An anonymous reader writes "It turns out Amazon has its own sketchy method of snooping on all your browser traffic — even SSL traffic — through their one-click extension for Chrome. As designed, the extension reports every URL you visit, including HTTPS ones, to Amazon. It uses XSS to provide some of its functionality. It also reports contents of some website visits to Alexa. The Amazon extension has also been exploited to allow an attacker to gain access to SSL traffic on browsers that have it installed."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
itwbennett writes "An official at Japan's Ministry of the Environment created a Google Group to share email and documents related to Japan's negotiations during a meeting held in Geneva in January, but used the default privacy settings, which left the exchanges wide open. According to Japan's Yomiuri Shimbun newspaper, over 6,000 items, including private contact information of government officials, was publicly accessible. Michihiru Oi, a ministry official, said the ministry has its own system for creating groups and sharing documents, but it doesn't always function well outside of Japan, sometimes leading to 'poor connections' and a 'bad working environment.'"
snydeq writes "The U.S. health care industry is undergoing several massive transformations, not the least of which is the shift to interoperable EHR (electronic health records) systems. The ONC's Doug Fridsma discusses the various issues that many health care IT and medical providers have raised regarding use of these systems, which are mandated for 2014 under the HITECH Act of 2004, and are all the more important in light of the 2010 Patient Protection and Affordable Care Act, aka Obamacare. Key to the transition, says Fridsma, is transforming health IT for EHRs into something more akin to the Internet, and less like traditional ERP and IT systems. 'I think what we're trying to do is the equivalent of what you've got in the Internet, which is horizontal integration rather than vertical integration,' Fridsma says. 'We've done a lot of work looking at what other countries have done, and we've tried to learn from those experiences. Rather than trying to build this top down and create restrictions, we're really trying to ask, "What's the path of least regret in what we need to do?"'"
New submitter paavo512 writes "Server-side source code used for electronic voting was made fully public by Estonian officials on July 11 (in Estonian). The aim is to encourage more specialists to get involved in the technical analysis of the software. It is hoped that public overview will help to ensure the security of the system. E-voting has been successfully used five times in Estonia since 2007. It facilitates national ID cards which are obligatory for all citizens. In the next municipal elections later this year it is planned to test an experimental feature where the voter can check via a physically separate channel (smart phone) if his or her vote has been registered correctly. The publicized source code is available at GitHub."
An anonymous reader writes "Australian telecommunications giant Telstra has for a decade been storing huge volumes of electronic communications carried between Asia and America for surveillance by U.S. intelligence agencies. This includes not just the metadata, but the actual content of emails, online messages and phone calls. With the blessing of the Australian government Telstra agreed to route data through a 'U.S. point of contact through a secure storage facility on U.S. soil that was staffed exclusively by U.S. citizens.' The contract was prompted by Telstra's decision to expand its business in Asia by taking control of hundreds of kilometers of undersea telecommunications cables. The deal started under the Liberal Party and continued under Labor. The Greens have demanded an explanation."
PolygamousRanchKid writes "Pope Francis overhauled the laws that govern the Vatican City State on Thursday, criminalizing leaks of Vatican information and specifically listing sexual violence, prostitution and possession of child pornography as crimes against children that can be punished by up to 12 years in prison. But without the leaks, how would we find out about those crimes against children? Many of the new provisions were necessary to bring the city state's legal system up to date after the Holy See signed international treaties, such as the U.N. Convention on the Rights of the Child. Others were necessary to comply with international norms to fight money-laundering, part of the Vatican's push toward financial transparency. One new crime stands out, though, as an obvious response to the leaks of papal documents last year that represented one of the gravest Vatican security breaches in recent times. Paolo Gabriele, the butler for then-Pope Benedict XVI, was tried and convicted by a Vatican court of stealing Benedict's personal papers and giving them to an Italian journalist, Gianluigi Nuzzi. Using the documents, Nuzzi published a blockbuster book on the petty turf wars, bureaucratic dysfunction and allegations of corruption and homosexual liaisons that afflict the highest levels of Catholic Church governance. Gabriele, who said he wanted to expose the 'evil and corruption' that plagued the Holy See, was convicted of aggravated theft and sentenced to 18 months in the Vatican's police barracks."
transporter_ii writes "So what does it cost the government to snoop on us? Paid for by U.S. tax dollars, and with little scrutiny, surveillance fees charged by phone companies can vary wildly. For example, AT&T, imposes a $325 'activation fee' for each wiretap and $10 a day to maintain it. Smaller carriers Cricket and U.S. Cellular charge only about $250 per wiretap. But snoop on a Verizon customer? That costs the government $775 for the first month and $500 each month after that, according to industry disclosures made last year to Congressman Edward Markey."
darthcamaro writes "Earlier today it, Slashdot had a story about DEF CON's position on not allowing U.S. Federal agents to attend the annual hacking conference. We're now starting to see the backlash from the hacker community itself with at least two well respected hackers pulling out of the DEF CON speaking sessions so far: "'The issue we are struggling with, and the basis of our decision, is that we feel strongly that DEF CON has always presented a neutral ground that encouraged open communication among the community, despite the industry background and diversity of motives to attend,' security researcher Kevin Johnson wrote. 'We believe the exclusion of the "feds" this year does the exact opposite at a critical time.'" Meanwhile, Black Hat welcomes Federal attendees; this year's conference will feature as a speaker former NSA head Keith Alexander.
kaptink writes with the latest revelation from Edward Snowden: "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal. The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail. The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide. Microsoft also worked with the FBI's Data Intercept Unit to 'understand' potential issues with a feature in Outlook.com that allows users to create email aliases. Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio. Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport.'"
hypnosec writes "The longstanding stalemate between the Government of India and BlackBerry (formerly RIM) is over after the government reportedly accepted the solution provided by BlackBerry regarding lawful interception of messages sent using BBM and internet emails sent using BlackBerry Internet Services (BIS). As a result of this, the government will now be able to monitor e-mails in real-time sent using BlackBerry services and messages on BlackBerry Messenger. According to Economic Times, which claims to have reviewed a copy of the internal Department of Telecom document, 'Baring a few minor points for improvement of viewers, the lawful interception system for BlackBerry Services is ready for use.' The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."
Okian Warrior writes with this news as reported by TechDirt: "The Washington Post revealed some of the code names for various NSA surveillance programs, including NUCLEON, MARINA and MAINWAY. Chris Soghoian has pointed out that a quick LinkedIn search for profiles with codenames like MARINA and NUCLEON happens to turn up profiles like this one which appear to reveal more codenames: 'Skilled in the use of several Intelligence tools and resources: ANCHORY, AMHS, NUCLEON, TRAFFICTHIEF, ARCMAP, SIGNAV, COASTLINE, DISHFIRE, FASTSCOPE, OCTAVE/CONTRAOCTAVE, PINWALE, UTT, WEBCANDID, MICHIGAN, PLUS, ASSOCIATION, MAINWAY, FASCIA, OCTSKYWARD, INTELINK, METRICS, BANYAN, MARINA.' TRAFFICTHIEF, eh? WEBCANDID? Hmm... Apparently, NSA employees don't realize that information they post online can be revealed."
jfruh writes "The FCC's Universal Service Fund has a noble goal: using a small fee on all U.S. landlines to subsidize universal phone coverage throughout the country. But a recent report reveals that this early 20th centuryy program's design is wildly at odds with 21st century realities: Its main effect now is that poor people living in urban areas are subsidizing rich people living in the country. The FCC says that it's already enacted reforms to combat some of the worst abuses in the report — like subsidies to rural areas that add up to $24,000 per line — but even the $3,000 per line cap now in place seems absurd."
Razgorov Prikazka writes "The Russian Federal Guard Service (FSO), who are in charge of protecting high level politicians like president Putin (amongst others), are 'upgrading' to electric typewriters for writing sensitive documents. They have found out that computers pose a security risk and this is their answer to it. On first sight this seems like a very pragmatic and cost-efficient thing to do. However, the FSO has its roots in the KGB and those were the ones who placed keystroke loggers on the popular IBM Selectric electric typewriter 40 years ago! So how much safer does this make them?"
cylonlover writes "For a number of years now, police forces around the world have enlisted officers to pose as kids in online chat rooms, in an attempt to draw out pedophiles and track them down. Researchers at Spain's University of Deusto are now hoping to free those cops up for other duties, and to catch more offenders, via a chatbot that they've created. Its name is Negobot, and it plays the part of a 14 year-old girl." (Read the original source, in Spanish).
tsu doh nimh writes "One of the more time-honored traditions at DEF CON — the massive hacker convention held each year in Las Vegas — is 'Spot-the-Fed,' a playful and mostly harmless contest to out undercover government agents that attend the show each year. But that game might be a bit tougher when the conference rolls around again next month: In an apparent reaction to recent revelations about far-reaching U.S. government surveillance programs, DEF CON organizers are asking feds to just stay away: 'I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year,' conference organizer Jeff Moss wrote in a short post at Defcon.org. Krebsonsecurity writes that after many years of mutual distrust, the hacker community and the feds buried a lot of their differences in the wake of 911, with the director of NSA even delivering the keynote at last year's conference. But this year? Spot the fed may just turn into hack-the-fed."
MrMetlHed writes "A portion of this Reuters article about the Pentagon's inability to manage paying soldiers properly mentions that their payroll program has 'seven million lines of Cobol code that hasn't been updated.' It goes on to mention that the documentation has been lost, and no one really knows how to update it well. In trying to replace the program, the Pentagon spent a billion dollars and wasn't successful."
Swedish Pirate Party founder Rick Falkvinge reports that a fansite providing subtitles for movies has been raided by Swedish police at the behest of the copyright industry. "The movie subtitle fansite undertexter.se, literally meaning subtitles.se, is a site where people contribute their own translations of movies. This lets people who aren't good at the original language of a movie or cartoon put those fan-made subtitles – fansubs – on top of the movie or cartoon. Fansubbing is a thriving culture which usually provides better-than-professional subtitles for new episodes with less than 24 hours of turnaround (whereas the providers of the original cartoon or movie can easily take six months or more). What’s remarkable about this raid is that the copyright industry has decided to do a full-out raid against something that is entirely fan-made. It underscores the general sentiment of the copyright monopoly not protecting the creator of artwork, but protecting the big distribution monopolies, no matter who actually created the art."
An anonymous reader writes "The French Parliament just wrote into law the first instance of Free Software priority in a public service, by adopting the Bill on Higher Education and Research. [Advocacy association April], after extensively contributing to the debate, especially welcomes this vote and congratulates Deputies and Senators for recognizing the importance of Free Software in the Public Service for Higher Education, since it alone can ensure equal access to the future public service. April hopes that this first step will be followed by other legislation in favor of Free Software. It also thanks all the persons who mobilized and contacted the Parliament Members."
MarkWhittington writes "Two House Democrats, Reps. Donna Edwards (D-Md.) and Eddie Bernice Johnson (D-Texas), have proposed a bill called Apollo Lunar Landing Legacy Act, H.R. 2617 (PDF), that would establish the Apollo Lunar Landing Sites National Historical Park at all the Apollo lunar landing sites, according to a story in The Hill. 'The park would be comprised of all artifacts left on the surface of the moon from the Apollo 11 through 17 missions. The bill says these sites need to be protected because of the anticipated increase in commercial moon landings in the future.'"
New submitter Nicolas Jondet writes "French courts will not be able to disconnect convicted file-sharers from the Internet anymore. On Tuesday, the French Culture minister issued a decree modifying the graduated response scheme and removing the disconnection penalty. 'The report says that instead of simply disconnecting users, those suspected of copyright could be fined if they did not reply to warnings, with a relatively low fine (€60) to begin, and the size of the fine would increase depending on the number of infractions. French anti-piracy will now their focus – instead of handing heavy punishments to individual users, the government is looking towards penalizing "commercial piracy" and "sites that profit from pirated material," according to an official spokesperson.'"