Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Government

Tor Warns of Possible Disruption of Network Through Server Seizures 17

Posted by samzenpus
from the here-it-comes dept.
itwbennett writes "Without naming the group responsible, the Tor project warned that it could face attempts to incapacitate its network in the next few days through the seizure of specialized servers called directory authorities. These servers guide Tor users on the list of distributed relays on the network that bounce communications around. 'We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use,' wrote 'arma' in a post Friday on the Tor project blog. The 'arma' developer handle is generally associated with project leader Roger Dingledine. There were no reports of a seizure by late Sunday. The project promised to update the blog and its Twitter account with new information."
Communications

Tor Network May Be Attacked, Says Project Leader 86

Posted by timothy
from the routing-around-the-routing-around dept.
Earthquake Retrofit writes The Register is reporting that the Tor Project has warned that its network – used to mask peoples' identities on the internet – may be knocked offline in the coming days. In a Tor blog post, project leader Roger 'arma' Dingledine said an unnamed group may seize Tor's directory authority servers before the end of next week. These servers distribute the official lists of relays in the network, which are the systems that route users' traffic around the world to obfuscate their internet connections' public IP addresses.
Sony

Schneier Explains How To Protect Yourself From Sony-Style Attacks (You Can't) 334

Posted by Soulskill
from the just-look-less-hackable-than-the-schmuck-next-to-you dept.
phantomfive writes: Bruce Schneier has an opinion piece discussing the Sony attack. He says, "Your reaction to the massive hacking of such a prominent company will depend on whether you're fluent in information-technology security. If you're not, you're probably wondering how in the world this could happen. If you are, you're aware that this could happen to any company." He continues, "The worst invasion of privacy from the Sony hack didn’t happen to the executives or the stars; it happened to the blameless random employees who were just using their company’s email system. Because of that, they’ve had their most personal conversations—gossip, medical conditions, love lives—exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now. This could be any of us." Related: the FBI has officially concluded that the North Korean government is behind the attack.
Security

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere 88

Posted by Soulskill
from the just-in-case-you-were-feeling-safe-and-secure-today dept.
krakman writes: Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging German Chancellor Angela's Merkel's phone.

Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.
Crime

Councilmen Introduce Bills Strongly Regulating UAV Use in NYC 68

Posted by timothy
from the man-vs-the-state dept.
SternisheFan passes on this excerpt from an Ars Technica article: On Wednesday Councilman Dan Garodnick introduced a bill to the New York City council seeking to ban all use of drones except those operated by police officers who obtain warrants. A second, parallel bill introduced by councilman Paul Vallone would place more stringent restrictions on drone use but stop short of banning drones for hobbyists and companies altogether. Both bills have been passed to the city's committee on public safety. An all-out ban on drones within the metropolis would be a quite wide-reaching step, especially as the Federal Aviation Authority (FAA) seems poised to adopt more permissive rules, with respect to commercial interests in particular. Earlier this year, the FAA formally granted six Hollywood companies exemptions to drone ban rules. A couple of months later, the FAA granted similar exemptions for construction site monitoring and oil rig flare stack inspections. The article explains that Vallone's bill is less restrictive, and rather than propose an outright ban "lists 10 instances where operating a UAV would be illegal, including at night, out of the operator's eyesight, or above 400 ft high. Outside of those conditions, hobbyists and commercial interests would be free to fly drones."
Crime

RFID-Blocking Blazer and Jeans Could Stop Wireless Identity Theft 110

Posted by samzenpus
from the keeping-it-in dept.
An anonymous reader writes A pair of trousers and blazer have been developed by San Francisco-based clothing company Betabrand and anti-virus group Norton that are able to prevent identity theft by blocking wireless signals. The READY Active Jeans and the Work-It Blazer contain RFID-blocking fabric within the pockets' lining designed to prevent hacking through radio frequency identification (RFID) signals emitted from e-passports and contactless payment card chips. According to the clothing brand, this form of hacking is an increasing threat, with "more than 10 million identities digitally pick pocketed every year [and] 70% of all credit cards vulnerable to such attacks by 2015."
Verizon

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor 166

Posted by Soulskill
from the part-and-parcel dept.
An anonymous reader sends this quote from TechDirt: As a string of whistle blowers like former AT&T employee Mark Klein have made clear abundantly clear, the line purportedly separating intelligence operations from the nation's incumbent phone companies was all-but obliterated long ago. As such, it's relatively amusing to see Verizon announce this week that the company is offering up a new encrypted wireless voice service named Voice Cypher. Voice Cypher, Verizon states, offers "end-to-end" encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app made by Cellcrypt.

Verizon says it's initially pitching the $45 per phone service to government agencies and corporations, but would ultimately love to offer it to consumers as a line item on your bill. Of course by "end-to-end encryption," Verizon means that the new $45 per phone service includes an embedded NSA backdoor free of charge. Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world.
Privacy

Uber Limits 'God View' To Improve Rider Privacy 76

Posted by Soulskill
from the enabled-by-typing-iddqd dept.
mpicpp sends this report from CNN: Uber has rolled back employee access to its "God view" mode, which allows the company to track riders' locations and other data. The ride service company was faced with questions about its privacy policies from U.S. Senator Al Franken, following a series of recent privacy debacles. Uber's updated policy is detailed in its response to the senator's questions. Franken sent Uber a letter (PDF, Uber's response) in November after news reports made two things clear: The ride service company collects lots of data on customers — and some executives don't exercise that power responsibly. In one case, an Uber employee using "God View" easily tracked a reporter's movements on her way to a meeting.
Privacy

Microsoft Gets Industry Support Against US Search Of Data In Ireland 137

Posted by timothy
from the encrypt-what-you-must dept.
An anonymous reader writes Tech giants such as Apple and eBay have given their support in Microsoft's legal battle against the U.S. government regarding the handing over of data stored in an Irish datacenter. In connection with a 2014 drugs investigation, U.S. prosecutors issued a warrant for emails stored by Microsoft in Ireland. The firm refused to hand over the information, but in July was ordered by a judge to comply with the investigation. Microsoft has today filed a collection of letters from industry supporters, such as Apple, eBay, Cisco, Amazon, HP, and Verizon. Trade associations including the U.S. Chamber of Commerce and Digital Rights Ireland have also expressed their support.
Electronic Frontier Foundation

Federal Court Nixes Weeks of Warrantless Video Surveillance 440

Posted by timothy
from the if-you-watch-someone-long-enough dept.
An anonymous reader writes with this news from the EFF's Deep Links: The public got an early holiday gift today when a federal court agreed with us that six weeks of continually video recording the front yard of someone's home without a search warrant violates the Fourth Amendment. In United States v. Vargas local police in rural Washington suspected Vargas of drug trafficking. In April 2013, police installed a camera on top of a utility pole overlooking his home. Even though police did not have a warrant, they nonetheless pointed the camera at his front door and driveway and began watching every day. A month later, police observed Vargas shoot some beer bottles with a gun and because Vargas was an undocumented immigrant, they had probable cause to believe he was illegally possessing a firearm. They used the video surveillance to obtain a warrant to search his home, which uncovered drugs and guns, leading to a federal indictment against Vargas.
Privacy

Snowden Leaks Prompt Internet Users Worldwide To Protect Their Data 53

Posted by Soulskill
from the for-differing-values-of-"protect" dept.
Lucas123 writes: A new international survey of internet users from 24 countries has found that more than 39% of them have taken steps to protect their data since Edward Snowden leaked the NSA's spying practices. The survey, conducted by the Center for International Governance Innovation, found that 43% of Internet users now avoid certain websites and applications and 39% change their passwords regularly. Security expert Bruce Schneier chastised the media for trying to downplay the numbers by saying "only" 39%" have taken action and "only 60%" have heard of Snowden. The news articles, "are completely misunderstanding the data," Schneier said, pointing out that by combining data on Internet penetration with data from the international survey, it works out to 706 million people who are now taking steps to protect their online data. Additionally, two-thirds (64%) of users indicated they are more concerned today about online privacy than they were a year ago. Another notable finding: 83% of users believe that affordable access to the Internet should be a basic human right.
Canada

Govt Docs Reveal Canadian Telcos Promise Surveillance Ready Networks 74

Posted by samzenpus
from the we'll-do-it-for-you dept.
An anonymous reader writes "Michael Geist reports that Canadian telecom and Internet providers have tried to convince the government that they will voluntarily build surveillance capabilities into their networks. Hoping to avoid legislative requirements, the providers argue that "the telecommunications market will soon shift to a point where interception capability will simply become a standard component of available equipment, and that technical changes in the way communications actually travel on communications networks will make it even easier to intercept communications."
Google

Eric Schmidt: To Avoid NSA Spying, Keep Your Data In Google's Services 281

Posted by samzenpus
from the no-snooping-zone dept.
jfruh writes Google Chairman Eric Schmidt told a conference on surveillance at the Cato Institute that Edward Snowden's revelations on NSA spying shocked the company's engineers — who then immediately started working on making the company's servers and services more secure. Now, after a year and a half of work, Schmidt says that Google's services are the safest place to store your sensitive data.
Privacy

How Identifiable Are You On the Web? 159

Posted by timothy
from the your-unique-aroma dept.
An anonymous reader writes How identifiable are you on the web? This updated browser fingerprinting tool implements the current state of the art in browser fingerprinting techniques(including canvas fingerprinting) to show you how unique your browser is on the web. Good food for thought when three-letter agencies talk about "mere metadata."
Google

Hollywood's Secret War With Google 176

Posted by Soulskill
from the a-war-they'll-fight-aggressively-to-lose dept.
cpt kangarooski writes: Information has come to light (thanks to the recent Sony hack) that the MPAA and six major studios are pondering the legal actions available to them to compel an entity referred to as 'Goliath,' most likely Google, into taking aggressive anti-piracy action on behalf of the entertainment industry. The MPAA and member studios Universal, Sony, Fox, Paramount, Warner Bros., and Disney have had lengthy email discussions concerning how to block pirate sites at the ISP level, and how to take action at the state level to work around the failure of SOPA in 2012. Emails also indicate that they are working with Comcast (which owns Universal) on some form of traffic inspection to find copyright infringements as they happen.
Businesses

Is Enterprise IT More Difficult To Manage Now Than Ever? 241

Posted by Soulskill
from the get-off-my-virtualized-lawn dept.
colinneagle writes: Who's old enough to remember when the best technology was found at work, while at home we got by with clunky home computers and pokey dial-up modems? Those days are gone, and they don't look like they're ever coming back.

Instead, today's IT department is scrambling to deliver technology offerings that won't get laughed at — or, just as bad, ignored — by a modern workforce raised on slick smartphones and consumer services powered by data centers far more powerful than the one their company uses. And those services work better and faster than the programs they offer, partly because consumers don't have to worry about all the constraints that IT does, from security and privacy to, you know, actually being profitable. Plus, while IT still has to maintain all the old desktop apps, it also needs to make sure mobile users can do whatever they need to from anywhere at any time.

And that's just the users. IT's issues with corporate peers and leaders may be even rockier. Between shadow IT and other Software-as-a-Service, estimates say that 1 in 5 technology operations dollars are now being spent outside the IT department, and many think that figure is actually much higher. New digital initiatives are increasingly being driven by marketing and other business functions, not by IT. Today's CMOs often outrank the CIO, whose role may be constrained to keeping the infrastructure running at the lowest possible cost instead of bringing strategic value to the organization. Hardly a recipe for success and influence.
Privacy

Bank Security Software EULA Allows Spying On Users 135

Posted by timothy
from the even-for-a-eula-that's-bad dept.
An anonymous reader writes Trusteer Rapport, a software package whose installation is promoted by several major banks as an anti-fraud tool, has recently been acquired by IBM and has an updated EULA. Among other things, the new EULA includes this gem: "In addition, You authorize personnel of IBM, as Your Sponsoring Enterprise's data processor, to use the Program remotely to collect any files or other information from your computer that IBM security experts suspect may be related to malware or other malicious activity, or that may be associated with general Program malfunction." Welcome to the future...
Social Networks

How Your In-Store Shopping Affects the Ads You See On Facebook 69

Posted by timothy
from the one-country-one-nation-one-singular-sensation dept.
itwbennett writes Facebook has made several acquisitions over the years to help advertisers target their ads and extend their reach. Custom Audiences is one such targeting tool, allowing retailers to match shoppers in their stores with their accounts on Facebook. It's often done through an email address, phone number or name. Facebook won't give hard numbers, but there seems to be a lot of matching going on. For decades, marketers have been trying to understand more about what's happening at the point of sale, 'so their systems are really robust at capturing a strikingly large amount of transactions,' says Brian Boland, Facebook's VP of advertising technology.
Communications

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications 379

Posted by timothy
from the stinkin'-badges-apparently-suffice dept.
Prune writes Congress has quietly passed an Intelligence Authorization Bill that includes warrantless forfeiture of private communications to local law enforcement. Representative Justin Amash unsuccessfully attempted a late bid to oppose the bill, which passed 325-100. According to Amash, the bill "grants the executive branch virtually unlimited access to the communications of every American." According to the article, a provision in the bill allows “the acquisition, retention, and dissemination” of Americans’ communications without a court order or subpoena. That type of collection is currently allowed under an executive order that dates back to former President Reagan, but the new stamp of approval from Congress was troubling, Amash said. Limits on the government’s ability to retain information in the provision did not satisfy the Michigan Republican."
Canada

Canadian Supreme Court Rules In Favor of Warrantless Cellphone Searches 105

Posted by timothy
from the eh?-speak-up-sonny dept.
An anonymous reader writes In a surprising decision, a split Supreme Court of Canada ruled this morning that police can search cellphones without a warrant incident to an arrest. The majority established some conditions, but ultimately ruled that it could navigate the privacy balance by establishing some safeguards with the practice. Michael Geist notes that a strongly worded dissent disagreed, emphasizing the privacy implications of access to cellphones and the need for judicial pre-authorization as the best method of addressing the privacy implications. The U.S. Supreme Court's June 2014 decision in Riley addressed similar issues and ruled that a warrant is needed to search a phone.

"Hey Ivan, check your six." -- Sidewinder missile jacket patch, showing a Sidewinder driving up the tail of a Russian Su-27

Working...