RedLeg writes "ArsTechnica reports that Brian Krebs, of KrebsOnSecurity.com, formerly of the Washington Post, recently got SWATted. For those not familiar with the term, SWATting is the practice of spoofing a call to emergency responders (911 in the U.S.) to induce an overwhelming and potentially devastating response from law enforcement and/or other first responders to the home or residence of the victim. Brian's first-person account of the incident and what he believes to be related events are chronicled here. Krebs has been prominent in the takedown of several cyber-criminal groups in the past, and has been subject to retaliation. I guess this time he poked the wrong bear."
Find out the latest on data centers with SlashDataCenter.
redletterdave writes "Apple is facing a potential class action suit in San Francisco's California Northern District Court after an owner of its MacBook Pro with Retina display accused the computer company on Wednesday of 'tricking' consumers into paying for a poor-quality screen, citing an increasingly common problem that causes images to be burned into the display, also known as 'image persistence' or 'ghosting.' The lawsuit claims only LG-made screens are affected by this problem, but 'none of Apple's advertisements or representations disclose that it produces display screens that exhibit different levels of performance and quality.' Even though only one man filed the lawsuit, it can become a class action suit if others decide to join him in his claim, which might not be an issue: An Apple.com support thread for this particular problem, entitled 'MacBook Pro Retina display burn-in,' currently has more than 7,200 replies and 367,000 views across more than 500 pages."
A U.S. District Court Judge in California today ruled that so-called National Security Letters, used by government agencies to force business and organizations to turn over information on citizens, are unconstitutional. Judge Susan Illston ordered the government to stop using them, but gave the government a 90-day window to appeal the decision, during which the NSLs may still be sent out. The letters were challenged by the Electronic Frontier Foundation on behalf of a telecom who was ordered to provide data. "The telecom took the extraordinary and rare step of challenging the underlying authority of the National Security Letter, as well as the legitimacy of the gag order that came with it. Both challenges are allowed under a federal law that governs NSLs, a power greatly expanded under the Patriot Act that allows the government to get detailed information on Americans’ finances and communications without oversight from a judge. The FBI has issued hundreds of thousands of NSLs and been reprimanded for abusing them — though almost none of the requests have been challenged by the recipients. After the telecom challenged the NSL, the Justice Department took its own extraordinary measure and sued the company, arguing in court documents that the company was violating the law by challenging its authority. The move stunned the Electronic Frontier Foundation, which is representing the anonymous telecom. ... After heated negotiations with EFF, the Justice Department agreed to stay the civil suit and let the telecom’s challenge play out in court. The Justice Department subsequently filed a motion to compel in the challenge case, but has never dropped the civil suit."
An anonymous reader writes "Previous reports of a Microsoft provided backdoor to Skype has been unconfirmed. However, there are now reports that Russian federal security service FSB is able to tap call and locate users. 'FSB and the Internal Affairs Ministry (MVD) have been capable to wiretap and locate Skype users for some years already, reported Vedomosti on Thursday [Google translation of Russian original]. The newspaper is citing experts on information security. "Special services have been capable for several years not only to wiretap but also to locate a Skype user. That's why, for instance, employees of our company are forbidden to discuss business-related topics on Skype," General Director of Group-IB, Ilya Sachkov, says to Vedomosti. "After Microsoft acquired Skype in May 2011, it updated the software with technology allowing legitimate wiretapping," says Maksim Emm, Director of Peak Systems.'"
B3ryllium writes "Matthew Keys, a Reuters social media editor, is accused of deliberately encouraging Anonymous to hack his previous employer, and even gave them access credentials to do it. An indictment appears to recommend charges that could result in up to 30 years in prison and a $750,000 fine. From the article: 'He is alleged to have identified himself on an internet chat forum as a former Tribune Company employee and then provided members of Anonymous with the login and password to the Tribune Company server. The indictment alleges that Mr Keys had a conversation with the hacker who claimed credit for the defacement of the Los Angeles Times website. The hacker allegedly told him that Tribune Company system administrators had locked him out. Mr Keys allegedly tried to regain access for the hacker, and when he learned that the hacker had made changes to a page, Mr Keys is said to have responded: "Nice."'"
destinyland writes "Jacob Appelbaum, the Tor Project's main advocate, argues that Open Source software is necessary 'to both verify and improve' available cryptography. (Adding 'We also need that to ensure that everyone has a reasonable baseline — which is part of the cypherpunk ethos.') In this new interview, he's critical of a general public silence over government encroachments on privacy, but points to the current impact of the Tor network now as something that 'runs, is open and is supported by a large community spread across all walks of life.' And he ultimately identifies Tor as 'part of an ecosystem of software that helps people regain and reclaim their autonomy,' saying the distributed anonymous network 'helps to enable people to have agency of all kinds; it helps others to help each other and it helps you to help yourself.'"
An anonymous reader writes "Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the spamming IP addresses — and some ISPs have more than 60% of compromised hosts, mostly in Asia. Phishing Bad Neighborhoods, on the other hand, are mostly in the U.S. Also, there is a silent ticking 'spam' bomb in BRIC countries: if India would have the same Internet penetration rate as the United States while keeping its current ratio of malicious IP addresses, we would observe 200% more spamming IP addresses worldwide. These are just few of the striking results of an extensive study from the University of Twente, in The Netherlands, which scrutinizes the Internet Bad Neighborhoods to develop next-generation algorithms and solutions to better secure networks."
Sparrowvsrevolution writes "At the Fast Software Encryption conference in Singapore earlier this week, University of Illinois at Chicago Professor Dan Bernstein presented a method for breaking TLS and SSL web encryption when it's combined with the popular stream cipher RC4 invented by Ron Rivest in 1987. Bernstein demonstrated that when the same message is encrypted enough times--about a billion--comparing the ciphertext can allow the message to be deciphered. While that sounds impractical, Bernstein argued it can be achieved with a compromised website, a malicious ad or a hijacked router." RC4 may be long in the tooth, but it remains very widely used.
judgecorp writes "The British Serious Fraud Office (SFO) is investigating whether British software firm Autonomy fiddled its accounts to inflate the price which HP paid for it to a whopping $10 billion. There's a problem though. Autonomy's Introspect software is used to trawl large data sets for information and is in use at the SFO for jobs such as this fraud investigation. It's not just ironic: the SFO says its £4.6 million contract with Autonomy could create a conflict of interest and it may have to pull out of the investigation."
hypnosec writes "The US government's National Vulnerability Database (NVD) maintained by National Institute of Standards and Technology (NIST) has been offline for a few days because of malware infestation. The public-facing site has been taken offline because traces of malware were found on two of the web servers that house it. A post on Google+ containing an email from Gail Porter details the discovery of suspicious activity and subsequent steps taken by NIST. As of this writing the NVD website is still serving a page not found message."
New submitter KrisJon writes "The Obama administration is drawing up plans to give all U.S. spy agencies full access to a massive database that contains financial data on American citizens and others who bank in the country, according to a Treasury Department document seen by Reuters. Financial institutions that operate in the United States are required by law to file reports of 'suspicious customer activity.' A move like the FinCEN proposal 'raises concerns as to whether people could find their information in a file as a potential terrorist suspect without having the appropriate predicate for that and find themselves potentially falsely accused,' said Sharon Bradford Franklin, senior counsel for the Rule of Law Program at the Constitution Project, a non-profit watchdog group."
itwbennett writes "Daiyuu Nobori, a Ph.D. student at Japan's Tsukuba University designed 'VPN Gate' to help individuals in countries that restrict Internet use circumvent government firewalls. The service, which has drawn 77,000 users since its launch last Friday, encourages members of the public to set up VPN servers and offer free connections to individual users, aiming to make the technology more accessible. Nobori had originally planned to host the service on his university's servers, but they have been down recently so he switched it to the Windows Azure cloud platform. He has spent about US$9,000 keeping it up so far."
moon_unit2 writes "In an op-ed piece over at Technology Review, Bruce Schneier says that the cyber espionage between the U.S., China, and other nations, has been rampant for the past decade. But he also worries that the media frenzy over recent attacks is fostering a new kind of Internet-nationalism and spurring a cyber arms race that has plenty of negative side-effects for the Internet and its users. From the piece: 'We don't know the capabilities of the other side, and we fear that they are more capable than we are. So we spend more, just in case. The other side, of course, does the same. That spending will result in more cyber weapons for attack and more cyber-surveillance for defense. It will result in move government control over the protocols of the Internet, and less free-market innovation over the same. At its worst, we might be about to enter an information-age Cold War: one with more than two "superpowers." Aside from this being a bad future for the Internet, this is inherently destabilizing.'"
theodp writes "When Aaron Swartz tapped into MIT's network and scooped up data from one non-profit company, the U.S. Attorney threatened him with 35 years in prison and a $1 million fine. So what kind of jail time did 38 Attorneys General threaten Google with for using its Street View cars to scoop up passwords, e-mail and other personal information by tapping into the networks of their states' unsuspecting citizens? None. In agreeing to settle the case, the NY Times reports, Google is required to police its own employees on privacy issues, lecture the public on how to fend off privacy violations like the one Google perpetrated, and forfeit about 20% of one day's net income. Given the chance, one imagines that Aaron Swartz would have happily jumped at a comparable deal." The fine being $7 million. At least EPIC isn't as cynical and thinks the outcome was positive.
A bit over a year since having their case rejected by the Swedish Supreme Court and appealing to the European Human Rights Court, it looks like basically all legal options have been exhausted for the Pirate Bay Founders: their case has been rejected. From the article: "The EHCR recognizes that the Swedish verdict interferes with the right to freedom of expression, but ruled that this was necessary to protect the rights of copyright holders. In its decision the Court also considered the fact that The Pirate Bay did not remove torrents linking to copyrighted material when they were asked to. 'The Court held that sharing, or allowing others to share files of this kind on the Internet, even copyright-protected material and for profit-making purposes, was covered by the right to "receive and impart information" under Article 10 ... However, the Court considered that the domestic courts had rightly balanced the competing interests at stake – i.e. the right of the applicants to receive and impart information and the necessity to protect copyright – when convicting the applicants and therefore rejected their application as manifestly ill-founded.'"
An anonymous reader writes "We recently discussed what appeared to be a positive response from the Obama administration on the legality of cell phone unlocking. Unfortunately, the Obama administration may not be able to do anything about it. It has already signed away our rights under a trade agreement with South Korea. Lawyer Jonathan Band, who works for the Association of Research Libraries, wrote, 'The White House position, however, may be inconsistent with the U.S. proposal in the Trans-Pacific Partnership Agreement (TPP) and existing obligations in the Korea-U.S. Free Trade Agreement (KORUS) and other free trade agreements to which the United States is a party. This demonstrates the danger of including in international agreements rigid provisions that do not accommodate technological development.'You can read more about this issue in a short eight page legal primer by Jonathan Band (PDF). An interesting, related note that the U.S.-KOREA FTA is possibly inconsistent with our domestic patent/drug law in the Hatch-Waxman Act as well. The trade agreement requires us to grant injunctions until the patent is invalidated as opposed to thirty months under current domestic law."
xclr8r writes "James Holmes representation did not enter a plea today in with regards to the Aurora, Co. Movie theater shooting so the Judge entered a plea of not guilty for James that could be changed at a later date by Holmes' attorney. The judge entered an advisory that if the plea was changed to Not Guilty by insanity that Holmes would be subject to a 'narcoanalytic interview' with the possibility of medically appropriate substances could be used e.g. so called truth serums. Holmes defense looks to have initially objected to this but as the previous article seems to infer that some compromises are being worked out. This certainly raises legal questions on how this is being played out 5th, 14th amendments. The legal expert in the second article states this is legal under Co. law but admits there's not a huge amount of cases regarding this. I was only able to find Harper v State where a defendant willingly underwent truth serum and wanted to submit the interview on his behalf but was rejected due to the judge not recognizing sufficient scientific basis to admit the evidence."
An anonymous reader writes "The European Parliament passed a proposal Tuesday which included a blanket ban on pornography, including Internet porn, in European Union member states. However, Members of European Parliament (MEPs) removed explanatory wording from the porn ban section, essentially limiting the ban to advertising and print media. The proposal, titled 'Eliminating gender stereotypes in the EU,' was put to a vote in Strasbourg. MEPs passed it 368-159."
jfruh writes "Skype made a name for itself by largely bypassing the infrastucture — and the costs, and the regulations — of the legacy telecommunications industry. But now the French telecom regulator wants to change that, at least in France. At issue is not the service's VoIP offering, but rather the Skype Out service that allows users to dial phones on traditional networks. Regulators say that this service necessitates that Skype face the same regulations as other telecoms."
adeelarshad82 writes "The SimCity launch debacle is only the latest in an increasingly frustrating string of affronts to gamers' rights as customers. Before SimCity, we had Ubisoft's always-on DRM (that the company only ended quietly after massive outcry from gamers). We had the forced online and similarly unplayable launch of Diablo III. We had games like Asura's Wrath and Final Fantasy: All the Bravest that required you to pay more money just to complete them after you purchase them. And let us never forget the utter infamy of StarForce, SecuROM, and Sony's copy protection, which installed rootkits on computers without users' knowledge. As one recently published article argues, maybe it's time for gamers to demand adoption of a Bill of Rights."