transporter_ii writes "So what does it cost the government to snoop on us? Paid for by U.S. tax dollars, and with little scrutiny, surveillance fees charged by phone companies can vary wildly. For example, AT&T, imposes a $325 'activation fee' for each wiretap and $10 a day to maintain it. Smaller carriers Cricket and U.S. Cellular charge only about $250 per wiretap. But snoop on a Verizon customer? That costs the government $775 for the first month and $500 each month after that, according to industry disclosures made last year to Congressman Edward Markey."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
darthcamaro writes "Earlier today it, Slashdot had a story about DEF CON's position on not allowing U.S. Federal agents to attend the annual hacking conference. We're now starting to see the backlash from the hacker community itself with at least two well respected hackers pulling out of the DEF CON speaking sessions so far: "'The issue we are struggling with, and the basis of our decision, is that we feel strongly that DEF CON has always presented a neutral ground that encouraged open communication among the community, despite the industry background and diversity of motives to attend,' security researcher Kevin Johnson wrote. 'We believe the exclusion of the "feds" this year does the exact opposite at a critical time.'" Meanwhile, Black Hat welcomes Federal attendees; this year's conference will feature as a speaker former NSA head Keith Alexander.
kaptink writes with the latest revelation from Edward Snowden: "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal. The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail. The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide. Microsoft also worked with the FBI's Data Intercept Unit to 'understand' potential issues with a feature in Outlook.com that allows users to create email aliases. Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio. Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport.'"
hypnosec writes "The longstanding stalemate between the Government of India and BlackBerry (formerly RIM) is over after the government reportedly accepted the solution provided by BlackBerry regarding lawful interception of messages sent using BBM and internet emails sent using BlackBerry Internet Services (BIS). As a result of this, the government will now be able to monitor e-mails in real-time sent using BlackBerry services and messages on BlackBerry Messenger. According to Economic Times, which claims to have reviewed a copy of the internal Department of Telecom document, 'Baring a few minor points for improvement of viewers, the lawful interception system for BlackBerry Services is ready for use.' The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."
Okian Warrior writes with this news as reported by TechDirt: "The Washington Post revealed some of the code names for various NSA surveillance programs, including NUCLEON, MARINA and MAINWAY. Chris Soghoian has pointed out that a quick LinkedIn search for profiles with codenames like MARINA and NUCLEON happens to turn up profiles like this one which appear to reveal more codenames: 'Skilled in the use of several Intelligence tools and resources: ANCHORY, AMHS, NUCLEON, TRAFFICTHIEF, ARCMAP, SIGNAV, COASTLINE, DISHFIRE, FASTSCOPE, OCTAVE/CONTRAOCTAVE, PINWALE, UTT, WEBCANDID, MICHIGAN, PLUS, ASSOCIATION, MAINWAY, FASCIA, OCTSKYWARD, INTELINK, METRICS, BANYAN, MARINA.' TRAFFICTHIEF, eh? WEBCANDID? Hmm... Apparently, NSA employees don't realize that information they post online can be revealed."
jfruh writes "The FCC's Universal Service Fund has a noble goal: using a small fee on all U.S. landlines to subsidize universal phone coverage throughout the country. But a recent report reveals that this early 20th centuryy program's design is wildly at odds with 21st century realities: Its main effect now is that poor people living in urban areas are subsidizing rich people living in the country. The FCC says that it's already enacted reforms to combat some of the worst abuses in the report — like subsidies to rural areas that add up to $24,000 per line — but even the $3,000 per line cap now in place seems absurd."
Razgorov Prikazka writes "The Russian Federal Guard Service (FSO), who are in charge of protecting high level politicians like president Putin (amongst others), are 'upgrading' to electric typewriters for writing sensitive documents. They have found out that computers pose a security risk and this is their answer to it. On first sight this seems like a very pragmatic and cost-efficient thing to do. However, the FSO has its roots in the KGB and those were the ones who placed keystroke loggers on the popular IBM Selectric electric typewriter 40 years ago! So how much safer does this make them?"
cylonlover writes "For a number of years now, police forces around the world have enlisted officers to pose as kids in online chat rooms, in an attempt to draw out pedophiles and track them down. Researchers at Spain's University of Deusto are now hoping to free those cops up for other duties, and to catch more offenders, via a chatbot that they've created. Its name is Negobot, and it plays the part of a 14 year-old girl." (Read the original source, in Spanish).
tsu doh nimh writes "One of the more time-honored traditions at DEF CON — the massive hacker convention held each year in Las Vegas — is 'Spot-the-Fed,' a playful and mostly harmless contest to out undercover government agents that attend the show each year. But that game might be a bit tougher when the conference rolls around again next month: In an apparent reaction to recent revelations about far-reaching U.S. government surveillance programs, DEF CON organizers are asking feds to just stay away: 'I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year,' conference organizer Jeff Moss wrote in a short post at Defcon.org. Krebsonsecurity writes that after many years of mutual distrust, the hacker community and the feds buried a lot of their differences in the wake of 911, with the director of NSA even delivering the keynote at last year's conference. But this year? Spot the fed may just turn into hack-the-fed."
MrMetlHed writes "A portion of this Reuters article about the Pentagon's inability to manage paying soldiers properly mentions that their payroll program has 'seven million lines of Cobol code that hasn't been updated.' It goes on to mention that the documentation has been lost, and no one really knows how to update it well. In trying to replace the program, the Pentagon spent a billion dollars and wasn't successful."
Swedish Pirate Party founder Rick Falkvinge reports that a fansite providing subtitles for movies has been raided by Swedish police at the behest of the copyright industry. "The movie subtitle fansite undertexter.se, literally meaning subtitles.se, is a site where people contribute their own translations of movies. This lets people who aren't good at the original language of a movie or cartoon put those fan-made subtitles – fansubs – on top of the movie or cartoon. Fansubbing is a thriving culture which usually provides better-than-professional subtitles for new episodes with less than 24 hours of turnaround (whereas the providers of the original cartoon or movie can easily take six months or more). What’s remarkable about this raid is that the copyright industry has decided to do a full-out raid against something that is entirely fan-made. It underscores the general sentiment of the copyright monopoly not protecting the creator of artwork, but protecting the big distribution monopolies, no matter who actually created the art."
An anonymous reader writes "The French Parliament just wrote into law the first instance of Free Software priority in a public service, by adopting the Bill on Higher Education and Research. [Advocacy association April], after extensively contributing to the debate, especially welcomes this vote and congratulates Deputies and Senators for recognizing the importance of Free Software in the Public Service for Higher Education, since it alone can ensure equal access to the future public service. April hopes that this first step will be followed by other legislation in favor of Free Software. It also thanks all the persons who mobilized and contacted the Parliament Members."
MarkWhittington writes "Two House Democrats, Reps. Donna Edwards (D-Md.) and Eddie Bernice Johnson (D-Texas), have proposed a bill called Apollo Lunar Landing Legacy Act, H.R. 2617 (PDF), that would establish the Apollo Lunar Landing Sites National Historical Park at all the Apollo lunar landing sites, according to a story in The Hill. 'The park would be comprised of all artifacts left on the surface of the moon from the Apollo 11 through 17 missions. The bill says these sites need to be protected because of the anticipated increase in commercial moon landings in the future.'"
New submitter Nicolas Jondet writes "French courts will not be able to disconnect convicted file-sharers from the Internet anymore. On Tuesday, the French Culture minister issued a decree modifying the graduated response scheme and removing the disconnection penalty. 'The report says that instead of simply disconnecting users, those suspected of copyright could be fined if they did not reply to warnings, with a relatively low fine (€60) to begin, and the size of the fine would increase depending on the number of infractions. French anti-piracy will now their focus – instead of handing heavy punishments to individual users, the government is looking towards penalizing "commercial piracy" and "sites that profit from pirated material," according to an official spokesperson.'"
GrueMaster writes "Did Florida ban computers and smartphones? They tried banning Internet Cafes, but the wording in the law is overly broad. '... it's the wording that's problematic, as it defines a slot machine as "any machine or device or system or network of devices" that can be used in games of chance. Turns out the Internet is full of gambling sites, which is where the definition runs into some problems. Consuelo Zapata, owner of the Miami-Dade county Internet cafe Incredible Investments, LLC, is suing the state (PDF) to overturn the ban, saying that definition is too broad and could be applied to any number of electronic devices. "
An anonymous reader writes "After every major war, technology developed for a conflict gets applied to civilian life. The BBC recently reported that Army researchers have adapted advanced social network analysis software used for counter-insurgencies in Iraq and Afghanistan to help law enforcement analyze the behavior of street gangs. With the growing problem of gang violence in major U.S. cities, this may provide a fresh perspective. 'Orca can figure out the likely affiliations of individuals who will not admit to being members of any specific gang, as well as the sub-structure of gangs – the gang ecosystem – and the identities of those who tend to dictate the behaviour of others. ... Having some knowledge of the links and affiliations between different gangs can highlight dangers that call for more focused policing. If a gang perpetrates some violent action on a rival gang, police will often monitor the rival gang more closely because of the likelihood of retaliation. But gangs know this, and so the rivals might instead ask an allied gang to carry out a reprisal. Understanding such alliances helps the police stay a step ahead.' The question is: will it work?"
snydeq writes "InfoWorld's Roger Grimes interviews a longtime friend and cyber warrior under contract with the U.S. government, offering a fascinating glimpse of the front lines in the ever-escalating and completely clandestine cyber war. From the interview: 'They didn't seem to care that I had hacked our own government years ago or that I smoked pot. I wasn't sure I was going to take the job, but then they showed me the work environment and introduced me to a few future co-workers. I was impressed. ... We have tens of thousands of ready-to-use bugs in single applications, single operating systems. ... It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface.'"
wiredmikey writes "Recently discovered security flaws in the Emergency Alerting System (EAS) which is widely used by TV and radio stations across the United States, has made the systems vulnerable to remote attack. The vulnerability stems from an SSH key that is hard-coded into DASDEC-I and DASDEC-II devices made by Monroe Electronics. Unless the default settings were altered during deployment, impacted systems are using a known key that could enable an attacker with full access if the systems are publicly faced or if they've already compromised the network. By exploiting the vulnerability, an attacker could disrupt a station's ability to transmit and/or could send out false emergency information. 'Earlier this year we were shown an example of an intrusion on the EAS when the Montana Television Network's regular programming was interrupted by news of a zombie apocalypse. Although there was no zombie apocalypse, it did highlight just how vulnerable the system is,' said Mike Davis, a principal research scientist at IOActive. The DHS issued an alert on the vulnerability, and IOActive, the firm that discovered the flaw, has published additional technical details (PDF) on the security issue."
FuzzNugget writes "After the Economic Development Administration (EDA) was alerted by the DHS to a possible malware infection, they took extraordinary measures. Fearing a targeted attack by a nation-state, they shut down their entire IT operations, isolating their network from the outside world, disabling their email services and leaving their regional offices high and dry, unable to access the centrally-stored databases. A security contractor ultimately declared the systems largely clean, finding only six computers infected with untargeted, garden-variety malware and easily repaired by reimaging. But that wasn't enough for the EDA: taking gross incompetence to a whole new level, they proceeded to physically destroy $170,500 worth of equipment (PDF), including uninfected systems, printers, cameras, keyboards and mice. After the destruction was halted — only because they ran out of money to continue smashing up perfectly good hardware — they had racked up a total of $2.3 million in service costs, temporary infrastructure acquisitions and equipment destruction."