Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Carnegie Mellon Denies FBI Paid For Tor-Breaking Research ( 79

New submitter webdesignerdudes writes with news that Carnegie Mellon University now implies it may have been subpoenaed to give up its anonymity-stripping technique, and that it was not paid $1 million by the FBI for doing so. Wired reports: "In a terse statement Wednesday, Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder. But it instead implied that the research may have been accessed by law enforcement through the use of a subpoena. 'In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed,' the statement reads. 'The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.'"
The Courts

Taxi Owners Sue NYC Over Uber, While Court Overrules Class-Action Appeal ( 210

An anonymous reader writes: Taxi owners in New York have filed a lawsuit against cab-hailing app giant Uber, citing damaged revenues and a hefty fall in value of NYC's 'medallion' business. The case against the city and its Taxi and Limousine Commission claims that the regulators have unfairly permitted Uber to steal away business from the regulated cab industry. Getting away without regulation has enabled Uber drivers to compete directly, and drown out official taxi companies. A further lawsuit case hovering over Uber this week, is its request to immediately appeal an order approving class certification filed by its own drivers. The appeal was denied by a U.S. court yesterday.
The Courts

Facebook Can Block Content Without Explanation, Says US Court ( 147

An anonymous reader writes: A U.S. court has ruled that Facebook can block any content posted to its site without explanation, after a Sikh group legally challenged the company for taking its page offline. U.S. Northern District of California Judge Lucy Koh ruled that the U.S. based rights group's encouragement of religious discrimination is illegal under the Communications Decency Act, which protects 'interactive computer services' providers by preventing courts from treating them as the publishers of the speech created by their users.

How Cisco Is Trying To Prove It Can Keep NSA Spies Out of Its Gear ( 130

itwbennett writes: A now infamous photo [leaked by Edward Snowden] showed NSA employees around a box labeled Cisco during a so-called 'interdiction' operation, one of the spy agency's most productive programs,' writes Jeremy Kirk. 'Once that genie is out of the bottle, it's a hell of job to put it back in,' said Steve Durbin, managing director of the Information Security Forum in London. Yet that's just what Cisco is trying to do, and early next year, the company plans to open a facility in the Research Triangle Park in North Carolina where customers can test and inspect source code in a secure environment. But, considering that a Cisco router might have 30 million lines of code, proving a product hasn't been tampered with by spy agencies is like trying 'to prove the non-existence of god,' says Joe Skorupa, a networking and communications analyst with Gartner.
The Internet

US Rep. Joe Barton Has a Plan To Stop Terrorists: Shut Down Websites ( 275

Earthquake Retrofit writes: In an FCC oversight hearing, U.S. Representative Joe Barton (R-TX) asked Chairman Tom Wheeler if it's possible to shut down websites used by ISIS and other terrorist groups. He said, "Isn't there something we can do under existing law to shut those Internet sites down, and I know they pop up like weeds, but once they do pop up, shut them down and then turn those Internet addresses over to the appropriate law enforcement agencies to try to track them down? I would think that even in an open society, when there is a clear threat, they've declared war against us, our way of life, they've threatened to attack this very city our capital is in, that we could do something about the Internet and social media side of the equation." Wheeler pointed out that the legal definition of "lawful intercept" did not support such actions, but added that Congress could expand the law to validate the concept. Meanwhile, the Senate Intelligence Committee is exploring the idea of using the recent terror attacks in France as ammunition to force tech companies away from end-to-end encryption. "Lawmakers said it was time to intensify discussions over what technology companies such as Apple and Google could do to help unscramble key information on devices such as iPhones and apps like WhatsApp, where suspected terrorists have communicated."
The Courts

Terrorism Case Challenges FISA Spying ( 108

An anonymous reader writes: As we've come to terms with revelations of U.S. surveillance over the past couple years, we've started to see lawsuits spring up challenging the constitutionality of the spying. Unfortunately, it's slow; one of the difficulties is that it's hard to gain standing in court if you haven't been demonstrably harmed. A case before the 9th Circuit Appeals Court is now testing the Foreign Intelligence and Surveillance Act in a big way, and whatever the outcome, it's likely to head to the Supreme Court. The case itself is long and complicated; it centers on a teenager who joined a plot to detonate a huge bomb in Portland, Oregon in 2010, but his co-conspirators turned out to be undercover FBI agents.

The case history is worth a read, and raises questions about entrapment and impressionable kids. However, the issue now being argued in court is simpler: the defendant was a U.S. citizen, and the FBI used FISA powers to access his communications without a warrant. Crucially, they failed to notify the defendant of this before trial — something they're legally required to do. This gives him and his lawyers standing to challenge the constitutionality of the law in the first place. It's a difficult puzzle, with no clear answer, but oral arguments could begin as soon as January for one of the most significant cases yet to challenge the U.S. government's surveillance of its own citizens.


DoJ Going After Makers of Dietary Supplement ( 161

schwit1 writes: Several federal agencies, including the U.S. Department of Justice, have announced criminal and civil actions related to unlawful advertising and sale of dietary supplements. "Six executives with USPlabs LLC and a related company, S.K. Laboratories, face criminal charges related to the sale of unlawful dietary supplements. Four were arrested on Tuesday and two are expected to surrender, the Justice department said. The indictment says that USPlabs used a synthetic stimulant manufactured in China to make Jack3d and OxyElite Pro but told retailers that the supplements were made from plant extracts." The FTC is working on this as well, and their press release has more details. The DoJ's case involves "more than 100 makers and marketers" of these supplements. It's about time.

NYT Quietly Pulls Article Blaming Encryption In Paris Attacks 259 writes: Inside Sources reports that the NY Times has quietly pulled a story from its website alleging the attackers used encrypted technology. The original piece, which has since been removed, can be found on the Internet Archive. It stated, "The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly. It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption."

A link to the NY Times article now redirects readers to a separate, general article on the attacks, which does not contain the word "encrypt." The Times later posted a second article citing an anonymous "European counterterrorism official" who was quoted saying authorities' "working assumption is that these guys were very security aware," but clarified officials "offered no evidence."

Snowden Says It's Your Duty To Use an Ad Blocker (for Security) 342

AmiMoJo writes: In a long interview about reclaiming your privacy online, ex-NSA whistleblower Edward Snowden states that it's not just a good idea to use ad blocking software, it's your duty: "Everybody should be running adblock software, if only from a safety perspective. We've seen internet providers like Comcast, AT&T, or whoever it is, insert their own ads into your plaintext http connections. As long as service providers are serving ads with active content that require the use of JavaScript to display, that have some kind of active content like Flash embedded in it, anything that can be a vector for attack in your web browser — you should be actively trying to block these. Because if the service provider is not working to protect the sanctity of the relationship between reader and publisher, you have not just a right but a duty to take every effort to protect yourself in response." Other recommendations include encrypting your hard drive and using Tor to keep your internet use private.
United Kingdom

UK PM Wants To Speed Up Controversial Internet Bill After Paris Attacks ( 167

An anonymous reader writes: Less than three days after the attacks in Paris, UK prime minister David Cameron has suggested that the process of review for the controversial Draft Investigatory Powers Bill should be accelerated. The controversial proposal, which would require British ISPs to retain a subset of a user's internet history for a year and in effect outlaw zero-knowledge encryption in the UK, was intended for parliamentary review and ratification by the end of 2016, but at the weekend ex-terrorist watchdog Lord Carlile was in the vanguard of demands to speed the bill into law by the end of this year, implicitly criticizing ex-NSA whistleblower Edward Snowden for having 'shown terrorists ways to hide their electronic footprints'.
The Internet

After Paris, ISIS Moves Propaganda Machine To Darknet ( 184

itwbennett writes: Over the weekend, researcher Scot Terban came across the new website of Al-Hayat Media Center, the media division of Daesh (aka ISIS/ISIL), in a post on Shamikh forum (a known jihadi bulletin board), 'someone had posted the new address and instructions for reaching it,' writes CSO's Steve Ragan. The website hosts the usual anti-Western iconography, as well as songs (Nasheeds) and poems for mujahids in various locations. Terban has mirrored the website and its files; he says he plans to publish more details in the coming days. 'Over the years, there have been several claims made that Daesh had propaganda and recruitment hubs on the Darknet, but no one has ever published proof of those claims or explored how the propaganda machine operates in public,' says Ragan.

ISP To Court: BitTorrent Usage Doesn't Equal Piracy ( 175

An anonymous reader writes: The music industry has long argued that evidence of BitTorrent is evidence of piracy, and ISPs have generally gone along with them. But now, ISP Cox Communications is pushing back against that claim. They have been sued by publishers for failing to halt service for users alleged to have pirated music. Not only has Cox argued that the piracy evidence is invalid, they're also contesting the idea that BitTorrent is only used for piracy (PDF). "Instead of generalizing BitTorrent traffic as copyright infringement, the music companies should offer direct proof that Cox subscribers pirated their work. Any other allegations are inappropriate and misleading according to Cox." The company says, "the Court should preclude Plaintiffs from relying on mere innuendo that BitTorrent inherently allows individuals to infringe Plaintiffs' copyrights."
The Military

Anonymous Vows Revenge For ISIS Paris Attacks 488

An anonymous reader writes: As usual, Anonymous members are quicker to respond to threats than investigators and have announced #OpParis as revenge for the Paris attacks. Their action is similar to #OpISIS from this spring, launched after the Charlie Hebdo attacks. Previously Anonymous ousted thousands of ISIS Twitter accounts in #OpISIS. In a more conventional response, the government of France has been bombarding ISIS positions in Syria with airstrikes, and hunting for suspect Salah Abdeslam in connection with Friday's killings.
United States

Spaghetti Strainer Helmet Driver's License Photo Approved On Religious Grounds ( 518

PolygamousRanchKid writes with the news (widely reported, here an excerpt from the story as carried by Immortal News) that [i]n the Massachusetts city of Lowell, a woman identifying herself as a follower of the Church of the Flying Spaghetti Monster (FSM), otherwise known as Pastafarianism, has been approved by the state's Registry of Motor Vehicles (RMV) to wear a spaghetti strainer on top of her head in her state issued driver's ID. The approval to wear the helmet was initially denied. However, citing religious grounds, Lowell resident Lindsay Miller filed an appeal. Following intervention by the American Humanist Association's Appignani Humanist Legal Center, the RMV reversed their decision and allowed her to put on her colander and get her driver's license picture taken. According to the church's website, while there are those who perceive the religion to be satirical in nature, it "doesn't change the fact that by any standard one can come up with" the Church of the Flying Spaghetti Monster is "as legitimate as any other" religion. Asks PolygamousRanchKid: "Now what about my tinfoil hat . . . ?"

FCC Clarifies: It's Legal To Hack Your Router ( 85

Mark Wilson writes with an update to an earlier report that the wording of new FCC regulations could mean that it would be illegal to modfiy the software running on wireless routers by installing alternative firmwares. Instead, The commission has now acknowledged that there was more than a little confusion from people who believed that manufacturers would be encouraged to prevent router modifications. The FCC wants to make it clear that most router hacking is fine and will remain fine. With a few exceptions, that is. In a blog post entitled Clearing the Air on Wi-Fi Software Updates, Julius Knapp from the FCC tries to clear up any misunderstandings that may exist.

Police Body Cameras Come With Pre-Installed Malware 100

An anonymous reader writes: The old Conficker worm was found on new police body cameras that were taken out of the box by security researchers from iPower Technologies. The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products. This allows the worm to spread, and propagate to computers when connected to an unprotected workstation. One police computer is enough to allow attackers to steal government data. The source of the infection is yet unknown. It is highly unlikely that the manufacturer would do this. Middleman involved in the shipping are probably the cause.

Belgian Home Affairs Minister: Terrorists Communicate Via PlayStation 4 ( 202

bricko writes with story at Quartz reporting the words of Belgium's home affairs minister Jan Jambon, who says that ISIL operators communicate using their PlayStation 4s; "which allows terrorists to communicate with each other and is difficult for the authorities to monitor. 'PlayStation 4 is even more difficult to keep track of than WhatsApp,' he said. The gaming console also was implicated in ISIL's plans back in June, when an Austrian teen was arrested for downloading bomb plans to his PS4." This seems a strange place to concentrate investigators' energies; terrrorists could be communicating in the chat session on the side of many social media games, too, or by any number of other means; Jambon would do well to read through some of the movie plotlines that Bruce Schneier has gathered.

Brazilian Army Gets Hacked After Allegations of Cheating In Security Cyber-Games 34

An anonymous reader writes: Anonymous hackers breached the servers of the Brazilian Army, and later leaked the personal details of around 7,000 officers. The incident seems to stem from CTF games where security teams try to hack each other. Apparently the Brazilian Army team used forbidden tactics to win its games, and the hackers responded by doxxing some of their officers. A snippet: According to the hackers' statement, the Brazilian Army team used a forbidden technique to win their CTF matches in a local CTF tournament. The technique they used is WiFi deauth, a simplistic attack that jams WiFi traffic, incapacitating the other team. The hackers also seemed upset at the fact that the Brazilian army was bragging about their accomplishments, being particularly angry at the usage of the word "elite."

Islamic State Claims Responsibility for Paris Attacks; Death Toll At 127 728

The L.A. Times reports that Islamic State, the group variously known as ISIL, ISIS, and Daesh, has claimed responsibility for the multi-pronged terror attack yesterday in Paris which left at least 128 people dead, most of them from among the audience of a rock concert at the Bataclan theater, in the heart of the city. Details of how Friday’s assaults were carried out remained hazy. It was still unclear, for example, whether the restaurants and concert theater were attacked by two separate teams of militants or one group that went from one place to another. ... Attackers opened fire on the crowd with automatic weapons, shouting “God is great!” or blaming France for airstrikes on Islamic State in Syria, according to some reports. Dozens of concert-goers were killed before French forces stormed the theater. Many Parisians posted appeals and photos on social media asking for news of friends or loved ones whom they had not heard from since the attacks. One man said on Twitter that a government hotline set up to inquire about missing persons was so overloaded that calls could not get through. In the wake of the attacks and with an overloaded public infrastructure, Facebook activated its post-disaster check-in tool for Parisians to notify loved ones that they are safe. According to Reuters, French President Francois Hollande has vowed to undertake a "mercliess" response to the attacks.

Ad Networks Using Inaudible Sound To Link Phones, Tablets and Other Devices ( 223

ourlovecanlastforeve writes with a link to Ars Technica's report of a new way for ads to narrow in on their target: high-pitched sounds that can make ad tracking cross devices and contexts. From the article: The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.