Communications

NSA-Reform Bill Fails In US Senate 23

Posted by timothy
from the couldn't-have-happened-to-a-nicer-bill dept.
New submitter Steven King writes with a link to The Daily Dot's report that the U.S. Senate has rejected a controversial bill, thus "all but guaranteeing that key provisions of the USA Patriot Act will expire"; had it passed, the bill would have allowed continued use of some mass data-collection practices, but with the addition of stronger oversight. From the article: The Senate failed to reach agreement on passage of the USA Freedom Act, a bill to reauthorize and reform Section 215 of the USA Patriot Act, which the government has used to conduct bulk surveillance of Americans' phone records. The House of Representatives passed the bill last week by an overwhelming bipartisan majority, but Senate Democrats, who unified behind the bill, did not get enough Republican votes to assure passage. The linked piece also mentions that the EFF shifted its position on this bill, after a panel of Federal judges ruled that the Feds at the NSA had overstepped their bounds in collecting a seemingly unlimited trove of metadata relating to American citizen's phone calls.
Earth

California Votes To Ban Microbeads 158

Posted by timothy
from the stock-up-now-on-crest dept.
New submitter Kristine Lofgren writes: The California Assembly just passed a vote to ban toxic microbeads, the tiny flecks found in toothpastes and exfoliants. Microbeads cause a range of problems, from clogging waterways to getting stuck in gums. The ban would be the strictest of its kind in the nation. As the article notes, the California Senate would need to pass a bill as well, for this ban to take effect, and if that happens, the resulting prohibition will come into place in 2020. From the article: Last year, Illinois became the first state in the U.S. to pass a ban on the usage of microbeads in cosmetics, approving a law that will go into effect in 2018, and earlier this year two congressmen introduced a bipartisan bill to outlaw the use of microbeads nationwide. And for exceptionally good reason; the beads, which serve as exfoliants and colorants are a massive source of water pollution, with scientists estimating that 471 million plastic microbeads are released into San Francisco Bay alone every single day.
The Media

WSJ Crowdsources Investigation of Hillary Clinton Emails 161

Posted by timothy
from the tag-this-story-recursive dept.
PvtVoid writes: The Wall Street Journal now has a page up that encourages readers to sift through and tag Hillary Clinton's emails on Benghazi. Users can click on suggested tags such as "Heated", "Personal", "Boring", or "Interesting", or supply their own tags. What could possibly go wrong? I'm tagging this story "election2016."
Crime

'Prisonized' Neighborhoods Make Recidivism More Likely 121

Posted by Soulskill
from the won't-you-be-my-neighbor dept.
sciencehabit writes: One of the most important questions relating to incarceration and rehabilitation is how to discourage recidivism. After a prison stint, about half of convicts wind up back in the slammer within three years. But sociologist David Kirk noticed a pattern: convicts who moved away from their old neighborhood when released from prison had a much smaller recidivism rate. Kirk found that the concentration of former prisoners in a neighborhood had a dramatic effect on the likelihood of committing another offense (abstract). "So if an ex-con’s average chance of returning to prison after just 1 year was 22%—as it was in 2006—an additional new parolee in the neighborhood boosted that chance to nearly 25%. The numbers climb for each new parolee added. In some of the most affected neighborhoods—where five of every thousand residents were recent parolees—nearly 35% were back behind bars within a year of getting out." The rates stayed consistent even when controlling for chronic poverty and other neighborhood characteristics.
Government

The Body Cam Hacker Who Schooled the Police 140

Posted by Soulskill
from the watching-the-watchers dept.
New submitter Cuillere writes: In the fall of 2014, a hacker demanded the Seattle Police Department release all of their body and dash cam video footage, prompting chaos within the institution. Although it was a legal request per Washington state's disclosure laws, Seattle's PD wasn't prepared to handle the repercussions of divulging such sensitive material — and so much of it. The request involved 360 TB of data spread across 1.6 million recordings over 6 years. All recordings had to be manually reviewed and redacted to cut out "children, medical or mental health incidents, confidential informants, or victims or bystanders who did not want to be recorded," so fulfilling the request was simply not within the department's capabilities. Thus, they took a different strategy: they hired the hacker and put him to work on developing an automated redaction system. "Their vision is of an officer simply docking her body cam at the end of a shift. The footage would then be automatically uploaded to storage, either locally or in the cloud, over-redacted for privacy and posted online for everyone to see within a day."
Android

Factory Reset On Millions of Android Devices Doesn't Wipe Storage 90

Posted by samzenpus
from the stucking-around dept.
Bismillah writes: Ross Anderson and Laurent Simon of Cambridge University studied a range of Android devices and found that even though a "factory reset" is supposed to fully wipe storage, it often doesn't. Interestingly enough, full-device encryption could be compromised by the incomplete wiping too. ITnews reports: "The researchers estimated that 500 million Android devices may not fully wipe device disk partitions. As many as 630 million phones may not wipe internal SD cards. Five 'critical failures' were outlined in the researchers' Security Analysis of Android Factory Resets paper.
Google

NSA Planned To Hijack Google App Store To Hack Smartphones 87

Posted by samzenpus
from the all-the-better-to-see-you-with dept.
Advocatus Diaboli writes: A newly released top secret document reveals that the NSA planned to hijack Google and Samsung app stores to plant spying software on smartphones. The report on the surveillance project, dubbed "IRRITANT HORN," shows the U.S. and its "Five Eyes" alliance: Canada, the United Kingdom, New Zealand and Australia, were looking at ways to hack smartphones and spy on users. According to The Intercept: "The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012."
Biotech

DNA On Pizza Crust Leads To Quadruple Murder Suspect 175

Posted by samzenpus
from the taking-a-bite-out-of-crime dept.
HughPickens.com writes: In a case straight out of CSI, CNN reports that police are searching for the man suspected in the gruesome slayings of the Savopoulos family and their housekeeper, after his DNA was purportedly found on a pizza crust at the scene of the quadruple murders. They discovered his DNA on the crust of a Domino's pizza — one of two delivered to the Savopoulos home May 14 as the family was held hostage inside — a source familiar with the investigation said. The pizza apparently was paid for with cash left in an envelope on the porch. The next morning, Savvas Savopoulos's personal assistant dropped off a package containing $40,000 in cash at the home, according to the officials and police documents.

The bodies of Savopoulos, along with his wife, Amy, their 10-year-old son Philip and the family's housekeeper, Veralicia Figueroa, were discovered the afternoon of May 14 after firefighters responded to reports of a fire. D.C. Police Chief Cathy Lanier says the killings are likely not a random crime and police have issued an arrest warrant for the 34-year-old Daron Dylon Wint, who is described as 5'7 and 155 lbs and might also go by the name "Steffon." Wint apparently used to work at American Iron Works, where Savvas Savopoulos was CEO and president. The neighborhood is home to numerous embassies and diplomatic mansions as well as the official residence of Vice President Joe Biden and his wife. "Right now you have just about every law enforcement officer across the country aware of his open warrant and are looking for him," says Lanier. "I think even his family has made pleas for him to turn himself in."
United States

What Was the Effect of Rand Paul's 10-Hour "Filibuster"? 345

Posted by samzenpus
from the lets-keep-talking dept.
An anonymous reader writes: Sen. Rand Paul held up a vote on the Fast Track Authority for an eleven hour dissertation on the flaws of: the Patriot Act, the replacement the USA Freedom Act, bulk data collection including credit card purchases, the DEA and IRS's use of NSA intel. for "parallel construction", warrant-less GPS bugs on vehicles, as well as the important distinction of a general warrant versus a specific one. "There is a general veil of suspicion that is placed on every American now. Every American is somehow said to be under suspicion because we are collecting the records of every American," Paul said. The questions is what did the "filibuster" really accomplish? The speeches caused a delay in Senate business but it's unclear what larger effect, if any, that will have.
Businesses

Security Researchers Wary of Wassenaar Rules 34

Posted by samzenpus
from the rules-of-the-game dept.
msm1267 writes: The Commerce Department's Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement, and computer security specialists are wary of its language and vagaries. For starters, its definition of "intrusion software" that originally was meant to stem the effect of spying software such as FinFisher and Hacking Team, has also apparently snared many penetration testing tools. Also, despite the Commerce Department's insistence that vulnerability research does not fall under Wassenaar, researchers say that's up for interpretation.
Piracy

Australian ISP Offers Pro-bono Legal Advice To Accused Pirates 65

Posted by timothy
from the they-got-really-skinny-for-the-role-too dept.
New submitter thegarbz writes: As covered previously, after losing a legal battle against Dallas Buyers Club and Voltage Pictures the Federal Court of Australia asked ISP iiNet to hand over details of customers allegedly downloading the movie The Dallas Buyers Club. iiNet has now taken the unprecedented move to offer pro-bono legal advice to all of its customers targeted over piracy claims. "It is important to remember that the Court's findings in this case do not mean that DBC and Voltage's allegations of copyright infringement have been proven," Ben Jenkins, financial controller for iiNet wrote. Also, as part of the ruling the court will review all correspondence sent to alleged copyright infringers in hopes to prevent the practice of speculative invoicing. Unless it can be proven exactly how much and and with how many people a film was shared the maximum damages could also be limited to the lost revenue by the studio, which currently stands at $10AU ($7.90US) based on iTunes pricing.
Education

Student Photographer Threatened With Suspension For Sports Photos 369

Posted by timothy
from the you-belong-to-the-state dept.
sandbagger writes: Anthony Mazur is a senior at Flower Mound High School in Texas who photographed school sports games and other events. Naturally he posted them on line. A few days ago he was summoned to the principal's office and threatened with a suspension and 'reporting to the IRS' if he didn't take those 4000 photos down. Reportedly, the principal's rationale was that the school has copyright on the images and not him.
Communications

Academics Build a New Tor Client Designed To Beat the NSA 60

Posted by timothy
from the non-spy-vs-spy dept.
An anonymous reader writes: In response to a slew of new research about network-level attacks against Tor, academics from the U.S. and Israel built a new Tor client called Astoria designed to beat adversaries like the NSA, GCHQ, or Chinese intelligence who can monitor a user's Tor traffic from entry to exit. Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.
Security

Stanford Researcher Finds Little To Love In Would-Be Hacker Marketplace 71

Posted by timothy
from the it-is-what-it-is dept.
An anonymous reader writes: What if there were an Uber for hackers? Well, there is. It's called Hacker's List, and it made the front page of the New York Times this year. Anyone can post or bid on an 'ethical' hacking project. According to new Stanford research, however, the site is a wreck. 'Most requests are unsophisticated and unlawful, very few deals are actually struck, and most completed projects appear to be criminal.' And it gets worse. 'Many users on Hacker's List are trivially identifiable,' with an email address or Facebook account. The research dataset includes thousands of individuals soliciting federal crimes.
Privacy

CareFirst Admits More Than a Million Customer Accounts Were Exposed In Security Breach 82

Posted by timothy
from the camel-cased-in-triplicate dept.
An anonymous reader writes with news, as reported by The Stack, that regional health insurer CareFirst BlueCross BlueShield, has confirmed a breach which took place last summer, and may have leaked personal details of as many as 1.1 million of the company's customers: "The Washington D.C.-based firm announced yesterday that the hack had taken place in June last year. CareFirst said that the breach had been a 'sophisticated cyberattack' and that those behind the crime had accessed and potentially stolen sensitive customer data including names, dates of birth, email addresses and ID numbers. All affected members will receive letters of apology, offering two years of free credit monitoring and identity threat protection as compensation, CareFirst said in a statement posted on its website." Free credit monitoring is pretty weak sauce for anyone who actually ends up faced with identity fraud.