A user writes: "One question arose almost immediately upon the exposure of Heartbleed, the now-infamous OpenSSL exploit that can leak confidential information and even private keys to the Internet: Did the NSA know about it, and did they exploit if so? The answer, according to Bloomberg, is 'Yes.' 'The agency found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency's toolkit for stealing account passwords and other common tasks.'" The NSA has denied this report. Nobody will believe them, but it's still a good idea to take it with a grain of salt until actual evidence is provided. CloudFlare did some testing and found it extremely difficult to extract private SSL keys. In fact, they weren't able to do it, though they stop short of claiming it's impossible. Dan Kaminsky has a post explaining the circumstances that led to Heartbleed, and today's xkcd has the "for dummies" depiction of how it works. Reader Goonie argues that the whole situation was a failure of risk analysis by the OpenSSL developers.

hackingbear writes: "Qin Zhihui, a user of the Chinese Twitter-like website Weibo, has confessed in court to spreading false rumors about the Chinese government in the first public trial under a Chinese crackdown on online rumors. China has threatened criminal penalties against anyone who spreads rumors on microblogs that are reposted more than 500 times, or seen by more than 5,000 users. Qin invented a story that the government gave 200m yuan (US$32m) in compensation to the family of a foreign passenger killed in a high-speed train crash in 2011 in order to incite hatred to the government which gave much lower compensation to Chinese nationals. The Chinese government did have policies in the past to give more compensations to foreigners than locals in disasters, though those policies have been phased out in recent years. Online rumours are particularly pervasive in China, where traditional media is heavily regulated by the government and public trust in the media is low."

An anonymous reader writes "A few years back, Andrew 'weev' Auernheimer went public with a security vulnerability that made the personal information of 140,000 iPad owners available on AT&T's website. He was later sentenced to 41 months in prison for violating the Computer Fraud and Abuse Act (or because the government didn't understand his actions, depending on your viewpoint). Now, the Third U.S. District Court of Appeals has vacated weev's conviction. Oddly, the reason for the ruling was not based on the merits of the case, but on the venue in which he was tried (PDF). From the ruling: 'Although this appeal raises a number of complex and novel issues that are of great public importance in our increasingly interconnected age, we find it necessary to reach only one that has been fundamental since our country's founding: venue. The proper place of colonial trials was so important to the founding generation that it was listed as a grievance in the Declaration of Independence.'"

New submitter TchrBabe writes: "NYC is now considering equipping its Health Department inspectors with Google Glass to provide a record of restaurant inspections. 'A yearlong pilot program would require 10 percent of the 160 health inspectors to wear video devices — including, possibly, the much-maligned Google goggles — under legislation to be proposed Thursday. "I think it would limit the abuses on both sides of the table, and it would allow for a more objective view by the judge on the violations that have been cited," said bill sponsor Vincent Ignizio.'"

An anonymous reader writes "Earlier this week, the government introduced the Digital Privacy Act (Bill S-4), the latest attempt to update Canada's private sector privacy law. Michael Geist reports that the bill includes a provision that could massively expand warrantless disclosure of personal information. Organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. Moreover, the disclosure occurs in secret without the knowledge of the affected person (who therefore cannot challenge the disclosure since they are not aware it is happening). Consider it a gift to copyright trolls, who won't need the courts to obtain information on thousands of Internet users."

ananyo (2519492) writes "A new UN report (link to data) details comprehensive country-by-country murder rates. Safest is Singapore, with just one killing per 480,000 people in 2012. In the world's most violent country, Honduras, a man has a 1 in 9 chance of being murdered during his lifetime. The Economist includes an intriguing 'print only interactive' (see the PDF) and has some tongue-in-cheek tips on how to avoid being slain: 'First, don't live in the Americas or Africa, where murder rates (one in 6,100 and one in 8,000 respectively) are more than four times as high as the rest of the world. Next, be a woman. Your chance of being murdered will be barely a quarter what it would be were you a man. In fact, steer clear of men altogether: nearly half of all female murder-victims are killed by their partner or another (usually male) family member. But note that the gender imbalance is less pronounced in the rich world, probably because there is less banditry, a mainly male pursuit. In Japan and South Korea slightly over half of all murder victims are female. Then, sit back and grow older. From the age of 30 onwards, murder rates fall steadily in most places.'"

curtwoodward (2147628) writes "Entrepreneurs in Massachusetts say the state's legal enforcement of non-competition agreements hurts innovation — if you're going to get sued by Big Company X, you're probably not going to leave for a startup in the same industry. But those contracts have powerful supporters, including EMC, which is by far the state's largest tech company. Gov. Deval Patrick is finally picking a side in the debate by introducing his own bill to outlaw non-competes and adopt trade-secrets protections instead. Just one catch: he's a lame duck, and will be out of office in January."

First time accepted submitter AllTheTinfoilHats (3612007) writes "A security flaw in Google Chrome allows any website you visit with the browser to listen in on nearby conversations. It doesn't allow sites to access your microphone's audio, but provides them with a transcript of the browser's speech-to-text transcriptions of anything in range. It was found by a programmer in Israel, who says Google issued a low-priority label to the bug when he reported it, until he wrote about it on his blog and the post started picking up steam on social media. The website has to keep you clicking for eight seconds to keep the microphone on, and Google says it has no timeline for a fix." However, as discoverer Guy Aharonovsky is quoted, "It seems like they started to look for a way to quickly mitigate this flaw."

An anonymous reader writes "I recently posted this article with a few vizualizations and a bit of analysis about the risks associated with open data sets. Thought it might be of interest of Slashdot readers: 'This article is about a publicly available dataset of bicycle journey data that contains enough information to track the movements of individual cyclists across London, for a six month period just over a year ago.'"

Condoleezza Rice, Secretary of State under George W. Bush, and defender of Bush-era (and onward) policies about surveillance by wiretapping and other means, has landed at an interesting place: she's just become a part of the small board at Dropbox. TechDirt calls the appointment "tone deaf," and writes "At a time when people around the globe are increasingly worried about American tech firms having too close a connection to the intelligence community, a move like this seems like a huge public relations disaster. While Rice may be perfectly qualified to hold the role and to help Dropbox with the issues it needs help with, it's hard not to believe that there would be others with less baggage who could handle the job just as well." Some people are doing more than looking for an alternative for themselves, too, as a result.

An anonymous reader writes "When the Obama administration announced on April 1 that an estimated 7.1 million had signed up for ObamaCare by the end of March, it seemed a nearly impossible achievement. To reach 7.1 million, sign-ups had to rocket up by 67% in just one month. That's astounding enough, but an IBD review of existing ObamaCare enrollment data shows that the mathematical challenge of reaching 7.1 million sign-ups was even tougher."

itwbennett (1594911) writes "When Jose Vildoza's father became the victim of ransomware, he launched his own investigation. Diving into CryptoDefense's code, he found its developers had made a crucial mistake: CryptoDefense used Microsoft's Data Protection API (application programming interface), a tool in the Windows operating system to encrypt a user's data, which stored a copy of the encryption keys on the affected computer. Vildoza and researcher Fabian Wosar of the Austrian security company Emsisoft collaborated on a utility called the Emsisoft Decrypter that could recover the encrypted keys. In mid-March Vildoza had launched a blog chronicling his investigation, purposely not revealing the mistake CryptoDefense's authors had made. But Symantec then published a blog post on March 31 detailing the error."

alphadogg (971356) writes "Canada Revenue Agency has halted online filing of tax returns by the country's citizens following the disclosure of the Heartbleed security vulnerability that rocked the Internet this week. The country's Minister of National Revenue wrote in a Twitter message on Wednesday that interest and penalties will not be applied to those filing 2013 tax returns after April 30, the last date for filing the returns, for a period equal to the length of the service disruption. The agency has suspended public access to its online services as a preventive measure to protect the information it holds, while it investigates the potential impact on tax payer information, it said."

First time accepted submitter CP (1315157) writes "Hewlett-Packard has admitted to [bribery and money laundering] in order to profiteer off of lucrative government contracts in Russia, Poland, and Mexico, according to court documents. HP's guilty plea carries with it a $108 million penalty — a combination of SEC penalties, as well as criminal fines and forfeitures paid out to the Department of Justice. Thus far no criminal charges have been brought against American HP executives. The multi-agency investigation, which was conducted by multi-national law enforcement partners, the FBI, IRS, and SEC, has revealed kleptocracies in the three foreign governments and corruption and dishonesty among HP corporate fat cats."

An anonymous reader sends in a report from Wired that GoGo, a company the provides in-flight Wi-Fi access to airline passengers, seems to be making every effort to assist law enforcement agencies with wiretaps. From the article: "Gogo and others that provide Wi-Fi aboard aircraft must follow the same wiretap provisions that require telecoms and terrestrial ISPs to assist U.S. law enforcement and the NSA in tracking users when so ordered. But they may be doing more than the law requires. According to a letter (PDF) Gogo submitted to the Federal Communications Commission, the company voluntarily exceeded the requirements of the Communications Assistance for Law Enforcement Act, or CALEA, by adding capabilities to its service at the request of law enforcement. The revelation alarms civil liberties groups, which say companies should not be cutting deals with the government that may enhance the ability to monitor or track users."

An anonymous reader writes "An internal audit conducted by the Los Angeles Police Department (LAPD) in March revealed that 'dozens of the [voice] transmitters worn by officers in Southeast Division were missing or damaged.' In the summer of 2013, this same division was found to have mysteriously lost 45% of the antennae placed on their cars to pick up the signals sent by their voice transmitters. The Southeast Division of the LAPD covers an area that has 'historically been marred by mistrust and claims of officer abuse.' For decades, the LAPD had been closely monitored by the U.S. Department of Justice, but a federal judge in 2013 decided to end that practice after being assured by the LAPD and city officials that the LAPD sufficiently monitors itself via dash-cams and voice transmitters. A formal investigation is currently being conducted to determine whether or not police officers intentionally subverted mandatory efforts to monitor and record their patrols."

Hugh Pickens DOT Com writes: "The Guardian reports that according to Edward Snowden, the NSA has spied on the staff of prominent human rights organizations like Amnesty International and Human Rights Watch. 'The NSA has specifically targeted either leaders or staff members in a number of civil and non-governmental organizations including domestically within the borders of the United States.' Snowden, addressing the Council of Europe in Strasbourg, said he did not believe the NSA was engaged in 'nightmare scenarios,' such as the active compilation of a list of homosexuals 'to round them up and send them into camps.' But he did say that the infrastructure allowing this to happen had been built.

Snowden made clear that he believed in legitimate intelligence operations but said the NSA should abandon its electronic surveillance of entire civilian populations. Instead, Snowden said, it should go back to the traditional model of eavesdropping against specific targets, such as 'North Korea, terrorists, cyber-actors, or anyone else.' Snowden also urged members of the Council of Europe to encrypt their personal communications and said that encryption, used properly, could still withstand 'brute force attacks' from powerful spy agencies and others. 'Properly implemented algorithms backed up by truly random keys of significant length all require more energy to decrypt than exists in the universe.'"

itwbennett writes: "On Tuesday, China's Ministry of Commerce gave conditional regulatory approval to Microsoft's purchase of Nokia's Devices & Services business. The $7.2 billion deal means that Microsoft could very soon produce its own smartphones using the Windows Phone operating system. In return, China is requiring Microsoft and Nokia to make promises on fair patent use, fearing that the proposed acquisition between the two companies could spell trouble for the nation's Android device makers."

theodp (442580) writes "While the rise and fall of Brendan Eich at Mozilla sparked a debate over how to properly strike a balance between an employee's political free speech and his employer's desire to communicate a particular corporate 'culture,' notes Brian Van Vleck at the California Workforce Resource Blog, the California Labor Code has already resolved this debate. 'Under California law,' Van Vleck explains, 'it is blatantly illegal to fire an employee because he has donated money to a political campaign. This rule is clearly set forth in Labor Code sections 1101-1102.' Section 1102 begins, 'No employer shall coerce or influence or attempt to coerce or influence his employees through or by means of threat of discharge or loss of employment to adopt or follow or refrain from adopting or following any particular course or line of political action or political activity.' Corporate Counsel's Marlisse Silver Sweeney adds, 'Mozilla is adamant that the board did not force Eich to resign, and asked him to stay on in another role. It also says that although some employees tweeted for his resignation, support for his leadership was expressed by a larger group of employees. And this is all a good thing for the company from a legal standpoint.' As Eich stepped down, Re/code reported that Mozilla Executive Chairwoman Mitchell Baker said Eich's ability to lead the company had been badly damaged by the continued scrutiny over the hot-button issue. 'It's clear that Brendan cannot lead Mozilla in this setting,' Baker was quoted as saying. 'I think there has been pressure from all sides, of course, but this is Brendan's decision. Given the circumstances, this is not surprising.' Van Vleck offers these closing words of advice, 'To the extent employers want to follow in Mozilla's footsteps by policing their employees' politics in the interests of 'culture,' 'inclusiveness,' or corporate branding, they should be aware that their efforts will violate California law.'"

An anonymous reader writes "The National Institutes of Health, the top funder of biomedical research in the U.S., has closed a program designed to bring induced pluripotent stem cells (iPS cells) from the lab to the clinic. It has made no public mention of the closure, but the website has been deleted and Nature News reports that the center director, Mahendra Rao, resigned his post in frustration after the program allocated funds to only one clinical trial in its last round of funding."