structure, the stronger and clearer the pattern. Software can then calculate the pattern quality to reveal crystal damage; areas with more damage produce lower quality patterns. In the NIST experiments, described in Forensic Science International, researchers hammered the letter 'X' into a polished stainless steel plate. The letter stamps were as deep as 140 micrometers, meeting federal regulations for firearm serial numbers. The researchers then polished the metal again to remove all visible traces of the letters, and collected the EBSD diffraction patterns and pattern quality data and analyzed them for evidence of the imprints.
Australia

Australian ISPs To Introduce '3-Strike' Style Anti-piracy Scheme 78

Posted by timothy
from the australian-rules-baseball dept.
angry tapir writes Australian ISPs are considering a draft industry code, developed in response to government threats to step in and do it for them, that will implement a 'three notice' scheme for alleged copyright infringement. If an ISP customer gets three notices in 12 months, a rights holder can go to court to obtain their details and potentially take legal action against them. (The other part of the government's copyright crackdown is the introduction of a scheme to have pirate websites blocked — the government has yet to introduce the legislation for it, however.)
Security

US State Department Can't Get Rid of Email Hackers 86

Posted by Soulskill
from the your-government's-computer-is-broadcasting-an-IP-address dept.
An anonymous reader sends this quote from a Wall Street Journal report: Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn't been able to evict them from the network, say three people familiar with the investigation. Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses. It isn't clear how much data the hackers have taken, the people said. They reaffirmed what the State Department said in November: that the hackers appear to have access only to unclassified email. Still, unclassified material can contain sensitive intelligence.
Government

800,000 Using HealthCare.gov Were Sent Incorrect Tax Data 210

Posted by Soulskill
from the your-tax-dollars-at-work-on-tax-stuff dept.
mpicpp sends this report from the NY Times: About 800,000 taxpayers who enrolled in insurance policies through HealthCare.gov received erroneous tax information from the government, and were urged on Friday to hold off on filing tax returns until the error could be corrected. The Obama administration, under heavy pressure from congressional Democrats, also announced that it would give several million people more time to buy health insurance so they could comply with federal law and avoid tax penalties. The incorrect insurance information is used in computing taxes. Consumers can expect to receive corrected data in the first week of March. With the new data, officials warned, some taxpayers will owe more and some will owe less. Officials said they did not know why the error had occurred.
The Courts

Federal Court: Theft of Medical Records Not an 'Imminent Danger' To Victim 149

Posted by Soulskill
from the physician-secure-thy-networks dept.
chicksdaddy writes: A federal court in Texas ruled last week that a massive data breach at a hospital in that state didn't put patients at imminent risk of identity theft, even when presented with evidence that suggested stolen patient information was being used in attempted fraud and identity theft schemes. According to a post over at Digital Guardian's blog Beverly Peters was one more than 400,000 patients of St. Joseph Hospital whose information was stolen by hackers in an attack that took place between December 16 and 18, 2013.

Peters alleged that her personal information had been exposed in the breach and then disseminated in the public domain, where it was being "misused by unauthorized and unknown third parties." Specifically: Peters reported that, subsequent to the breach at St. Josephs, her Discover credit card was used to make a fraudulent purchase and that hackers had tried to infiltrate her Amazon.com account — posing as her son. Also: telemarketers were using the stolen information. Peters claimed that, after the breach, she was besieged with calls and solicitations for medical products and services companies, with telemarketers asking to speak to her and with specific family members, whose contact information was part of the record stolen from St. Joseph's.

As a result, Peters argued that she faced an "imminent injury" due to "increased risk" of future identity theft and fraud because of the breach at St. Joseph, and wished to sue the hospital for violations of the Fair Credit Reporting Act (FCRA). But the court found otherwise, ruling that Peters lacked standing to bring the case in federal court under Article III of the Constitution.
Businesses

A123 Sues Apple For Poaching Employees 196

Posted by samzenpus
from the don't-take-the-law-into-your-own-hands-you-take-them-to-court dept.
An anonymous reader writes "Electric-car battery maker A123 Systems is suing Apple in federal court for allegedly poaching five employees to help it develop a competing battery business. The suit accuses the workers, including A123's former chief technology officer, of breaking noncompete and nonsolicit agreements. "It appears that Apple, with the assistance of defendant Ijaz, is systematically hiring away A123’s high-tech PhD and engineering employees, thereby effectively shutting down various projects/programs at A123," according to the lawsuit. The news adds some credibility to rumors that Apple is getting into the automotive market. "
United Kingdom

Scotland's Police Lose Data Because of Programmer's Error 108

Posted by samzenpus
from the who's-to-blame dept.
Anne Thwacks writes Assistant Chief Constable Wayne Mawson told the [Scottish Police Authority] committee that a total of 20,086 records had been lost because a computer programmer pressed the wrong button between May and July last year. He added: "....they had been properly put on the system by the officers as a result of stopping and searching people, but we lost the outcome of it as a computer programming error. We have been working really hard to recover that data. I have personally overseen the sending out of several thousand emails to officers and follow-up audits. We have been working hard with HMICS to oversee everything that we do, to make sure it is done properly and I am pleased to say that the vast majority of that data, those results, are now back on the system."
Privacy

When It Comes To Spy Gear, Many Police Ignore Public Records Laws 78

Posted by timothy
from the muck-rocks! dept.
v3rgEz writes What should take precedence: State public records laws, or contractual agreements between local police, the FBI, and the privately owned Harris Corporation? That's the question being played out across the country, as agencies are strongly divided on releasing much information, if any, on how they're using Stingray technology to collect and monitor phone metadata without judicial oversight.
Businesses

Does Open Data Have a Dark Side? 65

Posted by samzenpus
from the the-good-and-the-bad dept.
itwbennett writes A Forbes article last month explored some of the potentially darker sides of open data — from creating a new kind of digital divide to making an argument in favor of privatizing certain government services. But how real are these downsides of open data? The World Wide Web Foundation's Open Data Program Manager Jose Alonso is unconcerned, telling ITworld's Phil Johnson via email that the WWWF "believes there is no substantial evidence yet that the availability of Open Data leads to the marketization of public services or public spending cuts." But Ben Wellington, a professor in the City & Regional Planning program at the Pratt Institute in Brooklyn, New York and author of the popular blog I Quant NY, takes a more cautious stance, acknowledging that there are some real concerns that may call for regulation. But, at least for now, "there's a lot more innovation and positive things coming out than these corner cases," says Wellington.
AT&T

AT&T Patents System To "Fast-Lane" File-Sharing Traffic 112

Posted by samzenpus
from the greased-lightning dept.
An anonymous reader writes Telecom giant AT&T has been awarded a patent for speeding up BitTorrent and other peer-to-peer traffic, and reducing the impact that these transactions have on the speed of its network. Unauthorized file-sharing generates thousands of petabytes of downloads every month, sparking considerable concern among the ISP community due to its detrimental effect on network speeds. AT&T and its Intellectual Property team has targeted the issue in a positive manner, and has appealed for the new patent to create a 'fast lane' for BitTorrent and other file-sharing traffic. As well as developing systems around the caching of local files, the ISP has proposed analyzing BitTorrent traffic to connect high-impact clients to peers who use fewer resources.
Cellphones

How NSA Spies Stole the Keys To the Encryption Castle 192

Posted by timothy
from the thanks-fellas-really-you've-done-enough dept.
Advocatus Diaboli writes with this excerpt from The Intercept's explanation of just how it is the NSA weaseled its way into one important part of our communications: AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world's cellular communications, including both voice and data.
Government

Fedcoin Rising? 127

Posted by timothy
from the insert-quarter dept.
giulioprisco writes US economists are considering a government-sponsored digital currency. On February 3, David Andolfatto, Vice President of the Federal Reserve Bank of St. Louis, wrote a blog post based on a presentation he gave at the International Workshop on P2P Financial Systems 2015 [YouTube video]. The title of the blog post is "Fedcoin: On the Desirability of a Government Cryptocurrency."
Encryption

Darkleaks: an Online Black Market For Selling Secrets 44

Posted by timothy
from the hey-bub-psssst dept.
An anonymous reader writes Whistleblowers and those individuals that are simply out to make a buck out of any confidential and valuable information, can now offer it for sale on Darkleaks, a decentralized, anonymous black market on the Internet. The Darkleaks project is built on top of the Bitcoin blockchain, and can be used by downloading this software package (source code is open).
Displays

Apple Patent Could Have "Broad Ramifications" For VR Headsets 128

Posted by timothy
from the it's-on-your-face dept.
An anonymous reader writes Filed in 2008, published in 2013, and legally granted to Apple this week, the company's patent for a 'Head-mounted display apparatus for retaining a portable electronic device with display' could have "broad ramifications" for mobile VR headsets like Samsung's Gear VR and Google Cardboard, says patent attorney Eric Greenbaum. "This Apple HMD patent is significant. I would say it introduces potential litigation risks for companies that have or are planning to release a mobile device HMD," he said. "There is no duty for Apple to make or sell an HMD. They can sit on this patent and use it strategically either by enforcing it against potential infringers, licensing it, or using it as leverage in forming strategic partnerships."
Privacy

Gadgets That Spy On Us: Way More Than TVs 129

Posted by timothy
from the it-looks-like-you're-writing-a-letter dept.
Presto Vivace writes with a reminder that it's not just Samsung TVslots of other gadgets are spying on you "But Samsung's televisions are far from the only seeing-and-listening devices coming into our lives. If we're going to freak out about a Samsung TV that listens in on our living rooms, we should also be panicking about a number of other emergent gadgets that capture voice and visual data in many of the same ways. .... Samsung's competitor, the LG Smart TV, has basically the same phrase about voice capture in its privacy policy: "Please be aware that if your spoken word includes personal or other sensitive information, such information will be among the Voice Information captured through your use of voice recognition features." It isn't just TVs, Microsoft's xBox Kinect, Amazon Echo, GM's Onstar, Chevrolet's MyLink and PDRs, Google's Waze, and Hello's Sense all have snooping capabilities. Welcome to the world of Stasi Tech.
Privacy

The Disastrous Privacy Consequences of Canada's Anti-Terrorism Bill 116

Posted by timothy
from the sir-he's-hiding-in-the-syrup dept.
An anonymous reader writes "Canada's proposed anti-terrorism legislation is currently being debated in the House of Commons, with the government already serving notice that it plans to limit debate. Michael Geist argues that decision has enormous privacy consequences, since the bill effectively creates a "total information awareness" approach that represents a radical shift away from our traditional understanding of public sector privacy protection. The bill permits information sharing across government for an incredibly wide range of purposes, most of which have nothing to do with terrorism and opens the door to further disclosure "to any person, for any purpose." The cumulative effect is to grant government near-total power to share information for purposes that extend far beyond terrorism with few safeguards or privacy protections."
Security

Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers 246

Posted by timothy
from the hey-man-you're-s'posed-to-join-the-nsa-first dept.
An anonymous reader writes It looks like Lenovo has been installing adware onto new consumer computers from the company that activates when taken out of the box for the first time. The adware, named Superfish, is reportedly installed on a number of Lenovo's consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user's permission. Another anonymous reader points to this Techspot article, noting that that it doesn't mention the SSL aspect, but this Lenovo Forum Post, with screen caps, is indicating it may be a man-in-the-middle attack to hijack an SSL connection too. It's too early to tell if this is a hoax or not, but there are multiple forum posts about the Superfish bug being installed on new systems. Another good reason to have your own fresh install disk, and to just drop the drivers onto a USB stick. Also at ZDnet.
Encryption

Samsung Smart TVs Don't Encrypt the Voice Data They Collect 153

Posted by samzenpus
from the even-worse dept.
itwbennett writes A week ago, the revelation that Samsung collects words spoken by consumers when they use the voice recognition feature in their smart TVs enraged privacy advocates, since according to Samsung's own privacy policy those words can in some cases include personal or sensitive information. Following the incident, David Lodge, a researcher with a U.K.-based security firm called Pen Test Partners, intercepted and analyzed the Internet traffic generated by a Samsung smart TV and found that Samsung does send captured voice data to a remote server using a connection on port 443, a port typically associated with encrypted HTTPS, but that the data was not encrypted. "It's not even HTTP data, it's a mix of XML and some custom binary data packet," said Lodge in a blog post.