iComp writes "A sophisticated scheme to use a casino's own security systems against it has netted scammers $33 million in a high-stakes poker game after they were able to gain a crucial advantage by seeing the opposition's cards. The team used a high-rolling accomplice from overseas who was known to spend large amounts while gambling at Australia's biggest casino, the Crown in Melbourne, according to the Herald Sun. He and his family checked into the Crown and were accommodated in one of its $30,000-a-night villas. The player then joined a private high-stakes poker game in a private suite. At the same time, an unnamed person got access to the casino's CCTV systems in the poker room and fed the information he gleaned back to the player via a wireless link. Over the course of eight hands the team fleeced the opposition to the tune of $33 million."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
dstates writes "SAM (Systems for Awards Management) is a financial management system that the US government requires all contractors and grantees to use. This system has recently been rolled out to replace the older CCR system. Friday night, thousands of SAM users received the following message: 'Dear SAM user, The General Services Administration (GSA) recently has identified a security vulnerability in the System for Award Management (SAM), which is part of the cross-government Integrated Award Environment (IAE) managed by GSA. Registered SAM users with entity administrator rights and delegated entity registration rights had the ability to view any entity's registration information, including both public and non-public data at all sensitivity levels.' From March 8 to 10, any registered user who searched the system could view confidential information including account and social security numbers for any other user of the system. Oops! The Government Services Administration says that they have fixed the problem."
NewYorkCountryLawyer writes "Veoh has once again beaten the record companies; in fact it has beaten them in every round, only to have been forced out of business by the attorneys fees it expended to do so. I guess that's the record companies' strategy to do an 'end around' the clear wording of the DMCA 'safe harbor': outspend them until they fold. Back in 2009 the lower court dismissed UMG's case (PDF) on the ground that Veoh was covered by the DMCA 'safe harbor' and had complied with takedown notices. The record companies of course appealed. And they of course lost. Then, after the Viacom v. YouTube decision by the 2nd Circuit, which ruled that there were factual issues as to some of the videos, they moved for rehearing in UMG v. Veoh. Now, in a 61-page decision (PDF), the 9th Circuit has once again ruled that the statute means what it says, and rejected each and every argument the record companies made. Sadly, though, it did not award attorneys fees."
An anonymous reader writes "Bruce Schneier has written a blunt article in CNN about the state of privacy on the internet. Quoting: 'The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we're being tracked all the time. Google tracks us, both on its pages and on other pages it has access to. Facebook does the same; it even tracks non-Facebook users. Apple tracks us on our iPhones and iPads. One reporter used a tool called Collusion to track who was tracking him; 105 companies tracked his Internet use during one 36-hour period. ... This is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it's efficient beyond the wildest dreams of George Orwell. Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters. There are simply too many ways to be tracked."
An anonymous reader writes "The Obama Administration has put forth a proposal to collect $2 billion over the next 10 years from revenues generated by oil and gas development to fund scientific research into clean energy technologies. The administration hopes the research would help 'protect American families from spikes in gas prices and allow us to run our cars and trucks on electricity or homegrown fuels.' In a speech at Argonne National Laboratory, Obama said the private sector couldn't afford such research, which puts the onus on government to keep it going. Of course, it'll still be difficult to get everyone on board: 'The notion of funding alternative energy research with fossil fuel revenues has been endorsed in different forms by Republican politicians, including Alaskan senator Lisa Murkowsi. But the president still faces an uphill battle passing any major energy law, given how politicized programs to promote clean energy have become in the wake of high-profile failures of government-backed companies.'"
An anonymous reader writes "ComputerWeekly reports that the U.K. government 'has, for the first time, mandated a preference for using open source software for future developments.' This comes from the newly released version of the Government Service Design Manual, which has a section about when government agencies should use open source. It says: 'Use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, web servers, databases and programming languages.' The document also warns against vendor lock-in. This policy shift comes under the direction of government CTO Liam Maxwell, who said, 'In digital public services, open source software is clearly the way forward.' He added, 'We're not dogmatic about this – we'll always use the best tool for the job – but open source has major advantages for the public sector.'"
An anonymous reader writes "An article at TechCrunch bemoans the naysayers of ubiquitous video camera headsets, which seems like a near-term certainty whether it comes in the form of Google Glass or a similar product. The author points out, rightly, that surveillance cameras are already everywhere, and increasingly sophisticated government drones and satellites mean you're probably on camera more than you think already. 'But there's something about being caught on video, not by some impersonal machine but by another human being, that sticks in people's craws and makes them go irrationally berserk.' However, he also seems happy to trade privacy for security, which may not be palatable to others. He references a time he was mugged in Mexico as well as a desire to keep an eye on abuses of authority from police and others. 'If pervasive, ubiquitous networked cameras ultimately make public privacy impossible, which seems likely, then at least we can balance the scales by ensuring that we have two-way transparency between the powerful and the powerless.'"
JayRott writes "According to Ars, 'The embattled copyright trolling firm Prenda Law is seeking to contain the fallout from a looming identity theft scandal by voluntarily dismissing lawsuits filed by the shell company AF Holdings. A Minnesota man named Alan Cooper has charged that Prenda fraudulantly used his name as the CEO of AF Holdings, allegations that have attracted the attention of a California judge. Ken at the legal blog Popehat broke the news that Prenda attorney Paul Duffy has sought dismissal of at least four pending infringement cases involving the Prenda-linked shell company AF Holdings. All four dismissals occurred in the Northern District of Illinois.' I don't see how Prenda thinks this is going to make one lick of difference to an already angry Judge."
RedLeg writes "ArsTechnica reports that Brian Krebs, of KrebsOnSecurity.com, formerly of the Washington Post, recently got SWATted. For those not familiar with the term, SWATting is the practice of spoofing a call to emergency responders (911 in the U.S.) to induce an overwhelming and potentially devastating response from law enforcement and/or other first responders to the home or residence of the victim. Brian's first-person account of the incident and what he believes to be related events are chronicled here. Krebs has been prominent in the takedown of several cyber-criminal groups in the past, and has been subject to retaliation. I guess this time he poked the wrong bear."
redletterdave writes "Apple is facing a potential class action suit in San Francisco's California Northern District Court after an owner of its MacBook Pro with Retina display accused the computer company on Wednesday of 'tricking' consumers into paying for a poor-quality screen, citing an increasingly common problem that causes images to be burned into the display, also known as 'image persistence' or 'ghosting.' The lawsuit claims only LG-made screens are affected by this problem, but 'none of Apple's advertisements or representations disclose that it produces display screens that exhibit different levels of performance and quality.' Even though only one man filed the lawsuit, it can become a class action suit if others decide to join him in his claim, which might not be an issue: An Apple.com support thread for this particular problem, entitled 'MacBook Pro Retina display burn-in,' currently has more than 7,200 replies and 367,000 views across more than 500 pages."
A U.S. District Court Judge in California today ruled that so-called National Security Letters, used by government agencies to force business and organizations to turn over information on citizens, are unconstitutional. Judge Susan Illston ordered the government to stop using them, but gave the government a 90-day window to appeal the decision, during which the NSLs may still be sent out. The letters were challenged by the Electronic Frontier Foundation on behalf of a telecom who was ordered to provide data. "The telecom took the extraordinary and rare step of challenging the underlying authority of the National Security Letter, as well as the legitimacy of the gag order that came with it. Both challenges are allowed under a federal law that governs NSLs, a power greatly expanded under the Patriot Act that allows the government to get detailed information on Americans’ finances and communications without oversight from a judge. The FBI has issued hundreds of thousands of NSLs and been reprimanded for abusing them — though almost none of the requests have been challenged by the recipients. After the telecom challenged the NSL, the Justice Department took its own extraordinary measure and sued the company, arguing in court documents that the company was violating the law by challenging its authority. The move stunned the Electronic Frontier Foundation, which is representing the anonymous telecom. ... After heated negotiations with EFF, the Justice Department agreed to stay the civil suit and let the telecom’s challenge play out in court. The Justice Department subsequently filed a motion to compel in the challenge case, but has never dropped the civil suit."
An anonymous reader writes "Previous reports of a Microsoft provided backdoor to Skype has been unconfirmed. However, there are now reports that Russian federal security service FSB is able to tap call and locate users. 'FSB and the Internal Affairs Ministry (MVD) have been capable to wiretap and locate Skype users for some years already, reported Vedomosti on Thursday [Google translation of Russian original]. The newspaper is citing experts on information security. "Special services have been capable for several years not only to wiretap but also to locate a Skype user. That's why, for instance, employees of our company are forbidden to discuss business-related topics on Skype," General Director of Group-IB, Ilya Sachkov, says to Vedomosti. "After Microsoft acquired Skype in May 2011, it updated the software with technology allowing legitimate wiretapping," says Maksim Emm, Director of Peak Systems.'"
B3ryllium writes "Matthew Keys, a Reuters social media editor, is accused of deliberately encouraging Anonymous to hack his previous employer, and even gave them access credentials to do it. An indictment appears to recommend charges that could result in up to 30 years in prison and a $750,000 fine. From the article: 'He is alleged to have identified himself on an internet chat forum as a former Tribune Company employee and then provided members of Anonymous with the login and password to the Tribune Company server. The indictment alleges that Mr Keys had a conversation with the hacker who claimed credit for the defacement of the Los Angeles Times website. The hacker allegedly told him that Tribune Company system administrators had locked him out. Mr Keys allegedly tried to regain access for the hacker, and when he learned that the hacker had made changes to a page, Mr Keys is said to have responded: "Nice."'"
destinyland writes "Jacob Appelbaum, the Tor Project's main advocate, argues that Open Source software is necessary 'to both verify and improve' available cryptography. (Adding 'We also need that to ensure that everyone has a reasonable baseline — which is part of the cypherpunk ethos.') In this new interview, he's critical of a general public silence over government encroachments on privacy, but points to the current impact of the Tor network now as something that 'runs, is open and is supported by a large community spread across all walks of life.' And he ultimately identifies Tor as 'part of an ecosystem of software that helps people regain and reclaim their autonomy,' saying the distributed anonymous network 'helps to enable people to have agency of all kinds; it helps others to help each other and it helps you to help yourself.'"
An anonymous reader writes "Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the spamming IP addresses — and some ISPs have more than 60% of compromised hosts, mostly in Asia. Phishing Bad Neighborhoods, on the other hand, are mostly in the U.S. Also, there is a silent ticking 'spam' bomb in BRIC countries: if India would have the same Internet penetration rate as the United States while keeping its current ratio of malicious IP addresses, we would observe 200% more spamming IP addresses worldwide. These are just few of the striking results of an extensive study from the University of Twente, in The Netherlands, which scrutinizes the Internet Bad Neighborhoods to develop next-generation algorithms and solutions to better secure networks."
Sparrowvsrevolution writes "At the Fast Software Encryption conference in Singapore earlier this week, University of Illinois at Chicago Professor Dan Bernstein presented a method for breaking TLS and SSL web encryption when it's combined with the popular stream cipher RC4 invented by Ron Rivest in 1987. Bernstein demonstrated that when the same message is encrypted enough times--about a billion--comparing the ciphertext can allow the message to be deciphered. While that sounds impractical, Bernstein argued it can be achieved with a compromised website, a malicious ad or a hijacked router." RC4 may be long in the tooth, but it remains very widely used.
judgecorp writes "The British Serious Fraud Office (SFO) is investigating whether British software firm Autonomy fiddled its accounts to inflate the price which HP paid for it to a whopping $10 billion. There's a problem though. Autonomy's Introspect software is used to trawl large data sets for information and is in use at the SFO for jobs such as this fraud investigation. It's not just ironic: the SFO says its £4.6 million contract with Autonomy could create a conflict of interest and it may have to pull out of the investigation."
hypnosec writes "The US government's National Vulnerability Database (NVD) maintained by National Institute of Standards and Technology (NIST) has been offline for a few days because of malware infestation. The public-facing site has been taken offline because traces of malware were found on two of the web servers that house it. A post on Google+ containing an email from Gail Porter details the discovery of suspicious activity and subsequent steps taken by NIST. As of this writing the NVD website is still serving a page not found message."
New submitter KrisJon writes "The Obama administration is drawing up plans to give all U.S. spy agencies full access to a massive database that contains financial data on American citizens and others who bank in the country, according to a Treasury Department document seen by Reuters. Financial institutions that operate in the United States are required by law to file reports of 'suspicious customer activity.' A move like the FinCEN proposal 'raises concerns as to whether people could find their information in a file as a potential terrorist suspect without having the appropriate predicate for that and find themselves potentially falsely accused,' said Sharon Bradford Franklin, senior counsel for the Rule of Law Program at the Constitution Project, a non-profit watchdog group."
itwbennett writes "Daiyuu Nobori, a Ph.D. student at Japan's Tsukuba University designed 'VPN Gate' to help individuals in countries that restrict Internet use circumvent government firewalls. The service, which has drawn 77,000 users since its launch last Friday, encourages members of the public to set up VPN servers and offer free connections to individual users, aiming to make the technology more accessible. Nobori had originally planned to host the service on his university's servers, but they have been down recently so he switched it to the Windows Azure cloud platform. He has spent about US$9,000 keeping it up so far."