wabrandsma sends this story from New Scientist: "A sensor previously used for military operations can now be tuned to secretly locate and record any single conversation on a busy street. [A] Dutch acoustics firm, Microflown Technologies, has developed a matchstick-sized sensor that can pinpoint and record a target's conversations from a distance. Known as an acoustic vector sensor, Microflown's sensor measures the movement of air, disturbed by sound waves, to almost instantly locate where a sound originated. It can then identify the noise and, if required, transmit it live to waiting ears. Security technologist Bruce Schneier says this new capability is unwelcome – particularly given the recent claims about the NSA's success at tapping into our private lives. 'It's not just this one technology that's the problem,' Schneier says. 'It's the mic plus the drones, plus the signal processing, plus voice recognition.'"
chicksdaddy writes "Pay-as-you-drive programs are all the rage in the auto insurance industry. The (voluntary) programs, like Progressive Insurance's Snapshot use onboard monitoring devices to track information like the speed of the automobile, sudden stops, distance traveled and so on. Safe and infrequent drivers might see their rates drop while customers who log thousands of miles behind the wheel and/or drive recklessly would see their insurance rates rise. GPS data isn't generally collected, and insurance companies promise customers that they're not tracking their movement. No matter. A study (PDF) by researchers at the University of Denver claims that the destination of a journey can be derived by combining knowledge of the trip's origin with the metrics collected by the 'pay-as-you-drive' device. The data points collected by these remote sensing devices are what the researchers call 'quasi-identifiers' – attributes that are 'non-identifying by themselves, but can be used to unique identify individuals when used in combination with other data.' In one example, researchers used a strategy they called 'stop-point matching,' to compare the pattern of vehicle stop points from a known origin with various route options. They found that in areas with irregular street layouts (i.e. 'not Manhattan'), the pattern will be more or less unique for any location. The study raises important data privacy questions for the (many) 'pay-as-you-drive' programs now being piloted, or offered to drivers – not to mention other programs that seek to match remote sensors and realtime monitoring with products and services."
Nerval's Lobster writes "In its second announcement of the kind, Microsoft revealed [Friday] that it received more than 37,000 requests for information on customers of its Skype, Azure and other services from law enforcement agencies around the world. The count does not include requests made using "National Security Letters" issued by the FBI or other U.S. federal agencies that have the force of a warrant or subpoena, albeit without the oversight or control provided by the courts that issue those sorts of orders. During the first six months of 2013, Microsoft received 37,196 requests that covered a total of 66,539 customer accounts. The company refused to provide any information in response to 21 percent of those requests. It provided "non-content data" in response to 77 percent of the requests – non-content data usually includes information such as names or basic subscriber information rather than information on the content of messages or other details describing online activity of those customers. In 2.19 percent of cases, however, Microsoft reports having provided "customer content data" – which includes the content of messages or data stored in accounts owned by Microsoft companies. Ninety-two percent of requests for customer content came from U.S. law-enforcement agencies."
An anonymous reader writes "In the process of standardizing the SHA-3 competition winning algorithm Keccak, the National Institute of Standards and Technology (NIST) may have lowered the bar for attacks, which might be useful for or even initiated by NSA. 'NIST is proposing a huge reduction in the internal strength of Keccak below what went into final SHA-3 comp,' writes cryptographer Marsh Ray on Twitter. In August, John Kelsey, working at NIST, described (slides 44-48) the changes to the algorithm, including reduction of the bit length from 224, 256, 384 and 512-bit modes down to 128 and 256-bit modes."
Dawn Kawamoto writes "IBM reached a settlement with the Justice Department over allegations it posted discriminatory online job openings, allegedly stating a preference for H-1B and foreign student visa holders for its software and apps developer positions. The job openings were for IT positions that would eventually require the applicant to relocate overseas. IBM agreed to pay $44,400 in civil penalties to the U.S., as well as take certain actions in the way it hires within the U.S. The settlement, announced Friday, comes at a time with tech companies are calling for the U.S. to allow more H-1B workers into the country."
McGruber writes "Gigaom's Jeff John Roberts reports that Martha Stewart Living Omnimedia, Inc. (MSLO) has filed a lawsuit against Lodsys, a shell company that gained infamy two years ago by launching a wave of legal threats against small app makers, demanding they pay for using basic internet technology like in-app purchases or feedback surveys. In the complaint filed this week in federal court in Wisconsin, Martha Stewart Living Omnimedia asked a judge to declare that four magazine iPad apps are not infringing Lodsys' patents, and that the patents are invalid because the so-called inventions are not new. The complaint explained how Lodsys invited the company to 'take advantage of our program' by buying licenses at $5,000 apiece. It also calls the Wisconsin court's attention to Lodsys' involvement in more than 150 Texas lawsuits. In choosing to sue Lodsys and hopefully crush its patents, Martha Stewart is choosing a far more expensive option than simply paying Lodsys to go away."
AHuxley writes "With the U.S. trying to understand the domestic role of their foreign intelligence and counterintelligence services in 2013, what can a declassified look back into the 1960s and 1970s add to the ongoing legal debate? Welcome to the world of Interagency Security Classification Appeals Panel and the work done by the National Security Archive at George Washington University. Read how prominent anti-war critics and U.S. senators were tracked, and who was on the late-1960s NSA watch list, from Rev. Martin Luther King to civil rights leader Whitney Young, boxer Muhammad Ali, Tom Wicker, the Washington bureau chief and Washington Post columnist Art Buchwald, and Sen. Howard Baker (R-Tenn.). The NSA was aware of the legality of its work and removed all logos or classification markings, using the term 'For Background Use Only.' Even back then, NSA director at the time, Lew Allen noted: "appeared to be a possible violation of constitutional guarantees" (from page 86 of this PDF). What did the NSA think about signals intelligence sites in your country? See if your country makes the 'indefinite' list on page 392."
Lasrick writes "Motherboard's Africa correspondent, Amanda Sperber, has a great piece on how protesters in Sudan are getting around the government's shutdown of the internet. Quoting: 'Since Wednesday afternoon, Sudan's internet has been sporadically shut off amid a fifth day of protests against President Omar al Bashir's regime. Despite the attempt to cut off communications and limit organization and reporting on the ground, a group of tech-savvy people based in Khartoum have developed a map for recording key data about the protests that's powered by cell networks. '"
bednarz writes "In four days, the health insurance marketplaces mandated by the Obama administration's Affordable Care Act are scheduled to open for business. Yet even before the sites launch, problems are emerging. Final security testing of the federal data hub isn't slated to happen until Sept. 30, one day before the rollout. Lawmakers have raised significant concerns about the ability of the system to protect personal health records and other private information. 'Lots and lots of late nights and weekends as people get ready for go-live,' says Patrick Howard, who leads Deloitte Consulting's public sector state health care practice."
Hugh Pickens DOT Com writes "CNN reports that Jared James Abrahams, a 19-year-old computer science student, has been arrested for allegedly hijacking the webcams of young women — among them reigning Miss Teen USA Cassidy Wolf — taking nude images, then blackmailing his victims to send him more explicit material or else be exposed. Abrahams admitted he had 30 to 40 'slave computers' — or other people's electronic devices he controlled — and has had as many as 150 total. His arrest came six months after a teenager identified in court documents as C.W. alerted authorities. She has since publicly identified herself as Cassidy Wolf, the recently crowned Miss Teen USA. Wolf received messages featuring pictures of her at her Riverside County address and others apparently taken months earlier when she lived in Orange County, says the criminal complaint (PDF). The message explained 'what's going to happen' if Wolf didn't send pictures or videos or 'do what I tell you to do' in a five-minute Skype videoconference, according to the criminal complaint. 'Either you do one of the things listed below or I upload these pics and a lot more (I have a LOT more and those are better quality) on all your accounts for everybody to see and your dream of being a model will be transformed into a pornstar (sic),' wrote Abrahams. FBI agents raided Abrahams' Temecula home in June and seized computers and hardware, cellphones and hacking software, court records show. Outside the court, Abrahams' lawyer, Alan Eisner, said that his client's family feels 'profound regret and remorse' over what happened. Eisner told CNN affiliate KTLA that Abrahams is autistic. 'The family wants to apologize for the consequences of his behavior to the families who were affected.'"
cold fjord writes "The New York times reports that the Chairman of the Senate Intelligence Committee, Senator Dianne Feinstein (D-CA), and Vice Chairman, Senator Saxby Chambliss (R-GA), are moving a bill forward that would 'change but preserve' the controversial NSA phone log program. Senator Feinstein believes the program is legal, but wants to improve public confidence. The bill would reduce the time the logs could be kept, require public reports on how often it is used, and require FISA court review of the numbers searched. The bill would require Senate confirmation of the NSA director. It would also give the NSA a one week grace period in applying for permission from a court to continue surveillance of someone that travels from overseas to the United States. The situation created by someone traveling from overseas to the United States has been the source of the largest number of incidents in the US in which NSA's surveillance rules were not properly complied with. The rival bill offered by Senators Wyden (D-OR) and Udall (D-CO) which imposes tougher restrictions is considered less likely to pass."
Zothecula writes "Earlier this year, we heard about a gun and a fogging system, both of which tag criminals with synthesized DNA. The idea is that when those people are apprehended later, they can be linked to the crime by analyzing the location- or event-specific DNA still on their skin or clothing. Now, scientists at the Technology Transfer Unit of Portugal's University of Aveiro are developing something similar – 'DNA barcodes' that can be applied to products, then subsequently read as a means of identification."
PCWorld reports that "[A] U.S. surveillance court has given the National Security Agency no limit on the number of U.S. telephone records it collects in the name of fighting terrorism, the NSA director said Thursday. The NSA intends to collect all U.S. telephone records and put them in a searchable 'lock box' in the interest of national security, General Keith Alexander, the NSA's director, told U.S. senators." But don't worry; it's just metadata, until it isn't. (Your row in the NSA database may already be getting cozy in its nice new home in Utah.)
An anonymous reader writes "Today the Federal Patent Court of Germany shot down an Apple photo gallery bounce-back patent over which Cupertino was/is suing Samsung and Motorola. A panel of five judges found the patent invalid because the relevant patent application was filed only in June 2007 but Steve Jobs already demoed the feature in January 2007 (video). While this wouldn't matter in the U.S., it's a reason for a patent to be invalidated in Europe. For different reasons someone thought the iPhone presentation was a mistake. It now turns out that when Steve Jobs said "Boy have we patented it!" his company forgot that public disclosure, even by an inventor, must not take place before a European patent application is filed. But Apple can still sue companies over the Android photo gallery: in addition to this patent it owns a utility model, a special German intellectual property right that has a shorter term (10 years) and a six-month grace period, which is just enough to make sure that history-making Steve Jobs video won't count as prior art."
mystikkman writes "In what is a serious bug, GMail Chat/GTalk/Google Hangouts is sending messages to unintended recipients. ZDNet has confirmed first-hand that the glitch is present within Google Apps for Business accounts, including those that have not yet switched over to Google's new Hangouts platform. Messages appear to be visible on the mobile version of Hangouts. There are multiple reports of this issue."
nk497 writes "If Google can block child abuse images, it can also block piracy sites, according to a report from MPs, who said they were 'unimpressed' by Google's 'derisorily ineffective' efforts to battle online piracy, according to a Commons Select Committee report looking into protecting creative industries. John Whittingdale MP, the chair of the Committee — and also a non-executive director at Audio Network, an online music catalogue — noted that Google manages to remove other illegal content. 'Google and others already work with international law enforcement to block for example child porn from search results and it has provided no coherent, responsible reason why it can't do the same for illegal, pirated content,' he said."
netbuzz writes "Judge William Alsup of the U.S. District Court for the Northern District of California has no problem calling Network Protection Sciences (NPS) a patent troll. What he does have a problem with is NPS telling a Texas court that NPS had an 'ongoing business concern' in that state run by a 'director of business development' when all it really had was a rented file-cabinet room and the 'director' was actually the building landlord who merely signed legal papers when NPS told him to do so. Judge Alsup calls the alleged business a 'sham' and the non-employee 'Mr. Sham,' yet he declined to dismiss the patent infringement lawsuit filed by NPS against Fortinet from which this information emerged. Instead, he told NPS, 'this jury is going to hear all of this stuff about the closet. And you're going to have to explain why "Mr. Sham" was signing these documents.'"
An anonymous reader writes "Three to seven milliseconds before the fed moved interest rates, billions of dollars of trades were input that took advantage of the changed rates, reaping huge profits. According to a report at Mother Jones, 'Last Wednesday, the Fed announced that it would not be tapering its bond buying program. This news was released at precisely 2 pm in Washington 'as measured by the national atomic clock.' It takes 7 milliseconds for this information to get to Chicago. However, several huge orders that were based on the Fed's decision were placed on Chicago exchanges 2-3 milliseconds after 2 pm. How did this happen?'"
gewalker writes "Have we reached the point where it is time to admit that the ID thieves are winning and will continue to win as long as their incentives are sufficient to make it lucrative for them? According to Krebs On Security an analysis of a database pilfered from commercial identity thieves identified breaches in 25 data brokers including the heavyweights Dun and Bradstreet and LexisNexis." And they had access for months to most of them. From the article: The botnet’s online dashboard for the LexisNexis systems shows that a tiny unauthorized program called nbc.exe was placed on the servers as far back as April 10, 2013, suggesting the intruders have had access to the company’s internal networks for at least the past five months. The program was designed to open an encrypted channel of communications from within LexisNexis’s internal systems to the botnet controller on the public Internet." The companies compromised aggregated data for things like "credit decisions, business-to-business marketing and supply chain management. ... employment background, drug and health screening."