Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

DHS Offering Free Vulnerability Scans, Penetration Tests ( 61

tsu doh nimh writes: The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies -- mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help 'critical infrastructure' companies shore up their computer and network defenses against real-world adversaries. And it's all free of charge (well, on the U.S. taxpayer's dime). Brian Krebs examines some of the pros and cons, and the story has some interesting feedback from some banks and others who have apparently taken DHS up on its offer.

Phishing Blast Uses Dropbox To Target Hong Kong Journalists ( 9

itwbennett writes: Researchers at FireEye have disclosed an ongoing Phishing campaign targeting pro-democracy media organizations in Hong Kong that's using Dropbox storage services as a command and control (C2) hub, writes CSO's Steve Ragan. 'The attacks are using basic emails trapped with documents that deliver a malware payload called LowBall,' says Ragan. 'LowBall is a basic backdoor that uses a legitimate Dropbox storage account to act as a C2.'

Revealed: What Info the FBI Can Collect With a National Security Letter 75

An anonymous reader writes with this lead from Help Net Security's story on a topic we've touched on here many times: the broad powers arrogated by the Federal government in the form of National Security Letters: On Monday, after winning an eleven-year legal battle, Nicholas Merrill can finally tell the public how the FBI has secretly construed its authority to issue National Security Letters (NSLs) to permit collection of vast amounts of private information on US citizens without a search warrant or any showing of probable cause. The PATRIOT Act vastly expanded the domestic reach of the NSL program, which allows the FBI to compel disclosure of information from online companies and forbid recipients from disclosing they have received an NSL. The FBI has refused to detail publicly the kinds of private data it believes it can obtain with an NSL. A key sentence from the same story: "Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases." Reader Advocatus Diaboli adds this, from The Intercept: One of the most striking revelations, Merrill said during a press teleconference, was that the FBI was requesting detailed cell site location information — cellphone tracking records — under the heading of "radius log" information. Traditionally, radius log refers to a user's attempts to connect to a server or a DSL line — a sort of anachronism given the progress of technology. "The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling," Merrill said.

Sued For Using HTTPS: Companies In Crypto Patent Fight ( 115

yoink! writes: According to an article in The Register, corporations big and small are coming under legal fire from CryptoPeak. The Company holds U.S. Patent 6,202,150, which describes "auto-escrowable and auto-certifiable cryptosystems" and has claimed that the Elliptic Curve Cryptography methods/implementations used as part of the HTTPS protocol violates their intellectual property. Naturally, reasonable people disagree.

HTTP/2.0 Opens Every New Connection It Makes With the Word 'PRISM' ( 170

An anonymous reader writes: British programmer and writer John Graham-Cumming has spotted what appears to be a 'code-protest' in the next generation of the hypertext protocol. Each new connection forged by the HTTP/2.0 protocol spells out the word 'PRISM' obliquely, though the word itself is obscured to the casual observer by coded returns and line-breaks. Work on the hidden message in HTTP/2.0 seems to date back to nine days after the Snowden revelations broke, with the final commit completed by July of 2013. In July 2013 one of the protocol's architects appealed to the development group to reconsider design principles in the light of the revelations about the NSA's worldwide surveillance program.

US Marshals Jump Into 'Cyber Monday' Mania ( 60

coondoggie writes: "Cyber Monday is generally thought to be the start of the online holiday shopping season. We would like to encourage shoppers who are already online in search of bargains to consider stopping by our auction website to bid on forfeited assets," said Jason Wojdylo, Chief Inspector of the U.S. Marshals Service Asset Forfeiture Division in a statement. These online auctions are designed to generate proceeds from ill-gotten gains to give back to victims, he stated. One auction includes a wine collection of approximately 2,800 bottles seized from once prominent wine dealer Rudy Kurniawan, who is serving a 10-year federal prison sentence following his conviction of selling millions of dollars of counterfeit wine.

VTech Hack Gets Worse: Chat Logs, Kids' Photos Taken In Breach ( 61

An anonymous reader writes: The VTech hack just got a little worse. Reports say that in addition to the 4.8 million records with parents' names, home addresses, passwords and the identities of 227k kids, the hackers also have hundreds of gigabytes worth of pictures and chat logs belonging to children. ZDNet reports: "Tens of thousands of pictures — many blank or duplicates — were thought to have been taken from from Kid Connect, an app that allows parents to use a smartphone app to talk to their children through a VTech tablet. Motherboard was able to verify a portion of the images, and the chat logs, which date as far back as late-2014. Details about the intrusion are not fully known yet. The hacker, who for now remains nameless, told Motherboard that the Hong Kong-based company 'left other sensitive data exposed on its servers.'"
The Courts

Young Climate Activists Sue Obama Over Climate Change Inaction ( 402

EmagGeek writes A recent lawsuit against Obama alleges he has a legal duty to act against climate change, and young climate activists, including 15-year-old Xiuhtezcatl Tonatiuh, are taking him to task on it. CNN reports: "Xiuhtezcatl Tonatiuh became a climate change activist at age 6 when he saw an environmental documentary. He asked his mom to find a way for him to speak at a rally. Now 15, the long-haired, hip-hop-savvy Coloradan is one of 21 young activists joining climate scientist James Hansen in suing the Obama administration for failing to ditch fossil fuels. 'It's basically a bunch of kids saying you're not doing your job,' he told me here at the U.N. COP21 climate change summit in Paris. 'You're failing, you know. F-minus. We're holding you accountable for your lack of action.'"

Rikers Inmates Learn How To Code Without Internet Access ( 173

An anonymous reader sends the story of another prison where inmates are learning the basics of programming, despite having no access to the vast educational resources on the internet. Instructors from Columbia University have held a lengthy class at New York's Rikers Island prison to teach the basics of Python. Similar projects have been attempted in California and Oklahoma. The goal wasn’t to turn the students into professional-grade programmers in just a few classes, [Instructor Dennis] Tenen emphasizes, but to introduce them to the basics of programming and reasoning about algorithms and code. "It’s really to give people a taste, to get people excited about coding, in hopes that when they come out, they continue," says Tenen. ...Having an explicit goal—building the Twitter bot—helped the class focus its limited time quickly on learning to do concrete tasks, instead of getting bogged down in abstract discussions of syntax and algorithms.

It's Getting Harder To Reside Anonymously In a Modern City ( 99

dkatana writes: In a panel on 'Privacy in the Smart City' during this month's Smart City World Congress, Dr. Carmela Troncoso, a researcher from Spain, argued that data anonymization itself is almost impossible without using advanced cryptography. Our every transaction leaves a digital marker that can be mined by anyone with the right tools or enough determination.

Most modern cities today are full of sensors and connected devices. Some are considering giving away free WiFi in exchange of personal data. LinkNYC, which was present at the congress as exhibitor, is one such example of this. The panelists insisted that it is the duty of world leaders to safeguard their citizens' privacy, just as corporations are answerable to leaks and hacks.


BlackBerry Exits Pakistan Amid User Privacy Concerns ( 68

An anonymous reader writes: BlackBerry has announced that it will pull its operations in Pakistan from today, quoting a recent government notice which read that the company would not be permitted to continue its services in the country after December for 'security reasons.' In a blog post released by BlackBerry today, chief operating officer Marty Beard confirmed the decision: 'The truth is that the Pakistani government wanted the ability to monitor all BlackBerry Enterprise Service traffic in the country, including every BES e-mail and BES BBM message.' He added: 'BlackBerry will not comply with that sort of directive.'

Israel Meets With Google and YouTube To Discuss Censoring Videos ( 502

An anonymous reader writes: Various sources report Israel's Deputy Minister for Foreign Affairs Tzipi Hotovely meeting with representatives of Google and YouTube to discuss censoring Palestinian videos believed to incite violence. Original aricle (in Hebrew) from Maariv The open question is how Google and Youtube will define "inciting violence." Currently, all foreign journalists in the Palestinian territories are required to register with the Israeli military, and all footage must be approved through the Israeli Military Censor's office before being released. However, according to the article in alternet individual Palestinians have been uploading videos showing violence by Israeli soldiers, including execution-style killings, and highlighting the living conditions in the territories, which Israeli authorities consider inflammatory.

Swedish Court Says ISPs Can't Be Forced To Block Pirate Bay 20

The Next Web reports that a district court in Sweden has ruled that it cannot simply force ISPs to block The Pirate Bay, despite its role in large-scale copyright violation. A coalition of copyright holders including Sony and a group representing the Swedish film industry wanted the court to force Swedish ISP Bredbandsbolaget to curtail access, as courts have done in various cases around the world. The court found that Bredbandsbolaget couldn’t be held responsible for the copyright infringement of its customers’ actions while using the service as it doesn’t constitute a crime under Swedish law, according to the report. As such, it’s also not liable for any of the fines. While it could still be overturned by a higher authority appeals court, the group representing the copyright holders will have to pay the ISPs legal costs thus far, which is more than $150,000 according to TorrentFreak. (And here's TorrentFreak's report.) Update: 11/29 15:55 GMT by T : Oops -- sorry, we've mentioned this once already.

Pwned Barbies Spying On Children? Toytalk CEO Downplays Hacking Reports ( 88

McGruber writes: Earlier this year Mattel unveiled "Hello Barbie," a $74.99 wi-fi equipped interactive doll. Users press a button on Barbie's belt to start a conversation and the recorded audio is processed over the internet so that the doll can respond appropriately. The doll also remembers the user's likes and dislikes.

Now Security Researcher Matt Jakubowski claims that he has managed to hack the Hello Barbie system to extract wi-fi network names, account IDs and MP3 files, which could be used to track down someone's home. "You can take that information and find out a person's house or business. It's just a matter of time until we are able to replace their servers with ours and have her say anything we want," Jakubowski warned. Mattel partnered with ToyTalk to develop "Hello Barbie." ToyTalk CEO Oren Jacob said: "An enthusiastic researcher has reported finding some device data and called that a hack. While the path that the researcher used to find that data is not obvious and not user-friendly, it is important to note that all that information was already directly available to Hello Barbie customers through the Hello Barbie Companion App. No user data, no Barbie content, and no major security or privacy protections have been compromised to our knowledge." A petition by the Campaign for a Commercial-Free Childhood asking Mattel to drop the doll has already been signed by over 6,000 people.

NOTE: The original reporting of this hack appears to have been this NBC-Chicago newscast.


How Bad of a World Are We Really Living In Right Now? 203

New submitter Y.A.A.P. writes: Slate has a surprisingly relevant article of the state of the world today. A reasonable number of graphs and statistical comparisons show that our world is more peaceful than it has been for a long time. The article tells us that, despite what most news outlets (and political candidates) tell us, The World Is Not Falling Apart. Well, not from violence, at least.